Marcus Updateinfo to OVAL Converter5.52026-04-14T06:49:37NetworkManager-1.38.2-150400.1.3 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the NetworkManager-1.38.2-150400.1.3 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2006-7246 at SUSECVE-2006-7246 at NVDCVE-2015-2924 at SUSECVE-2015-2924 at NVDCVE-2016-0764 at SUSECVE-2016-0764 at NVDCVE-2018-1000135 at SUSECVE-2018-1000135 at NVDCVE-2018-15688 at SUSECVE-2018-15688 at NVDCVE-2020-10754 at SUSECVE-2020-10754 at NVDCVE-2020-13529 at SUSECVE-2020-13529 at NVDCVE-2021-20297 at SUSECVE-2021-20297 at NVDcpe:/o:suse:sle-micro:5.4afterburn-5.2.0-150400.1.5 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the afterburn-5.2.0-150400.1.5 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2020-35905 at SUSECVE-2020-35905 at NVDCVE-2020-36465 at SUSECVE-2020-36465 at NVDCVE-2021-27378 at SUSECVE-2021-27378 at NVDCVE-2021-32714 at SUSECVE-2021-32714 at NVDCVE-2021-32715 at SUSECVE-2021-32715 at NVDCVE-2021-38191 at SUSECVE-2021-38191 at NVDCVE-2021-45710 at SUSECVE-2021-45710 at NVDcpe:/o:suse:sle-micro:5.4aide-0.16-24.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the aide-0.16-24.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2021-45417 at SUSECVE-2021-45417 at NVDcpe:/o:suse:sle-micro:5.4apparmor-parser-3.0.4-150400.5.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the apparmor-parser-3.0.4-150400.5.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2017-6507 at SUSECVE-2017-6507 at NVDCVE-2022-1271 at SUSECVE-2022-1271 at NVDcpe:/o:suse:sle-micro:5.4augeas-1.12.0-150400.3.3.6 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the augeas-1.12.0-150400.3.3.6 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2014-8119 at SUSECVE-2014-8119 at NVDCVE-2017-7555 at SUSECVE-2017-7555 at NVDcpe:/o:suse:sle-micro:5.4avahi-0.8-150400.5.73 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the avahi-0.8-150400.5.73 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2017-6519 at SUSECVE-2017-6519 at NVDCVE-2018-1000845 at SUSECVE-2018-1000845 at NVDCVE-2021-26720 at SUSECVE-2021-26720 at NVDCVE-2021-3468 at SUSECVE-2021-3468 at NVDCVE-2021-3502 at SUSECVE-2021-3502 at NVDcpe:/o:suse:sle-micro:5.4aws-cli-1.24.4-150200.30.8.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the aws-cli-1.24.4-150200.30.8.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2018-15869 at SUSECVE-2018-15869 at NVDcpe:/o:suse:sle-micro:5.4bash-4.4-150400.25.22 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the bash-4.4-150400.25.22 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2016-9401 at SUSECVE-2016-9401 at NVDcpe:/o:suse:sle-micro:5.4bcm43xx-firmware-20180314-150400.28.5 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the bcm43xx-firmware-20180314-150400.28.5 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2020-10370 at SUSECVE-2020-10370 at NVDcpe:/o:suse:sle-micro:5.4btrfsmaintenance-0.4.2-3.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the btrfsmaintenance-0.4.2-3.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2018-14722 at SUSECVE-2018-14722 at NVDcpe:/o:suse:sle-micro:5.4bzip2-1.0.8-150400.1.122 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the bzip2-1.0.8-150400.1.122 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2016-3189 at SUSECVE-2016-3189 at NVDCVE-2019-12900 at SUSECVE-2019-12900 at NVDcpe:/o:suse:sle-micro:5.4chrony-4.1-150400.19.4 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the chrony-4.1-150400.19.4 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2016-1567 at SUSECVE-2016-1567 at NVDCVE-2020-14367 at SUSECVE-2020-14367 at NVDcpe:/o:suse:sle-micro:5.4cifs-utils-6.15-150400.3.9.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the cifs-utils-6.15-150400.3.9.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2020-14342 at SUSECVE-2020-14342 at NVDCVE-2021-20208 at SUSECVE-2021-20208 at NVDCVE-2022-27239 at SUSECVE-2022-27239 at NVDCVE-2022-29869 at SUSECVE-2022-29869 at NVDcpe:/o:suse:sle-micro:5.4cni-0.7.1-150100.3.8.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the cni-0.7.1-150100.3.8.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2021-20206 at SUSECVE-2021-20206 at NVDcpe:/o:suse:sle-micro:5.4cni-plugins-0.8.6-150100.3.11.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the cni-plugins-0.8.6-150100.3.11.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2020-10749 at SUSECVE-2020-10749 at NVDCVE-2021-20206 at SUSECVE-2021-20206 at NVDcpe:/o:suse:sle-micro:5.4conmon-2.1.5-150400.3.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the conmon-2.1.5-150400.3.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2022-1708 at SUSECVE-2022-1708 at NVDcpe:/o:suse:sle-micro:5.4conntrack-tools-1.4.5-1.46 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the conntrack-tools-1.4.5-1.46 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2015-6496 at SUSECVE-2015-6496 at NVDcpe:/o:suse:sle-micro:5.4containerd-1.6.12-150000.79.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the containerd-1.6.12-150000.79.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2016-9962 at SUSECVE-2016-9962 at NVDCVE-2018-16873 at SUSECVE-2018-16873 at NVDCVE-2018-16874 at SUSECVE-2018-16874 at NVDCVE-2018-16875 at SUSECVE-2018-16875 at NVDCVE-2019-5736 at SUSECVE-2019-5736 at NVDCVE-2020-15157 at SUSECVE-2020-15157 at NVDCVE-2020-15257 at SUSECVE-2020-15257 at NVDCVE-2021-21334 at SUSECVE-2021-21334 at NVDCVE-2021-32760 at SUSECVE-2021-32760 at NVDCVE-2021-41103 at SUSECVE-2021-41103 at NVDCVE-2021-41190 at SUSECVE-2021-41190 at NVDCVE-2022-23471 at SUSECVE-2022-23471 at NVDCVE-2022-23648 at SUSECVE-2022-23648 at NVDCVE-2022-24769 at SUSECVE-2022-24769 at NVDCVE-2022-27191 at SUSECVE-2022-27191 at NVDCVE-2022-31030 at SUSECVE-2022-31030 at NVDcpe:/o:suse:sle-micro:5.4containerized-data-importer-manifests-1.51.0-150400.4.7.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the containerized-data-importer-manifests-1.51.0-150400.4.7.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2022-1996 at SUSECVE-2022-1996 at NVDcpe:/o:suse:sle-micro:5.4coolkey-1.1.0-1.31 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the coolkey-1.1.0-1.31 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2007-4129 at SUSECVE-2007-4129 at NVDcpe:/o:suse:sle-micro:5.4coreutils-8.32-150400.7.5 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the coreutils-8.32-150400.7.5 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2015-4041 at SUSECVE-2015-4041 at NVDCVE-2015-4042 at SUSECVE-2015-4042 at NVDCVE-2017-7476 at SUSECVE-2017-7476 at NVDcpe:/o:suse:sle-micro:5.4cpio-2.13-150400.1.98 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the cpio-2.13-150400.1.98 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2014-9112 at SUSECVE-2014-9112 at NVDCVE-2015-1197 at SUSECVE-2015-1197 at NVDCVE-2016-2037 at SUSECVE-2016-2037 at NVDCVE-2019-14866 at SUSECVE-2019-14866 at NVDCVE-2021-38185 at SUSECVE-2021-38185 at NVDcpe:/o:suse:sle-micro:5.4cracklib-2.9.7-11.6.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the cracklib-2.9.7-11.6.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2016-6318 at SUSECVE-2016-6318 at NVDcpe:/o:suse:sle-micro:5.4cryptsetup-2.4.3-150400.1.110 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the cryptsetup-2.4.3-150400.1.110 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2020-14382 at SUSECVE-2020-14382 at NVDCVE-2021-4122 at SUSECVE-2021-4122 at NVDcpe:/o:suse:sle-micro:5.4cups-config-2.2.7-150000.3.35.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the cups-config-2.2.7-150000.3.35.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2012-5519 at SUSECVE-2012-5519 at NVDCVE-2014-3537 at SUSECVE-2014-3537 at NVDCVE-2014-5029 at SUSECVE-2014-5029 at NVDCVE-2014-5030 at SUSECVE-2014-5030 at NVDCVE-2014-5031 at SUSECVE-2014-5031 at NVDCVE-2015-1158 at SUSECVE-2015-1158 at NVDCVE-2015-1159 at SUSECVE-2015-1159 at NVDCVE-2017-18248 at SUSECVE-2017-18248 at NVDCVE-2018-4180 at SUSECVE-2018-4180 at NVDCVE-2018-4181 at SUSECVE-2018-4181 at NVDCVE-2018-4182 at SUSECVE-2018-4182 at NVDCVE-2018-4183 at SUSECVE-2018-4183 at NVDCVE-2018-4700 at SUSECVE-2018-4700 at NVDCVE-2019-8675 at SUSECVE-2019-8675 at NVDCVE-2019-8696 at SUSECVE-2019-8696 at NVDCVE-2019-8842 at SUSECVE-2019-8842 at NVDCVE-2020-10001 at SUSECVE-2020-10001 at NVDCVE-2020-3898 at SUSECVE-2020-3898 at NVDCVE-2021-25317 at SUSECVE-2021-25317 at NVDCVE-2022-26691 at SUSECVE-2022-26691 at NVDcpe:/o:suse:sle-micro:5.4curl-7.79.1-150400.5.15.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the curl-7.79.1-150400.5.15.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2014-8150 at SUSECVE-2014-8150 at NVDCVE-2015-3143 at SUSECVE-2015-3143 at NVDCVE-2015-3144 at SUSECVE-2015-3144 at NVDCVE-2015-3145 at SUSECVE-2015-3145 at NVDCVE-2015-3148 at SUSECVE-2015-3148 at NVDCVE-2015-3153 at SUSECVE-2015-3153 at NVDCVE-2015-3236 at SUSECVE-2015-3236 at NVDCVE-2015-3237 at SUSECVE-2015-3237 at NVDCVE-2016-0755 at SUSECVE-2016-0755 at NVDCVE-2016-7167 at SUSECVE-2016-7167 at NVDCVE-2016-8615 at SUSECVE-2016-8615 at NVDCVE-2016-8616 at SUSECVE-2016-8616 at NVDCVE-2016-8617 at SUSECVE-2016-8617 at NVDCVE-2016-8618 at SUSECVE-2016-8618 at NVDCVE-2016-8619 at SUSECVE-2016-8619 at NVDCVE-2016-8620 at SUSECVE-2016-8620 at NVDCVE-2016-8621 at SUSECVE-2016-8621 at NVDCVE-2016-8622 at SUSECVE-2016-8622 at NVDCVE-2016-8623 at SUSECVE-2016-8623 at NVDCVE-2016-8624 at SUSECVE-2016-8624 at NVDCVE-2016-8625 at SUSECVE-2016-8625 at NVDCVE-2016-9586 at SUSECVE-2016-9586 at NVDCVE-2016-9594 at SUSECVE-2016-9594 at NVDCVE-2017-1000099 at SUSECVE-2017-1000099 at NVDCVE-2017-1000100 at SUSECVE-2017-1000100 at NVDCVE-2017-1000101 at SUSECVE-2017-1000101 at NVDCVE-2017-1000254 at SUSECVE-2017-1000254 at NVDCVE-2017-1000257 at SUSECVE-2017-1000257 at NVDCVE-2017-2629 at SUSECVE-2017-2629 at NVDCVE-2017-7468 at SUSECVE-2017-7468 at NVDCVE-2017-8816 at SUSECVE-2017-8816 at NVDCVE-2017-8817 at SUSECVE-2017-8817 at NVDCVE-2017-8818 at SUSECVE-2017-8818 at NVDCVE-2017-9502 at SUSECVE-2017-9502 at NVDCVE-2018-0500 at SUSECVE-2018-0500 at NVDCVE-2018-1000005 at SUSECVE-2018-1000005 at NVDCVE-2018-1000007 at SUSECVE-2018-1000007 at NVDCVE-2018-1000120 at SUSECVE-2018-1000120 at NVDCVE-2018-1000121 at SUSECVE-2018-1000121 at NVDCVE-2018-1000122 at SUSECVE-2018-1000122 at NVDCVE-2018-1000300 at SUSECVE-2018-1000300 at NVDCVE-2018-1000301 at SUSECVE-2018-1000301 at NVDCVE-2018-14618 at SUSECVE-2018-14618 at NVDCVE-2018-16839 at SUSECVE-2018-16839 at NVDCVE-2018-16840 at SUSECVE-2018-16840 at NVDCVE-2018-16842 at SUSECVE-2018-16842 at NVDCVE-2018-16890 at SUSECVE-2018-16890 at NVDCVE-2019-15601 at SUSECVE-2019-15601 at NVDCVE-2019-3822 at SUSECVE-2019-3822 at NVDCVE-2019-3823 at SUSECVE-2019-3823 at NVDCVE-2019-5435 at SUSECVE-2019-5435 at NVDCVE-2019-5436 at SUSECVE-2019-5436 at NVDCVE-2019-5481 at SUSECVE-2019-5481 at NVDCVE-2019-5482 at SUSECVE-2019-5482 at NVDCVE-2020-8169 at SUSECVE-2020-8169 at NVDCVE-2020-8177 at SUSECVE-2020-8177 at NVDCVE-2020-8231 at SUSECVE-2020-8231 at NVDCVE-2020-8284 at SUSECVE-2020-8284 at NVDCVE-2020-8285 at SUSECVE-2020-8285 at NVDCVE-2020-8286 at SUSECVE-2020-8286 at NVDCVE-2021-22297 at SUSECVE-2021-22297 at NVDCVE-2021-22298 at SUSECVE-2021-22298 at NVDCVE-2021-22876 at SUSECVE-2021-22876 at NVDCVE-2021-22890 at SUSECVE-2021-22890 at NVDCVE-2021-22898 at SUSECVE-2021-22898 at NVDCVE-2021-22901 at SUSECVE-2021-22901 at NVDCVE-2021-22922 at SUSECVE-2021-22922 at NVDCVE-2021-22923 at SUSECVE-2021-22923 at NVDCVE-2021-22924 at SUSECVE-2021-22924 at NVDCVE-2021-22925 at SUSECVE-2021-22925 at NVDCVE-2021-22945 at SUSECVE-2021-22945 at NVDCVE-2021-22946 at SUSECVE-2021-22946 at NVDCVE-2021-22947 at SUSECVE-2021-22947 at NVDCVE-2022-22576 at SUSECVE-2022-22576 at NVDCVE-2022-27774 at SUSECVE-2022-27774 at NVDCVE-2022-27775 at SUSECVE-2022-27775 at NVDCVE-2022-27776 at SUSECVE-2022-27776 at NVDCVE-2022-27781 at SUSECVE-2022-27781 at NVDCVE-2022-27782 at SUSECVE-2022-27782 at NVDCVE-2022-32205 at SUSECVE-2022-32205 at NVDCVE-2022-32206 at SUSECVE-2022-32206 at NVDCVE-2022-32207 at SUSECVE-2022-32207 at NVDCVE-2022-32208 at SUSECVE-2022-32208 at NVDCVE-2022-32221 at SUSECVE-2022-32221 at NVDCVE-2022-35252 at SUSECVE-2022-35252 at NVDCVE-2022-42916 at SUSECVE-2022-42916 at NVDCVE-2022-43551 at SUSECVE-2022-43551 at NVDCVE-2022-43552 at SUSECVE-2022-43552 at NVDCVE-2023-23914 at SUSECVE-2023-23914 at NVDCVE-2023-23915 at SUSECVE-2023-23915 at NVDCVE-2023-23916 at SUSECVE-2023-23916 at NVDcpe:/o:suse:sle-micro:5.4cyrus-sasl-2.1.27-150300.4.6.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the cyrus-sasl-2.1.27-150300.4.6.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2019-19906 at SUSECVE-2019-19906 at NVDCVE-2020-8032 at SUSECVE-2020-8032 at NVDCVE-2022-24407 at SUSECVE-2022-24407 at NVDcpe:/o:suse:sle-micro:5.4db48-utils-4.8.30-150000.7.6.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the db48-utils-4.8.30-150000.7.6.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2019-2708 at SUSECVE-2019-2708 at NVDcpe:/o:suse:sle-micro:5.4dbus-1-1.12.2-150400.18.5.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the dbus-1-1.12.2-150400.18.5.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2014-3636 at SUSECVE-2014-3636 at NVDCVE-2014-3637 at SUSECVE-2014-3637 at NVDCVE-2014-3639 at SUSECVE-2014-3639 at NVDCVE-2014-7824 at SUSECVE-2014-7824 at NVDCVE-2014-8148 at SUSECVE-2014-8148 at NVDCVE-2015-0245 at SUSECVE-2015-0245 at NVDCVE-2019-12749 at SUSECVE-2019-12749 at NVDCVE-2020-12049 at SUSECVE-2020-12049 at NVDCVE-2020-35512 at SUSECVE-2020-35512 at NVDCVE-2022-42010 at SUSECVE-2022-42010 at NVDCVE-2022-42011 at SUSECVE-2022-42011 at NVDCVE-2022-42012 at SUSECVE-2022-42012 at NVDcpe:/o:suse:sle-micro:5.4dnsmasq-2.86-150400.14.3 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the dnsmasq-2.86-150400.14.3 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2015-3294 at SUSECVE-2015-3294 at NVDCVE-2015-8899 at SUSECVE-2015-8899 at NVDCVE-2017-14491 at SUSECVE-2017-14491 at NVDCVE-2017-14492 at SUSECVE-2017-14492 at NVDCVE-2017-14493 at SUSECVE-2017-14493 at NVDCVE-2017-14494 at SUSECVE-2017-14494 at NVDCVE-2017-14495 at SUSECVE-2017-14495 at NVDCVE-2017-14496 at SUSECVE-2017-14496 at NVDCVE-2017-15107 at SUSECVE-2017-15107 at NVDCVE-2019-14834 at SUSECVE-2019-14834 at NVDCVE-2020-14312 at SUSECVE-2020-14312 at NVDCVE-2020-25681 at SUSECVE-2020-25681 at NVDCVE-2020-25682 at SUSECVE-2020-25682 at NVDCVE-2020-25683 at SUSECVE-2020-25683 at NVDCVE-2020-25684 at SUSECVE-2020-25684 at NVDCVE-2020-25685 at SUSECVE-2020-25685 at NVDCVE-2020-25686 at SUSECVE-2020-25686 at NVDCVE-2020-25687 at SUSECVE-2020-25687 at NVDCVE-2021-3448 at SUSECVE-2021-3448 at NVDCVE-2022-0934 at SUSECVE-2022-0934 at NVDcpe:/o:suse:sle-micro:5.4docker-20.10.17_ce-150000.169.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the docker-20.10.17_ce-150000.169.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2014-5277 at SUSECVE-2014-5277 at NVDCVE-2014-6407 at SUSECVE-2014-6407 at NVDCVE-2014-6408 at SUSECVE-2014-6408 at NVDCVE-2014-8178 at SUSECVE-2014-8178 at NVDCVE-2014-8179 at SUSECVE-2014-8179 at NVDCVE-2014-9356 at SUSECVE-2014-9356 at NVDCVE-2014-9357 at SUSECVE-2014-9357 at NVDCVE-2014-9358 at SUSECVE-2014-9358 at NVDCVE-2015-3627 at SUSECVE-2015-3627 at NVDCVE-2015-3629 at SUSECVE-2015-3629 at NVDCVE-2015-3630 at SUSECVE-2015-3630 at NVDCVE-2015-3631 at SUSECVE-2015-3631 at NVDCVE-2016-3697 at SUSECVE-2016-3697 at NVDCVE-2016-8867 at SUSECVE-2016-8867 at NVDCVE-2016-9962 at SUSECVE-2016-9962 at NVDCVE-2017-14992 at SUSECVE-2017-14992 at NVDCVE-2017-16539 at SUSECVE-2017-16539 at NVDCVE-2018-10892 at SUSECVE-2018-10892 at NVDCVE-2018-15664 at SUSECVE-2018-15664 at NVDCVE-2018-16873 at SUSECVE-2018-16873 at NVDCVE-2018-16874 at SUSECVE-2018-16874 at NVDCVE-2018-16875 at SUSECVE-2018-16875 at NVDCVE-2018-20699 at SUSECVE-2018-20699 at NVDCVE-2019-13509 at SUSECVE-2019-13509 at NVDCVE-2019-14271 at SUSECVE-2019-14271 at NVDCVE-2020-13401 at SUSECVE-2020-13401 at NVDCVE-2020-15257 at SUSECVE-2020-15257 at NVDCVE-2021-21284 at SUSECVE-2021-21284 at NVDCVE-2021-21285 at SUSECVE-2021-21285 at NVDCVE-2021-41089 at SUSECVE-2021-41089 at NVDCVE-2021-41091 at SUSECVE-2021-41091 at NVDCVE-2021-41092 at SUSECVE-2021-41092 at NVDCVE-2021-41103 at SUSECVE-2021-41103 at NVDCVE-2021-41190 at SUSECVE-2021-41190 at NVDCVE-2021-43565 at SUSECVE-2021-43565 at NVDCVE-2022-24769 at SUSECVE-2022-24769 at NVDCVE-2022-27191 at SUSECVE-2022-27191 at NVDcpe:/o:suse:sle-micro:5.4docker-libnetwork-0.7.0.1+gitr2908_55e924b8a842-4.31.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the docker-libnetwork-0.7.0.1+gitr2908_55e924b8a842-4.31.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2018-16873 at SUSECVE-2018-16873 at NVDCVE-2018-16874 at SUSECVE-2018-16874 at NVDCVE-2018-16875 at SUSECVE-2018-16875 at NVDcpe:/o:suse:sle-micro:5.4docker-runc-1.0.0rc10+gitr3981_dc9208a3303f-6.45.3 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the docker-runc-1.0.0rc10+gitr3981_dc9208a3303f-6.45.3 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2016-9962 at SUSECVE-2016-9962 at NVDCVE-2018-16873 at SUSECVE-2018-16873 at NVDCVE-2018-16874 at SUSECVE-2018-16874 at NVDCVE-2018-16875 at SUSECVE-2018-16875 at NVDCVE-2019-16884 at SUSECVE-2019-16884 at NVDCVE-2019-19921 at SUSECVE-2019-19921 at NVDCVE-2019-5736 at SUSECVE-2019-5736 at NVDcpe:/o:suse:sle-micro:5.4dracut-055+suse.331.g05b9ccb7-150400.3.16.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the dracut-055+suse.331.g05b9ccb7-150400.3.16.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2016-8637 at SUSECVE-2016-8637 at NVDcpe:/o:suse:sle-micro:5.4e2fsprogs-1.46.4-150400.3.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the e2fsprogs-1.46.4-150400.3.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2015-0247 at SUSECVE-2015-0247 at NVDCVE-2015-1572 at SUSECVE-2015-1572 at NVDCVE-2019-5094 at SUSECVE-2019-5094 at NVDCVE-2019-5188 at SUSECVE-2019-5188 at NVDCVE-2022-1304 at SUSECVE-2022-1304 at NVDcpe:/o:suse:sle-micro:5.4elfutils-0.185-150400.5.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the elfutils-0.185-150400.5.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2014-9447 at SUSECVE-2014-9447 at NVDCVE-2018-18310 at SUSECVE-2018-18310 at NVDCVE-2018-18520 at SUSECVE-2018-18520 at NVDCVE-2018-18521 at SUSECVE-2018-18521 at NVDCVE-2019-7146 at SUSECVE-2019-7146 at NVDCVE-2019-7148 at SUSECVE-2019-7148 at NVDCVE-2019-7149 at SUSECVE-2019-7149 at NVDCVE-2019-7150 at SUSECVE-2019-7150 at NVDCVE-2019-7664 at SUSECVE-2019-7664 at NVDCVE-2019-7665 at SUSECVE-2019-7665 at NVDcpe:/o:suse:sle-micro:5.4file-5.32-7.14.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the file-5.32-7.14.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2014-3710 at SUSECVE-2014-3710 at NVDCVE-2014-8116 at SUSECVE-2014-8116 at NVDCVE-2014-8117 at SUSECVE-2014-8117 at NVDCVE-2017-1000249 at SUSECVE-2017-1000249 at NVDCVE-2018-10360 at SUSECVE-2018-10360 at NVDCVE-2019-18218 at SUSECVE-2019-18218 at NVDCVE-2019-8905 at SUSECVE-2019-8905 at NVDCVE-2019-8906 at SUSECVE-2019-8906 at NVDCVE-2019-8907 at SUSECVE-2019-8907 at NVDcpe:/o:suse:sle-micro:5.4firewalld-0.9.3-150400.8.6.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the firewalld-0.9.3-150400.8.6.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2016-5410 at SUSECVE-2016-5410 at NVDcpe:/o:suse:sle-micro:5.4fuse-2.9.7-3.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the fuse-2.9.7-3.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2009-3297 at SUSECVE-2009-3297 at NVDCVE-2011-0541 at SUSECVE-2011-0541 at NVDCVE-2015-3202 at SUSECVE-2015-3202 at NVDCVE-2018-10906 at SUSECVE-2018-10906 at NVDcpe:/o:suse:sle-micro:5.4gdk-pixbuf-loader-rsvg-2.52.9-150400.3.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the gdk-pixbuf-loader-rsvg-2.52.9-150400.3.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2017-11464 at SUSECVE-2017-11464 at NVDCVE-2019-20446 at SUSECVE-2019-20446 at NVDCVE-2021-25900 at SUSECVE-2021-25900 at NVDcpe:/o:suse:sle-micro:5.4gdk-pixbuf-query-loaders-2.42.9-150400.5.6.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the gdk-pixbuf-query-loaders-2.42.9-150400.5.6.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2015-4491 at SUSECVE-2015-4491 at NVDCVE-2015-7552 at SUSECVE-2015-7552 at NVDCVE-2015-7673 at SUSECVE-2015-7673 at NVDCVE-2015-7674 at SUSECVE-2015-7674 at NVDCVE-2016-6352 at SUSECVE-2016-6352 at NVDCVE-2017-2862 at SUSECVE-2017-2862 at NVDCVE-2017-2870 at SUSECVE-2017-2870 at NVDCVE-2017-6312 at SUSECVE-2017-6312 at NVDCVE-2017-6313 at SUSECVE-2017-6313 at NVDCVE-2020-29385 at SUSECVE-2020-29385 at NVDCVE-2021-44648 at SUSECVE-2021-44648 at NVDCVE-2021-46829 at SUSECVE-2021-46829 at NVDcpe:/o:suse:sle-micro:5.4glib-networking-2.70.1-150400.1.6 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the glib-networking-2.70.1-150400.1.6 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2020-13645 at SUSECVE-2020-13645 at NVDcpe:/o:suse:sle-micro:5.4glib2-tools-2.70.5-150400.3.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the glib2-tools-2.70.5-150400.3.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2018-16428 at SUSECVE-2018-16428 at NVDCVE-2018-16429 at SUSECVE-2018-16429 at NVDCVE-2019-12450 at SUSECVE-2019-12450 at NVDCVE-2020-6750 at SUSECVE-2020-6750 at NVDCVE-2021-27218 at SUSECVE-2021-27218 at NVDCVE-2021-27219 at SUSECVE-2021-27219 at NVDcpe:/o:suse:sle-micro:5.4glibc-2.31-150300.41.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the glibc-2.31-150300.41.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2009-5155 at SUSECVE-2009-5155 at NVDCVE-2010-3192 at SUSECVE-2010-3192 at NVDCVE-2012-3406 at SUSECVE-2012-3406 at NVDCVE-2013-4458 at SUSECVE-2013-4458 at NVDCVE-2014-7817 at SUSECVE-2014-7817 at NVDCVE-2014-8121 at SUSECVE-2014-8121 at NVDCVE-2014-9402 at SUSECVE-2014-9402 at NVDCVE-2014-9761 at SUSECVE-2014-9761 at NVDCVE-2015-1472 at SUSECVE-2015-1472 at NVDCVE-2015-1473 at SUSECVE-2015-1473 at NVDCVE-2015-1781 at SUSECVE-2015-1781 at NVDCVE-2015-5180 at SUSECVE-2015-5180 at NVDCVE-2015-7547 at SUSECVE-2015-7547 at NVDCVE-2015-8776 at SUSECVE-2015-8776 at NVDCVE-2015-8777 at SUSECVE-2015-8777 at NVDCVE-2015-8778 at SUSECVE-2015-8778 at NVDCVE-2015-8779 at SUSECVE-2015-8779 at NVDCVE-2016-10228 at SUSECVE-2016-10228 at NVDCVE-2016-10739 at SUSECVE-2016-10739 at NVDCVE-2016-1234 at SUSECVE-2016-1234 at NVDCVE-2016-3075 at SUSECVE-2016-3075 at NVDCVE-2016-3706 at SUSECVE-2016-3706 at NVDCVE-2016-4429 at SUSECVE-2016-4429 at NVDCVE-2016-5417 at SUSECVE-2016-5417 at NVDCVE-2016-6323 at SUSECVE-2016-6323 at NVDCVE-2017-1000366 at SUSECVE-2017-1000366 at NVDCVE-2017-1000408 at SUSECVE-2017-1000408 at NVDCVE-2017-1000409 at SUSECVE-2017-1000409 at NVDCVE-2017-12132 at SUSECVE-2017-12132 at NVDCVE-2017-12133 at SUSECVE-2017-12133 at NVDCVE-2017-15670 at SUSECVE-2017-15670 at NVDCVE-2017-15671 at SUSECVE-2017-15671 at NVDCVE-2017-15804 at SUSECVE-2017-15804 at NVDCVE-2017-16997 at SUSECVE-2017-16997 at NVDCVE-2017-17426 at SUSECVE-2017-17426 at NVDCVE-2017-18269 at SUSECVE-2017-18269 at NVDCVE-2018-1000001 at SUSECVE-2018-1000001 at NVDCVE-2018-11236 at SUSECVE-2018-11236 at NVDCVE-2018-11237 at SUSECVE-2018-11237 at NVDCVE-2018-6485 at SUSECVE-2018-6485 at NVDCVE-2018-6551 at SUSECVE-2018-6551 at NVDCVE-2019-19126 at SUSECVE-2019-19126 at NVDCVE-2019-9169 at SUSECVE-2019-9169 at NVDCVE-2020-10029 at SUSECVE-2020-10029 at NVDCVE-2020-1751 at SUSECVE-2020-1751 at NVDCVE-2020-1752 at SUSECVE-2020-1752 at NVDCVE-2020-27618 at SUSECVE-2020-27618 at NVDCVE-2020-29562 at SUSECVE-2020-29562 at NVDCVE-2020-29573 at SUSECVE-2020-29573 at NVDCVE-2021-27645 at SUSECVE-2021-27645 at NVDCVE-2021-3326 at SUSECVE-2021-3326 at NVDCVE-2021-33574 at SUSECVE-2021-33574 at NVDCVE-2021-35942 at SUSECVE-2021-35942 at NVDCVE-2021-3999 at SUSECVE-2021-3999 at NVDCVE-2022-23218 at SUSECVE-2022-23218 at NVDCVE-2022-23219 at SUSECVE-2022-23219 at NVDcpe:/o:suse:sle-micro:5.4gnutls-3.7.3-150400.4.27.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the gnutls-3.7.3-150400.4.27.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2014-8564 at SUSECVE-2014-8564 at NVDCVE-2015-6251 at SUSECVE-2015-6251 at NVDCVE-2016-8610 at SUSECVE-2016-8610 at NVDCVE-2017-10790 at SUSECVE-2017-10790 at NVDCVE-2017-7869 at SUSECVE-2017-7869 at NVDCVE-2018-10844 at SUSECVE-2018-10844 at NVDCVE-2018-10845 at SUSECVE-2018-10845 at NVDCVE-2018-10846 at SUSECVE-2018-10846 at NVDCVE-2018-16868 at SUSECVE-2018-16868 at NVDCVE-2019-3829 at SUSECVE-2019-3829 at NVDCVE-2019-3836 at SUSECVE-2019-3836 at NVDCVE-2020-11501 at SUSECVE-2020-11501 at NVDCVE-2020-13777 at SUSECVE-2020-13777 at NVDCVE-2020-24659 at SUSECVE-2020-24659 at NVDCVE-2021-20231 at SUSECVE-2021-20231 at NVDCVE-2021-20232 at SUSECVE-2021-20232 at NVDCVE-2022-2509 at SUSECVE-2022-2509 at NVDCVE-2023-0361 at SUSECVE-2023-0361 at NVDcpe:/o:suse:sle-micro:5.4gpg2-2.2.27-150300.3.5.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the gpg2-2.2.27-150300.3.5.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2018-1000858 at SUSECVE-2018-1000858 at NVDCVE-2018-12020 at SUSECVE-2018-12020 at NVDCVE-2018-9234 at SUSECVE-2018-9234 at NVDCVE-2019-13050 at SUSECVE-2019-13050 at NVDCVE-2019-14855 at SUSECVE-2019-14855 at NVDCVE-2020-25125 at SUSECVE-2020-25125 at NVDCVE-2022-34903 at SUSECVE-2022-34903 at NVDcpe:/o:suse:sle-micro:5.4gptfdisk-1.0.8-150400.1.7 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the gptfdisk-1.0.8-150400.1.7 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2020-0256 at SUSECVE-2020-0256 at NVDCVE-2021-0308 at SUSECVE-2021-0308 at NVDcpe:/o:suse:sle-micro:5.4grep-3.1-150000.4.6.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the grep-3.1-150000.4.6.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2015-1345 at SUSECVE-2015-1345 at NVDcpe:/o:suse:sle-micro:5.4groff-1.22.4-150400.3.4 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the groff-1.22.4-150400.3.4 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2009-5080 at SUSECVE-2009-5080 at NVDCVE-2009-5081 at SUSECVE-2009-5081 at NVDcpe:/o:suse:sle-micro:5.4grub2-2.06-150400.11.17.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the grub2-2.06-150400.11.17.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2015-8370 at SUSECVE-2015-8370 at NVDCVE-2020-10713 at SUSECVE-2020-10713 at NVDCVE-2020-14308 at SUSECVE-2020-14308 at NVDCVE-2020-14309 at SUSECVE-2020-14309 at NVDCVE-2020-14310 at SUSECVE-2020-14310 at NVDCVE-2020-14311 at SUSECVE-2020-14311 at NVDCVE-2020-14372 at SUSECVE-2020-14372 at NVDCVE-2020-15705 at SUSECVE-2020-15705 at NVDCVE-2020-15706 at SUSECVE-2020-15706 at NVDCVE-2020-15707 at SUSECVE-2020-15707 at NVDCVE-2020-25632 at SUSECVE-2020-25632 at NVDCVE-2020-25647 at SUSECVE-2020-25647 at NVDCVE-2020-27749 at SUSECVE-2020-27749 at NVDCVE-2020-27779 at SUSECVE-2020-27779 at NVDCVE-2021-20225 at SUSECVE-2021-20225 at NVDCVE-2021-20233 at SUSECVE-2021-20233 at NVDCVE-2021-3695 at SUSECVE-2021-3695 at NVDCVE-2021-3696 at SUSECVE-2021-3696 at NVDCVE-2021-3697 at SUSECVE-2021-3697 at NVDCVE-2021-3981 at SUSECVE-2021-3981 at NVDCVE-2021-46705 at SUSECVE-2021-46705 at NVDCVE-2022-2601 at SUSECVE-2022-2601 at NVDCVE-2022-28733 at SUSECVE-2022-28733 at NVDCVE-2022-28734 at SUSECVE-2022-28734 at NVDCVE-2022-28735 at SUSECVE-2022-28735 at NVDCVE-2022-28736 at SUSECVE-2022-28736 at NVDCVE-2022-3775 at SUSECVE-2022-3775 at NVDcpe:/o:suse:sle-micro:5.4gstreamer-1.20.1-150400.1.5 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the gstreamer-1.20.1-150400.1.5 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2016-10198 at SUSECVE-2016-10198 at NVDCVE-2016-10199 at SUSECVE-2016-10199 at NVDCVE-2017-5837 at SUSECVE-2017-5837 at NVDCVE-2017-5838 at SUSECVE-2017-5838 at NVDCVE-2017-5839 at SUSECVE-2017-5839 at NVDCVE-2017-5840 at SUSECVE-2017-5840 at NVDCVE-2017-5841 at SUSECVE-2017-5841 at NVDCVE-2017-5842 at SUSECVE-2017-5842 at NVDCVE-2017-5843 at SUSECVE-2017-5843 at NVDCVE-2017-5844 at SUSECVE-2017-5844 at NVDCVE-2017-5845 at SUSECVE-2017-5845 at NVDCVE-2017-5846 at SUSECVE-2017-5846 at NVDCVE-2017-5847 at SUSECVE-2017-5847 at NVDCVE-2017-5848 at SUSECVE-2017-5848 at NVDCVE-2021-3185 at SUSECVE-2021-3185 at NVDcpe:/o:suse:sle-micro:5.4gstreamer-plugins-base-1.20.1-150400.1.9 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the gstreamer-plugins-base-1.20.1-150400.1.9 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2019-9928 at SUSECVE-2019-9928 at NVDCVE-2021-3185 at SUSECVE-2021-3185 at NVDcpe:/o:suse:sle-micro:5.4gtk2-tools-2.24.33-150400.2.11 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the gtk2-tools-2.24.33-150400.2.11 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2013-7447 at SUSECVE-2013-7447 at NVDcpe:/o:suse:sle-micro:5.4guestfs-data-1.44.2-150400.3.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the guestfs-data-1.44.2-150400.3.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2022-2211 at SUSECVE-2022-2211 at NVDcpe:/o:suse:sle-micro:5.4gzip-1.10-150200.10.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the gzip-1.10-150200.10.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2022-1271 at SUSECVE-2022-1271 at NVDcpe:/o:suse:sle-micro:5.4haproxy-2.4.8+git0.d1f8d41e0-150400.3.10.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the haproxy-2.4.8+git0.d1f8d41e0-150400.3.10.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2015-3281 at SUSECVE-2015-3281 at NVDCVE-2018-11469 at SUSECVE-2018-11469 at NVDCVE-2018-14645 at SUSECVE-2018-14645 at NVDCVE-2018-20102 at SUSECVE-2018-20102 at NVDCVE-2018-20103 at SUSECVE-2018-20103 at NVDCVE-2018-20615 at SUSECVE-2018-20615 at NVDCVE-2019-14241 at SUSECVE-2019-14241 at NVDCVE-2019-18277 at SUSECVE-2019-18277 at NVDCVE-2020-11100 at SUSECVE-2020-11100 at NVDCVE-2021-39240 at SUSECVE-2021-39240 at NVDCVE-2021-39241 at SUSECVE-2021-39241 at NVDCVE-2021-39242 at SUSECVE-2021-39242 at NVDCVE-2021-40346 at SUSECVE-2021-40346 at NVDCVE-2022-0711 at SUSECVE-2022-0711 at NVDCVE-2023-0056 at SUSECVE-2023-0056 at NVDcpe:/o:suse:sle-micro:5.4iscsiuio-0.7.8.6-150400.39.8.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the iscsiuio-0.7.8.6-150400.39.8.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2020-13987 at SUSECVE-2020-13987 at NVDCVE-2020-13988 at SUSECVE-2020-13988 at NVDCVE-2020-17437 at SUSECVE-2020-17437 at NVDCVE-2020-17438 at SUSECVE-2020-17438 at NVDcpe:/o:suse:sle-micro:5.4jq-1.6-3.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the jq-1.6-3.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2015-8863 at SUSECVE-2015-8863 at NVDCVE-2016-4074 at SUSECVE-2016-4074 at NVDcpe:/o:suse:sle-micro:5.4kdump-1.0.2+git20.g64239cc-150400.3.11.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the kdump-1.0.2+git20.g64239cc-150400.3.11.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2016-5759 at SUSECVE-2016-5759 at NVDcpe:/o:suse:sle-micro:5.4keepalived-2.2.2-150400.3.7.2 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the keepalived-2.2.2-150400.3.7.2 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2018-19044 at SUSECVE-2018-19044 at NVDCVE-2018-19045 at SUSECVE-2018-19045 at NVDCVE-2018-19046 at SUSECVE-2018-19046 at NVDCVE-2021-44225 at SUSECVE-2021-44225 at NVDcpe:/o:suse:sle-micro:5.4kernel-default-5.14.21-150400.24.46.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the kernel-default-5.14.21-150400.24.46.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2016-3695 at SUSECVE-2016-3695 at NVDCVE-2017-1000251 at SUSECVE-2017-1000251 at NVDCVE-2017-12153 at SUSECVE-2017-12153 at NVDCVE-2017-13080 at SUSECVE-2017-13080 at NVDCVE-2017-14051 at SUSECVE-2017-14051 at NVDCVE-2017-16536 at SUSECVE-2017-16536 at NVDCVE-2017-16537 at SUSECVE-2017-16537 at NVDCVE-2017-16646 at SUSECVE-2017-16646 at NVDCVE-2017-16648 at SUSECVE-2017-16648 at NVDCVE-2017-5715 at SUSECVE-2017-5715 at NVDCVE-2017-5753 at SUSECVE-2017-5753 at NVDCVE-2017-5754 at SUSECVE-2017-5754 at NVDCVE-2018-10323 at SUSECVE-2018-10323 at NVDCVE-2018-12232 at SUSECVE-2018-12232 at NVDCVE-2018-13053 at SUSECVE-2018-13053 at NVDCVE-2018-20669 at SUSECVE-2018-20669 at NVDCVE-2019-0154 at SUSECVE-2019-0154 at NVDCVE-2019-0155 at SUSECVE-2019-0155 at NVDCVE-2019-10220 at SUSECVE-2019-10220 at NVDCVE-2019-11477 at SUSECVE-2019-11477 at NVDCVE-2019-11478 at SUSECVE-2019-11478 at NVDCVE-2019-11479 at SUSECVE-2019-11479 at NVDCVE-2019-14615 at SUSECVE-2019-14615 at NVDCVE-2019-14814 at SUSECVE-2019-14814 at NVDCVE-2019-14815 at SUSECVE-2019-14815 at NVDCVE-2019-14816 at SUSECVE-2019-14816 at NVDCVE-2019-14895 at SUSECVE-2019-14895 at NVDCVE-2019-14896 at SUSECVE-2019-14896 at NVDCVE-2019-14897 at SUSECVE-2019-14897 at NVDCVE-2019-14901 at SUSECVE-2019-14901 at NVDCVE-2019-15030 at SUSECVE-2019-15030 at NVDCVE-2019-15031 at SUSECVE-2019-15031 at NVDCVE-2019-15098 at SUSECVE-2019-15098 at NVDCVE-2019-15099 at SUSECVE-2019-15099 at NVDCVE-2019-15290 at SUSECVE-2019-15290 at NVDCVE-2019-15291 at SUSECVE-2019-15291 at NVDCVE-2019-15504 at SUSECVE-2019-15504 at NVDCVE-2019-16231 at SUSECVE-2019-16231 at NVDCVE-2019-16232 at SUSECVE-2019-16232 at NVDCVE-2019-16233 at SUSECVE-2019-16233 at NVDCVE-2019-16234 at SUSECVE-2019-16234 at NVDCVE-2019-17133 at SUSECVE-2019-17133 at NVDCVE-2019-17666 at SUSECVE-2019-17666 at NVDCVE-2019-18198 at SUSECVE-2019-18198 at NVDCVE-2019-18660 at SUSECVE-2019-18660 at NVDCVE-2019-18683 at SUSECVE-2019-18683 at NVDCVE-2019-18786 at SUSECVE-2019-18786 at NVDCVE-2019-18808 at SUSECVE-2019-18808 at NVDCVE-2019-18809 at SUSECVE-2019-18809 at NVDCVE-2019-18811 at SUSECVE-2019-18811 at NVDCVE-2019-18812 at SUSECVE-2019-18812 at NVDCVE-2019-18813 at SUSECVE-2019-18813 at NVDCVE-2019-18814 at SUSECVE-2019-18814 at NVDCVE-2019-19037 at SUSECVE-2019-19037 at NVDCVE-2019-19043 at SUSECVE-2019-19043 at NVDCVE-2019-19044 at SUSECVE-2019-19044 at NVDCVE-2019-19045 at SUSECVE-2019-19045 at NVDCVE-2019-19046 at SUSECVE-2019-19046 at NVDCVE-2019-19047 at SUSECVE-2019-19047 at NVDCVE-2019-19048 at SUSECVE-2019-19048 at NVDCVE-2019-19049 at SUSECVE-2019-19049 at NVDCVE-2019-19050 at SUSECVE-2019-19050 at NVDCVE-2019-19051 at SUSECVE-2019-19051 at NVDCVE-2019-19052 at SUSECVE-2019-19052 at NVDCVE-2019-19053 at SUSECVE-2019-19053 at NVDCVE-2019-19054 at SUSECVE-2019-19054 at NVDCVE-2019-19055 at SUSECVE-2019-19055 at NVDCVE-2019-19056 at SUSECVE-2019-19056 at NVDCVE-2019-19057 at SUSECVE-2019-19057 at NVDCVE-2019-19058 at SUSECVE-2019-19058 at NVDCVE-2019-19060 at SUSECVE-2019-19060 at NVDCVE-2019-19061 at SUSECVE-2019-19061 at NVDCVE-2019-19062 at SUSECVE-2019-19062 at NVDCVE-2019-19063 at SUSECVE-2019-19063 at NVDCVE-2019-19064 at SUSECVE-2019-19064 at NVDCVE-2019-19065 at SUSECVE-2019-19065 at NVDCVE-2019-19066 at SUSECVE-2019-19066 at NVDCVE-2019-19067 at SUSECVE-2019-19067 at NVDCVE-2019-19068 at SUSECVE-2019-19068 at NVDCVE-2019-19069 at SUSECVE-2019-19069 at NVDCVE-2019-19070 at SUSECVE-2019-19070 at NVDCVE-2019-19071 at SUSECVE-2019-19071 at NVDCVE-2019-19072 at SUSECVE-2019-19072 at NVDCVE-2019-19073 at SUSECVE-2019-19073 at NVDCVE-2019-19074 at SUSECVE-2019-19074 at NVDCVE-2019-19075 at SUSECVE-2019-19075 at NVDCVE-2019-19077 at SUSECVE-2019-19077 at NVDCVE-2019-19078 at SUSECVE-2019-19078 at NVDCVE-2019-19080 at SUSECVE-2019-19080 at NVDCVE-2019-19081 at SUSECVE-2019-19081 at NVDCVE-2019-19082 at SUSECVE-2019-19082 at NVDCVE-2019-19083 at SUSECVE-2019-19083 at NVDCVE-2019-19241 at SUSECVE-2019-19241 at NVDCVE-2019-19252 at SUSECVE-2019-19252 at NVDCVE-2019-19332 at SUSECVE-2019-19332 at NVDCVE-2019-19338 at SUSECVE-2019-19338 at NVDCVE-2019-19447 at SUSECVE-2019-19447 at NVDCVE-2019-19462 at SUSECVE-2019-19462 at NVDCVE-2019-19523 at SUSECVE-2019-19523 at NVDCVE-2019-19524 at SUSECVE-2019-19524 at NVDCVE-2019-19525 at SUSECVE-2019-19525 at NVDCVE-2019-19526 at SUSECVE-2019-19526 at NVDCVE-2019-19528 at SUSECVE-2019-19528 at NVDCVE-2019-19529 at SUSECVE-2019-19529 at NVDCVE-2019-19532 at SUSECVE-2019-19532 at NVDCVE-2019-19533 at SUSECVE-2019-19533 at NVDCVE-2019-19534 at SUSECVE-2019-19534 at NVDCVE-2019-19602 at SUSECVE-2019-19602 at NVDCVE-2019-19767 at SUSECVE-2019-19767 at NVDCVE-2019-19768 at SUSECVE-2019-19768 at NVDCVE-2019-19769 at SUSECVE-2019-19769 at NVDCVE-2019-19770 at SUSECVE-2019-19770 at NVDCVE-2019-19807 at SUSECVE-2019-19807 at NVDCVE-2019-19922 at SUSECVE-2019-19922 at NVDCVE-2019-19947 at SUSECVE-2019-19947 at NVDCVE-2019-19965 at SUSECVE-2019-19965 at NVDCVE-2019-20422 at SUSECVE-2019-20422 at NVDCVE-2019-20810 at SUSECVE-2019-20810 at NVDCVE-2019-20812 at SUSECVE-2019-20812 at NVDCVE-2019-3016 at SUSECVE-2019-3016 at NVDCVE-2019-8912 at SUSECVE-2019-8912 at NVDCVE-2020-0110 at SUSECVE-2020-0110 at NVDCVE-2020-0305 at SUSECVE-2020-0305 at NVDCVE-2020-0404 at SUSECVE-2020-0404 at NVDCVE-2020-0427 at SUSECVE-2020-0427 at NVDCVE-2020-0431 at SUSECVE-2020-0431 at NVDCVE-2020-0432 at SUSECVE-2020-0432 at NVDCVE-2020-0444 at SUSECVE-2020-0444 at NVDCVE-2020-0465 at SUSECVE-2020-0465 at NVDCVE-2020-0466 at SUSECVE-2020-0466 at NVDCVE-2020-0543 at SUSECVE-2020-0543 at NVDCVE-2020-10135 at SUSECVE-2020-10135 at NVDCVE-2020-10690 at SUSECVE-2020-10690 at NVDCVE-2020-10711 at SUSECVE-2020-10711 at NVDCVE-2020-10732 at SUSECVE-2020-10732 at NVDCVE-2020-10751 at SUSECVE-2020-10751 at NVDCVE-2020-10757 at SUSECVE-2020-10757 at NVDCVE-2020-10766 at SUSECVE-2020-10766 at NVDCVE-2020-10767 at SUSECVE-2020-10767 at NVDCVE-2020-10768 at SUSECVE-2020-10768 at NVDCVE-2020-10773 at SUSECVE-2020-10773 at NVDCVE-2020-10781 at SUSECVE-2020-10781 at NVDCVE-2020-10942 at SUSECVE-2020-10942 at NVDCVE-2020-11494 at SUSECVE-2020-11494 at NVDCVE-2020-11608 at SUSECVE-2020-11608 at NVDCVE-2020-11668 at SUSECVE-2020-11668 at NVDCVE-2020-11884 at SUSECVE-2020-11884 at NVDCVE-2020-12351 at SUSECVE-2020-12351 at NVDCVE-2020-12352 at SUSECVE-2020-12352 at NVDCVE-2020-12362 at SUSECVE-2020-12362 at NVDCVE-2020-12363 at SUSECVE-2020-12363 at NVDCVE-2020-12364 at SUSECVE-2020-12364 at NVDCVE-2020-12373 at SUSECVE-2020-12373 at NVDCVE-2020-12464 at SUSECVE-2020-12464 at NVDCVE-2020-12465 at SUSECVE-2020-12465 at NVDCVE-2020-12652 at SUSECVE-2020-12652 at NVDCVE-2020-12653 at SUSECVE-2020-12653 at NVDCVE-2020-12654 at SUSECVE-2020-12654 at NVDCVE-2020-12655 at SUSECVE-2020-12655 at NVDCVE-2020-12656 at SUSECVE-2020-12656 at NVDCVE-2020-12657 at SUSECVE-2020-12657 at NVDCVE-2020-12659 at SUSECVE-2020-12659 at NVDCVE-2020-12769 at SUSECVE-2020-12769 at NVDCVE-2020-12770 at SUSECVE-2020-12770 at NVDCVE-2020-12771 at SUSECVE-2020-12771 at NVDCVE-2020-12888 at SUSECVE-2020-12888 at NVDCVE-2020-13143 at SUSECVE-2020-13143 at NVDCVE-2020-13974 at SUSECVE-2020-13974 at NVDCVE-2020-14314 at SUSECVE-2020-14314 at NVDCVE-2020-14331 at SUSECVE-2020-14331 at NVDCVE-2020-14351 at SUSECVE-2020-14351 at NVDCVE-2020-14356 at SUSECVE-2020-14356 at NVDCVE-2020-14385 at SUSECVE-2020-14385 at NVDCVE-2020-14386 at SUSECVE-2020-14386 at NVDCVE-2020-14390 at SUSECVE-2020-14390 at NVDCVE-2020-14416 at SUSECVE-2020-14416 at NVDCVE-2020-15393 at SUSECVE-2020-15393 at NVDCVE-2020-15436 at SUSECVE-2020-15436 at NVDCVE-2020-15437 at SUSECVE-2020-15437 at NVDCVE-2020-15780 at SUSECVE-2020-15780 at NVDCVE-2020-16119 at SUSECVE-2020-16119 at NVDCVE-2020-16120 at SUSECVE-2020-16120 at NVDCVE-2020-16166 at SUSECVE-2020-16166 at NVDCVE-2020-1749 at SUSECVE-2020-1749 at NVDCVE-2020-24490 at SUSECVE-2020-24490 at NVDCVE-2020-24586 at SUSECVE-2020-24586 at NVDCVE-2020-24587 at SUSECVE-2020-24587 at NVDCVE-2020-24588 at SUSECVE-2020-24588 at NVDCVE-2020-2521 at SUSECVE-2020-2521 at NVDCVE-2020-25211 at SUSECVE-2020-25211 at NVDCVE-2020-25212 at SUSECVE-2020-25212 at NVDCVE-2020-25284 at SUSECVE-2020-25284 at NVDCVE-2020-25285 at SUSECVE-2020-25285 at NVDCVE-2020-25639 at SUSECVE-2020-25639 at NVDCVE-2020-25641 at SUSECVE-2020-25641 at NVDCVE-2020-25643 at SUSECVE-2020-25643 at NVDCVE-2020-25645 at SUSECVE-2020-25645 at NVDCVE-2020-25656 at SUSECVE-2020-25656 at NVDCVE-2020-25668 at SUSECVE-2020-25668 at NVDCVE-2020-25669 at SUSECVE-2020-25669 at NVDCVE-2020-25670 at SUSECVE-2020-25670 at NVDCVE-2020-25671 at SUSECVE-2020-25671 at NVDCVE-2020-25672 at SUSECVE-2020-25672 at NVDCVE-2020-25673 at SUSECVE-2020-25673 at NVDCVE-2020-25704 at SUSECVE-2020-25704 at NVDCVE-2020-25705 at SUSECVE-2020-25705 at NVDCVE-2020-26088 at SUSECVE-2020-26088 at NVDCVE-2020-26139 at SUSECVE-2020-26139 at NVDCVE-2020-26141 at SUSECVE-2020-26141 at NVDCVE-2020-26145 at SUSECVE-2020-26145 at NVDCVE-2020-26147 at SUSECVE-2020-26147 at NVDCVE-2020-26558 at SUSECVE-2020-26558 at NVDCVE-2020-27068 at SUSECVE-2020-27068 at NVDCVE-2020-27170 at SUSECVE-2020-27170 at NVDCVE-2020-27171 at SUSECVE-2020-27171 at NVDCVE-2020-27194 at SUSECVE-2020-27194 at NVDCVE-2020-2732 at SUSECVE-2020-2732 at NVDCVE-2020-27673 at SUSECVE-2020-27673 at NVDCVE-2020-27675 at SUSECVE-2020-27675 at NVDCVE-2020-27777 at SUSECVE-2020-27777 at NVDCVE-2020-27786 at SUSECVE-2020-27786 at NVDCVE-2020-27815 at SUSECVE-2020-27815 at NVDCVE-2020-27820 at SUSECVE-2020-27820 at NVDCVE-2020-27825 at SUSECVE-2020-27825 at NVDCVE-2020-27830 at SUSECVE-2020-27830 at NVDCVE-2020-27835 at SUSECVE-2020-27835 at NVDCVE-2020-28374 at SUSECVE-2020-28374 at NVDCVE-2020-28915 at SUSECVE-2020-28915 at NVDCVE-2020-28941 at SUSECVE-2020-28941 at NVDCVE-2020-28974 at SUSECVE-2020-28974 at NVDCVE-2020-29368 at SUSECVE-2020-29368 at NVDCVE-2020-29369 at SUSECVE-2020-29369 at NVDCVE-2020-29370 at SUSECVE-2020-29370 at NVDCVE-2020-29371 at SUSECVE-2020-29371 at NVDCVE-2020-29373 at SUSECVE-2020-29373 at NVDCVE-2020-29568 at SUSECVE-2020-29568 at NVDCVE-2020-29569 at SUSECVE-2020-29569 at NVDCVE-2020-29660 at SUSECVE-2020-29660 at NVDCVE-2020-29661 at SUSECVE-2020-29661 at NVDCVE-2020-35519 at SUSECVE-2020-35519 at NVDCVE-2020-36158 at SUSECVE-2020-36158 at NVDCVE-2020-36310 at SUSECVE-2020-36310 at NVDCVE-2020-36311 at SUSECVE-2020-36311 at NVDCVE-2020-36312 at SUSECVE-2020-36312 at NVDCVE-2020-36322 at SUSECVE-2020-36322 at NVDCVE-2020-36385 at SUSECVE-2020-36385 at NVDCVE-2020-36386 at SUSECVE-2020-36386 at NVDCVE-2020-36516 at SUSECVE-2020-36516 at NVDCVE-2020-4788 at SUSECVE-2020-4788 at NVDCVE-2020-8428 at SUSECVE-2020-8428 at NVDCVE-2020-8647 at SUSECVE-2020-8647 at NVDCVE-2020-8648 at SUSECVE-2020-8648 at NVDCVE-2020-8649 at SUSECVE-2020-8649 at NVDCVE-2020-8694 at SUSECVE-2020-8694 at NVDCVE-2020-8835 at SUSECVE-2020-8835 at NVDCVE-2020-8992 at SUSECVE-2020-8992 at NVDCVE-2020-9383 at SUSECVE-2020-9383 at NVDCVE-2021-0129 at SUSECVE-2021-0129 at NVDCVE-2021-0342 at SUSECVE-2021-0342 at NVDCVE-2021-0512 at SUSECVE-2021-0512 at NVDCVE-2021-0605 at SUSECVE-2021-0605 at NVDCVE-2021-20177 at SUSECVE-2021-20177 at NVDCVE-2021-20268 at SUSECVE-2021-20268 at NVDCVE-2021-20321 at SUSECVE-2021-20321 at NVDCVE-2021-21781 at SUSECVE-2021-21781 at NVDCVE-2021-22543 at SUSECVE-2021-22543 at NVDCVE-2021-22555 at SUSECVE-2021-22555 at NVDCVE-2021-22600 at SUSECVE-2021-22600 at NVDCVE-2021-23134 at SUSECVE-2021-23134 at NVDCVE-2021-26341 at SUSECVE-2021-26341 at NVDCVE-2021-26930 at SUSECVE-2021-26930 at NVDCVE-2021-26931 at SUSECVE-2021-26931 at NVDCVE-2021-26932 at SUSECVE-2021-26932 at NVDCVE-2021-27363 at SUSECVE-2021-27363 at NVDCVE-2021-27364 at SUSECVE-2021-27364 at NVDCVE-2021-27365 at SUSECVE-2021-27365 at NVDCVE-2021-28038 at SUSECVE-2021-28038 at NVDCVE-2021-28375 at SUSECVE-2021-28375 at NVDCVE-2021-28660 at SUSECVE-2021-28660 at NVDCVE-2021-28688 at SUSECVE-2021-28688 at NVDCVE-2021-28711 at SUSECVE-2021-28711 at NVDCVE-2021-28712 at SUSECVE-2021-28712 at NVDCVE-2021-28713 at SUSECVE-2021-28713 at NVDCVE-2021-28714 at SUSECVE-2021-28714 at NVDCVE-2021-28715 at SUSECVE-2021-28715 at NVDCVE-2021-28950 at SUSECVE-2021-28950 at NVDCVE-2021-28952 at SUSECVE-2021-28952 at NVDCVE-2021-28964 at SUSECVE-2021-28964 at NVDCVE-2021-28971 at SUSECVE-2021-28971 at NVDCVE-2021-28972 at SUSECVE-2021-28972 at NVDCVE-2021-29154 at SUSECVE-2021-29154 at NVDCVE-2021-29155 at SUSECVE-2021-29155 at NVDCVE-2021-29264 at SUSECVE-2021-29264 at NVDCVE-2021-29265 at SUSECVE-2021-29265 at NVDCVE-2021-29647 at SUSECVE-2021-29647 at NVDCVE-2021-29650 at SUSECVE-2021-29650 at NVDCVE-2021-30002 at SUSECVE-2021-30002 at NVDCVE-2021-32399 at SUSECVE-2021-32399 at NVDCVE-2021-33034 at SUSECVE-2021-33034 at NVDCVE-2021-33061 at SUSECVE-2021-33061 at NVDCVE-2021-33135 at SUSECVE-2021-33135 at NVDCVE-2021-33200 at SUSECVE-2021-33200 at NVDCVE-2021-3347 at SUSECVE-2021-3347 at NVDCVE-2021-3348 at SUSECVE-2021-3348 at NVDCVE-2021-33624 at SUSECVE-2021-33624 at NVDCVE-2021-33655 at SUSECVE-2021-33655 at NVDCVE-2021-33909 at SUSECVE-2021-33909 at NVDCVE-2021-3428 at SUSECVE-2021-3428 at NVDCVE-2021-3444 at SUSECVE-2021-3444 at NVDCVE-2021-34556 at SUSECVE-2021-34556 at NVDCVE-2021-34693 at SUSECVE-2021-34693 at NVDCVE-2021-3483 at SUSECVE-2021-3483 at NVDCVE-2021-3489 at SUSECVE-2021-3489 at NVDCVE-2021-3490 at SUSECVE-2021-3490 at NVDCVE-2021-3491 at SUSECVE-2021-3491 at NVDCVE-2021-35039 at SUSECVE-2021-35039 at NVDCVE-2021-3542 at SUSECVE-2021-3542 at NVDCVE-2021-35477 at SUSECVE-2021-35477 at NVDCVE-2021-3573 at SUSECVE-2021-3573 at NVDCVE-2021-3609 at SUSECVE-2021-3609 at NVDCVE-2021-3612 at SUSECVE-2021-3612 at NVDCVE-2021-3640 at SUSECVE-2021-3640 at NVDCVE-2021-3653 at SUSECVE-2021-3653 at NVDCVE-2021-3656 at SUSECVE-2021-3656 at NVDCVE-2021-3659 at SUSECVE-2021-3659 at NVDCVE-2021-3679 at SUSECVE-2021-3679 at NVDCVE-2021-3732 at SUSECVE-2021-3732 at NVDCVE-2021-3739 at SUSECVE-2021-3739 at NVDCVE-2021-3743 at SUSECVE-2021-3743 at NVDCVE-2021-3744 at SUSECVE-2021-3744 at NVDCVE-2021-3753 at SUSECVE-2021-3753 at NVDCVE-2021-37576 at SUSECVE-2021-37576 at NVDCVE-2021-3759 at SUSECVE-2021-3759 at NVDCVE-2021-3760 at SUSECVE-2021-3760 at NVDCVE-2021-3764 at SUSECVE-2021-3764 at NVDCVE-2021-3772 at SUSECVE-2021-3772 at NVDCVE-2021-38160 at SUSECVE-2021-38160 at NVDCVE-2021-38166 at SUSECVE-2021-38166 at NVDCVE-2021-38198 at SUSECVE-2021-38198 at NVDCVE-2021-38204 at SUSECVE-2021-38204 at NVDCVE-2021-38205 at SUSECVE-2021-38205 at NVDCVE-2021-38206 at SUSECVE-2021-38206 at NVDCVE-2021-38207 at SUSECVE-2021-38207 at NVDCVE-2021-38209 at SUSECVE-2021-38209 at NVDCVE-2021-3896 at SUSECVE-2021-3896 at NVDCVE-2021-39685 at SUSECVE-2021-39685 at NVDCVE-2021-39698 at SUSECVE-2021-39698 at NVDCVE-2021-4001 at SUSECVE-2021-4001 at NVDCVE-2021-4002 at SUSECVE-2021-4002 at NVDCVE-2021-4037 at SUSECVE-2021-4037 at NVDCVE-2021-4083 at SUSECVE-2021-4083 at NVDCVE-2021-4090 at SUSECVE-2021-4090 at NVDCVE-2021-41073 at SUSECVE-2021-41073 at NVDCVE-2021-4135 at SUSECVE-2021-4135 at NVDCVE-2021-4148 at SUSECVE-2021-4148 at NVDCVE-2021-4155 at SUSECVE-2021-4155 at NVDCVE-2021-41864 at SUSECVE-2021-41864 at NVDCVE-2021-4197 at SUSECVE-2021-4197 at NVDCVE-2021-4202 at SUSECVE-2021-4202 at NVDCVE-2021-4204 at SUSECVE-2021-4204 at NVDCVE-2021-42252 at SUSECVE-2021-42252 at NVDCVE-2021-42327 at SUSECVE-2021-42327 at NVDCVE-2021-42739 at SUSECVE-2021-42739 at NVDCVE-2021-43056 at SUSECVE-2021-43056 at NVDCVE-2021-43057 at SUSECVE-2021-43057 at NVDCVE-2021-43267 at SUSECVE-2021-43267 at NVDCVE-2021-43389 at SUSECVE-2021-43389 at NVDCVE-2021-43975 at SUSECVE-2021-43975 at NVDCVE-2021-43976 at SUSECVE-2021-43976 at NVDCVE-2021-44733 at SUSECVE-2021-44733 at NVDCVE-2021-44879 at SUSECVE-2021-44879 at NVDCVE-2021-45095 at SUSECVE-2021-45095 at NVDCVE-2021-45402 at SUSECVE-2021-45402 at NVDCVE-2021-45480 at SUSECVE-2021-45480 at NVDCVE-2021-45868 at SUSECVE-2021-45868 at NVDCVE-2022-0001 at SUSECVE-2022-0001 at NVDCVE-2022-0002 at SUSECVE-2022-0002 at NVDCVE-2022-0168 at SUSECVE-2022-0168 at NVDCVE-2022-0171 at SUSECVE-2022-0171 at NVDCVE-2022-0185 at SUSECVE-2022-0185 at NVDCVE-2022-0264 at SUSECVE-2022-0264 at NVDCVE-2022-0322 at SUSECVE-2022-0322 at NVDCVE-2022-0330 at SUSECVE-2022-0330 at NVDCVE-2022-0382 at SUSECVE-2022-0382 at NVDCVE-2022-0435 at SUSECVE-2022-0435 at NVDCVE-2022-0487 at SUSECVE-2022-0487 at NVDCVE-2022-0492 at SUSECVE-2022-0492 at NVDCVE-2022-0494 at SUSECVE-2022-0494 at NVDCVE-2022-0500 at SUSECVE-2022-0500 at NVDCVE-2022-0516 at SUSECVE-2022-0516 at NVDCVE-2022-0617 at SUSECVE-2022-0617 at NVDCVE-2022-0644 at SUSECVE-2022-0644 at NVDCVE-2022-0742 at SUSECVE-2022-0742 at NVDCVE-2022-0847 at SUSECVE-2022-0847 at NVDCVE-2022-0854 at SUSECVE-2022-0854 at NVDCVE-2022-0886 at SUSECVE-2022-0886 at NVDCVE-2022-0995 at SUSECVE-2022-0995 at NVDCVE-2022-0998 at SUSECVE-2022-0998 at NVDCVE-2022-1011 at SUSECVE-2022-1011 at NVDCVE-2022-1012 at SUSECVE-2022-1012 at NVDCVE-2022-1015 at SUSECVE-2022-1015 at NVDCVE-2022-1016 at SUSECVE-2022-1016 at NVDCVE-2022-1048 at SUSECVE-2022-1048 at NVDCVE-2022-1055 at SUSECVE-2022-1055 at NVDCVE-2022-1158 at SUSECVE-2022-1158 at NVDCVE-2022-1184 at SUSECVE-2022-1184 at NVDCVE-2022-1195 at SUSECVE-2022-1195 at NVDCVE-2022-1198 at SUSECVE-2022-1198 at NVDCVE-2022-1199 at SUSECVE-2022-1199 at NVDCVE-2022-1204 at SUSECVE-2022-1204 at NVDCVE-2022-1205 at SUSECVE-2022-1205 at NVDCVE-2022-1263 at SUSECVE-2022-1263 at NVDCVE-2022-1280 at SUSECVE-2022-1280 at NVDCVE-2022-1462 at SUSECVE-2022-1462 at NVDCVE-2022-1508 at SUSECVE-2022-1508 at NVDCVE-2022-1516 at SUSECVE-2022-1516 at NVDCVE-2022-1651 at SUSECVE-2022-1651 at NVDCVE-2022-1652 at SUSECVE-2022-1652 at NVDCVE-2022-1671 at SUSECVE-2022-1671 at NVDCVE-2022-1679 at SUSECVE-2022-1679 at NVDCVE-2022-1729 at SUSECVE-2022-1729 at NVDCVE-2022-1734 at SUSECVE-2022-1734 at NVDCVE-2022-1789 at SUSECVE-2022-1789 at NVDCVE-2022-1836 at SUSECVE-2022-1836 at NVDCVE-2022-1852 at SUSECVE-2022-1852 at NVDCVE-2022-1882 at SUSECVE-2022-1882 at NVDCVE-2022-1966 at SUSECVE-2022-1966 at NVDCVE-2022-1972 at SUSECVE-2022-1972 at NVDCVE-2022-1974 at SUSECVE-2022-1974 at NVDCVE-2022-1975 at SUSECVE-2022-1975 at NVDCVE-2022-1998 at SUSECVE-2022-1998 at NVDCVE-2022-20008 at SUSECVE-2022-20008 at NVDCVE-2022-20132 at SUSECVE-2022-20132 at NVDCVE-2022-20154 at SUSECVE-2022-20154 at NVDCVE-2022-20368 at SUSECVE-2022-20368 at NVDCVE-2022-20369 at SUSECVE-2022-20369 at NVDCVE-2022-21123 at SUSECVE-2022-21123 at NVDCVE-2022-21125 at SUSECVE-2022-21125 at NVDCVE-2022-21127 at SUSECVE-2022-21127 at NVDCVE-2022-21166 at SUSECVE-2022-21166 at NVDCVE-2022-21180 at SUSECVE-2022-21180 at NVDCVE-2022-21499 at SUSECVE-2022-21499 at NVDCVE-2022-21505 at SUSECVE-2022-21505 at NVDCVE-2022-2153 at SUSECVE-2022-2153 at NVDCVE-2022-22942 at SUSECVE-2022-22942 at NVDCVE-2022-23036 at SUSECVE-2022-23036 at NVDCVE-2022-23037 at SUSECVE-2022-23037 at NVDCVE-2022-23038 at SUSECVE-2022-23038 at NVDCVE-2022-23039 at SUSECVE-2022-23039 at NVDCVE-2022-23040 at SUSECVE-2022-23040 at NVDCVE-2022-23041 at SUSECVE-2022-23041 at NVDCVE-2022-23042 at SUSECVE-2022-23042 at NVDCVE-2022-2318 at SUSECVE-2022-2318 at NVDCVE-2022-23222 at SUSECVE-2022-23222 at NVDCVE-2022-23960 at SUSECVE-2022-23960 at NVDCVE-2022-24122 at SUSECVE-2022-24122 at NVDCVE-2022-24448 at SUSECVE-2022-24448 at NVDCVE-2022-24958 at SUSECVE-2022-24958 at NVDCVE-2022-24959 at SUSECVE-2022-24959 at NVDCVE-2022-25258 at SUSECVE-2022-25258 at NVDCVE-2022-25375 at SUSECVE-2022-25375 at NVDCVE-2022-25636 at SUSECVE-2022-25636 at NVDCVE-2022-2585 at SUSECVE-2022-2585 at NVDCVE-2022-2586 at SUSECVE-2022-2586 at NVDCVE-2022-2588 at SUSECVE-2022-2588 at NVDCVE-2022-2602 at SUSECVE-2022-2602 at NVDCVE-2022-26365 at SUSECVE-2022-26365 at NVDCVE-2022-26373 at SUSECVE-2022-26373 at NVDCVE-2022-2639 at SUSECVE-2022-2639 at NVDCVE-2022-26490 at SUSECVE-2022-26490 at NVDCVE-2022-2663 at SUSECVE-2022-2663 at NVDCVE-2022-26878 at SUSECVE-2022-26878 at NVDCVE-2022-26966 at SUSECVE-2022-26966 at NVDCVE-2022-27223 at SUSECVE-2022-27223 at NVDCVE-2022-28356 at SUSECVE-2022-28356 at NVDCVE-2022-28388 at SUSECVE-2022-28388 at NVDCVE-2022-28389 at SUSECVE-2022-28389 at NVDCVE-2022-28390 at SUSECVE-2022-28390 at NVDCVE-2022-28693 at SUSECVE-2022-28693 at NVDCVE-2022-2873 at SUSECVE-2022-2873 at NVDCVE-2022-28748 at SUSECVE-2022-28748 at NVDCVE-2022-28893 at SUSECVE-2022-28893 at NVDCVE-2022-2905 at SUSECVE-2022-2905 at NVDCVE-2022-29156 at SUSECVE-2022-29156 at NVDCVE-2022-2938 at SUSECVE-2022-2938 at NVDCVE-2022-29581 at SUSECVE-2022-29581 at NVDCVE-2022-29582 at SUSECVE-2022-29582 at NVDCVE-2022-2959 at SUSECVE-2022-2959 at NVDCVE-2022-2964 at SUSECVE-2022-2964 at NVDCVE-2022-2977 at SUSECVE-2022-2977 at NVDCVE-2022-2978 at SUSECVE-2022-2978 at NVDCVE-2022-29900 at SUSECVE-2022-29900 at NVDCVE-2022-29901 at SUSECVE-2022-29901 at NVDCVE-2022-3028 at SUSECVE-2022-3028 at NVDCVE-2022-30594 at SUSECVE-2022-30594 at NVDCVE-2022-3078 at SUSECVE-2022-3078 at NVDCVE-2022-3104 at SUSECVE-2022-3104 at NVDCVE-2022-3105 at SUSECVE-2022-3105 at NVDCVE-2022-3106 at SUSECVE-2022-3106 at NVDCVE-2022-3107 at SUSECVE-2022-3107 at NVDCVE-2022-3108 at SUSECVE-2022-3108 at NVDCVE-2022-3111 at SUSECVE-2022-3111 at NVDCVE-2022-3112 at SUSECVE-2022-3112 at NVDCVE-2022-3113 at SUSECVE-2022-3113 at NVDCVE-2022-3114 at SUSECVE-2022-3114 at NVDCVE-2022-3115 at SUSECVE-2022-3115 at NVDCVE-2022-3169 at SUSECVE-2022-3169 at NVDCVE-2022-3176 at SUSECVE-2022-3176 at NVDCVE-2022-3202 at SUSECVE-2022-3202 at NVDCVE-2022-32250 at SUSECVE-2022-32250 at NVDCVE-2022-32296 at SUSECVE-2022-32296 at NVDCVE-2022-3239 at SUSECVE-2022-3239 at NVDCVE-2022-3303 at SUSECVE-2022-3303 at NVDCVE-2022-3344 at SUSECVE-2022-3344 at NVDCVE-2022-33740 at SUSECVE-2022-33740 at NVDCVE-2022-33741 at SUSECVE-2022-33741 at NVDCVE-2022-33742 at SUSECVE-2022-33742 at NVDCVE-2022-33743 at SUSECVE-2022-33743 at NVDCVE-2022-33981 at SUSECVE-2022-33981 at NVDCVE-2022-3424 at SUSECVE-2022-3424 at NVDCVE-2022-3435 at SUSECVE-2022-3435 at NVDCVE-2022-34918 at SUSECVE-2022-34918 at NVDCVE-2022-3521 at SUSECVE-2022-3521 at NVDCVE-2022-3524 at SUSECVE-2022-3524 at NVDCVE-2022-3526 at SUSECVE-2022-3526 at NVDCVE-2022-3535 at SUSECVE-2022-3535 at NVDCVE-2022-3542 at SUSECVE-2022-3542 at NVDCVE-2022-3545 at SUSECVE-2022-3545 at NVDCVE-2022-3564 at SUSECVE-2022-3564 at NVDCVE-2022-3565 at SUSECVE-2022-3565 at NVDCVE-2022-3566 at SUSECVE-2022-3566 at NVDCVE-2022-3567 at SUSECVE-2022-3567 at NVDCVE-2022-3577 at SUSECVE-2022-3577 at NVDCVE-2022-3586 at SUSECVE-2022-3586 at NVDCVE-2022-3594 at SUSECVE-2022-3594 at NVDCVE-2022-3619 at SUSECVE-2022-3619 at NVDCVE-2022-3621 at SUSECVE-2022-3621 at NVDCVE-2022-3625 at SUSECVE-2022-3625 at NVDCVE-2022-3628 at SUSECVE-2022-3628 at NVDCVE-2022-3629 at SUSECVE-2022-3629 at NVDCVE-2022-3633 at SUSECVE-2022-3633 at NVDCVE-2022-3635 at SUSECVE-2022-3635 at NVDCVE-2022-3640 at SUSECVE-2022-3640 at NVDCVE-2022-3643 at SUSECVE-2022-3643 at NVDCVE-2022-3646 at SUSECVE-2022-3646 at NVDCVE-2022-3649 at SUSECVE-2022-3649 at NVDCVE-2022-36879 at SUSECVE-2022-36879 at NVDCVE-2022-36946 at SUSECVE-2022-36946 at NVDCVE-2022-3707 at SUSECVE-2022-3707 at NVDCVE-2022-3903 at SUSECVE-2022-3903 at NVDCVE-2022-39188 at SUSECVE-2022-39188 at NVDCVE-2022-39189 at SUSECVE-2022-39189 at NVDCVE-2022-39190 at SUSECVE-2022-39190 at NVDCVE-2022-40476 at SUSECVE-2022-40476 at NVDCVE-2022-40768 at SUSECVE-2022-40768 at NVDCVE-2022-4095 at SUSECVE-2022-4095 at NVDCVE-2022-41218 at SUSECVE-2022-41218 at NVDCVE-2022-4129 at SUSECVE-2022-4129 at NVDCVE-2022-4139 at SUSECVE-2022-4139 at NVDCVE-2022-41674 at SUSECVE-2022-41674 at NVDCVE-2022-41848 at SUSECVE-2022-41848 at NVDCVE-2022-41849 at SUSECVE-2022-41849 at NVDCVE-2022-41850 at SUSECVE-2022-41850 at NVDCVE-2022-41858 at SUSECVE-2022-41858 at NVDCVE-2022-42328 at SUSECVE-2022-42328 at NVDCVE-2022-42329 at SUSECVE-2022-42329 at NVDCVE-2022-42703 at SUSECVE-2022-42703 at NVDCVE-2022-42719 at SUSECVE-2022-42719 at NVDCVE-2022-42720 at SUSECVE-2022-42720 at NVDCVE-2022-42721 at SUSECVE-2022-42721 at NVDCVE-2022-42722 at SUSECVE-2022-42722 at NVDCVE-2022-42895 at SUSECVE-2022-42895 at NVDCVE-2022-42896 at SUSECVE-2022-42896 at NVDCVE-2022-43750 at SUSECVE-2022-43750 at NVDCVE-2022-4378 at SUSECVE-2022-4378 at NVDCVE-2022-4379 at SUSECVE-2022-4379 at NVDCVE-2022-4382 at SUSECVE-2022-4382 at NVDCVE-2022-43945 at SUSECVE-2022-43945 at NVDCVE-2022-45869 at SUSECVE-2022-45869 at NVDCVE-2022-45888 at SUSECVE-2022-45888 at NVDCVE-2022-45934 at SUSECVE-2022-45934 at NVDCVE-2022-4662 at SUSECVE-2022-4662 at NVDCVE-2022-47520 at SUSECVE-2022-47520 at NVDCVE-2022-47929 at SUSECVE-2022-47929 at NVDCVE-2023-0122 at SUSECVE-2023-0122 at NVDCVE-2023-0179 at SUSECVE-2023-0179 at NVDCVE-2023-0266 at SUSECVE-2023-0266 at NVDCVE-2023-0590 at SUSECVE-2023-0590 at NVDCVE-2023-23454 at SUSECVE-2023-23454 at NVDCVE-2023-23455 at SUSECVE-2023-23455 at NVDcpe:/o:suse:sle-micro:5.4kernel-firmware-all-20220509-150400.4.13.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the kernel-firmware-all-20220509-150400.4.13.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2017-13080 at SUSECVE-2017-13080 at NVDCVE-2017-13081 at SUSECVE-2017-13081 at NVDCVE-2017-5715 at SUSECVE-2017-5715 at NVDCVE-2019-9836 at SUSECVE-2019-9836 at NVDCVE-2021-26312 at SUSECVE-2021-26312 at NVDCVE-2021-26339 at SUSECVE-2021-26339 at NVDCVE-2021-26342 at SUSECVE-2021-26342 at NVDCVE-2021-26347 at SUSECVE-2021-26347 at NVDCVE-2021-26348 at SUSECVE-2021-26348 at NVDCVE-2021-26349 at SUSECVE-2021-26349 at NVDCVE-2021-26350 at SUSECVE-2021-26350 at NVDCVE-2021-26364 at SUSECVE-2021-26364 at NVDCVE-2021-26372 at SUSECVE-2021-26372 at NVDCVE-2021-26373 at SUSECVE-2021-26373 at NVDCVE-2021-26375 at SUSECVE-2021-26375 at NVDCVE-2021-26376 at SUSECVE-2021-26376 at NVDCVE-2021-26378 at SUSECVE-2021-26378 at NVDCVE-2021-26388 at SUSECVE-2021-26388 at NVDCVE-2021-33139 at SUSECVE-2021-33139 at NVDCVE-2021-33155 at SUSECVE-2021-33155 at NVDCVE-2021-46744 at SUSECVE-2021-46744 at NVDcpe:/o:suse:sle-micro:5.4kernel-rt-5.14.21-150400.15.11.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the kernel-rt-5.14.21-150400.15.11.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2016-3695 at SUSECVE-2016-3695 at NVDCVE-2017-1000251 at SUSECVE-2017-1000251 at NVDCVE-2017-12153 at SUSECVE-2017-12153 at NVDCVE-2017-13080 at SUSECVE-2017-13080 at NVDCVE-2017-14051 at SUSECVE-2017-14051 at NVDCVE-2017-16536 at SUSECVE-2017-16536 at NVDCVE-2017-16537 at SUSECVE-2017-16537 at NVDCVE-2017-16646 at SUSECVE-2017-16646 at NVDCVE-2017-16648 at SUSECVE-2017-16648 at NVDCVE-2017-5715 at SUSECVE-2017-5715 at NVDCVE-2017-5753 at SUSECVE-2017-5753 at NVDCVE-2017-5754 at SUSECVE-2017-5754 at NVDCVE-2018-10323 at SUSECVE-2018-10323 at NVDCVE-2018-12232 at SUSECVE-2018-12232 at NVDCVE-2018-13053 at SUSECVE-2018-13053 at NVDCVE-2018-20669 at SUSECVE-2018-20669 at NVDCVE-2019-0154 at SUSECVE-2019-0154 at NVDCVE-2019-0155 at SUSECVE-2019-0155 at NVDCVE-2019-10220 at SUSECVE-2019-10220 at NVDCVE-2019-11477 at SUSECVE-2019-11477 at NVDCVE-2019-11478 at SUSECVE-2019-11478 at NVDCVE-2019-11479 at SUSECVE-2019-11479 at NVDCVE-2019-14615 at SUSECVE-2019-14615 at NVDCVE-2019-14814 at SUSECVE-2019-14814 at NVDCVE-2019-14815 at SUSECVE-2019-14815 at NVDCVE-2019-14816 at SUSECVE-2019-14816 at NVDCVE-2019-14895 at SUSECVE-2019-14895 at NVDCVE-2019-14896 at SUSECVE-2019-14896 at NVDCVE-2019-14897 at SUSECVE-2019-14897 at NVDCVE-2019-14901 at SUSECVE-2019-14901 at NVDCVE-2019-15030 at SUSECVE-2019-15030 at NVDCVE-2019-15031 at SUSECVE-2019-15031 at NVDCVE-2019-15098 at SUSECVE-2019-15098 at NVDCVE-2019-15099 at SUSECVE-2019-15099 at NVDCVE-2019-15290 at SUSECVE-2019-15290 at NVDCVE-2019-15291 at SUSECVE-2019-15291 at NVDCVE-2019-15504 at SUSECVE-2019-15504 at NVDCVE-2019-16231 at SUSECVE-2019-16231 at NVDCVE-2019-16232 at SUSECVE-2019-16232 at NVDCVE-2019-16233 at SUSECVE-2019-16233 at NVDCVE-2019-16234 at SUSECVE-2019-16234 at NVDCVE-2019-17133 at SUSECVE-2019-17133 at NVDCVE-2019-17666 at SUSECVE-2019-17666 at NVDCVE-2019-18198 at SUSECVE-2019-18198 at NVDCVE-2019-18660 at SUSECVE-2019-18660 at NVDCVE-2019-18683 at SUSECVE-2019-18683 at NVDCVE-2019-18786 at SUSECVE-2019-18786 at NVDCVE-2019-18808 at SUSECVE-2019-18808 at NVDCVE-2019-18809 at SUSECVE-2019-18809 at NVDCVE-2019-18811 at SUSECVE-2019-18811 at NVDCVE-2019-18812 at SUSECVE-2019-18812 at NVDCVE-2019-18813 at SUSECVE-2019-18813 at NVDCVE-2019-18814 at SUSECVE-2019-18814 at NVDCVE-2019-19037 at SUSECVE-2019-19037 at NVDCVE-2019-19043 at SUSECVE-2019-19043 at NVDCVE-2019-19044 at SUSECVE-2019-19044 at NVDCVE-2019-19045 at SUSECVE-2019-19045 at NVDCVE-2019-19046 at SUSECVE-2019-19046 at NVDCVE-2019-19047 at SUSECVE-2019-19047 at NVDCVE-2019-19048 at SUSECVE-2019-19048 at NVDCVE-2019-19049 at SUSECVE-2019-19049 at NVDCVE-2019-19050 at SUSECVE-2019-19050 at NVDCVE-2019-19051 at SUSECVE-2019-19051 at NVDCVE-2019-19052 at SUSECVE-2019-19052 at NVDCVE-2019-19053 at SUSECVE-2019-19053 at NVDCVE-2019-19054 at SUSECVE-2019-19054 at NVDCVE-2019-19055 at SUSECVE-2019-19055 at NVDCVE-2019-19056 at SUSECVE-2019-19056 at NVDCVE-2019-19057 at SUSECVE-2019-19057 at NVDCVE-2019-19058 at SUSECVE-2019-19058 at NVDCVE-2019-19060 at SUSECVE-2019-19060 at NVDCVE-2019-19061 at SUSECVE-2019-19061 at NVDCVE-2019-19062 at SUSECVE-2019-19062 at NVDCVE-2019-19063 at SUSECVE-2019-19063 at NVDCVE-2019-19064 at SUSECVE-2019-19064 at NVDCVE-2019-19065 at SUSECVE-2019-19065 at NVDCVE-2019-19066 at SUSECVE-2019-19066 at NVDCVE-2019-19067 at SUSECVE-2019-19067 at NVDCVE-2019-19068 at SUSECVE-2019-19068 at NVDCVE-2019-19069 at SUSECVE-2019-19069 at NVDCVE-2019-19070 at SUSECVE-2019-19070 at NVDCVE-2019-19071 at SUSECVE-2019-19071 at NVDCVE-2019-19072 at SUSECVE-2019-19072 at NVDCVE-2019-19073 at SUSECVE-2019-19073 at NVDCVE-2019-19074 at SUSECVE-2019-19074 at NVDCVE-2019-19075 at SUSECVE-2019-19075 at NVDCVE-2019-19077 at SUSECVE-2019-19077 at NVDCVE-2019-19078 at SUSECVE-2019-19078 at NVDCVE-2019-19080 at SUSECVE-2019-19080 at NVDCVE-2019-19081 at SUSECVE-2019-19081 at NVDCVE-2019-19082 at SUSECVE-2019-19082 at NVDCVE-2019-19083 at SUSECVE-2019-19083 at NVDCVE-2019-19241 at SUSECVE-2019-19241 at NVDCVE-2019-19252 at SUSECVE-2019-19252 at NVDCVE-2019-19332 at SUSECVE-2019-19332 at NVDCVE-2019-19338 at SUSECVE-2019-19338 at NVDCVE-2019-19447 at SUSECVE-2019-19447 at NVDCVE-2019-19462 at SUSECVE-2019-19462 at NVDCVE-2019-19523 at SUSECVE-2019-19523 at NVDCVE-2019-19524 at SUSECVE-2019-19524 at NVDCVE-2019-19525 at SUSECVE-2019-19525 at NVDCVE-2019-19526 at SUSECVE-2019-19526 at NVDCVE-2019-19528 at SUSECVE-2019-19528 at NVDCVE-2019-19529 at SUSECVE-2019-19529 at NVDCVE-2019-19532 at SUSECVE-2019-19532 at NVDCVE-2019-19533 at SUSECVE-2019-19533 at NVDCVE-2019-19534 at SUSECVE-2019-19534 at NVDCVE-2019-19602 at SUSECVE-2019-19602 at NVDCVE-2019-19767 at SUSECVE-2019-19767 at NVDCVE-2019-19768 at SUSECVE-2019-19768 at NVDCVE-2019-19769 at SUSECVE-2019-19769 at NVDCVE-2019-19770 at SUSECVE-2019-19770 at NVDCVE-2019-19807 at SUSECVE-2019-19807 at NVDCVE-2019-19922 at SUSECVE-2019-19922 at NVDCVE-2019-19947 at SUSECVE-2019-19947 at NVDCVE-2019-19965 at SUSECVE-2019-19965 at NVDCVE-2019-20422 at SUSECVE-2019-20422 at NVDCVE-2019-20810 at SUSECVE-2019-20810 at NVDCVE-2019-20812 at SUSECVE-2019-20812 at NVDCVE-2019-3016 at SUSECVE-2019-3016 at NVDCVE-2019-8912 at SUSECVE-2019-8912 at NVDCVE-2020-0110 at SUSECVE-2020-0110 at NVDCVE-2020-0305 at SUSECVE-2020-0305 at NVDCVE-2020-0404 at SUSECVE-2020-0404 at NVDCVE-2020-0427 at SUSECVE-2020-0427 at NVDCVE-2020-0431 at SUSECVE-2020-0431 at NVDCVE-2020-0432 at SUSECVE-2020-0432 at NVDCVE-2020-0444 at SUSECVE-2020-0444 at NVDCVE-2020-0465 at SUSECVE-2020-0465 at NVDCVE-2020-0466 at SUSECVE-2020-0466 at NVDCVE-2020-0543 at SUSECVE-2020-0543 at NVDCVE-2020-10135 at SUSECVE-2020-10135 at NVDCVE-2020-10690 at SUSECVE-2020-10690 at NVDCVE-2020-10711 at SUSECVE-2020-10711 at NVDCVE-2020-10732 at SUSECVE-2020-10732 at NVDCVE-2020-10751 at SUSECVE-2020-10751 at NVDCVE-2020-10757 at SUSECVE-2020-10757 at NVDCVE-2020-10766 at SUSECVE-2020-10766 at NVDCVE-2020-10767 at SUSECVE-2020-10767 at NVDCVE-2020-10768 at SUSECVE-2020-10768 at NVDCVE-2020-10773 at SUSECVE-2020-10773 at NVDCVE-2020-10781 at SUSECVE-2020-10781 at NVDCVE-2020-10942 at SUSECVE-2020-10942 at NVDCVE-2020-11494 at SUSECVE-2020-11494 at NVDCVE-2020-11608 at SUSECVE-2020-11608 at NVDCVE-2020-11668 at SUSECVE-2020-11668 at NVDCVE-2020-11884 at SUSECVE-2020-11884 at NVDCVE-2020-12351 at SUSECVE-2020-12351 at NVDCVE-2020-12352 at SUSECVE-2020-12352 at NVDCVE-2020-12362 at SUSECVE-2020-12362 at NVDCVE-2020-12363 at SUSECVE-2020-12363 at NVDCVE-2020-12364 at SUSECVE-2020-12364 at NVDCVE-2020-12373 at SUSECVE-2020-12373 at NVDCVE-2020-12464 at SUSECVE-2020-12464 at NVDCVE-2020-12465 at SUSECVE-2020-12465 at NVDCVE-2020-12652 at SUSECVE-2020-12652 at NVDCVE-2020-12653 at SUSECVE-2020-12653 at NVDCVE-2020-12654 at SUSECVE-2020-12654 at NVDCVE-2020-12655 at SUSECVE-2020-12655 at NVDCVE-2020-12656 at SUSECVE-2020-12656 at NVDCVE-2020-12657 at SUSECVE-2020-12657 at NVDCVE-2020-12659 at SUSECVE-2020-12659 at NVDCVE-2020-12769 at SUSECVE-2020-12769 at NVDCVE-2020-12770 at SUSECVE-2020-12770 at NVDCVE-2020-12771 at SUSECVE-2020-12771 at NVDCVE-2020-12888 at SUSECVE-2020-12888 at NVDCVE-2020-13143 at SUSECVE-2020-13143 at NVDCVE-2020-13974 at SUSECVE-2020-13974 at NVDCVE-2020-14314 at SUSECVE-2020-14314 at NVDCVE-2020-14331 at SUSECVE-2020-14331 at NVDCVE-2020-14351 at SUSECVE-2020-14351 at NVDCVE-2020-14356 at SUSECVE-2020-14356 at NVDCVE-2020-14385 at SUSECVE-2020-14385 at NVDCVE-2020-14386 at SUSECVE-2020-14386 at NVDCVE-2020-14390 at SUSECVE-2020-14390 at NVDCVE-2020-14416 at SUSECVE-2020-14416 at NVDCVE-2020-15393 at SUSECVE-2020-15393 at NVDCVE-2020-15436 at SUSECVE-2020-15436 at NVDCVE-2020-15437 at SUSECVE-2020-15437 at NVDCVE-2020-15780 at SUSECVE-2020-15780 at NVDCVE-2020-16119 at SUSECVE-2020-16119 at NVDCVE-2020-16120 at SUSECVE-2020-16120 at NVDCVE-2020-16166 at SUSECVE-2020-16166 at NVDCVE-2020-1749 at SUSECVE-2020-1749 at NVDCVE-2020-24490 at SUSECVE-2020-24490 at NVDCVE-2020-24586 at SUSECVE-2020-24586 at NVDCVE-2020-24587 at SUSECVE-2020-24587 at NVDCVE-2020-24588 at SUSECVE-2020-24588 at NVDCVE-2020-2521 at SUSECVE-2020-2521 at NVDCVE-2020-25211 at SUSECVE-2020-25211 at NVDCVE-2020-25212 at SUSECVE-2020-25212 at NVDCVE-2020-25284 at SUSECVE-2020-25284 at NVDCVE-2020-25285 at SUSECVE-2020-25285 at NVDCVE-2020-25639 at SUSECVE-2020-25639 at NVDCVE-2020-25641 at SUSECVE-2020-25641 at NVDCVE-2020-25643 at SUSECVE-2020-25643 at NVDCVE-2020-25645 at SUSECVE-2020-25645 at NVDCVE-2020-25656 at SUSECVE-2020-25656 at NVDCVE-2020-25668 at SUSECVE-2020-25668 at NVDCVE-2020-25669 at SUSECVE-2020-25669 at NVDCVE-2020-25670 at SUSECVE-2020-25670 at NVDCVE-2020-25671 at SUSECVE-2020-25671 at NVDCVE-2020-25672 at SUSECVE-2020-25672 at NVDCVE-2020-25673 at SUSECVE-2020-25673 at NVDCVE-2020-25704 at SUSECVE-2020-25704 at NVDCVE-2020-25705 at SUSECVE-2020-25705 at NVDCVE-2020-26088 at SUSECVE-2020-26088 at NVDCVE-2020-26139 at SUSECVE-2020-26139 at NVDCVE-2020-26141 at SUSECVE-2020-26141 at NVDCVE-2020-26145 at SUSECVE-2020-26145 at NVDCVE-2020-26147 at SUSECVE-2020-26147 at NVDCVE-2020-26558 at SUSECVE-2020-26558 at NVDCVE-2020-27068 at SUSECVE-2020-27068 at NVDCVE-2020-27170 at SUSECVE-2020-27170 at NVDCVE-2020-27171 at SUSECVE-2020-27171 at NVDCVE-2020-27194 at SUSECVE-2020-27194 at NVDCVE-2020-2732 at SUSECVE-2020-2732 at NVDCVE-2020-27673 at SUSECVE-2020-27673 at NVDCVE-2020-27675 at SUSECVE-2020-27675 at NVDCVE-2020-27777 at SUSECVE-2020-27777 at NVDCVE-2020-27786 at SUSECVE-2020-27786 at NVDCVE-2020-27815 at SUSECVE-2020-27815 at NVDCVE-2020-27820 at SUSECVE-2020-27820 at NVDCVE-2020-27825 at SUSECVE-2020-27825 at NVDCVE-2020-27830 at SUSECVE-2020-27830 at NVDCVE-2020-27835 at SUSECVE-2020-27835 at NVDCVE-2020-28374 at SUSECVE-2020-28374 at NVDCVE-2020-28915 at SUSECVE-2020-28915 at NVDCVE-2020-28941 at SUSECVE-2020-28941 at NVDCVE-2020-28974 at SUSECVE-2020-28974 at NVDCVE-2020-29368 at SUSECVE-2020-29368 at NVDCVE-2020-29369 at SUSECVE-2020-29369 at NVDCVE-2020-29370 at SUSECVE-2020-29370 at NVDCVE-2020-29371 at SUSECVE-2020-29371 at NVDCVE-2020-29373 at SUSECVE-2020-29373 at NVDCVE-2020-29568 at SUSECVE-2020-29568 at NVDCVE-2020-29569 at SUSECVE-2020-29569 at NVDCVE-2020-29660 at SUSECVE-2020-29660 at NVDCVE-2020-29661 at SUSECVE-2020-29661 at NVDCVE-2020-35519 at SUSECVE-2020-35519 at NVDCVE-2020-36158 at SUSECVE-2020-36158 at NVDCVE-2020-36310 at SUSECVE-2020-36310 at NVDCVE-2020-36311 at SUSECVE-2020-36311 at NVDCVE-2020-36312 at SUSECVE-2020-36312 at NVDCVE-2020-36322 at SUSECVE-2020-36322 at NVDCVE-2020-36385 at SUSECVE-2020-36385 at NVDCVE-2020-36386 at SUSECVE-2020-36386 at NVDCVE-2020-36516 at SUSECVE-2020-36516 at NVDCVE-2020-4788 at SUSECVE-2020-4788 at NVDCVE-2020-8428 at SUSECVE-2020-8428 at NVDCVE-2020-8647 at SUSECVE-2020-8647 at NVDCVE-2020-8648 at SUSECVE-2020-8648 at NVDCVE-2020-8649 at SUSECVE-2020-8649 at NVDCVE-2020-8694 at SUSECVE-2020-8694 at NVDCVE-2020-8835 at SUSECVE-2020-8835 at NVDCVE-2020-8992 at SUSECVE-2020-8992 at NVDCVE-2020-9383 at SUSECVE-2020-9383 at NVDCVE-2021-0129 at SUSECVE-2021-0129 at NVDCVE-2021-0342 at SUSECVE-2021-0342 at NVDCVE-2021-0512 at SUSECVE-2021-0512 at NVDCVE-2021-0605 at SUSECVE-2021-0605 at NVDCVE-2021-20177 at SUSECVE-2021-20177 at NVDCVE-2021-20268 at SUSECVE-2021-20268 at NVDCVE-2021-20321 at SUSECVE-2021-20321 at NVDCVE-2021-21781 at SUSECVE-2021-21781 at NVDCVE-2021-22543 at SUSECVE-2021-22543 at NVDCVE-2021-22555 at SUSECVE-2021-22555 at NVDCVE-2021-22600 at SUSECVE-2021-22600 at NVDCVE-2021-23134 at SUSECVE-2021-23134 at NVDCVE-2021-26341 at SUSECVE-2021-26341 at NVDCVE-2021-26930 at SUSECVE-2021-26930 at NVDCVE-2021-26931 at SUSECVE-2021-26931 at NVDCVE-2021-26932 at SUSECVE-2021-26932 at NVDCVE-2021-27363 at SUSECVE-2021-27363 at NVDCVE-2021-27364 at SUSECVE-2021-27364 at NVDCVE-2021-27365 at SUSECVE-2021-27365 at NVDCVE-2021-28038 at SUSECVE-2021-28038 at NVDCVE-2021-28375 at SUSECVE-2021-28375 at NVDCVE-2021-28660 at SUSECVE-2021-28660 at NVDCVE-2021-28688 at SUSECVE-2021-28688 at NVDCVE-2021-28711 at SUSECVE-2021-28711 at NVDCVE-2021-28712 at SUSECVE-2021-28712 at NVDCVE-2021-28713 at SUSECVE-2021-28713 at NVDCVE-2021-28714 at SUSECVE-2021-28714 at NVDCVE-2021-28715 at SUSECVE-2021-28715 at NVDCVE-2021-28950 at SUSECVE-2021-28950 at NVDCVE-2021-28952 at SUSECVE-2021-28952 at NVDCVE-2021-28964 at SUSECVE-2021-28964 at NVDCVE-2021-28971 at SUSECVE-2021-28971 at NVDCVE-2021-28972 at SUSECVE-2021-28972 at NVDCVE-2021-29154 at SUSECVE-2021-29154 at NVDCVE-2021-29155 at SUSECVE-2021-29155 at NVDCVE-2021-29264 at SUSECVE-2021-29264 at NVDCVE-2021-29265 at SUSECVE-2021-29265 at NVDCVE-2021-29647 at SUSECVE-2021-29647 at NVDCVE-2021-29650 at SUSECVE-2021-29650 at NVDCVE-2021-30002 at SUSECVE-2021-30002 at NVDCVE-2021-32399 at SUSECVE-2021-32399 at NVDCVE-2021-33034 at SUSECVE-2021-33034 at NVDCVE-2021-33061 at SUSECVE-2021-33061 at NVDCVE-2021-33135 at SUSECVE-2021-33135 at NVDCVE-2021-33200 at SUSECVE-2021-33200 at NVDCVE-2021-3347 at SUSECVE-2021-3347 at NVDCVE-2021-3348 at SUSECVE-2021-3348 at NVDCVE-2021-33624 at SUSECVE-2021-33624 at NVDCVE-2021-33655 at SUSECVE-2021-33655 at NVDCVE-2021-33909 at SUSECVE-2021-33909 at NVDCVE-2021-3428 at SUSECVE-2021-3428 at NVDCVE-2021-3444 at SUSECVE-2021-3444 at NVDCVE-2021-34556 at SUSECVE-2021-34556 at NVDCVE-2021-34693 at SUSECVE-2021-34693 at NVDCVE-2021-3483 at SUSECVE-2021-3483 at NVDCVE-2021-3489 at SUSECVE-2021-3489 at NVDCVE-2021-3490 at SUSECVE-2021-3490 at NVDCVE-2021-3491 at SUSECVE-2021-3491 at NVDCVE-2021-35039 at SUSECVE-2021-35039 at NVDCVE-2021-3542 at SUSECVE-2021-3542 at NVDCVE-2021-35477 at SUSECVE-2021-35477 at NVDCVE-2021-3573 at SUSECVE-2021-3573 at NVDCVE-2021-3609 at SUSECVE-2021-3609 at NVDCVE-2021-3612 at SUSECVE-2021-3612 at NVDCVE-2021-3640 at SUSECVE-2021-3640 at NVDCVE-2021-3653 at SUSECVE-2021-3653 at NVDCVE-2021-3656 at SUSECVE-2021-3656 at NVDCVE-2021-3659 at SUSECVE-2021-3659 at NVDCVE-2021-3679 at SUSECVE-2021-3679 at NVDCVE-2021-3732 at SUSECVE-2021-3732 at NVDCVE-2021-3739 at SUSECVE-2021-3739 at NVDCVE-2021-3743 at SUSECVE-2021-3743 at NVDCVE-2021-3744 at SUSECVE-2021-3744 at NVDCVE-2021-3753 at SUSECVE-2021-3753 at NVDCVE-2021-37576 at SUSECVE-2021-37576 at NVDCVE-2021-3759 at SUSECVE-2021-3759 at NVDCVE-2021-3760 at SUSECVE-2021-3760 at NVDCVE-2021-3764 at SUSECVE-2021-3764 at NVDCVE-2021-3772 at SUSECVE-2021-3772 at NVDCVE-2021-38160 at SUSECVE-2021-38160 at NVDCVE-2021-38166 at SUSECVE-2021-38166 at NVDCVE-2021-38198 at SUSECVE-2021-38198 at NVDCVE-2021-38204 at SUSECVE-2021-38204 at NVDCVE-2021-38205 at SUSECVE-2021-38205 at NVDCVE-2021-38206 at SUSECVE-2021-38206 at NVDCVE-2021-38207 at SUSECVE-2021-38207 at NVDCVE-2021-38209 at SUSECVE-2021-38209 at NVDCVE-2021-3896 at SUSECVE-2021-3896 at NVDCVE-2021-39685 at SUSECVE-2021-39685 at NVDCVE-2021-39698 at SUSECVE-2021-39698 at NVDCVE-2021-4001 at SUSECVE-2021-4001 at NVDCVE-2021-4002 at SUSECVE-2021-4002 at NVDCVE-2021-4037 at SUSECVE-2021-4037 at NVDCVE-2021-4083 at SUSECVE-2021-4083 at NVDCVE-2021-4090 at SUSECVE-2021-4090 at NVDCVE-2021-41073 at SUSECVE-2021-41073 at NVDCVE-2021-4135 at SUSECVE-2021-4135 at NVDCVE-2021-4148 at SUSECVE-2021-4148 at NVDCVE-2021-4155 at SUSECVE-2021-4155 at NVDCVE-2021-41864 at SUSECVE-2021-41864 at NVDCVE-2021-4197 at SUSECVE-2021-4197 at NVDCVE-2021-4202 at SUSECVE-2021-4202 at NVDCVE-2021-4204 at SUSECVE-2021-4204 at NVDCVE-2021-42252 at SUSECVE-2021-42252 at NVDCVE-2021-42327 at SUSECVE-2021-42327 at NVDCVE-2021-42739 at SUSECVE-2021-42739 at NVDCVE-2021-43056 at SUSECVE-2021-43056 at NVDCVE-2021-43057 at SUSECVE-2021-43057 at NVDCVE-2021-43267 at SUSECVE-2021-43267 at NVDCVE-2021-43389 at SUSECVE-2021-43389 at NVDCVE-2021-43975 at SUSECVE-2021-43975 at NVDCVE-2021-43976 at SUSECVE-2021-43976 at NVDCVE-2021-44733 at SUSECVE-2021-44733 at NVDCVE-2021-44879 at SUSECVE-2021-44879 at NVDCVE-2021-45095 at SUSECVE-2021-45095 at NVDCVE-2021-45402 at SUSECVE-2021-45402 at NVDCVE-2021-45480 at SUSECVE-2021-45480 at NVDCVE-2021-45868 at SUSECVE-2021-45868 at NVDCVE-2022-0001 at SUSECVE-2022-0001 at NVDCVE-2022-0002 at SUSECVE-2022-0002 at NVDCVE-2022-0168 at SUSECVE-2022-0168 at NVDCVE-2022-0171 at SUSECVE-2022-0171 at NVDCVE-2022-0185 at SUSECVE-2022-0185 at NVDCVE-2022-0264 at SUSECVE-2022-0264 at NVDCVE-2022-0322 at SUSECVE-2022-0322 at NVDCVE-2022-0330 at SUSECVE-2022-0330 at NVDCVE-2022-0382 at SUSECVE-2022-0382 at NVDCVE-2022-0435 at SUSECVE-2022-0435 at NVDCVE-2022-0487 at SUSECVE-2022-0487 at NVDCVE-2022-0492 at SUSECVE-2022-0492 at NVDCVE-2022-0494 at SUSECVE-2022-0494 at NVDCVE-2022-0500 at SUSECVE-2022-0500 at NVDCVE-2022-0516 at SUSECVE-2022-0516 at NVDCVE-2022-0617 at SUSECVE-2022-0617 at NVDCVE-2022-0644 at SUSECVE-2022-0644 at NVDCVE-2022-0742 at SUSECVE-2022-0742 at NVDCVE-2022-0847 at SUSECVE-2022-0847 at NVDCVE-2022-0854 at SUSECVE-2022-0854 at NVDCVE-2022-0886 at SUSECVE-2022-0886 at NVDCVE-2022-0995 at SUSECVE-2022-0995 at NVDCVE-2022-0998 at SUSECVE-2022-0998 at NVDCVE-2022-1011 at SUSECVE-2022-1011 at NVDCVE-2022-1012 at SUSECVE-2022-1012 at NVDCVE-2022-1015 at SUSECVE-2022-1015 at NVDCVE-2022-1016 at SUSECVE-2022-1016 at NVDCVE-2022-1048 at SUSECVE-2022-1048 at NVDCVE-2022-1055 at SUSECVE-2022-1055 at NVDCVE-2022-1158 at SUSECVE-2022-1158 at NVDCVE-2022-1184 at SUSECVE-2022-1184 at NVDCVE-2022-1195 at SUSECVE-2022-1195 at NVDCVE-2022-1198 at SUSECVE-2022-1198 at NVDCVE-2022-1199 at SUSECVE-2022-1199 at NVDCVE-2022-1204 at SUSECVE-2022-1204 at NVDCVE-2022-1205 at SUSECVE-2022-1205 at NVDCVE-2022-1263 at SUSECVE-2022-1263 at NVDCVE-2022-1280 at SUSECVE-2022-1280 at NVDCVE-2022-1462 at SUSECVE-2022-1462 at NVDCVE-2022-1508 at SUSECVE-2022-1508 at NVDCVE-2022-1516 at SUSECVE-2022-1516 at NVDCVE-2022-1651 at SUSECVE-2022-1651 at NVDCVE-2022-1652 at SUSECVE-2022-1652 at NVDCVE-2022-1671 at SUSECVE-2022-1671 at NVDCVE-2022-1679 at SUSECVE-2022-1679 at NVDCVE-2022-1729 at SUSECVE-2022-1729 at NVDCVE-2022-1734 at SUSECVE-2022-1734 at NVDCVE-2022-1789 at SUSECVE-2022-1789 at NVDCVE-2022-1836 at SUSECVE-2022-1836 at NVDCVE-2022-1852 at SUSECVE-2022-1852 at NVDCVE-2022-1882 at SUSECVE-2022-1882 at NVDCVE-2022-1966 at SUSECVE-2022-1966 at NVDCVE-2022-1972 at SUSECVE-2022-1972 at NVDCVE-2022-1974 at SUSECVE-2022-1974 at NVDCVE-2022-1975 at SUSECVE-2022-1975 at NVDCVE-2022-1998 at SUSECVE-2022-1998 at NVDCVE-2022-20008 at SUSECVE-2022-20008 at NVDCVE-2022-20132 at SUSECVE-2022-20132 at NVDCVE-2022-20154 at SUSECVE-2022-20154 at NVDCVE-2022-20368 at SUSECVE-2022-20368 at NVDCVE-2022-20369 at SUSECVE-2022-20369 at NVDCVE-2022-21123 at SUSECVE-2022-21123 at NVDCVE-2022-21125 at SUSECVE-2022-21125 at NVDCVE-2022-21127 at SUSECVE-2022-21127 at NVDCVE-2022-21166 at SUSECVE-2022-21166 at NVDCVE-2022-21180 at SUSECVE-2022-21180 at NVDCVE-2022-21499 at SUSECVE-2022-21499 at NVDCVE-2022-21505 at SUSECVE-2022-21505 at NVDCVE-2022-2153 at SUSECVE-2022-2153 at NVDCVE-2022-22942 at SUSECVE-2022-22942 at NVDCVE-2022-23036 at SUSECVE-2022-23036 at NVDCVE-2022-23037 at SUSECVE-2022-23037 at NVDCVE-2022-23038 at SUSECVE-2022-23038 at NVDCVE-2022-23039 at SUSECVE-2022-23039 at NVDCVE-2022-23040 at SUSECVE-2022-23040 at NVDCVE-2022-23041 at SUSECVE-2022-23041 at NVDCVE-2022-23042 at SUSECVE-2022-23042 at NVDCVE-2022-2318 at SUSECVE-2022-2318 at NVDCVE-2022-23222 at SUSECVE-2022-23222 at NVDCVE-2022-23960 at SUSECVE-2022-23960 at NVDCVE-2022-24122 at SUSECVE-2022-24122 at NVDCVE-2022-24448 at SUSECVE-2022-24448 at NVDCVE-2022-24958 at SUSECVE-2022-24958 at NVDCVE-2022-24959 at SUSECVE-2022-24959 at NVDCVE-2022-25258 at SUSECVE-2022-25258 at NVDCVE-2022-25375 at SUSECVE-2022-25375 at NVDCVE-2022-25636 at SUSECVE-2022-25636 at NVDCVE-2022-2585 at SUSECVE-2022-2585 at NVDCVE-2022-2586 at SUSECVE-2022-2586 at NVDCVE-2022-2588 at SUSECVE-2022-2588 at NVDCVE-2022-2602 at SUSECVE-2022-2602 at NVDCVE-2022-26365 at SUSECVE-2022-26365 at NVDCVE-2022-26373 at SUSECVE-2022-26373 at NVDCVE-2022-2639 at SUSECVE-2022-2639 at NVDCVE-2022-26490 at SUSECVE-2022-26490 at NVDCVE-2022-2663 at SUSECVE-2022-2663 at NVDCVE-2022-26878 at SUSECVE-2022-26878 at NVDCVE-2022-26966 at SUSECVE-2022-26966 at NVDCVE-2022-27223 at SUSECVE-2022-27223 at NVDCVE-2022-28356 at SUSECVE-2022-28356 at NVDCVE-2022-28388 at SUSECVE-2022-28388 at NVDCVE-2022-28389 at SUSECVE-2022-28389 at NVDCVE-2022-28390 at SUSECVE-2022-28390 at NVDCVE-2022-28693 at SUSECVE-2022-28693 at NVDCVE-2022-2873 at SUSECVE-2022-2873 at NVDCVE-2022-28748 at SUSECVE-2022-28748 at NVDCVE-2022-28893 at SUSECVE-2022-28893 at NVDCVE-2022-2905 at SUSECVE-2022-2905 at NVDCVE-2022-29156 at SUSECVE-2022-29156 at NVDCVE-2022-2938 at SUSECVE-2022-2938 at NVDCVE-2022-29581 at SUSECVE-2022-29581 at NVDCVE-2022-29582 at SUSECVE-2022-29582 at NVDCVE-2022-2959 at SUSECVE-2022-2959 at NVDCVE-2022-2964 at SUSECVE-2022-2964 at NVDCVE-2022-2977 at SUSECVE-2022-2977 at NVDCVE-2022-2978 at SUSECVE-2022-2978 at NVDCVE-2022-29900 at SUSECVE-2022-29900 at NVDCVE-2022-29901 at SUSECVE-2022-29901 at NVDCVE-2022-3028 at SUSECVE-2022-3028 at NVDCVE-2022-30594 at SUSECVE-2022-30594 at NVDCVE-2022-3078 at SUSECVE-2022-3078 at NVDCVE-2022-3104 at SUSECVE-2022-3104 at NVDCVE-2022-3105 at SUSECVE-2022-3105 at NVDCVE-2022-3106 at SUSECVE-2022-3106 at NVDCVE-2022-3107 at SUSECVE-2022-3107 at NVDCVE-2022-3108 at SUSECVE-2022-3108 at NVDCVE-2022-3111 at SUSECVE-2022-3111 at NVDCVE-2022-3112 at SUSECVE-2022-3112 at NVDCVE-2022-3113 at SUSECVE-2022-3113 at NVDCVE-2022-3114 at SUSECVE-2022-3114 at NVDCVE-2022-3115 at SUSECVE-2022-3115 at NVDCVE-2022-3169 at SUSECVE-2022-3169 at NVDCVE-2022-3176 at SUSECVE-2022-3176 at NVDCVE-2022-3202 at SUSECVE-2022-3202 at NVDCVE-2022-32250 at SUSECVE-2022-32250 at NVDCVE-2022-32296 at SUSECVE-2022-32296 at NVDCVE-2022-3239 at SUSECVE-2022-3239 at NVDCVE-2022-3303 at SUSECVE-2022-3303 at NVDCVE-2022-3344 at SUSECVE-2022-3344 at NVDCVE-2022-33740 at SUSECVE-2022-33740 at NVDCVE-2022-33741 at SUSECVE-2022-33741 at NVDCVE-2022-33742 at SUSECVE-2022-33742 at NVDCVE-2022-33743 at SUSECVE-2022-33743 at NVDCVE-2022-33981 at SUSECVE-2022-33981 at NVDCVE-2022-3424 at SUSECVE-2022-3424 at NVDCVE-2022-3435 at SUSECVE-2022-3435 at NVDCVE-2022-34918 at SUSECVE-2022-34918 at NVDCVE-2022-3521 at SUSECVE-2022-3521 at NVDCVE-2022-3524 at SUSECVE-2022-3524 at NVDCVE-2022-3526 at SUSECVE-2022-3526 at NVDCVE-2022-3535 at SUSECVE-2022-3535 at NVDCVE-2022-3542 at SUSECVE-2022-3542 at NVDCVE-2022-3545 at SUSECVE-2022-3545 at NVDCVE-2022-3564 at SUSECVE-2022-3564 at NVDCVE-2022-3565 at SUSECVE-2022-3565 at NVDCVE-2022-3566 at SUSECVE-2022-3566 at NVDCVE-2022-3567 at SUSECVE-2022-3567 at NVDCVE-2022-3577 at SUSECVE-2022-3577 at NVDCVE-2022-3586 at SUSECVE-2022-3586 at NVDCVE-2022-3594 at SUSECVE-2022-3594 at NVDCVE-2022-3619 at SUSECVE-2022-3619 at NVDCVE-2022-3621 at SUSECVE-2022-3621 at NVDCVE-2022-3625 at SUSECVE-2022-3625 at NVDCVE-2022-3628 at SUSECVE-2022-3628 at NVDCVE-2022-36280 at SUSECVE-2022-36280 at NVDCVE-2022-3629 at SUSECVE-2022-3629 at NVDCVE-2022-3633 at SUSECVE-2022-3633 at NVDCVE-2022-3635 at SUSECVE-2022-3635 at NVDCVE-2022-3640 at SUSECVE-2022-3640 at NVDCVE-2022-3643 at SUSECVE-2022-3643 at NVDCVE-2022-3646 at SUSECVE-2022-3646 at NVDCVE-2022-3649 at SUSECVE-2022-3649 at NVDCVE-2022-36879 at SUSECVE-2022-36879 at NVDCVE-2022-36946 at SUSECVE-2022-36946 at NVDCVE-2022-3707 at SUSECVE-2022-3707 at NVDCVE-2022-3903 at SUSECVE-2022-3903 at NVDCVE-2022-39188 at SUSECVE-2022-39188 at NVDCVE-2022-39189 at SUSECVE-2022-39189 at NVDCVE-2022-39190 at SUSECVE-2022-39190 at NVDCVE-2022-40476 at SUSECVE-2022-40476 at NVDCVE-2022-40768 at SUSECVE-2022-40768 at NVDCVE-2022-4095 at SUSECVE-2022-4095 at NVDCVE-2022-41218 at SUSECVE-2022-41218 at NVDCVE-2022-4129 at SUSECVE-2022-4129 at NVDCVE-2022-4139 at SUSECVE-2022-4139 at NVDCVE-2022-41674 at SUSECVE-2022-41674 at NVDCVE-2022-41848 at SUSECVE-2022-41848 at NVDCVE-2022-41849 at SUSECVE-2022-41849 at NVDCVE-2022-41850 at SUSECVE-2022-41850 at NVDCVE-2022-41858 at SUSECVE-2022-41858 at NVDCVE-2022-42328 at SUSECVE-2022-42328 at NVDCVE-2022-42329 at SUSECVE-2022-42329 at NVDCVE-2022-42703 at SUSECVE-2022-42703 at NVDCVE-2022-42719 at SUSECVE-2022-42719 at NVDCVE-2022-42720 at SUSECVE-2022-42720 at NVDCVE-2022-42721 at SUSECVE-2022-42721 at NVDCVE-2022-42722 at SUSECVE-2022-42722 at NVDCVE-2022-42895 at SUSECVE-2022-42895 at NVDCVE-2022-42896 at SUSECVE-2022-42896 at NVDCVE-2022-43750 at SUSECVE-2022-43750 at NVDCVE-2022-4378 at SUSECVE-2022-4378 at NVDCVE-2022-4379 at SUSECVE-2022-4379 at NVDCVE-2022-4382 at SUSECVE-2022-4382 at NVDCVE-2022-43945 at SUSECVE-2022-43945 at NVDCVE-2022-45869 at SUSECVE-2022-45869 at NVDCVE-2022-45888 at SUSECVE-2022-45888 at NVDCVE-2022-45934 at SUSECVE-2022-45934 at NVDCVE-2022-4662 at SUSECVE-2022-4662 at NVDCVE-2022-47520 at SUSECVE-2022-47520 at NVDCVE-2022-47929 at SUSECVE-2022-47929 at NVDCVE-2023-0045 at SUSECVE-2023-0045 at NVDCVE-2023-0122 at SUSECVE-2023-0122 at NVDCVE-2023-0179 at SUSECVE-2023-0179 at NVDCVE-2023-0266 at SUSECVE-2023-0266 at NVDCVE-2023-0590 at SUSECVE-2023-0590 at NVDCVE-2023-23454 at SUSECVE-2023-23454 at NVDCVE-2023-23455 at SUSECVE-2023-23455 at NVDcpe:/o:suse:sle-micro:5.4kpartx-0.9.0+62+suse.3e048d4-150400.4.7.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the kpartx-0.9.0+62+suse.3e048d4-150400.4.7.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2022-41973 at SUSECVE-2022-41973 at NVDCVE-2022-41974 at SUSECVE-2022-41974 at NVDcpe:/o:suse:sle-micro:5.4krb5-1.19.2-150400.3.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the krb5-1.19.2-150400.3.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2014-5351 at SUSECVE-2014-5351 at NVDCVE-2014-5352 at SUSECVE-2014-5352 at NVDCVE-2014-5353 at SUSECVE-2014-5353 at NVDCVE-2014-5354 at SUSECVE-2014-5354 at NVDCVE-2014-5355 at SUSECVE-2014-5355 at NVDCVE-2014-9421 at SUSECVE-2014-9421 at NVDCVE-2014-9422 at SUSECVE-2014-9422 at NVDCVE-2014-9423 at SUSECVE-2014-9423 at NVDCVE-2015-2694 at SUSECVE-2015-2694 at NVDCVE-2015-2695 at SUSECVE-2015-2695 at NVDCVE-2015-2696 at SUSECVE-2015-2696 at NVDCVE-2015-2697 at SUSECVE-2015-2697 at NVDCVE-2015-2698 at SUSECVE-2015-2698 at NVDCVE-2015-8629 at SUSECVE-2015-8629 at NVDCVE-2015-8630 at SUSECVE-2015-8630 at NVDCVE-2015-8631 at SUSECVE-2015-8631 at NVDCVE-2016-3119 at SUSECVE-2016-3119 at NVDCVE-2016-3120 at SUSECVE-2016-3120 at NVDCVE-2017-11368 at SUSECVE-2017-11368 at NVDCVE-2017-11462 at SUSECVE-2017-11462 at NVDCVE-2018-20217 at SUSECVE-2018-20217 at NVDCVE-2018-5729 at SUSECVE-2018-5729 at NVDCVE-2018-5730 at SUSECVE-2018-5730 at NVDCVE-2020-28196 at SUSECVE-2020-28196 at NVDCVE-2021-36222 at SUSECVE-2021-36222 at NVDCVE-2021-37750 at SUSECVE-2021-37750 at NVDCVE-2022-42898 at SUSECVE-2022-42898 at NVDcpe:/o:suse:sle-micro:5.4kubevirt-manifests-0.54.0-150400.3.7.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the kubevirt-manifests-0.54.0-150400.3.7.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2021-43565 at SUSECVE-2021-43565 at NVDCVE-2022-1798 at SUSECVE-2022-1798 at NVDCVE-2022-1996 at SUSECVE-2022-1996 at NVDCVE-2022-29162 at SUSECVE-2022-29162 at NVDcpe:/o:suse:sle-micro:5.4less-590-150400.3.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the less-590-150400.3.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2014-9488 at SUSECVE-2014-9488 at NVDCVE-2022-46663 at SUSECVE-2022-46663 at NVDcpe:/o:suse:sle-micro:5.4libX11-6-1.6.5-150000.3.24.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libX11-6-1.6.5-150000.3.24.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2018-14598 at SUSECVE-2018-14598 at NVDCVE-2018-14599 at SUSECVE-2018-14599 at NVDCVE-2018-14600 at SUSECVE-2018-14600 at NVDCVE-2020-14344 at SUSECVE-2020-14344 at NVDCVE-2020-14363 at SUSECVE-2020-14363 at NVDCVE-2021-31535 at SUSECVE-2021-31535 at NVDCVE-2022-3554 at SUSECVE-2022-3554 at NVDCVE-2022-3555 at SUSECVE-2022-3555 at NVDcpe:/o:suse:sle-micro:5.4libXcursor1-1.1.15-1.18 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libXcursor1-1.1.15-1.18 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2013-2003 at SUSECVE-2013-2003 at NVDCVE-2017-16612 at SUSECVE-2017-16612 at NVDcpe:/o:suse:sle-micro:5.4libXext6-1.3.3-1.30 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libXext6-1.3.3-1.30 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2013-1982 at SUSECVE-2013-1982 at NVDcpe:/o:suse:sle-micro:5.4libXfixes3-6.0.0-150400.1.4 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libXfixes3-6.0.0-150400.1.4 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2013-1983 at SUSECVE-2013-1983 at NVDcpe:/o:suse:sle-micro:5.4libXi6-1.7.9-3.2.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libXi6-1.7.9-3.2.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2013-1984 at SUSECVE-2013-1984 at NVDCVE-2013-1995 at SUSECVE-2013-1995 at NVDCVE-2013-1998 at SUSECVE-2013-1998 at NVDcpe:/o:suse:sle-micro:5.4libXinerama1-1.1.3-1.22 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libXinerama1-1.1.3-1.22 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2013-1985 at SUSECVE-2013-1985 at NVDcpe:/o:suse:sle-micro:5.4libXrandr2-1.5.1-2.17 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libXrandr2-1.5.1-2.17 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2013-1986 at SUSECVE-2013-1986 at NVDCVE-2016-7947 at SUSECVE-2016-7947 at NVDCVE-2016-7948 at SUSECVE-2016-7948 at NVDcpe:/o:suse:sle-micro:5.4libXrender1-0.9.10-1.30 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libXrender1-0.9.10-1.30 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2013-1987 at SUSECVE-2013-1987 at NVDcpe:/o:suse:sle-micro:5.4libXtst6-1.2.3-1.24 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libXtst6-1.2.3-1.24 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2013-2063 at SUSECVE-2013-2063 at NVDcpe:/o:suse:sle-micro:5.4libXv1-1.0.11-1.23 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libXv1-1.0.11-1.23 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2013-1989 at SUSECVE-2013-1989 at NVDCVE-2013-2066 at SUSECVE-2013-2066 at NVDCVE-2016-5407 at SUSECVE-2016-5407 at NVDcpe:/o:suse:sle-micro:5.4libarchive13-3.5.1-150400.3.12.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libarchive13-3.5.1-150400.3.12.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2013-0211 at SUSECVE-2013-0211 at NVDCVE-2015-2304 at SUSECVE-2015-2304 at NVDCVE-2015-8917 at SUSECVE-2015-8917 at NVDCVE-2015-8928 at SUSECVE-2015-8928 at NVDCVE-2015-8933 at SUSECVE-2015-8933 at NVDCVE-2015-8934 at SUSECVE-2015-8934 at NVDCVE-2016-1541 at SUSECVE-2016-1541 at NVDCVE-2016-4300 at SUSECVE-2016-4300 at NVDCVE-2016-4301 at SUSECVE-2016-4301 at NVDCVE-2016-4809 at SUSECVE-2016-4809 at NVDCVE-2016-5418 at SUSECVE-2016-5418 at NVDCVE-2016-5844 at SUSECVE-2016-5844 at NVDCVE-2016-6250 at SUSECVE-2016-6250 at NVDCVE-2016-8687 at SUSECVE-2016-8687 at NVDCVE-2016-8688 at SUSECVE-2016-8688 at NVDCVE-2016-8689 at SUSECVE-2016-8689 at NVDCVE-2017-14166 at SUSECVE-2017-14166 at NVDCVE-2017-14501 at SUSECVE-2017-14501 at NVDCVE-2017-14502 at SUSECVE-2017-14502 at NVDCVE-2017-14503 at SUSECVE-2017-14503 at NVDCVE-2017-5601 at SUSECVE-2017-5601 at NVDCVE-2018-1000877 at SUSECVE-2018-1000877 at NVDCVE-2018-1000878 at SUSECVE-2018-1000878 at NVDCVE-2018-1000879 at SUSECVE-2018-1000879 at NVDCVE-2018-1000880 at SUSECVE-2018-1000880 at NVDCVE-2019-1000019 at SUSECVE-2019-1000019 at NVDCVE-2019-1000020 at SUSECVE-2019-1000020 at NVDCVE-2019-18408 at SUSECVE-2019-18408 at NVDCVE-2019-19221 at SUSECVE-2019-19221 at NVDCVE-2021-23177 at SUSECVE-2021-23177 at NVDCVE-2021-31566 at SUSECVE-2021-31566 at NVDCVE-2021-36976 at SUSECVE-2021-36976 at NVDCVE-2022-26280 at SUSECVE-2022-26280 at NVDCVE-2022-36227 at SUSECVE-2022-36227 at NVDcpe:/o:suse:sle-micro:5.4libaudit1-3.0.6-150400.2.13 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libaudit1-3.0.6-150400.2.13 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2015-5186 at SUSECVE-2015-5186 at NVDcpe:/o:suse:sle-micro:5.4libblkid1-2.37.2-150400.8.14.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libblkid1-2.37.2-150400.8.14.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2014-9114 at SUSECVE-2014-9114 at NVDCVE-2015-5218 at SUSECVE-2015-5218 at NVDCVE-2016-2779 at SUSECVE-2016-2779 at NVDCVE-2016-5011 at SUSECVE-2016-5011 at NVDCVE-2017-2616 at SUSECVE-2017-2616 at NVDCVE-2021-37600 at SUSECVE-2021-37600 at NVDCVE-2021-3995 at SUSECVE-2021-3995 at NVDCVE-2021-3996 at SUSECVE-2021-3996 at NVDcpe:/o:suse:sle-micro:5.4libbluetooth3-5.62-150400.4.8.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libbluetooth3-5.62-150400.4.8.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2016-9797 at SUSECVE-2016-9797 at NVDCVE-2016-9798 at SUSECVE-2016-9798 at NVDCVE-2016-9800 at SUSECVE-2016-9800 at NVDCVE-2016-9801 at SUSECVE-2016-9801 at NVDCVE-2016-9802 at SUSECVE-2016-9802 at NVDCVE-2016-9804 at SUSECVE-2016-9804 at NVDCVE-2016-9917 at SUSECVE-2016-9917 at NVDCVE-2016-9918 at SUSECVE-2016-9918 at NVDCVE-2020-26558 at SUSECVE-2020-26558 at NVDCVE-2021-0129 at SUSECVE-2021-0129 at NVDCVE-2021-3588 at SUSECVE-2021-3588 at NVDCVE-2022-0204 at SUSECVE-2022-0204 at NVDCVE-2022-3563 at SUSECVE-2022-3563 at NVDcpe:/o:suse:sle-micro:5.4libbrotlicommon1-1.0.7-3.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libbrotlicommon1-1.0.7-3.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2020-8927 at SUSECVE-2020-8927 at NVDcpe:/o:suse:sle-micro:5.4libbsd0-0.8.7-3.3.17 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libbsd0-0.8.7-3.3.17 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2019-20367 at SUSECVE-2019-20367 at NVDcpe:/o:suse:sle-micro:5.4libcairo-gobject2-1.16.0-150400.9.6 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libcairo-gobject2-1.16.0-150400.9.6 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2016-9082 at SUSECVE-2016-9082 at NVDCVE-2017-7475 at SUSECVE-2017-7475 at NVDCVE-2017-9814 at SUSECVE-2017-9814 at NVDcpe:/o:suse:sle-micro:5.4libcares2-1.19.0-150000.3.20.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libcares2-1.19.0-150000.3.20.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2016-5180 at SUSECVE-2016-5180 at NVDCVE-2017-1000381 at SUSECVE-2017-1000381 at NVDCVE-2020-8277 at SUSECVE-2020-8277 at NVDCVE-2021-3672 at SUSECVE-2021-3672 at NVDCVE-2022-4904 at SUSECVE-2022-4904 at NVDcpe:/o:suse:sle-micro:5.4libcolord2-1.4.5-150400.4.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libcolord2-1.4.5-150400.4.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2021-42523 at SUSECVE-2021-42523 at NVDcpe:/o:suse:sle-micro:5.4libcontainers-common-20210626-150400.1.3 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libcontainers-common-20210626-150400.1.3 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2018-15664 at SUSECVE-2018-15664 at NVDCVE-2019-10152 at SUSECVE-2019-10152 at NVDCVE-2020-14370 at SUSECVE-2020-14370 at NVDCVE-2020-15157 at SUSECVE-2020-15157 at NVDCVE-2021-20199 at SUSECVE-2021-20199 at NVDCVE-2021-20291 at SUSECVE-2021-20291 at NVDCVE-2021-3602 at SUSECVE-2021-3602 at NVDcpe:/o:suse:sle-micro:5.4libekmfweb1-2.19.0-150400.7.15.2 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libekmfweb1-2.19.0-150400.7.15.2 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2021-25316 at SUSECVE-2021-25316 at NVDcpe:/o:suse:sle-micro:5.4libevent-2_1-8-2.1.8-2.23 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libevent-2_1-8-2.1.8-2.23 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2014-6272 at SUSECVE-2014-6272 at NVDcpe:/o:suse:sle-micro:5.4libexpat1-2.4.4-150400.3.12.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libexpat1-2.4.4-150400.3.12.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2012-0876 at SUSECVE-2012-0876 at NVDCVE-2012-6702 at SUSECVE-2012-6702 at NVDCVE-2013-0340 at SUSECVE-2013-0340 at NVDCVE-2015-1283 at SUSECVE-2015-1283 at NVDCVE-2016-0718 at SUSECVE-2016-0718 at NVDCVE-2016-4472 at SUSECVE-2016-4472 at NVDCVE-2016-5300 at SUSECVE-2016-5300 at NVDCVE-2016-9063 at SUSECVE-2016-9063 at NVDCVE-2017-9233 at SUSECVE-2017-9233 at NVDCVE-2018-20843 at SUSECVE-2018-20843 at NVDCVE-2019-15903 at SUSECVE-2019-15903 at NVDCVE-2021-45960 at SUSECVE-2021-45960 at NVDCVE-2021-46143 at SUSECVE-2021-46143 at NVDCVE-2022-22822 at SUSECVE-2022-22822 at NVDCVE-2022-22823 at SUSECVE-2022-22823 at NVDCVE-2022-22824 at SUSECVE-2022-22824 at NVDCVE-2022-22825 at SUSECVE-2022-22825 at NVDCVE-2022-22826 at SUSECVE-2022-22826 at NVDCVE-2022-22827 at SUSECVE-2022-22827 at NVDCVE-2022-23852 at SUSECVE-2022-23852 at NVDCVE-2022-23990 at SUSECVE-2022-23990 at NVDCVE-2022-25235 at SUSECVE-2022-25235 at NVDCVE-2022-25236 at SUSECVE-2022-25236 at NVDCVE-2022-25313 at SUSECVE-2022-25313 at NVDCVE-2022-25314 at SUSECVE-2022-25314 at NVDCVE-2022-25315 at SUSECVE-2022-25315 at NVDCVE-2022-40674 at SUSECVE-2022-40674 at NVDCVE-2022-43680 at SUSECVE-2022-43680 at NVDcpe:/o:suse:sle-micro:5.4libfreebl3-3.79.4-150400.3.26.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libfreebl3-3.79.4-150400.3.26.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2014-1569 at SUSECVE-2014-1569 at NVDCVE-2015-2721 at SUSECVE-2015-2721 at NVDCVE-2015-4000 at SUSECVE-2015-4000 at NVDCVE-2015-7181 at SUSECVE-2015-7181 at NVDCVE-2015-7182 at SUSECVE-2015-7182 at NVDCVE-2015-7575 at SUSECVE-2015-7575 at NVDCVE-2016-1950 at SUSECVE-2016-1950 at NVDCVE-2016-1979 at SUSECVE-2016-1979 at NVDCVE-2016-2834 at SUSECVE-2016-2834 at NVDCVE-2018-0495 at SUSECVE-2018-0495 at NVDCVE-2018-12384 at SUSECVE-2018-12384 at NVDCVE-2018-12404 at SUSECVE-2018-12404 at NVDCVE-2018-18508 at SUSECVE-2018-18508 at NVDCVE-2019-11745 at SUSECVE-2019-11745 at NVDCVE-2019-17006 at SUSECVE-2019-17006 at NVDCVE-2020-12399 at SUSECVE-2020-12399 at NVDCVE-2020-12400 at SUSECVE-2020-12400 at NVDCVE-2020-12401 at SUSECVE-2020-12401 at NVDCVE-2020-12402 at SUSECVE-2020-12402 at NVDCVE-2020-12403 at SUSECVE-2020-12403 at NVDCVE-2020-25648 at SUSECVE-2020-25648 at NVDCVE-2020-6829 at SUSECVE-2020-6829 at NVDCVE-2021-43527 at SUSECVE-2021-43527 at NVDCVE-2022-1097 at SUSECVE-2022-1097 at NVDCVE-2022-23491 at SUSECVE-2022-23491 at NVDCVE-2022-3479 at SUSECVE-2022-3479 at NVDCVE-2023-0767 at SUSECVE-2023-0767 at NVDcpe:/o:suse:sle-micro:5.4libfreetype6-2.10.4-150000.4.12.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libfreetype6-2.10.4-150000.4.12.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2014-2240 at SUSECVE-2014-2240 at NVDCVE-2014-9656 at SUSECVE-2014-9656 at NVDCVE-2014-9657 at SUSECVE-2014-9657 at NVDCVE-2014-9658 at SUSECVE-2014-9658 at NVDCVE-2014-9659 at SUSECVE-2014-9659 at NVDCVE-2014-9660 at SUSECVE-2014-9660 at NVDCVE-2014-9661 at SUSECVE-2014-9661 at NVDCVE-2014-9662 at SUSECVE-2014-9662 at NVDCVE-2014-9663 at SUSECVE-2014-9663 at NVDCVE-2014-9664 at SUSECVE-2014-9664 at NVDCVE-2014-9665 at SUSECVE-2014-9665 at NVDCVE-2014-9666 at SUSECVE-2014-9666 at NVDCVE-2014-9667 at SUSECVE-2014-9667 at NVDCVE-2014-9668 at SUSECVE-2014-9668 at NVDCVE-2014-9669 at SUSECVE-2014-9669 at NVDCVE-2014-9670 at SUSECVE-2014-9670 at NVDCVE-2014-9671 at SUSECVE-2014-9671 at NVDCVE-2014-9672 at SUSECVE-2014-9672 at NVDCVE-2014-9673 at SUSECVE-2014-9673 at NVDCVE-2014-9674 at SUSECVE-2014-9674 at NVDCVE-2014-9675 at SUSECVE-2014-9675 at NVDCVE-2017-8105 at SUSECVE-2017-8105 at NVDCVE-2017-8287 at SUSECVE-2017-8287 at NVDCVE-2018-6942 at SUSECVE-2018-6942 at NVDCVE-2020-15999 at SUSECVE-2020-15999 at NVDCVE-2022-27404 at SUSECVE-2022-27404 at NVDCVE-2022-27405 at SUSECVE-2022-27405 at NVDCVE-2022-27406 at SUSECVE-2022-27406 at NVDcpe:/o:suse:sle-micro:5.4libfribidi0-1.0.10-150400.3.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libfribidi0-1.0.10-150400.3.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2019-18397 at SUSECVE-2019-18397 at NVDCVE-2022-25308 at SUSECVE-2022-25308 at NVDCVE-2022-25309 at SUSECVE-2022-25309 at NVDCVE-2022-25310 at SUSECVE-2022-25310 at NVDcpe:/o:suse:sle-micro:5.4libgbm1-21.2.4-150400.68.9.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libgbm1-21.2.4-150400.68.9.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2019-5068 at SUSECVE-2019-5068 at NVDcpe:/o:suse:sle-micro:5.4libgcrypt20-1.9.4-150400.6.5.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libgcrypt20-1.9.4-150400.6.5.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2014-3591 at SUSECVE-2014-3591 at NVDCVE-2015-0837 at SUSECVE-2015-0837 at NVDCVE-2015-5738 at SUSECVE-2015-5738 at NVDCVE-2015-7511 at SUSECVE-2015-7511 at NVDCVE-2016-6313 at SUSECVE-2016-6313 at NVDCVE-2017-0379 at SUSECVE-2017-0379 at NVDCVE-2017-7526 at SUSECVE-2017-7526 at NVDCVE-2018-0495 at SUSECVE-2018-0495 at NVDCVE-2019-12904 at SUSECVE-2019-12904 at NVDCVE-2019-13627 at SUSECVE-2019-13627 at NVDCVE-2021-3345 at SUSECVE-2021-3345 at NVDCVE-2021-33560 at SUSECVE-2021-33560 at NVDcpe:/o:suse:sle-micro:5.4libgmp10-6.1.2-4.9.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libgmp10-6.1.2-4.9.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2021-43618 at SUSECVE-2021-43618 at NVDcpe:/o:suse:sle-micro:5.4libgraphite2-3-1.3.11-150000.4.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libgraphite2-3-1.3.11-150000.4.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2016-1521 at SUSECVE-2016-1521 at NVDCVE-2017-5436 at SUSECVE-2017-5436 at NVDCVE-2018-7999 at SUSECVE-2018-7999 at NVDcpe:/o:suse:sle-micro:5.4libharfbuzz-gobject0-3.4.0-150400.3.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libharfbuzz-gobject0-3.4.0-150400.3.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2022-33068 at SUSECVE-2022-33068 at NVDcpe:/o:suse:sle-micro:5.4libhivex0-1.3.21-150400.2.10 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libhivex0-1.3.21-150400.2.10 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2021-3504 at SUSECVE-2021-3504 at NVDCVE-2021-3622 at SUSECVE-2021-3622 at NVDcpe:/o:suse:sle-micro:5.4libhogweed6-3.7.3-150400.2.21 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libhogweed6-3.7.3-150400.2.21 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2015-8803 at SUSECVE-2015-8803 at NVDCVE-2015-8804 at SUSECVE-2015-8804 at NVDCVE-2015-8805 at SUSECVE-2015-8805 at NVDCVE-2016-6489 at SUSECVE-2016-6489 at NVDCVE-2018-16869 at SUSECVE-2018-16869 at NVDCVE-2021-20305 at SUSECVE-2021-20305 at NVDCVE-2021-3580 at SUSECVE-2021-3580 at NVDcpe:/o:suse:sle-micro:5.4libicu-suse65_1-65.1-150200.4.5.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libicu-suse65_1-65.1-150200.4.5.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2020-21913 at SUSECVE-2020-21913 at NVDcpe:/o:suse:sle-micro:5.4libidn2-0-2.2.0-3.6.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libidn2-0-2.2.0-3.6.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2015-2059 at SUSECVE-2015-2059 at NVDCVE-2015-8948 at SUSECVE-2015-8948 at NVDCVE-2016-6261 at SUSECVE-2016-6261 at NVDCVE-2016-6262 at SUSECVE-2016-6262 at NVDCVE-2016-6263 at SUSECVE-2016-6263 at NVDCVE-2019-12290 at SUSECVE-2019-12290 at NVDCVE-2019-18224 at SUSECVE-2019-18224 at NVDcpe:/o:suse:sle-micro:5.4libjansson4-2.9-1.24 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libjansson4-2.9-1.24 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2013-6401 at SUSECVE-2013-6401 at NVDcpe:/o:suse:sle-micro:5.4libjbig2-2.1-3.2.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libjbig2-2.1-3.2.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2013-6369 at SUSECVE-2013-6369 at NVDcpe:/o:suse:sle-micro:5.4libjpeg8-8.2.2-150400.15.9 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libjpeg8-8.2.2-150400.15.9 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2014-9092 at SUSECVE-2014-9092 at NVDCVE-2017-15232 at SUSECVE-2017-15232 at NVDCVE-2018-1152 at SUSECVE-2018-1152 at NVDCVE-2018-11813 at SUSECVE-2018-11813 at NVDCVE-2018-14498 at SUSECVE-2018-14498 at NVDCVE-2018-19644 at SUSECVE-2018-19644 at NVDCVE-2018-19664 at SUSECVE-2018-19664 at NVDCVE-2018-20330 at SUSECVE-2018-20330 at NVDCVE-2019-2201 at SUSECVE-2019-2201 at NVDCVE-2020-13790 at SUSECVE-2020-13790 at NVDCVE-2020-17541 at SUSECVE-2020-17541 at NVDcpe:/o:suse:sle-micro:5.4libjson-c3-0.13-3.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libjson-c3-0.13-3.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2013-6370 at SUSECVE-2013-6370 at NVDCVE-2013-6371 at SUSECVE-2013-6371 at NVDCVE-2020-12762 at SUSECVE-2020-12762 at NVDcpe:/o:suse:sle-micro:5.4libksba8-1.3.5-150000.4.6.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libksba8-1.3.5-150000.4.6.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2014-9087 at SUSECVE-2014-9087 at NVDCVE-2016-4574 at SUSECVE-2016-4574 at NVDCVE-2016-4579 at SUSECVE-2016-4579 at NVDCVE-2022-3515 at SUSECVE-2022-3515 at NVDCVE-2022-47629 at SUSECVE-2022-47629 at NVDcpe:/o:suse:sle-micro:5.4liblcms2-2-2.12-150400.1.10 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the liblcms2-2-2.12-150400.1.10 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2018-16435 at SUSECVE-2018-16435 at NVDcpe:/o:suse:sle-micro:5.4libldap-2_4-2-2.4.46-150200.14.11.2 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libldap-2_4-2-2.4.46-150200.14.11.2 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2015-1545 at SUSECVE-2015-1545 at NVDCVE-2015-1546 at SUSECVE-2015-1546 at NVDCVE-2015-6908 at SUSECVE-2015-6908 at NVDCVE-2017-17740 at SUSECVE-2017-17740 at NVDCVE-2019-13057 at SUSECVE-2019-13057 at NVDCVE-2019-13565 at SUSECVE-2019-13565 at NVDCVE-2020-12243 at SUSECVE-2020-12243 at NVDCVE-2020-15719 at SUSECVE-2020-15719 at NVDCVE-2020-25692 at SUSECVE-2020-25692 at NVDCVE-2020-25709 at SUSECVE-2020-25709 at NVDCVE-2020-25710 at SUSECVE-2020-25710 at NVDCVE-2020-36221 at SUSECVE-2020-36221 at NVDCVE-2020-36222 at SUSECVE-2020-36222 at NVDCVE-2020-36223 at SUSECVE-2020-36223 at NVDCVE-2020-36224 at SUSECVE-2020-36224 at NVDCVE-2020-36225 at SUSECVE-2020-36225 at NVDCVE-2020-36226 at SUSECVE-2020-36226 at NVDCVE-2020-36227 at SUSECVE-2020-36227 at NVDCVE-2020-36228 at SUSECVE-2020-36228 at NVDCVE-2020-36229 at SUSECVE-2020-36229 at NVDCVE-2020-36230 at SUSECVE-2020-36230 at NVDCVE-2020-8023 at SUSECVE-2020-8023 at NVDCVE-2020-8027 at SUSECVE-2020-8027 at NVDCVE-2021-27212 at SUSECVE-2021-27212 at NVDCVE-2022-29155 at SUSECVE-2022-29155 at NVDcpe:/o:suse:sle-micro:5.4libldb2-2.4.3-150400.4.8.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libldb2-2.4.3-150400.4.8.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2015-3223 at SUSECVE-2015-3223 at NVDCVE-2015-5330 at SUSECVE-2015-5330 at NVDCVE-2018-1140 at SUSECVE-2018-1140 at NVDCVE-2019-3824 at SUSECVE-2019-3824 at NVDCVE-2020-10700 at SUSECVE-2020-10700 at NVDCVE-2020-10730 at SUSECVE-2020-10730 at NVDCVE-2020-27840 at SUSECVE-2020-27840 at NVDCVE-2021-20277 at SUSECVE-2021-20277 at NVDCVE-2021-3670 at SUSECVE-2021-3670 at NVDCVE-2022-2031 at SUSECVE-2022-2031 at NVDCVE-2022-32744 at SUSECVE-2022-32744 at NVDCVE-2022-32745 at SUSECVE-2022-32745 at NVDcpe:/o:suse:sle-micro:5.4liblua5_3-5-5.3.6-3.6.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the liblua5_3-5-5.3.6-3.6.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2019-6706 at SUSECVE-2019-6706 at NVDCVE-2020-24370 at SUSECVE-2020-24370 at NVDCVE-2020-24371 at SUSECVE-2020-24371 at NVDcpe:/o:suse:sle-micro:5.4liblz4-1-1.9.3-150400.1.7 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the liblz4-1-1.9.3-150400.1.7 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2019-17543 at SUSECVE-2019-17543 at NVDCVE-2021-3520 at SUSECVE-2021-3520 at NVDcpe:/o:suse:sle-micro:5.4liblzo2-2-2.10-2.22 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the liblzo2-2-2.10-2.22 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2014-4607 at SUSECVE-2014-4607 at NVDcpe:/o:suse:sle-micro:5.4libmicrohttpd12-0.9.57-1.33 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libmicrohttpd12-0.9.57-1.33 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2013-7038 at SUSECVE-2013-7038 at NVDCVE-2013-7039 at SUSECVE-2013-7039 at NVDcpe:/o:suse:sle-micro:5.4libmpfr6-4.0.2-3.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libmpfr6-4.0.2-3.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2014-9474 at SUSECVE-2014-9474 at NVDcpe:/o:suse:sle-micro:5.4libmspack0-0.6-3.14.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libmspack0-0.6-3.14.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2014-9556 at SUSECVE-2014-9556 at NVDCVE-2017-11423 at SUSECVE-2017-11423 at NVDCVE-2017-6419 at SUSECVE-2017-6419 at NVDCVE-2018-14679 at SUSECVE-2018-14679 at NVDCVE-2018-14681 at SUSECVE-2018-14681 at NVDCVE-2018-14682 at SUSECVE-2018-14682 at NVDCVE-2018-18584 at SUSECVE-2018-18584 at NVDCVE-2018-18585 at SUSECVE-2018-18585 at NVDCVE-2018-18586 at SUSECVE-2018-18586 at NVDCVE-2019-1010305 at SUSECVE-2019-1010305 at NVDcpe:/o:suse:sle-micro:5.4libncurses6-6.1-150000.5.12.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libncurses6-6.1-150000.5.12.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2018-19211 at SUSECVE-2018-19211 at NVDCVE-2019-17594 at SUSECVE-2019-17594 at NVDCVE-2019-17595 at SUSECVE-2019-17595 at NVDCVE-2021-39537 at SUSECVE-2021-39537 at NVDCVE-2022-29458 at SUSECVE-2022-29458 at NVDcpe:/o:suse:sle-micro:5.4libndp0-1.6-1.26 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libndp0-1.6-1.26 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2016-3698 at SUSECVE-2016-3698 at NVDcpe:/o:suse:sle-micro:5.4libnewt0_52-0.52.20-5.35 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libnewt0_52-0.52.20-5.35 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2009-2905 at SUSECVE-2009-2905 at NVDcpe:/o:suse:sle-micro:5.4libnghttp2-14-1.40.0-6.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libnghttp2-14-1.40.0-6.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2016-1544 at SUSECVE-2016-1544 at NVDCVE-2018-1000168 at SUSECVE-2018-1000168 at NVDCVE-2019-18802 at SUSECVE-2019-18802 at NVDCVE-2019-9511 at SUSECVE-2019-9511 at NVDCVE-2019-9513 at SUSECVE-2019-9513 at NVDCVE-2020-11080 at SUSECVE-2020-11080 at NVDcpe:/o:suse:sle-micro:5.4libonig4-6.7.0-150000.3.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libonig4-6.7.0-150000.3.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2019-13224 at SUSECVE-2019-13224 at NVDCVE-2019-16163 at SUSECVE-2019-16163 at NVDCVE-2019-19203 at SUSECVE-2019-19203 at NVDCVE-2019-19204 at SUSECVE-2019-19204 at NVDCVE-2019-19246 at SUSECVE-2019-19246 at NVDCVE-2020-26159 at SUSECVE-2020-26159 at NVDcpe:/o:suse:sle-micro:5.4libopenssl-1_1-devel-1.1.1l-150400.7.25.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libopenssl-1_1-devel-1.1.1l-150400.7.25.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2002-20001 at SUSECVE-2002-20001 at NVDCVE-2014-3513 at SUSECVE-2014-3513 at NVDCVE-2014-3567 at SUSECVE-2014-3567 at NVDCVE-2014-3568 at SUSECVE-2014-3568 at NVDCVE-2014-3569 at SUSECVE-2014-3569 at NVDCVE-2014-3570 at SUSECVE-2014-3570 at NVDCVE-2014-3571 at SUSECVE-2014-3571 at NVDCVE-2014-3572 at SUSECVE-2014-3572 at NVDCVE-2014-8275 at SUSECVE-2014-8275 at NVDCVE-2015-0204 at SUSECVE-2015-0204 at NVDCVE-2015-0205 at SUSECVE-2015-0205 at NVDCVE-2015-0206 at SUSECVE-2015-0206 at NVDCVE-2015-0209 at SUSECVE-2015-0209 at NVDCVE-2015-0286 at SUSECVE-2015-0286 at NVDCVE-2015-0287 at SUSECVE-2015-0287 at NVDCVE-2015-0288 at SUSECVE-2015-0288 at NVDCVE-2015-0289 at SUSECVE-2015-0289 at NVDCVE-2015-0293 at SUSECVE-2015-0293 at NVDCVE-2015-1788 at SUSECVE-2015-1788 at NVDCVE-2015-1789 at SUSECVE-2015-1789 at NVDCVE-2015-1790 at SUSECVE-2015-1790 at NVDCVE-2015-1791 at SUSECVE-2015-1791 at NVDCVE-2015-1792 at SUSECVE-2015-1792 at NVDCVE-2015-1793 at SUSECVE-2015-1793 at NVDCVE-2015-1794 at SUSECVE-2015-1794 at NVDCVE-2015-3193 at SUSECVE-2015-3193 at NVDCVE-2015-3194 at SUSECVE-2015-3194 at NVDCVE-2015-3195 at SUSECVE-2015-3195 at NVDCVE-2015-3196 at SUSECVE-2015-3196 at NVDCVE-2015-3197 at SUSECVE-2015-3197 at NVDCVE-2016-0701 at SUSECVE-2016-0701 at NVDCVE-2016-0702 at SUSECVE-2016-0702 at NVDCVE-2016-0705 at SUSECVE-2016-0705 at NVDCVE-2016-0797 at SUSECVE-2016-0797 at NVDCVE-2016-0798 at SUSECVE-2016-0798 at NVDCVE-2016-0800 at SUSECVE-2016-0800 at NVDCVE-2016-2105 at SUSECVE-2016-2105 at NVDCVE-2016-2106 at SUSECVE-2016-2106 at NVDCVE-2016-2107 at SUSECVE-2016-2107 at NVDCVE-2016-2109 at SUSECVE-2016-2109 at NVDCVE-2016-2176 at SUSECVE-2016-2176 at NVDCVE-2016-2177 at SUSECVE-2016-2177 at NVDCVE-2016-2178 at SUSECVE-2016-2178 at NVDCVE-2016-2179 at SUSECVE-2016-2179 at NVDCVE-2016-2180 at SUSECVE-2016-2180 at NVDCVE-2016-2181 at SUSECVE-2016-2181 at NVDCVE-2016-2182 at SUSECVE-2016-2182 at NVDCVE-2016-2183 at SUSECVE-2016-2183 at NVDCVE-2016-6302 at SUSECVE-2016-6302 at NVDCVE-2016-6303 at SUSECVE-2016-6303 at NVDCVE-2016-6304 at SUSECVE-2016-6304 at NVDCVE-2016-6306 at SUSECVE-2016-6306 at NVDCVE-2016-7052 at SUSECVE-2016-7052 at NVDCVE-2016-7055 at SUSECVE-2016-7055 at NVDCVE-2016-7056 at SUSECVE-2016-7056 at NVDCVE-2017-3731 at SUSECVE-2017-3731 at NVDCVE-2017-3732 at SUSECVE-2017-3732 at NVDCVE-2017-3735 at SUSECVE-2017-3735 at NVDCVE-2017-3736 at SUSECVE-2017-3736 at NVDCVE-2017-3738 at SUSECVE-2017-3738 at NVDCVE-2018-0732 at SUSECVE-2018-0732 at NVDCVE-2018-0734 at SUSECVE-2018-0734 at NVDCVE-2018-0735 at SUSECVE-2018-0735 at NVDCVE-2018-0737 at SUSECVE-2018-0737 at NVDCVE-2018-0739 at SUSECVE-2018-0739 at NVDCVE-2019-1543 at SUSECVE-2019-1543 at NVDCVE-2019-1547 at SUSECVE-2019-1547 at NVDCVE-2019-1549 at SUSECVE-2019-1549 at NVDCVE-2019-1551 at SUSECVE-2019-1551 at NVDCVE-2019-1563 at SUSECVE-2019-1563 at NVDCVE-2020-1967 at SUSECVE-2020-1967 at NVDCVE-2020-1971 at SUSECVE-2020-1971 at NVDCVE-2021-23840 at SUSECVE-2021-23840 at NVDCVE-2021-23841 at SUSECVE-2021-23841 at NVDCVE-2021-3449 at SUSECVE-2021-3449 at NVDCVE-2021-3450 at SUSECVE-2021-3450 at NVDCVE-2021-3711 at SUSECVE-2021-3711 at NVDCVE-2021-3712 at SUSECVE-2021-3712 at NVDCVE-2022-0778 at SUSECVE-2022-0778 at NVDCVE-2022-1292 at SUSECVE-2022-1292 at NVDCVE-2022-2068 at SUSECVE-2022-2068 at NVDCVE-2022-2097 at SUSECVE-2022-2097 at NVDCVE-2022-4304 at SUSECVE-2022-4304 at NVDCVE-2022-4450 at SUSECVE-2022-4450 at NVDCVE-2023-0215 at SUSECVE-2023-0215 at NVDCVE-2023-0286 at SUSECVE-2023-0286 at NVDcpe:/o:suse:sle-micro:5.4libopus0-1.3.1-150000.3.8.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libopus0-1.3.1-150000.3.8.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2017-0381 at SUSECVE-2017-0381 at NVDcpe:/o:suse:sle-micro:5.4libosinfo-1.7.1-150400.8.6 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libosinfo-1.7.1-150400.8.6 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2019-13313 at SUSECVE-2019-13313 at NVDcpe:/o:suse:sle-micro:5.4libp11-kit0-0.23.22-150400.1.10 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libp11-kit0-0.23.22-150400.1.10 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2020-29361 at SUSECVE-2020-29361 at NVDCVE-2020-29362 at SUSECVE-2020-29362 at NVDCVE-2020-29363 at SUSECVE-2020-29363 at NVDcpe:/o:suse:sle-micro:5.4libpango-1_0-0-1.50.4-150400.1.5 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libpango-1_0-0-1.50.4-150400.1.5 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2018-15120 at SUSECVE-2018-15120 at NVDcpe:/o:suse:sle-micro:5.4libpcap1-1.10.1-150400.1.7 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libpcap1-1.10.1-150400.1.7 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2018-16301 at SUSECVE-2018-16301 at NVDCVE-2019-15161 at SUSECVE-2019-15161 at NVDCVE-2019-15162 at SUSECVE-2019-15162 at NVDCVE-2019-15163 at SUSECVE-2019-15163 at NVDCVE-2019-15164 at SUSECVE-2019-15164 at NVDCVE-2019-15165 at SUSECVE-2019-15165 at NVDcpe:/o:suse:sle-micro:5.4libpcre1-8.45-150000.20.13.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libpcre1-8.45-150000.20.13.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2014-8964 at SUSECVE-2014-8964 at NVDCVE-2015-2325 at SUSECVE-2015-2325 at NVDCVE-2015-2326 at SUSECVE-2015-2326 at NVDCVE-2015-3217 at SUSECVE-2015-3217 at NVDCVE-2016-1283 at SUSECVE-2016-1283 at NVDCVE-2016-3191 at SUSECVE-2016-3191 at NVDCVE-2017-6004 at SUSECVE-2017-6004 at NVDCVE-2017-7186 at SUSECVE-2017-7186 at NVDCVE-2017-7244 at SUSECVE-2017-7244 at NVDCVE-2017-7245 at SUSECVE-2017-7245 at NVDCVE-2017-7246 at SUSECVE-2017-7246 at NVDCVE-2019-20838 at SUSECVE-2019-20838 at NVDCVE-2020-14155 at SUSECVE-2020-14155 at NVDCVE-2022-1586 at SUSECVE-2022-1586 at NVDcpe:/o:suse:sle-micro:5.4libpcre2-8-0-10.39-150400.4.6.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libpcre2-8-0-10.39-150400.4.6.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2014-8964 at SUSECVE-2014-8964 at NVDCVE-2015-2325 at SUSECVE-2015-2325 at NVDCVE-2015-2326 at SUSECVE-2015-2326 at NVDCVE-2016-3191 at SUSECVE-2016-3191 at NVDCVE-2017-7186 at SUSECVE-2017-7186 at NVDCVE-2017-8786 at SUSECVE-2017-8786 at NVDCVE-2022-1586 at SUSECVE-2022-1586 at NVDCVE-2022-1587 at SUSECVE-2022-1587 at NVDcpe:/o:suse:sle-micro:5.4libpcsclite1-1.9.4-150400.1.9 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libpcsclite1-1.9.4-150400.1.9 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2016-10109 at SUSECVE-2016-10109 at NVDcpe:/o:suse:sle-micro:5.4libpixman-1-0-0.40.0-150400.3.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libpixman-1-0-0.40.0-150400.3.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2022-44638 at SUSECVE-2022-44638 at NVDcpe:/o:suse:sle-micro:5.4libpng16-16-1.6.34-3.9.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libpng16-16-1.6.34-3.9.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2015-8126 at SUSECVE-2015-8126 at NVDCVE-2016-10087 at SUSECVE-2016-10087 at NVDCVE-2016-5735 at SUSECVE-2016-5735 at NVDCVE-2017-12652 at SUSECVE-2017-12652 at NVDCVE-2018-13785 at SUSECVE-2018-13785 at NVDCVE-2019-7317 at SUSECVE-2019-7317 at NVDcpe:/o:suse:sle-micro:5.4libpolkit0-0.116-3.9.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libpolkit0-0.116-3.9.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2015-3218 at SUSECVE-2015-3218 at NVDCVE-2015-3255 at SUSECVE-2015-3255 at NVDCVE-2015-3256 at SUSECVE-2015-3256 at NVDCVE-2015-4625 at SUSECVE-2015-4625 at NVDCVE-2018-1116 at SUSECVE-2018-1116 at NVDCVE-2018-19788 at SUSECVE-2018-19788 at NVDCVE-2019-6133 at SUSECVE-2019-6133 at NVDCVE-2021-3560 at SUSECVE-2021-3560 at NVDCVE-2021-4034 at SUSECVE-2021-4034 at NVDCVE-2021-4115 at SUSECVE-2021-4115 at NVDcpe:/o:suse:sle-micro:5.4libprocps7-3.3.15-150000.7.28.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libprocps7-3.3.15-150000.7.28.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2018-1122 at SUSECVE-2018-1122 at NVDCVE-2018-1123 at SUSECVE-2018-1123 at NVDCVE-2018-1124 at SUSECVE-2018-1124 at NVDCVE-2018-1125 at SUSECVE-2018-1125 at NVDCVE-2018-1126 at SUSECVE-2018-1126 at NVDcpe:/o:suse:sle-micro:5.4libprotobuf-lite20-3.9.2-150200.4.19.2 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libprotobuf-lite20-3.9.2-150200.4.19.2 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2021-22569 at SUSECVE-2021-22569 at NVDCVE-2021-22570 at SUSECVE-2021-22570 at NVDCVE-2022-1941 at SUSECVE-2022-1941 at NVDCVE-2022-3171 at SUSECVE-2022-3171 at NVDcpe:/o:suse:sle-micro:5.4libproxy1-0.4.17-150400.1.8 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libproxy1-0.4.17-150400.1.8 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2020-25219 at SUSECVE-2020-25219 at NVDCVE-2020-26154 at SUSECVE-2020-26154 at NVDcpe:/o:suse:sle-micro:5.4libpython3_6m1_0-3.6.15-150300.10.40.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libpython3_6m1_0-3.6.15-150300.10.40.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2014-4650 at SUSECVE-2014-4650 at NVDCVE-2015-20107 at SUSECVE-2015-20107 at NVDCVE-2016-0772 at SUSECVE-2016-0772 at NVDCVE-2016-1000110 at SUSECVE-2016-1000110 at NVDCVE-2016-5636 at SUSECVE-2016-5636 at NVDCVE-2016-5699 at SUSECVE-2016-5699 at NVDCVE-2017-18207 at SUSECVE-2017-18207 at NVDCVE-2018-1000802 at SUSECVE-2018-1000802 at NVDCVE-2018-1060 at SUSECVE-2018-1060 at NVDCVE-2018-1061 at SUSECVE-2018-1061 at NVDCVE-2018-14647 at SUSECVE-2018-14647 at NVDCVE-2018-20406 at SUSECVE-2018-20406 at NVDCVE-2018-20852 at SUSECVE-2018-20852 at NVDCVE-2019-10160 at SUSECVE-2019-10160 at NVDCVE-2019-15903 at SUSECVE-2019-15903 at NVDCVE-2019-16056 at SUSECVE-2019-16056 at NVDCVE-2019-16935 at SUSECVE-2019-16935 at NVDCVE-2019-18348 at SUSECVE-2019-18348 at NVDCVE-2019-20907 at SUSECVE-2019-20907 at NVDCVE-2019-20916 at SUSECVE-2019-20916 at NVDCVE-2019-5010 at SUSECVE-2019-5010 at NVDCVE-2019-9636 at SUSECVE-2019-9636 at NVDCVE-2019-9674 at SUSECVE-2019-9674 at NVDCVE-2019-9947 at SUSECVE-2019-9947 at NVDCVE-2020-10735 at SUSECVE-2020-10735 at NVDCVE-2020-14422 at SUSECVE-2020-14422 at NVDCVE-2020-26116 at SUSECVE-2020-26116 at NVDCVE-2020-27619 at SUSECVE-2020-27619 at NVDCVE-2020-8492 at SUSECVE-2020-8492 at NVDCVE-2021-23336 at SUSECVE-2021-23336 at NVDCVE-2021-28861 at SUSECVE-2021-28861 at NVDCVE-2021-3177 at SUSECVE-2021-3177 at NVDCVE-2021-3426 at SUSECVE-2021-3426 at NVDCVE-2021-3572 at SUSECVE-2021-3572 at NVDCVE-2021-3733 at SUSECVE-2021-3733 at NVDCVE-2021-3737 at SUSECVE-2021-3737 at NVDCVE-2022-25236 at SUSECVE-2022-25236 at NVDCVE-2022-37454 at SUSECVE-2022-37454 at NVDCVE-2022-45061 at SUSECVE-2022-45061 at NVDcpe:/o:suse:sle-micro:5.4librados2-16.2.9.536+g41a9f9a5573-150400.3.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the librados2-16.2.9.536+g41a9f9a5573-150400.3.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2017-16818 at SUSECVE-2017-16818 at NVDCVE-2018-10861 at SUSECVE-2018-10861 at NVDCVE-2018-1128 at SUSECVE-2018-1128 at NVDCVE-2018-1129 at SUSECVE-2018-1129 at NVDCVE-2018-16889 at SUSECVE-2018-16889 at NVDCVE-2019-10222 at SUSECVE-2019-10222 at NVDCVE-2019-3821 at SUSECVE-2019-3821 at NVDCVE-2020-10736 at SUSECVE-2020-10736 at NVDCVE-2020-1759 at SUSECVE-2020-1759 at NVDCVE-2020-1760 at SUSECVE-2020-1760 at NVDCVE-2020-25660 at SUSECVE-2020-25660 at NVDCVE-2020-25678 at SUSECVE-2020-25678 at NVDCVE-2020-27781 at SUSECVE-2020-27781 at NVDCVE-2020-27839 at SUSECVE-2020-27839 at NVDCVE-2021-20288 at SUSECVE-2021-20288 at NVDCVE-2021-3509 at SUSECVE-2021-3509 at NVDCVE-2021-3524 at SUSECVE-2021-3524 at NVDCVE-2021-3531 at SUSECVE-2021-3531 at NVDCVE-2021-3979 at SUSECVE-2021-3979 at NVDcpe:/o:suse:sle-micro:5.4libseccomp2-2.5.3-150400.2.4 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libseccomp2-2.5.3-150400.2.4 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2019-9893 at SUSECVE-2019-9893 at NVDcpe:/o:suse:sle-micro:5.4libsepol2-3.4-150400.1.11 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libsepol2-3.4-150400.1.11 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2021-36085 at SUSECVE-2021-36085 at NVDCVE-2021-36086 at SUSECVE-2021-36086 at NVDCVE-2021-36087 at SUSECVE-2021-36087 at NVDcpe:/o:suse:sle-micro:5.4libslirp0-4.3.1-150300.11.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libslirp0-4.3.1-150300.11.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2020-10756 at SUSECVE-2020-10756 at NVDCVE-2020-1983 at SUSECVE-2020-1983 at NVDCVE-2021-3592 at SUSECVE-2021-3592 at NVDCVE-2021-3593 at SUSECVE-2021-3593 at NVDCVE-2021-3594 at SUSECVE-2021-3594 at NVDCVE-2021-3595 at SUSECVE-2021-3595 at NVDcpe:/o:suse:sle-micro:5.4libsnmp40-5.9.3-150300.15.8.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libsnmp40-5.9.3-150300.15.8.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2015-5621 at SUSECVE-2015-5621 at NVDCVE-2018-18065 at SUSECVE-2018-18065 at NVDCVE-2020-15862 at SUSECVE-2020-15862 at NVDCVE-2022-24805 at SUSECVE-2022-24805 at NVDCVE-2022-24806 at SUSECVE-2022-24806 at NVDCVE-2022-24807 at SUSECVE-2022-24807 at NVDCVE-2022-24808 at SUSECVE-2022-24808 at NVDCVE-2022-24809 at SUSECVE-2022-24809 at NVDCVE-2022-24810 at SUSECVE-2022-24810 at NVDCVE-2022-44792 at SUSECVE-2022-44792 at NVDCVE-2022-44793 at SUSECVE-2022-44793 at NVDcpe:/o:suse:sle-micro:5.4libsolv-tools-0.7.22-150400.1.5 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libsolv-tools-0.7.22-150400.1.5 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2018-20532 at SUSECVE-2018-20532 at NVDCVE-2018-20533 at SUSECVE-2018-20533 at NVDCVE-2018-20534 at SUSECVE-2018-20534 at NVDcpe:/o:suse:sle-micro:5.4libsoup-2_4-1-2.74.2-150400.1.6 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libsoup-2_4-1-2.74.2-150400.1.6 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2017-2885 at SUSECVE-2017-2885 at NVDCVE-2018-12910 at SUSECVE-2018-12910 at NVDcpe:/o:suse:sle-micro:5.4libspice-server1-0.15.0-150400.2.8 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libspice-server1-0.15.0-150400.2.8 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2013-4282 at SUSECVE-2013-4282 at NVDCVE-2015-3247 at SUSECVE-2015-3247 at NVDCVE-2015-5260 at SUSECVE-2015-5260 at NVDCVE-2015-5261 at SUSECVE-2015-5261 at NVDCVE-2016-0749 at SUSECVE-2016-0749 at NVDCVE-2016-2150 at SUSECVE-2016-2150 at NVDCVE-2016-9577 at SUSECVE-2016-9577 at NVDCVE-2016-9578 at SUSECVE-2016-9578 at NVDCVE-2018-10873 at SUSECVE-2018-10873 at NVDCVE-2018-10893 at SUSECVE-2018-10893 at NVDCVE-2019-3813 at SUSECVE-2019-3813 at NVDCVE-2020-14355 at SUSECVE-2020-14355 at NVDCVE-2021-20201 at SUSECVE-2021-20201 at NVDcpe:/o:suse:sle-micro:5.4libsqlite3-0-3.39.3-150000.3.20.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libsqlite3-0-3.39.3-150000.3.20.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2015-3414 at SUSECVE-2015-3414 at NVDCVE-2015-3415 at SUSECVE-2015-3415 at NVDCVE-2018-20346 at SUSECVE-2018-20346 at NVDCVE-2018-8740 at SUSECVE-2018-8740 at NVDCVE-2019-16168 at SUSECVE-2019-16168 at NVDCVE-2019-19244 at SUSECVE-2019-19244 at NVDCVE-2019-19317 at SUSECVE-2019-19317 at NVDCVE-2019-19603 at SUSECVE-2019-19603 at NVDCVE-2019-19645 at SUSECVE-2019-19645 at NVDCVE-2019-19646 at SUSECVE-2019-19646 at NVDCVE-2019-19880 at SUSECVE-2019-19880 at NVDCVE-2019-19923 at SUSECVE-2019-19923 at NVDCVE-2019-19924 at SUSECVE-2019-19924 at NVDCVE-2019-19925 at SUSECVE-2019-19925 at NVDCVE-2019-19926 at SUSECVE-2019-19926 at NVDCVE-2019-19959 at SUSECVE-2019-19959 at NVDCVE-2019-20218 at SUSECVE-2019-20218 at NVDCVE-2019-9936 at SUSECVE-2019-9936 at NVDCVE-2019-9937 at SUSECVE-2019-9937 at NVDCVE-2020-13434 at SUSECVE-2020-13434 at NVDCVE-2020-13435 at SUSECVE-2020-13435 at NVDCVE-2020-13630 at SUSECVE-2020-13630 at NVDCVE-2020-13631 at SUSECVE-2020-13631 at NVDCVE-2020-13632 at SUSECVE-2020-13632 at NVDCVE-2020-15358 at SUSECVE-2020-15358 at NVDCVE-2020-9327 at SUSECVE-2020-9327 at NVDCVE-2021-36690 at SUSECVE-2021-36690 at NVDCVE-2022-35737 at SUSECVE-2022-35737 at NVDCVE-2022-46908 at SUSECVE-2022-46908 at NVDcpe:/o:suse:sle-micro:5.4libssh-config-0.9.6-150400.1.5 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libssh-config-0.9.6-150400.1.5 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2014-8132 at SUSECVE-2014-8132 at NVDCVE-2015-3146 at SUSECVE-2015-3146 at NVDCVE-2018-10933 at SUSECVE-2018-10933 at NVDCVE-2019-14889 at SUSECVE-2019-14889 at NVDCVE-2020-16135 at SUSECVE-2020-16135 at NVDCVE-2020-1730 at SUSECVE-2020-1730 at NVDCVE-2021-3634 at SUSECVE-2021-3634 at NVDcpe:/o:suse:sle-micro:5.4libssh2-1-1.9.0-4.13.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libssh2-1-1.9.0-4.13.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2015-1782 at SUSECVE-2015-1782 at NVDCVE-2016-0787 at SUSECVE-2016-0787 at NVDCVE-2019-17498 at SUSECVE-2019-17498 at NVDCVE-2019-3855 at SUSECVE-2019-3855 at NVDCVE-2019-3856 at SUSECVE-2019-3856 at NVDCVE-2019-3857 at SUSECVE-2019-3857 at NVDCVE-2019-3858 at SUSECVE-2019-3858 at NVDCVE-2019-3859 at SUSECVE-2019-3859 at NVDCVE-2019-3860 at SUSECVE-2019-3860 at NVDCVE-2019-3861 at SUSECVE-2019-3861 at NVDCVE-2019-3862 at SUSECVE-2019-3862 at NVDCVE-2019-3863 at SUSECVE-2019-3863 at NVDcpe:/o:suse:sle-micro:5.4libsss_certmap0-2.5.2-150400.4.11.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libsss_certmap0-2.5.2-150400.4.11.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2017-12173 at SUSECVE-2017-12173 at NVDCVE-2018-10852 at SUSECVE-2018-10852 at NVDCVE-2018-16838 at SUSECVE-2018-16838 at NVDCVE-2019-3811 at SUSECVE-2019-3811 at NVDCVE-2021-3621 at SUSECVE-2021-3621 at NVDcpe:/o:suse:sle-micro:5.4libsystemd0-249.15-150400.8.22.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libsystemd0-249.15-150400.8.22.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2015-7510 at SUSECVE-2015-7510 at NVDCVE-2016-10156 at SUSECVE-2016-10156 at NVDCVE-2017-15908 at SUSECVE-2017-15908 at NVDCVE-2017-18078 at SUSECVE-2017-18078 at NVDCVE-2017-9445 at SUSECVE-2017-9445 at NVDCVE-2018-15686 at SUSECVE-2018-15686 at NVDCVE-2018-15687 at SUSECVE-2018-15687 at NVDCVE-2018-15688 at SUSECVE-2018-15688 at NVDCVE-2018-16864 at SUSECVE-2018-16864 at NVDCVE-2018-16865 at SUSECVE-2018-16865 at NVDCVE-2018-21029 at SUSECVE-2018-21029 at NVDCVE-2018-6954 at SUSECVE-2018-6954 at NVDCVE-2019-20386 at SUSECVE-2019-20386 at NVDCVE-2019-3842 at SUSECVE-2019-3842 at NVDCVE-2019-3843 at SUSECVE-2019-3843 at NVDCVE-2019-3844 at SUSECVE-2019-3844 at NVDCVE-2019-6454 at SUSECVE-2019-6454 at NVDCVE-2020-13529 at SUSECVE-2020-13529 at NVDCVE-2020-1712 at SUSECVE-2020-1712 at NVDCVE-2021-33910 at SUSECVE-2021-33910 at NVDCVE-2021-3997 at SUSECVE-2021-3997 at NVDCVE-2022-3821 at SUSECVE-2022-3821 at NVDCVE-2022-4415 at SUSECVE-2022-4415 at NVDcpe:/o:suse:sle-micro:5.4libtasn1-4.13-150000.4.8.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libtasn1-4.13-150000.4.8.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2015-2806 at SUSECVE-2015-2806 at NVDCVE-2015-3622 at SUSECVE-2015-3622 at NVDCVE-2016-4008 at SUSECVE-2016-4008 at NVDCVE-2018-1000654 at SUSECVE-2018-1000654 at NVDCVE-2018-6003 at SUSECVE-2018-6003 at NVDCVE-2021-46848 at SUSECVE-2021-46848 at NVDcpe:/o:suse:sle-micro:5.4libtiff5-4.0.9-150000.45.25.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libtiff5-4.0.9-150000.45.25.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2012-4564 at SUSECVE-2012-4564 at NVDCVE-2013-1960 at SUSECVE-2013-1960 at NVDCVE-2013-1961 at SUSECVE-2013-1961 at NVDCVE-2013-4231 at SUSECVE-2013-4231 at NVDCVE-2013-4232 at SUSECVE-2013-4232 at NVDCVE-2013-4243 at SUSECVE-2013-4243 at NVDCVE-2013-4244 at SUSECVE-2013-4244 at NVDCVE-2014-8127 at SUSECVE-2014-8127 at NVDCVE-2014-8128 at SUSECVE-2014-8128 at NVDCVE-2014-8129 at SUSECVE-2014-8129 at NVDCVE-2014-8130 at SUSECVE-2014-8130 at NVDCVE-2014-9655 at SUSECVE-2014-9655 at NVDCVE-2015-1547 at SUSECVE-2015-1547 at NVDCVE-2015-7554 at SUSECVE-2015-7554 at NVDCVE-2015-8665 at SUSECVE-2015-8665 at NVDCVE-2015-8683 at SUSECVE-2015-8683 at NVDCVE-2015-8781 at SUSECVE-2015-8781 at NVDCVE-2015-8782 at SUSECVE-2015-8782 at NVDCVE-2015-8783 at SUSECVE-2015-8783 at NVDCVE-2016-10092 at SUSECVE-2016-10092 at NVDCVE-2016-10093 at SUSECVE-2016-10093 at NVDCVE-2016-10094 at SUSECVE-2016-10094 at NVDCVE-2016-10095 at SUSECVE-2016-10095 at NVDCVE-2016-10266 at SUSECVE-2016-10266 at NVDCVE-2016-10267 at SUSECVE-2016-10267 at NVDCVE-2016-10268 at SUSECVE-2016-10268 at NVDCVE-2016-10269 at SUSECVE-2016-10269 at NVDCVE-2016-10270 at SUSECVE-2016-10270 at NVDCVE-2016-10271 at SUSECVE-2016-10271 at NVDCVE-2016-10272 at SUSECVE-2016-10272 at NVDCVE-2016-10371 at SUSECVE-2016-10371 at NVDCVE-2016-3186 at SUSECVE-2016-3186 at NVDCVE-2016-3622 at SUSECVE-2016-3622 at NVDCVE-2016-3623 at SUSECVE-2016-3623 at NVDCVE-2016-3658 at SUSECVE-2016-3658 at NVDCVE-2016-3945 at SUSECVE-2016-3945 at NVDCVE-2016-3990 at SUSECVE-2016-3990 at NVDCVE-2016-3991 at SUSECVE-2016-3991 at NVDCVE-2016-5314 at SUSECVE-2016-5314 at NVDCVE-2016-5316 at SUSECVE-2016-5316 at NVDCVE-2016-5317 at SUSECVE-2016-5317 at NVDCVE-2016-5318 at SUSECVE-2016-5318 at NVDCVE-2016-5320 at SUSECVE-2016-5320 at NVDCVE-2016-5321 at SUSECVE-2016-5321 at NVDCVE-2016-5323 at SUSECVE-2016-5323 at NVDCVE-2016-5652 at SUSECVE-2016-5652 at NVDCVE-2016-5875 at SUSECVE-2016-5875 at NVDCVE-2016-6223 at SUSECVE-2016-6223 at NVDCVE-2016-9273 at SUSECVE-2016-9273 at NVDCVE-2016-9297 at SUSECVE-2016-9297 at NVDCVE-2016-9448 at SUSECVE-2016-9448 at NVDCVE-2016-9453 at SUSECVE-2016-9453 at NVDCVE-2016-9538 at SUSECVE-2016-9538 at NVDCVE-2017-11613 at SUSECVE-2017-11613 at NVDCVE-2017-12944 at SUSECVE-2017-12944 at NVDCVE-2017-16232 at SUSECVE-2017-16232 at NVDCVE-2017-17095 at SUSECVE-2017-17095 at NVDCVE-2017-18013 at SUSECVE-2017-18013 at NVDCVE-2017-5225 at SUSECVE-2017-5225 at NVDCVE-2017-7592 at SUSECVE-2017-7592 at NVDCVE-2017-7593 at SUSECVE-2017-7593 at NVDCVE-2017-7594 at SUSECVE-2017-7594 at NVDCVE-2017-7595 at SUSECVE-2017-7595 at NVDCVE-2017-7596 at SUSECVE-2017-7596 at NVDCVE-2017-7597 at SUSECVE-2017-7597 at NVDCVE-2017-7598 at SUSECVE-2017-7598 at NVDCVE-2017-7599 at SUSECVE-2017-7599 at NVDCVE-2017-7600 at SUSECVE-2017-7600 at NVDCVE-2017-7601 at SUSECVE-2017-7601 at NVDCVE-2017-7602 at SUSECVE-2017-7602 at NVDCVE-2017-9403 at SUSECVE-2017-9403 at NVDCVE-2017-9404 at SUSECVE-2017-9404 at NVDCVE-2017-9935 at SUSECVE-2017-9935 at NVDCVE-2017-9936 at SUSECVE-2017-9936 at NVDCVE-2018-10779 at SUSECVE-2018-10779 at NVDCVE-2018-10963 at SUSECVE-2018-10963 at NVDCVE-2018-12900 at SUSECVE-2018-12900 at NVDCVE-2018-16335 at SUSECVE-2018-16335 at NVDCVE-2018-17000 at SUSECVE-2018-17000 at NVDCVE-2018-17100 at SUSECVE-2018-17100 at NVDCVE-2018-17101 at SUSECVE-2018-17101 at NVDCVE-2018-17795 at SUSECVE-2018-17795 at NVDCVE-2018-18557 at SUSECVE-2018-18557 at NVDCVE-2018-18661 at SUSECVE-2018-18661 at NVDCVE-2018-19210 at SUSECVE-2018-19210 at NVDCVE-2018-5784 at SUSECVE-2018-5784 at NVDCVE-2018-7456 at SUSECVE-2018-7456 at NVDCVE-2018-8905 at SUSECVE-2018-8905 at NVDCVE-2019-14973 at SUSECVE-2019-14973 at NVDCVE-2019-17546 at SUSECVE-2019-17546 at NVDCVE-2019-6128 at SUSECVE-2019-6128 at NVDCVE-2019-7663 at SUSECVE-2019-7663 at NVDCVE-2020-19131 at SUSECVE-2020-19131 at NVDCVE-2020-35521 at SUSECVE-2020-35521 at NVDCVE-2020-35522 at SUSECVE-2020-35522 at NVDCVE-2020-35523 at SUSECVE-2020-35523 at NVDCVE-2020-35524 at SUSECVE-2020-35524 at NVDCVE-2022-0561 at SUSECVE-2022-0561 at NVDCVE-2022-0562 at SUSECVE-2022-0562 at NVDCVE-2022-0865 at SUSECVE-2022-0865 at NVDCVE-2022-0891 at SUSECVE-2022-0891 at NVDCVE-2022-0908 at SUSECVE-2022-0908 at NVDCVE-2022-0909 at SUSECVE-2022-0909 at NVDCVE-2022-0924 at SUSECVE-2022-0924 at NVDCVE-2022-1056 at SUSECVE-2022-1056 at NVDCVE-2022-2056 at SUSECVE-2022-2056 at NVDCVE-2022-2057 at SUSECVE-2022-2057 at NVDCVE-2022-2058 at SUSECVE-2022-2058 at NVDCVE-2022-22844 at SUSECVE-2022-22844 at NVDCVE-2022-2519 at SUSECVE-2022-2519 at NVDCVE-2022-2520 at SUSECVE-2022-2520 at NVDCVE-2022-2521 at SUSECVE-2022-2521 at NVDCVE-2022-2867 at SUSECVE-2022-2867 at NVDCVE-2022-2868 at SUSECVE-2022-2868 at NVDCVE-2022-2869 at SUSECVE-2022-2869 at NVDCVE-2022-34266 at SUSECVE-2022-34266 at NVDCVE-2022-34526 at SUSECVE-2022-34526 at NVDCVE-2022-3570 at SUSECVE-2022-3570 at NVDCVE-2022-3597 at SUSECVE-2022-3597 at NVDCVE-2022-3598 at SUSECVE-2022-3598 at NVDCVE-2022-3599 at SUSECVE-2022-3599 at NVDCVE-2022-3626 at SUSECVE-2022-3626 at NVDCVE-2022-3627 at SUSECVE-2022-3627 at NVDCVE-2022-3970 at SUSECVE-2022-3970 at NVDCVE-2022-48281 at SUSECVE-2022-48281 at NVDcpe:/o:suse:sle-micro:5.4libtirpc-netconfig-1.2.6-150300.3.17.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libtirpc-netconfig-1.2.6-150300.3.17.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2016-4429 at SUSECVE-2016-4429 at NVDCVE-2021-46828 at SUSECVE-2021-46828 at NVDcpe:/o:suse:sle-micro:5.4libtpms0-0.8.2-150300.3.6.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libtpms0-0.8.2-150300.3.6.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2021-3446 at SUSECVE-2021-3446 at NVDCVE-2021-3505 at SUSECVE-2021-3505 at NVDCVE-2021-3623 at SUSECVE-2021-3623 at NVDCVE-2021-3746 at SUSECVE-2021-3746 at NVDcpe:/o:suse:sle-micro:5.4libtss2-esys0-3.1.0-150400.3.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libtss2-esys0-3.1.0-150400.3.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2020-24455 at SUSECVE-2020-24455 at NVDCVE-2023-22745 at SUSECVE-2023-22745 at NVDcpe:/o:suse:sle-micro:5.4libudisks2-0-2.9.2-150400.3.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libudisks2-0-2.9.2-150400.3.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2018-17336 at SUSECVE-2018-17336 at NVDCVE-2021-3802 at SUSECVE-2021-3802 at NVDcpe:/o:suse:sle-micro:5.4libunwind-1.5.0-4.5.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libunwind-1.5.0-4.5.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2015-3239 at SUSECVE-2015-3239 at NVDcpe:/o:suse:sle-micro:5.4libvirglrenderer1-0.9.1-150400.3.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libvirglrenderer1-0.9.1-150400.3.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2016-10214 at SUSECVE-2016-10214 at NVDCVE-2017-5937 at SUSECVE-2017-5937 at NVDCVE-2017-5957 at SUSECVE-2017-5957 at NVDCVE-2017-5993 at SUSECVE-2017-5993 at NVDCVE-2017-5994 at SUSECVE-2017-5994 at NVDCVE-2017-6386 at SUSECVE-2017-6386 at NVDCVE-2019-18388 at SUSECVE-2019-18388 at NVDCVE-2019-18389 at SUSECVE-2019-18389 at NVDCVE-2019-18390 at SUSECVE-2019-18390 at NVDCVE-2019-18391 at SUSECVE-2019-18391 at NVDCVE-2019-18392 at SUSECVE-2019-18392 at NVDCVE-2020-8002 at SUSECVE-2020-8002 at NVDCVE-2020-8003 at SUSECVE-2020-8003 at NVDCVE-2022-0135 at SUSECVE-2022-0135 at NVDCVE-2022-0175 at SUSECVE-2022-0175 at NVDcpe:/o:suse:sle-micro:5.4libvirt-client-8.0.0-150400.7.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libvirt-client-8.0.0-150400.7.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2014-7823 at SUSECVE-2014-7823 at NVDCVE-2014-8131 at SUSECVE-2014-8131 at NVDCVE-2015-0236 at SUSECVE-2015-0236 at NVDCVE-2015-5247 at SUSECVE-2015-5247 at NVDCVE-2015-5313 at SUSECVE-2015-5313 at NVDCVE-2017-1000256 at SUSECVE-2017-1000256 at NVDCVE-2017-2635 at SUSECVE-2017-2635 at NVDCVE-2017-5715 at SUSECVE-2017-5715 at NVDCVE-2018-1064 at SUSECVE-2018-1064 at NVDCVE-2018-12126 at SUSECVE-2018-12126 at NVDCVE-2018-12127 at SUSECVE-2018-12127 at NVDCVE-2018-12130 at SUSECVE-2018-12130 at NVDCVE-2018-3639 at SUSECVE-2018-3639 at NVDCVE-2018-5748 at SUSECVE-2018-5748 at NVDCVE-2019-10132 at SUSECVE-2019-10132 at NVDCVE-2019-10161 at SUSECVE-2019-10161 at NVDCVE-2019-10166 at SUSECVE-2019-10166 at NVDCVE-2019-10167 at SUSECVE-2019-10167 at NVDCVE-2019-10168 at SUSECVE-2019-10168 at NVDCVE-2019-11091 at SUSECVE-2019-11091 at NVDCVE-2019-11135 at SUSECVE-2019-11135 at NVDCVE-2019-3886 at SUSECVE-2019-3886 at NVDCVE-2020-10701 at SUSECVE-2020-10701 at NVDCVE-2020-12430 at SUSECVE-2020-12430 at NVDCVE-2020-14339 at SUSECVE-2020-14339 at NVDCVE-2020-15708 at SUSECVE-2020-15708 at NVDCVE-2020-25637 at SUSECVE-2020-25637 at NVDCVE-2021-3631 at SUSECVE-2021-3631 at NVDCVE-2021-3667 at SUSECVE-2021-3667 at NVDCVE-2021-4147 at SUSECVE-2021-4147 at NVDCVE-2022-0897 at SUSECVE-2022-0897 at NVDcpe:/o:suse:sle-micro:5.4libvmtools0-12.1.0-150300.21.2 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libvmtools0-12.1.0-150300.21.2 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2015-5191 at SUSECVE-2015-5191 at NVDCVE-2022-31676 at SUSECVE-2022-31676 at NVDcpe:/o:suse:sle-micro:5.4libvorbis0-1.3.6-150000.4.5.2 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libvorbis0-1.3.6-150000.4.5.2 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2017-14160 at SUSECVE-2017-14160 at NVDCVE-2017-14632 at SUSECVE-2017-14632 at NVDCVE-2017-14633 at SUSECVE-2017-14633 at NVDCVE-2018-10392 at SUSECVE-2018-10392 at NVDCVE-2018-10393 at SUSECVE-2018-10393 at NVDCVE-2018-5146 at SUSECVE-2018-5146 at NVDcpe:/o:suse:sle-micro:5.4libxkbcommon0-1.3.0-150400.1.13 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libxkbcommon0-1.3.0-150400.1.13 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2018-15853 at SUSECVE-2018-15853 at NVDCVE-2018-15854 at SUSECVE-2018-15854 at NVDCVE-2018-15855 at SUSECVE-2018-15855 at NVDCVE-2018-15856 at SUSECVE-2018-15856 at NVDCVE-2018-15857 at SUSECVE-2018-15857 at NVDCVE-2018-15858 at SUSECVE-2018-15858 at NVDCVE-2018-15859 at SUSECVE-2018-15859 at NVDCVE-2018-15861 at SUSECVE-2018-15861 at NVDCVE-2018-15862 at SUSECVE-2018-15862 at NVDCVE-2018-15863 at SUSECVE-2018-15863 at NVDCVE-2018-15864 at SUSECVE-2018-15864 at NVDcpe:/o:suse:sle-micro:5.4libxml2-2-2.9.14-150400.5.13.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libxml2-2-2.9.14-150400.5.13.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2014-0191 at SUSECVE-2014-0191 at NVDCVE-2014-3660 at SUSECVE-2014-3660 at NVDCVE-2015-1819 at SUSECVE-2015-1819 at NVDCVE-2015-5312 at SUSECVE-2015-5312 at NVDCVE-2015-7497 at SUSECVE-2015-7497 at NVDCVE-2015-7498 at SUSECVE-2015-7498 at NVDCVE-2015-7499 at SUSECVE-2015-7499 at NVDCVE-2015-7500 at SUSECVE-2015-7500 at NVDCVE-2015-7941 at SUSECVE-2015-7941 at NVDCVE-2015-7942 at SUSECVE-2015-7942 at NVDCVE-2015-8035 at SUSECVE-2015-8035 at NVDCVE-2015-8242 at SUSECVE-2015-8242 at NVDCVE-2016-1762 at SUSECVE-2016-1762 at NVDCVE-2016-1833 at SUSECVE-2016-1833 at NVDCVE-2016-1834 at SUSECVE-2016-1834 at NVDCVE-2016-1835 at SUSECVE-2016-1835 at NVDCVE-2016-1836 at SUSECVE-2016-1836 at NVDCVE-2016-1837 at SUSECVE-2016-1837 at NVDCVE-2016-1838 at SUSECVE-2016-1838 at NVDCVE-2016-1839 at SUSECVE-2016-1839 at NVDCVE-2016-1840 at SUSECVE-2016-1840 at NVDCVE-2016-3627 at SUSECVE-2016-3627 at NVDCVE-2016-3705 at SUSECVE-2016-3705 at NVDCVE-2016-4483 at SUSECVE-2016-4483 at NVDCVE-2016-4658 at SUSECVE-2016-4658 at NVDCVE-2017-0663 at SUSECVE-2017-0663 at NVDCVE-2017-5969 at SUSECVE-2017-5969 at NVDCVE-2017-9047 at SUSECVE-2017-9047 at NVDCVE-2017-9048 at SUSECVE-2017-9048 at NVDCVE-2017-9049 at SUSECVE-2017-9049 at NVDCVE-2018-14404 at SUSECVE-2018-14404 at NVDCVE-2018-14567 at SUSECVE-2018-14567 at NVDCVE-2018-9251 at SUSECVE-2018-9251 at NVDCVE-2019-19956 at SUSECVE-2019-19956 at NVDCVE-2019-20388 at SUSECVE-2019-20388 at NVDCVE-2020-24977 at SUSECVE-2020-24977 at NVDCVE-2020-7595 at SUSECVE-2020-7595 at NVDCVE-2021-3516 at SUSECVE-2021-3516 at NVDCVE-2021-3517 at SUSECVE-2021-3517 at NVDCVE-2021-3518 at SUSECVE-2021-3518 at NVDCVE-2021-3537 at SUSECVE-2021-3537 at NVDCVE-2021-3541 at SUSECVE-2021-3541 at NVDCVE-2022-23308 at SUSECVE-2022-23308 at NVDCVE-2022-29824 at SUSECVE-2022-29824 at NVDCVE-2022-40303 at SUSECVE-2022-40303 at NVDCVE-2022-40304 at SUSECVE-2022-40304 at NVDcpe:/o:suse:sle-micro:5.4libxslt1-1.1.34-150400.3.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libxslt1-1.1.34-150400.3.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2015-7995 at SUSECVE-2015-7995 at NVDCVE-2015-9019 at SUSECVE-2015-9019 at NVDCVE-2016-4738 at SUSECVE-2016-4738 at NVDCVE-2017-5029 at SUSECVE-2017-5029 at NVDCVE-2019-11068 at SUSECVE-2019-11068 at NVDCVE-2019-13117 at SUSECVE-2019-13117 at NVDCVE-2019-13118 at SUSECVE-2019-13118 at NVDCVE-2019-18197 at SUSECVE-2019-18197 at NVDCVE-2021-30560 at SUSECVE-2021-30560 at NVDcpe:/o:suse:sle-micro:5.4libyajl2-2.1.0-150000.4.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libyajl2-2.1.0-150000.4.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2022-24795 at SUSECVE-2022-24795 at NVDcpe:/o:suse:sle-micro:5.4libyaml-cpp0_6-0.6.3-150400.4.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libyaml-cpp0_6-0.6.3-150400.4.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2017-5950 at SUSECVE-2017-5950 at NVDCVE-2018-20573 at SUSECVE-2018-20573 at NVDCVE-2018-20574 at SUSECVE-2018-20574 at NVDCVE-2019-6285 at SUSECVE-2019-6285 at NVDCVE-2019-6292 at SUSECVE-2019-6292 at NVDcpe:/o:suse:sle-micro:5.4libz1-1.2.11-150000.3.39.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libz1-1.2.11-150000.3.39.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2016-9843 at SUSECVE-2016-9843 at NVDCVE-2018-25032 at SUSECVE-2018-25032 at NVDCVE-2022-37434 at SUSECVE-2022-37434 at NVDcpe:/o:suse:sle-micro:5.4libzmq5-4.2.3-3.15.4 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libzmq5-4.2.3-3.15.4 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2014-7202 at SUSECVE-2014-7202 at NVDCVE-2014-7203 at SUSECVE-2014-7203 at NVDCVE-2014-9721 at SUSECVE-2014-9721 at NVDCVE-2019-13132 at SUSECVE-2019-13132 at NVDCVE-2019-6250 at SUSECVE-2019-6250 at NVDCVE-2020-15166 at SUSECVE-2020-15166 at NVDcpe:/o:suse:sle-micro:5.4libzstd1-1.5.0-150400.1.71 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libzstd1-1.5.0-150400.1.71 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2019-11922 at SUSECVE-2019-11922 at NVDcpe:/o:suse:sle-micro:5.4libzypp-17.31.2-150400.3.9.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libzypp-17.31.2-150400.3.9.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2017-7435 at SUSECVE-2017-7435 at NVDCVE-2017-7436 at SUSECVE-2017-7436 at NVDCVE-2017-9269 at SUSECVE-2017-9269 at NVDCVE-2017-9271 at SUSECVE-2017-9271 at NVDCVE-2018-7685 at SUSECVE-2018-7685 at NVDCVE-2019-18900 at SUSECVE-2019-18900 at NVDcpe:/o:suse:sle-micro:5.4login_defs-4.8.1-150400.1.7 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the login_defs-4.8.1-150400.1.7 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2018-7169 at SUSECVE-2018-7169 at NVDcpe:/o:suse:sle-micro:5.4logrotate-3.18.1-150400.3.7.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the logrotate-3.18.1-150400.3.7.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2021-3864 at SUSECVE-2021-3864 at NVDCVE-2022-1348 at SUSECVE-2022-1348 at NVDcpe:/o:suse:sle-micro:5.4mozilla-nspr-4.34.1-150000.3.26.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the mozilla-nspr-4.34.1-150000.3.26.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2015-7183 at SUSECVE-2015-7183 at NVDcpe:/o:suse:sle-micro:5.4nfs-client-2.1.1-150100.10.27.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the nfs-client-2.1.1-150100.10.27.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2019-3689 at SUSECVE-2019-3689 at NVDcpe:/o:suse:sle-micro:5.4opensc-0.22.0-150400.1.7 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the opensc-0.22.0-150400.1.7 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2018-16391 at SUSECVE-2018-16391 at NVDCVE-2018-16392 at SUSECVE-2018-16392 at NVDCVE-2018-16393 at SUSECVE-2018-16393 at NVDCVE-2018-16418 at SUSECVE-2018-16418 at NVDCVE-2018-16419 at SUSECVE-2018-16419 at NVDCVE-2018-16420 at SUSECVE-2018-16420 at NVDCVE-2018-16421 at SUSECVE-2018-16421 at NVDCVE-2018-16422 at SUSECVE-2018-16422 at NVDCVE-2018-16423 at SUSECVE-2018-16423 at NVDCVE-2018-16424 at SUSECVE-2018-16424 at NVDCVE-2018-16425 at SUSECVE-2018-16425 at NVDCVE-2018-16426 at SUSECVE-2018-16426 at NVDCVE-2018-16427 at SUSECVE-2018-16427 at NVDCVE-2019-15945 at SUSECVE-2019-15945 at NVDCVE-2019-15946 at SUSECVE-2019-15946 at NVDCVE-2019-19479 at SUSECVE-2019-19479 at NVDCVE-2019-19480 at SUSECVE-2019-19480 at NVDCVE-2019-20792 at SUSECVE-2019-20792 at NVDCVE-2019-6502 at SUSECVE-2019-6502 at NVDCVE-2020-26570 at SUSECVE-2020-26570 at NVDCVE-2020-26571 at SUSECVE-2020-26571 at NVDCVE-2020-26572 at SUSECVE-2020-26572 at NVDCVE-2021-42779 at SUSECVE-2021-42779 at NVDCVE-2021-42780 at SUSECVE-2021-42780 at NVDCVE-2021-42781 at SUSECVE-2021-42781 at NVDCVE-2021-42782 at SUSECVE-2021-42782 at NVDcpe:/o:suse:sle-micro:5.4openslp-2.0.0-6.15.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the openslp-2.0.0-6.15.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2016-4912 at SUSECVE-2016-4912 at NVDCVE-2016-7567 at SUSECVE-2016-7567 at NVDCVE-2017-17833 at SUSECVE-2017-17833 at NVDcpe:/o:suse:sle-micro:5.4openssh-8.4p1-150300.3.15.4 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the openssh-8.4p1-150300.3.15.4 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2015-8325 at SUSECVE-2015-8325 at NVDCVE-2016-0777 at SUSECVE-2016-0777 at NVDCVE-2016-0778 at SUSECVE-2016-0778 at NVDCVE-2016-10009 at SUSECVE-2016-10009 at NVDCVE-2016-10010 at SUSECVE-2016-10010 at NVDCVE-2016-10011 at SUSECVE-2016-10011 at NVDCVE-2016-10012 at SUSECVE-2016-10012 at NVDCVE-2016-6210 at SUSECVE-2016-6210 at NVDCVE-2016-6515 at SUSECVE-2016-6515 at NVDCVE-2016-8858 at SUSECVE-2016-8858 at NVDCVE-2018-20685 at SUSECVE-2018-20685 at NVDCVE-2019-6109 at SUSECVE-2019-6109 at NVDCVE-2019-6110 at SUSECVE-2019-6110 at NVDCVE-2019-6111 at SUSECVE-2019-6111 at NVDCVE-2021-28041 at SUSECVE-2021-28041 at NVDCVE-2021-41617 at SUSECVE-2021-41617 at NVDcpe:/o:suse:sle-micro:5.4openssl-1.1.1l-150400.1.5 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the openssl-1.1.1l-150400.1.5 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2014-3513 at SUSECVE-2014-3513 at NVDCVE-2014-3567 at SUSECVE-2014-3567 at NVDCVE-2014-3568 at SUSECVE-2014-3568 at NVDCVE-2014-3569 at SUSECVE-2014-3569 at NVDCVE-2014-3570 at SUSECVE-2014-3570 at NVDCVE-2014-3571 at SUSECVE-2014-3571 at NVDCVE-2014-3572 at SUSECVE-2014-3572 at NVDCVE-2014-8275 at SUSECVE-2014-8275 at NVDCVE-2015-0204 at SUSECVE-2015-0204 at NVDCVE-2015-0205 at SUSECVE-2015-0205 at NVDCVE-2015-0206 at SUSECVE-2015-0206 at NVDCVE-2015-0209 at SUSECVE-2015-0209 at NVDCVE-2015-0286 at SUSECVE-2015-0286 at NVDCVE-2015-0287 at SUSECVE-2015-0287 at NVDCVE-2015-0288 at SUSECVE-2015-0288 at NVDCVE-2015-0289 at SUSECVE-2015-0289 at NVDCVE-2015-0293 at SUSECVE-2015-0293 at NVDCVE-2015-1788 at SUSECVE-2015-1788 at NVDCVE-2015-1789 at SUSECVE-2015-1789 at NVDCVE-2015-1790 at SUSECVE-2015-1790 at NVDCVE-2015-1791 at SUSECVE-2015-1791 at NVDCVE-2015-1792 at SUSECVE-2015-1792 at NVDCVE-2015-1793 at SUSECVE-2015-1793 at NVDCVE-2015-1794 at SUSECVE-2015-1794 at NVDCVE-2015-3193 at SUSECVE-2015-3193 at NVDCVE-2015-3194 at SUSECVE-2015-3194 at NVDCVE-2015-3195 at SUSECVE-2015-3195 at NVDCVE-2015-3196 at SUSECVE-2015-3196 at NVDCVE-2015-3197 at SUSECVE-2015-3197 at NVDCVE-2016-0701 at SUSECVE-2016-0701 at NVDCVE-2016-0702 at SUSECVE-2016-0702 at NVDCVE-2016-0705 at SUSECVE-2016-0705 at NVDCVE-2016-0797 at SUSECVE-2016-0797 at NVDCVE-2016-0798 at SUSECVE-2016-0798 at NVDCVE-2016-0800 at SUSECVE-2016-0800 at NVDCVE-2016-2105 at SUSECVE-2016-2105 at NVDCVE-2016-2106 at SUSECVE-2016-2106 at NVDCVE-2016-2107 at SUSECVE-2016-2107 at NVDCVE-2016-2109 at SUSECVE-2016-2109 at NVDCVE-2016-2176 at SUSECVE-2016-2176 at NVDCVE-2016-2177 at SUSECVE-2016-2177 at NVDCVE-2016-2178 at SUSECVE-2016-2178 at NVDCVE-2016-2179 at SUSECVE-2016-2179 at NVDCVE-2016-2180 at SUSECVE-2016-2180 at NVDCVE-2016-2181 at SUSECVE-2016-2181 at NVDCVE-2016-2182 at SUSECVE-2016-2182 at NVDCVE-2016-2183 at SUSECVE-2016-2183 at NVDCVE-2016-6302 at SUSECVE-2016-6302 at NVDCVE-2016-6303 at SUSECVE-2016-6303 at NVDCVE-2016-6304 at SUSECVE-2016-6304 at NVDCVE-2016-6306 at SUSECVE-2016-6306 at NVDCVE-2016-7052 at SUSECVE-2016-7052 at NVDCVE-2016-7055 at SUSECVE-2016-7055 at NVDCVE-2016-7056 at SUSECVE-2016-7056 at NVDCVE-2017-3731 at SUSECVE-2017-3731 at NVDCVE-2017-3732 at SUSECVE-2017-3732 at NVDcpe:/o:suse:sle-micro:5.4pam-1.3.0-150000.6.61.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the pam-1.3.0-150000.6.61.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2015-3238 at SUSECVE-2015-3238 at NVDCVE-2018-17953 at SUSECVE-2018-17953 at NVDcpe:/o:suse:sle-micro:5.4pam_u2f-1.2.0-150400.2.4 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the pam_u2f-1.2.0-150400.2.4 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2019-12209 at SUSECVE-2019-12209 at NVDCVE-2019-12210 at SUSECVE-2019-12210 at NVDCVE-2021-31924 at SUSECVE-2021-31924 at NVDcpe:/o:suse:sle-micro:5.4perl-5.26.1-150300.17.11.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the perl-5.26.1-150300.17.11.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2017-12837 at SUSECVE-2017-12837 at NVDCVE-2017-12883 at SUSECVE-2017-12883 at NVDCVE-2017-6512 at SUSECVE-2017-6512 at NVDCVE-2018-12015 at SUSECVE-2018-12015 at NVDCVE-2018-18311 at SUSECVE-2018-18311 at NVDCVE-2018-18312 at SUSECVE-2018-18312 at NVDCVE-2018-18313 at SUSECVE-2018-18313 at NVDCVE-2018-18314 at SUSECVE-2018-18314 at NVDCVE-2020-10543 at SUSECVE-2020-10543 at NVDCVE-2020-10878 at SUSECVE-2020-10878 at NVDCVE-2020-12723 at SUSECVE-2020-12723 at NVDcpe:/o:suse:sle-micro:5.4perl-ExtUtils-MakeMaker-7.62-150400.1.5 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the perl-ExtUtils-MakeMaker-7.62-150400.1.5 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2016-1238 at SUSECVE-2016-1238 at NVDcpe:/o:suse:sle-micro:5.4permissions-20201225-150400.5.16.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the permissions-20201225-150400.5.16.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2019-3687 at SUSECVE-2019-3687 at NVDCVE-2019-3688 at SUSECVE-2019-3688 at NVDCVE-2019-3690 at SUSECVE-2019-3690 at NVDCVE-2020-8013 at SUSECVE-2020-8013 at NVDCVE-2020-8025 at SUSECVE-2020-8025 at NVDCVE-2022-31252 at SUSECVE-2022-31252 at NVDcpe:/o:suse:sle-micro:5.4podman-4.3.1-150400.4.11.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the podman-4.3.1-150400.4.11.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2018-10856 at SUSECVE-2018-10856 at NVDCVE-2019-10152 at SUSECVE-2019-10152 at NVDCVE-2019-10214 at SUSECVE-2019-10214 at NVDCVE-2020-14370 at SUSECVE-2020-14370 at NVDCVE-2020-1726 at SUSECVE-2020-1726 at NVDCVE-2021-20199 at SUSECVE-2021-20199 at NVDCVE-2021-20206 at SUSECVE-2021-20206 at NVDCVE-2021-4024 at SUSECVE-2021-4024 at NVDCVE-2021-41190 at SUSECVE-2021-41190 at NVDCVE-2022-1227 at SUSECVE-2022-1227 at NVDCVE-2022-21698 at SUSECVE-2022-21698 at NVDCVE-2022-27191 at SUSECVE-2022-27191 at NVDCVE-2022-27649 at SUSECVE-2022-27649 at NVDCVE-2022-2989 at SUSECVE-2022-2989 at NVDcpe:/o:suse:sle-micro:5.4policycoreutils-3.4-150400.1.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the policycoreutils-3.4-150400.1.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2016-7545 at SUSECVE-2016-7545 at NVDCVE-2018-1063 at SUSECVE-2018-1063 at NVDcpe:/o:suse:sle-micro:5.4powerpc-utils-1.3.10-150400.19.9.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the powerpc-utils-1.3.10-150400.19.9.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2014-4040 at SUSECVE-2014-4040 at NVDcpe:/o:suse:sle-micro:5.4ppp-2.4.7-150000.5.8.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the ppp-2.4.7-150000.5.8.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2015-3310 at SUSECVE-2015-3310 at NVDCVE-2020-8597 at SUSECVE-2020-8597 at NVDcpe:/o:suse:sle-micro:5.4procmail-3.22-2.34 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the procmail-3.22-2.34 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2014-3618 at SUSECVE-2014-3618 at NVDCVE-2017-16844 at SUSECVE-2017-16844 at NVDcpe:/o:suse:sle-micro:5.4python3-Babel-2.8.0-3.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the python3-Babel-2.8.0-3.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2021-42771 at SUSECVE-2021-42771 at NVDcpe:/o:suse:sle-micro:5.4python3-Jinja2-2.10.1-3.10.2 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the python3-Jinja2-2.10.1-3.10.2 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2016-10745 at SUSECVE-2016-10745 at NVDCVE-2019-10906 at SUSECVE-2019-10906 at NVDCVE-2019-8341 at SUSECVE-2019-8341 at NVDCVE-2020-28493 at SUSECVE-2020-28493 at NVDcpe:/o:suse:sle-micro:5.4python3-M2Crypto-0.38.0-150400.3.6.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the python3-M2Crypto-0.38.0-150400.3.6.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2020-25657 at SUSECVE-2020-25657 at NVDcpe:/o:suse:sle-micro:5.4python3-PyYAML-5.4.1-1.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the python3-PyYAML-5.4.1-1.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2017-18342 at SUSECVE-2017-18342 at NVDCVE-2020-14343 at SUSECVE-2020-14343 at NVDcpe:/o:suse:sle-micro:5.4python3-certifi-2018.1.18-150000.3.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the python3-certifi-2018.1.18-150000.3.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2022-23491 at SUSECVE-2022-23491 at NVDcpe:/o:suse:sle-micro:5.4python3-cryptography-3.3.2-150400.16.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the python3-cryptography-3.3.2-150400.16.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2020-25659 at SUSECVE-2020-25659 at NVDCVE-2020-36242 at SUSECVE-2020-36242 at NVDcpe:/o:suse:sle-micro:5.4python3-future-0.18.2-150300.3.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the python3-future-0.18.2-150300.3.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2022-40899 at SUSECVE-2022-40899 at NVDcpe:/o:suse:sle-micro:5.4python3-lxml-4.7.1-150200.3.10.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the python3-lxml-4.7.1-150200.3.10.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2018-19787 at SUSECVE-2018-19787 at NVDCVE-2020-27783 at SUSECVE-2020-27783 at NVDCVE-2021-28957 at SUSECVE-2021-28957 at NVDCVE-2021-43818 at SUSECVE-2021-43818 at NVDCVE-2022-2309 at SUSECVE-2022-2309 at NVDcpe:/o:suse:sle-micro:5.4python3-py-1.10.0-150100.5.12.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the python3-py-1.10.0-150100.5.12.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2020-29651 at SUSECVE-2020-29651 at NVDCVE-2022-42969 at SUSECVE-2022-42969 at NVDcpe:/o:suse:sle-micro:5.4python3-requests-2.24.0-1.24 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the python3-requests-2.24.0-1.24 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2015-2296 at SUSECVE-2015-2296 at NVDCVE-2018-18074 at SUSECVE-2018-18074 at NVDcpe:/o:suse:sle-micro:5.4python3-rsa-3.4.2-150000.3.7.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the python3-rsa-3.4.2-150000.3.7.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2020-13757 at SUSECVE-2020-13757 at NVDCVE-2020-25658 at SUSECVE-2020-25658 at NVDcpe:/o:suse:sle-micro:5.4python3-salt-3004-150400.8.20.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the python3-salt-3004-150400.8.20.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2016-1866 at SUSECVE-2016-1866 at NVDCVE-2016-9639 at SUSECVE-2016-9639 at NVDCVE-2017-12791 at SUSECVE-2017-12791 at NVDCVE-2017-14695 at SUSECVE-2017-14695 at NVDCVE-2017-14696 at SUSECVE-2017-14696 at NVDCVE-2018-15750 at SUSECVE-2018-15750 at NVDCVE-2018-15751 at SUSECVE-2018-15751 at NVDCVE-2019-17361 at SUSECVE-2019-17361 at NVDCVE-2019-18897 at SUSECVE-2019-18897 at NVDCVE-2020-11651 at SUSECVE-2020-11651 at NVDCVE-2020-11652 at SUSECVE-2020-11652 at NVDCVE-2020-16846 at SUSECVE-2020-16846 at NVDCVE-2020-17490 at SUSECVE-2020-17490 at NVDCVE-2020-25592 at SUSECVE-2020-25592 at NVDCVE-2020-28243 at SUSECVE-2020-28243 at NVDCVE-2020-28972 at SUSECVE-2020-28972 at NVDCVE-2020-35662 at SUSECVE-2020-35662 at NVDCVE-2021-21996 at SUSECVE-2021-21996 at NVDCVE-2021-25281 at SUSECVE-2021-25281 at NVDCVE-2021-25282 at SUSECVE-2021-25282 at NVDCVE-2021-25283 at SUSECVE-2021-25283 at NVDCVE-2021-25284 at SUSECVE-2021-25284 at NVDCVE-2021-25315 at SUSECVE-2021-25315 at NVDCVE-2021-3144 at SUSECVE-2021-3144 at NVDCVE-2021-3148 at SUSECVE-2021-3148 at NVDCVE-2021-31607 at SUSECVE-2021-31607 at NVDCVE-2021-3197 at SUSECVE-2021-3197 at NVDCVE-2022-22934 at SUSECVE-2022-22934 at NVDCVE-2022-22935 at SUSECVE-2022-22935 at NVDCVE-2022-22936 at SUSECVE-2022-22936 at NVDCVE-2022-22941 at SUSECVE-2022-22941 at NVDCVE-2022-22967 at SUSECVE-2022-22967 at NVDcpe:/o:suse:sle-micro:5.4python3-setuptools-44.1.1-150400.3.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the python3-setuptools-44.1.1-150400.3.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2019-20916 at SUSECVE-2019-20916 at NVDCVE-2022-40897 at SUSECVE-2022-40897 at NVDcpe:/o:suse:sle-micro:5.4python3-urllib3-1.25.10-4.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the python3-urllib3-1.25.10-4.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2016-9015 at SUSECVE-2016-9015 at NVDCVE-2018-20060 at SUSECVE-2018-20060 at NVDCVE-2019-11236 at SUSECVE-2019-11236 at NVDCVE-2019-11324 at SUSECVE-2019-11324 at NVDCVE-2019-9740 at SUSECVE-2019-9740 at NVDCVE-2020-26137 at SUSECVE-2020-26137 at NVDCVE-2021-33503 at SUSECVE-2021-33503 at NVDcpe:/o:suse:sle-micro:5.4qemu-6.2.0-150400.37.8.2 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the qemu-6.2.0-150400.37.8.2 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2014-0222 at SUSECVE-2014-0222 at NVDCVE-2014-0223 at SUSECVE-2014-0223 at NVDCVE-2014-3461 at SUSECVE-2014-3461 at NVDCVE-2014-3640 at SUSECVE-2014-3640 at NVDCVE-2014-7840 at SUSECVE-2014-7840 at NVDCVE-2014-8106 at SUSECVE-2014-8106 at NVDCVE-2015-1779 at SUSECVE-2015-1779 at NVDCVE-2015-3209 at SUSECVE-2015-3209 at NVDCVE-2015-3456 at SUSECVE-2015-3456 at NVDCVE-2015-4037 at SUSECVE-2015-4037 at NVDCVE-2015-5154 at SUSECVE-2015-5154 at NVDCVE-2015-5225 at SUSECVE-2015-5225 at NVDCVE-2015-5278 at SUSECVE-2015-5278 at NVDCVE-2015-5279 at SUSECVE-2015-5279 at NVDCVE-2015-5745 at SUSECVE-2015-5745 at NVDCVE-2015-6815 at SUSECVE-2015-6815 at NVDCVE-2015-6855 at SUSECVE-2015-6855 at NVDCVE-2015-7295 at SUSECVE-2015-7295 at NVDCVE-2015-7512 at SUSECVE-2015-7512 at NVDCVE-2015-7549 at SUSECVE-2015-7549 at NVDCVE-2015-8345 at SUSECVE-2015-8345 at NVDCVE-2015-8504 at SUSECVE-2015-8504 at NVDCVE-2015-8558 at SUSECVE-2015-8558 at NVDCVE-2015-8567 at SUSECVE-2015-8567 at NVDCVE-2015-8568 at SUSECVE-2015-8568 at NVDCVE-2015-8613 at SUSECVE-2015-8613 at NVDCVE-2015-8619 at SUSECVE-2015-8619 at NVDCVE-2015-8743 at SUSECVE-2015-8743 at NVDCVE-2015-8744 at SUSECVE-2015-8744 at NVDCVE-2015-8745 at SUSECVE-2015-8745 at NVDCVE-2016-10028 at SUSECVE-2016-10028 at NVDCVE-2016-10155 at SUSECVE-2016-10155 at NVDCVE-2016-1568 at SUSECVE-2016-1568 at NVDCVE-2016-1714 at SUSECVE-2016-1714 at NVDCVE-2016-1922 at SUSECVE-2016-1922 at NVDCVE-2016-1981 at SUSECVE-2016-1981 at NVDCVE-2016-2198 at SUSECVE-2016-2198 at NVDCVE-2016-3710 at SUSECVE-2016-3710 at NVDCVE-2016-3712 at SUSECVE-2016-3712 at NVDCVE-2016-4002 at SUSECVE-2016-4002 at NVDCVE-2016-4020 at SUSECVE-2016-4020 at NVDCVE-2016-4439 at SUSECVE-2016-4439 at NVDCVE-2016-4441 at SUSECVE-2016-4441 at NVDCVE-2016-4453 at SUSECVE-2016-4453 at NVDCVE-2016-4454 at SUSECVE-2016-4454 at NVDCVE-2016-4952 at SUSECVE-2016-4952 at NVDCVE-2016-4964 at SUSECVE-2016-4964 at NVDCVE-2016-5105 at SUSECVE-2016-5105 at NVDCVE-2016-5106 at SUSECVE-2016-5106 at NVDCVE-2016-5107 at SUSECVE-2016-5107 at NVDCVE-2016-5126 at SUSECVE-2016-5126 at NVDCVE-2016-5238 at SUSECVE-2016-5238 at NVDCVE-2016-5337 at SUSECVE-2016-5337 at NVDCVE-2016-5338 at SUSECVE-2016-5338 at NVDCVE-2016-5403 at SUSECVE-2016-5403 at NVDCVE-2016-6351 at SUSECVE-2016-6351 at NVDCVE-2016-6490 at SUSECVE-2016-6490 at NVDCVE-2016-6833 at SUSECVE-2016-6833 at NVDCVE-2016-6836 at SUSECVE-2016-6836 at NVDCVE-2016-6888 at SUSECVE-2016-6888 at NVDCVE-2016-7116 at SUSECVE-2016-7116 at NVDCVE-2016-7155 at SUSECVE-2016-7155 at NVDCVE-2016-7156 at SUSECVE-2016-7156 at NVDCVE-2016-7157 at SUSECVE-2016-7157 at NVDCVE-2016-7161 at SUSECVE-2016-7161 at NVDCVE-2016-7170 at SUSECVE-2016-7170 at NVDCVE-2016-7421 at SUSECVE-2016-7421 at NVDCVE-2016-7422 at SUSECVE-2016-7422 at NVDCVE-2016-7423 at SUSECVE-2016-7423 at NVDCVE-2016-7466 at SUSECVE-2016-7466 at NVDCVE-2016-7907 at SUSECVE-2016-7907 at NVDCVE-2016-7908 at SUSECVE-2016-7908 at NVDCVE-2016-7909 at SUSECVE-2016-7909 at NVDCVE-2016-7994 at SUSECVE-2016-7994 at NVDCVE-2016-7995 at SUSECVE-2016-7995 at NVDCVE-2016-8576 at SUSECVE-2016-8576 at NVDCVE-2016-8577 at SUSECVE-2016-8577 at NVDCVE-2016-8578 at SUSECVE-2016-8578 at NVDCVE-2016-8667 at SUSECVE-2016-8667 at NVDCVE-2016-8668 at SUSECVE-2016-8668 at NVDCVE-2016-8669 at SUSECVE-2016-8669 at NVDCVE-2016-8909 at SUSECVE-2016-8909 at NVDCVE-2016-8910 at SUSECVE-2016-8910 at NVDCVE-2016-9101 at SUSECVE-2016-9101 at NVDCVE-2016-9102 at SUSECVE-2016-9102 at NVDCVE-2016-9103 at SUSECVE-2016-9103 at NVDCVE-2016-9104 at SUSECVE-2016-9104 at NVDCVE-2016-9105 at SUSECVE-2016-9105 at NVDCVE-2016-9106 at SUSECVE-2016-9106 at NVDCVE-2016-9381 at SUSECVE-2016-9381 at NVDCVE-2016-9602 at SUSECVE-2016-9602 at NVDCVE-2016-9776 at SUSECVE-2016-9776 at NVDCVE-2016-9845 at SUSECVE-2016-9845 at NVDCVE-2016-9846 at SUSECVE-2016-9846 at NVDCVE-2016-9907 at SUSECVE-2016-9907 at NVDCVE-2016-9908 at SUSECVE-2016-9908 at NVDCVE-2016-9911 at SUSECVE-2016-9911 at NVDCVE-2016-9912 at SUSECVE-2016-9912 at NVDCVE-2016-9913 at SUSECVE-2016-9913 at NVDCVE-2016-9921 at SUSECVE-2016-9921 at NVDCVE-2016-9922 at SUSECVE-2016-9922 at NVDCVE-2016-9923 at SUSECVE-2016-9923 at NVDCVE-2017-10664 at SUSECVE-2017-10664 at NVDCVE-2017-10806 at SUSECVE-2017-10806 at NVDCVE-2017-11334 at SUSECVE-2017-11334 at NVDCVE-2017-11434 at SUSECVE-2017-11434 at NVDCVE-2017-13672 at SUSECVE-2017-13672 at NVDCVE-2017-13673 at SUSECVE-2017-13673 at NVDCVE-2017-13711 at SUSECVE-2017-13711 at NVDCVE-2017-14167 at SUSECVE-2017-14167 at NVDCVE-2017-15038 at SUSECVE-2017-15038 at NVDCVE-2017-15118 at SUSECVE-2017-15118 at NVDCVE-2017-15119 at SUSECVE-2017-15119 at NVDCVE-2017-15268 at SUSECVE-2017-15268 at NVDCVE-2017-15289 at SUSECVE-2017-15289 at NVDCVE-2017-2615 at SUSECVE-2017-2615 at NVDCVE-2017-2620 at SUSECVE-2017-2620 at NVDCVE-2017-2630 at SUSECVE-2017-2630 at NVDCVE-2017-2633 at SUSECVE-2017-2633 at NVDCVE-2017-5525 at SUSECVE-2017-5525 at NVDCVE-2017-5526 at SUSECVE-2017-5526 at NVDCVE-2017-5552 at SUSECVE-2017-5552 at NVDCVE-2017-5578 at SUSECVE-2017-5578 at NVDCVE-2017-5579 at SUSECVE-2017-5579 at NVDCVE-2017-5667 at SUSECVE-2017-5667 at NVDCVE-2017-5715 at SUSECVE-2017-5715 at NVDCVE-2017-5856 at SUSECVE-2017-5856 at NVDCVE-2017-5857 at SUSECVE-2017-5857 at NVDCVE-2017-5898 at SUSECVE-2017-5898 at NVDCVE-2017-5931 at SUSECVE-2017-5931 at NVDCVE-2017-5973 at SUSECVE-2017-5973 at NVDCVE-2017-5987 at SUSECVE-2017-5987 at NVDCVE-2017-6058 at SUSECVE-2017-6058 at NVDCVE-2017-6505 at SUSECVE-2017-6505 at NVDCVE-2017-7471 at SUSECVE-2017-7471 at NVDCVE-2017-7493 at SUSECVE-2017-7493 at NVDCVE-2017-8112 at SUSECVE-2017-8112 at NVDCVE-2017-8309 at SUSECVE-2017-8309 at NVDCVE-2017-8379 at SUSECVE-2017-8379 at NVDCVE-2017-8380 at SUSECVE-2017-8380 at NVDCVE-2017-9503 at SUSECVE-2017-9503 at NVDCVE-2017-9524 at SUSECVE-2017-9524 at NVDCVE-2018-10839 at SUSECVE-2018-10839 at NVDCVE-2018-11806 at SUSECVE-2018-11806 at NVDCVE-2018-12126 at SUSECVE-2018-12126 at NVDCVE-2018-12127 at SUSECVE-2018-12127 at NVDCVE-2018-12130 at SUSECVE-2018-12130 at NVDCVE-2018-12207 at SUSECVE-2018-12207 at NVDCVE-2018-12617 at SUSECVE-2018-12617 at NVDCVE-2018-15746 at SUSECVE-2018-15746 at NVDCVE-2018-16847 at SUSECVE-2018-16847 at NVDCVE-2018-16872 at SUSECVE-2018-16872 at NVDCVE-2018-17958 at SUSECVE-2018-17958 at NVDCVE-2018-17962 at SUSECVE-2018-17962 at NVDCVE-2018-17963 at SUSECVE-2018-17963 at NVDCVE-2018-18849 at SUSECVE-2018-18849 at NVDCVE-2018-20123 at SUSECVE-2018-20123 at NVDCVE-2018-20124 at SUSECVE-2018-20124 at NVDCVE-2018-20125 at SUSECVE-2018-20125 at NVDCVE-2018-20126 at SUSECVE-2018-20126 at NVDCVE-2018-20191 at SUSECVE-2018-20191 at NVDCVE-2018-20216 at SUSECVE-2018-20216 at NVDCVE-2018-20815 at SUSECVE-2018-20815 at NVDCVE-2018-3639 at SUSECVE-2018-3639 at NVDCVE-2018-7550 at SUSECVE-2018-7550 at NVDCVE-2018-7858 at SUSECVE-2018-7858 at NVDCVE-2019-11091 at SUSECVE-2019-11091 at NVDCVE-2019-11135 at SUSECVE-2019-11135 at NVDCVE-2019-12068 at SUSECVE-2019-12068 at NVDCVE-2019-12155 at SUSECVE-2019-12155 at NVDCVE-2019-13164 at SUSECVE-2019-13164 at NVDCVE-2019-14378 at SUSECVE-2019-14378 at NVDCVE-2019-15890 at SUSECVE-2019-15890 at NVDCVE-2019-5008 at SUSECVE-2019-5008 at NVDCVE-2019-6778 at SUSECVE-2019-6778 at NVDCVE-2019-8934 at SUSECVE-2019-8934 at NVDCVE-2019-9824 at SUSECVE-2019-9824 at NVDCVE-2020-10702 at SUSECVE-2020-10702 at NVDCVE-2020-10717 at SUSECVE-2020-10717 at NVDCVE-2020-10761 at SUSECVE-2020-10761 at NVDCVE-2020-11102 at SUSECVE-2020-11102 at NVDCVE-2020-11869 at SUSECVE-2020-11869 at NVDCVE-2020-13361 at SUSECVE-2020-13361 at NVDCVE-2020-13362 at SUSECVE-2020-13362 at NVDCVE-2020-13659 at SUSECVE-2020-13659 at NVDCVE-2020-13800 at SUSECVE-2020-13800 at NVDCVE-2020-14364 at SUSECVE-2020-14364 at NVDCVE-2020-15863 at SUSECVE-2020-15863 at NVDCVE-2020-16092 at SUSECVE-2020-16092 at NVDCVE-2020-1711 at SUSECVE-2020-1711 at NVDCVE-2020-17380 at SUSECVE-2020-17380 at NVDCVE-2020-1983 at SUSECVE-2020-1983 at NVDCVE-2020-24352 at SUSECVE-2020-24352 at NVDCVE-2020-25085 at SUSECVE-2020-25085 at NVDCVE-2020-25707 at SUSECVE-2020-25707 at NVDCVE-2020-25723 at SUSECVE-2020-25723 at NVDCVE-2020-27821 at SUSECVE-2020-27821 at NVDCVE-2020-29129 at SUSECVE-2020-29129 at NVDCVE-2020-29130 at SUSECVE-2020-29130 at NVDCVE-2020-35503 at SUSECVE-2020-35503 at NVDCVE-2020-7039 at SUSECVE-2020-7039 at NVDCVE-2020-8608 at SUSECVE-2020-8608 at NVDCVE-2021-20181 at SUSECVE-2021-20181 at NVDCVE-2021-20203 at SUSECVE-2021-20203 at NVDCVE-2021-20221 at SUSECVE-2021-20221 at NVDCVE-2021-20257 at SUSECVE-2021-20257 at NVDCVE-2021-20263 at SUSECVE-2021-20263 at NVDCVE-2021-3409 at SUSECVE-2021-3409 at NVDCVE-2021-3416 at SUSECVE-2021-3416 at NVDCVE-2021-3419 at SUSECVE-2021-3419 at NVDCVE-2021-3527 at SUSECVE-2021-3527 at NVDCVE-2021-3544 at SUSECVE-2021-3544 at NVDCVE-2021-3545 at SUSECVE-2021-3545 at NVDCVE-2021-3546 at SUSECVE-2021-3546 at NVDCVE-2021-3582 at SUSECVE-2021-3582 at NVDCVE-2021-3607 at SUSECVE-2021-3607 at NVDCVE-2021-3608 at SUSECVE-2021-3608 at NVDCVE-2021-3682 at SUSECVE-2021-3682 at NVDCVE-2021-3713 at SUSECVE-2021-3713 at NVDCVE-2021-3748 at SUSECVE-2021-3748 at NVDCVE-2021-3929 at SUSECVE-2021-3929 at NVDCVE-2021-4158 at SUSECVE-2021-4158 at NVDCVE-2021-4206 at SUSECVE-2021-4206 at NVDCVE-2021-4207 at SUSECVE-2021-4207 at NVDCVE-2022-0216 at SUSECVE-2022-0216 at NVDCVE-2022-0358 at SUSECVE-2022-0358 at NVDCVE-2022-26353 at SUSECVE-2022-26353 at NVDCVE-2022-26354 at SUSECVE-2022-26354 at NVDCVE-2022-35414 at SUSECVE-2022-35414 at NVDcpe:/o:suse:sle-micro:5.4qemu-ovmf-x86_64-202202-150400.5.5.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the qemu-ovmf-x86_64-202202-150400.5.5.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2017-5731 at SUSECVE-2017-5731 at NVDCVE-2017-5732 at SUSECVE-2017-5732 at NVDCVE-2017-5733 at SUSECVE-2017-5733 at NVDCVE-2017-5734 at SUSECVE-2017-5734 at NVDCVE-2017-5735 at SUSECVE-2017-5735 at NVDCVE-2018-0739 at SUSECVE-2018-0739 at NVDCVE-2018-12178 at SUSECVE-2018-12178 at NVDCVE-2018-12180 at SUSECVE-2018-12180 at NVDCVE-2018-12181 at SUSECVE-2018-12181 at NVDCVE-2018-3613 at SUSECVE-2018-3613 at NVDCVE-2018-3630 at SUSECVE-2018-3630 at NVDCVE-2019-0160 at SUSECVE-2019-0160 at NVDCVE-2019-0161 at SUSECVE-2019-0161 at NVDCVE-2019-14553 at SUSECVE-2019-14553 at NVDCVE-2019-14558 at SUSECVE-2019-14558 at NVDCVE-2019-14559 at SUSECVE-2019-14559 at NVDCVE-2019-14562 at SUSECVE-2019-14562 at NVDCVE-2019-14563 at SUSECVE-2019-14563 at NVDCVE-2019-14575 at SUSECVE-2019-14575 at NVDCVE-2019-14584 at SUSECVE-2019-14584 at NVDCVE-2019-14586 at SUSECVE-2019-14586 at NVDCVE-2019-14587 at SUSECVE-2019-14587 at NVDCVE-2021-28210 at SUSECVE-2021-28210 at NVDCVE-2021-28211 at SUSECVE-2021-28211 at NVDcpe:/o:suse:sle-micro:5.4rpcbind-0.2.3-5.9.2 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the rpcbind-0.2.3-5.9.2 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2015-7236 at SUSECVE-2015-7236 at NVDCVE-2017-8779 at SUSECVE-2017-8779 at NVDcpe:/o:suse:sle-micro:5.4rpm-4.14.3-150300.52.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the rpm-4.14.3-150300.52.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2017-7500 at SUSECVE-2017-7500 at NVDCVE-2021-20266 at SUSECVE-2021-20266 at NVDCVE-2021-20271 at SUSECVE-2021-20271 at NVDCVE-2021-3421 at SUSECVE-2021-3421 at NVDcpe:/o:suse:sle-micro:5.4rsync-3.2.3-150400.3.8.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the rsync-3.2.3-150400.3.8.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2014-8242 at SUSECVE-2014-8242 at NVDCVE-2014-9512 at SUSECVE-2014-9512 at NVDCVE-2017-16548 at SUSECVE-2017-16548 at NVDCVE-2018-5764 at SUSECVE-2018-5764 at NVDCVE-2020-14387 at SUSECVE-2020-14387 at NVDCVE-2022-29154 at SUSECVE-2022-29154 at NVDcpe:/o:suse:sle-micro:5.4runc-1.1.4-150000.36.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the runc-1.1.4-150000.36.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2016-9962 at SUSECVE-2016-9962 at NVDCVE-2018-16873 at SUSECVE-2018-16873 at NVDCVE-2018-16874 at SUSECVE-2018-16874 at NVDCVE-2018-16875 at SUSECVE-2018-16875 at NVDCVE-2019-16884 at SUSECVE-2019-16884 at NVDCVE-2019-19921 at SUSECVE-2019-19921 at NVDCVE-2019-5736 at SUSECVE-2019-5736 at NVDCVE-2021-30465 at SUSECVE-2021-30465 at NVDCVE-2021-43784 at SUSECVE-2021-43784 at NVDCVE-2022-29162 at SUSECVE-2022-29162 at NVDcpe:/o:suse:sle-micro:5.4samba-client-libs-4.15.13+git.591.ab36624310c-150400.3.19.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the samba-client-libs-4.15.13+git.591.ab36624310c-150400.3.19.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2014-8143 at SUSECVE-2014-8143 at NVDCVE-2015-0240 at SUSECVE-2015-0240 at NVDCVE-2015-3223 at SUSECVE-2015-3223 at NVDCVE-2015-5252 at SUSECVE-2015-5252 at NVDCVE-2015-5296 at SUSECVE-2015-5296 at NVDCVE-2015-5299 at SUSECVE-2015-5299 at NVDCVE-2015-5330 at SUSECVE-2015-5330 at NVDCVE-2015-5370 at SUSECVE-2015-5370 at NVDCVE-2015-7560 at SUSECVE-2015-7560 at NVDCVE-2015-8467 at SUSECVE-2015-8467 at NVDCVE-2015-8543 at SUSECVE-2015-8543 at NVDCVE-2016-0771 at SUSECVE-2016-0771 at NVDCVE-2016-2110 at SUSECVE-2016-2110 at NVDCVE-2016-2111 at SUSECVE-2016-2111 at NVDCVE-2016-2112 at SUSECVE-2016-2112 at NVDCVE-2016-2113 at SUSECVE-2016-2113 at NVDCVE-2016-2115 at SUSECVE-2016-2115 at NVDCVE-2016-2118 at SUSECVE-2016-2118 at NVDCVE-2016-2119 at SUSECVE-2016-2119 at NVDCVE-2016-2123 at SUSECVE-2016-2123 at NVDCVE-2016-2124 at SUSECVE-2016-2124 at NVDCVE-2016-2125 at SUSECVE-2016-2125 at NVDCVE-2016-2126 at SUSECVE-2016-2126 at NVDCVE-2017-11103 at SUSECVE-2017-11103 at NVDCVE-2017-12150 at SUSECVE-2017-12150 at NVDCVE-2017-12151 at SUSECVE-2017-12151 at NVDCVE-2017-12163 at SUSECVE-2017-12163 at NVDCVE-2017-14746 at SUSECVE-2017-14746 at NVDCVE-2017-15275 at SUSECVE-2017-15275 at NVDCVE-2017-2619 at SUSECVE-2017-2619 at NVDCVE-2017-7494 at SUSECVE-2017-7494 at NVDCVE-2018-1050 at SUSECVE-2018-1050 at NVDCVE-2018-1057 at SUSECVE-2018-1057 at NVDCVE-2018-10858 at SUSECVE-2018-10858 at NVDCVE-2018-10918 at SUSECVE-2018-10918 at NVDCVE-2018-10919 at SUSECVE-2018-10919 at NVDCVE-2018-1139 at SUSECVE-2018-1139 at NVDCVE-2018-1140 at SUSECVE-2018-1140 at NVDCVE-2018-14629 at SUSECVE-2018-14629 at NVDCVE-2018-16841 at SUSECVE-2018-16841 at NVDCVE-2018-16851 at SUSECVE-2018-16851 at NVDCVE-2018-16852 at SUSECVE-2018-16852 at NVDCVE-2018-16853 at SUSECVE-2018-16853 at NVDCVE-2018-16857 at SUSECVE-2018-16857 at NVDCVE-2018-16860 at SUSECVE-2018-16860 at NVDCVE-2019-10197 at SUSECVE-2019-10197 at NVDCVE-2019-10218 at SUSECVE-2019-10218 at NVDCVE-2019-12435 at SUSECVE-2019-12435 at NVDCVE-2019-12436 at SUSECVE-2019-12436 at NVDCVE-2019-14833 at SUSECVE-2019-14833 at NVDCVE-2019-14847 at SUSECVE-2019-14847 at NVDCVE-2019-14861 at SUSECVE-2019-14861 at NVDCVE-2019-14870 at SUSECVE-2019-14870 at NVDCVE-2019-14902 at SUSECVE-2019-14902 at NVDCVE-2019-14907 at SUSECVE-2019-14907 at NVDCVE-2019-19344 at SUSECVE-2019-19344 at NVDCVE-2019-3824 at SUSECVE-2019-3824 at NVDCVE-2019-3870 at SUSECVE-2019-3870 at NVDCVE-2019-3880 at SUSECVE-2019-3880 at NVDCVE-2020-10700 at SUSECVE-2020-10700 at NVDCVE-2020-10704 at SUSECVE-2020-10704 at NVDCVE-2020-10730 at SUSECVE-2020-10730 at NVDCVE-2020-10745 at SUSECVE-2020-10745 at NVDCVE-2020-10760 at SUSECVE-2020-10760 at NVDCVE-2020-14303 at SUSECVE-2020-14303 at NVDCVE-2020-14318 at SUSECVE-2020-14318 at NVDCVE-2020-14323 at SUSECVE-2020-14323 at NVDCVE-2020-14383 at SUSECVE-2020-14383 at NVDCVE-2020-1472 at SUSECVE-2020-1472 at NVDCVE-2020-17049 at SUSECVE-2020-17049 at NVDCVE-2020-25717 at SUSECVE-2020-25717 at NVDCVE-2020-25718 at SUSECVE-2020-25718 at NVDCVE-2020-25719 at SUSECVE-2020-25719 at NVDCVE-2020-25721 at SUSECVE-2020-25721 at NVDCVE-2020-25722 at SUSECVE-2020-25722 at NVDCVE-2020-27840 at SUSECVE-2020-27840 at NVDCVE-2021-20251 at SUSECVE-2021-20251 at NVDCVE-2021-20254 at SUSECVE-2021-20254 at NVDCVE-2021-20277 at SUSECVE-2021-20277 at NVDCVE-2021-23192 at SUSECVE-2021-23192 at NVDCVE-2021-3738 at SUSECVE-2021-3738 at NVDCVE-2021-44141 at SUSECVE-2021-44141 at NVDCVE-2021-44142 at SUSECVE-2021-44142 at NVDCVE-2022-0336 at SUSECVE-2022-0336 at NVDCVE-2022-1615 at SUSECVE-2022-1615 at NVDCVE-2022-2031 at SUSECVE-2022-2031 at NVDCVE-2022-32742 at SUSECVE-2022-32742 at NVDCVE-2022-32743 at SUSECVE-2022-32743 at NVDCVE-2022-32744 at SUSECVE-2022-32744 at NVDCVE-2022-32745 at SUSECVE-2022-32745 at NVDCVE-2022-32746 at SUSECVE-2022-32746 at NVDCVE-2022-3437 at SUSECVE-2022-3437 at NVDCVE-2022-37966 at SUSECVE-2022-37966 at NVDCVE-2022-37967 at SUSECVE-2022-37967 at NVDCVE-2022-38023 at SUSECVE-2022-38023 at NVDCVE-2022-42898 at SUSECVE-2022-42898 at NVDcpe:/o:suse:sle-micro:5.4shim-15.4-4.7.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the shim-15.4-4.7.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2014-3675 at SUSECVE-2014-3675 at NVDCVE-2014-3676 at SUSECVE-2014-3676 at NVDCVE-2014-3677 at SUSECVE-2014-3677 at NVDCVE-2019-14584 at SUSECVE-2019-14584 at NVDcpe:/o:suse:sle-micro:5.4slirp4netns-0.4.7-3.15.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the slirp4netns-0.4.7-3.15.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2019-6778 at SUSECVE-2019-6778 at NVDCVE-2020-10756 at SUSECVE-2020-10756 at NVDCVE-2020-1983 at SUSECVE-2020-1983 at NVDCVE-2020-29130 at SUSECVE-2020-29130 at NVDcpe:/o:suse:sle-micro:5.4socat-1.7.3.2-4.10 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the socat-1.7.3.2-4.10 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2013-3571 at SUSECVE-2013-3571 at NVDCVE-2014-0019 at SUSECVE-2014-0019 at NVDCVE-2015-4000 at SUSECVE-2015-4000 at NVDcpe:/o:suse:sle-micro:5.4squashfs-4.4-1.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the squashfs-4.4-1.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2015-4645 at SUSECVE-2015-4645 at NVDCVE-2015-4646 at SUSECVE-2015-4646 at NVDcpe:/o:suse:sle-micro:5.4sudo-1.9.9-150400.4.12.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the sudo-1.9.9-150400.4.12.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2014-9680 at SUSECVE-2014-9680 at NVDCVE-2016-7032 at SUSECVE-2016-7032 at NVDCVE-2016-7076 at SUSECVE-2016-7076 at NVDCVE-2017-1000367 at SUSECVE-2017-1000367 at NVDCVE-2017-1000368 at SUSECVE-2017-1000368 at NVDCVE-2019-14287 at SUSECVE-2019-14287 at NVDCVE-2019-18634 at SUSECVE-2019-18634 at NVDCVE-2021-23239 at SUSECVE-2021-23239 at NVDCVE-2021-23240 at SUSECVE-2021-23240 at NVDCVE-2021-3156 at SUSECVE-2021-3156 at NVDCVE-2022-43995 at SUSECVE-2022-43995 at NVDCVE-2023-22809 at SUSECVE-2023-22809 at NVDcpe:/o:suse:sle-micro:5.4supportutils-3.1.21-150300.7.35.15.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the supportutils-3.1.21-150300.7.35.15.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2018-19637 at SUSECVE-2018-19637 at NVDCVE-2018-19638 at SUSECVE-2018-19638 at NVDCVE-2018-19639 at SUSECVE-2018-19639 at NVDCVE-2018-19640 at SUSECVE-2018-19640 at NVDcpe:/o:suse:sle-micro:5.4swtpm-0.5.3-150300.3.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the swtpm-0.5.3-150300.3.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2020-28407 at SUSECVE-2020-28407 at NVDCVE-2022-23645 at SUSECVE-2022-23645 at NVDcpe:/o:suse:sle-micro:5.4sysstat-12.0.2-3.33.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the sysstat-12.0.2-3.33.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2018-19416 at SUSECVE-2018-19416 at NVDCVE-2018-19517 at SUSECVE-2018-19517 at NVDCVE-2019-16167 at SUSECVE-2019-16167 at NVDCVE-2019-19725 at SUSECVE-2019-19725 at NVDcpe:/o:suse:sle-micro:5.4tar-1.34-150000.3.31.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the tar-1.34-150000.3.31.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2016-6321 at SUSECVE-2016-6321 at NVDCVE-2018-20482 at SUSECVE-2018-20482 at NVDCVE-2019-9923 at SUSECVE-2019-9923 at NVDCVE-2021-20193 at SUSECVE-2021-20193 at NVDCVE-2022-48303 at SUSECVE-2022-48303 at NVDcpe:/o:suse:sle-micro:5.4tpm2.0-tools-5.2-150400.4.6 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the tpm2.0-tools-5.2-150400.4.6 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2017-7524 at SUSECVE-2017-7524 at NVDCVE-2021-3565 at SUSECVE-2021-3565 at NVDcpe:/o:suse:sle-micro:5.4trousers-0.3.15-150400.1.10 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the trousers-0.3.15-150400.1.10 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2019-18898 at SUSECVE-2019-18898 at NVDCVE-2020-24330 at SUSECVE-2020-24330 at NVDCVE-2020-24331 at SUSECVE-2020-24331 at NVDCVE-2020-24332 at SUSECVE-2020-24332 at NVDcpe:/o:suse:sle-micro:5.4u-boot-rpiarm64-2021.10-150400.4.11.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the u-boot-rpiarm64-2021.10-150400.4.11.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2018-18439 at SUSECVE-2018-18439 at NVDCVE-2018-18440 at SUSECVE-2018-18440 at NVDCVE-2020-10648 at SUSECVE-2020-10648 at NVDCVE-2020-8432 at SUSECVE-2020-8432 at NVDCVE-2022-30552 at SUSECVE-2022-30552 at NVDCVE-2022-30767 at SUSECVE-2022-30767 at NVDCVE-2022-30790 at SUSECVE-2022-30790 at NVDCVE-2022-33103 at SUSECVE-2022-33103 at NVDCVE-2022-33967 at SUSECVE-2022-33967 at NVDCVE-2022-34835 at SUSECVE-2022-34835 at NVDcpe:/o:suse:sle-micro:5.4ucode-intel-20230214-150200.21.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the ucode-intel-20230214-150200.21.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2017-5715 at SUSECVE-2017-5715 at NVDCVE-2018-12126 at SUSECVE-2018-12126 at NVDCVE-2018-12127 at SUSECVE-2018-12127 at NVDCVE-2018-12130 at SUSECVE-2018-12130 at NVDCVE-2018-3639 at SUSECVE-2018-3639 at NVDCVE-2018-3640 at SUSECVE-2018-3640 at NVDCVE-2019-11091 at SUSECVE-2019-11091 at NVDCVE-2019-11135 at SUSECVE-2019-11135 at NVDCVE-2019-11139 at SUSECVE-2019-11139 at NVDCVE-2020-0543 at SUSECVE-2020-0543 at NVDCVE-2020-0548 at SUSECVE-2020-0548 at NVDCVE-2020-0549 at SUSECVE-2020-0549 at NVDCVE-2020-24489 at SUSECVE-2020-24489 at NVDCVE-2020-24511 at SUSECVE-2020-24511 at NVDCVE-2020-24512 at SUSECVE-2020-24512 at NVDCVE-2020-24513 at SUSECVE-2020-24513 at NVDCVE-2020-8695 at SUSECVE-2020-8695 at NVDCVE-2020-8696 at SUSECVE-2020-8696 at NVDCVE-2020-8698 at SUSECVE-2020-8698 at NVDCVE-2021-0127 at SUSECVE-2021-0127 at NVDCVE-2021-0145 at SUSECVE-2021-0145 at NVDCVE-2021-0146 at SUSECVE-2021-0146 at NVDCVE-2021-33120 at SUSECVE-2021-33120 at NVDCVE-2022-21151 at SUSECVE-2022-21151 at NVDCVE-2022-21216 at SUSECVE-2022-21216 at NVDCVE-2022-21233 at SUSECVE-2022-21233 at NVDCVE-2022-33196 at SUSECVE-2022-33196 at NVDCVE-2022-38090 at SUSECVE-2022-38090 at NVDcpe:/o:suse:sle-micro:5.4update-alternatives-1.19.0.4-150000.4.4.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the update-alternatives-1.19.0.4-150000.4.4.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2015-0840 at SUSECVE-2015-0840 at NVDcpe:/o:suse:sle-micro:5.4vim-data-common-9.0.1234-150000.5.34.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the vim-data-common-9.0.1234-150000.5.34.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2009-0316 at SUSECVE-2009-0316 at NVDCVE-2017-1000382 at SUSECVE-2017-1000382 at NVDCVE-2017-17087 at SUSECVE-2017-17087 at NVDCVE-2017-5953 at SUSECVE-2017-5953 at NVDCVE-2017-6349 at SUSECVE-2017-6349 at NVDCVE-2017-6350 at SUSECVE-2017-6350 at NVDCVE-2019-12735 at SUSECVE-2019-12735 at NVDCVE-2019-20807 at SUSECVE-2019-20807 at NVDCVE-2021-3778 at SUSECVE-2021-3778 at NVDCVE-2021-3796 at SUSECVE-2021-3796 at NVDCVE-2021-3872 at SUSECVE-2021-3872 at NVDCVE-2021-3875 at SUSECVE-2021-3875 at NVDCVE-2021-3903 at SUSECVE-2021-3903 at NVDCVE-2021-3927 at SUSECVE-2021-3927 at NVDCVE-2021-3928 at SUSECVE-2021-3928 at NVDCVE-2021-3968 at SUSECVE-2021-3968 at NVDCVE-2021-3973 at SUSECVE-2021-3973 at NVDCVE-2021-3974 at SUSECVE-2021-3974 at NVDCVE-2021-3984 at SUSECVE-2021-3984 at NVDCVE-2021-4019 at SUSECVE-2021-4019 at NVDCVE-2021-4069 at SUSECVE-2021-4069 at NVDCVE-2021-4136 at SUSECVE-2021-4136 at NVDCVE-2021-4166 at SUSECVE-2021-4166 at NVDCVE-2021-4192 at SUSECVE-2021-4192 at NVDCVE-2021-4193 at SUSECVE-2021-4193 at NVDCVE-2021-46059 at SUSECVE-2021-46059 at NVDCVE-2022-0128 at SUSECVE-2022-0128 at NVDCVE-2022-0213 at SUSECVE-2022-0213 at NVDCVE-2022-0261 at SUSECVE-2022-0261 at NVDCVE-2022-0318 at SUSECVE-2022-0318 at NVDCVE-2022-0319 at SUSECVE-2022-0319 at NVDCVE-2022-0351 at SUSECVE-2022-0351 at NVDCVE-2022-0359 at SUSECVE-2022-0359 at NVDCVE-2022-0361 at SUSECVE-2022-0361 at NVDCVE-2022-0392 at SUSECVE-2022-0392 at NVDCVE-2022-0407 at SUSECVE-2022-0407 at NVDCVE-2022-0413 at SUSECVE-2022-0413 at NVDCVE-2022-0696 at SUSECVE-2022-0696 at NVDCVE-2022-1381 at SUSECVE-2022-1381 at NVDCVE-2022-1420 at SUSECVE-2022-1420 at NVDCVE-2022-1616 at SUSECVE-2022-1616 at NVDCVE-2022-1619 at SUSECVE-2022-1619 at NVDCVE-2022-1620 at SUSECVE-2022-1620 at NVDCVE-2022-1720 at SUSECVE-2022-1720 at NVDCVE-2022-1733 at SUSECVE-2022-1733 at NVDCVE-2022-1735 at SUSECVE-2022-1735 at NVDCVE-2022-1771 at SUSECVE-2022-1771 at NVDCVE-2022-1785 at SUSECVE-2022-1785 at NVDCVE-2022-1796 at SUSECVE-2022-1796 at NVDCVE-2022-1851 at SUSECVE-2022-1851 at NVDCVE-2022-1897 at SUSECVE-2022-1897 at NVDCVE-2022-1898 at SUSECVE-2022-1898 at NVDCVE-2022-1927 at SUSECVE-2022-1927 at NVDCVE-2022-1968 at SUSECVE-2022-1968 at NVDCVE-2022-2124 at SUSECVE-2022-2124 at NVDCVE-2022-2125 at SUSECVE-2022-2125 at NVDCVE-2022-2126 at SUSECVE-2022-2126 at NVDCVE-2022-2129 at SUSECVE-2022-2129 at NVDCVE-2022-2175 at SUSECVE-2022-2175 at NVDCVE-2022-2182 at SUSECVE-2022-2182 at NVDCVE-2022-2183 at SUSECVE-2022-2183 at NVDCVE-2022-2206 at SUSECVE-2022-2206 at NVDCVE-2022-2207 at SUSECVE-2022-2207 at NVDCVE-2022-2208 at SUSECVE-2022-2208 at NVDCVE-2022-2210 at SUSECVE-2022-2210 at NVDCVE-2022-2231 at SUSECVE-2022-2231 at NVDCVE-2022-2257 at SUSECVE-2022-2257 at NVDCVE-2022-2264 at SUSECVE-2022-2264 at NVDCVE-2022-2284 at SUSECVE-2022-2284 at NVDCVE-2022-2285 at SUSECVE-2022-2285 at NVDCVE-2022-2286 at SUSECVE-2022-2286 at NVDCVE-2022-2287 at SUSECVE-2022-2287 at NVDCVE-2022-2304 at SUSECVE-2022-2304 at NVDCVE-2022-2343 at SUSECVE-2022-2343 at NVDCVE-2022-2344 at SUSECVE-2022-2344 at NVDCVE-2022-2345 at SUSECVE-2022-2345 at NVDCVE-2022-2522 at SUSECVE-2022-2522 at NVDCVE-2022-2571 at SUSECVE-2022-2571 at NVDCVE-2022-2580 at SUSECVE-2022-2580 at NVDCVE-2022-2581 at SUSECVE-2022-2581 at NVDCVE-2022-2598 at SUSECVE-2022-2598 at NVDCVE-2022-2816 at SUSECVE-2022-2816 at NVDCVE-2022-2817 at SUSECVE-2022-2817 at NVDCVE-2022-2819 at SUSECVE-2022-2819 at NVDCVE-2022-2845 at SUSECVE-2022-2845 at NVDCVE-2022-2849 at SUSECVE-2022-2849 at NVDCVE-2022-2862 at SUSECVE-2022-2862 at NVDCVE-2022-2874 at SUSECVE-2022-2874 at NVDCVE-2022-2889 at SUSECVE-2022-2889 at NVDCVE-2022-2923 at SUSECVE-2022-2923 at NVDCVE-2022-2946 at SUSECVE-2022-2946 at NVDCVE-2022-2980 at SUSECVE-2022-2980 at NVDCVE-2022-2982 at SUSECVE-2022-2982 at NVDCVE-2022-3016 at SUSECVE-2022-3016 at NVDCVE-2022-3037 at SUSECVE-2022-3037 at NVDCVE-2022-3099 at SUSECVE-2022-3099 at NVDCVE-2022-3134 at SUSECVE-2022-3134 at NVDCVE-2022-3153 at SUSECVE-2022-3153 at NVDCVE-2022-3234 at SUSECVE-2022-3234 at NVDCVE-2022-3235 at SUSECVE-2022-3235 at NVDCVE-2022-3278 at SUSECVE-2022-3278 at NVDCVE-2022-3296 at SUSECVE-2022-3296 at NVDCVE-2022-3297 at SUSECVE-2022-3297 at NVDCVE-2022-3324 at SUSECVE-2022-3324 at NVDCVE-2022-3352 at SUSECVE-2022-3352 at NVDCVE-2022-3491 at SUSECVE-2022-3491 at NVDCVE-2022-3520 at SUSECVE-2022-3520 at NVDCVE-2022-3591 at SUSECVE-2022-3591 at NVDCVE-2022-3705 at SUSECVE-2022-3705 at NVDCVE-2022-4141 at SUSECVE-2022-4141 at NVDCVE-2022-4292 at SUSECVE-2022-4292 at NVDCVE-2022-4293 at SUSECVE-2022-4293 at NVDCVE-2023-0049 at SUSECVE-2023-0049 at NVDCVE-2023-0051 at SUSECVE-2023-0051 at NVDCVE-2023-0054 at SUSECVE-2023-0054 at NVDCVE-2023-0288 at SUSECVE-2023-0288 at NVDCVE-2023-0433 at SUSECVE-2023-0433 at NVDcpe:/o:suse:sle-micro:5.4virt-install-4.0.0-150400.3.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the virt-install-4.0.0-150400.3.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2019-10183 at SUSECVE-2019-10183 at NVDcpe:/o:suse:sle-micro:5.4wicked-0.6.70-150400.3.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the wicked-0.6.70-150400.3.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2019-18902 at SUSECVE-2019-18902 at NVDCVE-2019-18903 at SUSECVE-2019-18903 at NVDCVE-2020-7216 at SUSECVE-2020-7216 at NVDCVE-2020-7217 at SUSECVE-2020-7217 at NVDcpe:/o:suse:sle-micro:5.4wpa_supplicant-2.9-150000.4.36.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the wpa_supplicant-2.9-150000.4.36.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2014-3686 at SUSECVE-2014-3686 at NVDCVE-2015-1863 at SUSECVE-2015-1863 at NVDCVE-2015-4141 at SUSECVE-2015-4141 at NVDCVE-2015-4142 at SUSECVE-2015-4142 at NVDCVE-2015-4143 at SUSECVE-2015-4143 at NVDCVE-2015-4144 at SUSECVE-2015-4144 at NVDCVE-2015-4145 at SUSECVE-2015-4145 at NVDCVE-2015-4146 at SUSECVE-2015-4146 at NVDCVE-2015-5310 at SUSECVE-2015-5310 at NVDCVE-2015-5315 at SUSECVE-2015-5315 at NVDCVE-2015-5316 at SUSECVE-2015-5316 at NVDCVE-2015-8041 at SUSECVE-2015-8041 at NVDCVE-2016-4476 at SUSECVE-2016-4476 at NVDCVE-2016-4477 at SUSECVE-2016-4477 at NVDCVE-2017-13077 at SUSECVE-2017-13077 at NVDCVE-2017-13078 at SUSECVE-2017-13078 at NVDCVE-2017-13079 at SUSECVE-2017-13079 at NVDCVE-2017-13080 at SUSECVE-2017-13080 at NVDCVE-2017-13081 at SUSECVE-2017-13081 at NVDCVE-2017-13082 at SUSECVE-2017-13082 at NVDCVE-2017-13086 at SUSECVE-2017-13086 at NVDCVE-2017-13087 at SUSECVE-2017-13087 at NVDCVE-2017-13088 at SUSECVE-2017-13088 at NVDCVE-2018-14526 at SUSECVE-2018-14526 at NVDCVE-2019-11555 at SUSECVE-2019-11555 at NVDCVE-2019-13377 at SUSECVE-2019-13377 at NVDCVE-2019-16275 at SUSECVE-2019-16275 at NVDCVE-2019-9494 at SUSECVE-2019-9494 at NVDCVE-2019-9495 at SUSECVE-2019-9495 at NVDCVE-2019-9497 at SUSECVE-2019-9497 at NVDCVE-2019-9498 at SUSECVE-2019-9498 at NVDCVE-2019-9499 at SUSECVE-2019-9499 at NVDCVE-2021-0326 at SUSECVE-2021-0326 at NVDCVE-2021-27803 at SUSECVE-2021-27803 at NVDCVE-2021-30004 at SUSECVE-2021-30004 at NVDCVE-2022-23303 at SUSECVE-2022-23303 at NVDCVE-2022-23304 at SUSECVE-2022-23304 at NVDcpe:/o:suse:sle-micro:5.4xen-libs-4.16.3_02-150400.4.19.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the xen-libs-4.16.3_02-150400.4.19.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2013-3495 at SUSECVE-2013-3495 at NVDCVE-2013-4533 at SUSECVE-2013-4533 at NVDCVE-2013-4534 at SUSECVE-2013-4534 at NVDCVE-2013-4537 at SUSECVE-2013-4537 at NVDCVE-2013-4538 at SUSECVE-2013-4538 at NVDCVE-2013-4539 at SUSECVE-2013-4539 at NVDCVE-2013-4540 at SUSECVE-2013-4540 at NVDCVE-2014-0222 at SUSECVE-2014-0222 at NVDCVE-2014-3640 at SUSECVE-2014-3640 at NVDCVE-2014-3672 at SUSECVE-2014-3672 at NVDCVE-2014-7815 at SUSECVE-2014-7815 at NVDCVE-2015-1779 at SUSECVE-2015-1779 at NVDCVE-2015-3259 at SUSECVE-2015-3259 at NVDCVE-2015-3340 at SUSECVE-2015-3340 at NVDCVE-2015-3456 at SUSECVE-2015-3456 at NVDCVE-2015-4037 at SUSECVE-2015-4037 at NVDCVE-2015-4103 at SUSECVE-2015-4103 at NVDCVE-2015-4104 at SUSECVE-2015-4104 at NVDCVE-2015-4105 at SUSECVE-2015-4105 at NVDCVE-2015-4106 at SUSECVE-2015-4106 at NVDCVE-2015-5154 at SUSECVE-2015-5154 at NVDCVE-2015-5239 at SUSECVE-2015-5239 at NVDCVE-2015-5278 at SUSECVE-2015-5278 at NVDCVE-2015-5307 at SUSECVE-2015-5307 at NVDCVE-2015-6815 at SUSECVE-2015-6815 at NVDCVE-2015-6855 at SUSECVE-2015-6855 at NVDCVE-2015-7311 at SUSECVE-2015-7311 at NVDCVE-2015-7504 at SUSECVE-2015-7504 at NVDCVE-2015-7512 at SUSECVE-2015-7512 at NVDCVE-2015-7549 at SUSECVE-2015-7549 at NVDCVE-2015-7835 at SUSECVE-2015-7835 at NVDCVE-2015-7969 at SUSECVE-2015-7969 at NVDCVE-2015-7970 at SUSECVE-2015-7970 at NVDCVE-2015-7971 at SUSECVE-2015-7971 at NVDCVE-2015-7972 at SUSECVE-2015-7972 at NVDCVE-2015-8104 at SUSECVE-2015-8104 at NVDCVE-2015-8339 at SUSECVE-2015-8339 at NVDCVE-2015-8340 at SUSECVE-2015-8340 at NVDCVE-2015-8341 at SUSECVE-2015-8341 at NVDCVE-2015-8345 at SUSECVE-2015-8345 at NVDCVE-2015-8504 at SUSECVE-2015-8504 at NVDCVE-2015-8550 at SUSECVE-2015-8550 at NVDCVE-2015-8554 at SUSECVE-2015-8554 at NVDCVE-2015-8555 at SUSECVE-2015-8555 at NVDCVE-2015-8558 at SUSECVE-2015-8558 at NVDCVE-2015-8567 at SUSECVE-2015-8567 at NVDCVE-2015-8568 at SUSECVE-2015-8568 at NVDCVE-2015-8613 at SUSECVE-2015-8613 at NVDCVE-2015-8615 at SUSECVE-2015-8615 at NVDCVE-2015-8619 at SUSECVE-2015-8619 at NVDCVE-2015-8743 at SUSECVE-2015-8743 at NVDCVE-2015-8744 at SUSECVE-2015-8744 at NVDCVE-2015-8745 at SUSECVE-2015-8745 at NVDCVE-2016-10013 at SUSECVE-2016-10013 at NVDCVE-2016-10024 at SUSECVE-2016-10024 at NVDCVE-2016-10025 at SUSECVE-2016-10025 at NVDCVE-2016-1568 at SUSECVE-2016-1568 at NVDCVE-2016-1570 at SUSECVE-2016-1570 at NVDCVE-2016-1571 at SUSECVE-2016-1571 at NVDCVE-2016-1714 at SUSECVE-2016-1714 at NVDCVE-2016-1922 at SUSECVE-2016-1922 at NVDCVE-2016-1981 at SUSECVE-2016-1981 at NVDCVE-2016-2198 at SUSECVE-2016-2198 at NVDCVE-2016-2270 at SUSECVE-2016-2270 at NVDCVE-2016-2271 at SUSECVE-2016-2271 at NVDCVE-2016-2391 at SUSECVE-2016-2391 at NVDCVE-2016-2392 at SUSECVE-2016-2392 at NVDCVE-2016-2538 at SUSECVE-2016-2538 at NVDCVE-2016-2841 at SUSECVE-2016-2841 at NVDCVE-2016-4439 at SUSECVE-2016-4439 at NVDCVE-2016-4441 at SUSECVE-2016-4441 at NVDCVE-2016-5238 at SUSECVE-2016-5238 at NVDCVE-2016-5338 at SUSECVE-2016-5338 at NVDCVE-2016-6258 at SUSECVE-2016-6258 at NVDCVE-2016-6259 at SUSECVE-2016-6259 at NVDCVE-2016-6351 at SUSECVE-2016-6351 at NVDCVE-2016-7092 at SUSECVE-2016-7092 at NVDCVE-2016-7093 at SUSECVE-2016-7093 at NVDCVE-2016-7094 at SUSECVE-2016-7094 at NVDCVE-2016-7777 at SUSECVE-2016-7777 at NVDCVE-2016-7908 at SUSECVE-2016-7908 at NVDCVE-2016-7909 at SUSECVE-2016-7909 at NVDCVE-2016-8667 at SUSECVE-2016-8667 at NVDCVE-2016-8669 at SUSECVE-2016-8669 at NVDCVE-2016-8910 at SUSECVE-2016-8910 at NVDCVE-2016-9377 at SUSECVE-2016-9377 at NVDCVE-2016-9378 at SUSECVE-2016-9378 at NVDCVE-2016-9379 at SUSECVE-2016-9379 at NVDCVE-2016-9380 at SUSECVE-2016-9380 at NVDCVE-2016-9381 at SUSECVE-2016-9381 at NVDCVE-2016-9382 at SUSECVE-2016-9382 at NVDCVE-2016-9383 at SUSECVE-2016-9383 at NVDCVE-2016-9384 at SUSECVE-2016-9384 at NVDCVE-2016-9385 at SUSECVE-2016-9385 at NVDCVE-2016-9386 at SUSECVE-2016-9386 at NVDCVE-2016-9637 at SUSECVE-2016-9637 at NVDCVE-2016-9921 at SUSECVE-2016-9921 at NVDCVE-2016-9922 at SUSECVE-2016-9922 at NVDCVE-2016-9932 at SUSECVE-2016-9932 at NVDCVE-2017-12135 at SUSECVE-2017-12135 at NVDCVE-2017-12136 at SUSECVE-2017-12136 at NVDCVE-2017-12137 at SUSECVE-2017-12137 at NVDCVE-2017-2615 at SUSECVE-2017-2615 at NVDCVE-2017-2620 at SUSECVE-2017-2620 at NVDCVE-2017-5715 at SUSECVE-2017-5715 at NVDCVE-2017-5753 at SUSECVE-2017-5753 at NVDCVE-2017-5754 at SUSECVE-2017-5754 at NVDCVE-2017-6505 at SUSECVE-2017-6505 at NVDCVE-2017-8309 at SUSECVE-2017-8309 at NVDCVE-2017-9330 at SUSECVE-2017-9330 at NVDCVE-2018-10471 at SUSECVE-2018-10471 at NVDCVE-2018-10472 at SUSECVE-2018-10472 at NVDCVE-2018-10981 at SUSECVE-2018-10981 at NVDCVE-2018-10982 at SUSECVE-2018-10982 at NVDCVE-2018-12126 at SUSECVE-2018-12126 at NVDCVE-2018-12127 at SUSECVE-2018-12127 at NVDCVE-2018-12130 at SUSECVE-2018-12130 at NVDCVE-2018-12891 at SUSECVE-2018-12891 at NVDCVE-2018-12892 at SUSECVE-2018-12892 at NVDCVE-2018-12893 at SUSECVE-2018-12893 at NVDCVE-2018-15468 at SUSECVE-2018-15468 at NVDCVE-2018-15469 at SUSECVE-2018-15469 at NVDCVE-2018-15470 at SUSECVE-2018-15470 at NVDCVE-2018-18883 at SUSECVE-2018-18883 at NVDCVE-2018-19961 at SUSECVE-2018-19961 at NVDCVE-2018-19962 at SUSECVE-2018-19962 at NVDCVE-2018-19963 at SUSECVE-2018-19963 at NVDCVE-2018-19964 at SUSECVE-2018-19964 at NVDCVE-2018-19965 at SUSECVE-2018-19965 at NVDCVE-2018-19966 at SUSECVE-2018-19966 at NVDCVE-2018-19967 at SUSECVE-2018-19967 at NVDCVE-2018-3639 at SUSECVE-2018-3639 at NVDCVE-2018-3646 at SUSECVE-2018-3646 at NVDCVE-2018-3665 at SUSECVE-2018-3665 at NVDCVE-2018-5244 at SUSECVE-2018-5244 at NVDCVE-2018-7540 at SUSECVE-2018-7540 at NVDCVE-2018-7541 at SUSECVE-2018-7541 at NVDCVE-2018-7542 at SUSECVE-2018-7542 at NVDCVE-2018-8897 at SUSECVE-2018-8897 at NVDCVE-2019-11091 at SUSECVE-2019-11091 at NVDCVE-2019-17349 at SUSECVE-2019-17349 at NVDCVE-2020-0543 at SUSECVE-2020-0543 at NVDCVE-2020-11739 at SUSECVE-2020-11739 at NVDCVE-2020-11740 at SUSECVE-2020-11740 at NVDCVE-2020-11741 at SUSECVE-2020-11741 at NVDCVE-2020-11742 at SUSECVE-2020-11742 at NVDCVE-2020-11743 at SUSECVE-2020-11743 at NVDCVE-2020-15563 at SUSECVE-2020-15563 at NVDCVE-2020-15565 at SUSECVE-2020-15565 at NVDCVE-2020-15566 at SUSECVE-2020-15566 at NVDCVE-2020-15567 at SUSECVE-2020-15567 at NVDCVE-2020-25595 at SUSECVE-2020-25595 at NVDCVE-2020-25596 at SUSECVE-2020-25596 at NVDCVE-2020-25597 at SUSECVE-2020-25597 at NVDCVE-2020-25598 at SUSECVE-2020-25598 at NVDCVE-2020-25599 at SUSECVE-2020-25599 at NVDCVE-2020-25600 at SUSECVE-2020-25600 at NVDCVE-2020-25601 at SUSECVE-2020-25601 at NVDCVE-2020-25602 at SUSECVE-2020-25602 at NVDCVE-2020-25603 at SUSECVE-2020-25603 at NVDCVE-2020-25604 at SUSECVE-2020-25604 at NVDCVE-2020-27670 at SUSECVE-2020-27670 at NVDCVE-2020-27671 at SUSECVE-2020-27671 at NVDCVE-2020-27672 at SUSECVE-2020-27672 at NVDCVE-2020-27674 at SUSECVE-2020-27674 at NVDCVE-2020-28368 at SUSECVE-2020-28368 at NVDCVE-2020-29040 at SUSECVE-2020-29040 at NVDCVE-2020-29480 at SUSECVE-2020-29480 at NVDCVE-2020-29481 at SUSECVE-2020-29481 at NVDCVE-2020-29483 at SUSECVE-2020-29483 at NVDCVE-2020-29484 at SUSECVE-2020-29484 at NVDCVE-2020-29566 at SUSECVE-2020-29566 at NVDCVE-2020-29567 at SUSECVE-2020-29567 at NVDCVE-2020-29570 at SUSECVE-2020-29570 at NVDCVE-2020-29571 at SUSECVE-2020-29571 at NVDCVE-2021-0089 at SUSECVE-2021-0089 at NVDCVE-2021-26401 at SUSECVE-2021-26401 at NVDCVE-2021-28687 at SUSECVE-2021-28687 at NVDCVE-2021-28690 at SUSECVE-2021-28690 at NVDCVE-2021-28692 at SUSECVE-2021-28692 at NVDCVE-2021-28693 at SUSECVE-2021-28693 at NVDCVE-2021-28694 at SUSECVE-2021-28694 at NVDCVE-2021-28695 at SUSECVE-2021-28695 at NVDCVE-2021-28696 at SUSECVE-2021-28696 at NVDCVE-2021-28697 at SUSECVE-2021-28697 at NVDCVE-2021-28698 at SUSECVE-2021-28698 at NVDCVE-2021-28699 at SUSECVE-2021-28699 at NVDCVE-2021-28700 at SUSECVE-2021-28700 at NVDCVE-2021-28701 at SUSECVE-2021-28701 at NVDCVE-2022-0001 at SUSECVE-2022-0001 at NVDCVE-2022-0002 at SUSECVE-2022-0002 at NVDCVE-2022-21123 at SUSECVE-2022-21123 at NVDCVE-2022-21125 at SUSECVE-2022-21125 at NVDCVE-2022-21166 at SUSECVE-2022-21166 at NVDCVE-2022-23033 at SUSECVE-2022-23033 at NVDCVE-2022-23034 at SUSECVE-2022-23034 at NVDCVE-2022-23035 at SUSECVE-2022-23035 at NVDCVE-2022-23816 at SUSECVE-2022-23816 at NVDCVE-2022-23824 at SUSECVE-2022-23824 at NVDCVE-2022-23825 at SUSECVE-2022-23825 at NVDCVE-2022-26356 at SUSECVE-2022-26356 at NVDCVE-2022-26357 at SUSECVE-2022-26357 at NVDCVE-2022-26358 at SUSECVE-2022-26358 at NVDCVE-2022-26359 at SUSECVE-2022-26359 at NVDCVE-2022-26360 at SUSECVE-2022-26360 at NVDCVE-2022-26361 at SUSECVE-2022-26361 at NVDCVE-2022-26362 at SUSECVE-2022-26362 at NVDCVE-2022-26363 at SUSECVE-2022-26363 at NVDCVE-2022-26364 at SUSECVE-2022-26364 at NVDCVE-2022-29900 at SUSECVE-2022-29900 at NVDCVE-2022-33745 at SUSECVE-2022-33745 at NVDCVE-2022-33746 at SUSECVE-2022-33746 at NVDCVE-2022-33747 at SUSECVE-2022-33747 at NVDCVE-2022-33748 at SUSECVE-2022-33748 at NVDCVE-2022-42309 at SUSECVE-2022-42309 at NVDCVE-2022-42310 at SUSECVE-2022-42310 at NVDCVE-2022-42311 at SUSECVE-2022-42311 at NVDCVE-2022-42312 at SUSECVE-2022-42312 at NVDCVE-2022-42313 at SUSECVE-2022-42313 at NVDCVE-2022-42314 at SUSECVE-2022-42314 at NVDCVE-2022-42315 at SUSECVE-2022-42315 at NVDCVE-2022-42316 at SUSECVE-2022-42316 at NVDCVE-2022-42317 at SUSECVE-2022-42317 at NVDCVE-2022-42318 at SUSECVE-2022-42318 at NVDCVE-2022-42319 at SUSECVE-2022-42319 at NVDCVE-2022-42320 at SUSECVE-2022-42320 at NVDCVE-2022-42321 at SUSECVE-2022-42321 at NVDCVE-2022-42322 at SUSECVE-2022-42322 at NVDCVE-2022-42323 at SUSECVE-2022-42323 at NVDCVE-2022-42325 at SUSECVE-2022-42325 at NVDCVE-2022-42326 at SUSECVE-2022-42326 at NVDCVE-2022-42327 at SUSECVE-2022-42327 at NVDcpe:/o:suse:sle-micro:5.4zypper-1.14.57-150400.3.9.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the zypper-1.14.57-150400.3.9.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2017-7436 at SUSECVE-2017-7436 at NVDCVE-2017-9269 at SUSECVE-2017-9269 at NVDcpe:/o:suse:sle-micro:5.4Security update for ceph (Important)SUSE Linux Enterprise Micro 5.4
This update for ceph fixes the following issues:
Security issues fixed:
- CVE-2022-0670: Fixed user/tenant read/write access to an entire file system (bsc#1201837).
- CVE-2022-3650: Fixed Python script that allowed privilege escalation from ceph to root (bsc#1204430).
- CVE-2022-3854: Fixed possible DoS issue in ceph URL processing on RGW backends (bsc#1205025).
Bug fixes:
- osd, tools, kv: non-aggressive, on-line trimming of accumulated dups (bsc#1199183).
- ceph-volume: fix fast device alloc size on mulitple device (bsc#1200262).
- cephadm: update monitoring container images (bsc#1200501).
- mgr/dashboard: prevent alert redirect (bsc#1200978).
- mgr/volumes: Add subvolumegroup resize cmd (bsc#1201797).
- monitoring/ceph-mixin: add RGW host to label info (bsc#1201976).
- mgr/dashboard: enable addition of custom Prometheus alerts (bsc#1202077).
- python-common: Add 'KB' to supported suffixes in SizeMatcher (bsc#1203375).
- mgr/dashboard: fix rgw connect when using ssl (bsc#1205436).
- ceph.spec.in: Add -DFMT_DEPRECATED_OSTREAM to CXXFLAGS (bsc#1202292).
- cephfs-shell: move source to separate subdirectory (bsc#1201604).
Fix in previous release:
- mgr/cephadm: try to get FQDN for configuration files (bsc#1196046).
- When an RBD is mapped, it is attempted to be deployed as an OSD. (bsc#1187748).
- OSD marked down causes wrong backfill_toofull (bsc#1188911).
- cephadm: Fix iscsi client caps (allow mgr <service status> calls) (bsc#1192838).
- mgr/cephadm: fix and improve osd draining (bsc#1200317).
- add iscsi and nfs to upgrade process (bsc#1206158).
- mgr/mgr_module.py: CLICommand: Fix parsing of kwargs arguments (bsc#1192840).
ImportantSUSE bug 1187748SUSE bug 1188911SUSE bug 1192838SUSE bug 1192840SUSE bug 1196046SUSE bug 1199183SUSE bug 1200262SUSE bug 1200317SUSE bug 1200501SUSE bug 1200978SUSE bug 1201604SUSE bug 1201797SUSE bug 1201837SUSE bug 1201976SUSE bug 1202077SUSE bug 1202292SUSE bug 1203375SUSE bug 1204430SUSE bug 1205025SUSE bug 1205436SUSE bug 1206158CVE-2022-0670 at SUSECVE-2022-0670 at NVDCVE-2022-3650 at SUSECVE-2022-3650 at NVDCVE-2022-3854 at SUSECVE-2022-3854 at NVDcpe:/o:suse:sle-micro:5.4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.4
The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security and bugfixes.
- CVE-2022-3523: Fixed use after free related to device private page handling (bsc#1204363).
- CVE-2022-38096: Fixed NULL-ptr deref in vmw_cmd_dx_define_query() (bsc#1203331).
- CVE-2023-0461: Fixed use-after-free in icsk_ulp_data (bsc#1208787).
- CVE-2023-0597: Fixed lack of randomization of per-cpu entry area in x86/mm (bsc#1207845).
- CVE-2023-1075: Fixed a type confusion in tls_is_tx_ready (bsc#1208598).
- CVE-2023-1076: Fixed incorrect UID assigned to tun/tap sockets (bsc#1208599).
- CVE-2023-1078: Fixed a heap out-of-bounds write in rds_rm_zerocopy_callback (bsc#1208601).
- CVE-2023-1095: Fixed a NULL pointer dereference in nf_tables due to zeroed list head (bsc#1208777).
- CVE-2023-1118: Fixed a use-after-free bugs caused by ene_tx_irqsim() in media/rc (bsc#1208837).
- CVE-2023-22995: Fixed lacks of certain platform_device_put and kfree in drivers/usb/dwc3/dwc3-qcom.c (bsc#1208741).
- CVE-2023-22998: Fixed misinterpretation of the irtio_gpu_object_shmem_init() return value (bsc#1208776).
- CVE-2023-23000: Fixed return value of tegra_xusb_find_port_node function phy/tegra (bsc#1208816).
- CVE-2023-23004: Fixed misinterpretation of the get_sg_table return value in arm/malidp_planes.c (bsc#1208843).
- CVE-2023-23559: Fixed integer overflow in rndis_wlan that leads to a buffer overflow (bsc#1207051).
- CVE-2023-25012: Fixed a use-After-Free in bigben_set_led() in hid (bsc#1207560).
- CVE-2023-26545: Fixed double free in net/mpls/af_mpls.c upon an allocation failure (bsc#1208700).
- CVE-2023-28328: Fixed a denial of service issue in az6027 driver in drivers/media/usb/dev-usb/az6027.c (bsc#1209291).
The following non-security bugs were fixed:
- [xen] fix 'direction' argument of iov_iter_kvec() (git-fixes).
- acpi: Do not build ACPICA with '-Os' (git-fixes).
- acpi: NFIT: fix a potential deadlock during NFIT teardown (git-fixes).
- acpi: battery: Fix missing NUL-termination with large strings (git-fixes).
- acpi: resource: Add helper function acpi_dev_get_memory_resources() (git-fixes).
- acpi: video: Fix Lenovo Ideapad Z570 DMI match (git-fixes).
- acpica: Drop port I/O validation for some regions (git-fixes).
- acpica: nsrepair: handle cases without a return value correctly (git-fixes).
- alsa: hda/ca0132: minor fix for allocation size (git-fixes).
- alsa: hda/conexant: add a new hda codec SN6180 (git-fixes).
- alsa: hda/realtek - fixed wrong gpio assigned (git-fixes).
- alsa: hda/realtek: Add quirk for HP EliteDesk 800 G6 Tower PC (git-fixes).
- alsa: hda: Do not unset preset when cleaning up codec (git-fixes).
- alsa: hda: Match only Intel devices with CONTROLLER_IN_GPU() (git-fixes).
- alsa: ice1712: Delete unreachable code in aureon_add_controls() (git-fixes).
- alsa: ice1712: Do not left ice->gpio_mutex locked in aureon_add_controls() (git-fixes).
- applicom: Fix PCI device refcount leak in applicom_init() (git-fixes).
- arm64: Treat ESR_ELx as a 64-bit register (git-fixes)
- arm64: atomics: remove LL/SC trampolines (git-fixes)
- arm64: cacheinfo: Fix incorrect assignment of signed error value to (git-fixes)
- arm64: cmpxchg_double*: hazard against entire exchange variable (git-fixes)
- arm64: dts: amlogic: meson-axg: fix SCPI clock dvfs node name (git-fixes).
- arm64: dts: amlogic: meson-gx-libretech-pc: fix update button name (git-fixes).
- arm64: dts: amlogic: meson-gx: add missing SCPI sensors compatible (git-fixes).
- arm64: dts: amlogic: meson-gx: add missing unit address to rng node name (git-fixes).
- arm64: dts: amlogic: meson-gx: fix SCPI clock dvfs node name (git-fixes).
- arm64: dts: amlogic: meson-gxbb-kii-pro: fix led node name (git-fixes).
- arm64: dts: amlogic: meson-gxl-s905d-phicomm-n1: fix led node name (git-fixes).
- arm64: dts: amlogic: meson-gxl-s905d-sml5442tw: drop invalid clock-names property (git-fixes).
- arm64: dts: amlogic: meson-gxl: add missing unit address to eth-phy-mux node name (git-fixes).
- arm64: dts: amlogic: meson-sm1-bananapi-m5: fix adc keys node names (git-fixes).
- arm64: dts: amlogic: meson-sm1-odroid-hc4: fix active fan thermal trip (git-fixes).
- arm64: dts: arm: drop unused interrupt-names in MHU (git-fixes)
- arm64: dts: imx8m: Align SoC unique ID node unit address (git-fixes).
- arm64: dts: juno: Add missing MHU secure-irq (git-fixes)
- arm64: dts: mediatek: mt7622: Add missing pwm-cells to pwm node (git-fixes).
- arm64: dts: mediatek: mt8183: Fix systimer 13 MHz clock description (git-fixes).
- arm64: dts: meson-g12a: Fix internal Ethernet PHY unit name (git-fixes).
- arm64: dts: meson-gx: Fix Ethernet MAC address unit name (git-fixes).
- arm64: dts: meson-gx: Fix the SCPI DVFS node name and unit address (git-fixes).
- arm64: dts: meson: bananapi-m5: switch VDDIO_C pin to OPEN_DRAIN (git-fixes).
- arm64: dts: meson: remove CPU opps below 1GHz for G12A boards (git-fixes).
- arm64: dts: mt8192: Fix CPU map for single-cluster SoC (git-fixes).
- arm64: dts: qcom: Fix IPQ8074 PCIe PHY nodes (git-fixes).
- arm64: dts: qcom: ipq8074: correct Gen2 PCIe ranges (git-fixes).
- arm64: dts: qcom: ipq8074: correct PCIe QMP PHY output clock names (git-fixes).
- arm64: dts: qcom: ipq8074: correct USB3 QMP PHY-s clock output names (git-fixes).
- arm64: dts: qcom: ipq8074: fix Gen2 PCIe QMP PHY (git-fixes).
- arm64: dts: qcom: ipq8074: fix Gen3 PCIe QMP PHY (git-fixes).
- arm64: dts: qcom: ipq8074: fix Gen3 PCIe node (git-fixes).
- arm64: dts: qcom: ipq8074: fix PCIe PHY serdes size (git-fixes).
- arm64: dts: qcom: pmk8350: Specify PBS register for PON (git-fixes).
- arm64: dts: qcom: pmk8350: Use the correct PON compatible (git-fixes).
- arm64: dts: qcom: qcs404: use symbol names for PCIe resets (git-fixes).
- arm64: dts: qcom: sc7180: correct SPMI bus address cells (git-fixes).
- arm64: dts: qcom: sc7280: correct SPMI bus address cells (git-fixes).
- arm64: dts: qcom: sdm845-db845c: fix audio codec interrupt pin name (git-fixes).
- arm64: dts: qcom: sm8150-kumano: Panel framebuffer is 2.5k instead of 4k (git-fixes).
- arm64: dts: renesas: beacon-renesom: Fix gpio expander reference (git-fixes).
- arm64: dts: rockchip: drop unused LED mode property from rk3328-roc-cc (git-fixes).
- arm64: dts: ti: k3-j7200: Fix wakeup pinmux range (git-fixes).
- arm64: efi: Make efi_rt_lock a raw_spinlock (git-fixes).
- arm64: make is_ttbrX_addr() noinstr-safe (git-fixes)
- arm64: mm: kfence: only handle translation faults (git-fixes)
- arm: OMAP1: call platform_device_put() in error case in omap1_dm_timer_init() (git-fixes).
- arm: OMAP2+: Fix memory leak in realtime_counter_init() (git-fixes).
- arm: bcm2835_defconfig: Enable the framebuffer (git-fixes).
- arm: dts: am5748: keep usb4_tm disabled (git-fixes)
- arm: dts: exynos: Use Exynos5420 compatible for the MIPI video phy (git-fixes).
- arm: dts: exynos: correct HDMI phy compatible in Exynos4 (git-fixes).
- arm: dts: exynos: correct TMU phandle in Exynos4 (git-fixes).
- arm: dts: exynos: correct TMU phandle in Exynos4210 (git-fixes).
- arm: dts: exynos: correct TMU phandle in Exynos5250 (git-fixes).
- arm: dts: exynos: correct TMU phandle in Odroid HC1 (git-fixes).
- arm: dts: exynos: correct TMU phandle in Odroid XU (git-fixes).
- arm: dts: exynos: correct TMU phandle in Odroid XU3 family (git-fixes).
- arm: dts: exynos: correct wr-active property in Exynos3250 Rinato (git-fixes).
- arm: dts: imx7-colibri-eval-v3: correct can controller comment (git-fixes)
- arm: dts: imx7s: correct iomuxc gpr mux controller cells (git-fixes).
- arm: dts: qcom: msm8974: add required ranges to OCMEM (git-fixes)
- arm: dts: qcom: sdx55: Add Qcom SMMU-500 as the fallback for IOMMU node (git-fixes).
- arm: dts: rockchip: add power-domains property to dp node on rk3288 (git-fixes).
- arm: dts: spear320-hmi: correct STMPE GPIO compatible (git-fixes).
- arm: dts: stm32: add missing usbh clock and fix clk order on (git-fixes)
- arm: dts: stm32: use usbphyc ck_usbo_48m as USBH OHCI clock on (git-fixes)
- arm: dts: sun8i: nanopi-duo2: Fix regulator GPIO reference (git-fixes).
- arm: imx: Call ida_simple_remove() for ida_simple_get (git-fixes).
- arm: imx: rename DEBUG_IMX21_IMX27_UART to DEBUG_IMX27_UART (git-fixes)
- arm: omap: remove debug-leds driver (git-fixes)
- arm: remove some dead code (git-fixes)
- arm: renumber bits related to _TIF_WORK_MASK (git-fixes)
- arm: s3c: fix s3c64xx_set_timer_source prototype (git-fixes).
- arm: shmobile: rcar-gen2: Add missing of_node_put() (git-fixes)
- arm: zynq: Fix refcount leak in zynq_early_slcr_init (git-fixes).
- ascpi / x86: Add support for LPS0 callback handler (git-fixes).
- asoc: Intel: sof_cs42l42: always set dpcm_capture for amplifiers (git-fixes).
- asoc: Intel: sof_rt5682: always set dpcm_capture for amplifiers (git-fixes).
- asoc: adau7118: do not disable regulators on device unbind (git-fixes).
- asoc: codecs: Change bulk clock voting to optional voting in digital codecs (git-fixes).
- asoc: codecs: lpass: fix incorrect mclk rate (git-fixes).
- asoc: codecs: rx-macro: move clk provider to managed variants (git-fixes).
- asoc: codecs: rx-macro: move to individual clks from bulk (git-fixes).
- asoc: codecs: tx-macro: move clk provider to managed variants (git-fixes).
- asoc: codecs: tx-macro: move to individual clks from bulk (git-fixes).
- asoc: cs42l56: fix DT probe (git-fixes).
- asoc: dt-bindings: meson: fix gx-card codec node regex (git-fixes).
- asoc: fsl_sai: Update to modern clocking terminology (git-fixes).
- asoc: kirkwood: Iterate over array indexes instead of using pointer math (git-fixes).
- asoc: mchp-spdifrx: Fix uninitialized use of mr in mchp_spdifrx_hw_params() (git-fixes).
- asoc: mchp-spdifrx: disable all interrupts in mchp_spdifrx_dai_remove() (git-fixes).
- asoc: mchp-spdifrx: fix controls which rely on rsr register (git-fixes).
- asoc: rsnd: Remove unnecessary rsnd_dbg_dai_call() (git-fixes).
- asoc: rsnd: fixup #endif position (git-fixes).
- asoc: rt715-sdca: fix clock stop prepare timeout issue (git-fixes).
- asoc: soc-compress.c: fixup private_data on snd_soc_new_compress() (git-fixes).
- asoc: soc-compress: Reposition and add pcm_mutex (git-fixes).
- asoc: soc-dapm.h: fixup warning struct snd_pcm_substream not declared (git-fixes).
- asoc: tlv320adcx140: fix 'ti,gpio-config' DT property init (git-fixes).
- asoc: zl38060 add gpiolib dependency (git-fixes).
- asoc: zl38060: Remove spurious gpiolib select (git-fixes).
- ath9k: hif_usb: simplify if-if to if-else (git-fixes).
- ath9k: htc: clean up statistics macros (git-fixes).
- auxdisplay: hd44780: Fix potential memory leak in hd44780_remove() (git-fixes).
- avoid deadlock for recursive I/O on dm-thin when used as swap (bsc#1177529).
- backlight: backlight: Fix doc for backlight_device_get_by_name (git-fixes).
- block: bio-integrity: Copy flags when bio_integrity_payload is cloned (bsc#1208541).
- bluetooth: L2CAP: Fix potential user-after-free (git-fixes).
- bluetooth: btusb: Add VID:PID 13d3:3529 for Realtek RTL8821CE (git-fixes).
- bluetooth: hci_qca: get wakeup status from serdev device handle (git-fixes).
- bluetooth: hci_sock: purge socket queues in the destruct() callback (git-fixes).
- bpf, perf: Use subprog name when reporting subprog ksymbol (git fixes).
- bpf, x64: Factor out emission of REX byte in more cases (git-fixes).
- bpf: Fix extable address check (git-fixes).
- bpf: Fix extable fixup offset (git-fixes).
- ceph: update the time stamps and try to drop the suid/sgid (bsc#1209504).
- cifs: Check the lease context if we actually got a lease (bsc#1193629).
- cifs: Convert struct fealist away from 1-element array (bsc#1193629).
- cifs: Fix lost destroy smbd connection when MR allocate failed (git-fixes).
- cifs: Fix oops due to uncleared server->smbd_conn in reconnect (git-fixes).
- cifs: Fix uninitialized memory read in smb3_qfs_tcon() (bsc#1193629).
- cifs: Fix uninitialized memory reads for oparms.mode (bsc#1193629).
- cifs: Fix use-after-free in rdata->read_into_pages() (git-fixes).
- cifs: Fix warning and UAF when destroy the MR list (git-fixes).
- cifs: Get rid of unneeded conditional in the smb2_get_aead_req() (bsc#1193629).
- cifs: Replace remaining 1-element arrays (bsc#1193629).
- cifs: Replace zero-length arrays with flexible-array members (bsc#1193629).
- cifs: Use kstrtobool() instead of strtobool() (bsc#1193629).
- cifs: do not try to use rdma offload on encrypted connections (bsc#1193629).
- cifs: fix mount on old smb servers (boo#1206935).
- cifs: get rid of dns resolve worker (bsc#1193629).
- cifs: get rid of unneeded conditional in cifs_get_num_sgs() (bsc#1193629).
- cifs: improve checking of DFS links over STATUS_OBJECT_NAME_INVALID (git-fixes).
- cifs: introduce cifs_io_parms in smb2_async_writev() (bsc#1193629).
- cifs: match even the scope id for ipv6 addresses (bsc#1193629).
- cifs: prevent data race in cifs_reconnect_tcon() (bsc#1193629).
- cifs: prevent data race in smb2_reconnect() (bsc#1193629).
- cifs: print last update time for interface list (bsc#1193629).
- cifs: remove unneeded 2bytes of padding from smb2 tree connect (bsc#1193629).
- cifs: return a single-use cfid if we did not get a lease (bsc#1193629).
- cifs: reuse cifs_match_ipaddr for comparison of dstaddr too (bsc#1193629).
- cifs: split out smb3_use_rdma_offload() helper (bsc#1193629).
- cifs: update ip_addr for ses only for primary chan setup (bsc#1193629).
- cifs: use tcon allocation functions even for dummy tcon (git-fixes).
- cifs: use the least loaded channel for sending requests (bsc#1193629).
- clk: HI655X: select REGMAP instead of depending on it (git-fixes).
- clk: Honor CLK_OPS_PARENT_ENABLE in clk_core_is_enabled() (git-fixes).
- clk: imx: avoid memory leak (git-fixes).
- clk: mxl: Add option to override gate clks (git-fixes).
- clk: mxl: Fix a clk entry by adding relevant flags (git-fixes).
- clk: mxl: Remove redundant spinlocks (git-fixes).
- clk: mxl: Switch from direct readl/writel based IO to regmap based IO (git-fixes).
- clk: mxl: syscon_node_to_regmap() returns error pointers (git-fixes).
- clk: qcom: gcc-qcs404: disable gpll[04]_out_aux parents (git-fixes).
- clk: qcom: gcc-qcs404: fix names of the DSI clocks used as parents (git-fixes).
- clk: ralink: fix 'mt7621_gate_is_enabled()' function (git-fixes).
- clk: renesas: cpg-mssr: Fix use after free if cpg_mssr_common_init() failed (git-fixes).
- clk: renesas: cpg-mssr: Remove superfluous check in resume code (git-fixes).
- clocksource: Suspend the watchdog temporarily when high read latency detected (git-fixes).
- comedi: use menuconfig for main Comedi menu (git-fixes).
- crypto: arm64 - Fix unused variable compilation warnings of (git-fixes)
- crypto: ccp - Avoid page allocation failure warning for SEV_GET_ID2 (git-fixes).
- crypto: ccp - Failure on re-initialization due to duplicate sysfs filename (git-fixes).
- crypto: crypto4xx - Call dma_unmap_page when done (git-fixes).
- crypto: essiv - Handle EBUSY correctly (git-fixes).
- crypto: qat - fix out-of-bounds read (git-fixes).
- crypto: rsa-pkcs1pad - Use akcipher_request_complete (git-fixes).
- crypto: seqiv - Handle EBUSY correctly (git-fixes).
- crypto: x86/ghash - fix unaligned access in ghash_setkey() (git-fixes).
- crypto: xts - Handle EBUSY correctly (git-fixes).
- delete suse/drm-i915-Don-t-use-BAR-mappings-for-ring-buffers-wit Resulted in an Oops / hang at boot (bsc#1209436)
- dmaengine: dw-axi-dmac: Do not dereference NULL structure (git-fixes).
- dmaengine: dw-edma: Do not permit non-inc interleaved xfers (git-fixes).
- dmaengine: dw-edma: Drop chancnt initialization (git-fixes).
- dmaengine: dw-edma: Fix invalid interleaved xfers semantics (git-fixes).
- dmaengine: dw-edma: Fix missing src/dst address of interleaved xfers (git-fixes).
- dmaengine: dw-edma: Fix readq_ch() return value truncation (git-fixes).
- dmaengine: idxd: Set traffic class values in GRPCFG on DSA 2.0 (git-fixes).
- dmaengine: ptdma: check for null desc before calling pt_cmd_callback (git-fixes).
- dmaengine: sf-pdma: pdma_desc memory leak fix (git-fixes).
- do not sign the vanilla kernel (bsc#1209008).
- docs/scripts/gdb: add necessary make scripts_gdb step (git-fixes).
- docs: Correct missing 'd_' prefix for dentry_operations member d_weak_revalidate (git-fixes).
- docs: ftrace: fix a issue with duplicated subtitle number (git-fixes).
- docs: gdbmacros: print newest record (git-fixes).
- documentation/hw-vuln: Document the interaction between IBRS and STIBP (git-fixes).
- documentation: simplify and clarify DCO contribution example language (git-fixes).
- driver core: fix potential null-ptr-deref in device_add() (git-fixes).
- driver core: fix resource leak in device_add() (git-fixes).
- driver core: fw_devlink: Add DL_FLAG_CYCLE support to device links (git-fixes).
- drivers: base: transport_class: fix possible memory leak (git-fixes).
- drivers: base: transport_class: fix resource leak when transport_add_device() fails (git-fixes).
- drm/amd/display: Fix potential null-deref in dm_resume (git-fixes).
- drm/amd/display: Properly handle additional cases where DCN is not supported (git-fixes).
- drm/amd/display: reduce else-if to else in dcn10_blank_pixel_data() (git-fixes).
- drm/amdgpu: fix enum odm_combine_mode mismatch (git-fixes).
- drm/amdgpu: fix error checking in amdgpu_read_mm_registers for soc15 (git-fixes).
- drm/bridge: Fix returned array size name for atomic_get_input_bus_fmts kdoc (git-fixes).
- drm/bridge: lt8912b: Add hot plug detection (git-fixes).
- drm/bridge: lt9611: fix HPD reenablement (git-fixes).
- drm/bridge: lt9611: fix clock calculation (git-fixes).
- drm/bridge: lt9611: fix polarity programming (git-fixes).
- drm/bridge: lt9611: fix programming of video modes (git-fixes).
- drm/bridge: lt9611: fix sleep mode setup (git-fixes).
- drm/bridge: lt9611: pass a pointer to the of node (git-fixes).
- drm/bridge: megachips: Fix error handling in i2c_register_driver() (git-fixes).
- drm/connector: print max_requested_bpc in state debugfs (git-fixes).
- drm/edid: fix AVI infoframe aspect ratio handling (git-fixes).
- drm/fourcc: Add missing big-endian XRGB1555 and RGB565 formats (git-fixes).
- drm/hyperv : Removing the restruction of VRAM allocation with PCI bar size (git-fixes).
- drm/hyperv: Fix an error handling path in hyperv_vmbus_probe() (git-fixes).
- drm/i915/gen11: Moving WAs to icl_gt_workarounds_init() (git-fixes).
- drm/i915/gen11: Wa_1408615072/Wa_1407596294 should be on GT list (git-fixes).
- drm/i915/quirks: Add inverted backlight quirk for HP 14-r206nv (git-fixes).
- drm/i915: Do not use BAR mappings for ring buffers with LLC (git-fixes).
- drm/mediatek: Clean dangling pointer on bind error path (git-fixes).
- drm/mediatek: Drop unbalanced obj unref (git-fixes).
- drm/mediatek: Use NULL instead of 0 for NULL pointer (git-fixes).
- drm/mediatek: dsi: Reduce the time of dsi from LP11 to sending cmd (git-fixes).
- drm/mediatek: mtk_drm_crtc: Add checks for devm_kcalloc (git-fixes).
- drm/meson: fix 1px pink line on GXM when scaling video overlay (git-fixes).
- drm/mipi-dsi: Fix byte order of 16-bit DCS set/get brightness (git-fixes).
- drm/msm/a5xx: fix context faults during ring switch (git-fixes).
- drm/msm/a5xx: fix highest bank bit for a530 (git-fixes).
- drm/msm/a5xx: fix setting of the CP_PREEMPT_ENABLE_LOCAL register (git-fixes).
- drm/msm/a5xx: fix the emptyness check in the preempt code (git-fixes).
- drm/msm/adreno: Fix null ptr access in adreno_gpu_cleanup() (git-fixes).
- drm/msm/disp/dpu: fix sc7280_pp base offset (git-fixes).
- drm/msm/dpu: Add check for cstate (git-fixes).
- drm/msm/dpu: Add check for pstates (git-fixes).
- drm/msm/dpu: Disallow unallocated resources to be returned (git-fixes).
- drm/msm/dpu: drop stale comment from struct dpu_mdp_cfg doc (git-fixes).
- drm/msm/dpu: fix len of sc7180 ctl blocks (git-fixes).
- drm/msm/dpu: set pdpu->is_rt_pipe early in dpu_plane_sspp_atomic_update() (git-fixes).
- drm/msm/dsi: Add missing check for alloc_ordered_workqueue (git-fixes).
- drm/msm/gem: Add check for kmalloc (git-fixes).
- drm/msm/hdmi: Add missing check for alloc_ordered_workqueue (git-fixes).
- drm/msm/mdp5: Add check for kzalloc (git-fixes).
- drm/msm: Fix potential invalid ptr free (git-fixes).
- drm/msm: clean event_thread->worker in case of an error (git-fixes).
- drm/msm: use strscpy instead of strncpy (git-fixes).
- drm/nouveau/devinit/tu102-: wait for GFW_BOOT_PROGRESS == COMPLETED (git-fixes).
- drm/nouveau/kms/nv50-: remove unused functions (git-fixes).
- drm/nouveau/kms/nv50: fix nv50_wndw_new_ prototype (git-fixes).
- drm/omap: dsi: Fix excessive stack usage (git-fixes).
- drm/omapdrm: Remove unused struct csc_coef_rgb2yuv (git-fixes).
- drm/panfrost: Do not sync rpm suspension after mmu flushing (git-fixes).
- drm/radeon: Fix eDP for single-display iMac11,2 (git-fixes).
- drm/radeon: free iio for atombios when driver shutdown (git-fixes).
- drm/shmem-helper: Remove another errant put in error path (git-fixes).
- drm/sun4i: fix missing component unbind on bind errors (git-fixes).
- drm/tiny: ili9486: Do not assume 8-bit only SPI controllers (git-fixes).
- drm/vc4: dpi: Add option for inverting pixel clock and output enable (git-fixes).
- drm/vc4: dpi: Fix format mapping for RGB565 (git-fixes).
- drm/vc4: hdmi: Correct interlaced timings again (git-fixes).
- drm/vc4: hvs: Fix colour order for xRGB1555 on HVS5 (git-fixes).
- drm/vc4: hvs: Set AXI panic modes (git-fixes).
- drm/vc4: vec: Use pm_runtime_resume_and_get() in vc4_vec_encoder_enable() (git-fixes).
- drm/vkms: Fix memory leak in vkms_init() (git-fixes).
- drm/vkms: Fix null-ptr-deref in vkms_release() (git-fixes).
- drm: Fix potential null-ptr-deref due to drmm_mode_config_init() (git-fixes).
- drm: amd: display: Fix memory leakage (git-fixes).
- drm: mxsfb: DRM_MXSFB should depend on ARCH_MXS || ARCH_MXC (git-fixes).
- drm: panel-orientation-quirks: Add quirk for Lenovo IdeaPad Duet 3 10IGL5 (git-fixes).
- drm: tidss: Fix pixel format definition (git-fixes).
- dt-bindings: arm: fsl: Fix bindings for APF28Dev board (git-fixes).
- dt-bindings: hwlock: sun6i: Add missing #hwlock-cells (git-fixes).
- dt-bindings: input: iqs626a: Redefine trackpad property types (git-fixes).
- dt-bindings: msm: dsi-controller-main: Add vdd* descriptions back in (git-fixes).
- dt-bindings: net: snps,dwmac: Fix snps,reset-delays-us dependency (git-fixes).
- dt-bindings: power: supply: pm8941-coincell: Do not require charging properties (git-fixes).
- dt-bindings: usb: amlogic,meson-g12a-usb-ctrl: make G12A usb3-phy0 optional (git-fixes).
- eeprom: idt_89hpesx: Fix error handling in idt_init() (git-fixes).
- fbdev: omapfb: cleanup inconsistent indentation (git-fixes).
- firmware/efi sysfb_efi: Add quirk for Lenovo IdeaPad Duet 3 (git-fixes).
- firmware: coreboot: Remove GOOGLE_COREBOOT_TABLE_ACPI/OF Kconfig entries (git-fixes).
- firmware: coreboot: framebuffer: Ignore reserved pixel color bits (git-fixes).
- firmware: dmi-sysfs: Fix null-ptr-deref in dmi_sysfs_register_handle (git-fixes).
- firmware: stratix10-svc: add missing gen_pool_destroy() in stratix10_svc_drv_probe() (git-fixes).
- firmware: xilinx: do not make a sleepable memory allocation from an atomic context (git-fixes).
- fork: allow CLONE_NEWTIME in clone3 flags (bsc#1209258).
- fuse: add inode/permission checks to fileattr_get/fileattr_set (bsc#1208759).
- gpio: tegra186: remove unneeded loop in tegra186_gpio_init_route_mapping() (git-fixes).
- gpio: vf610: connect GPIO label to dev name (git-fixes).
- gpu: host1x: Do not skip assigning syncpoints to channels (git-fixes).
- gpu: ipu-v3: common: Add of_node_put() for reference returned by of_graph_get_port_by_id() (git-fixes).
- hid: Add Mapping for System Microphone Mute (git-fixes).
- hid: asus: use spinlock to protect concurrent accesses (git-fixes).
- hid: asus: use spinlock to safely schedule workers (git-fixes).
- hid: bigben: use spinlock to protect concurrent accesses (git-fixes).
- hid: bigben: use spinlock to safely schedule workers (git-fixes).
- hid: bigben_probe(): validate report count (git-fixes).
- hid: bigben_worker() remove unneeded check on report_field (git-fixes).
- hid: core: Fix deadloop in hid_apply_multiplier (git-fixes).
- hid: elecom: add support for TrackBall 056E:011C (git-fixes).
- hid: logitech-hidpp: Do not restart communication if not necessary (git-fixes).
- hid: multitouch: Add quirks for flipped axes (git-fixes).
- hid: retain initial quirks set up when creating HID devices (git-fixes).
- hv: fix comment typo in vmbus_channel/low_latency (git-fixes).
- hv_netvsc: Allocate memory in netvsc_dma_map() with GFP_ATOMIC (git-fixes).
- hv_netvsc: Check status in SEND_RNDIS_PKT completion message (git-fixes).
- hwmon: (adm1266) Set `can_sleep` flag for GPIO chip (git-fixes).
- hwmon: (adt7475) Display smoothing attributes in correct order (git-fixes).
- hwmon: (adt7475) Fix masking of hysteresis registers (git-fixes).
- hwmon: (coretemp) Simplify platform device handling (git-fixes).
- hwmon: (ftsteutates) Fix scaling of measurements (git-fixes).
- hwmon: (ina3221) return prober error code (git-fixes).
- hwmon: (k10temp): Add support for new family 17h and 19h models (bsc#1208848).
- hwmon: (ltc2945) Handle error case in ltc2945_value_store (git-fixes).
- hwmon: (ltc2992) Set `can_sleep` flag for GPIO chip (git-fixes).
- hwmon: (mlxreg-fan) Return zero speed for broken fan (git-fixes).
- hwmon: (ucd90320) Add minimum delay between bus accesses (git-fixes).
- hwmon: (xgene) Fix use after free bug in xgene_hwmon_remove due to race condition (git-fixes).
- hwmon: tmp512: drop of_match_ptr for ID table (git-fixes).
- i2c: designware: fix i2c_dw_clk_rate() return size to be u32 (git-fixes).
- ib/hfi1: Assign npages earlier (git-fixes)
- ib/hfi1: Fix math bugs in hfi1_can_pin_pages() (git-fixes)
- ib/hfi1: Fix sdma.h tx->num_descs off-by-one errors (git-fixes)
- ib/hfi1: Update RMT size calculation (git-fixes)
- iio: accel: mma9551_core: Prevent uninitialized variable in mma9551_read_config_word() (git-fixes).
- iio: accel: mma9551_core: Prevent uninitialized variable in mma9551_read_status_word() (git-fixes).
- iio: light: tsl2563: Do not hardcode interrupt trigger type (git-fixes).
- input: ads7846 - always set last command to PWRDOWN (git-fixes).
- input: ads7846 - do not check penirq immediately for 7845 (git-fixes).
- input: ads7846 - do not report pressure for ads7845 (git-fixes).
- input: iqs269a - configure device with a single block write (git-fixes).
- input: iqs269a - drop unused device node references (git-fixes).
- input: iqs269a - increase interrupt handler return delay (git-fixes).
- input: iqs626a - drop unused device node references (git-fixes).
- interconnect: exynos: fix node leak in probe PM QoS error path (git-fixes).
- interconnect: fix mem leak when freeing nodes (git-fixes).
- interconnect: qcom: osm-l3: fix icc_onecell_data allocation (git-fixes).
- iommu/hyper-v: Allow hyperv irq remapping without x2apic (git-fixes).
- irqchip/gic-v3: Refactor ISB + EOIR at ack time (git-fixes)
- iw_cxgb4: Fix potential NULL dereference in c4iw_fill_res_cm_id_entry() (git-fixes)
- kABI workaround for hid quirks (git-fixes).
- kABI: pci: Reduce warnings on possible RW1C corruption (kabi).
- kABI: pci: dwc: Add dw_pcie_ops.host_deinit() callback (kabi).
- kabi fix for nfsv4: Fix free of uninitialized nfs4_label on referral lookup (git-fixes).
- kabi fix for: nfs: Further optimisations for 'ls -l' (git-fixes).
- kabi fix for: nfsd: Have legacy NFSD WRITE decoders use xdr_stream_subsegment() (git-fixes).
- kabi fix for: nfsv3: handle out-of-order write replies (bsc#1205544).
- kabi fix for: nfsv4.1 query for fs_location attr on a new file system (Never, kabi).
- kernel-module-subpackage: Fix expansion with -b parameter (bsc#1208179). When -b is specified the script is prefixed with KMP_NEEDS_MKINITRD=1 which sets the variable for a simple command. However, the script is no longer a simple command. Export the variable instead.
- keys: asymmetric: Fix ECDSA use via keyctl uapi (git-fixes).
- kmap_local: do not assume kmap PTEs are linear arrays in memory (git-fixes) Update config/armv7hl/default too.
- leds: led-class: Add missing put_device() to led_put() (git-fixes).
- leds: led-core: Fix refcount leak in of_led_get() (git-fixes).
- lib/mpi: Fix buffer overrun when SG is too long (git-fixes).
- lib/zlib: remove redundation assignement of avail_in dfltcc_gdht() (git-fixes).
- locking/rwsem: Allow slowpath writer to ignore handoff bit if not set by first waiter (bsc#1207270).
- locking/rwsem: Always try to wake waiters in out_nolock path (bsc#1207270).
- locking/rwsem: Conditionally wake waiters in reader/writer slowpaths (bsc#1207270).
- locking/rwsem: Disable preemption in all down_read*() and up_read() code paths (bsc#1207270).
- locking/rwsem: Disable preemption in all down_write*() and up_write() code paths (bsc#1207270).
- locking/rwsem: Disable preemption while trying for rwsem lock (bsc#1207270).
- locking/rwsem: Make handoff bit handling more consistent (bsc#1207270).
- locking/rwsem: No need to check for handoff bit if wait queue empty (bsc#1207270).
- locking/rwsem: Prevent non-first waiter from spinning in down_write() slowpath (bsc#1207270).
- locking: Add missing __sched attributes (bsc#1207270).
- makefile: link with -z noexecstack --no-warn-rwx-segments (bsc#1203200).
- media: coda: Add check for dcoda_iram_alloc (git-fixes).
- media: coda: Add check for kmalloc (git-fixes).
- media: i2c: imx219: Fix binning for RAW8 capture (git-fixes).
- media: i2c: imx219: Split common registers from mode tables (git-fixes).
- media: i2c: ov7670: 0 instead of -EINVAL was returned (git-fixes).
- media: i2c: ov772x: Fix memleak in ov772x_probe() (git-fixes).
- media: imx: imx7-media-csi: fix missing clk_disable_unprepare() in imx7_csi_init() (git-fixes).
- media: ipu3-cio2: Fix PM runtime usage_count in driver unbind (git-fixes).
- media: m5mols: fix off-by-one loop termination error (git-fixes).
- media: max9286: Fix memleak in max9286_v4l2_register() (git-fixes).
- media: ov2740: Fix memleak in ov2740_init_controls() (git-fixes).
- media: ov5640: Fix analogue gain control (git-fixes).
- media: ov5675: Fix memleak in ov5675_init_controls() (git-fixes).
- media: platform: ti: Add missing check for devm_regulator_get (git-fixes).
- media: rc: Fix use-after-free bugs caused by ene_tx_irqsim() (git-fixes).
- media: rc: gpio-ir-recv: add remove function (git-fixes).
- media: saa7134: Use video_unregister_device for radio_dev (git-fixes).
- media: ti: cal: fix possible memory leak in cal_ctx_create() (git-fixes).
- media: usb: siano: Fix use after free bugs caused by do_submit_urb (git-fixes).
- media: uvcvideo: Add support for V4L2_CTRL_TYPE_CTRL_CLASS (git-fixes).
- media: uvcvideo: Check controls flags before accessing them (git-fixes).
- media: uvcvideo: Check for INACTIVE in uvc_ctrl_is_accessible() (git-fixes).
- media: uvcvideo: Do not check for V4L2_CTRL_WHICH_DEF_VAL (git-fixes).
- media: uvcvideo: Fix memory leak of object map on error exit path (git-fixes).
- media: uvcvideo: Fix race condition with usb_kill_urb (git-fixes).
- media: uvcvideo: Handle cameras with invalid descriptors (git-fixes).
- media: uvcvideo: Handle errors from calls to usb_string (git-fixes).
- media: uvcvideo: Quirk for autosuspend in Logitech B910 and C910 (git-fixes).
- media: uvcvideo: Remove s_ctrl and g_ctrl (git-fixes).
- media: uvcvideo: Silence memcpy() run-time false positive warnings (git-fixes).
- media: uvcvideo: Use control names from framework (git-fixes).
- media: uvcvideo: refactor __uvc_ctrl_add_mapping (git-fixes).
- media: v4l2-jpeg: correct the skip count in jpeg_parse_app14_data (git-fixes).
- media: v4l2-jpeg: ignore the unknown APP14 marker (git-fixes).
- mei: bus-fixup:upon error print return values of send and receive (git-fixes).
- mfd: arizona: Use pm_runtime_resume_and_get() to prevent refcnt leak (git-fixes).
- mfd: cs5535: Do not build on UML (git-fixes).
- mfd: pcf50633-adc: Fix potential memleak in pcf50633_adc_async_read() (git-fixes).
- misc/mei/hdcp: Use correct macros to initialize uuid_le (git-fixes).
- misc: enclosure: Fix doc for enclosure_find() (git-fixes).
- mm: memcg: fix NULL pointer in mem_cgroup_track_foreign_dirty_slowpath() (bsc#1209262).
- mmc: jz4740: Work around bug on JZ4760(B) (git-fixes).
- mmc: mmc_spi: fix error handling in mmc_spi_probe() (git-fixes).
- mmc: sdhci_am654: lower power-on failed message severity (git-fixes).
- mmc: sdio: fix possible resource leaks in some error paths (git-fixes).
- move upstreamed i915 and media fixes into sorted section
- mt76: mt7915: fix polling firmware-own status (git-fixes).
- mtd: dataflash: remove duplicate SPI ID table (git-fixes).
- mtd: rawnand: fsl_elbc: Propagate HW ECC settings to HW (git-fixes).
- mtd: rawnand: sunxi: Clean up chips after failed init (git-fixes).
- mtd: rawnand: sunxi: Fix the size of the last OOB region (git-fixes).
- mtd: spi-nor: Fix shift-out-of-bounds in spi_nor_set_erase_type (git-fixes).
- mtd: spi-nor: core: fix implicit declaration warning (git-fixes).
- mtd: spi-nor: sfdp: Fix index value for SCCR dwords (git-fixes).
- mtd: spi-nor: spansion: Consider reserved bits in CFR5 register (git-fixes).
- net/rose: Fix to not accept on connected socket (git-fixes).
- net/sunrpc: fix reference count leaks in rpc_sysfs_xprt_state_change (git-fixes).
- nfc: change order inside nfc_se_io error path (git-fixes).
- nfc: fdp: add null check of devm_kmalloc_array in fdp_nci_i2c_read_device_properties (git-fixes).
- nfc: fix memory leak of se_io context in nfc_genl_se_io (git-fixes).
- nfc: pn533: initialize struct pn533_out_arg properly (git-fixes).
- nfc: st-nci: Fix use after free bug in ndlc_remove due to race condition (git-fixes).
- nfs4/pnfs: Always return layout stats on layout return for flexfiles (git-fixes).
- nfs4: Fix kmemleak when allocate slot failed (git-fixes).
- nfs: Always initialise fattr->label in nfs_fattr_alloc() (git-fixes).
- nfs: Avoid writeback threads getting stuck in mempool_alloc() (git-fixes).
- nfs: Create a new nfs_alloc_fattr_with_label() function (git-fixes).
- nfs: Do not allocate nfs_fattr on the stack in __nfs42_ssc_open() (git-fixes).
- nfs: Further optimisations for 'ls -l' (git-fixes).
- nfs: nfs4clinet: check the return value of kstrdup() (git-fixes).
- nfs: nfsiod should not block forever in mempool_alloc() (git-fixes).
- nfs: nfsiod should not block forever in mempool_alloc() (git-fixes).
- nfsd: COMMIT operations must not return NFS?ERR_INVAL (git-fixes).
- nfsd: De-duplicate net_generic(nf->nf_net, nfsd_net_id) (git-fixes).
- nfsd: Finish converting the NFSv2 GETACL result encoder (git-fixes).
- nfsd: Finish converting the NFSv3 GETACL result encoder (git-fixes).
- nfsd: Fix a memory leak in an error handling path (git-fixes).
- nfsd: Fix handling of oversized NFSv4 COMPOUND requests (git-fixes).
- nfsd: Fix nfsd_breaker_owns_lease() return values (git-fixes).
- nfsd: Have legacy NFSD WRITE decoders use xdr_stream_subsegment() (git-fixes).
- nfsd: Return nfserr_serverfault if splice_ok but buf->pages have data (git-fixes).
- nfsd: do not call nfsd_file_put from client states seqfile display (git-fixes).
- nfsd: fix use-after-free on source server when doing inter-server copy (git-fixes).
- nfsd: pass range end to vfs_fsync_range() instead of count (git-fixes).
- nfsv3: handle out-of-order write replies (bsc#1205544).
- nfsv4 expose nfs_parse_server_name function (git-fixes).
- nfsv4 handle port presence in fs_location server string (git-fixes).
- nfsv4 only print the label when its queried (git-fixes).
- nfsv4 remove zero number of fs_locations entries error check (git-fixes).
- nfsv4 store server support for fs_location attribute (git-fixes).
- nfsv4.1 query for fs_location attr on a new file system (git-fixes).
- nfsv4.1: Fix uninitialised variable in devicenotify (git-fixes).
- nfsv4.1: Handle RECLAIM_COMPLETE trunking errors (git-fixes).
- nfsv4.1: We must always send RECLAIM_COMPLETE after a reboot (git-fixes).
- nfsv4.2: Clear FATTR4_WORD2_SECURITY_LABEL when done decoding (git-fixes).
- nfsv4.2: Fix a memory stomp in decode_attr_security_label (git-fixes).
- nfsv4.2: Fixup CLONE dest file size for zero-length count (git-fixes).
- nfsv4.2: fix reference count leaks in _nfs42_proc_copy_notify() (git-fixes).
- nfsv4/pnfs: Fix a use-after-free bug in open (git-fixes).
- nfsv4: Add an fattr allocation to _nfs4_discover_trunking() (git-fixes).
- nfsv4: Do not hold the layoutget locks across multiple RPC calls (git-fixes).
- nfsv4: Fix a potential state reclaim deadlock (git-fixes).
- nfsv4: Fix free of uninitialized nfs4_label on referral lookup (git-fixes).
- nfsv4: Protect the state recovery thread against direct reclaim (git-fixes).
- nfsv4: Retry LOCK on OLD_STATEID during delegation return (git-fixes).
- nvme-auth: check chap ctrl_key once constructed (bsc#1202633).
- nvme-auth: clear sensitive info right after authentication completes (bsc#1202633).
- nvme-auth: convert dhchap_auth_list to an array (bsc#1202633).
- nvme-auth: do not ignore key generation failures when initializing ctrl keys (bsc#1202633).
- nvme-auth: do not keep long lived 4k dhchap buffer (bsc#1202633).
- nvme-auth: do not override ctrl keys before validation (bsc#1202633).
- nvme-auth: do not re-authenticate if the controller is not LIVE (bsc#1202633).
- nvme-auth: do not use NVMe status codes (bsc#1202633).
- nvme-auth: fix an error code in nvme_auth_process_dhchap_challenge() (bsc#1202633).
- nvme-auth: fix smatch warning complaints (bsc#1202633).
- nvme-auth: guarantee dhchap buffers under memory pressure (bsc#1202633).
- nvme-auth: have dhchap_auth_work wait for queues auth to complete (bsc#1202633).
- nvme-auth: mark nvme_auth_wq static (bsc#1202633).
- nvme-auth: no need to reset chap contexts on re-authentication (bsc#1202633).
- nvme-auth: remove redundant auth_work flush (bsc#1202633).
- nvme-auth: remove redundant buffer deallocations (bsc#1202633).
- nvme-auth: remove redundant deallocations (bsc#1202633).
- nvme-auth: remove redundant if statement (bsc#1202633).
- nvme-auth: remove symbol export from nvme_auth_reset (bsc#1202633).
- nvme-auth: rename __nvme_auth_[reset|free] to nvme_auth[reset|free]_dhchap (bsc#1202633).
- nvme-auth: rename authentication work elements (bsc#1202633).
- nvme-auth: use workqueue dedicated to authentication (bsc#1202633).
- nvme-fabrics: show well known discovery name (bsc#1200054).
- ocfs2: Fix data corruption after failed write (bsc#1208542).
- pci/ioc: Enlarge virtfn sysfs name buffer (git-fixes).
- pci/pm: Always disable PTM for all devices during suspend (git-fixes).
- pci/pm: Avoid putting Elo i2 PCIe Ports in D3cold (git-fixes).
- pci/pm: Fix bridge_d3_blacklist Elo i2 overwrite of Gigabyte X299 (git-fixes).
- pci/pm: Observe reset delay irrespective of bridge_d3 (git-fixes).
- pci/ptm: Add pci_suspend_ptm() and pci_resume_ptm() (git-fixes).
- pci: Add ACS quirk for Wangxun NICs (git-fixes).
- pci: Add SolidRun vendor ID (git-fixes).
- pci: Align extra resources for hotplug bridges properly (git-fixes).
- pci: Avoid FLR for AMD FCH AHCI adapters (git-fixes).
- pci: Avoid pci_dev_lock() AB/BA deadlock with sriov_numvfs_store() (git-fixes).
- pci: Fix dropping valid root bus resources with .end = zero (git-fixes).
- pci: Reduce warnings on possible RW1C corruption (git-fixes).
- pci: Take other bus devices into account when distributing resources (git-fixes).
- pci: Unify delay handling for reset and resume (git-fixes).
- pci: aardvark: Check return value of generic_handle_domain_irq() when processing INTx IRQ (git-fixes).
- pci: aardvark: Fix link training (git-fixes).
- pci: dwc: Add dw_pcie_ops.host_deinit() callback (git-fixes).
- pci: hotplug: Allow marking devices as disconnected during bind/unbind (git-fixes).
- pci: hv: update comment in x86 specific hv_arch_irq_unmask (git-fixes).
- pci: mediatek-gen3: Assert resets to ensure expected init state (git-fixes).
- pci: mediatek-gen3: Fix refcount leak in mtk_pcie_init_irq_domains() (git-fixes).
- pci: qcom: Fix host-init error handling (git-fixes).
- pci: qcom: Fix pipe clock imbalance (git-fixes).
- pci: switchtec: Return -EFAULT for copy_to_user() errors (git-fixes).
- pci: xgene: Revert 'PCI: xgene: Use inbound resources for setup' (git-fixes).
- perf/amd/ibs: Use interrupt regs ip for stack unwinding (git fixes).
- perf/core: Call LSM hook after copying perf_event_attr (git fixes).
- perf/core: Fix data race between perf_event_set_output() and perf_mmap_close() (git fixes).
- perf/core: Inherit event_caps (git fixes).
- perf/x86/amd: fix potential integer overflow on shift of a int (git fixes).
- perf/x86/intel/ds: Fix precise store latency handling (git fixes).
- perf/x86/intel/lbr: Use setup_clear_cpu_cap() instead of clear_cpu_cap() (git fixes).
- perf/x86/intel/pt: Fix sampling using single range output (git fixes).
- perf/x86/intel/pt: Relax address filter validation (git fixes).
- perf/x86/intel/uncore: Add Emerald Rapids (git fixes).
- perf/x86/intel/uncore: Clear attr_update properly (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/intel/uncore: Disable I/O stacks to PMU mapping on ICX-D (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/intel/uncore: Enable UPI topology discovery for Icelake Server (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/intel/uncore: Enable UPI topology discovery for Sapphire Rapids (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/intel/uncore: Enable UPI topology discovery for Skylake Server (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/intel/uncore: Fix broken read_counter() for SNB IMC PMU (git fixes).
- perf/x86/intel/uncore: Fix reference count leak in __uncore_imc_init_box() (git fixes).
- perf/x86/intel/uncore: Fix reference count leak in hswep_has_limit_sbox() (git fixes).
- perf/x86/intel/uncore: Fix reference count leak in sad_cfg_iio_topology() (git fixes).
- perf/x86/intel/uncore: Fix reference count leak in snr_uncore_mmio_map() (git fixes).
- perf/x86/intel/uncore: Generalize IIO topology support (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/intel/uncore: Generalize get_topology() for SKX PMUs (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/intel/uncore: Get UPI NodeID and GroupID (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/intel/uncore: Introduce UPI topology type (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/intel/uncore: Make set_mapping() procedure void (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/intel/uncore: Update sysfs-devices-mapping file (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/intel: Add Cooper Lake stepping to isolation_ucodes (git fixes).
- perf/x86/intel: Add Emerald Rapids (git fixes).
- perf/x86/intel: Do not extend the pseudo-encoding to GP counters (git fixes).
- perf/x86/intel: Fix PEBS data source encoding for ADL (git fixes).
- perf/x86/intel: Fix PEBS memory access info encoding for ADL (git fixes).
- perf/x86/intel: Fix event constraints for ICL (git fixes).
- perf/x86/intel: Fix pebs event constraints for ADL (git fixes).
- perf/x86/intel: Fix pebs event constraints for ICL (git fixes).
- perf/x86/intel: Fix pebs event constraints for SPR (git fixes).
- perf/x86/lbr: Enable the branch type for the Arch LBR by default (git fixes).
- perf/x86/msr: Add Emerald Rapids (git fixes).
- perf/x86/rapl: Add support for Intel AlderLake-N (git fixes).
- perf/x86/rapl: Treat Tigerlake like Icelake (git fixes).
- perf/x86/rapl: Use standard Energy Unit for SPR Dram RAPL domain (git fixes).
- perf/x86/rapl: fix AMD event handling (git fixes).
- perf/x86/uncore: Add Raptor Lake uncore support (git fixes).
- perf/x86/uncore: Add a quirk for UPI on SPR (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/uncore: Add new Alder Lake and Raptor Lake support (git fixes).
- perf/x86/uncore: Add new Raptor Lake S support (git fixes).
- perf/x86/uncore: Clean up uncore_pci_ids (git fixes).
- perf/x86/uncore: Do not WARN_ON_ONCE() for a broken discovery table (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/uncore: Factor out uncore_device_to_die() (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/uncore: Fix potential NULL pointer in uncore_get_alias_name (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/uncore: Ignore broken units in discovery table (bsc#1206824, bsc#1206493, bsc#1206492).
- perf: Always wake the parent event (git fixes).
- perf: Fix possible memleak in pmu_dev_alloc() (git fixes).
- phy: rockchip-typec: Fix unsigned comparison with less than zero (git-fixes).
- phy: rockchip-typec: fix tcphy_get_mode error case (git-fixes).
- pinctrl: at91: use devm_kasprintf() to avoid potential leaks (git-fixes).
- pinctrl: mediatek: Initialize variable *buf to zero (git-fixes).
- pinctrl: mediatek: fix coding style (git-fixes).
- pinctrl: qcom: pinctrl-msm8976: Correct function names for wcss pins (git-fixes).
- pinctrl: rockchip: Fix refcount leak in rockchip_pinctrl_parse_groups (git-fixes).
- pinctrl: stm32: Fix refcount leak in stm32_pctrl_get_irq_domain (git-fixes).
- platform/x86: ISST: PUNIT device mapping with Sub-NUMA clustering (bsc#1208420).
- platform/x86: amd-pmc: Correct usage of SMU version (git-fixes).
- platform/x86: amd-pmc: Export Idlemask values based on the APU (git-fixes).
- platform/x86: amd-pmc: Fix compilation when CONFIG_DEBUGFS is disabled (git-fixes).
- platform/x86: touchscreen_dmi: Add Chuwi Vi8 (CWI501) DMI match (git-fixes).
- platform: x86: MLX_PLATFORM: select REGMAP instead of depending on it (git-fixes).
- powercap: fix possible name leak in powercap_register_zone() (git-fixes).
- powerpc/eeh: Set channel state after notifying the drivers (bsc#1208784 ltc#201612).
- printf: fix errname.c list (git-fixes).
- prlimit: do_prlimit needs to have a speculation check (bsc#1209256).
- pwm: stm32-lp: fix the check on arr and cmp registers update (git-fixes).
- qede: avoid uninitialized entries in coal_entry array (bsc#1205846).
- qede: fix interrupt coalescing configuration (bsc#1205846).
- rcu: Tighten rcu_advance_cbs_nowake() checks (bsc#1209159).
- rdma/cxgb4: Fix potential null-ptr-deref in pass_establish() (git-fixes)
- rdma/cxgb4: add null-ptr-check after ip_dev_find() (git-fixes)
- rdma/cxgb4: remove unnecessary NULL check in __c4iw_poll_cq_one() (git-fixes)
- rdma/irdma: Cap MSIX used to online CPUs + 1 (git-fixes)
- rdma/rxe: Fix missing memory barriers in rxe_queue.h (git-fixes)
- rdma/siw: Fix user page pinning accounting (git-fixes)
- refresh suse/NFSv3-handle-out-of-order-write-replies. Careless typo - might cause bsc#1209457
- refresh suse/ice-clear-stale-Tx-queue-settings-before-configuring. Fix bug introduced by broken backport (bsc#1208628).
- regulator: Flag uncontrollable regulators as always_on (git-fixes).
- regulator: core: Fix off-on-delay-us for always-on/boot-on regulators (git-fixes).
- regulator: core: Use ktime_get_boottime() to determine how long a regulator was off (git-fixes).
- regulator: max77802: Bounds check regulator id against opmode (git-fixes).
- regulator: s5m8767: Bounds check id indexing into arrays (git-fixes).
- remoteproc/mtk_scp: Move clk ops outside send_lock (git-fixes).
- remoteproc: qcom_q6v5_mss: Use a carveout to authenticate modem headers (git-fixes).
- replace mkinitrd dependency with dracut (bsc#1202353). Also update mkinitrd refrences in documentation and comments.
- require suse-kernel-rpm-scriptlets at all times. The kernel packages call scriptlets for each stage, add the dependency to make it clear to libzypp that the scriptlets are required. There is no special dependency for posttrans, these scriptlets run when transactions are resolved. The plain dependency has to be used to support posttrans.
- revert 'char: pcmcia: cm4000_cs: Replace mdelay with usleep_range in set_protocol' (git-fixes).
- revert 'crypto: rsa-pkcs1pad - Replace GFP_ATOMIC with GFP_KERNEL in pkcs1pad_encrypt_sign_complete' (git-fixes).
- revert 'hid: logitech-hidpp: add a module parameter to keep firmware gestures' (git-fixes).
- revert 'usb: dwc3: qcom: Keep power domain on to retain controller status' (git-fixes).
- rpm/group-source-files.pl: Deal with {pre,post}fixed / in location When the source file location provided with -L is either prefixed or postfixed with forward slash, the script get stuck in a infinite loop inside calc_dirs() where $path is an empty string. user@localhost:/tmp> perl '$HOME/group-source-files.pl' -D devel.files -N nondevel.files -L /usr/src/linux-5.14.21-150500.41/ ... path = /usr/src/linux-5.14.21-150500.41/Documentation/Kconfig path = /usr/src/linux-5.14.21-150500.41/Documentation path = /usr/src/linux-5.14.21-150500.41 path = /usr/src path = /usr path = path = path = ... # Stuck in an infinite loop This workarounds the issue by breaking out the loop once path is an empty string. For a proper fix we'd want something that filesystem-aware, but this workaround should be enough for the rare occation that this script is ran manually. Link: http://mailman.suse.de/mlarch/SuSE/kernel/2023/kernel.2023.03/msg00024.html
- rpm/kernel-obs-build.spec.in: Remove SLE11 cruft
- rtc: allow rtc_read_alarm without read_alarm callback (git-fixes).
- rtc: pm8xxx: fix set-alarm race (git-fixes).
- rtc: sun6i: Always export the internal oscillator (git-fixes).
- s390/dasd: Fix potential memleak in dasd_eckd_init() (git-fixes).
- s390/kexec: fix ipl report address for kdump (bsc#1207529).
- scsi: lpfc: Copyright updates for 14.2.0.10 patches (bsc#1208607).
- scsi: lpfc: Exit PRLI completion handling early if ndlp not in PRLI_ISSUE state (bsc#1208607).
- scsi: lpfc: Fix space indentation in lpfc_xcvr_data_show() (bsc#1208607).
- scsi: lpfc: Fix use-after-free KFENCE violation during sysfs firmware write (bsc#1208607).
- scsi: lpfc: Introduce new attention types for lpfc_sli4_async_fc_evt() handler (bsc#1208607).
- scsi: lpfc: Reinitialize internal VMID data structures after FLOGI completion (bsc#1208607).
- scsi: lpfc: Remove duplicate ndlp kref decrement in lpfc_cleanup_rpis() (bsc#1208607 bsc#1208534).
- scsi: lpfc: Remove redundant clean up code in disable_vport() (bsc#1208607).
- scsi: lpfc: Replace outdated strncpy() with strscpy() (bsc#1208607).
- scsi: lpfc: Resolve miscellaneous variable set but not used compiler warnings (bsc#1208607).
- scsi: lpfc: Set max DMA segment size to HBA supported SGE length (bsc#1208607).
- scsi: lpfc: Update lpfc version to 14.2.0.10 (bsc#1208607).
- scsi: qla2xxx: Add option to disable FC2 Target support (bsc#1198438 bsc#1206103).
- scsi: qla2xxx: Check if port is online before sending ELS (bsc#1208570).
- scsi: qla2xxx: Fix DMA-API call trace on NVMe LS requests (bsc#1208570).
- scsi: qla2xxx: Fix IOCB resource check warning (bsc#1208570).
- scsi: qla2xxx: Fix erroneous link down (bsc#1208570).
- scsi: qla2xxx: Fix exchange oversubscription (bsc#1208570).
- scsi: qla2xxx: Fix exchange oversubscription for management commands (bsc#1208570).
- scsi: qla2xxx: Fix link failure in NPIV environment (bsc#1208570).
- scsi: qla2xxx: Fix printk() format string (bsc#1208570).
- scsi: qla2xxx: Fix stalled login (bsc#1208570).
- scsi: qla2xxx: Make qla_trim_buf() and __qla_adjust_buf() static (bsc#1208570).
- scsi: qla2xxx: Relocate/rename vp map (bsc#1208570).
- scsi: qla2xxx: Remove dead code (GNN ID) (bsc#1208570).
- scsi: qla2xxx: Remove dead code (GPNID) (bsc#1208570).
- scsi: qla2xxx: Remove dead code (bsc#1208570).
- scsi: qla2xxx: Remove increment of interface err cnt (bsc#1208570).
- scsi: qla2xxx: Remove the unused variable wwn (bsc#1208570).
- scsi: qla2xxx: Remove unintended flag clearing (bsc#1208570).
- scsi: qla2xxx: Select qpair depending on which CPU post_cmd() gets called (bsc#1208570).
- scsi: qla2xxx: Simplify if condition evaluation (bsc#1208570).
- scsi: qla2xxx: Update version to 10.02.08.100-k (bsc#1208570).
- scsi: qla2xxx: Update version to 10.02.08.200-k (bsc#1208570).
- scsi: qla2xxx: Use a variable for repeated mem_size computation (bsc#1208570).
- scsi: qla2xxx: edif: Fix clang warning (bsc#1208570).
- scsi: qla2xxx: edif: Fix performance dip due to lock contention (bsc#1208570).
- scsi: qla2xxx: edif: Fix stall session after app start (bsc#1208570).
- scsi: qla2xxx: edif: Reduce memory usage during low I/O (bsc#1208570).
- scsi: storvsc: Handle BlockSize change in Hyper-V VHD/VHDX file (git-fixes).
- sefltests: netdevsim: wait for devlink instance after netns removal (git-fixes).
- selftest/lkdtm: Skip stack-entropy test if lkdtm is not available (git-fixes).
- selftests/ftrace: Add check for ping command for trigger tests (bsc#1204993 ltc#200103).
- selftests/ftrace: Convert tracer tests to use 'requires' to specify program dependency (bsc#1204993 ltc#200103).
- selftests/powerpc: Account for offline cpus in perf-hwbreak test (bsc#1206232).
- selftests/powerpc: Bump up rlimit for perf-hwbreak test (bsc#1206232).
- selftests/powerpc: Move perror closer to its use (bsc#1206232).
- serial: 8250_em: Fix UART port type (git-fixes).
- serial: 8250_fsl: fix handle_irq locking (git-fixes).
- serial: fsl_lpuart: fix RS485 RTS polariy inverse issue (git-fixes).
- serial: qcom-geni: fix console shutdown hang (git-fixes).
- serial: sc16is7xx: setup GPIO controller later in probe (git-fixes).
- serial: tegra: Add missing clk_disable_unprepare() in tegra_uart_hw_init() (git-fixes).
- signal/seccomp: Refactor seccomp signal and coredump generation (git-fixes).
- signal/x86: In emulate_vsyscall force a signal instead of calling do_exit (git-fixes).
- signal: Implement force_fatal_sig (git-fixes).
- smb3: Replace smb2pdu 1-element arrays with flex-arrays (bsc#1193629).
- soundwire: cadence: Do not overflow the command FIFOs (git-fixes).
- spi: bcm63xx-hsspi: Endianness fix for ARM based SoC (git-fixes).
- spi: dw_bt1: fix MUX_MMIO dependencies (git-fixes).
- spi: synquacer: Fix timeout handling in synquacer_spi_transfer_one() (git-fixes).
- spi: tegra210-quad: Fix validate combined sequence (git-fixes).
- staging: emxx_udc: Add checks for dma_alloc_coherent() (git-fixes).
- staging: mt7621-dts: change palmbus address to lower case (git-fixes).
- struct uvc_device move flush_status new member to end (git-fixes).
- sunrpc allow for unspecified transport time in rpc_clnt_add_xprt (git-fixes).
- sunrpc: Do not leak netobj memory when gss_read_proxy_verf() fails (git-fixes).
- sunrpc: Fix null-ptr-deref when xps sysfs alloc failed (git-fixes).
- sunrpc: Fix potential race conditions in rpc_sysfs_xprt_state_change() (git-fixes).
- sunrpc: Fix socket waits for write buffer space (git-fixes).
- sunrpc: Return true/false (not 1/0) from bool functions (git-fixes).
- supported.conf: Remove duplicate entry.
- thermal/drivers/hisi: Drop second sensor hi3660 (git-fixes).
- thermal/drivers/tsens: Add compat string for the qcom,msm8960 (git-fixes).
- thermal/drivers/tsens: Drop msm8976-specific defines (git-fixes).
- thermal/drivers/tsens: Sort out msm8976 vs msm8956 data (git-fixes).
- thermal/drivers/tsens: fix slope values for msm8939 (git-fixes).
- thermal/drivers/tsens: limit num_sensors to 9 for msm8939 (git-fixes).
- thermal: intel: BXT_PMIC: select REGMAP instead of depending on it (git-fixes).
- thermal: intel: Fix unsigned comparison with less than zero (git-fixes).
- thermal: intel: intel_pch: Add support for Wellsburg PCH (git-fixes).
- thermal: intel: powerclamp: Fix cur_state for multi package system (git-fixes).
- thermal: intel: quark_dts: fix error pointer dereference (git-fixes).
- tools/iio/iio_utils:fix memory leak (git-fixes).
- tpm/eventlog: Do not abort tpm_read_log on faulty ACPI address (git-fixes).
- tty: fix out-of-bounds access in tty_driver_lookup_tty() (git-fixes).
- tty: serial: fsl_lpuart: Fix the wrong RXWATER setting for rx dma case (git-fixes).
- tty: serial: fsl_lpuart: clear LPUART Status Register in lpuart32_shutdown() (git-fixes).
- tty: serial: fsl_lpuart: disable Rx/Tx DMA in lpuart32_shutdown() (git-fixes).
- tty: serial: fsl_lpuart: disable the CTS when send break signal (git-fixes).
- tty: serial: imx: Handle RS485 DE signal active high (git-fixes).
- tty: serial: imx: disable Ageing Timer interrupt request irq (git-fixes).
- tty: serial: qcom-geni-serial: stop operations in progress at shutdown (git-fixes).
- update internal module version number for cifs.ko (bsc#1193629).
- update suse/hid-bigben_probe-validate-report-count (bsc#1208605). Added bugzilla reference to fix already applied
- usb: core: Do not hold device lock while reading the 'descriptors' sysfs file (git-fixes).
- usb: dwc3: core: Host wake up support from system suspend (git-fixes).
- usb: dwc3: pci: add support for the Intel Meteor Lake-M (git-fixes).
- usb: dwc3: qcom: Configure wakeup interrupts during suspend (git-fixes).
- usb: dwc3: qcom: Fix memory leak in dwc3_qcom_interconnect_init (git-fixes).
- usb: dwc3: qcom: Keep power domain on to retain controller status (git-fixes).
- usb: dwc3: qcom: clean up icc init (git-fixes).
- usb: dwc3: qcom: clean up suspend callbacks (git-fixes).
- usb: dwc3: qcom: fix gadget-only builds (git-fixes).
- usb: dwc3: qcom: fix peripheral and OTG suspend (git-fixes).
- usb: dwc3: qcom: fix wakeup implementation (git-fixes).
- usb: dwc3: qcom: only parse 'maximum-speed' once (git-fixes).
- usb: dwc3: qcom: suppress unused-variable warning (git-fixes).
- usb: early: xhci-dbc: Fix a potential out-of-bound memory access (git-fixes).
- usb: ene_usb6250: Allocate enough memory for full object (git-fixes).
- usb: gadget: configfs: Restrict symlink creation is UDC already binded (git-fixes).
- usb: gadget: configfs: remove using list iterator after loop body as a ptr (git-fixes).
- usb: gadget: configfs: use to_config_usb_cfg() in os_desc_link() (git-fixes).
- usb: gadget: configfs: use to_usb_function_instance() in cfg (un)link func (git-fixes).
- usb: gadget: fusb300_udc: free irq on the error path in fusb300_probe() (git-fixes).
- usb: gadget: u_serial: Add null pointer check in gserial_resume (git-fixes).
- usb: host: xhci: mvebu: Iterate over array indexes instead of using pointer math (git-fixes).
- usb: max-3421: Fix setting of I/O pins (git-fixes).
- usb: musb: Add and use inline function musb_otg_state_string (git-fixes).
- usb: musb: Add and use inline functions musb_{get,set}_state (git-fixes).
- usb: musb: mediatek: do not unregister something that wasn't registered (git-fixes).
- usb: musb: remove schedule work called after flush (git-fixes).
- usb: serial: option: add support for VW/Skoda 'Carstick LTE' (git-fixes).
- usb: typec: intel_pmc_mux: Do not leak the ACPI device reference count (git-fixes).
- usb: typec: intel_pmc_mux: Use the helper acpi_dev_get_memory_resources() (git-fixes).
- usb: uvc: Enumerate valid values for color matching (git-fixes).
- vc_screen: do not clobber return value in vcs_read (git-fixes).
- vc_screen: modify vcs_size() handling in vcs_read() (git-fixes).
- vdpa_sim: not reset state in vdpasim_queue_ready (git-fixes).
- vfio/type1: prevent underflow of locked_vm via exec() (git-fixes).
- vfio/type1: restore locked_vm (git-fixes).
- vfio/type1: track locked_vm per dma (git-fixes).
- vfs: filename_create(): fix incorrect intent (bsc#1197534).
- virt/sev-guest: Add a MODULE_ALIAS (bsc#1208449).
- virt/sev-guest: Prevent IV reuse in the SNP guest driver (bsc#1208449).
- virt/sev-guest: Remove unnecessary free in init_crypto() (bsc#1208449).
- virt: sev-guest: Pass the appropriate argument type to iounmap() (bsc#1208449).
- virt: sevguest: Change driver name to reflect generic SEV support (bsc#1208449).
- virt: sevguest: Rename the sevguest dir and files to sev-guest (bsc#1208449).
- vmci: check context->notify_page after call to get_user_pages_fast() to avoid GPF (git-fixes).
- vmxnet3: move rss code block under eop descriptor (bsc#1208212).
- watch_queue: fix IOC_WATCH_QUEUE_SET_SIZE alloc error paths (bsc#1197617).
- watchdog: Fix kmemleak in watchdog_cdev_register (git-fixes).
- watchdog: at91sam9_wdt: use devm_request_irq to avoid missing free_irq() in error path (git-fixes).
- watchdog: pcwd_usb: Fix attempting to access uninitialized memory (git-fixes).
- watchdog: sbsa_wdog: Make sure the timeout programming is within the limits (git-fixes).
- wifi: ath11k: Fix memory leak in ath11k_peer_rx_frag_setup (git-fixes).
- wifi: ath11k: allow system suspend to survive ath11k (git-fixes).
- wifi: ath9k: Fix potential stack-out-of-bounds write in ath9k_wmi_rsp_callback() (git-fixes).
- wifi: ath9k: Fix use-after-free in ath9k_hif_usb_disconnect() (git-fixes).
- wifi: ath9k: hif_usb: clean up skbs if ath9k_hif_usb_rx_stream() fails (git-fixes).
- wifi: ath9k: htc_hst: free skb in ath9k_htc_rx_msg() if there is no callback function (git-fixes).
- wifi: ath9k: use proper statements in conditionals (git-fixes).
- wifi: brcmfmac: Fix potential stack-out-of-bounds in brcmf_c_preinit_dcmds() (git-fixes).
- wifi: brcmfmac: ensure CLM version is null-terminated to prevent stack-out-of-bounds (git-fixes).
- wifi: brcmfmac: fix potential memory leak in brcmf_netdev_start_xmit() (git-fixes).
- wifi: brcmfmac: unmap dma buffer in brcmf_msgbuf_alloc_pktid() (git-fixes).
- wifi: cfg80211: Fix extended KCK key length check in nl80211_set_rekey_data() (git-fixes).
- wifi: cfg80211: Fix use after free for wext (git-fixes).
- wifi: cfg80211: Partial revert 'wifi: cfg80211: Fix use after free for wext' (git-fixes).
- wifi: ipw2200: fix memory leak in ipw_wdev_init() (git-fixes).
- wifi: ipw2x00: do not call dev_kfree_skb() under spin_lock_irqsave() (git-fixes).
- wifi: iwl3945: Add missing check for create_singlethread_workqueue (git-fixes).
- wifi: iwl4965: Add missing check for create_singlethread_workqueue() (git-fixes).
- wifi: iwlegacy: common: do not call dev_kfree_skb() under spin_lock_irqsave() (git-fixes).
- wifi: libertas: cmdresp: do not call kfree_skb() under spin_lock_irqsave() (git-fixes).
- wifi: libertas: fix memory leak in lbs_init_adapter() (git-fixes).
- wifi: libertas: if_usb: do not call kfree_skb() under spin_lock_irqsave() (git-fixes).
- wifi: libertas: main: do not call kfree_skb() under spin_lock_irqsave() (git-fixes).
- wifi: libertas_tf: do not call kfree_skb() under spin_lock_irqsave() (git-fixes).
- wifi: mac80211: make rate u32 in sta_set_rate_info_rx() (git-fixes).
- wifi: mt7601u: fix an integer underflow (git-fixes).
- wifi: mt76: dma: free rx_head in mt76_dma_rx_cleanup (git-fixes).
- wifi: mwifiex: Add missing compatible string for SD8787 (git-fixes).
- wifi: mwifiex: fix loop iterator in mwifiex_update_ampdu_txwinsize() (git-fixes).
- wifi: orinoco: check return value of hermes_write_wordrec() (git-fixes).
- wifi: rsi: Fix memory leak in rsi_coex_attach() (git-fixes).
- wifi: rtl8xxxu: Fix memory leaks with RTL8723BU, RTL8192EU (git-fixes).
- wifi: rtl8xxxu: Use a longer retry limit of 48 (git-fixes).
- wifi: rtl8xxxu: do not call dev_kfree_skb() under spin_lock_irqsave() (git-fixes).
- wifi: rtl8xxxu: fixing transmisison failure for rtl8192eu (git-fixes).
- wifi: rtlwifi: Fix global-out-of-bounds bug in _rtl8812ae_phy_set_txpower_limit() (git-fixes).
- wifi: rtlwifi: rtl8188ee: do not call kfree_skb() under spin_lock_irqsave() (git-fixes).
- wifi: rtlwifi: rtl8723be: do not call kfree_skb() under spin_lock_irqsave() (git-fixes).
- wifi: rtlwifi: rtl8821ae: do not call kfree_skb() under spin_lock_irqsave() (git-fixes).
- wifi: rtw89: Add missing check for alloc_workqueue (git-fixes).
- wifi: wilc1000: fix potential memory leak in wilc_mac_xmit() (git-fixes).
- wifi: wl3501_cs: do not call kfree_skb() under spin_lock_irqsave() (git-fixes).
- x86/64/mm: Map all kernel memory into trampoline_pgd (git-fixes).
- x86/amd_nb: Add AMD PCI IDs for SMN communication (bsc#1208848).
- x86/cpu: Add CPU model numbers for Meteor Lake (git fixes).
- x86/cpu: Add Raptor Lake to Intel family (git fixes).
- x86/cpu: Add new Alderlake and Raptorlake CPU model numbers (git fixes).
- x86/cpu: Add new Raptor Lake CPU model number (git fixes).
- x86/cpu: Add several Intel server CPU model numbers (git fixes).
- x86/cpu: Drop spurious underscore from RAPTOR_LAKE #define (git fixes).
- x86/hyperv: Introduce HV_MAX_SPARSE_VCPU_BANKS/HV_VCPUS_PER_SPARSE_BANK constants (git-fixes).
- x86/perf/zhaoxin: Add stepping check for ZXC (git fixes).
- x86/perf: Avoid warning for Arch LBR without XSAVE (git fixes).
- x86/perf: Default set FREEZE_ON_SMI for all (git fixes).
- x86/sgx: Fix free page accounting (git-fixes).
- x86/xen: Fix memory leak in xen_init_lock_cpu() (git-fixes).
- x86/xen: Fix memory leak in xen_smp_intr_init{_pv}() (git-fixes).
- x86: link vdso and boot with -z noexecstack --no-warn-rwx-segments (bsc#1203200).
- xen-netfront: Fix NULL sring after live migration (git-fixes).
- xen-pciback: Allow setting PCI_MSIX_FLAGS_MASKALL too (git-fixes).
- xen/arm: Fix race in RB-tree based P2M accounting (git-fixes)
- xen/netback: do some code cleanup (git-fixes).
- xen/netback: fix build warning (git-fixes).
- xen/netfront: destroy queues before real_num_tx_queues is zeroed (git-fixes).
- xen/platform-pci: add missing free_irq() in error path (git-fixes).
- xen/privcmd: Fix a possible warning in privcmd_ioctl_mmap_resource() (git-fixes).
ImportantSUSE bug 1177529SUSE bug 1193629SUSE bug 1197534SUSE bug 1197617SUSE bug 1198438SUSE bug 1200054SUSE bug 1202353SUSE bug 1202633SUSE bug 1203200SUSE bug 1203331SUSE bug 1204363SUSE bug 1204993SUSE bug 1205544SUSE bug 1205846SUSE bug 1206103SUSE bug 1206232SUSE bug 1206492SUSE bug 1206493SUSE bug 1206824SUSE bug 1206935SUSE bug 1207051SUSE bug 1207270SUSE bug 1207529SUSE bug 1207560SUSE bug 1207845SUSE bug 1207846SUSE bug 1208179SUSE bug 1208212SUSE bug 1208420SUSE bug 1208449SUSE bug 1208534SUSE bug 1208541SUSE bug 1208542SUSE bug 1208570SUSE bug 1208598SUSE bug 1208599SUSE bug 1208601SUSE bug 1208605SUSE bug 1208607SUSE bug 1208628SUSE bug 1208700SUSE bug 1208741SUSE bug 1208759SUSE bug 1208776SUSE bug 1208777SUSE bug 1208784SUSE bug 1208787SUSE bug 1208816SUSE bug 1208837SUSE bug 1208843SUSE bug 1208848SUSE bug 1209008SUSE bug 1209159SUSE bug 1209188SUSE bug 1209256SUSE bug 1209258SUSE bug 1209262SUSE bug 1209291SUSE bug 1209436SUSE bug 1209457SUSE bug 1209504CVE-2022-3523 at SUSECVE-2022-3523 at NVDCVE-2022-38096 at SUSECVE-2022-38096 at NVDCVE-2023-0461 at SUSECVE-2023-0461 at NVDCVE-2023-0597 at SUSECVE-2023-0597 at NVDCVE-2023-1075 at SUSECVE-2023-1075 at NVDCVE-2023-1076 at SUSECVE-2023-1076 at NVDCVE-2023-1078 at SUSECVE-2023-1078 at NVDCVE-2023-1095 at SUSECVE-2023-1095 at NVDCVE-2023-1118 at SUSECVE-2023-1118 at NVDCVE-2023-22995 at SUSECVE-2023-22995 at NVDCVE-2023-22998 at SUSECVE-2023-22998 at NVDCVE-2023-23000 at SUSECVE-2023-23000 at NVDCVE-2023-23004 at SUSECVE-2023-23004 at NVDCVE-2023-23559 at SUSECVE-2023-23559 at NVDCVE-2023-25012 at SUSECVE-2023-25012 at NVDCVE-2023-26545 at SUSECVE-2023-26545 at NVDCVE-2023-28328 at SUSECVE-2023-28328 at NVDcpe:/o:suse:sle-micro:5.4Security update for sudo (Moderate)SUSE Linux Enterprise Micro 5.4
This update for sudo fixes the following issue:
Security issues:
- CVE-2023-28486: Fixed sudo does not escape control characters in log messages. (bsc#1209362)
- CVE-2023-28487: Fixed sudo does not escape control characters in sudoreplay output. (bsc#1209361)
- CVE-2023-27320: Fixed a potential security issue with a double free with per-command chroot sudoers rules (bsc#1208595).
Bug fixes:
- Fix a situation where 'sudo -U otheruser -l' would dereference a NULL pointer (bsc#1206483)
- If NOPASSWD is specified, don't ask for password if command is not found (bsc#1206772).
- Do not re-enable the reader when flushing the buffers as part of pty_finish() (bsc#1203201).
ModerateSUSE bug 1203201SUSE bug 1206483SUSE bug 1206772SUSE bug 1208595SUSE bug 1209361SUSE bug 1209362CVE-2023-27320 at SUSECVE-2023-27320 at NVDCVE-2023-28486 at SUSECVE-2023-28486 at NVDCVE-2023-28487 at SUSECVE-2023-28487 at NVDcpe:/o:suse:sle-micro:5.4Security update for libmicrohttpd (Moderate)SUSE Linux Enterprise Micro 5.4
This update for libmicrohttpd fixes the following issues:
- CVE-2023-27371: Fixed a parser bug that could be used to crash servers using the MHD_PostProcessor (bsc#1208745).
ModerateSUSE bug 1208745CVE-2023-27371 at SUSECVE-2023-27371 at NVDcpe:/o:suse:sle-micro:5.4Security update for zstd (Moderate)SUSE Linux Enterprise Micro 5.4
This update for zstd fixes the following issues:
- CVE-2022-4899: Fixed buffer overrun in util.c (bsc#1209533).
ModerateSUSE bug 1209533CVE-2022-4899 at SUSECVE-2022-4899 at NVDcpe:/o:suse:sle-micro:5.4Security update for ldb, samba (Important)SUSE Linux Enterprise Micro 5.4
This update for ldb, samba fixes the following issues:
ldb:
- CVE-2022-32746: Fixed an use-after-free issue in the database audit logging module (bsc#1201490).
- CVE-2023-0614: Fixed discovering of access controlled AD LDAP attributes (bso#15270) (bsc#1209485).
samba:
- CVE-2023-0922: Fixed cleartext password sending by AD DC admin tool (bso#15315) (bsc#1209481).
- CVE-2023-0225: Fixed deletion of AD DC 'dnsHostname' attribute by unprivileged authenticated users (bso#15276) (bsc#1209483).
- CVE-2023-0614: Fixed discovering of access controlled AD LDAP attributes (bso#15270) (bsc#1209485).
The following non-security bug were fixed:
- Prevent use after free of messaging_ctdb_fde_ev structs (bso#15293) (bsc#1207416).
- Ship missing samba-winbind-libs-32bit package (bsc#1207996)
- Ship missing samba-libs to SLE Micro 5.3 (bsc#1207723)
ImportantSUSE bug 1201490SUSE bug 1207416SUSE bug 1207723SUSE bug 1207996SUSE bug 1209481SUSE bug 1209483SUSE bug 1209485CVE-2022-32746 at SUSECVE-2022-32746 at NVDCVE-2023-0225 at SUSECVE-2023-0225 at NVDCVE-2023-0614 at SUSECVE-2023-0614 at NVDCVE-2023-0922 at SUSECVE-2023-0922 at NVDcpe:/o:suse:sle-micro:5.4Security update for shim (Important)SUSE Linux Enterprise Micro 5.4
This update for shim fixes the following issues:
- Updated shim signature after shim 15.7 be signed back:
signature-sles.x86_64.asc, signature-sles.aarch64.asc (bsc#1198458)
- Add POST_PROCESS_PE_FLAGS=-N to the build command in shim.spec to
disable the NX compatibility flag when using post-process-pe because
grub2 is not ready. (bsc#1205588)
- Enable the NX compatibility flag by default. (jsc#PED-127)
Update to 15.7 (bsc#1198458) (jsc#PED-127):
- Make SBAT variable payload introspectable
- Reference MokListRT instead of MokList
- Add a link to the test plan in the readme.
- [V3] Enable TDX measurement to RTMR register
- Discard load-options that start with a NUL
- Fixed load_cert_file bugs
- Add -malign-double to IA32 compiler flags
- pe: Fix image section entry-point validation
- make-archive: Build reproducible tarball
- mok: remove MokListTrusted from PCR 7
Other fixes:
- Support enhance shim measurement to TD RTMR. (jsc#PED-1273)
- shim-install: ensure grub.cfg created is not overwritten after installing grub related files
- Add logic to shim.spec to only set sbat policy when efivarfs is writeable. (bsc#1201066)
- Add logic to shim.spec for detecting --set-sbat-policy option before using mokutil to set sbat policy. (bsc#1202120)
- Change the URL in SBAT section to mail:security@suse.de. (bsc#1193282)
Update to 15.6 (bsc#1198458):
- MokManager: removed Locate graphic output protocol fail error message
- shim: implement SBAT verification for the shim_lock protocol
- post-process-pe: Fix a missing return code check
- Update github actions matrix to be more useful
- post-process-pe: Fix format string warnings on 32-bit platforms
- Allow MokListTrusted to be enabled by default
- Re-add ARM AArch64 support
- Use ASCII as fallback if Unicode Box Drawing characters fail
- make: don't treat cert.S specially
- shim: use SHIM_DEVEL_VERBOSE when built in devel mode
- Break out of the inner sbat loop if we find the entry.
- Support loading additional certificates
- Add support for NX (W^X) mitigations.
- Fix preserve_sbat_uefi_variable() logic
- SBAT Policy latest should be a one-shot
- pe: Fix a buffer overflow when SizeOfRawData > VirtualSize
- pe: Perform image verification earlier when loading grub
- Update advertised sbat generation number for shim
- Update SBAT generation requirements for 05/24/22
- Also avoid CVE-2022-28737 in verify_image() by @vathpela
Update to 15.5 (bsc#1198458):
- Broken ia32 relocs and an unimportant submodule change.
- mok: allocate MOK config table as BootServicesData
- Don't call QueryVariableInfo() on EFI 1.10 machines (bsc#1187260)
- Relax the check for import_mok_state() (bsc#1185261)
- SBAT.md: trivial changes
- shim: another attempt to fix load options handling
- Add tests for our load options parsing.
- arm/aa64: fix the size of .rela* sections
- mok: fix potential buffer overrun in import_mok_state
- mok: relax the maximum variable size check
- Don't unhook ExitBootServices when EBS protection is disabled
- fallback: find_boot_option() needs to return the index for the boot entry in optnum
- httpboot: Ignore case when checking HTTP headers
- Fallback allocation errors
- shim: avoid BOOTx64.EFI in message on other architectures
- str: remove duplicate parameter check
- fallback: add compile option FALLBACK_NONINTERACTIVE
- Test mok mirror
- Modify sbat.md to help with readability.
- csv: detect end of csv file correctly
- Specify that the .sbat section is ASCII not UTF-8
- tests: add 'include-fixed' GCC directory to include directories
- pe: simplify generate_hash()
- Don't make shim abort when TPM log event fails (RHBZ #2002265)
- Fallback to default loader if parsed one does not exist
- fallback: Fix for BootOrder crash when index returned
- Better console checks
- docs: update SBAT UEFI variable name
- Don't parse load options if invoked from removable media path
- fallback: fix fallback not passing arguments of the first boot option
- shim: Don't stop forever at 'Secure Boot not enabled' notification
- Allocate mokvar table in runtime memory.
- Remove post-process-pe on 'make clean'
- pe: missing perror argument
- CVE-2022-28737: Fixed a buffer overflow when SizeOfRawData > VirtualSize (bsc#1198458)
- Add mokutil command to post script for setting sbat policy to latest mode
when the SbatPolicy-605dab50-e046-4300-abb6-3dd810dd8b23 is not created.
(bsc#1198458)
- Updated vendor dbx binary and script (bsc#1198458)
- Updated dbx-cert.tar.xz and vendor-dbx-sles.bin for adding
SLES-UEFI-SIGN-Certificate-2021-05.crt to vendor dbx list.
- Updated dbx-cert.tar.xz and vendor-dbx-opensuse.bin for adding
openSUSE-UEFI-SIGN-Certificate-2021-05.crt to vendor dbx list.
- Updated vendor-dbx.bin for adding SLES-UEFI-SIGN-Certificate-2021-05.crt
and openSUSE-UEFI-SIGN-Certificate-2021-05.crt for testing environment.
- Updated generate-vendor-dbx.sh script for generating a vendor-dbx.bin
file which includes all .der for testing environment.
- avoid buffer overflow when copying data to the MOK config table (bsc#1185232)
- Disable exporting vendor-dbx to MokListXRT since writing a large RT variable could crash some machines (bsc#1185261)
- ignore the odd LoadOptions length (bsc#1185232)
- shim-install: reset def_shim_efi to 'shim.efi' if the given file doesn't exist
- relax the maximum variable size check for u-boot (bsc#1185621)
- handle ignore_db and user_insecure_mode correctly (bsc#1185441, bsc#1187071)
- Split the keys in vendor-dbx.bin to vendor-dbx-sles and
vendor-dbx-opensuse for shim-sles and shim-opensuse to reduce
the size of MokListXRT (bsc#1185261)
+ Also update generate-vendor-dbx.sh in dbx-cert.tar.xz
ImportantSUSE bug 1185232SUSE bug 1185261SUSE bug 1185441SUSE bug 1185621SUSE bug 1187071SUSE bug 1187260SUSE bug 1193282SUSE bug 1198458SUSE bug 1201066SUSE bug 1202120SUSE bug 1205588CVE-2022-28737 at SUSECVE-2022-28737 at NVDcpe:/o:suse:sle-micro:5.4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.4
The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes.
- CVE-2022-3523: Fixed a use after free related to device private page handling (bsc#1204363).
- CVE-2022-36280: Fixed out-of-bounds memory access vulnerability found in vmwgfx driver (bsc#1203332).
- CVE-2022-38096: Fixed NULL-ptr deref in vmw_cmd_dx_define_query() (bsc#1203331).
- CVE-2023-0045: Fixed missing Flush IBP in ib_prctl_set (bsc#1207773).
- CVE-2023-0461: Fixed use-after-free in icsk_ulp_data (bsc#1208787).
- CVE-2023-0597: Fixed lack of randomization of per-cpu entry area in x86/mm (bsc#1207845).
- CVE-2023-1075: Fixed a type confusion in tls_is_tx_ready (bsc#1208598).
- CVE-2023-1076: Fixed incorrect UID assigned to tun/tap sockets (bsc#1208599).
- CVE-2023-1078: Fixed a heap out-of-bounds write in rds_rm_zerocopy_callback (bsc#1208601).
- CVE-2023-1095: Fixed a NULL pointer dereference in nf_tables due to zeroed list head (bsc#1208777).
- CVE-2023-1118: Fixed a use-after-free bugs caused by ene_tx_irqsim() in media/rc (bsc#1208837).
- CVE-2023-22995: Fixed lacks of certain platform_device_put and kfree in drivers/usb/dwc3/dwc3-qcom.c (bsc#1208741).
- CVE-2023-22998: Fixed NULL vs IS_ERR checking in virtio_gpu_object_shmem_init (bsc#1208776).
- CVE-2023-23000: Fixed return value of tegra_xusb_find_port_node function phy/tegra (bsc#1208816).
- CVE-2023-23004: Fixed misinterpretation of get_sg_table return value (bsc#1208843).
- CVE-2023-23559: Fixed integer overflow in rndis_wlan that leads to a buffer overflow (bsc#1207051).
- CVE-2023-25012: Fixed a use-after-free in bigben_set_led() (bsc#1207560).
- CVE-2023-26545: Fixed double free in net/mpls/af_mpls.c upon an allocation failure (bsc#1208700).
- CVE-2023-28328: Fixed a denial of service issue in az6027 driver in drivers/media/usb/dev-usb/az6027.c (bsc#1209291).
The following non-security bugs were fixed:
- [infiniband] READ is 'data destination', not source... (git-fixes)
- [xen] fix 'direction' argument of iov_iter_kvec() (git-fixes).
- acpi/x86: Add support for LPS0 callback handler (git-fixes).
- acpi: Do not build ACPICA with '-Os' (git-fixes).
- acpi: NFIT: fix a potential deadlock during NFIT teardown (git-fixes).
- acpi: PM: s2idle: Add support for upcoming AMD uPEP HID AMDI008 (bsc#1206224).
- acpi: PM: s2idle: Use LPS0 idle if ACPI_FADT_LOW_POWER_S0 is unset (bsc#1206224).
- acpi: battery: Fix missing NUL-termination with large strings (git-fixes).
- acpi: resource: Add helper function acpi_dev_get_memory_resources() (git-fixes).
- acpi: video: Fix Lenovo Ideapad Z570 DMI match (git-fixes).
- acpi: x86: s2idle: Add a quirk for ASUS ROG Zephyrus G14 (bsc#1206224).
- acpi: x86: s2idle: Add a quirk for ASUS TUF Gaming A17 FA707RE (bsc#1206224).
- acpi: x86: s2idle: Add a quirk for ASUSTeK COMPUTER INC. ROG Flow X13 (bsc#1206224).
- acpi: x86: s2idle: Add a quirk for Lenovo Slim 7 Pro 14ARH7 (bsc#1206224).
- acpi: x86: s2idle: Add another ID to s2idle_dmi_table (bsc#1206224).
- acpi: x86: s2idle: Add module parameter to prefer Microsoft GUID (bsc#1206224).
- acpi: x86: s2idle: Fix a NULL pointer dereference (bsc#1206224).
- acpi: x86: s2idle: Force AMD GUID/_REV 2 on HP Elitebook 865 (bsc#1206224).
- acpi: x86: s2idle: If a new AMD _HID is missing assume Rembrandt (bsc#1206224).
- acpi: x86: s2idle: Move _HID handling for AMD systems into structures (bsc#1206224).
- acpi: x86: s2idle: Stop using AMD specific codepath for Rembrandt+ (bsc#1206224).
- acpica: Drop port I/O validation for some regions (git-fixes).
- acpica: nsrepair: handle cases without a return value correctly (git-fixes).
- add cherry-picked id for nouveau patch
- alsa: emux: Avoid potential array out-of-bound in snd_emux_xg_control() (git-fixes).
- alsa: hda/ca0132: minor fix for allocation size (git-fixes).
- alsa: hda/conexant: add a new hda codec SN6180 (git-fixes).
- alsa: hda/realtek - fixed wrong gpio assigned (git-fixes).
- alsa: hda/realtek: Add Positivo N14KP6-TG (git-fixes).
- alsa: hda/realtek: Add quirk for ASUS UM3402 using CS35L41 (git-fixes).
- alsa: hda/realtek: Add quirk for HP EliteDesk 800 G6 Tower PC (git-fixes).
- alsa: hda/realtek: Enable mute/micmute LEDs on HP Elitebook, 645 G9 (git-fixes).
- alsa: hda/realtek: Fix the speaker output on Samsung Galaxy Book2 Pro 360 (git-fixes).
- alsa: hda/realtek: fix mute/micmute LEDs do not work for a HP platform (git-fixes).
- alsa: hda: Do not unset preset when cleaning up codec (git-fixes).
- alsa: hda: Match only Intel devices with CONTROLLER_IN_GPU() (git-fixes).
- alsa: ice1712: Delete unreachable code in aureon_add_controls() (git-fixes).
- alsa: ice1712: Do not left ice->gpio_mutex locked in aureon_add_controls() (git-fixes).
- alsa: pci: lx6464es: fix a debug loop (git-fixes).
- applicom: Fix PCI device refcount leak in applicom_init() (git-fixes).
- arm64: Treat ESR_ELx as a 64-bit register (git-fixes)
- arm64: atomics: remove LL/SC trampolines (git-fixes)
- arm64: cacheinfo: Fix incorrect assignment of signed error value to (git-fixes)
- arm64: cmpxchg_double*: hazard against entire exchange variable (git-fixes)
- arm64: dts: amlogic: meson-axg: fix SCPI clock dvfs node name (git-fixes).
- arm64: dts: amlogic: meson-gx-libretech-pc: fix update button name (git-fixes).
- arm64: dts: amlogic: meson-gx: add missing SCPI sensors compatible (git-fixes).
- arm64: dts: amlogic: meson-gx: add missing unit address to rng node name (git-fixes).
- arm64: dts: amlogic: meson-gx: fix SCPI clock dvfs node name (git-fixes).
- arm64: dts: amlogic: meson-gxbb-kii-pro: fix led node name (git-fixes).
- arm64: dts: amlogic: meson-gxl-s905d-phicomm-n1: fix led node name (git-fixes).
- arm64: dts: amlogic: meson-gxl-s905d-sml5442tw: drop invalid clock-names property (git-fixes).
- arm64: dts: amlogic: meson-gxl: add missing unit address to eth-phy-mux node name (git-fixes).
- arm64: dts: amlogic: meson-sm1-bananapi-m5: fix adc keys node names (git-fixes).
- arm64: dts: amlogic: meson-sm1-odroid-hc4: fix active fan thermal trip (git-fixes).
- arm64: dts: arm: drop unused interrupt-names in MHU (git-fixes)
- arm64: dts: imx8m: Align SoC unique ID node unit address (git-fixes).
- arm64: dts: juno: Add missing MHU secure-irq (git-fixes)
- arm64: dts: mediatek: mt7622: Add missing pwm-cells to pwm node (git-fixes).
- arm64: dts: mediatek: mt8183: Fix systimer 13 MHz clock description (git-fixes).
- arm64: dts: meson-axg: Make mmc host controller interrupts level-sensitive (git-fixes).
- arm64: dts: meson-g12-common: Make mmc host controller interrupts level-sensitive (git-fixes).
- arm64: dts: meson-g12a: Fix internal Ethernet PHY unit name (git-fixes).
- arm64: dts: meson-gx: Fix Ethernet MAC address unit name (git-fixes).
- arm64: dts: meson-gx: Fix the SCPI DVFS node name and unit address (git-fixes).
- arm64: dts: meson-gx: Make mmc host controller interrupts level-sensitive (git-fixes).
- arm64: dts: meson: bananapi-m5: switch VDDIO_C pin to OPEN_DRAIN (git-fixes).
- arm64: dts: meson: remove CPU opps below 1GHz for G12A boards (git-fixes).
- arm64: dts: mt8192: Fix CPU map for single-cluster SoC (git-fixes).
- arm64: dts: qcom: Fix IPQ8074 PCIe PHY nodes (git-fixes).
- arm64: dts: qcom: ipq8074: correct Gen2 PCIe ranges (git-fixes).
- arm64: dts: qcom: ipq8074: correct PCIe QMP PHY output clock names (git-fixes).
- arm64: dts: qcom: ipq8074: correct USB3 QMP PHY-s clock output names (git-fixes).
- arm64: dts: qcom: ipq8074: fix Gen2 PCIe QMP PHY (git-fixes).
- arm64: dts: qcom: ipq8074: fix Gen3 PCIe QMP PHY (git-fixes).
- arm64: dts: qcom: ipq8074: fix Gen3 PCIe node (git-fixes).
- arm64: dts: qcom: ipq8074: fix PCIe PHY serdes size (git-fixes).
- arm64: dts: qcom: pmk8350: Specify PBS register for PON (git-fixes).
- arm64: dts: qcom: pmk8350: Use the correct PON compatible (git-fixes).
- arm64: dts: qcom: qcs404: use symbol names for PCIe resets (git-fixes).
- arm64: dts: qcom: sc7180: correct SPMI bus address cells (git-fixes).
- arm64: dts: qcom: sc7280: correct SPMI bus address cells (git-fixes).
- arm64: dts: qcom: sdm845-db845c: fix audio codec interrupt pin name (git-fixes).
- arm64: dts: qcom: sm8150-kumano: Panel framebuffer is 2.5k instead of 4k (git-fixes).
- arm64: dts: renesas: beacon-renesom: Fix gpio expander reference (git-fixes).
- arm64: dts: rockchip: drop unused LED mode property from rk3328-roc-cc (git-fixes).
- arm64: dts: ti: k3-j7200: Fix wakeup pinmux range (git-fixes).
- arm64: efi: Make efi_rt_lock a raw_spinlock (git-fixes).
- arm64: make is_ttbrX_addr() noinstr-safe (git-fixes)
- arm64: mm: kfence: only handle translation faults (git-fixes)
- arm: OMAP1: call platform_device_put() in error case in omap1_dm_timer_init() (git-fixes).
- arm: OMAP2+: Fix memory leak in realtime_counter_init() (git-fixes).
- arm: bcm2835_defconfig: Enable the framebuffer (git-fixes).
- arm: dts: am5748: keep usb4_tm disabled (git-fixes)
- arm: dts: exynos: Use Exynos5420 compatible for the MIPI video phy (git-fixes).
- arm: dts: exynos: correct HDMI phy compatible in Exynos4 (git-fixes).
- arm: dts: exynos: correct TMU phandle in Exynos4 (git-fixes).
- arm: dts: exynos: correct TMU phandle in Exynos4210 (git-fixes).
- arm: dts: exynos: correct TMU phandle in Exynos5250 (git-fixes).
- arm: dts: exynos: correct TMU phandle in Odroid HC1 (git-fixes).
- arm: dts: exynos: correct TMU phandle in Odroid XU (git-fixes).
- arm: dts: exynos: correct TMU phandle in Odroid XU3 family (git-fixes).
- arm: dts: exynos: correct wr-active property in Exynos3250 Rinato (git-fixes).
- arm: dts: imx7-colibri-eval-v3: correct can controller comment (git-fixes)
- arm: dts: imx7s: correct iomuxc gpr mux controller cells (git-fixes).
- arm: dts: qcom: msm8974: add required ranges to OCMEM (git-fixes)
- arm: dts: qcom: sdx55: Add Qcom SMMU-500 as the fallback for IOMMU node (git-fixes).
- arm: dts: rockchip: add power-domains property to dp node on rk3288 (git-fixes).
- arm: dts: spear320-hmi: correct STMPE GPIO compatible (git-fixes).
- arm: dts: stm32: add missing usbh clock and fix clk order on (git-fixes)
- arm: dts: stm32: use usbphyc ck_usbo_48m as USBH OHCI clock on (git-fixes)
- arm: dts: sun8i: nanopi-duo2: Fix regulator GPIO reference (git-fixes).
- arm: imx: Call ida_simple_remove() for ida_simple_get (git-fixes).
- arm: imx: rename DEBUG_IMX21_IMX27_UART to DEBUG_IMX27_UART (git-fixes)
- arm: omap: remove debug-leds driver (git-fixes)
- arm: remove some dead code (git-fixes)
- arm: renumber bits related to _TIF_WORK_MASK (git-fixes)
- arm: s3c: fix s3c64xx_set_timer_source prototype (git-fixes).
- arm: shmobile: rcar-gen2: Add missing of_node_put() (git-fixes)
- arm: zynq: Fix refcount leak in zynq_early_slcr_init (git-fixes).
- asoc: Intel: boards: fix spelling in comments (git-fixes).
- asoc: Intel: bytcht_es8316: Drop reference count of ACPI device after use (git-fixes).
- asoc: Intel: bytcht_es8316: move comment to the right place (git-fixes).
- asoc: Intel: sof_cs42l42: always set dpcm_capture for amplifiers (git-fixes).
- asoc: Intel: sof_rt5682: always set dpcm_capture for amplifiers (git-fixes).
- asoc: adau7118: do not disable regulators on device unbind (git-fixes).
- asoc: codecs: Change bulk clock voting to optional voting in digital codecs (git-fixes).
- asoc: codecs: lpass: fix incorrect mclk rate (git-fixes).
- asoc: codecs: rx-macro: move clk provider to managed variants (git-fixes).
- asoc: codecs: rx-macro: move to individual clks from bulk (git-fixes).
- asoc: codecs: tx-macro: move clk provider to managed variants (git-fixes).
- asoc: codecs: tx-macro: move to individual clks from bulk (git-fixes).
- asoc: cs42l56: fix DT probe (git-fixes).
- asoc: dt-bindings: meson: fix gx-card codec node regex (git-fixes).
- asoc: fsl_sai: Update to modern clocking terminology (git-fixes).
- asoc: kirkwood: Iterate over array indexes instead of using pointer math (git-fixes).
- asoc: mchp-spdifrx: Fix uninitialized use of mr in mchp_spdifrx_hw_params() (git-fixes).
- asoc: mchp-spdifrx: disable all interrupts in mchp_spdifrx_dai_remove() (git-fixes).
- asoc: mchp-spdifrx: fix controls which rely on rsr register (git-fixes).
- asoc: rsnd: Remove unnecessary rsnd_dbg_dai_call() (git-fixes).
- asoc: rsnd: fixup #endif position (git-fixes).
- asoc: rt715-sdca: fix clock stop prepare timeout issue (git-fixes).
- asoc: soc-compress.c: fixup private_data on snd_soc_new_compress() (git-fixes).
- asoc: soc-compress: Reposition and add pcm_mutex (git-fixes).
- asoc: soc-dapm.h: fixup warning struct snd_pcm_substream not declared (git-fixes).
- asoc: tlv320adcx140: fix 'ti,gpio-config' DT property init (git-fixes).
- asoc: topology: Return -ENOMEM on memory allocation failure (git-fixes).
- asoc: zl38060 add gpiolib dependency (git-fixes).
- asoc: zl38060: Remove spurious gpiolib select (git-fixes).
- ath9k: hif_usb: simplify if-if to if-else (git-fixes).
- ath9k: htc: clean up statistics macros (git-fixes).
- auxdisplay: hd44780: Fix potential memory leak in hd44780_remove() (git-fixes).
- avoid deadlock for recursive I/O on dm-thin when used as swap (bsc#1177529).
- backlight: backlight: Fix doc for backlight_device_get_by_name (git-fixes).
- blk-cgroup: fix missing pd_online_fn() while activating policy (git-fixes).
- blk-mq: fix possible memleak when register 'hctx' failed (git-fixes).
- block, bfq: fix uaf for bfqq in bic_set_bfqq() (git-fixes).
- block/bfq-iosched.c: use 'false' rather than 'BLK_RW_ASYNC' (git-fixes).
- block: bio-integrity: Copy flags when bio_integrity_payload is cloned (bsc#1208541).
- block: clear ->slave_dir when dropping the main slave_dir reference (git-fixes).
- block: do not allow splitting of a REQ_NOWAIT bio (git-fixes).
- block: fix and cleanup bio_check_ro (git-fixes).
- block: mq-deadline: Do not break sequential write streams to zoned HDDs (git-fixes).
- block: mq-deadline: Rename deadline_is_seq_writes() (git-fixes).
- bluetooth: L2CAP: Fix potential user-after-free (git-fixes).
- bluetooth: btusb: Add VID:PID 13d3:3529 for Realtek RTL8821CE (git-fixes).
- bluetooth: hci_qca: get wakeup status from serdev device handle (git-fixes).
- bluetooth: hci_sock: purge socket queues in the destruct() callback (git-fixes).
- bpf, perf: Use subprog name when reporting subprog ksymbol (git fixes).
- bpf, x64: Factor out emission of REX byte in more cases (git-fixes).
- bpf: Fix a possible task gone issue with bpf_send_signal[_thread]() helpers (git-fixes).
- bpf: Fix extable address check (git-fixes).
- bpf: Fix extable fixup offset (git-fixes).
- bpf: Skip task with pid=1 in send_signal_common() (git-fixes).
- can: j1939: do not wait 250 ms if the same addr was already claimed (git-fixes).
- ceph: flush cap releases when the session is flushed (bsc#1208428).
- ceph: update the time stamps and try to drop the suid/sgid (bsc#1209504).
- cifs: Check the lease context if we actually got a lease (bsc#1193629).
- cifs: Convert struct fealist away from 1-element array (bsc#1193629).
- cifs: Fix lost destroy smbd connection when MR allocate failed (git-fixes).
- cifs: Fix oops due to uncleared server->smbd_conn in reconnect (git-fixes).
- cifs: Fix uninitialized memory read in smb3_qfs_tcon() (bsc#1193629).
- cifs: Fix uninitialized memory reads for oparms.mode (bsc#1193629).
- cifs: Fix use-after-free in rdata->read_into_pages() (git-fixes).
- cifs: Fix warning and UAF when destroy the MR list (git-fixes).
- cifs: Get rid of unneeded conditional in the smb2_get_aead_req() (bsc#1193629).
- cifs: Replace remaining 1-element arrays (bsc#1193629).
- cifs: Replace zero-length arrays with flexible-array members (bsc#1193629).
- cifs: Use kstrtobool() instead of strtobool() (bsc#1193629).
- cifs: do not try to use rdma offload on encrypted connections (bsc#1193629).
- cifs: fix mount on old smb servers (boo#1206935).
- cifs: get rid of dns resolve worker (bsc#1193629).
- cifs: get rid of unneeded conditional in cifs_get_num_sgs() (bsc#1193629).
- cifs: improve checking of DFS links over STATUS_OBJECT_NAME_INVALID (git-fixes).
- cifs: introduce cifs_io_parms in smb2_async_writev() (bsc#1193629).
- cifs: match even the scope id for ipv6 addresses (bsc#1193629).
- cifs: prevent data race in cifs_reconnect_tcon() (bsc#1193629).
- cifs: prevent data race in smb2_reconnect() (bsc#1193629).
- cifs: print last update time for interface list (bsc#1193629).
- cifs: remove unneeded 2bytes of padding from smb2 tree connect (bsc#1193629).
- cifs: return a single-use cfid if we did not get a lease (bsc#1193629).
- cifs: reuse cifs_match_ipaddr for comparison of dstaddr too (bsc#1193629).
- cifs: split out smb3_use_rdma_offload() helper (bsc#1193629).
- cifs: update ip_addr for ses only for primary chan setup (bsc#1193629).
- cifs: use tcon allocation functions even for dummy tcon (git-fixes).
- cifs: use the least loaded channel for sending requests (bsc#1193629).
- clk: HI655X: select REGMAP instead of depending on it (git-fixes).
- clk: Honor CLK_OPS_PARENT_ENABLE in clk_core_is_enabled() (git-fixes).
- clk: imx: avoid memory leak (git-fixes).
- clk: mxl: Add option to override gate clks (git-fixes).
- clk: mxl: Fix a clk entry by adding relevant flags (git-fixes).
- clk: mxl: Remove redundant spinlocks (git-fixes).
- clk: mxl: Switch from direct readl/writel based IO to regmap based IO (git-fixes).
- clk: mxl: syscon_node_to_regmap() returns error pointers (git-fixes).
- clk: qcom: gcc-qcs404: disable gpll[04]_out_aux parents (git-fixes).
- clk: qcom: gcc-qcs404: fix names of the DSI clocks used as parents (git-fixes).
- clk: ralink: fix 'mt7621_gate_is_enabled()' function (git-fixes).
- clk: renesas: cpg-mssr: Fix use after free if cpg_mssr_common_init() failed (git-fixes).
- clk: renesas: cpg-mssr: Remove superfluous check in resume code (git-fixes).
- clocksource: Suspend the watchdog temporarily when high read latency detected (git-fixes).
- comedi: use menuconfig for main Comedi menu (git-fixes).
- crypto: arm64 - Fix unused variable compilation warnings of (git-fixes)
- crypto: ccp - Avoid page allocation failure warning for SEV_GET_ID2 (git-fixes).
- crypto: ccp - Failure on re-initialization due to duplicate sysfs filename (git-fixes).
- crypto: crypto4xx - Call dma_unmap_page when done (git-fixes).
- crypto: essiv - Handle EBUSY correctly (git-fixes).
- crypto: qat - fix out-of-bounds read (git-fixes).
- crypto: rsa-pkcs1pad - Use akcipher_request_complete (git-fixes).
- crypto: seqiv - Handle EBUSY correctly (git-fixes).
- crypto: x86/ghash - fix unaligned access in ghash_setkey() (git-fixes).
- crypto: xts - Handle EBUSY correctly (git-fixes).
- delete patches.suse/drm-i915-Don-t-use-BAR-mappings-for-ring-buffers-wit.patch Resulted in an Oops / hang at boot (bsc#1209436)
- dmaengine: dw-axi-dmac: Do not dereference NULL structure (git-fixes).
- dmaengine: dw-edma: Do not permit non-inc interleaved xfers (git-fixes).
- dmaengine: dw-edma: Drop chancnt initialization (git-fixes).
- dmaengine: dw-edma: Fix invalid interleaved xfers semantics (git-fixes).
- dmaengine: dw-edma: Fix missing src/dst address of interleaved xfers (git-fixes).
- dmaengine: dw-edma: Fix readq_ch() return value truncation (git-fixes).
- dmaengine: idxd: Set traffic class values in GRPCFG on DSA 2.0 (git-fixes).
- dmaengine: ptdma: check for null desc before calling pt_cmd_callback (git-fixes).
- dmaengine: sf-pdma: pdma_desc memory leak fix (git-fixes).
- do not sign the vanilla kernel (bsc#1209008).
- docs/scripts/gdb: add necessary make scripts_gdb step (git-fixes).
- docs: Correct missing 'd_' prefix for dentry_operations member d_weak_revalidate (git-fixes).
- docs: ftrace: fix a issue with duplicated subtitle number (git-fixes).
- docs: gdbmacros: print newest record (git-fixes).
- documentation/hw-vuln: Document the interaction between IBRS and STIBP (git-fixes).
- documentation: simplify and clarify DCO contribution example language (git-fixes).
- driver core: fix potential null-ptr-deref in device_add() (git-fixes).
- driver core: fix resource leak in device_add() (git-fixes).
- driver core: fw_devlink: Add DL_FLAG_CYCLE support to device links (git-fixes).
- drivers/md/md-bitmap: check the return value of md_bitmap_get_counter() (git-fixes).
- drivers: base: transport_class: fix possible memory leak (git-fixes).
- drivers: base: transport_class: fix resource leak when transport_add_device() fails (git-fixes).
- drm/amd/display: Fail atomic_check early on normalize_zpos error (git-fixes).
- drm/amd/display: Fix potential null-deref in dm_resume (git-fixes).
- drm/amd/display: Fix timing not changning when freesync video is enabled (git-fixes).
- drm/amd/display: Properly handle additional cases where DCN is not supported (git-fixes).
- drm/amd/display: reduce else-if to else in dcn10_blank_pixel_data() (git-fixes).
- drm/amdgpu/fence: Fix oops due to non-matching drm_sched init/fini (git-fixes).
- drm/amdgpu: fix enum odm_combine_mode mismatch (git-fixes).
- drm/amdgpu: fix error checking in amdgpu_read_mm_registers for soc15 (git-fixes).
- drm/bridge: Fix returned array size name for atomic_get_input_bus_fmts kdoc (git-fixes).
- drm/bridge: lt8912b: Add hot plug detection (git-fixes).
- drm/bridge: lt9611: fix HPD reenablement (git-fixes).
- drm/bridge: lt9611: fix clock calculation (git-fixes).
- drm/bridge: lt9611: fix polarity programming (git-fixes).
- drm/bridge: lt9611: fix programming of video modes (git-fixes).
- drm/bridge: lt9611: fix sleep mode setup (git-fixes).
- drm/bridge: lt9611: pass a pointer to the of node (git-fixes).
- drm/bridge: megachips: Fix error handling in i2c_register_driver() (git-fixes).
- drm/connector: print max_requested_bpc in state debugfs (git-fixes).
- drm/edid: fix AVI infoframe aspect ratio handling (git-fixes).
- drm/fourcc: Add missing big-endian XRGB1555 and RGB565 formats (git-fixes).
- drm/hyperv : Removing the restruction of VRAM allocation with PCI bar size (git-fixes).
- drm/hyperv: Fix an error handling path in hyperv_vmbus_probe() (git-fixes).
- drm/i915/gen11: Moving WAs to icl_gt_workarounds_init() (git-fixes).
- drm/i915/gen11: Wa_1408615072/Wa_1407596294 should be on GT list (git-fixes).
- drm/i915/quirks: Add inverted backlight quirk for HP 14-r206nv (git-fixes).
- drm/i915: Do not use BAR mappings for ring buffers with LLC (git-fixes).
- drm/i915: Fix VBT DSI DVO port handling (git-fixes).
- drm/i915: Initialize the obj flags for shmem objects (git-fixes).
- drm/mediatek: Clean dangling pointer on bind error path (git-fixes).
- drm/mediatek: Drop unbalanced obj unref (git-fixes).
- drm/mediatek: Use NULL instead of 0 for NULL pointer (git-fixes).
- drm/mediatek: dsi: Reduce the time of dsi from LP11 to sending cmd (git-fixes).
- drm/mediatek: mtk_drm_crtc: Add checks for devm_kcalloc (git-fixes).
- drm/meson: fix 1px pink line on GXM when scaling video overlay (git-fixes).
- drm/mipi-dsi: Fix byte order of 16-bit DCS set/get brightness (git-fixes).
- drm/msm/a5xx: fix context faults during ring switch (git-fixes).
- drm/msm/a5xx: fix highest bank bit for a530 (git-fixes).
- drm/msm/a5xx: fix setting of the CP_PREEMPT_ENABLE_LOCAL register (git-fixes).
- drm/msm/a5xx: fix the emptyness check in the preempt code (git-fixes).
- drm/msm/adreno: Fix null ptr access in adreno_gpu_cleanup() (git-fixes).
- drm/msm/disp/dpu: fix sc7280_pp base offset (git-fixes).
- drm/msm/dpu: Add check for cstate (git-fixes).
- drm/msm/dpu: Add check for pstates (git-fixes).
- drm/msm/dpu: Disallow unallocated resources to be returned (git-fixes).
- drm/msm/dpu: drop stale comment from struct dpu_mdp_cfg doc (git-fixes).
- drm/msm/dpu: fix len of sc7180 ctl blocks (git-fixes).
- drm/msm/dpu: set pdpu->is_rt_pipe early in dpu_plane_sspp_atomic_update() (git-fixes).
- drm/msm/dsi: Add missing check for alloc_ordered_workqueue (git-fixes).
- drm/msm/gem: Add check for kmalloc (git-fixes).
- drm/msm/hdmi: Add missing check for alloc_ordered_workqueue (git-fixes).
- drm/msm/mdp5: Add check for kzalloc (git-fixes).
- drm/msm: Fix potential invalid ptr free (git-fixes).
- drm/msm: clean event_thread->worker in case of an error (git-fixes).
- drm/msm: use strscpy instead of strncpy (git-fixes).
- drm/nouveau/devinit/tu102-: wait for GFW_BOOT_PROGRESS == COMPLETED (git-fixes).
- drm/nouveau/kms/nv50-: remove unused functions (git-fixes).
- drm/nouveau/kms/nv50: fix nv50_wndw_new_ prototype (git-fixes).
- drm/omap: dsi: Fix excessive stack usage (git-fixes).
- drm/omapdrm: Remove unused struct csc_coef_rgb2yuv (git-fixes).
- drm/panfrost: Do not sync rpm suspension after mmu flushing (git-fixes).
- drm/radeon: Fix eDP for single-display iMac11,2 (git-fixes).
- drm/radeon: free iio for atombios when driver shutdown (git-fixes).
- drm/shmem-helper: Remove another errant put in error path (git-fixes).
- drm/sun4i: fix missing component unbind on bind errors (git-fixes).
- drm/tiny: ili9486: Do not assume 8-bit only SPI controllers (git-fixes).
- drm/vc4: dpi: Add option for inverting pixel clock and output enable (git-fixes).
- drm/vc4: dpi: Fix format mapping for RGB565 (git-fixes).
- drm/vc4: hdmi: Correct interlaced timings again (git-fixes).
- drm/vc4: hvs: Fix colour order for xRGB1555 on HVS5 (git-fixes).
- drm/vc4: hvs: Set AXI panic modes (git-fixes).
- drm/vc4: vec: Use pm_runtime_resume_and_get() in vc4_vec_encoder_enable() (git-fixes).
- drm/virtio: exbuf->fence_fd unmodified on interrupted wait (git-fixes).
- drm/vkms: Fix memory leak in vkms_init() (git-fixes).
- drm/vkms: Fix null-ptr-deref in vkms_release() (git-fixes).
- drm: Fix potential null-ptr-deref due to drmm_mode_config_init() (git-fixes).
- drm: amd: display: Fix memory leakage (git-fixes).
- drm: mxsfb: DRM_MXSFB should depend on ARCH_MXS || ARCH_MXC (git-fixes).
- drm: panel-orientation-quirks: Add quirk for Lenovo IdeaPad Duet 3 10IGL5 (git-fixes).
- drm: tidss: Fix pixel format definition (git-fixes).
- dt-bindings: arm: fsl: Fix bindings for APF28Dev board (git-fixes).
- dt-bindings: hwlock: sun6i: Add missing #hwlock-cells (git-fixes).
- dt-bindings: input: iqs626a: Redefine trackpad property types (git-fixes).
- dt-bindings: msm: dsi-controller-main: Add vdd* descriptions back in (git-fixes).
- dt-bindings: net: snps,dwmac: Fix snps,reset-delays-us dependency (git-fixes).
- dt-bindings: power: supply: pm8941-coincell: Do not require charging properties (git-fixes).
- dt-bindings: usb: amlogic,meson-g12a-usb-ctrl: make G12A usb3-phy0 optional (git-fixes).
- eeprom: idt_89hpesx: Fix error handling in idt_init() (git-fixes).
- efi: Accept version 2 of memory attributes table (git-fixes).
- exit: Add and use make_task_dead (bsc#1207328).
- exit: Allow oops_limit to be disabled (bsc#1207328).
- exit: Guarantee make_task_dead leaks the tsk when calling do_task_exit (bsc#1207328).
- exit: Move force_uaccess back into do_exit (bsc#1207328).
- exit: Move oops specific logic from do_exit into make_task_dead (bsc#1207328).
- exit: Put an upper limit on how often we can oops (bsc#1207328).
- exit: Stop poorly open coding do_task_dead in make_task_dead (bsc#1207328).
- exit: Use READ_ONCE() for all oops/warn limit reads (bsc#1207328).
- ext4,f2fs: fix readahead of verity data (bsc#1207648).
- ext4: add EXT4_IGET_BAD flag to prevent unexpected bad inode (bsc#1207619).
- ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h (bsc#1206878).
- ext4: add helper to check quota inums (bsc#1207618).
- ext4: add inode table check in __ext4_get_inode_loc to aovid possible infinite loop (bsc#1207617).
- ext4: add missing validation of fast-commit record lengths (bsc#1207626).
- ext4: allocate extended attribute value in vmalloc area (bsc#1207635).
- ext4: avoid crash when inline data creation follows DIO write (bsc#1206883).
- ext4: avoid resizing to a partial cluster size (bsc#1206880).
- ext4: avoid unaccounted block allocation when expanding inode (bsc#1207634).
- ext4: continue to expand file system when the target size does not reach (bsc#1206882).
- ext4: correct cluster len and clusters changed accounting in ext4_mb_mark_bb (bsc#1207592).
- ext4: correct max_inline_xattr_value_size computing (bsc#1206878).
- ext4: correct the misjudgment in ext4_iget_extra_inode (bsc#1206878).
- ext4: disable fast-commit of encrypted dir operations (bsc#1207623).
- ext4: do not allow journal inode to have encrypt flag (bsc#1207621).
- ext4: do not increase iversion counter for ea_inodes (bsc#1207605).
- ext4: do not run ext4lazyinit for read-only filesystems (bsc#1207603).
- ext4: do not set up encryption key during jbd2 transaction (bsc#1207624).
- ext4: drop ineligible txn start stop APIs (bsc#1207588).
- ext4: ext4_read_bh_lock() should submit IO if the buffer isn't uptodate (bsc#1207606).
- ext4: factor out ext4_fc_get_tl() (bsc#1207615).
- ext4: fast commit may miss file actions (bsc#1207591).
- ext4: fast commit may not fallback for ineligible commit (bsc#1207590).
- ext4: fix BUG_ON() when directory entry has invalid rec_len (bsc#1206886).
- ext4: fix bug in extents parsing when eh_entries == 0 and eh_depth > 0 (bsc#1206881).
- ext4: fix bug_on in __es_tree_search caused by bad boot loader inode (bsc#1207620).
- ext4: fix bug_on in start_this_handle during umount filesystem (bsc#1207594).
- ext4: fix deadlock due to mbcache entry corruption (bsc#1207653).
- ext4: fix delayed allocation bug in ext4_clu_mapped for bigalloc + inline (bsc#1207631).
- ext4: fix dir corruption when ext4_dx_add_entry() fails (bsc#1207608).
- ext4: fix error code return to user-space in ext4_get_branch() (bsc#1207630).
- ext4: fix ext4_mb_mark_bb() with flex_bg with fast_commit (bsc#1207593).
- ext4: fix extent status tree race in writeback error recovery path (bsc#1206877).
- ext4: fix inode leak in ext4_xattr_inode_create() on an error path (bsc#1207636).
- ext4: fix kernel BUG in 'ext4_write_inline_data_end()' (bsc#1206894).
- ext4: fix leaking uninitialized memory in fast-commit journal (bsc#1207625).
- ext4: fix miss release buffer head in ext4_fc_write_inode (bsc#1207609).
- ext4: fix null-ptr-deref in ext4_write_info (bsc#1206884).
- ext4: fix off-by-one errors in fast-commit block filling (bsc#1207628).
- ext4: fix potential memory leak in ext4_fc_record_modified_inode() (bsc#1207611).
- ext4: fix potential memory leak in ext4_fc_record_regions() (bsc#1207612).
- ext4: fix potential out of bound read in ext4_fc_replay_scan() (bsc#1207616).
- ext4: fix reserved cluster accounting in __es_remove_extent() (bsc#1207637).
- ext4: fix unaligned memory access in ext4_fc_reserve_space() (bsc#1207627).
- ext4: fix undefined behavior in bit shift for ext4_check_flag_values (bsc#1206890).
- ext4: fix uninititialized value in 'ext4_evict_inode' (bsc#1206893).
- ext4: fix use-after-free in ext4_ext_shift_extents (bsc#1206888).
- ext4: fix use-after-free in ext4_orphan_cleanup (bsc#1207622).
- ext4: fix use-after-free in ext4_xattr_set_entry (bsc#1206878).
- ext4: fix warning in 'ext4_da_release_space' (bsc#1206887).
- ext4: goto right label 'failed_mount3a' (bsc#1207610).
- ext4: init quota for 'old.inode' in 'ext4_rename' (bsc#1207629).
- ext4: initialize quota before expanding inode in setproject ioctl (bsc#1207633).
- ext4: introduce EXT4_FC_TAG_BASE_LEN helper (bsc#1207614).
- ext4: limit the number of retries after discarding preallocations blocks (bsc#1207602).
- ext4: make ext4_lazyinit_thread freezable (bsc#1206885).
- ext4: place buffer head allocation before handle start (bsc#1207607).
- ext4: silence the warning when evicting inode with dioread_nolock (bsc#1206889).
- ext4: simplify updating of fast commit stats (bsc#1207589).
- ext4: update 'state->fc_regions_size' after successful memory allocation (bsc#1207613).
- ext4: update s_overhead_clusters in the superblock during an on-line resize (bsc#1206876).
- fbdev: omapfb: cleanup inconsistent indentation (git-fixes).
- fbdev: smscufx: fix error handling code in ufx_usb_probe (git-fixes).
- firmware/efi sysfb_efi: Add quirk for Lenovo IdeaPad Duet 3 (git-fixes).
- firmware: coreboot: Remove GOOGLE_COREBOOT_TABLE_ACPI/OF Kconfig entries (git-fixes).
- firmware: coreboot: framebuffer: Ignore reserved pixel color bits (git-fixes).
- firmware: dmi-sysfs: Fix null-ptr-deref in dmi_sysfs_register_handle (git-fixes).
- firmware: stratix10-svc: add missing gen_pool_destroy() in stratix10_svc_drv_probe() (git-fixes).
- firmware: xilinx: do not make a sleepable memory allocation from an atomic context (git-fixes).
- fix page corruption caused by racy check in __free_pages (bsc#1208149).
- fork: allow CLONE_NEWTIME in clone3 flags (bsc#1209258).
- fs: ext4: initialize fsdata in pagecache_write() (bsc#1207632).
- fscache_cookie_enabled: check cookie is valid before accessing it (bsc#1208429).
- fuse: add inode/permission checks to fileattr_get/fileattr_set (bsc#1208759).
- genirq: Provide new interfaces for affinity hints (bsc#1208153).
- gpio: tegra186: remove unneeded loop in tegra186_gpio_init_route_mapping() (git-fixes).
- gpio: vf610: connect GPIO label to dev name (git-fixes).
- gpu: host1x: Do not skip assigning syncpoints to channels (git-fixes).
- gpu: ipu-v3: common: Add of_node_put() for reference returned by of_graph_get_port_by_id() (git-fixes).
- hid: Add Mapping for System Microphone Mute (git-fixes).
- hid: asus: use spinlock to protect concurrent accesses (git-fixes).
- hid: asus: use spinlock to safely schedule workers (git-fixes).
- hid: bigben: use spinlock to protect concurrent accesses (git-fixes).
- hid: bigben: use spinlock to safely schedule workers (git-fixes).
- hid: bigben_probe(): validate report count (git-fixes).
- hid: bigben_worker() remove unneeded check on report_field (git-fixes).
- hid: core: Fix deadloop in hid_apply_multiplier (git-fixes).
- hid: elecom: add support for TrackBall 056E:011C (git-fixes).
- hid: logitech-hidpp: Do not restart communication if not necessary (git-fixes).
- hid: multitouch: Add quirks for flipped axes (git-fixes).
- hid: retain initial quirks set up when creating HID devices (git-fixes).
- hv: fix comment typo in vmbus_channel/low_latency (git-fixes).
- hv_netvsc: Allocate memory in netvsc_dma_map() with GFP_ATOMIC (git-fixes).
- hv_netvsc: Check status in SEND_RNDIS_PKT completion message (git-fixes).
- hwmon: (adm1266) Set `can_sleep` flag for GPIO chip (git-fixes).
- hwmon: (adt7475) Display smoothing attributes in correct order (git-fixes).
- hwmon: (adt7475) Fix masking of hysteresis registers (git-fixes).
- hwmon: (coretemp) Simplify platform device handling (git-fixes).
- hwmon: (ftsteutates) Fix scaling of measurements (git-fixes).
- hwmon: (ina3221) return prober error code (git-fixes).
- hwmon: (k10temp): Add support for new family 17h and 19h models (bsc#1208848).
- hwmon: (ltc2945) Handle error case in ltc2945_value_store (git-fixes).
- hwmon: (ltc2992) Set `can_sleep` flag for GPIO chip (git-fixes).
- hwmon: (mlxreg-fan) Return zero speed for broken fan (git-fixes).
- hwmon: (ucd90320) Add minimum delay between bus accesses (git-fixes).
- hwmon: (xgene) Fix use after free bug in xgene_hwmon_remove due to race condition (git-fixes).
- hwmon: tmp512: drop of_match_ptr for ID table (git-fixes).
- i2c: designware-pci: Add new PCI IDs for AMD NAVI GPU (git-fixes).
- i2c: designware: fix i2c_dw_clk_rate() return size to be u32 (git-fixes).
- i2c: mxs: suppress probe-deferral error message (git-fixes).
- i2c: rk3x: fix a bunch of kernel-doc warnings (git-fixes).
- ib/hfi1: Assign npages earlier (git-fixes)
- ib/hfi1: Fix math bugs in hfi1_can_pin_pages() (git-fixes)
- ib/hfi1: Fix sdma.h tx->num_descs off-by-one errors (git-fixes)
- ib/hfi1: Restore allocated resources on failed copyout (git-fixes)
- ib/hfi1: Update RMT size calculation (git-fixes)
- ib/ipoib: Fix legacy IPoIB due to wrong number of queues (git-fixes)
- iio: accel: mma9551_core: Prevent uninitialized variable in mma9551_read_config_word() (git-fixes).
- iio: accel: mma9551_core: Prevent uninitialized variable in mma9551_read_status_word() (git-fixes).
- iio: light: tsl2563: Do not hardcode interrupt trigger type (git-fixes).
- input: ads7846 - always set last command to PWRDOWN (git-fixes).
- input: ads7846 - do not check penirq immediately for 7845 (git-fixes).
- input: ads7846 - do not report pressure for ads7845 (git-fixes).
- input: iqs269a - configure device with a single block write (git-fixes).
- input: iqs269a - drop unused device node references (git-fixes).
- input: iqs269a - increase interrupt handler return delay (git-fixes).
- input: iqs626a - drop unused device node references (git-fixes).
- interconnect: exynos: fix node leak in probe PM QoS error path (git-fixes).
- interconnect: fix mem leak when freeing nodes (git-fixes).
- interconnect: qcom: osm-l3: fix icc_onecell_data allocation (git-fixes).
- iommu/hyper-v: Allow hyperv irq remapping without x2apic (git-fixes).
- ipmi:ssif: Add a timer between request retries (bsc#1206459).
- ipmi:ssif: Remove rtc_us_timer (bsc#1206459).
- ipmi:ssif: resend_msg() cannot fail (bsc#1206459).
- ipmi_ssif: Rename idle state and check (bsc#1206459).
- irqchip/gic-v3: Refactor ISB + EOIR at ack time (git-fixes)
- iw_cxgb4: Fix potential NULL dereference in c4iw_fill_res_cm_id_entry() (git-fixes)
- jbd2: Fix up kABI of ext4 fast commit interface (bsc#1207590).
- jbd2: add miss release buffer head in fc_do_one_pass() (bsc#1207646).
- jbd2: fix a potential race while discarding reserved buffers after an abort (bsc#1207641).
- jbd2: fix potential buffer head reference count leak (bsc#1207644).
- jbd2: fix potential use-after-free in jbd2_fc_wait_bufs (bsc#1207645).
- jbd2: wake up journal waiters in FIFO order, not LIFO (bsc#1207643).
- kABI workaround for hid quirks (git-fixes).
- kABI: pci: Reduce warnings on possible RW1C corruption (kabi).
- kABI: pci: dwc: Add dw_pcie_ops.host_deinit() callback (kabi).
- kabi fix for nfsv4: Fix free of uninitialized nfs4_label on referral lookup (git-fixes).
- kabi fix for: NFSv3: handle out-of-order write replies (bsc#1205544).
- kabi fix for: nfs: Further optimisations for 'ls -l' (git-fixes).
- kabi fix for: nfsd: Have legacy NFSD WRITE decoders use xdr_stream_subsegment() (git-fixes).
- kabi fix for: nfsv4.1 query for fs_location attr on a new file system (Never, kabi).
- kasan: no need to unset panic_on_warn in end_report() (bsc#1207328).
- kernel-module-subpackage: Fix expansion with -b parameter (bsc#1208179). When -b is specified the script is prefixed with KMP_NEEDS_MKINITRD=1 which sets the variable for a simple command. However, the script is no longer a simple command. Export the variable instead.
- keys: asymmetric: Fix ECDSA use via keyctl uapi (git-fixes).
- leds: led-class: Add missing put_device() to led_put() (git-fixes).
- leds: led-core: Fix refcount leak in of_led_get() (git-fixes).
- lib/mpi: Fix buffer overrun when SG is too long (git-fixes).
- lib/zlib: remove redundation assignement of avail_in dfltcc_gdht() (git-fixes).
- locking/rwsem: Allow slowpath writer to ignore handoff bit if not set by first waiter (bsc#1207270).
- locking/rwsem: Always try to wake waiters in out_nolock path (bsc#1207270).
- locking/rwsem: Conditionally wake waiters in reader/writer slowpaths (bsc#1207270).
- locking/rwsem: Disable preemption in all down_read*() and up_read() code paths (bsc#1207270).
- locking/rwsem: Disable preemption in all down_write*() and up_write() code paths (bsc#1207270).
- locking/rwsem: Disable preemption while trying for rwsem lock (bsc#1207270).
- locking/rwsem: Make handoff bit handling more consistent (bsc#1207270).
- locking/rwsem: No need to check for handoff bit if wait queue empty (bsc#1207270).
- locking/rwsem: Prevent non-first waiter from spinning in down_write() slowpath (bsc#1207270).
- locking: Add missing __sched attributes (bsc#1207270).
- makefile: link with -z noexecstack --no-warn-rwx-segments (bsc#1203200).
- mbcache: Avoid nesting of cache->c_list_lock under bit locks (bsc#1207647).
- mbcache: Fixup kABI of mb_cache_entry (bsc#1207653).
- md/bitmap: Fix bitmap chunk size overflow issues (git-fixes).
- md/raid1: stop mdx_raid1 thread when raid1 array run failed (git-fixes).
- md: fix a crash in mempool_free (git-fixes).
- media: coda: Add check for dcoda_iram_alloc (git-fixes).
- media: coda: Add check for kmalloc (git-fixes).
- media: i2c: imx219: Fix binning for RAW8 capture (git-fixes).
- media: i2c: imx219: Split common registers from mode tables (git-fixes).
- media: i2c: ov7670: 0 instead of -EINVAL was returned (git-fixes).
- media: i2c: ov772x: Fix memleak in ov772x_probe() (git-fixes).
- media: imx: imx7-media-csi: fix missing clk_disable_unprepare() in imx7_csi_init() (git-fixes).
- media: ipu3-cio2: Fix PM runtime usage_count in driver unbind (git-fixes).
- media: m5mols: fix off-by-one loop termination error (git-fixes).
- media: max9286: Fix memleak in max9286_v4l2_register() (git-fixes).
- media: ov2740: Fix memleak in ov2740_init_controls() (git-fixes).
- media: ov5640: Fix analogue gain control (git-fixes).
- media: ov5675: Fix memleak in ov5675_init_controls() (git-fixes).
- media: platform: ti: Add missing check for devm_regulator_get (git-fixes).
- media: rc: Fix use-after-free bugs caused by ene_tx_irqsim() (git-fixes).
- media: rc: gpio-ir-recv: add remove function (git-fixes).
- media: saa7134: Use video_unregister_device for radio_dev (git-fixes).
- media: ti: cal: fix possible memory leak in cal_ctx_create() (git-fixes).
- media: usb: siano: Fix use after free bugs caused by do_submit_urb (git-fixes).
- media: uvcvideo: Add support for V4L2_CTRL_TYPE_CTRL_CLASS (git-fixes).
- media: uvcvideo: Check controls flags before accessing them (git-fixes).
- media: uvcvideo: Check for INACTIVE in uvc_ctrl_is_accessible() (git-fixes).
- media: uvcvideo: Do not check for V4L2_CTRL_WHICH_DEF_VAL (git-fixes).
- media: uvcvideo: Fix memory leak of object map on error exit path (git-fixes).
- media: uvcvideo: Fix race condition with usb_kill_urb (git-fixes).
- media: uvcvideo: Handle cameras with invalid descriptors (git-fixes).
- media: uvcvideo: Handle errors from calls to usb_string (git-fixes).
- media: uvcvideo: Quirk for autosuspend in Logitech B910 and C910 (git-fixes).
- media: uvcvideo: Remove s_ctrl and g_ctrl (git-fixes).
- media: uvcvideo: Silence memcpy() run-time false positive warnings (git-fixes).
- media: uvcvideo: Use control names from framework (git-fixes).
- media: uvcvideo: refactor __uvc_ctrl_add_mapping (git-fixes).
- media: v4l2-jpeg: correct the skip count in jpeg_parse_app14_data (git-fixes).
- media: v4l2-jpeg: ignore the unknown APP14 marker (git-fixes).
- mei: bus-fixup:upon error print return values of send and receive (git-fixes).
- mfd: arizona: Use pm_runtime_resume_and_get() to prevent refcnt leak (git-fixes).
- mfd: cs5535: Do not build on UML (git-fixes).
- mfd: pcf50633-adc: Fix potential memleak in pcf50633_adc_async_read() (git-fixes).
- misc/mei/hdcp: Use correct macros to initialize uuid_le (git-fixes).
- misc: enclosure: Fix doc for enclosure_find() (git-fixes).
- mm: memcg: fix NULL pointer in mem_cgroup_track_foreign_dirty_slowpath() (bsc#1209262).
- mmc: jz4740: Work around bug on JZ4760(B) (git-fixes).
- mmc: mmc_spi: fix error handling in mmc_spi_probe() (git-fixes).
- mmc: sdhci_am654: lower power-on failed message severity (git-fixes).
- mmc: sdio: fix possible resource leaks in some error paths (git-fixes).
- move upstreamed i915 and media fixes into sorted section
- mt76: mt7915: fix polling firmware-own status (git-fixes).
- mtd: dataflash: remove duplicate SPI ID table (git-fixes).
- mtd: rawnand: fsl_elbc: Propagate HW ECC settings to HW (git-fixes).
- mtd: rawnand: sunxi: Clean up chips after failed init (git-fixes).
- mtd: rawnand: sunxi: Fix the size of the last OOB region (git-fixes).
- mtd: spi-nor: Fix shift-out-of-bounds in spi_nor_set_erase_type (git-fixes).
- mtd: spi-nor: core: fix implicit declaration warning (git-fixes).
- mtd: spi-nor: sfdp: Fix index value for SCCR dwords (git-fixes).
- mtd: spi-nor: spansion: Consider reserved bits in CFR5 register (git-fixes).
- net/rose: Fix to not accept on connected socket (git-fixes).
- net/sunrpc: fix reference count leaks in rpc_sysfs_xprt_state_change (git-fixes).
- net/usb: kalmia: Do not pass act_len in usb_bulk_msg error path (git-fixes).
- net/x25: Fix to not accept on connected socket (git-fixes).
- net: USB: Fix wrong-direction WARNING in plusb.c (git-fixes).
- net: mana: Assign interrupts to CPUs based on NUMA nodes (bsc#1208153).
- net: mana: Fix IRQ name - add PCI and queue number (bsc#1207875).
- net: mana: Fix accessing freed irq affinity_hint (bsc#1208153).
- net: openvswitch: fix possible memory leak in ovs_meter_cmd_set() (git-fixes).
- net: phy: meson-gxl: use MMD access dummy stubs for GXL, internal PHY (git-fixes).
- nfc: change order inside nfc_se_io error path (git-fixes).
- nfc: fdp: add null check of devm_kmalloc_array in fdp_nci_i2c_read_device_properties (git-fixes).
- nfc: fix memory leak of se_io context in nfc_genl_se_io (git-fixes).
- nfc: pn533: initialize struct pn533_out_arg properly (git-fixes).
- nfc: st-nci: Fix use after free bug in ndlc_remove due to race condition (git-fixes).
- nfcv3: handle out-of-order write replies (bsc#1205544).
- nfs4: Fix kmemleak when allocate slot failed (git-fixes).
- nfs: Always initialise fattr->label in nfs_fattr_alloc() (git-fixes).
- nfs: Avoid writeback threads getting stuck in mempool_alloc() (git-fixes).
- nfs: Create a new nfs_alloc_fattr_with_label() function (git-fixes).
- nfs: Do not allocate nfs_fattr on the stack in __nfs42_ssc_open() (git-fixes).
- nfs: Further optimisations for 'ls -l' (git-fixes).
- nfs: nfs4clinet: check the return value of kstrdup() (git-fixes).
- nfs: nfsiod should not block forever in mempool_alloc() (git-fixes).
- nfs: nfsiod should not block forever in mempool_alloc() (git-fixes).
- nfsd: COMMIT operations must not return NFS?ERR_INVAL (git-fixes).
- nfsd: De-duplicate net_generic(nf->nf_net, nfsd_net_id) (git-fixes).
- nfsd: Finish converting the NFSv2 GETACL result encoder (git-fixes).
- nfsd: Finish converting the NFSv3 GETACL result encoder (git-fixes).
- nfsd: Fix a memory leak in an error handling path (git-fixes).
- nfsd: Fix handling of oversized nfsv4 COMPOUND requests (git-fixes).
- nfsd: Fix nfsd_breaker_owns_lease() return values (git-fixes).
- nfsd: Have legacy NFSD WRITE decoders use xdr_stream_subsegment() (git-fixes).
- nfsd: Return nfserr_serverfault if splice_ok but buf->pages have data (git-fixes).
- nfsd: do not call nfsd_file_put from client states seqfile display (git-fixes).
- nfsd: fix use-after-free on source server when doing inter-server copy (git-fixes).
- nfsd: pass range end to vfs_fsync_range() instead of count (git-fixes).
- nfsv4 expose nfs_parse_server_name function (git-fixes).
- nfsv4 handle port presence in fs_location server string (git-fixes).
- nfsv4 only print the label when its queried (git-fixes).
- nfsv4 remove zero number of fs_locations entries error check (git-fixes).
- nfsv4 store server support for fs_location attribute (git-fixes).
- nfsv4.1 query for fs_location attr on a new file system (git-fixes).
- nfsv4.1: Fix uninitialised variable in devicenotify (git-fixes).
- nfsv4.1: Handle RECLAIM_COMPLETE trunking errors (git-fixes).
- nfsv4.1: We must always send RECLAIM_COMPLETE after a reboot (git-fixes).
- nfsv4.2: Clear FATTR4_WORD2_SECURITY_LABEL when done decoding (git-fixes).
- nfsv4.2: Fix a memory stomp in decode_attr_security_label (git-fixes).
- nfsv4.2: Fixup CLONE dest file size for zero-length count (git-fixes).
- nfsv4.2: fix reference count leaks in _nfs42_proc_copy_notify() (git-fixes).
- nfsv4/pnfs: Always return layout stats on layout return for flexfiles (git-fixes).
- nfsv4/pnfs: Fix a use-after-free bug in open (git-fixes).
- nfsv4: Add an fattr allocation to _nfs4_discover_trunking() (git-fixes).
- nfsv4: Do not hold the layoutget locks across multiple RPC calls (git-fixes).
- nfsv4: Fix a potential state reclaim deadlock (git-fixes).
- nfsv4: Fix free of uninitialized nfs4_label on referral lookup (git-fixes).
- nfsv4: Protect the state recovery thread against direct reclaim (git-fixes).
- nfsv4: Retry LOCK on OLD_STATEID during delegation return (git-fixes).
- nvdimm: disable namespace on error (bsc#1166486).
- nvme-auth: check chap ctrl_key once constructed (bsc#1202633).
- nvme-auth: clear sensitive info right after authentication completes (bsc#1202633).
- nvme-auth: convert dhchap_auth_list to an array (bsc#1202633).
- nvme-auth: do not ignore key generation failures when initializing ctrl keys (bsc#1202633).
- nvme-auth: do not keep long lived 4k dhchap buffer (bsc#1202633).
- nvme-auth: do not override ctrl keys before validation (bsc#1202633).
- nvme-auth: do not re-authenticate if the controller is not LIVE (bsc#1202633).
- nvme-auth: do not use NVMe status codes (bsc#1202633).
- nvme-auth: fix an error code in nvme_auth_process_dhchap_challenge() (bsc#1202633).
- nvme-auth: fix smatch warning complaints (bsc#1202633).
- nvme-auth: guarantee dhchap buffers under memory pressure (bsc#1202633).
- nvme-auth: have dhchap_auth_work wait for queues auth to complete (bsc#1202633).
- nvme-auth: mark nvme_auth_wq static (bsc#1202633).
- nvme-auth: no need to reset chap contexts on re-authentication (bsc#1202633).
- nvme-auth: remove redundant auth_work flush (bsc#1202633).
- nvme-auth: remove redundant buffer deallocations (bsc#1202633).
- nvme-auth: remove redundant deallocations (bsc#1202633).
- nvme-auth: remove redundant if statement (bsc#1202633).
- nvme-auth: remove symbol export from nvme_auth_reset (bsc#1202633).
- nvme-auth: rename __nvme_auth_[reset|free] to nvme_auth[reset|free]_dhchap (bsc#1202633).
- nvme-auth: rename authentication work elements (bsc#1202633).
- nvme-auth: use workqueue dedicated to authentication (bsc#1202633).
- nvme-fabrics: show well known discovery name (bsc#1200054).
- objtool: Add a missing comma to avoid string concatenation (bsc#1207328).
- ocfs2: Fix data corruption after failed write (bsc#1208542).
- ocfs2: clear dinode links count in case of error (bsc#1207650).
- ocfs2: fix BUG when iput after ocfs2_mknod fails (bsc#1207649).
- ocfs2: fix crash when mount with quota enabled (bsc#1207640).
- ocfs2: fix memory leak in ocfs2_mount_volume() (bsc#1207652).
- ocfs2: fix memory leak in ocfs2_stack_glue_init() (bsc#1207651).
- ocfs2: ocfs2_mount_volume does cleanup job before return error (bsc#1207770).
- ocfs2: quota_local: fix possible uninitialized-variable access in ocfs2_local_read_info() (bsc#1207768).
- ocfs2: rewrite error handling of ocfs2_fill_super (bsc#1207771).
- panic: Consolidate open-coded panic_on_warn checks (bsc#1207328).
- panic: Introduce warn_limit (bsc#1207328).
- panic: unset panic_on_warn inside panic() (bsc#1207328).
- pci/iov: Enlarge virtfn sysfs name buffer (git-fixes).
- pci/pm: Always disable PTM for all devices during suspend (git-fixes).
- pci/pm: Avoid putting Elo i2 PCIe Ports in D3cold (git-fixes).
- pci/pm: Fix bridge_d3_blacklist Elo i2 overwrite of Gigabyte X299 (git-fixes).
- pci/pm: Observe reset delay irrespective of bridge_d3 (git-fixes).
- pci/ptm: Add pci_suspend_ptm() and pci_resume_ptm() (git-fixes).
- pci: Add ACS quirk for Wangxun NICs (git-fixes).
- pci: Add SolidRun vendor ID (git-fixes).
- pci: Align extra resources for hotplug bridges properly (git-fixes).
- pci: Avoid FLR for AMD FCH AHCI adapters (git-fixes).
- pci: Avoid pci_dev_lock() AB/BA deadlock with sriov_numvfs_store() (git-fixes).
- pci: Fix dropping valid root bus resources with .end = zero (git-fixes).
- pci: Reduce warnings on possible RW1C corruption (git-fixes).
- pci: Take other bus devices into account when distributing resources (git-fixes).
- pci: Unify delay handling for reset and resume (git-fixes).
- pci: aardvark: Check return value of generic_handle_domain_irq() when processing INTx IRQ (git-fixes).
- pci: aardvark: Fix link training (git-fixes).
- pci: dwc: Add dw_pcie_ops.host_deinit() callback (git-fixes).
- pci: hotplug: Allow marking devices as disconnected during bind/unbind (git-fixes).
- pci: mediatek-gen3: Assert resets to ensure expected init state (git-fixes).
- pci: mediatek-gen3: Fix refcount leak in mtk_pcie_init_irq_domains() (git-fixes).
- pci: qcom: Fix host-init error handling (git-fixes).
- pci: qcom: Fix pipe clock imbalance (git-fixes).
- pci: switchtec: Return -EFAULT for copy_to_user() errors (git-fixes).
- pci: xgene: Revert 'PCI: xgene: Use inbound resources for setup' (git-fixes).
- perf/amd/ibs: Use interrupt regs ip for stack unwinding (git fixes).
- perf/core: Call LSM hook after copying perf_event_attr (git fixes).
- perf/core: Fix data race between perf_event_set_output() and perf_mmap_close() (git fixes).
- perf/core: Inherit event_caps (git fixes).
- perf/x86/amd: fix potential integer overflow on shift of a int (git fixes).
- perf/x86/intel/ds: Fix precise store latency handling (git fixes).
- perf/x86/intel/lbr: Use setup_clear_cpu_cap() instead of clear_cpu_cap() (git fixes).
- perf/x86/intel/pt: Fix sampling using single range output (git fixes).
- perf/x86/intel/pt: Relax address filter validation (git fixes).
- perf/x86/intel/uncore: Add Emerald Rapids (git fixes).
- perf/x86/intel/uncore: Clear attr_update properly (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/intel/uncore: Disable I/O stacks to PMU mapping on ICX-D (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/intel/uncore: Enable UPI topology discovery for Icelake Server (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/intel/uncore: Enable UPI topology discovery for Sapphire Rapids (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/intel/uncore: Enable UPI topology discovery for Skylake Server (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/intel/uncore: Fix broken read_counter() for SNB IMC PMU (git fixes).
- perf/x86/intel/uncore: Fix reference count leak in __uncore_imc_init_box() (git fixes).
- perf/x86/intel/uncore: Fix reference count leak in hswep_has_limit_sbox() (git fixes).
- perf/x86/intel/uncore: Fix reference count leak in sad_cfg_iio_topology() (git fixes).
- perf/x86/intel/uncore: Fix reference count leak in snr_uncore_mmio_map() (git fixes).
- perf/x86/intel/uncore: Generalize IIO topology support (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/intel/uncore: Generalize get_topology() for SKX PMUs (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/intel/uncore: Get UPI NodeID and GroupID (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/intel/uncore: Introduce UPI topology type (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/intel/uncore: Make set_mapping() procedure void (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/intel/uncore: Update sysfs-devices-mapping file (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/intel: Add Cooper Lake stepping to isolation_ucodes (git fixes).
- perf/x86/intel: Add Emerald Rapids (git fixes).
- perf/x86/intel: Do not extend the pseudo-encoding to GP counters (git fixes).
- perf/x86/intel: Fix PEBS data source encoding for ADL (git fixes).
- perf/x86/intel: Fix PEBS memory access info encoding for ADL (git fixes).
- perf/x86/intel: Fix event constraints for ICL (git fixes).
- perf/x86/intel: Fix pebs event constraints for ADL (git fixes).
- perf/x86/intel: Fix pebs event constraints for ICL (git fixes).
- perf/x86/intel: Fix pebs event constraints for SPR (git fixes).
- perf/x86/lbr: Enable the branch type for the Arch LBR by default (git fixes).
- perf/x86/msr: Add Emerald Rapids (git fixes).
- perf/x86/rapl: Add support for Intel AlderLake-N (git fixes).
- perf/x86/rapl: Treat Tigerlake like Icelake (git fixes).
- perf/x86/rapl: Use standard Energy Unit for SPR Dram RAPL domain (git fixes).
- perf/x86/rapl: fix AMD event handling (git fixes).
- perf/x86/uncore: Add Raptor Lake uncore support (git fixes).
- perf/x86/uncore: Add a quirk for UPI on SPR (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/uncore: Add new Alder Lake and Raptor Lake support (git fixes).
- perf/x86/uncore: Add new Raptor Lake S support (git fixes).
- perf/x86/uncore: Clean up uncore_pci_ids (git fixes).
- perf/x86/uncore: Do not WARN_ON_ONCE() for a broken discovery table (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/uncore: Factor out uncore_device_to_die() (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/uncore: Fix potential NULL pointer in uncore_get_alias_name (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/uncore: Ignore broken units in discovery table (bsc#1206824, bsc#1206493, bsc#1206492).
- perf: Always wake the parent event (git fixes).
- perf: Fix possible memleak in pmu_dev_alloc() (git fixes).
- phy: rockchip-typec: Fix unsigned comparison with less than zero (git-fixes).
- phy: rockchip-typec: fix tcphy_get_mode error case (git-fixes).
- pinctrl: aspeed: Fix confusing types in return value (git-fixes).
- pinctrl: at91: use devm_kasprintf() to avoid potential leaks (git-fixes).
- pinctrl: intel: Restore the pins that used to be in Direct IRQ mode (git-fixes).
- pinctrl: mediatek: Fix the drive register definition of some Pins (git-fixes).
- pinctrl: mediatek: Initialize variable *buf to zero (git-fixes).
- pinctrl: mediatek: fix coding style (git-fixes).
- pinctrl: qcom: pinctrl-msm8976: Correct function names for wcss pins (git-fixes).
- pinctrl: rockchip: Fix refcount leak in rockchip_pinctrl_parse_groups (git-fixes).
- pinctrl: single: fix potential NULL dereference (git-fixes).
- pinctrl: stm32: Fix refcount leak in stm32_pctrl_get_irq_domain (git-fixes).
- platform/x86: ISST: PUNIT device mapping with Sub-NUMA clustering (bsc#1208420).
- platform/x86: amd-pmc: Correct usage of SMU version (git-fixes).
- platform/x86: amd-pmc: Export Idlemask values based on the APU (git-fixes).
- platform/x86: amd-pmc: Fix compilation when CONFIG_DEBUGFS is disabled (git-fixes).
- platform/x86: dell-wmi: Add a keymap for KEY_MUTE in type 0x0010 table (git-fixes).
- platform/x86: gigabyte-wmi: add support for B450M DS3H WIFI-CF (git-fixes).
- platform/x86: touchscreen_dmi: Add Chuwi Vi8 (CWI501) DMI match (git-fixes).
- platform: x86: MLX_PLATFORM: select REGMAP instead of depending on it (git-fixes).
- powercap: fix possible name leak in powercap_register_zone() (git-fixes).
- powerpc/eeh: Set channel state after notifying the drivers (bsc#1208784 ltc#201612).
- printf: fix errname.c list (git-fixes).
- prlimit: do_prlimit needs to have a speculation check (bsc#1209256).
- pwm: stm32-lp: fix the check on arr and cmp registers update (git-fixes).
- qede: avoid uninitialized entries in coal_entry array (bsc#1205846).
- qede: fix interrupt coalescing configuration (bsc#1205846).
- quota: Check next/prev free block number after reading from quota file (bsc#1206640).
- quota: Prevent memory allocation recursion while holding dq_lock (bsc#1207639).
- rcu: Tighten rcu_advance_cbs_nowake() checks (bsc#1209159).
- rdma/cxgb4: Fix potential null-ptr-deref in pass_establish() (git-fixes)
- rdma/cxgb4: add null-ptr-check after ip_dev_find() (git-fixes)
- rdma/cxgb4: remove unnecessary NULL check in __c4iw_poll_cq_one() (git-fixes)
- rdma/irdma: Cap MSIX used to online CPUs + 1 (git-fixes)
- rdma/irdma: Fix potential NULL-ptr-dereference (git-fixes)
- rdma/rxe: Fix missing memory barriers in rxe_queue.h (git-fixes)
- rdma/siw: Fix user page pinning accounting (git-fixes)
- rdma/usnic: use iommu_map_atomic() under spin_lock() (git-fixes)
- refresh patches.suse/NFSv3-handle-out-of-order-write-replies (bsc#1209457).
- regulator: Flag uncontrollable regulators as always_on (git-fixes).
- regulator: core: Fix off-on-delay-us for always-on/boot-on regulators (git-fixes).
- regulator: core: Use ktime_get_boottime() to determine how long a regulator was off (git-fixes).
- regulator: max77802: Bounds check regulator id against opmode (git-fixes).
- regulator: s5m8767: Bounds check id indexing into arrays (git-fixes).
- remoteproc/mtk_scp: Move clk ops outside send_lock (git-fixes).
- remoteproc: qcom_q6v5_mss: Use a carveout to authenticate modem headers (git-fixes).
- replace mkinitrd dependency with dracut (bsc#1202353). Also update mkinitrd refrences in documentation and comments.
- require suse-kernel-rpm-scriptlets at all times. The kernel packages call scriptlets for each stage, add the dependency to make it clear to libzypp that the scriptlets are required. There is no special dependency for posttrans, these scriptlets run when transactions are resolved. The plain dependency has to be used to support posttrans.
- revert 'HID: logitech-hidpp: add a module parameter to keep firmware gestures' (git-fixes).
- revert 'char: pcmcia: cm4000_cs: Replace mdelay with usleep_range in set_protocol' (git-fixes).
- revert 'crypto: rsa-pkcs1pad - Replace GFP_ATOMIC with GFP_KERNEL in pkcs1pad_encrypt_sign_complete' (git-fixes).
- revert 'usb: dwc3: qcom: Keep power domain on to retain controller status' (git-fixes).
- rpm/group-source-files.pl: Deal with {pre,post}fixed / in location When the source file location provided with -L is either prefixed or postfixed with forward slash, the script get stuck in a infinite loop inside calc_dirs() where $path is an empty string. user@localhost:/tmp> perl '$HOME/group-source-files.pl' -D devel.files -N nondevel.files -L /usr/src/linux-5.14.21-150500.41/ ... path = /usr/src/linux-5.14.21-150500.41/Documentation/Kconfig path = /usr/src/linux-5.14.21-150500.41/Documentation path = /usr/src/linux-5.14.21-150500.41 path = /usr/src path = /usr path = path = path = ... # Stuck in an infinite loop This workarounds the issue by breaking out the loop once path is an empty string. For a proper fix we'd want something that filesystem-aware, but this workaround should be enough for the rare occation that this script is ran manually. Link: http://mailman.suse.de/mlarch/SuSE/kernel/2023/kernel.2023.03/msg00024.html
- rpm/group-source-files.pl: Fix output difference when / is in location While previous attempt to fix group-source-files.pl in 6d651362c38 'rpm/group-source-files.pl: Deal with {pre,post}fixed / in location' breaks the infinite loop, it does not properly address the issue. Having prefixed and/or postfixed forward slash still result in different output. This commit changes the script to use the Perl core module File::Spec for proper path manipulation to give consistent output.
- rpm/kernel-obs-build.spec.in: Remove SLE11 cruft
- rtc: allow rtc_read_alarm without read_alarm callback (git-fixes).
- rtc: pm8xxx: fix set-alarm race (git-fixes).
- rtc: sun6i: Always export the internal oscillator (git-fixes).
- runrpc allow for unspecified transport time in rpc_clnt_add_xprt (git-fixes).
- s390/dasd: Fix potential memleak in dasd_eckd_init() (git-fixes).
- s390/kexec: fix ipl report address for kdump (bsc#1207529).
- scsi: lpfc: Exit PRLI completion handling early if ndlp not in PRLI_ISSUE state (bsc#1208607).
- scsi: lpfc: Fix space indentation in lpfc_xcvr_data_show() (bsc#1208607).
- scsi: lpfc: Fix use-after-free KFENCE violation during sysfs firmware write (bsc#1208607).
- scsi: lpfc: Introduce new attention types for lpfc_sli4_async_fc_evt() handler (bsc#1208607).
- scsi: lpfc: Reinitialize internal VMID data structures after FLOGI completion (bsc#1208607).
- scsi: lpfc: Remove duplicate ndlp kref decrement in lpfc_cleanup_rpis() (bsc#1208607 bsc#1208534).
- scsi: lpfc: Remove redundant clean up code in disable_vport() (bsc#1208607).
- scsi: lpfc: Replace outdated strncpy() with strscpy() (bsc#1208607).
- scsi: lpfc: Resolve miscellaneous variable set but not used compiler warnings (bsc#1208607).
- scsi: lpfc: Set max DMA segment size to HBA supported SGE length (bsc#1208607).
- scsi: lpfc: Update lpfc version to 14.2.0.10 (bsc#1208607).
- scsi: qla2xxx: Add option to disable FC2 Target support (bsc#1198438 bsc#1206103).
- scsi: qla2xxx: Check if port is online before sending ELS (bsc#1208570).
- scsi: qla2xxx: Fix DMA-API call trace on NVMe LS requests (bsc#1208570).
- scsi: qla2xxx: Fix IOCB resource check warning (bsc#1208570).
- scsi: qla2xxx: Fix erroneous link down (bsc#1208570).
- scsi: qla2xxx: Fix exchange oversubscription (bsc#1208570).
- scsi: qla2xxx: Fix exchange oversubscription for management commands (bsc#1208570).
- scsi: qla2xxx: Fix link failure in NPIV environment (bsc#1208570).
- scsi: qla2xxx: Fix printk() format string (bsc#1208570).
- scsi: qla2xxx: Fix stalled login (bsc#1208570).
- scsi: qla2xxx: Make qla_trim_buf() and __qla_adjust_buf() static (bsc#1208570).
- scsi: qla2xxx: Relocate/rename vp map (bsc#1208570).
- scsi: qla2xxx: Remove dead code (GNN ID) (bsc#1208570).
- scsi: qla2xxx: Remove dead code (GPNID) (bsc#1208570).
- scsi: qla2xxx: Remove dead code (bsc#1208570).
- scsi: qla2xxx: Remove increment of interface err cnt (bsc#1208570).
- scsi: qla2xxx: Remove the unused variable wwn (bsc#1208570).
- scsi: qla2xxx: Remove unintended flag clearing (bsc#1208570).
- scsi: qla2xxx: Select qpair depending on which CPU post_cmd() gets called (bsc#1208570).
- scsi: qla2xxx: Simplify if condition evaluation (bsc#1208570).
- scsi: qla2xxx: Update version to 10.02.08.100-k (bsc#1208570).
- scsi: qla2xxx: Update version to 10.02.08.200-k (bsc#1208570).
- scsi: qla2xxx: Use a variable for repeated mem_size computation (bsc#1208570).
- scsi: qla2xxx: edif: Fix clang warning (bsc#1208570).
- scsi: qla2xxx: edif: Fix performance dip due to lock contention (bsc#1208570).
- scsi: qla2xxx: edif: Fix stall session after app start (bsc#1208570).
- scsi: qla2xxx: edif: Reduce memory usage during low I/O (bsc#1208570).
- scsi: storvsc: Handle BlockSize change in Hyper-V VHD/VHDX file (git-fixes).
- sefltests: netdevsim: wait for devlink instance after netns removal (git-fixes).
- selftest/lkdtm: Skip stack-entropy test if lkdtm is not available (git-fixes).
- selftests/ftrace: Add check for ping command for trigger tests (bsc#1204993 ltc#200103).
- selftests/ftrace: Convert tracer tests to use 'requires' to specify program dependency (bsc#1204993 ltc#200103).
- selftests/powerpc: Account for offline cpus in perf-hwbreak test (bsc#1206232).
- selftests/powerpc: Bump up rlimit for perf-hwbreak test (bsc#1206232).
- selftests/powerpc: Move perror closer to its use (bsc#1206232).
- selftests: forwarding: lib: quote the sysctl values (git-fixes).
- selftests: net: udpgso_bench: Fix racing bug between the rx/tx programs (git-fixes).
- selftests: net: udpgso_bench_rx/tx: Stop when wrong CLI args are provided (git-fixes).
- selftests: net: udpgso_bench_rx: Fix 'used uninitialized' compiler warning (git-fixes).
- selftests: net: udpgso_bench_tx: Cater for pending datagrams zerocopy benchmarking (git-fixes).
- serial: 8250_em: Fix UART port type (git-fixes).
- serial: 8250_fsl: fix handle_irq locking (git-fixes).
- serial: fsl_lpuart: fix RS485 RTS polariy inverse issue (git-fixes).
- serial: qcom-geni: fix console shutdown hang (git-fixes).
- serial: sc16is7xx: setup GPIO controller later in probe (git-fixes).
- serial: tegra: Add missing clk_disable_unprepare() in tegra_uart_hw_init() (git-fixes).
- signal/seccomp: Refactor seccomp signal and coredump generation (git-fixes).
- signal/vm86_32: Properly send SIGSEGV when the vm86 state cannot be saved (git-fixes).
- signal/x86: In emulate_vsyscall force a signal instead of calling do_exit (git-fixes).
- signal: Implement force_fatal_sig (git-fixes).
- smb3: Replace smb2pdu 1-element arrays with flex-arrays (bsc#1193629).
- soundwire: cadence: Do not overflow the command FIFOs (git-fixes).
- spi: bcm63xx-hsspi: Endianness fix for ARM based SoC (git-fixes).
- spi: dw: Fix wrong FIFO level setting for long xfers (git-fixes).
- spi: dw_bt1: fix MUX_MMIO dependencies (git-fixes).
- spi: synquacer: Fix timeout handling in synquacer_spi_transfer_one() (git-fixes).
- spi: tegra210-quad: Fix validate combined sequence (git-fixes).
- staging: emxx_udc: Add checks for dma_alloc_coherent() (git-fixes).
- staging: mt7621-dts: change palmbus address to lower case (git-fixes).
- struct uvc_device move flush_status new member to end (git-fixes).
- sunrpc: Do not leak netobj memory when gss_read_proxy_verf() fails (git-fixes).
- sunrpc: Fix null-ptr-deref when xps sysfs alloc failed (git-fixes).
- sunrpc: Fix potential race conditions in rpc_sysfs_xprt_state_change() (git-fixes).
- sunrpc: Fix socket waits for write buffer space (git-fixes).
- sunrpc: Return true/false (not 1/0) from bool functions (git-fixes).
- supported.conf: Remove duplicate entry.
- sysctl: add a new register_sysctl_init() interface (bsc#1207328).
- thermal/drivers/hisi: Drop second sensor hi3660 (git-fixes).
- thermal/drivers/tsens: Add compat string for the qcom,msm8960 (git-fixes).
- thermal/drivers/tsens: Drop msm8976-specific defines (git-fixes).
- thermal/drivers/tsens: Sort out msm8976 vs msm8956 data (git-fixes).
- thermal/drivers/tsens: fix slope values for msm8939 (git-fixes).
- thermal/drivers/tsens: limit num_sensors to 9 for msm8939 (git-fixes).
- thermal: intel: BXT_PMIC: select REGMAP instead of depending on it (git-fixes).
- thermal: intel: Fix unsigned comparison with less than zero (git-fixes).
- thermal: intel: intel_pch: Add support for Wellsburg PCH (git-fixes).
- thermal: intel: powerclamp: Fix cur_state for multi package system (git-fixes).
- thermal: intel: quark_dts: fix error pointer dereference (git-fixes).
- tools/iio/iio_utils:fix memory leak (git-fixes).
- tpm/eventlog: Do not abort tpm_read_log on faulty ACPI address (git-fixes).
- trace_events_hist: add check for return value of 'create_hist_field' (git-fixes).
- tracing: Fix poll() and select() do not work on per_cpu trace_pipe and trace_pipe_raw (git-fixes).
- tracing: Make sure trace_printk() can output as soon as it can be used (git-fixes).
- tty: fix out-of-bounds access in tty_driver_lookup_tty() (git-fixes).
- tty: serial: fsl_lpuart: Fix the wrong RXWATER setting for rx dma case (git-fixes).
- tty: serial: fsl_lpuart: clear LPUART Status Register in lpuart32_shutdown() (git-fixes).
- tty: serial: fsl_lpuart: disable Rx/Tx DMA in lpuart32_shutdown() (git-fixes).
- tty: serial: fsl_lpuart: disable the CTS when send break signal (git-fixes).
- tty: serial: imx: Handle RS485 DE signal active high (git-fixes).
- tty: serial: imx: disable Ageing Timer interrupt request irq (git-fixes).
- tty: serial: qcom-geni-serial: stop operations in progress at shutdown (git-fixes).
- ubsan: no need to unset panic_on_warn in ubsan_epilogue() (bsc#1207328).
- update internal module version number for cifs.ko (bsc#1193629).
- update suse/hid-bigben_probe-validate-report-count (bsc#1208605).
- usb: core: Do not hold device lock while reading the 'descriptors' sysfs file (git-fixes).
- usb: core: add quirk for Alcor Link AK9563 smartcard reader (git-fixes).
- usb: dwc3: core: Host wake up support from system suspend (git-fixes).
- usb: dwc3: pci: add support for the Intel Meteor Lake-M (git-fixes).
- usb: dwc3: qcom: Configure wakeup interrupts during suspend (git-fixes).
- usb: dwc3: qcom: Fix memory leak in dwc3_qcom_interconnect_init (git-fixes).
- usb: dwc3: qcom: Keep power domain on to retain controller status (git-fixes).
- usb: dwc3: qcom: clean up icc init (git-fixes).
- usb: dwc3: qcom: clean up suspend callbacks (git-fixes).
- usb: dwc3: qcom: fix gadget-only builds (git-fixes).
- usb: dwc3: qcom: fix peripheral and OTG suspend (git-fixes).
- usb: dwc3: qcom: fix wakeup implementation (git-fixes).
- usb: dwc3: qcom: only parse 'maximum-speed' once (git-fixes).
- usb: dwc3: qcom: suppress unused-variable warning (git-fixes).
- usb: early: xhci-dbc: Fix a potential out-of-bound memory access (git-fixes).
- usb: ene_usb6250: Allocate enough memory for full object (git-fixes).
- usb: gadget: configfs: Restrict symlink creation is UDC already binded (git-fixes).
- usb: gadget: configfs: remove using list iterator after loop body as a ptr (git-fixes).
- usb: gadget: configfs: use to_config_usb_cfg() in os_desc_link() (git-fixes).
- usb: gadget: configfs: use to_usb_function_instance() in cfg (un)link func (git-fixes).
- usb: gadget: fusb300_udc: free irq on the error path in fusb300_probe() (git-fixes).
- usb: gadget: u_serial: Add null pointer check in gserial_resume (git-fixes).
- usb: host: xhci: mvebu: Iterate over array indexes instead of using pointer math (git-fixes).
- usb: max-3421: Fix setting of I/O pins (git-fixes).
- usb: musb: Add and use inline function musb_otg_state_string (git-fixes).
- usb: musb: Add and use inline functions musb_{get,set}_state (git-fixes).
- usb: musb: mediatek: do not unregister something that wasn't registered (git-fixes).
- usb: musb: remove schedule work called after flush (git-fixes).
- usb: serial: option: add support for VW/Skoda 'Carstick LTE' (git-fixes).
- usb: typec: altmodes/displayport: Fix probe pin assign check (git-fixes).
- usb: typec: intel_pmc_mux: Do not leak the ACPI device reference count (git-fixes).
- usb: typec: intel_pmc_mux: Use the helper acpi_dev_get_memory_resources() (git-fixes).
- usb: uvc: Enumerate valid values for color matching (git-fixes).
- vc_screen: do not clobber return value in vcs_read (git-fixes).
- vc_screen: modify vcs_size() handling in vcs_read() (git-fixes).
- vdpa_sim: not reset state in vdpasim_queue_ready (git-fixes).
- vfio/type1: prevent underflow of locked_vm via exec() (git-fixes).
- vfio/type1: restore locked_vm (git-fixes).
- vfio/type1: track locked_vm per dma (git-fixes).
- vfs: Check the truncate maximum size in inode_newsize_ok() (bsc#1207642).
- vfs: filename_create(): fix incorrect intent (bsc#1197534).
- virt/sev-guest: Add a MODULE_ALIAS (bsc#1208449).
- virt/sev-guest: Prevent IV reuse in the SNP guest driver (bsc#1208449).
- virt/sev-guest: Remove unnecessary free in init_crypto() (bsc#1208449).
- virt: sev-guest: Pass the appropriate argument type to iounmap() (bsc#1208449).
- virt: sevguest: Change driver name to reflect generic SEV support (bsc#1208449).
- virt: sevguest: Rename the sevguest dir and files to sev-guest (bsc#1208449).
- vmci: check context->notify_page after call to get_user_pages_fast() to avoid GPF (git-fixes).
- vmxnet3: move rss code block under eop descriptor (bsc#1208212).
- watch_queue: fix IOC_WATCH_QUEUE_SET_SIZE alloc error paths (bsc#1197617).
- watchdog/hpwdt: Enable HP_WATCHDOG for ARM64 systems. (jsc#PED-3210) Also enable module in aarch64 default configuration.
- watchdog: Fix kmemleak in watchdog_cdev_register (git-fixes).
- watchdog: at91sam9_wdt: use devm_request_irq to avoid missing free_irq() in error path (git-fixes).
- watchdog: pcwd_usb: Fix attempting to access uninitialized memory (git-fixes).
- watchdog: sbsa_wdog: Make sure the timeout programming is within the limits (git-fixes).
- wifi: ath11k: Fix memory leak in ath11k_peer_rx_frag_setup (git-fixes).
- wifi: ath11k: allow system suspend to survive ath11k (git-fixes).
- wifi: ath9k: Fix potential stack-out-of-bounds write in ath9k_wmi_rsp_callback() (git-fixes).
- wifi: ath9k: Fix use-after-free in ath9k_hif_usb_disconnect() (git-fixes).
- wifi: ath9k: hif_usb: clean up skbs if ath9k_hif_usb_rx_stream() fails (git-fixes).
- wifi: ath9k: htc_hst: free skb in ath9k_htc_rx_msg() if there is no callback function (git-fixes).
- wifi: ath9k: use proper statements in conditionals (git-fixes).
- wifi: brcmfmac: Fix potential stack-out-of-bounds in brcmf_c_preinit_dcmds() (git-fixes).
- wifi: brcmfmac: ensure CLM version is null-terminated to prevent stack-out-of-bounds (git-fixes).
- wifi: brcmfmac: fix potential memory leak in brcmf_netdev_start_xmit() (git-fixes).
- wifi: brcmfmac: unmap dma buffer in brcmf_msgbuf_alloc_pktid() (git-fixes).
- wifi: cfg80211: Fix extended KCK key length check in nl80211_set_rekey_data() (git-fixes).
- wifi: cfg80211: Fix use after free for wext (git-fixes).
- wifi: cfg80211: Partial revert 'wifi: cfg80211: Fix use after free for wext' (git-fixes).
- wifi: ipw2200: fix memory leak in ipw_wdev_init() (git-fixes).
- wifi: ipw2x00: do not call dev_kfree_skb() under spin_lock_irqsave() (git-fixes).
- wifi: iwl3945: Add missing check for create_singlethread_workqueue (git-fixes).
- wifi: iwl4965: Add missing check for create_singlethread_workqueue() (git-fixes).
- wifi: iwlegacy: common: do not call dev_kfree_skb() under spin_lock_irqsave() (git-fixes).
- wifi: libertas: cmdresp: do not call kfree_skb() under spin_lock_irqsave() (git-fixes).
- wifi: libertas: fix memory leak in lbs_init_adapter() (git-fixes).
- wifi: libertas: if_usb: do not call kfree_skb() under spin_lock_irqsave() (git-fixes).
- wifi: libertas: main: do not call kfree_skb() under spin_lock_irqsave() (git-fixes).
- wifi: libertas_tf: do not call kfree_skb() under spin_lock_irqsave() (git-fixes).
- wifi: mac80211: make rate u32 in sta_set_rate_info_rx() (git-fixes).
- wifi: mt7601u: fix an integer underflow (git-fixes).
- wifi: mt76: dma: free rx_head in mt76_dma_rx_cleanup (git-fixes).
- wifi: mwifiex: Add missing compatible string for SD8787 (git-fixes).
- wifi: mwifiex: fix loop iterator in mwifiex_update_ampdu_txwinsize() (git-fixes).
- wifi: orinoco: check return value of hermes_write_wordrec() (git-fixes).
- wifi: rsi: Fix memory leak in rsi_coex_attach() (git-fixes).
- wifi: rtl8xxxu: Fix memory leaks with RTL8723BU, RTL8192EU (git-fixes).
- wifi: rtl8xxxu: Use a longer retry limit of 48 (git-fixes).
- wifi: rtl8xxxu: do not call dev_kfree_skb() under spin_lock_irqsave() (git-fixes).
- wifi: rtl8xxxu: fixing transmisison failure for rtl8192eu (git-fixes).
- wifi: rtlwifi: Fix global-out-of-bounds bug in _rtl8812ae_phy_set_txpower_limit() (git-fixes).
- wifi: rtlwifi: rtl8188ee: do not call kfree_skb() under spin_lock_irqsave() (git-fixes).
- wifi: rtlwifi: rtl8723be: do not call kfree_skb() under spin_lock_irqsave() (git-fixes).
- wifi: rtlwifi: rtl8821ae: do not call kfree_skb() under spin_lock_irqsave() (git-fixes).
- wifi: rtw89: Add missing check for alloc_workqueue (git-fixes).
- wifi: wilc1000: fix potential memory leak in wilc_mac_xmit() (git-fixes).
- wifi: wl3501_cs: do not call kfree_skb() under spin_lock_irqsave() (git-fixes).
- writeback: avoid use-after-free after removing device (bsc#1207638).
- x86/64/mm: Map all kernel memory into trampoline_pgd (git-fixes).
- x86/MCE/AMD: Clear DFR errors found in THR handler (git-fixes).
- x86/amd_nb: Add AMD PCI IDs for SMN communication (bsc#1208848).
- x86/asm: Fix an assembler warning with current binutils (git-fixes).
- x86/boot: Avoid using Intel mnemonics in AT&T syntax asm (git-fixes).
- x86/cpu: Add CPU model numbers for Meteor Lake (git fixes).
- x86/cpu: Add Raptor Lake to Intel family (git fixes).
- x86/cpu: Add new Alderlake and Raptorlake CPU model numbers (git fixes).
- x86/cpu: Add new Raptor Lake CPU model number (git fixes).
- x86/cpu: Add several Intel server CPU model numbers (git fixes).
- x86/cpu: Drop spurious underscore from RAPTOR_LAKE #define (git fixes).
- x86/hyperv: Introduce HV_MAX_SPARSE_VCPU_BANKS/HV_VCPUS_PER_SPARSE_BANK constants (git-fixes).
- x86/kprobes: Fix kprobes instruction boudary check with CONFIG_RETHUNK (git-fixes).
- x86/kprobes: Fix optprobe optimization check with CONFIG_RETHUNK (git-fixes).
- x86/kvm: Remove unused virt to phys translation in kvm_guest_cpu_init() (git-fixes).
- x86/microcode/intel: Do not retry microcode reloading on the APs (git-fixes).
- x86/perf/zhaoxin: Add stepping check for ZXC (git fixes).
- x86/perf: Avoid warning for Arch LBR without XSAVE (git fixes).
- x86/perf: Default set FREEZE_ON_SMI for all (git fixes).
- x86/sgx: Fix free page accounting (git-fixes).
- x86/xen: Fix memory leak in xen_init_lock_cpu() (git-fixes).
- x86/xen: Fix memory leak in xen_smp_intr_init{_pv}() (git-fixes).
- x86: acpi: cstate: Optimize C3 entry on AMD CPUs (git-fixes).
- x86: link vdso and boot with -z noexecstack --no-warn-rwx-segments (bsc#1203200).
- xen-netfront: Fix NULL sring after live migration (git-fixes).
- xen-pciback: Allow setting PCI_MSIX_FLAGS_MASKALL too (git-fixes).
- xen/arm: Fix race in RB-tree based P2M accounting (git-fixes)
- xen/netback: do some code cleanup (git-fixes).
- xen/netback: fix build warning (git-fixes).
- xen/netfront: destroy queues before real_num_tx_queues is zeroed (git-fixes).
- xen/platform-pci: add missing free_irq() in error path (git-fixes).
- xen/privcmd: Fix a possible warning in privcmd_ioctl_mmap_resource() (git-fixes).
- xfs: estimate post-merge refcounts correctly (bsc#1208183).
- xfs: hoist refcount record merge predicates (bsc#1208183).
ImportantSUSE bug 1166486SUSE bug 1177529SUSE bug 1193629SUSE bug 1197534SUSE bug 1197617SUSE bug 1198438SUSE bug 1202353SUSE bug 1202633SUSE bug 1203200SUSE bug 1203331SUSE bug 1203332SUSE bug 1204363SUSE bug 1204993SUSE bug 1205544SUSE bug 1205846SUSE bug 1206103SUSE bug 1206224SUSE bug 1206232SUSE bug 1206459SUSE bug 1206492SUSE bug 1206493SUSE bug 1206640SUSE bug 1206824SUSE bug 1206876SUSE bug 1206877SUSE bug 1206878SUSE bug 1206880SUSE bug 1206881SUSE bug 1206882SUSE bug 1206883SUSE bug 1206884SUSE bug 1206885SUSE bug 1206886SUSE bug 1206889SUSE bug 1206894SUSE bug 1206935SUSE bug 1207051SUSE bug 1207270SUSE bug 1207328SUSE bug 1207529SUSE bug 1207560SUSE bug 1207588SUSE bug 1207589SUSE bug 1207590SUSE bug 1207591SUSE bug 1207592SUSE bug 1207593SUSE bug 1207594SUSE bug 1207603SUSE bug 1207605SUSE bug 1207606SUSE bug 1207607SUSE bug 1207608SUSE bug 1207609SUSE bug 1207610SUSE bug 1207613SUSE bug 1207615SUSE bug 1207617SUSE bug 1207618SUSE bug 1207619SUSE bug 1207620SUSE bug 1207621SUSE bug 1207623SUSE bug 1207624SUSE bug 1207625SUSE bug 1207626SUSE bug 1207628SUSE bug 1207630SUSE bug 1207631SUSE bug 1207632SUSE bug 1207634SUSE bug 1207635SUSE bug 1207636SUSE bug 1207638SUSE bug 1207639SUSE bug 1207641SUSE bug 1207642SUSE bug 1207643SUSE bug 1207644SUSE bug 1207645SUSE bug 1207646SUSE bug 1207647SUSE bug 1207648SUSE bug 1207651SUSE bug 1207653SUSE bug 1207770SUSE bug 1207773SUSE bug 1207845SUSE bug 1207875SUSE bug 1208149SUSE bug 1208153SUSE bug 1208179SUSE bug 1208183SUSE bug 1208212SUSE bug 1208290SUSE bug 1208420SUSE bug 1208428SUSE bug 1208429SUSE bug 1208449SUSE bug 1208534SUSE bug 1208541SUSE bug 1208570SUSE bug 1208598SUSE bug 1208599SUSE bug 1208601SUSE bug 1208603SUSE bug 1208605SUSE bug 1208607SUSE bug 1208628SUSE bug 1208700SUSE bug 1208741SUSE bug 1208759SUSE bug 1208776SUSE bug 1208777SUSE bug 1208784SUSE bug 1208787SUSE bug 1208816SUSE bug 1208837SUSE bug 1208843SUSE bug 1208848SUSE bug 1209008SUSE bug 1209159SUSE bug 1209188SUSE bug 1209256SUSE bug 1209258SUSE bug 1209262SUSE bug 1209291SUSE bug 1209436SUSE bug 1209457SUSE bug 1209504CVE-2022-3523 at SUSECVE-2022-3523 at NVDCVE-2022-36280 at SUSECVE-2022-36280 at NVDCVE-2022-38096 at SUSECVE-2022-38096 at NVDCVE-2023-0045 at SUSECVE-2023-0045 at NVDCVE-2023-0461 at SUSECVE-2023-0461 at NVDCVE-2023-0597 at SUSECVE-2023-0597 at NVDCVE-2023-1075 at SUSECVE-2023-1075 at NVDCVE-2023-1076 at SUSECVE-2023-1076 at NVDCVE-2023-1078 at SUSECVE-2023-1078 at NVDCVE-2023-1095 at SUSECVE-2023-1095 at NVDCVE-2023-1118 at SUSECVE-2023-1118 at NVDCVE-2023-22995 at SUSECVE-2023-22995 at NVDCVE-2023-22998 at SUSECVE-2023-22998 at NVDCVE-2023-23000 at SUSECVE-2023-23000 at NVDCVE-2023-23004 at SUSECVE-2023-23004 at NVDCVE-2023-23559 at SUSECVE-2023-23559 at NVDCVE-2023-25012 at SUSECVE-2023-25012 at NVDCVE-2023-26545 at SUSECVE-2023-26545 at NVDCVE-2023-28328 at SUSECVE-2023-28328 at NVDcpe:/o:suse:sle-micro:5.4Security update for glibc (Moderate)SUSE Linux Enterprise Micro 5.4
This update for glibc fixes the following issues:
Security issue fixed:
- CVE-2023-0687: Fix allocated buffer overflow in gmon (bsc#1207975)
Other issues fixed:
- Fix avx2 strncmp offset compare condition check (bsc#1208358)
- elf: Allow dlopen of filter object to work (bsc#1207571)
- powerpc: Fix unrecognized instruction errors with recent GCC
- x86: Cache computation for AMD architecture (bsc#1207957)
ModerateSUSE bug 1207571SUSE bug 1207957SUSE bug 1207975SUSE bug 1208358CVE-2023-0687 at SUSECVE-2023-0687 at NVDcpe:/o:suse:sle-micro:5.4Security update for openssl-1_1 (Moderate)SUSE Linux Enterprise Micro 5.4
This update for openssl-1_1 fixes the following issues:
- CVE-2023-0464: Fixed excessive Resource Usage Verifying X.509 Policy Constraints (bsc#1209624).
ModerateSUSE bug 1209624CVE-2023-0464 at SUSECVE-2023-0464 at NVDcpe:/o:suse:sle-micro:5.4Security update for conmon (Moderate)SUSE Linux Enterprise Micro 5.4
This update for conmon fixes the following issues:
- rebuild against supported go 1.19 (bsc#1209307)
- no functional changes.
ModerateSUSE bug 1209307cpe:/o:suse:sle-micro:5.4Security update for podman (Important)SUSE Linux Enterprise Micro 5.4
This update for podman fixes the following issues:
Update to version 4.4.4:
* libpod: always use direct mapping
* macos pkginstaller: do not fail when podman-mac-helper fails
* podman-mac-helper: install: do not error if already installed
- podman.spec: Bump required version for libcontainers-common (bsc#1209495)
Update to version 4.4.3:
* compat: /auth: parse server address correctly
* vendor github.com/containers/common@v0.51.1
* pkginstaller: bump Qemu to version 7.2.0
* podman machine: Adjust Chrony makestep config
* [v4.4] fix --health-on-failure=restart in transient unit
* podman logs passthrough driver support --cgroups=split
* journald logs: simplify entry parsing
* podman logs: read journald with passthrough
* journald: remove initializeJournal()
* netavark: only use aardvark ip as nameserver
* compat API: network create return 409 for duplicate
* fix 'podman logs --since --follow' flake
* system service --log-level=trace: support hijack
* podman-mac-helper: exit 1 on error
* bump golang.org/x/net to v0.8.0
* Fix package restore
* Quadlet - use the default runtime
Update to version 4.4.2:
* Revert 'CI: Temporarily disable all AWS EC2-based tasks'
* kube play: only enforce passthrough in Quadlet
* Emergency fix for man pages: check for broken includes
* CI: Temporarily disable all AWS EC2-based tasks
* quadlet system tests: add useful defaults, logging
* volume,container: chroot to source before exporting content
* install sigproxy before start/attach
* Update to c/image 5.24.1
* events + container inspect test: RHEL fixes
- podman.spec: add `crun` requirement for quadlet
- podman.spec: set PREFIX at build stage (bsc#1208510)
- CVE-2023-0778: Fixed symlink exchange attack in podman export volume (bsc#1208364)
Update to version 4.4.1:
* kube play: do not teardown unconditionally on error
* Resolve symlink path for qemu directory if possible
* events: document journald identifiers
* Quadlet: exit 0 when there are no files to process
* Cleanup podman-systemd.unit file
* Install podman-systemd.unit man page, make quadlet discoverable
* Add missing return after errors
* oci: bind mount /sys with --userns=(auto|pod:)
* docs: specify order preference for FROM
* Cirrus: Fix & remove GraphQL API tests
* test: adapt test to work on cgroupv1
* make hack/markdown-preprocess parallel-safe
* Fix default handling of pids-limit
* system tests: fix volume exec/noexec test
Update to version 4.4.0:
* Emergency fix for RHEL8 gating tests
* Do not mount /dev/tty into rootless containers
* Fixes port collision issue on use of --publish-all
* Fix usage of absolute windows paths with --image-path
* fix #17244: use /etc/timezone where `timedatectl` is missing on Linux
* podman-events: document verbose create events
* Making gvproxy.exe optional for building Windows installer
* Add gvproxy to Windows packages
* Match VT device paths to be blocked from mounting exactly
* Clean up more language for inclusiveness
* Set runAsNonRoot=true in gen kube
* quadlet: Add device support for .volume files
* fix: running check error when podman is default in wsl
* fix: don't output 'ago' when container is currently up and running
* journald: podman logs only show logs for current user
* journald: podman events only show events for current user
* Add (podman {image,manifest} push --sign-by-sigstore=param-file.yaml)
* DB: make loading container states optional
* ps: do not sync container
* Allow --device-cgroup-rule to be passed in by docker API
* Create release notes for v4.4.0
* Cirrus: Update operating branch
* fix APIv2 python attach test flake
* ps: query health check in batch mode
* make example volume import, not import volume
* Correct output when inspecting containers created with --ipc
* Vendor containers/(storage, image, common, buildah)
* Get correct username in pod when using --userns=keep-id
* ps: get network data in batch mode
* build(deps): bump github.com/onsi/gomega from 1.25.0 to 1.26.0
* add hack/perf for comparing two container engines
* systems: retrofit dns options test to honor other search domains
* ps: do not create copy of container config
* libpod: set search domain independently of nameservers
* libpod,netavark: correctly populate /etc/resolv.conf with custom dns server
* podman: relay custom DNS servers to network stack
* (fix) mount_program is in storage.options.overlay
* Change example target to default in doc
* network create: do not allow `default` as name
* kube-play: add support for HostPID in podSpec
* build(deps): bump github.com/docker/docker
* Let's see if #14653 is fixed or not
* Add support for podman build --group-add
* vendor in latests containers/(storage, common, build, image)
* unskip network update test
* do not install swagger by default
* pasta: skip 'Local forwarder, IPv4' test
* add testbindings Makefile target
* update CI images to include pasta
* [CI:DOCS] Add CNI deprecation notices to documentation
* Cirrus: preserve podman-server logs
* waitPidStop: reduce sleep time to 10ms
* StopContainer: return if cleanup process changed state
* StopSignal: add a comment
* StopContainer: small refactor
* waitPidStop: simplify code
* e2e tests: reenable long-skipped build test
* Add openssh-clients to podmanimage
* Reworks Windows smoke test to tunnel through interactive session.
* fix bud-multiple-platform-with-base-as-default-arg flake
* Remove ReservedAnnotations from kube generate specification
* e2e: update test/README.md
* e2e: use isRootless() instead of rootless.IsRootless()
* Cleanup documentation on --userns=auto
* Vendor in latest c/common
* sig-proxy system test: bump timeout
* build(deps): bump github.com/containernetworking/plugins
* rootless: rename auth-scripts to preexec-hooks
* Docs: version-check updates
* commit: use libimage code to parse changes
* [CI:DOCS] Remove experimental mac tutorial
* man: Document the interaction between --systemd and --privileged
* Make rootless privileged containers share the same tty devices as rootfull ones
* container kill: handle stopped/exited container
* Vendor in latest containers/(image,ocicrypt)
* add a comment to container removal
* Vendor in latest containers/storage
* Cirrus: Run machine tests on PR merge
* fix flake in kube system test
* kube play: complete container spec
* E2E Tests: Use inspect instead of actual data to avoid UDP flake
* Use containers/storage/pkg/regexp in place of regexp
* Vendor in latest containers/storage
* Cirrus: Support using updated/latest NV/AV in PRs
* Limit replica count to 1 when deploying from kubernetes YAML
* Set StoppedByUser earlier in the process of stopping
* podman-play system test: refactor
* network: add support for podman network update and --network-dns-server
* service container: less verbose error logs
* Quadlet Kube - add support for PublishPort key
* e2e: fix systemd_activate_test
* Compile regex on demand not in init
* [docker compat] Don't overwrite the NetworkMode if containers.conf overrides netns.
* E2E Test: Play Kube set deadline to connection to avoid hangs
* Only prevent VTs to be mounted inside privileged systemd containers
* e2e: fix play_kube_test
* Updated error message for supported VolumeSource types
* Introduce pkg retry logic in win installer task
* logformatter: include base SHA, with history link
* Network tests: ping redhat.com, not podman.io
* cobra: move engine shutdown to Execute
* Updated options for QEMU on Windows hosts
* Update Mac installer to use gvproxy v0.5.0
* podman: podman rm -f doesn't leave processes
* oci: check for valid PID before kill(pid, 0)
* linux: add /sys/fs/cgroup if /sys is a bind mount
* Quadlet: Add support for ConfigMap key in Kube section
* remove service container _after_ pods
* Kube Play - allow setting and overriding published host ports
* oci: terminate all container processes on cleanup
* Update win-sshproxy to 0.5.0 gvisor tag
* Vendor in latest containers/common
* Fix a potential defer logic error around locking
* logformatter: nicer formatting for bats failures
* logformatter: refactor verbose line-print
* e2e tests: stop using UBI images
* k8s-file: podman logs --until --follow exit after time
* journald: podman logs --until --follow exit after time
* journald: seek to time when --since is used
* podman logs: journald fix --since and --follow
* Preprocess files in UTF-8 mode
* Vendor in latest containers/(common, image, storage)
* Switch to C based msi hooks for win installer
* hack/bats: improve usage message
* hack/bats: add --remote option
* hack/bats: fix root/rootless logic
* Describe copy volume options
* Support sig-proxy for podman-remote attach and start
* libpod: fix race condition rm'ing stopping containers
* e2e: fix run_volume_test
* Add support for Windows ARM64
* Add shared --compress to man pages
* Add container error message to ContainerState
* Man page checker: require canonical name in SEE ALSO
* system df: improve json output code
* kube play: fix the error logic with --quiet
* System tests: quadlet network test
* Fix: List container with volume filter
* adding -dryrun flag
* Quadlet Container: Add support for EnvironmentFile and EnvironmentHost
* Kube Play: use passthrough as the default log-driver if service-container is set
* System tests: add missing cleanup
* System tests: fix unquoted question marks
* Build and use a newer systemd image
* Quadlet Network - Fix the name of the required network service
* System Test Quadlet - Volume dependency test did not test the dependency
* fix `podman system connection - tcp` flake
* vendor: bump c/storage to a747b27
* Fix instructions about setting storage driver on command-line
* Test README - point users to hack/bats
* System test: quadlet kube basic test
* Fixed `podman update --pids-limit`
* podman-remote,bindings: trim context path correctly when its emptydir
* Quadlet Doc: Add section for .kube files
* e2e: fix containers_conf_test
* Allow '/' to prefix container names to match Docker
* Remove references to qcow2
* Fix typos in man page regarding transient storage mode.
* make: Use PYTHON var for .install.pre-commit
* Add containers.conf read-only flag support
* Explain that relabeling/chowning of volumes can take along time
* events: support 'die' filter
* infra/abi: refactor ContainerRm
* When in transient store mode, use rundir for bundlepath
* quadlet: Support Type=oneshot container files
* hacks/bats: keep QUADLET env var in test env
* New system tests for conflicting options
* Vendor in latest containers/(buildah, image, common)
* Output Size and Reclaimable in human form for json output
* podman service: close duplicated /dev/null fd
* ginkgo tests: apply ginkgolinter fixes
* Add support for hostPath and configMap subpath usage
* export: use io.Writer instead of file
* rootless: always create userns with euid != 0
* rootless: inhibit copy mapping for euid != 0
* pkg/domain/infra/abi: introduce `type containerWrapper`
* vendor: bump to buildah ca578b290144 and use new cache API
* quadlet: Handle booleans that have defaults better
* quadlet: Rename parser.LookupBoolean to LookupBooleanWithDefault
* Add podman-clean-transient.service service
* Stop recording annotations set to false
* Unify --noheading and -n to be consistent on all commands
* pkg/domain/infra/abi: add `getContainers`
* Update vendor of containters/(common, image)
* specfile: Drop user-add depedency from quadlet subpackage.
* quadlet: Default BINDIR to /usr/bin if tag not specified
* Quadlet: add network support
* Add comment for jsonMarshal command
* Always allow pushing from containers-storage
* libpod: move NetNS into state db instead of extra bucket
* Add initial system tests for quadlets
* quadlet: Add --user option
* libpod: remove CNI word were no longer applicable
* libpod: fix header length in http attach with logs
* podman-kube@ template: use `podman kube`
* build(deps): bump github.com/docker/docker
* wait: add --ignore option
* qudlet: Respect $PODMAN env var for podman binary
* e2e: Add assert-key-is-regex check to quadlet e2e testsuite
* e2e: Add some assert to quadlet test to make sure testcases are sane
* remove unmapped ports from inspect port bindings
* update podman-network-create for clarity
* Vendor in latest containers/common with default capabilities
* pkg/rootless: Change error text ...
* rootless: add cli validator
* rootless: define LIBEXECPODMAN
* doc: fix documentation for idmapped mounts
* bump golangci-lint to v1.50.1
* build(deps): bump github.com/onsi/gomega from 1.24.1 to 1.24.2
* [CI:DOCS] podman-mount: s/umount/unmount/
* create/pull --help: list pull policies
* Network Create: Add --ignore flag to support idempotent script
* Make qemu security model none
* libpod: use OCI idmappings for mounts
* stop reporting errors removing containers that don't exist
* test: added test from wait endpoint with to long label
* quadlet: Default VolatileTmp to off
* build(deps): bump github.com/ulikunitz/xz from 0.5.10 to 0.5.11
* docs/options/ipc: fix list syntax
* Docs: Add dedicated DOWNLOAD doc w/ links to bins
* Make a consistently-named windows installer
* checkpoint restore: fix --ignore-static-ip/mac
* add support for subpath in play kube for named volumes
* build(deps): bump golang.org/x/net from 0.2.0 to 0.4.0
* golangci-lint: remove three deprecated linters
* parse-localbenchmarks: separate standard deviation
* build(deps): bump golang.org/x/term from 0.2.0 to 0.3.0
* podman play kube support container startup probe
* Add podman buildx version support
* Cirrus: Collect benchmarks on machine instances
* Cirrus: Remove escape codes from log files
* [CI:DOCS] Clarify secret target behavior
* Fix typo on network docs
* podman-remote build add --volume support
* remote: allow --http-proxy for remote clients
* Cleanup kube play workloads if error happens
* health check: ignore dependencies of transient systemd units/timers
* fix: event read from syslog
* Fixes secret (un)marshaling for kube play.
* Remove 'you' from man pages
* build(deps): bump golang.org/x/tools from 0.3.0 to 0.4.0 in /test/tools
* [CI:DOCS] test/README.md: run tests with podman-remote
* e2e: keeps the http_proxy value
* Makefile: Add podman-mac-helper to darwin client zip
* test/e2e: enable 'podman run with ipam none driver' for nv
* [skip-ci] GHA/Cirrus-cron: Fix execution order
* kube sdnotify: run proxies for the lifespan of the service
* Update containers common package
* podman manpage: Use man-page links instead of file names
* e2e: fix e2e tests in proxy environment
* Fix test
* disable healthchecks automatically on non systemd systems
* Quadlet Kube: Add support for userns flag
* [CI:DOCS] Add warning about --opts,o with mount's -o
* Add podman system prune --external
* Add some tests for transient store
* runtime: In transient_store mode, move bolt_state.db to rundir
* runtime: Handle the transient store options
* libpod: Move the creation of TmpDir to an earlier time
* network create: support '-o parent=XXX' for ipvlan
* compat API: allow MacAddress on container config
* Quadlet Kube: Add support for relative path for YAML file
* notify k8s system test: move sending message into exec
* runtime: do not chown idmapped volumes
* quadlet: Drop ExecStartPre=rm %t/%N.cid
* Quadlet Kube: Set SyslogIdentifier if was not set
* Add a FreeBSD cross build to the cirrus alt build task
* Add completion for --init-ctr
* Fix handling of readonly containers when defined in kube.yaml
* Build cross-compilation fixes
* libpod: Track healthcheck API changes in healthcheck_unsupported.go
* quadlet: Use same default capability set as podman run
* quadlet: Drop --pull=never
* quadlet: Change default of ReadOnly to no
* quadlet: Change RunInit default to no
* quadlet: Change NoNewPrivileges default to false
* test: podman run with checkpoint image
* Enable 'podman run' for checkpoint images
* test: Add tests for checkpoint images
* CI setup: simplify environment passthrough code
* Init containers should not be restarted
* Update c/storage after https://github.com/containers/storage/pull/1436
* Set the latest release explicitly
* add friendly comment
* fix an overriding logic and load config problem
* Update the issue templates
* Update vendor of containers/(image, buildah)
* [CI:DOCS] Skip windows-smoke when not useful
* [CI:DOCS] Remove broken gate-container docs
* OWNERS: add Jason T. Greene
* hack/podmansnoop: print arguments
* Improve atomicity of VM state persistence on Windows
* [CI:BUILD] copr: enable podman-restart.service on rpm installation
* macos: pkg: Use -arm64 suffix instead of -aarch64
* linux: Add -linux suffix to podman-remote-static binaries
* linux: Build amd64 and arm64 podman-remote-static binaries
* container create: add inspect data to event
* Allow manual override of install location
* Run codespell on code
* Add missing parameters for checkpoint/restore endpoint
* Add support for startup healthchecks
* Add information on metrics to the `network create` docs
* Introduce podman machine os commands
* Document that ignoreRootFS depends on export/import
* Document ignoreVolumes in checkpoint/restore endpoint
* Remove leaveRunning from swagger restore endpoint
* libpod: Add checks to avoid nil pointer dereference if network setup fails
* Address golangci-lint issues
* Documenting Hyper-V QEMU acceleration settings
* Kube Play: fix the handling of the optional field of SecretVolumeSource
* Update Vendor of containers/(common, image, buildah)
* Fix swapped NetInput/-Output stats
* libpod: Use O_CLOEXEC for descriptors returned by (*Container).openDirectory
* chore: Fix MD for Troubleshooting Guide link in GitHub Issue Template
* test/tools: rebuild when files are changed
* ginkgo tests: apply ginkgolinter fixes
* ginkgo: restructure install work flow
* Fix manpage emphasis
* specgen: support CDI devices from containers.conf
* vendor: update containers/common
* pkg/trust: Take the default policy path from c/common/pkg/config
* Add validate-in-container target
* Adding encryption decryption feature
* container restart: clean up healthcheck state
* Add support for podman-remote manifest annotate
* Quadlet: Add support for .kube files
* Update vendor of containers/(buildah, common, storage, image)
* specgen: honor user namespace value
* [CI:DOCS] Migrate OSX Cross to M1
* quadlet: Rework uid/gid remapping
* GHA: Fix cirrus re-run workflow for other repos.
* ssh system test: skip until it becomes a test
* shell completion: fix hard coded network drivers
* libpod: Report network setup errors properly on FreeBSD
* E2E Tests: change the registry for the search test to avoid authentication
* pkginstaller: install podman-mac-helper by default
* Fix language. Mostly spelling a -> an
* podman machine: Propagate SSL_CERT_FILE and SSL_CERT_DIR to systemd environment.
* [CI:DOCS] Fix spelling and typos
* Modify man page of '--pids-limit' option to correct a default value.
* Update docs/source/markdown/podman-remote.1.md
* Update pkg/bindings/connection.go
* Add more documentation on UID/GID Mappings with --userns=keep-id
* support podman-remote to connect tcpURL with proxy
* Removing the RawInput from the API output
* fix port issues for CONTAINER_HOST
* CI: Package versions: run in the 'main' step
* build(deps): bump github.com/rootless-containers/rootlesskit
* pkg/domain: Make checkExecPreserveFDs platform-specific
* e2e tests: fix restart race
* Fix podman --noout to suppress all output
* remove pod if creation has failed
* pkg/rootless: Implement rootless.IsFdInherited on FreeBSD
* Fix more podman-logs flakes
* healthcheck system tests: try to fix flake
* libpod: treat ESRCH from /proc/PID/cgroup as ENOENT
* GHA: Configure workflows for reuse
* compat,build: handle docker's preconfigured cacheTo,cacheFrom
* docs: deprecate pasta network name
* utils: Enable cgroup utils for FreeBSD
* pkg/specgen: Disable kube play tests on FreeBSD
* libpod/lock: Fix build and tests for SHM locks on FreeBSD
* podman cp: fix copying with '.' suffix
* pkginstaller: bump Qemu to version 7.1.0
* specgen,wasm: switch to crun-wasm wherever applicable
* vendor: bump c/common to v0.50.2-0.20221111184705-791b83e1cdf1
* libpod: Make unit test for statToPercent Linux only
* Update vendor of containers/storage
* fix connection usage with containers.conf
* Add --quiet and --no-info flags to podman machine start
* Add hidden podman manifest inspect -v option
* Add podman volume create -d short option for driver
* Vendor in latest containers/(common,image,storage)
* Add podman system events alias to podman events
* Fix search_test to return correct version of alpine
* GHA: Fix undefined secret env. var.
* Release notes for 4.3.1
* GHA: Fix make_email-body script reference
* Add release keys to README
* GHA: Fix typo setting output parameter
* GHA: Fix typo.
* New tool, docs/version-check
* Formalize our compare-against-docker mechanism
* Add restart-sec for container service files
* test/tools: bump module to go 1.17
* contrib/cirrus/check_go_changes.sh: ignore test/tools/vendor
* build(deps): bump golang.org/x/tools from 0.1.12 to 0.2.0 in /test/tools
* libpod: Add FreeBSD support in packageVersion
* Allow podman manigest push --purge|-p as alias for --rm
* [CI:DOCS] Add performance tutorial
* [CI:DOCS] Fix build targets in build_osx.md.
* fix --format {{json .}} output to match docker
* remote: fix manifest add --annotation
* Skip test if `--events-backend` is necessary with podman-remote
* kube play: update the handling of PersistentVolumeClaim
* system tests: fix a system test in proxy environment
* Use single unqualified search registry on Windows
* test/system: Add, use tcp_port_probe() to check for listeners rather than binds
* test/system: Add tests for pasta(1) connectivity
* test/system: Move network-related helpers to helpers.network.bash
* test/system: Use procfs to find bound ports, with optional address and protocol
* test/system: Use port_is_free() from wait_for_port()
* libpod: Add pasta networking mode
* More log-flake work
* Fix test flakes caused by improper podman-logs
* fix incorrect systemd booted check
* Cirrus: Add tests for GHA scripts
* GHA: Update scripts to pass shellcheck
* Cirrus: Shellcheck github-action scripts
* Cirrus: shellcheck support for github-action scripts
* GHA: Fix cirrus-cron scripts
* Makefile: don't install to tmpfiles.d on FreeBSD
* Make sure we can build and read each line of docker py's api client
* Docker compat build api - make sure only one line appears per flush
* Run codespell on code
* Update vendor of containers/(image, storage, common)
* Allow namespace path network option for pods.
* Cirrus: Never skip running Windows Cross task
* GHA: Auto. re-run failed cirrus-cron builds once
* GHA: Migrate inline script to file
* GHA: Simplify script reference
* test/e2e: do not use apk in builds
* remove container/pod id file along with container/pod
* Cirrus: Synchronize windows image
* Add --insecure,--tls-verify,--verbose flags to podman manifest inspect
* runtime: add check for valid pod systemd cgroup
* CI: set and verify DESIRED_NETWORK (netavark, cni)
* [CI:DOCS] troubleshooting: document keep-id options
* Man pages: refactor common options: --security-opt
* Cirrus: Guarantee CNI testing w/o nv/av present
* Cirrus: temp. disable all Ubuntu testing
* Cirrus: Update to F37beta
* buildah bud tests: better handling of remote
* quadlet: Warn in generator if using short names
* Add Windows Smoke Testing
* Add podman kube apply command
* docs: offer advice on installing test dependencies
* Fix documentation on read-only-tmpfs
* version bump to 4.4.0-dev
* deps: bump go-criu to v6
* Makefile: Add cross build targets for freebsd
* pkg/machine: Make this build on FreeBSD/arm64
* pkg/rctl: Remove unused cgo dependency
* man pages: assorted underscore fixes
* Upgrade GitHub actions packages from v2 to v3
* vendor github.com/godbus/dbus/v5@4b691ce
* [CI:DOCS] fix --tmpdir typos
* Do not report that /usr/share/containers/storage.conf has been edited.
* Eval symlinks on XDG_RUNTIME_DIR
* hack/podmansnoop
* rootless: support keep-id with one mapping
* rootless: add argument to GetConfiguredMappings
* Update vendor containers/(common,storage,buildah,image)
* Fix deadlock between 'podman ps' and 'container inspect' commands
* Add information about where the libpod/boltdb database lives
* Consolidate the dependencies for the IsTerminal() API
* Ensure that StartAndAttach locks while sending signals
* ginkgo testing: fix podman usernamespace join
* Test runners: nuke podman from $PATH before tests
* volumes: Fix idmap not working for volumes
* FIXME: Temporary workaround for ubi8 CI breakage
* System tests: teardown: clean up volumes
* update api versions on docs.podman.io
* system tests: runlabel: use podman-under-test
* system tests: podman network create: use random port
* sig-proxy test: bump timeout
* play kube: Allow the user to import the contents of a tar file into a volume
* Clarify the docs on DropCapability
* quadlet tests: Disable kmsg logging while testing
* quadlet: Support multiple Network=
* quadlet: Add support for Network=...
* Fix manpage for podman run --network option
* quadlet: Add support for AddDevice=
* quadlet: Add support for setting seccomp profile
* quadlet: Allow multiple elements on each Add/DropCaps line
* quadlet: Embed the correct binary name in the generated comment
* quadlet: Drop the SocketActivated key
* quadlet: Switch log-driver to passthrough
* quadlet: Change ReadOnly to default to enabled
* quadlet tests: Run the tests even for (exected) failed tests
* quadlet tests: Fix handling of stderr checks
* Remove unused script file
* notifyproxy: fix container watcher
* container/pod id file: truncate instead of throwing an error
* quadlet: Use the new podman create volume --ignore
* Add podman volume create --ignore
* logcollector: include aardvark-dns
* build(deps): bump github.com/stretchr/testify from 1.8.0 to 1.8.1
* build(deps): bump github.com/BurntSushi/toml from 1.2.0 to 1.2.1
* docs: generate systemd: point to kube template
* docs: kube play: mention restart policy
* Fixes: 15858 (podman system reset --force destroy machine)
* fix search flake
* use cached containers.conf
* adding regex support to the ancestor ps filter function
* Fix `system df` issues with `-f` and `-v`
* markdown-preprocess: cross-reference where opts are used
* Default qemu flags for Windows amd64
* build(deps): bump golang.org/x/text from 0.3.8 to 0.4.0
* Update main to reflect v4.3.0 release
* build(deps): bump github.com/docker/docker
* move quadlet packages into pkg/systemd
* system df: fix image-size calculations
* Add man page for quadlet
* Fix small typo
* testimage: add iproute2 & socat, for pasta networking
* Set up minikube for k8s testing
* Makefile: don't install systemd generator binaries on FreeBSD
* [CI:BUILD] copr: podman rpm should depend on containers-common-extra
* Podman image: Set default_sysctls to empty for rootless containers
* Don't use github.com/docker/distribution
* libpod: Add support for 'podman top' on FreeBSD
* libpod: Factor out jail name construction from stats_freebsd.go
* pkg/util: Add pid information descriptors for FreeBSD
* Initial quadlet version integrated in golang
* bump golangci-lint to v1.49.0
* Update vendor containers/(common,image,storage)
* Allow volume mount dups, iff source and dest dirs
* rootless: fix return value handling
* Change to correct break statements
* vendor containers/psgo@v1.8.0
* Clarify that MacOSX docs are client specific
* libpod: Factor out the call to PidFdOpen from (*Container).WaitForExit
* Add swagger install + allow version updates in CI
* Cirrus: Fix windows clone race
* build(deps): bump github.com/docker/docker
* kill: wait for the container
* generate systemd: set --stop-timeout for stopping containers
* hack/tree_status.sh: print diff at the end
* Fix markdown header typo
* markdown-preprocess: add generic include mechanism
* markdown-preprocess: almost complete OO rewrite
* Update tests for changed error messages
* Update c/image after https://github.com/containers/image/pull/1299
* Man pages: refactor common options (misc)
* Man pages: Refactor common options: --detach-keys
* vendor containers/storage@main
* Man pages: refactor common options: --attach
* build(deps): bump github.com/fsnotify/fsnotify from 1.5.4 to 1.6.0
* KillContainer: improve error message
* docs: add missing options
* Man pages: refactor common options: --annotation (manifest)
* build(deps): bump github.com/spf13/cobra from 1.5.0 to 1.6.0
* system tests: health-on-failure: fix broken logic
* build(deps): bump golang.org/x/text from 0.3.7 to 0.3.8
* build(deps): bump github.com/onsi/gomega from 1.20.2 to 1.22.1
* ContainerEngine.SetupRootless(): Avoid calling container.Config()
* Container filters: Avoid use of ctr.Config()
* Avoid unnecessary calls to Container.Spec()
* Add and use Container.LinuxResource() helper
* play kube: notifyproxy: listen before starting the pod
* play kube: add support for configmap binaryData
* Add and use libpod/Container.Terminal() helper
* Revert 'Add checkpoint image tests'
* Revert 'cmd/podman: add support for checkpoint images'
* healthcheck: fix --on-failure=stop
* Man pages: Add mention of behavior due to XDG_CONFIG_HOME
* build(deps): bump github.com/containers/ocicrypt from 1.1.5 to 1.1.6
* Avoid unnecessary timeout of 250msec when waiting on container shutdown
* health checks: make on-failure action retry aware
* libpod: Remove 100msec delay during shutdown
* libpod: Add support for 'podman pod' on FreeBSD
* libpod: Factor out cgroup validation from (*Runtime).NewPod
* libpod: Move runtime_pod_linux.go to runtime_pod_common.go
* specgen/generate: Avoid a nil dereference in MakePod
* libpod: Factor out cgroups handling from (*Pod).refresh
* Adds a link to OSX docs in CONTRIBUTING.md
* Man pages: refactor common options: --os-version
* Create full path to a directory when DirectoryOrCreate is used with play kube
* Return error in podman system service if URI scheme is not unix/tcp
* Man pages: refactor common options: --time
* man pages: document some --format options: images
* Clean up when stopping pods
* Update vendor of containers/buildah v1.28.0
* Proof of concept: nightly dependency treadmill
- Make the priority for picking the storage driver configurable (bsc#1197093)
ImportantSUSE bug 1197093SUSE bug 1208364SUSE bug 1208510SUSE bug 1209495CVE-2023-0778 at SUSECVE-2023-0778 at NVDcpe:/o:suse:sle-micro:5.4Security update for containerd (Moderate)SUSE Linux Enterprise Micro 5.4
This update for containerd fixes the following issues:
Update to containerd v1.6.19:
Security fixes:
- CVE-2023-25153: Fixed OCI image importer memory exhaustion (bnc#1208423).
- CVE-2023-25173: Fixed supplementary groups not set up properly (bnc#1208426).
ModerateSUSE bug 1208423SUSE bug 1208426CVE-2023-25153 at SUSECVE-2023-25153 at NVDCVE-2023-25173 at SUSECVE-2023-25173 at NVDcpe:/o:suse:sle-micro:5.4Security update for harfbuzz (Important)SUSE Linux Enterprise Micro 5.4
This update for harfbuzz fixes the following issues:
- CVE-2023-25193: Fixed vulnerability that allowed attackers to trigger O(n^2) growth via consecutive marks (bsc#1207922).
ImportantSUSE bug 1207922CVE-2023-25193 at SUSECVE-2023-25193 at NVDcpe:/o:suse:sle-micro:5.4Security update for wayland (Important)SUSE Linux Enterprise Micro 5.4
This update for wayland fixes the following issues:
- CVE-2021-3782: Fixed a reference-count overflow in libwayland-server SHM handling. (bsc#1190486)
ImportantSUSE bug 1190486CVE-2021-3782 at SUSECVE-2021-3782 at NVDcpe:/o:suse:sle-micro:5.4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.4
The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2023-1611: Fixed an use-after-free flaw in btrfs_search_slot (bsc#1209687).
- CVE-2023-1838: Fixed an use-after-free flaw in virtio network subcomponent. This flaw could allow a local attacker to crash the system and lead to a kernel information leak problem. (bsc#1210203).
- CVE-2023-0394: Fixed a null pointer dereference in the network subcomponent. This flaw could cause system crashes (bsc#1207168).
- CVE-2023-1513: Fixed an uninitialized portions of the kvm_debugregs structure that could be copied to userspace, causing an information leak (bsc#1209532).
- CVE-2017-5753: Fixed spectre V1 vulnerability on netlink (bsc#1209547).
- CVE-2017-5753: Fixed spectre vulnerability in prlimit (bsc#1209256).
- CVE-2023-28464: Fixed user-after-free that could lead to privilege escalation in hci_conn_cleanup in net/bluetooth/hci_conn.c (bsc#1209052).
- CVE-2023-28466: Fixed race condition that could lead to use-after-free or NULL pointer dereference in do_tls_getsockopt in net/tls/tls_main.c (bsc#1209366).
- CVE-2023-1637: Fixed vulnerability that could lead to unauthorized access to CPU memory after resuming CPU from suspend-to-RAM (bsc#1209779).
- CVE-2023-1652: Fixed use-after-free that could lead to DoS and information leak in nfsd4_ssc_setup_dul in fs/nfsd/nfs4proc.c (bsc#1209788).
- CVE-2022-4744: Fixed double-free that could lead to DoS or privilege escalation in TUN/TAP device driver functionality (bsc#1209635).
- CVE-2023-1281: Fixed use after free that could lead to privilege escalation in tcindex (bsc#1209634).
- CVE-2023-1582: Fixed soft lockup in __page_mapcount (bsc#1209636).
- CVE-2023-28327: Fixed DoS in in_skb in unix_diag_get_exact() (bsc#1209290).
- CVE-2023-23001: Fixed misinterpretation of regulator_get return value in drivers/scsi/ufs/ufs-mediatek.c (bsc#1208829).
The following non-security bugs were fixed:
- ACPI: x86: utils: Add Cezanne to the list for forcing StorageD3Enable (git-fixes).
- alarmtimer: Prevent starvation by small intervals and SIG_IGN (git-fixes)
- ALSA: asihpi: check pao in control_message() (git-fixes).
- ALSA: hda: intel-dsp-config: add MTL PCI id (git-fixes).
- ALSA: hda/ca0132: fixup buffer overrun at tuning_ctl_set() (git-fixes).
- ALSA: hda/conexant: Partial revert of a quirk for Lenovo (git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo X370SNW (git-fixes).
- ALSA: hda/realtek: Add quirk for Lenovo ZhaoYang CF4620Z (git-fixes).
- ALSA: hda/realtek: Add quirks for some Clevo laptops (git-fixes).
- ALSA: hda/realtek: fix mute/micmute LEDs do not work for a HP platform (git-fixes).
- ALSA: hda/realtek: fix mute/micmute LEDs for a HP ProBook (git-fixes).
- ALSA: hda/realtek: Fix support for Dell Precision 3260 (git-fixes).
- ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy Book2 Pro (git-fixes).
- ALSA: usb-audio: Fix recursive locking at XRUN during syncing (git-fixes).
- ALSA: usb-audio: Fix regression on detection of Roland VS-100 (git-fixes).
- ALSA: ymfpci: Fix BUG_ON in probe function (git-fixes).
- arch: fix broken BuildID for arm64 and riscv (bsc#1209798).
- ARM: dts: imx6sl: tolino-shine2hd: fix usbotg1 pinctrl (git-fixes).
- ARM: dts: imx6sll: e60k02: fix usbotg1 pinctrl (git-fixes).
- arm64: dts: freescale: Fix pca954x i2c-mux node names (git-fixes)
- arm64: dts: imx8mm-nitrogen-r2: fix WM8960 clock name (git-fixes).
- arm64: dts: imx8mn: specify #sound-dai-cells for SAI nodes (git-fixes).
- arm64: dts: imx8mp-phycore-som: Remove invalid PMIC property (git-fixes)
- arm64: dts: imx8mp: correct usb clocks (git-fixes)
- arm64: dts: imx8mq: add mipi csi phy and csi bridge descriptions (git-fixes)
- arm64: dts: imx8mq: fix mipi_csi bidirectional port numbers (git-fixes)
- arm64: dts: qcom: sm8350: Mark UFS controller as cache coherent (git-fixes).
- arm64/cpufeature: Fix field sign for DIT hwcap detection (git-fixes)
- ASoC: codecs: tx-macro: Fix for KASAN: slab-out-of-bounds (git-fixes).
- atm: idt77252: fix kmemleak when rmmod idt77252 (git-fixes).
- Bluetooth: btqcomsmd: Fix command timeout after setting BD address (git-fixes).
- Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work (git-fixes).
- Bluetooth: L2CAP: Fix responding with wrong PDU type (git-fixes).
- ca8210: fix mac_len negative array access (git-fixes).
- ca8210: Fix unsigned mac_len comparison with zero in ca8210_skb_tx() (git-fixes).
- can: bcm: bcm_tx_setup(): fix KMSAN uninit-value in vfs_write (git-fixes).
- can: isotp: isotp_ops: fix poll() to not report false EPOLLOUT events (git-fixes).
- can: j1939: j1939_tp_tx_dat_new(): fix out-of-bounds memory access (git-fixes).
- cifs: append path to open_enter trace event (bsc#1193629).
- cifs: avoid race conditions with parallel reconnects (bsc#1193629).
- cifs: avoid races in parallel reconnects in smb1 (bsc#1193629).
- cifs: check only tcon status on tcon related functions (bsc#1193629).
- cifs: do not poll server interfaces too regularly (bsc#1193629).
- cifs: double lock in cifs_reconnect_tcon() (git-fixes).
- cifs: dump pending mids for all channels in DebugData (bsc#1193629).
- cifs: empty interface list when server does not support query interfaces (bsc#1193629).
- cifs: fix dentry lookups in directory handle cache (bsc#1193629).
- cifs: fix DFS traversal oops without CONFIG_CIFS_DFS_UPCALL (bsc#1193629).
- cifs: fix missing unload_nls() in smb2_reconnect() (bsc#1193629).
- cifs: Fix smb2_set_path_size() (git-fixes).
- cifs: fix use-after-free bug in refresh_cache_worker() (bsc#1193629).
- cifs: generate signkey for the channel that's reconnecting (bsc#1193629).
- cifs: get rid of dead check in smb2_reconnect() (bsc#1193629).
- cifs: lock chan_lock outside match_session (bsc#1193629).
- cifs: Move the in_send statistic to __smb_send_rqst() (git-fixes).
- cifs: prevent infinite recursion in CIFSGetDFSRefer() (bsc#1193629).
- cifs: print session id while listing open files (bsc#1193629).
- cifs: return DFS root session id in DebugData (bsc#1193629).
- cifs: set DFS root session in cifs_get_smb_ses() (bsc#1193629).
- cifs: use DFS root session instead of tcon ses (bsc#1193629).
- clocksource/drivers/mediatek: Optimize systimer irq clear flow on shutdown (git-fixes).
- debugfs: add debugfs_lookup_and_remove() (git-fixes).
- drivers/base: Fix unsigned comparison to -1 in CPUMAP_FILE_MAX_BYTES (bsc#1208815).
- drivers/base: fix userspace break from using bin_attributes for cpumap and cpulist (bsc#1208815).
- drm/amd/display: Add DSC Support for Synaptics Cascaded MST Hub (git-fixes).
- drm/amd/display: fix shift-out-of-bounds in CalculateVMAndRowBytes (git-fixes).
- drm/amdkfd: Fix an illegal memory access (git-fixes).
- drm/bridge: lt8912b: return EPROBE_DEFER if bridge is not found (git-fixes).
- drm/etnaviv: fix reference leak when mmaping imported buffer (git-fixes).
- drm/i915: Do not use BAR mappings for ring buffers with LLC (git-fixes).
- drm/i915: Do not use stolen memory for ring buffers with LLC (git-fixes).
- drm/i915: Preserve crtc_state->inherited during state clearing (git-fixes).
- drm/i915: Remove unused bits of i915_vma/active api (git-fixes).
- drm/i915/active: Fix missing debug object activation (git-fixes).
- drm/i915/active: Fix misuse of non-idle barriers as fence trackers (git-fixes).
- drm/i915/display: clean up comments (git-fixes).
- drm/i915/display: Workaround cursor left overs with PSR2 selective fetch enabled (git-fixes).
- drm/i915/display/psr: Handle plane and pipe restrictions at every page flip (git-fixes).
- drm/i915/display/psr: Use drm damage helpers to calculate plane damaged area (git-fixes).
- drm/i915/gt: perform uc late init after probe error injection (git-fixes).
- drm/i915/psr: Use calculated io and fast wake lines (git-fixes).
- drm/i915/tc: Fix the ICL PHY ownership check in TC-cold state (git-fixes).
- drm/panfrost: Fix the panfrost_mmu_map_fault_addr() error path (git-fixes).
- dt-bindings: serial: renesas,scif: Fix 4th IRQ for 4-IRQ SCIFs (git-fixes).
- efi: sysfb_efi: Fix DMI quirks not working for simpledrm (git-fixes).
- fbdev: au1200fb: Fix potential divide by zero (git-fixes).
- fbdev: intelfb: Fix potential divide by zero (git-fixes).
- fbdev: lxfb: Fix potential divide by zero (git-fixes).
- fbdev: nvidia: Fix potential divide by zero (git-fixes).
- fbdev: stifb: Provide valid pixelclock and add fb_check_var() checks (git-fixes).
- fbdev: tgafb: Fix potential divide by zero (git-fixes).
- firmware: arm_scmi: Fix device node validation for mailbox transport (git-fixes).
- fotg210-udc: Add missing completion handler (git-fixes).
- ftrace: Fix invalid address access in lookup_rec() when index is 0 (git-fixes).
- ftrace: Fix issue that 'direct->addr' not restored in modify_ftrace_direct() (git-fixes).
- ftrace: Mark get_lock_parent_ip() __always_inline (git-fixes).
- gpio: davinci: Add irq chip flag to skip set wake (git-fixes).
- gpio: GPIO_REGMAP: select REGMAP instead of depending on it (git-fixes).
- HID: cp2112: Fix driver not registering GPIO IRQ chip as threaded (git-fixes).
- HID: intel-ish-hid: ipc: Fix potential use-after-free in work function (git-fixes).
- hwmon: fix potential sensor registration fail if of_node is missing (git-fixes).
- i2c: hisi: Only use the completion interrupt to finish the transfer (git-fixes).
- i2c: imx-lpi2c: check only for enabled interrupt flags (git-fixes).
- i2c: xgene-slimpro: Fix out-of-bounds bug in xgene_slimpro_i2c_xfer() (git-fixes).
- iio: adc: ad7791: fix IRQ flags (git-fixes).
- iio: adc: ti-ads7950: Set `can_sleep` flag for GPIO chip (git-fixes).
- iio: adis16480: select CONFIG_CRC32 (git-fixes).
- iio: dac: cio-dac: Fix max DAC write value check for 12-bit (git-fixes).
- iio: light: cm32181: Unregister second I2C client if present (git-fixes).
- Input: alps - fix compatibility with -funsigned-char (bsc#1209805).
- Input: focaltech - use explicitly signed char type (git-fixes).
- Input: goodix - add Lenovo Yoga Book X90F to nine_bytes_report DMI table (git-fixes).
- KABI FIX FOR: NFSv4: keep state manager thread active if swap is enabled (Never, kabi).
- kABI workaround for xhci (git-fixes).
- kABI: x86/msr: Remove .fixup usage (kabi).
- kconfig: Update config changed flag before calling callback (git-fixes).
- keys: Do not cache key in task struct if key is requested from kernel thread (git-fixes).
- KVM: x86: fix sending PV IPI (git-fixes).
- KVM: x86: fix sending PV IPI (git-fixes).
- lan78xx: Add missing return code checks (git-fixes).
- lan78xx: Fix exception on link speed change (git-fixes).
- lan78xx: Fix memory allocation bug (git-fixes).
- lan78xx: Fix partial packet errors on suspend/resume (git-fixes).
- lan78xx: Fix race condition in disconnect handling (git-fixes).
- lan78xx: Fix race conditions in suspend/resume handling (git-fixes).
- lan78xx: Fix white space and style issues (git-fixes).
- lan78xx: Remove unused pause frame queue (git-fixes).
- lan78xx: Remove unused timer (git-fixes).
- lan78xx: Set flow control threshold to prevent packet loss (git-fixes).
- lockd: set file_lock start and end when decoding nlm4 testargs (git-fixes).
- locking/rwbase: Mitigate indefinite writer starvation (bsc#1189998 (PREEMPT_RT prerequisite backports), bsc#1206552).
- mm: memcg: fix swapcached stat accounting (bsc#1209804).
- mm: mmap: remove newline at the end of the trace (git-fixes).
- mmc: atmel-mci: fix race between stop command and start of next command (git-fixes).
- mtd: rawnand: meson: fix bitmask for length in command word (git-fixes).
- mtd: rawnand: meson: invalidate cache on polling ECC bit (git-fixes).
- mtd: rawnand: stm32_fmc2: remove unsupported EDO mode (git-fixes).
- mtd: rawnand: stm32_fmc2: use timings.mode instead of checking tRC_min (git-fixes).
- mtdblock: tolerate corrected bit-flips (git-fixes).
- net: asix: fix modprobe 'sysfs: cannot create duplicate filename' (git-fixes).
- net: mdio: thunder: Add missing fwnode_handle_put() (git-fixes).
- net: phy: dp83869: fix default value for tx-/rx-internal-delay (git-fixes).
- net: phy: Ensure state transitions are processed from phy_stop() (git-fixes).
- net: phy: nxp-c45-tja11xx: fix MII_BASIC_CONFIG_REV bit (git-fixes).
- net: phy: smsc: bail out in lan87xx_read_status if genphy_read_status fails (git-fixes).
- net: qcom/emac: Fix use after free bug in emac_remove due to race condition (git-fixes).
- net: usb: asix: remove redundant assignment to variable reg (git-fixes).
- net: usb: cdc_mbim: avoid altsetting toggling for Telit FE990 (git-fixes).
- net: usb: lan78xx: Limit packet length to skb->len (git-fixes).
- net: usb: qmi_wwan: add Telit 0x1080 composition (git-fixes).
- net: usb: smsc75xx: Limit packet length to skb->len (git-fixes).
- net: usb: smsc75xx: Move packet length check to prevent kernel panic in skb_pull (git-fixes).
- net: usb: smsc95xx: Limit packet length to skb->len (git-fixes).
- net: usb: use eth_hw_addr_set() (git-fixes).
- NFS: Fix an Oops in nfs_d_automount() (git-fixes).
- NFS: fix disabling of swap (git-fixes).
- NFS4trace: fix state manager flag printing (git-fixes).
- NFSD: fix handling of readdir in v4root vs. mount upcall timeout (git-fixes).
- NFSD: fix leaked reference count of nfsd4_ssc_umount_item (git-fixes).
- NFSD: fix problems with cleanup on errors in nfsd4_copy (git-fixes).
- NFSD: fix race to check ls_layouts (git-fixes).
- NFSD: fix use-after-free in nfsd4_ssc_setup_dul() (git-fixes).
- NFSD: Protect against filesystem freezing (git-fixes).
- NFSD: shut down the NFSv4 state objects before the filecache (git-fixes).
- NFSD: under NFSv4.1, fix double svc_xprt_put on rpc_create failure (git-fixes).
- NFSD: zero out pointers after putting nfsd_files on COPY setup error (git-fixes).
- NFSv4: Fix a credential leak in _nfs4_discover_trunking() (git-fixes).
- NFSv4: Fix a deadlock between nfs4_open_recover_helper() and delegreturn (git-fixes).
- NFSv4: Fix hangs when recovering open state after a server reboot (git-fixes).
- NFSv4: keep state manager thread active if swap is enabled (git-fixes).
- NFSv4: provide mount option to toggle trunking discovery (git-fixes).
- NFSv4: Fix initialisation of struct nfs4_label (git-fixes).
- NFSv4: Fail client initialisation if state manager thread can't run (git-fixes).
- nilfs2: fix kernel-infoleak in nilfs_ioctl_wrap_copy() (git-fixes).
- nilfs2: fix sysfs interface lifetime (git-fixes).
- nvme-tcp: always fail a request when sending it failed (bsc#1208902).
- PCI: hv: Add a per-bus mutex state_lock (bsc#1207185).
- PCI: hv: fix a race condition bug in hv_pci_query_relations() (bsc#1207185).
- PCI: hv: Fix a race condition in hv_irq_unmask() that can cause panic (bsc#1207185).
- PCI: hv: Remove the useless hv_pcichild_state from struct hv_pci_dev (bsc#1207185).
- PCI: hv: Use async probing to reduce boot time (bsc#1207185).
- PCI/DPC: Await readiness of secondary bus after reset (git-fixes).
- pinctrl: amd: Disable and mask interrupts on resume (git-fixes).
- pinctrl: at91-pio4: fix domain name assignment (git-fixes).
- pinctrl: ocelot: Fix alt mode for ocelot (git-fixes).
- platform/chrome: cros_ec_chardev: fix kernel data leak from ioctl (git-fixes).
- platform/x86: think-lmi: add debug_cmd (bsc#1210050).
- platform/x86: think-lmi: add missing type attribute (git-fixes).
- platform/x86: think-lmi: Add possible_values for ThinkStation (git-fixes).
- platform/x86: think-lmi: Certificate authentication support (bsc#1210050).
- platform/x86: think-lmi: certificate support clean ups (bsc#1210050).
- platform/x86: think-lmi: Clean up display of current_value on Thinkstation (git-fixes).
- platform/x86: think-lmi: Fix memory leak when showing current settings (git-fixes).
- platform/x86: think-lmi: Fix memory leaks when parsing ThinkStation WMI strings (git-fixes).
- platform/x86: think-lmi: Move kobject_init() call into tlmi_create_auth() (bsc#1210050).
- platform/x86: think-lmi: only display possible_values if available (git-fixes).
- platform/x86: think-lmi: Opcode support (bsc#1210050).
- platform/x86: think-lmi: Prevent underflow in index_store() (bsc#1210050).
- platform/x86: think-lmi: Simplify tlmi_analyze() error handling a bit (bsc#1210050).
- platform/x86: think-lmi: use correct possible_values delimiters (git-fixes).
- platform/x86: think-lmi: Use min_t() for comparison and assignment (bsc#1210050).
- platform/x86: thinkpad_acpi: Accept ibm_init_struct.init() returning -ENODEV (bsc#1210050).
- platform/x86: thinkpad_acpi: Add a s2idle resume quirk for a number of laptops (bsc#1210050).
- platform/x86: thinkpad_acpi: Add dual fan probe (bsc#1210050).
- platform/x86: thinkpad_acpi: Add dual-fan quirk for T15g (2nd gen) (bsc#1210050).
- platform/x86: thinkpad_acpi: Add hotkey_notify_extended_hotkey() helper (bsc#1210050).
- platform/x86: thinkpad_acpi: Add LED_RETAIN_AT_SHUTDOWN to led_class_devs (bsc#1210050).
- platform/x86: thinkpad_acpi: Add lid_logo_dot to the list of safe LEDs (bsc#1210050).
- platform/x86: thinkpad_acpi: Add PSC mode support (bsc#1210050).
- platform/x86: thinkpad_acpi: Add quirk for ThinkPads without a fan (bsc#1210050).
- platform/x86: thinkpad_acpi: clean up dytc profile convert (bsc#1210050).
- platform/x86: thinkpad_acpi: Cleanup dytc_profile_available (bsc#1210050).
- platform/x86: thinkpad_acpi: consistently check fan_get_status return (bsc#1210050).
- platform/x86: thinkpad_acpi: Convert btusb DMI list to quirks (bsc#1210050).
- platform/x86: thinkpad_acpi: Convert platform driver to use dev_groups (bsc#1210050).
- platform/x86: thinkpad_acpi: Correct dual fan probe (bsc#1210050).
- platform/x86: thinkpad_acpi: do not use PSC mode on Intel platforms (bsc#1210050).
- platform/x86: thinkpad_acpi: Do not use test_bit on an integer (bsc#1210050).
- platform/x86: thinkpad_acpi: Enable s2idle quirk for 21A1 machine type (bsc#1210050).
- platform/x86: thinkpad_acpi: Explicitly set to balanced mode on startup (bsc#1210050).
- platform/x86: thinkpad_acpi: Fix a memory leak of EFCH MMIO resource (bsc#1210050).
- platform/x86: thinkpad_acpi: Fix coccinelle warnings (bsc#1210050).
- platform/x86: thinkpad_acpi: Fix compiler warning about uninitialized err variable (bsc#1210050).
- platform/x86: thinkpad_acpi: Fix incorrect use of platform profile on AMD platforms (bsc#1210050).
- platform/x86: thinkpad_acpi: Fix max_brightness of thinklight (bsc#1210050).
- platform/x86: thinkpad_acpi: Fix profile mode display in AMT mode (bsc#1210050).
- platform/x86: thinkpad_acpi: Fix profile modes on Intel platforms (bsc#1210050).
- platform/x86: thinkpad_acpi: Fix reporting a non present second fan on some models (bsc#1210050).
- platform/x86: thinkpad_acpi: Fix the hwmon sysfs-attr showing up in the wrong place (bsc#1210050).
- platform/x86: thinkpad_acpi: Fix thermal_temp_input_attr sorting (bsc#1210050).
- platform/x86: thinkpad_acpi: Fix thinklight LED brightness returning 255 (bsc#1210050).
- platform/x86: thinkpad_acpi: Get privacy-screen / lcdshadow ACPI handles only once (bsc#1210050).
- platform/x86: thinkpad_acpi: Make *_init() functions return -ENODEV instead of 1 (bsc#1210050).
- platform/x86: thinkpad_acpi: Properly indent code in tpacpi_dytc_profile_init() (bsc#1210050).
- platform/x86: thinkpad_acpi: Register tpacpi_pdriver after subdriver init (bsc#1210050).
- platform/x86: thinkpad_acpi: Remove 'goto err_exit' from hotkey_init() (bsc#1210050).
- platform/x86: thinkpad_acpi: Remove unused sensors_pdev_attrs_registered flag (bsc#1210050).
- platform/x86: thinkpad_acpi: Restore missing hotkey_tablet_mode and hotkey_radio_sw sysfs-attr (bsc#1210050).
- platform/x86: thinkpad_acpi: Simplify dytc_version handling (bsc#1210050).
- platform/x86: thinkpad_acpi: Switch to common use of attributes (bsc#1210050).
- platform/x86: thinkpad_acpi: tpacpi_attr_group contains driver attributes not device attrs (bsc#1210050).
- platform/x86: thinkpad_acpi: Use backlight helper (bsc#1210050).
- platform/x86: thinkpad_acpi: use strstarts() (bsc#1210050).
- platform/x86: thinkpad-acpi: Add support for automatic mode transitions (bsc#1210050).
- platform/x86: thinkpad-acpi: Enable AMT by default on supported systems (bsc#1210050).
- platform/x86: thinkpad-acpi: profile capabilities as integer (bsc#1210050).
- platform/x86/intel/pmc: Alder Lake PCH slp_s0_residency fix (git-fixes).
- pNFS/filelayout: Fix coalescing test for single DS (git-fixes).
- power: supply: da9150: Fix use after free bug in da9150_charger_remove due to race condition (git-fixes).
- powerpc: Remove linker flag from KBUILD_AFLAGS (bsc#1194869).
- powerpc/64s/interrupt: Fix interrupt exit race with security mitigation switch (bsc#1194869).
- powerpc/btext: add missing of_node_put (bsc#1065729).
- powerpc/ioda/iommu/debugfs: Generate unique debugfs entries (bsc#1194869).
- powerpc/iommu: Add missing of_node_put in iommu_init_early_dart (bsc#1194869).
- powerpc/iommu: fix memory leak with using debugfs_lookup() (bsc#1194869).
- powerpc/kcsan: Exclude udelay to prevent recursive instrumentation (bsc#1194869).
- powerpc/kexec_file: fix implicit decl error (bsc#1194869).
- powerpc/powernv: fix missing of_node_put in uv_init() (bsc#1194869).
- powerpc/powernv/ioda: Skip unallocated resources when mapping to PE (bsc#1065729).
- powerpc/pseries/lpar: add missing RTAS retry status handling (bsc#1109158 ltc#169177 git-fixes).
- powerpc/pseries/lparcfg: add missing RTAS retry status handling (bsc#1065729).
- powerpc/rtas: ensure 4KB alignment for rtas_data_buf (bsc#1065729).
- powerpc/vmlinux.lds: Define RUNTIME_DISCARD_EXIT (bsc#1194869).
- powerpc/vmlinux.lds: Do not discard .comment (bsc#1194869).
- powerpc/vmlinux.lds: Do not discard .rela* for relocatable builds (bsc#1194869).
- powerpc/xmon: Fix -Wswitch-unreachable warning in bpt_cmds (bsc#1194869).
- ppc64le: HWPOISON_INJECT=m (bsc#1209572).
- pwm: cros-ec: Explicitly set .polarity in .get_state() (git-fixes).
- pwm: sprd: Explicitly set .polarity in .get_state() (git-fixes).
- r8169: fix RTL8168H and RTL8107E rx crc error (git-fixes).
- rcu: Fix rcu_torture_read ftrace event (git-fixes).
- regulator: Handle deferred clk (git-fixes).
- ring-buffer: Fix race while reader and writer are on the same page (git-fixes).
- ring-buffer: Handle race between rb_move_tail and rb_check_pages (git-fixes).
- ring-buffer: remove obsolete comment for free_buffer_page() (git-fixes).
- rpm/constraints.in: increase the disk size for armv6/7 to 24GB It grows and the build fails recently on SLE15-SP4/5.
- s390/boot: simplify and fix kernel memory layout setup (bsc#1209600).
- s390/dasd: fix no record found for raw_track_access (bsc#1207574).
- s390/vfio-ap: fix memory leak in vfio_ap device driver (git-fixes).
- sbitmap: Avoid lockups when waker gets preempted (bsc#1209118).
- sched/psi: Fix use-after-free in ep_remove_wait_queue() (bsc#1209799).
- scsi: qla2xxx: Synchronize the IOCB count to be in order (bsc#1209292 bsc#1209684 bsc#1209556).
- sctp: sctp_sock_filter(): avoid list_entry() on possibly empty list (bsc#1208602, git-fixes).
- serial: 8250: ASPEED_VUART: select REGMAP instead of depending on it (git-fixes).
- serial: 8250: SERIAL_8250_ASPEED_VUART should depend on ARCH_ASPEED (git-fixes).
- serial: fsl_lpuart: Fix comment typo (git-fixes).
- smb3: fix unusable share after force unmount failure (bsc#1193629).
- smb3: lower default deferred close timeout to address perf regression (bsc#1193629).
- struct dwc3: mask new member (git-fixes).
- SUNRPC: ensure the matching upcall is in-flight upon downcall (git-fixes).
- SUNRPC: Fix a server shutdown leak (git-fixes).
- SUNRPC: Fix missing release socket in rpc_sockname() (git-fixes).
- thunderbolt: Add missing UNSET_INBOUND_SBTX for retimer access (git-fixes).
- thunderbolt: Call tb_check_quirks() after initializing adapters (git-fixes).
- thunderbolt: Disable interrupt auto clear for rings (git-fixes).
- thunderbolt: Rename shadowed variables bit to interrupt_bit and auto_clear_bit (git-fixes).
- thunderbolt: Use const qualifier for `ring_interrupt_index` (git-fixes).
- thunderbolt: Use scale field when allocating USB3 bandwidth (git-fixes).
- timers: Prevent union confusion from unexpected (git-fixes)
- trace/hwlat: Do not start per-cpu thread if it is already running (git-fixes).
- trace/hwlat: Do not wipe the contents of per-cpu thread data (git-fixes).
- trace/hwlat: make use of the helper function kthread_run_on_cpu() (git-fixes).
- tracing: Add NULL checks for buffer in ring_buffer_free_read_page() (git-fixes).
- tracing: Add trace_array_puts() to write into instance (git-fixes).
- tracing: Check field value in hist_field_name() (git-fixes).
- tracing: Do not let histogram values have some modifiers (git-fixes).
- tracing: Fix wrong return in kprobe_event_gen_test.c (git-fixes).
- tracing: Free error logs of tracing instances (git-fixes).
- tracing: Have tracing_snapshot_instance_cond() write errors to the appropriate instance (git-fixes).
- tracing: Make splice_read available again (git-fixes).
- tracing: Make tracepoint lockdep check actually test something (git-fixes).
- tracing/hwlat: Replace sched_setaffinity with set_cpus_allowed_ptr (git-fixes).
- tty: serial: fsl_lpuart: avoid checking for transfer complete when UARTCTRL_SBK is asserted in lpuart32_tx_empty (git-fixes).
- tty: serial: fsl_lpuart: skip waiting for transmission complete when UARTCTRL_SBK is asserted (git-fixes).
- tty: serial: sh-sci: Fix Rx on RZ/G2L SCI (git-fixes).
- tty: serial: sh-sci: Fix transmit end interrupt handler (git-fixes).
- uas: Add US_FL_NO_REPORT_OPCODES for JMicron JMS583Gen 2 (git-fixes).
- USB: cdns3: Fix issue with using incorrect PCI device function (git-fixes).
- USB: cdnsp: changes PCI Device ID to fix conflict with CNDS3 driver (git-fixes).
- USB: cdnsp: Fixes error: uninitialized symbol 'len' (git-fixes).
- USB: cdnsp: Fixes issue with redundant Status Stage (git-fixes).
- USB: chipdea: core: fix return -EINVAL if request role is the same with current role (git-fixes).
- USB: chipidea: fix memory leak with using debugfs_lookup() (git-fixes).
- USB: dwc2: fix a devres leak in hw_enable upon suspend resume (git-fixes).
- USB: dwc3: Fix a typo in field name (git-fixes).
- USB: dwc3: fix memory leak with using debugfs_lookup() (git-fixes).
- USB: dwc3: gadget: Add 1ms delay after end transfer command without IOC (git-fixes).
- USB: fix memory leak with using debugfs_lookup() (git-fixes).
- USB: fotg210: fix memory leak with using debugfs_lookup() (git-fixes).
- USB: gadget: bcm63xx_udc: fix memory leak with using debugfs_lookup() (git-fixes).
- USB: gadget: gr_udc: fix memory leak with using debugfs_lookup() (git-fixes).
- USB: gadget: lpc32xx_udc: fix memory leak with using debugfs_lookup() (git-fixes).
- USB: gadget: pxa25x_udc: fix memory leak with using debugfs_lookup() (git-fixes).
- USB: gadget: pxa27x_udc: fix memory leak with using debugfs_lookup() (git-fixes).
- USB: gadget: u_audio: do not let userspace block driver unbind (git-fixes).
- USB: isp116x: fix memory leak with using debugfs_lookup() (git-fixes).
- USB: isp1362: fix memory leak with using debugfs_lookup() (git-fixes).
- USB: sl811: fix memory leak with using debugfs_lookup() (git-fixes).
- USB: typec: altmodes/displayport: Fix configure initial pin assignment (git-fixes).
- USB: typec: tcpm: fix warning when handle discover_identity message (git-fixes).
- USB: ucsi: Fix NULL pointer deref in ucsi_connector_change() (git-fixes).
- USB: ucsi: Fix ucsi->connector race (git-fixes).
- USB: uhci: fix memory leak with using debugfs_lookup() (git-fixes).
- USB: xhci: tegra: fix sleep in atomic call (git-fixes).
- vdpa_sim: set last_used_idx as last_avail_idx in vdpasim_queue_ready (git-fixes).
- wifi: mac80211: fix invalid drv_sta_pre_rcu_remove calls for non-uploaded sta (git-fixes).
- wifi: mac80211: fix qos on mesh interfaces (git-fixes).
- wireguard: ratelimiter: use hrtimer in selftest (git-fixes)
- x86: Annotate call_on_stack() (git-fixes).
- x86: Annotate call_on_stack() (git-fixes).
- x86: link vdso and boot with -z noexecstack --no-warn-rwx-segments (bsc#1203200).
- x86/bug: Merge annotate_reachable() into _BUG_FLAGS() asm (git-fixes).
- x86/bug: Merge annotate_reachable() into _BUG_FLAGS() asm (git-fixes).
- x86/fpu: Cache xfeature flags from CPUID (git-fixes).
- x86/fpu: Remove unused supervisor only offsets (git-fixes).
- x86/fpu: Remove unused supervisor only offsets (git-fixes).
- x86/fpu/xsave: Handle compacted offsets correctly with supervisor states (git-fixes).
- x86/fpu/xsave: Handle compacted offsets correctly with supervisor states (git-fixes).
- x86/fpu/xstate: Fix the ARCH_REQ_XCOMP_PERM implementation (git-fixes).
- x86/fpu/xstate: Fix the ARCH_REQ_XCOMP_PERM implementation (git-fixes).
- x86/kvm: Do not use pv tlb/ipi/sched_yield if on 1 vCPU (git-fixes).
- x86/kvm: Do not use pv tlb/ipi/sched_yield if on 1 vCPU (git-fixes).
- x86/mce: Allow instrumentation during task work queueing (git-fixes).
- x86/mce: Allow instrumentation during task work queueing (git-fixes).
- x86/mce: Mark mce_end() noinstr (git-fixes).
- x86/mce: Mark mce_end() noinstr (git-fixes).
- x86/mce: Mark mce_panic() noinstr (git-fixes).
- x86/mce: Mark mce_panic() noinstr (git-fixes).
- x86/mce: Mark mce_read_aux() noinstr (git-fixes).
- x86/mce: Mark mce_read_aux() noinstr (git-fixes).
- x86/mce/inject: Avoid out-of-bounds write when setting flags (git-fixes).
- x86/mce/inject: Avoid out-of-bounds write when setting flags (git-fixes).
- x86/mm: Flush global TLB when switching to trampoline page-table (git-fixes).
- x86/mm: Flush global TLB when switching to trampoline page-table (git-fixes).
- x86/msr: Remove .fixup usage (git-fixes).
- x86/sgx: Free backing memory after faulting the enclave page (git-fixes).
- x86/sgx: Free backing memory after faulting the enclave page (git-fixes).
- x86/sgx: Silence softlockup detection when releasing large enclaves (git-fixes).
- x86/sgx: Silence softlockup detection when releasing large enclaves (git-fixes).
- x86/uaccess: Move variable into switch case statement (git-fixes).
- x86/uaccess: Move variable into switch case statement (git-fixes).
- xfs: convert ptag flags to unsigned (git-fixes).
- xfs: do not assert fail on perag references on teardown (git-fixes).
- xfs: do not leak btree cursor when insrec fails after a split (git-fixes).
- xfs: pass the correct cursor to xfs_iomap_prealloc_size (git-fixes).
- xfs: remove xfs_setattr_time() declaration (git-fixes).
- xfs: zero inode fork buffer at allocation (git-fixes).
- xhci: also avoid the XHCI_ZERO_64B_REGS quirk with a passthrough iommu (git-fixes).
- xhci: Free the command allocated for setting LPM if we return early (git-fixes).
- xirc2ps_cs: Fix use after free bug in xirc2ps_detach (git-fixes).
- xprtrdma: Fix regbuf data not freed in rpcrdma_req_create() (git-fixes).
ImportantSUSE bug 1065729SUSE bug 1109158SUSE bug 1189998SUSE bug 1193629SUSE bug 1194869SUSE bug 1203200SUSE bug 1206552SUSE bug 1207168SUSE bug 1207185SUSE bug 1207574SUSE bug 1208602SUSE bug 1208815SUSE bug 1208829SUSE bug 1208902SUSE bug 1209052SUSE bug 1209118SUSE bug 1209256SUSE bug 1209290SUSE bug 1209292SUSE bug 1209366SUSE bug 1209532SUSE bug 1209547SUSE bug 1209556SUSE bug 1209572SUSE bug 1209600SUSE bug 1209634SUSE bug 1209635SUSE bug 1209636SUSE bug 1209681SUSE bug 1209684SUSE bug 1209687SUSE bug 1209779SUSE bug 1209788SUSE bug 1209798SUSE bug 1209799SUSE bug 1209804SUSE bug 1209805SUSE bug 1210050SUSE bug 1210203CVE-2017-5753 at SUSECVE-2017-5753 at NVDCVE-2022-4744 at SUSECVE-2022-4744 at NVDCVE-2023-0394 at SUSECVE-2023-0394 at NVDCVE-2023-1281 at SUSECVE-2023-1281 at NVDCVE-2023-1513 at SUSECVE-2023-1513 at NVDCVE-2023-1582 at SUSECVE-2023-1582 at NVDCVE-2023-1611 at SUSECVE-2023-1611 at NVDCVE-2023-1637 at SUSECVE-2023-1637 at NVDCVE-2023-1652 at SUSECVE-2023-1652 at NVDCVE-2023-1838 at SUSECVE-2023-1838 at NVDCVE-2023-23001 at SUSECVE-2023-23001 at NVDCVE-2023-28327 at SUSECVE-2023-28327 at NVDCVE-2023-28464 at SUSECVE-2023-28464 at NVDCVE-2023-28466 at SUSECVE-2023-28466 at NVDcpe:/o:suse:sle-micro:5.4Security update for openssl-1_1 (Moderate)SUSE Linux Enterprise Micro 5.4
This update for openssl-1_1 fixes the following issues:
- CVE-2023-0465: Invalid certificate policies in leaf certificates were silently ignored (bsc#1209878).
- CVE-2023-0466: Certificate policy check were not enabled (bsc#1209873).
ModerateSUSE bug 1209873SUSE bug 1209878CVE-2023-0465 at SUSECVE-2023-0465 at NVDCVE-2023-0466 at SUSECVE-2023-0466 at NVDcpe:/o:suse:sle-micro:5.4Security update for dmidecode (Moderate)SUSE Linux Enterprise Micro 5.4
This update for dmidecode fixes the following issues:
- CVE-2023-30630: Fixed potential privilege escalation vulnerability via file overwrite (bsc#1210418).
ModerateSUSE bug 1210418CVE-2023-30630 at SUSECVE-2023-30630 at NVDcpe:/o:suse:sle-micro:5.4Security update for cdi-apiserver-container, cdi-cloner-container, cdi-controller-container, cdi-importer-container, cdi-operator-container, cdi-uploadproxy-container, cdi-uploadserver-container, containerized-data-importer (Moderate)SUSE Linux Enterprise Micro 5.4
This update for cdi-apiserver-container, cdi-cloner-container, cdi-controller-container, cdi-importer-container, cdi-operator-container, cdi-uploadproxy-container, cdi-uploadserver-container, containerized-data-importer fixes the following issues:
- build the containerized-data-importer with a supported golang compiler (bsc#1208916)
ModerateSUSE bug 1208916cpe:/o:suse:sle-micro:5.4Security update for kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container (Important)SUSE Linux Enterprise Micro 5.4
This update for kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container fixes the following issues:
- CVE-2023-26484: Limit operator secrets permission. (bsc#1209359)
kubevirt is also rebuilt with a supported GO compiler (bsc#1208916)
ImportantSUSE bug 1208916SUSE bug 1209359CVE-2023-26484 at SUSECVE-2023-26484 at NVDcpe:/o:suse:sle-micro:5.4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.4
The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2017-5753: Fixed spectre V1 vulnerability on netlink (bsc#1209547).
- CVE-2017-5753: Fixed spectre vulnerability in prlimit (bsc#1209256).
- CVE-2022-4744: Fixed double-free that could lead to DoS or privilege escalation in TUN/TAP device driver functionality (bsc#1209635).
- CVE-2023-0394: Fixed a null pointer dereference flaw in the network subcomponent in the Linux kernel which could lead to system crash (bsc#1207168).
- CVE-2023-1281: Fixed use after free that could lead to privilege escalation in tcindex (bsc#1209634).
- CVE-2023-1513: Fixed an uninitialized portions of the kvm_debugregs structure that could be copied to userspace, causing an information leak (bsc#1209532).
- CVE-2023-1582: Fixed soft lockup in __page_mapcount (bsc#1209636).
- CVE-2023-1611: Fixed an use-after-free flaw in btrfs_search_slot (bsc#1209687).
- CVE-2023-1637: Fixed vulnerability that could lead to unauthorized access to CPU memory after resuming CPU from suspend-to-RAM (bsc#1209779, bsc#1198400).
- CVE-2023-1652: Fixed use-after-free that could lead to DoS and information leak in nfsd4_ssc_setup_dul in fs/nfsd/nfs4proc.c (bsc#1209788).
- CVE-2023-1838: Fixed an use-after-free flaw in virtio network subcomponent. This flaw could allow a local attacker to crash the system and lead to a kernel information leak problem. (bsc#1210203).
- CVE-2023-23001: Fixed misinterpretation of regulator_get return value in drivers/scsi/ufs/ufs-mediatek.c (bsc#1208829).
- CVE-2023-28327: Fixed DoS in in_skb in unix_diag_get_exact() (bsc#1209290).
- CVE-2023-28464: Fixed user-after-free that could lead to privilege escalation in hci_conn_cleanup in net/bluetooth/hci_conn.c (bsc#1209052).
- CVE-2023-28466: Fixed race condition that could lead to use-after-free or NULL pointer dereference in do_tls_getsockopt in net/tls/tls_main.c (bsc#1209366).
The following non-security bugs were fixed:
- ACPI: x86: utils: Add Cezanne to the list for forcing StorageD3Enable (git-fixes).
- ALSA: asihpi: check pao in control_message() (git-fixes).
- ALSA: hda/ca0132: fixup buffer overrun at tuning_ctl_set() (git-fixes).
- ALSA: hda/conexant: Partial revert of a quirk for Lenovo (git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo X370SNW (git-fixes).
- ALSA: hda/realtek: Add quirk for Lenovo ZhaoYang CF4620Z (git-fixes).
- ALSA: hda/realtek: Add quirks for some Clevo laptops (git-fixes).
- ALSA: hda/realtek: Fix support for Dell Precision 3260 (git-fixes).
- ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy Book2 Pro (git-fixes).
- ALSA: hda/realtek: fix mute/micmute LEDs do not work for a HP platform (git-fixes).
- ALSA: hda/realtek: fix mute/micmute LEDs for a HP ProBook (git-fixes).
- ALSA: hda: intel-dsp-config: add MTL PCI id (git-fixes).
- ALSA: usb-audio: Fix recursive locking at XRUN during syncing (git-fixes).
- ALSA: usb-audio: Fix regression on detection of Roland VS-100 (git-fixes).
- ALSA: ymfpci: Fix BUG_ON in probe function (git-fixes).
- ARM: dts: imx6sl: tolino-shine2hd: fix usbotg1 pinctrl (git-fixes).
- ARM: dts: imx6sll: e60k02: fix usbotg1 pinctrl (git-fixes).
- ASoC: codecs: tx-macro: Fix for KASAN: slab-out-of-bounds (git-fixes).
- Bluetooth: L2CAP: Fix responding with wrong PDU type (git-fixes).
- Bluetooth: btqcomsmd: Fix command timeout after setting BD address (git-fixes).
- Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work (git-fixes).
- Fix error path in pci-hyperv to unlock the mutex state_lock
- HID: cp2112: Fix driver not registering GPIO IRQ chip as threaded (git-fixes).
- HID: intel-ish-hid: ipc: Fix potential use-after-free in work function (git-fixes).
- Input: alps - fix compatibility with -funsigned-char (bsc#1209805).
- Input: focaltech - use explicitly signed char type (git-fixes).
- Input: goodix - add Lenovo Yoga Book X90F to nine_bytes_report DMI table (git-fixes).
- KABI FIX FOR: NFSv4: keep state manager thread active if swap is enabled (Never, kabi).
- KVM: x86: fix sending PV IPI (git-fixes).
- NFS: Fix an Oops in nfs_d_automount() (git-fixes).
- NFS: fix disabling of swap (git-fixes).
- NFSD: Protect against filesystem freezing (git-fixes).
- NFSD: fix leaked reference count of nfsd4_ssc_umount_item (git-fixes).
- NFSD: fix problems with cleanup on errors in nfsd4_copy (git-fixes).
- NFSD: fix use-after-free in nfsd4_ssc_setup_dul() (git-fixes).
- NFSd: fix handling of readdir in v4root vs. mount upcall timeout (git-fixes).
- NFSd: fix race to check ls_layouts (git-fixes).
- NFSd: shut down the NFSv4 state objects before the filecache (git-fixes).
- NFSd: under NFSv4.1, fix double svc_xprt_put on rpc_create failure (git-fixes).
- NFSd: zero out pointers after putting nfsd_files on COPY setup error (git-fixes).
- NFSv4.1 provide mount option to toggle trunking discovery (git-fixes).
- NFSv4.2: Fix initialisation of struct nfs4_label (git-fixes).
- NFSv4.x: Fail client initialisation if state manager thread can't run (git-fixes).
- NFSv4: Fix a credential leak in _nfs4_discover_trunking() (git-fixes).
- NFSv4: Fix a deadlock between nfs4_open_recover_helper() and delegreturn (git-fixes).
- NFSv4: Fix hangs when recovering open state after a server reboot (git-fixes).
- NFSv4: fix state manager flag printing (git-fixes).
- NFSv4: keep state manager thread active if swap is enabled (git-fixes).
- PCI/DPC: Await readiness of secondary bus after reset (git-fixes).
- PCI: hv: Add a per-bus mutex state_lock (bsc#1207185).
- PCI: hv: Fix a race condition in hv_irq_unmask() that can cause panic (bsc#1207185).
- PCI: hv: Remove the useless hv_pcichild_state from struct hv_pci_dev (bsc#1207185).
- PCI: hv: Use async probing to reduce boot time (bsc#1207185).
- PCI: hv: fix a race condition bug in hv_pci_query_relations() (bsc#1207185).
- SUNRPC: Fix a server shutdown leak (git-fixes).
- SUNRPC: Fix missing release socket in rpc_sockname() (git-fixes).
- SUNRPC: ensure the matching upcall is in-flight upon downcall (git-fixes).
- USB: cdns3: Fix issue with using incorrect PCI device function (git-fixes).
- USB: cdnsp: Fixes error: uninitialized symbol 'len' (git-fixes).
- USB: cdnsp: Fixes issue with redundant Status Stage (git-fixes).
- USB: cdnsp: changes PCI Device ID to fix conflict with CNDS3 driver (git-fixes).
- USB: chipdea: core: fix return -EINVAL if request role is the same with current role (git-fixes).
- USB: chipidea: fix memory leak with using debugfs_lookup() (git-fixes).
- USB: dwc2: fix a devres leak in hw_enable upon suspend resume (git-fixes).
- USB: dwc3: Fix a typo in field name (git-fixes).
- USB: dwc3: fix memory leak with using debugfs_lookup() (git-fixes).
- USB: dwc3: gadget: Add 1ms delay after end transfer command without IOC (git-fixes).
- USB: fix memory leak with using debugfs_lookup() (git-fixes).
- USB: fotg210: fix memory leak with using debugfs_lookup() (git-fixes).
- USB: gadget: bcm63xx_udc: fix memory leak with using debugfs_lookup() (git-fixes).
- USB: gadget: gr_udc: fix memory leak with using debugfs_lookup() (git-fixes).
- USB: gadget: lpc32xx_udc: fix memory leak with using debugfs_lookup() (git-fixes).
- USB: gadget: pxa25x_udc: fix memory leak with using debugfs_lookup() (git-fixes).
- USB: gadget: pxa27x_udc: fix memory leak with using debugfs_lookup() (git-fixes).
- USB: gadget: u_audio: do not let userspace block driver unbind (git-fixes).
- USB: isp116x: fix memory leak with using debugfs_lookup() (git-fixes).
- USB: isp1362: fix memory leak with using debugfs_lookup() (git-fixes).
- USB: sl811: fix memory leak with using debugfs_lookup() (git-fixes).
- USB: typec: altmodes/displayport: Fix configure initial pin assignment (git-fixes).
- USB: typec: tcpm: fix warning when handle discover_identity message (git-fixes).
- USB: ucsi: Fix NULL pointer deref in ucsi_connector_change() (git-fixes).
- USB: ucsi: Fix ucsi->connector race (git-fixes).
- USB: uhci: fix memory leak with using debugfs_lookup() (git-fixes).
- USB: xhci: tegra: fix sleep in atomic call (git-fixes).
- alarmtimer: Prevent starvation by small intervals and SIG_IGN (git-fixes)
- arch: fix broken BuildID for arm64 and riscv (bsc#1209798).
- arm64/cpufeature: Fix field sign for DIT hwcap detection (git-fixes)
- arm64: dts: freescale: Fix pca954x i2c-mux node names (git-fixes)
- arm64: dts: imx8mm-nitrogen-r2: fix WM8960 clock name (git-fixes).
- arm64: dts: imx8mn: specify #sound-dai-cells for SAI nodes (git-fixes).
- arm64: dts: imx8mp-phycore-som: Remove invalid PMIC property (git-fixes)
- arm64: dts: imx8mp: correct usb clocks (git-fixes)
- arm64: dts: imx8mq: add mipi csi phy and csi bridge descriptions (git-fixes)
- arm64: dts: imx8mq: fix mipi_csi bidirectional port numbers (git-fixes)
- arm64: dts: qcom: sm8350: Mark UFS controller as cache coherent (git-fixes).
- atm: idt77252: fix kmemleak when rmmod idt77252 (git-fixes).
- ca8210: Fix unsigned mac_len comparison with zero in ca8210_skb_tx() (git-fixes).
- ca8210: fix mac_len negative array access (git-fixes).
- can: bcm: bcm_tx_setup(): fix KMSAN uninit-value in vfs_write (git-fixes).
- can: isotp: isotp_ops: fix poll() to not report false EPOLLOUT events (git-fixes).
- can: j1939: j1939_tp_tx_dat_new(): fix out-of-bounds memory access (git-fixes).
- cifs: Fix smb2_set_path_size() (git-fixes).
- cifs: Move the in_send statistic to __smb_send_rqst() (git-fixes).
- cifs: append path to open_enter trace event (bsc#1193629).
- cifs: avoid race conditions with parallel reconnects (bsc#1193629).
- cifs: avoid races in parallel reconnects in smb1 (bsc#1193629).
- cifs: check only tcon status on tcon related functions (bsc#1193629).
- cifs: do not poll server interfaces too regularly (bsc#1193629).
- cifs: double lock in cifs_reconnect_tcon() (git-fixes).
- cifs: dump pending mids for all channels in DebugData (bsc#1193629).
- cifs: empty interface list when server does not support query interfaces (bsc#1193629).
- cifs: fix DFS traversal oops without CONFIG_CIFS_DFS_UPCALL (bsc#1193629).
- cifs: fix dentry lookups in directory handle cache (bsc#1193629).
- cifs: fix missing unload_nls() in smb2_reconnect() (bsc#1193629).
- cifs: fix use-after-free bug in refresh_cache_worker() (bsc#1193629).
- cifs: generate signkey for the channel that's reconnecting (bsc#1193629).
- cifs: get rid of dead check in smb2_reconnect() (bsc#1193629).
- cifs: lock chan_lock outside match_session (bsc#1193629).
- cifs: prevent infinite recursion in CIFSGetDFSRefer() (bsc#1193629).
- cifs: print session id while listing open files (bsc#1193629).
- cifs: return DFS root session id in DebugData (bsc#1193629).
- cifs: set DFS root session in cifs_get_smb_ses() (bsc#1193629).
- cifs: use DFS root session instead of tcon ses (bsc#1193629).
- clocksource/drivers/mediatek: Optimize systimer irq clear flow on shutdown (git-fixes).
- debugfs: add debugfs_lookup_and_remove() (git-fixes).
- drivers/base: Fix unsigned comparison to -1 in CPUMAP_FILE_MAX_BYTES (bsc#1208815).
- drivers/base: fix userspace break from using bin_attributes for cpumap and cpulist (bsc#1208815).
- drm/amd/display: Add DSC Support for Synaptics Cascaded MST Hub (git-fixes).
- drm/amd/display: fix shift-out-of-bounds in CalculateVMAndRowBytes (git-fixes).
- drm/amdkfd: Fix an illegal memory access (git-fixes).
- drm/bridge: lt8912b: return EPROBE_DEFER if bridge is not found (git-fixes).
- drm/etnaviv: fix reference leak when mmaping imported buffer (git-fixes).
- drm/i915/active: Fix missing debug object activation (git-fixes).
- drm/i915/active: Fix misuse of non-idle barriers as fence trackers (git-fixes).
- drm/i915/display/psr: Handle plane and pipe restrictions at every page flip (git-fixes).
- drm/i915/display/psr: Use drm damage helpers to calculate plane damaged area (git-fixes).
- drm/i915/display: Workaround cursor left overs with PSR2 selective fetch enabled (git-fixes).
- drm/i915/display: clean up comments (git-fixes).
- drm/i915/gt: perform uc late init after probe error injection (git-fixes).
- drm/i915/psr: Use calculated io and fast wake lines (git-fixes).
- drm/i915/tc: Fix the ICL PHY ownership check in TC-cold state (git-fixes).
- drm/i915: Do not use BAR mappings for ring buffers with LLC (git-fixes).
- drm/i915: Do not use stolen memory for ring buffers with LLC (git-fixes).
- drm/i915: Preserve crtc_state->inherited during state clearing (git-fixes).
- drm/i915: Remove unused bits of i915_vma/active api (git-fixes).
- drm/panfrost: Fix the panfrost_mmu_map_fault_addr() error path (git-fixes).
- dt-bindings: serial: renesas,scif: Fix 4th IRQ for 4-IRQ SCIFs (git-fixes).
- efi: sysfb_efi: Fix DMI quirks not working for simpledrm (git-fixes).
- fbdev: au1200fb: Fix potential divide by zero (git-fixes).
- fbdev: intelfb: Fix potential divide by zero (git-fixes).
- fbdev: lxfb: Fix potential divide by zero (git-fixes).
- fbdev: nvidia: Fix potential divide by zero (git-fixes).
- fbdev: stifb: Provide valid pixelclock and add fb_check_var() checks (git-fixes).
- fbdev: tgafb: Fix potential divide by zero (git-fixes).
- firmware: arm_scmi: Fix device node validation for mailbox transport (git-fixes).
- fotg210-udc: Add missing completion handler (git-fixes).
- ftrace: Fix invalid address access in lookup_rec() when index is 0 (git-fixes).
- ftrace: Fix issue that 'direct->addr' not restored in modify_ftrace_direct() (git-fixes).
- ftrace: Mark get_lock_parent_ip() __always_inline (git-fixes).
- gpio: GPIO_REGMAP: select REGMAP instead of depending on it (git-fixes).
- gpio: davinci: Add irq chip flag to skip set wake (git-fixes).
- hwmon: fix potential sensor registration fail if of_node is missing (git-fixes).
- i2c: hisi: Only use the completion interrupt to finish the transfer (git-fixes).
- i2c: imx-lpi2c: check only for enabled interrupt flags (git-fixes).
- i2c: xgene-slimpro: Fix out-of-bounds bug in xgene_slimpro_i2c_xfer() (git-fixes).
- iio: adc: ad7791: fix IRQ flags (git-fixes).
- iio: adc: ti-ads7950: Set `can_sleep` flag for GPIO chip (git-fixes).
- iio: adis16480: select CONFIG_CRC32 (git-fixes).
- iio: dac: cio-dac: Fix max DAC write value check for 12-bit (git-fixes).
- iio: light: cm32181: Unregister second I2C client if present (git-fixes).
- kABI workaround for xhci (git-fixes).
- kABI: x86/msr: Remove .fixup usage (kabi).
- kconfig: Update config changed flag before calling callback (git-fixes).
- keys: Do not cache key in task struct if key is requested from kernel thread (git-fixes).
- lan78xx: Add missing return code checks (git-fixes).
- lan78xx: Fix exception on link speed change (git-fixes).
- lan78xx: Fix memory allocation bug (git-fixes).
- lan78xx: Fix partial packet errors on suspend/resume (git-fixes).
- lan78xx: Fix race condition in disconnect handling (git-fixes).
- lan78xx: Fix race conditions in suspend/resume handling (git-fixes).
- lan78xx: Fix white space and style issues (git-fixes).
- lan78xx: Remove unused pause frame queue (git-fixes).
- lan78xx: Remove unused timer (git-fixes).
- lan78xx: Set flow control threshold to prevent packet loss (git-fixes).
- lockd: set file_lock start and end when decoding nlm4 testargs (git-fixes).
- locking/rwbase: Mitigate indefinite writer starvation (bsc#1189998 (PREEMPT_RT prerequisite backports), bsc#1206552).
- mm: memcg: fix swapcached stat accounting (bsc#1209804).
- mm: mmap: remove newline at the end of the trace (git-fixes).
- mmc: atmel-mci: fix race between stop command and start of next command (git-fixes).
- mtd: rawnand: meson: fix bitmask for length in command word (git-fixes).
- mtd: rawnand: meson: invalidate cache on polling ECC bit (git-fixes).
- mtd: rawnand: stm32_fmc2: remove unsupported EDO mode (git-fixes).
- mtd: rawnand: stm32_fmc2: use timings.mode instead of checking tRC_min (git-fixes).
- mtdblock: tolerate corrected bit-flips (git-fixes).
- net: asix: fix modprobe 'sysfs: cannot create duplicate filename' (git-fixes).
- net: mdio: thunder: Add missing fwnode_handle_put() (git-fixes).
- net: phy: Ensure state transitions are processed from phy_stop() (git-fixes).
- net: phy: dp83869: fix default value for tx-/rx-internal-delay (git-fixes).
- net: phy: nxp-c45-tja11xx: fix MII_BASIC_CONFIG_REV bit (git-fixes).
- net: phy: smsc: bail out in lan87xx_read_status if genphy_read_status fails (git-fixes).
- net: qcom/emac: Fix use after free bug in emac_remove due to race condition (git-fixes).
- net: usb: asix: remove redundant assignment to variable reg (git-fixes).
- net: usb: cdc_mbim: avoid altsetting toggling for Telit FE990 (git-fixes).
- net: usb: lan78xx: Limit packet length to skb->len (git-fixes).
- net: usb: qmi_wwan: add Telit 0x1080 composition (git-fixes).
- net: usb: smsc75xx: Limit packet length to skb->len (git-fixes).
- net: usb: smsc75xx: Move packet length check to prevent kernel panic in skb_pull (git-fixes).
- net: usb: smsc95xx: Limit packet length to skb->len (git-fixes).
- net: usb: use eth_hw_addr_set() (git-fixes).
- nilfs2: fix kernel-infoleak in nilfs_ioctl_wrap_copy() (git-fixes).
- nilfs2: fix sysfs interface lifetime (git-fixes).
- nvme-tcp: always fail a request when sending it failed (bsc#1208902).
- pNFS/filelayout: Fix coalescing test for single DS (git-fixes).
- pinctrl: amd: Disable and mask interrupts on resume (git-fixes).
- pinctrl: at91-pio4: fix domain name assignment (git-fixes).
- pinctrl: ocelot: Fix alt mode for ocelot (git-fixes).
- platform/chrome: cros_ec_chardev: fix kernel data leak from ioctl (git-fixes).
- platform/x86/intel/pmc: Alder Lake PCH slp_s0_residency fix (git-fixes).
- platform/x86: think-lmi: Add possible_values for ThinkStation (git-fixes).
- platform/x86: think-lmi: Certificate authentication support (bsc#1210050).
- platform/x86: think-lmi: Clean up display of current_value on Thinkstation (git-fixes).
- platform/x86: think-lmi: Fix memory leak when showing current settings (git-fixes).
- platform/x86: think-lmi: Fix memory leaks when parsing ThinkStation WMI strings (git-fixes).
- platform/x86: think-lmi: Move kobject_init() call into tlmi_create_auth() (bsc#1210050).
- platform/x86: think-lmi: Opcode support (bsc#1210050).
- platform/x86: think-lmi: Prevent underflow in index_store() (bsc#1210050).
- platform/x86: think-lmi: Simplify tlmi_analyze() error handling a bit (bsc#1210050).
- platform/x86: think-lmi: Use min_t() for comparison and assignment (bsc#1210050).
- platform/x86: think-lmi: add debug_cmd (bsc#1210050).
- platform/x86: think-lmi: add missing type attribute (git-fixes).
- platform/x86: think-lmi: certificate support clean ups (bsc#1210050).
- platform/x86: think-lmi: only display possible_values if available (git-fixes).
- platform/x86: think-lmi: use correct possible_values delimiters (git-fixes).
- platform/x86: thinkpad-acpi: Add support for automatic mode transitions (bsc#1210050).
- platform/x86: thinkpad-acpi: Enable AMT by default on supported systems (bsc#1210050).
- platform/x86: thinkpad-acpi: profile capabilities as integer (bsc#1210050).
- platform/x86: thinkpad_acpi: Accept ibm_init_struct.init() returning -ENODEV (bsc#1210050).
- platform/x86: thinkpad_acpi: Add LED_RETAIN_AT_SHUTDOWN to led_class_devs (bsc#1210050).
- platform/x86: thinkpad_acpi: Add PSC mode support (bsc#1210050).
- platform/x86: thinkpad_acpi: Add a s2idle resume quirk for a number of laptops (bsc#1210050).
- platform/x86: thinkpad_acpi: Add dual fan probe (bsc#1210050).
- platform/x86: thinkpad_acpi: Add dual-fan quirk for T15g (2nd gen) (bsc#1210050).
- platform/x86: thinkpad_acpi: Add hotkey_notify_extended_hotkey() helper (bsc#1210050).
- platform/x86: thinkpad_acpi: Add lid_logo_dot to the list of safe LEDs (bsc#1210050).
- platform/x86: thinkpad_acpi: Add quirk for ThinkPads without a fan (bsc#1210050).
- platform/x86: thinkpad_acpi: Cleanup dytc_profile_available (bsc#1210050).
- platform/x86: thinkpad_acpi: Convert btusb DMI list to quirks (bsc#1210050).
- platform/x86: thinkpad_acpi: Convert platform driver to use dev_groups (bsc#1210050).
- platform/x86: thinkpad_acpi: Correct dual fan probe (bsc#1210050).
- platform/x86: thinkpad_acpi: Do not use test_bit on an integer (bsc#1210050).
- platform/x86: thinkpad_acpi: Enable s2idle quirk for 21A1 machine type (bsc#1210050).
- platform/x86: thinkpad_acpi: Explicitly set to balanced mode on startup (bsc#1210050).
- platform/x86: thinkpad_acpi: Fix a memory leak of EFCH MMIO resource (bsc#1210050).
- platform/x86: thinkpad_acpi: Fix coccinelle warnings (bsc#1210050).
- platform/x86: thinkpad_acpi: Fix compiler warning about uninitialized err variable (bsc#1210050).
- platform/x86: thinkpad_acpi: Fix incorrect use of platform profile on AMD platforms (bsc#1210050).
- platform/x86: thinkpad_acpi: Fix max_brightness of thinklight (bsc#1210050).
- platform/x86: thinkpad_acpi: Fix profile mode display in AMT mode (bsc#1210050).
- platform/x86: thinkpad_acpi: Fix profile modes on Intel platforms (bsc#1210050).
- platform/x86: thinkpad_acpi: Fix reporting a non present second fan on some models (bsc#1210050).
- platform/x86: thinkpad_acpi: Fix the hwmon sysfs-attr showing up in the wrong place (bsc#1210050).
- platform/x86: thinkpad_acpi: Fix thermal_temp_input_attr sorting (bsc#1210050).
- platform/x86: thinkpad_acpi: Fix thinklight LED brightness returning 255 (bsc#1210050).
- platform/x86: thinkpad_acpi: Get privacy-screen / lcdshadow ACPI handles only once (bsc#1210050).
- platform/x86: thinkpad_acpi: Make *_init() functions return -ENODEV instead of 1 (bsc#1210050).
- platform/x86: thinkpad_acpi: Properly indent code in tpacpi_dytc_profile_init() (bsc#1210050).
- platform/x86: thinkpad_acpi: Register tpacpi_pdriver after subdriver init (bsc#1210050).
- platform/x86: thinkpad_acpi: Remove 'goto err_exit' from hotkey_init() (bsc#1210050).
- platform/x86: thinkpad_acpi: Remove unused sensors_pdev_attrs_registered flag (bsc#1210050).
- platform/x86: thinkpad_acpi: Restore missing hotkey_tablet_mode and hotkey_radio_sw sysfs-attr (bsc#1210050).
- platform/x86: thinkpad_acpi: Simplify dytc_version handling (bsc#1210050).
- platform/x86: thinkpad_acpi: Switch to common use of attributes (bsc#1210050).
- platform/x86: thinkpad_acpi: Use backlight helper (bsc#1210050).
- platform/x86: thinkpad_acpi: clean up dytc profile convert (bsc#1210050).
- platform/x86: thinkpad_acpi: consistently check fan_get_status return (bsc#1210050).
- platform/x86: thinkpad_acpi: do not use PSC mode on Intel platforms (bsc#1210050).
- platform/x86: thinkpad_acpi: tpacpi_attr_group contains driver attributes not device attrs (bsc#1210050).
- platform/x86: thinkpad_acpi: use strstarts() (bsc#1210050).
- power: supply: da9150: Fix use after free bug in da9150_charger_remove due to race condition (git-fixes).
- powerpc/64s/interrupt: Fix interrupt exit race with security mitigation switch (bsc#1194869).
- powerpc/btext: add missing of_node_put (bsc#1065729).
- powerpc/ioda/iommu/debugfs: Generate unique debugfs entries (bsc#1194869).
- powerpc/iommu: Add missing of_node_put in iommu_init_early_dart (bsc#1194869).
- powerpc/iommu: fix memory leak with using debugfs_lookup() (bsc#1194869).
- powerpc/kcsan: Exclude udelay to prevent recursive instrumentation (bsc#1194869).
- powerpc/kexec_file: fix implicit decl error (bsc#1194869).
- powerpc/powernv/ioda: Skip unallocated resources when mapping to PE (bsc#1065729).
- powerpc/powernv: fix missing of_node_put in uv_init() (bsc#1194869).
- powerpc/pseries/lpar: add missing RTAS retry status handling (bsc#1109158 ltc#169177 git-fixes).
- powerpc/pseries/lparcfg: add missing RTAS retry status handling (bsc#1065729).
- powerpc/rtas: ensure 4KB alignment for rtas_data_buf (bsc#1065729).
- powerpc/vmlinux.lds: Define RUNTIME_DISCARD_EXIT (bsc#1194869).
- powerpc/vmlinux.lds: Do not discard .comment (bsc#1194869).
- powerpc/vmlinux.lds: Do not discard .rela* for relocatable builds (bsc#1194869).
- powerpc/xmon: Fix -Wswitch-unreachable warning in bpt_cmds (bsc#1194869).
- powerpc: Remove linker flag from KBUILD_AFLAGS (bsc#1194869).
- ppc64le: HWPOISON_INJECT=m (bsc#1209572).
- pwm: cros-ec: Explicitly set .polarity in .get_state() (git-fixes).
- pwm: sprd: Explicitly set .polarity in .get_state() (git-fixes).
- r8169: fix RTL8168H and RTL8107E rx crc error (git-fixes).
- rcu: Fix rcu_torture_read ftrace event (git-fixes).
- ring-buffer: Fix race while reader and writer are on the same page (git-fixes).
- ring-buffer: Handle race between rb_move_tail and rb_check_pages (git-fixes).
- ring-buffer: remove obsolete comment for free_buffer_page() (git-fixes).
- s390/boot: simplify and fix kernel memory layout setup (bsc#1209600).
- s390/dasd: fix no record found for raw_track_access (bsc#1207574).
- s390/vfio-ap: fix memory leak in vfio_ap device driver (git-fixes).
- sbitmap: Avoid lockups when waker gets preempted (bsc#1209118).
- sched/psi: Fix use-after-free in ep_remove_wait_queue() (bsc#1209799).
- scsi: qla2xxx: Synchronize the IOCB count to be in order (bsc#1209292 bsc#1209684 bsc#1209556).
- sctp: sctp_sock_filter(): avoid list_entry() on possibly empty list (bsc#1208602, git-fixes).
- serial: 8250: ASPEED_VUART: select REGMAP instead of depending on it (git-fixes).
- serial: 8250: SERIAL_8250_ASPEED_VUART should depend on ARCH_ASPEED (git-fixes).
- serial: fsl_lpuart: Fix comment typo (git-fixes).
- smb3: fix unusable share after force unmount failure (bsc#1193629).
- smb3: lower default deferred close timeout to address perf regression (bsc#1193629).
- struct dwc3: mask new member (git-fixes).
- thunderbolt: Add missing UNSET_INBOUND_SBTX for retimer access (git-fixes).
- thunderbolt: Call tb_check_quirks() after initializing adapters (git-fixes).
- thunderbolt: Disable interrupt auto clear for rings (git-fixes).
- thunderbolt: Rename shadowed variables bit to interrupt_bit and auto_clear_bit (git-fixes).
- thunderbolt: Use const qualifier for `ring_interrupt_index` (git-fixes).
- thunderbolt: Use scale field when allocating USB3 bandwidth (git-fixes).
- timers: Prevent union confusion from unexpected (git-fixes)
- trace/hwlat: Do not start per-cpu thread if it is already running (git-fixes).
- trace/hwlat: Do not wipe the contents of per-cpu thread data (git-fixes).
- trace/hwlat: make use of the helper function kthread_run_on_cpu() (git-fixes).
- tracing: Add trace_array_puts() to write into instance (git-fixes).
- tracing: Fix wrong return in kprobe_event_gen_test.c (git-fixes).
- tracing: Free error logs of tracing instances (git-fixes).
- tracing: Have tracing_snapshot_instance_cond() write errors to the appropriate instance (git-fixes).
- tty: serial: fsl_lpuart: avoid checking for transfer complete when UARTCTRL_SBK is asserted in lpuart32_tx_empty (git-fixes).
- tty: serial: fsl_lpuart: skip waiting for transmission complete when UARTCTRL_SBK is asserted (git-fixes).
- tty: serial: sh-sci: Fix Rx on RZ/G2L SCI (git-fixes).
- tty: serial: sh-sci: Fix transmit end interrupt handler (git-fixes).
- uas: Add US_FL_NO_REPORT_OPCODES for JMicron JMS583Gen 2 (git-fixes).
- vdpa_sim: set last_used_idx as last_avail_idx in vdpasim_queue_ready (git-fixes).
- wifi: mac80211: fix invalid drv_sta_pre_rcu_remove calls for non-uploaded sta (git-fixes).
- wifi: mac80211: fix qos on mesh interfaces (git-fixes).
- wireguard: ratelimiter: use hrtimer in selftest (git-fixes)
- x86/bug: Merge annotate_reachable() into _BUG_FLAGS() asm (git-fixes).
- x86/fpu/xsave: Handle compacted offsets correctly with supervisor states (git-fixes).
- x86/fpu/xstate: Fix the ARCH_REQ_XCOMP_PERM implementation (git-fixes).
- x86/fpu: Cache xfeature flags from CPUID (git-fixes).
- x86/fpu: Remove unused supervisor only offsets (git-fixes).
- x86/kvm: Do not use pv tlb/ipi/sched_yield if on 1 vCPU (git-fixes).
- x86/mce/inject: Avoid out-of-bounds write when setting flags (git-fixes).
- x86/mce: Allow instrumentation during task work queueing (git-fixes).
- x86/mce: Mark mce_end() noinstr (git-fixes).
- x86/mce: Mark mce_panic() noinstr (git-fixes).
- x86/mce: Mark mce_read_aux() noinstr (git-fixes).
- x86/mm: Flush global TLB when switching to trampoline page-table (git-fixes).
- x86/msr: Remove .fixup usage (git-fixes).
- x86/sgx: Free backing memory after faulting the enclave page (git-fixes).
- x86/sgx: Silence softlockup detection when releasing large enclaves (git-fixes).
- x86/uaccess: Move variable into switch case statement (git-fixes).
- x86: Annotate call_on_stack() (git-fixes).
- x86: link vdso and boot with -z noexecstack --no-warn-rwx-segments (bsc#1203200).
- xfs: convert ptag flags to unsigned (git-fixes).
- xfs: do not assert fail on perag references on teardown (git-fixes).
- xfs: do not leak btree cursor when insrec fails after a split (git-fixes).
- xfs: pass the correct cursor to xfs_iomap_prealloc_size (git-fixes).
- xfs: remove xfs_setattr_time() declaration (git-fixes).
- xfs: zero inode fork buffer at allocation (git-fixes).
- xhci: Free the command allocated for setting LPM if we return early (git-fixes).
- xhci: also avoid the XHCI_ZERO_64B_REGS quirk with a passthrough iommu (git-fixes).
- xirc2ps_cs: Fix use after free bug in xirc2ps_detach (git-fixes).
- xprtrdma: Fix regbuf data not freed in rpcrdma_req_create() (git-fixes).
ImportantSUSE bug 1065729SUSE bug 1109158SUSE bug 1189998SUSE bug 1193629SUSE bug 1194869SUSE bug 1198400SUSE bug 1203200SUSE bug 1206552SUSE bug 1207168SUSE bug 1207185SUSE bug 1207574SUSE bug 1208602SUSE bug 1208815SUSE bug 1208829SUSE bug 1208902SUSE bug 1209052SUSE bug 1209118SUSE bug 1209256SUSE bug 1209290SUSE bug 1209292SUSE bug 1209366SUSE bug 1209532SUSE bug 1209547SUSE bug 1209556SUSE bug 1209572SUSE bug 1209600SUSE bug 1209634SUSE bug 1209635SUSE bug 1209636SUSE bug 1209681SUSE bug 1209684SUSE bug 1209687SUSE bug 1209779SUSE bug 1209788SUSE bug 1209798SUSE bug 1209799SUSE bug 1209804SUSE bug 1209805SUSE bug 1210050SUSE bug 1210203CVE-2017-5753 at SUSECVE-2017-5753 at NVDCVE-2022-4744 at SUSECVE-2022-4744 at NVDCVE-2023-0394 at SUSECVE-2023-0394 at NVDCVE-2023-1281 at SUSECVE-2023-1281 at NVDCVE-2023-1513 at SUSECVE-2023-1513 at NVDCVE-2023-1582 at SUSECVE-2023-1582 at NVDCVE-2023-1611 at SUSECVE-2023-1611 at NVDCVE-2023-1637 at SUSECVE-2023-1637 at NVDCVE-2023-1652 at SUSECVE-2023-1652 at NVDCVE-2023-1838 at SUSECVE-2023-1838 at NVDCVE-2023-23001 at SUSECVE-2023-23001 at NVDCVE-2023-28327 at SUSECVE-2023-28327 at NVDCVE-2023-28464 at SUSECVE-2023-28464 at NVDCVE-2023-28466 at SUSECVE-2023-28466 at NVDcpe:/o:suse:sle-micro:5.4Security update for avahi (Moderate)SUSE Linux Enterprise Micro 5.4
This update for avahi fixes the following issues:
- CVE-2023-1981: Fixed crash in avahi-daemon (bsc#1210328).
ModerateSUSE bug 1210328CVE-2023-1981 at SUSECVE-2023-1981 at NVDcpe:/o:suse:sle-micro:5.4Security update for runc (Important)SUSE Linux Enterprise Micro 5.4
This update for runc fixes the following issues:
Update to runc v1.1.5:
Security fixes:
- CVE-2023-25809: Fixed rootless `/sys/fs/cgroup` is writable when cgroupns isn't unshared (bnc#1209884).
- CVE-2023-27561: Fixed regression that reintroduced CVE-2019-19921 vulnerability (bnc#1208962).
- CVE-2023-28642: Fixed AppArmor/SELinux bypass with symlinked /proc (bnc#1209888).
Other fixes:
- Fix the inability to use `/dev/null` when inside a container.
- Fix changing the ownership of host's `/dev/null` caused by fd redirection (bsc#1168481).
- Fix rare runc exec/enter unshare error on older kernels.
- nsexec: Check for errors in `write_log()`.
- Drop version-specific Go requirement.
ImportantSUSE bug 1168481SUSE bug 1208962SUSE bug 1209884SUSE bug 1209888CVE-2023-25809 at SUSECVE-2023-25809 at NVDCVE-2023-27561 at SUSECVE-2023-27561 at NVDCVE-2023-28642 at SUSECVE-2023-28642 at NVDcpe:/o:suse:sle-micro:5.4Security update for openssl-ibmca (Moderate)SUSE Linux Enterprise Micro 5.4
This update for openssl-ibmca fixes the following issues:
Upgraded openssl-ibmca to version 2.4.0 (bsc#1210058)
- Provider: Adjustments for OpenSSL versions 3.1 and 3.2
- Provider: Support RSA blinding
- Provider: Constant-time fixes for RSA PKCS#1 v1.5 and OAEP padding
- Provider: Support 'implicit rejection' option for RSA PKCS#1 v1.5 padding
- Provider: Adjustments in OpenSSL config generator and example configs
- Engine: EC: Cache ICA key in EC_KEY object (performance improvement)
- FIPS 140-3: Correct engine handling so only the ciphers selected in the config file are activated (bsc#1210359)
ModerateSUSE bug 1210058SUSE bug 1210359cpe:/o:suse:sle-micro:5.4Security update for libtpms (Important)SUSE Linux Enterprise Micro 5.4
This update for libtpms fixes the following issues:
- CVE-2023-1017: Fixed out-of-bounds write in CryptParameterDecryption (bsc#1206022).
- CVE-2023-1018: Fixed out-of-bounds read in CryptParameterDecryption (bsc#1206023).
ImportantSUSE bug 1206022SUSE bug 1206023CVE-2023-1017 at SUSECVE-2023-1017 at NVDCVE-2023-1018 at SUSECVE-2023-1018 at NVDcpe:/o:suse:sle-micro:5.4Security update for libxml2 (Moderate)SUSE Linux Enterprise Micro 5.4
This update for libxml2 fixes the following issues:
- CVE-2023-29469: Fixed inconsistent result when hashing empty strings (bsc#1210412).
- CVE-2023-28484: Fixed NULL pointer dereference in xmlSchemaFixupComplexType (bsc#1210411).
The following non-security bug was fixed:
- Remove unneeded dependency (bsc#1209918).
ModerateSUSE bug 1209918SUSE bug 1210411SUSE bug 1210412CVE-2023-28484 at SUSECVE-2023-28484 at NVDCVE-2023-29469 at SUSECVE-2023-29469 at NVDcpe:/o:suse:sle-micro:5.4Security update for glib2 (Moderate)SUSE Linux Enterprise Micro 5.4
This update for glib2 fixes the following issues:
- CVE-2023-24593: Fixed a denial of service caused by handling a malicious text-form variant (bsc#1209714).
- CVE-2023-25180: Fixed a denial of service caused by malicious serialised variant (bsc#1209713).
The following non-security bug was fixed:
- Fixed regression on s390x (bsc#1210135, glgo#GNOME/glib!2978).
ModerateSUSE bug 1209713SUSE bug 1209714SUSE bug 1210135CVE-2023-24593 at SUSECVE-2023-24593 at NVDCVE-2023-25180 at SUSECVE-2023-25180 at NVDcpe:/o:suse:sle-micro:5.4Security update for installation-images (Moderate)SUSE Linux Enterprise Micro 5.4
This update of installation-images fixes the following issues:
- rebuild the package with the new secure boot key (bsc#1209188).
ModerateSUSE bug 1209188cpe:/o:suse:sle-micro:5.4Security update for shim (Important)SUSE Linux Enterprise Micro 5.4
This update for shim fixes the following issues:
- CVE-2022-28737 was missing as reference previously.
- Upgrade shim-install for bsc#1210382
After closing Leap-gap project since Leap 15.3, openSUSE Leap direct
uses shim from SLE. So the ca_string is 'SUSE Linux Enterprise Secure Boot
CA1', not 'openSUSE Secure Boot CA1'. It causes that the update_boot=no,
so all files in /boot/efi/EFI/boot are not updated.
Logic was added that is using ID field in os-release for
checking Leap distro and set ca_string to 'SUSE Linux Enterprise Secure
Boot CA1'. Then /boot/efi/EFI/boot/* can also be updated.
ImportantSUSE bug 1210382CVE-2022-28737 at SUSECVE-2022-28737 at NVDcpe:/o:suse:sle-micro:5.4Security update for vim (Moderate)SUSE Linux Enterprise Micro 5.4
This update for vim fixes the following issues:
Updated to version 9.0 with patch level 1443, fixes the following security problems
- CVE-2023-1264: Fixed NULL Pointer Dereference (bsc#1209042).
- CVE-2023-1355: Fixed NULL Pointer Dereference (bsc#1209187).
- CVE-2023-1127: Fixed divide by zero in scrolldown() (bsc#1208828).
ModerateSUSE bug 1208828SUSE bug 1209042SUSE bug 1209187CVE-2023-1127 at SUSECVE-2023-1127 at NVDCVE-2023-1264 at SUSECVE-2023-1264 at NVDCVE-2023-1355 at SUSECVE-2023-1355 at NVDcpe:/o:suse:sle-micro:5.4Security update for ncurses (Moderate)SUSE Linux Enterprise Micro 5.4
This update for ncurses fixes the following issues:
- CVE-2023-29491: Fixed memory corruption issues when processing malformed terminfo data (bsc#1210434).
ModerateSUSE bug 1210434CVE-2023-29491 at SUSECVE-2023-29491 at NVDcpe:/o:suse:sle-micro:5.4Security update for ignition (Important)SUSE Linux Enterprise Micro 5.4
This update of ignition fixes the following issues:
- rebuild the package with the go 19.9 secure release (bsc#1200441).
ImportantSUSE bug 1200441cpe:/o:suse:sle-micro:5.4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.4
The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2023-2235: A use-after-free vulnerability in the Performance Events system can be exploited to achieve local privilege escalation (bsc#1210986).
- CVE-2022-2196: Fixed a regression related to KVM that allowed for speculative execution attacks (bsc#1206992).
- CVE-2023-23006: Fixed NULL checking against IS_ERR in dr_domain_init_resources (bsc#1208845).
- CVE-2023-1670: Fixed a use after free in the Xircom 16-bit PCMCIA Ethernet driver. A local user could use this flaw to crash the system or potentially escalate their privileges on the system (bsc#1209871).
- CVE-2023-2176: A vulnerability was found in compare_netdev_and_ip in drivers/infiniband/core/cma.c in RDMA. The improper cleanup results in out-of-boundary read, where a local user can utilize this problem to crash the system or escalation of privilege (bsc#1210629).
- CVE-2023-0386: A flaw was found where unauthorized access to the execution of the setuid file with capabilities was found in the OverlayFS subsystem, when a user copies a capable file from a nosuid mount into another mount. This uid mapping bug allowed a local user to escalate their privileges on the system (bsc#1209615).
- CVE-2023-1998: Fixed a use after free during login when accessing the shost ipaddress (bsc#1210506).
- CVE-2023-1855: Fixed a use after free in xgene_hwmon_remove (bsc#1210202).
- CVE-2023-30772: Fixed a race condition and resultant use-after-free in da9150_charger_remove (bsc#1210329).
- CVE-2023-2019: A flaw was found in the netdevsim device driver, more specifically within the scheduling of events. This issue results from the improper management of a reference count and may lead to a denial of service (bsc#1210454).
- CVE-2023-2008: A flaw was found in the fault handler of the udmabuf device driver. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code (bsc#1210453).
- CVE-2023-1989: Fixed a use after free in btsdio_remove (bsc#1210336).
- CVE-2023-1990: Fixed a use after free in ndlc_remove (bsc#1210337).
The following non-security bugs were fixed:
- ACPI: CPPC: Disable FIE if registers in PCC regions (bsc#1210953).
- ACPI: VIOT: Initialize the correct IOMMU fwspec (git-fixes).
- ACPI: resource: Add Medion S17413 to IRQ override quirk (git-fixes).
- ALSA: emu10k1: do not create old pass-through playback device on Audigy (git-fixes).
- ALSA: emu10k1: fix capture interrupt handler unlinking (git-fixes).
- ALSA: firewire-tascam: add missing unwind goto in snd_tscm_stream_start_duplex() (git-fixes).
- ALSA: hda/cirrus: Add extra 10 ms delay to allow PLL settle and lock (git-fixes).
- ALSA: hda/realtek: Add quirks for Lenovo Z13/Z16 Gen2 (git-fixes).
- ALSA: hda/realtek: Enable mute/micmute LEDs and speaker support for HP Laptops (git-fixes).
- ALSA: hda/realtek: Remove specific patch for Dell Precision 3260 (git-fixes).
- ALSA: hda/realtek: fix mute/micmute LEDs for a HP ProBook (git-fixes).
- ALSA: hda/realtek: fix speaker, mute/micmute LEDs not work on a HP platform (git-fixes).
- ALSA: hda/sigmatel: add pin overrides for Intel DP45SG motherboard (git-fixes).
- ALSA: hda/sigmatel: fix S/PDIF out on Intel D*45* motherboards (git-fixes).
- ALSA: hda: cs35l41: Enable Amp High Pass Filter (git-fixes).
- ALSA: hda: patch_realtek: add quirk for Asus N7601ZM (git-fixes).
- ALSA: i2c/cs8427: fix iec958 mixer control deactivation (git-fixes).
- ARM: 9290/1: uaccess: Fix KASAN false-positives (git-fixes).
- ARM: dts: exynos: fix WM8960 clock name in Itop Elite (git-fixes).
- ARM: dts: gta04: fix excess dma channel usage (git-fixes).
- ARM: dts: qcom: ipq4019: Fix the PCI I/O port range (git-fixes).
- ARM: dts: rockchip: fix a typo error for rk3288 spdif node (git-fixes).
- ARM: dts: s5pv210: correct MIPI CSIS clock name (git-fixes).
- ASN.1: Fix check for strdup() success (git-fixes).
- ASoC: cs35l41: Only disable internal boost (git-fixes).
- ASoC: es8316: Handle optional IRQ assignment (git-fixes).
- ASoC: fsl_asrc_dma: fix potential null-ptr-deref (git-fixes).
- ASoC: fsl_mqs: move of_node_put() to the correct location (git-fixes).
- Bluetooth: Fix race condition in hidp_session_thread (git-fixes).
- Bluetooth: L2CAP: Fix use-after-free in l2cap_disconnect_{req,rsp} (git-fixes).
- Drivers: vmbus: Check for channel allocation before looking up relids (git-fixes).
- IB/mlx5: Add support for 400G_8X lane speed (git-fixes)
- Input: hp_sdc_rtc - mark an unused function as __maybe_unused (git-fixes).
- Input: raspberrypi-ts - fix refcount leak in rpi_ts_probe (git-fixes).
- KEYS: Add missing function documentation (git-fixes).
- KEYS: Create static version of public_key_verify_signature (git-fixes).
- NFS: Cleanup unused rpc_clnt variable (git-fixes).
- NFSD: Avoid calling OPDESC() with ops->opnum == OP_ILLEGAL (git-fixes).
- NFSD: callback request does not use correct credential for AUTH_SYS (git-fixes).
- PCI/EDR: Clear Device Status after EDR error recovery (git-fixes).
- PCI: dwc: Fix PORT_LINK_CONTROL update when CDM check enabled (git-fixes).
- PCI: imx6: Install the fault handler only on compatible match (git-fixes).
- PCI: loongson: Add more devices that need MRRS quirk (git-fixes).
- PCI: loongson: Prevent LS7A MRRS increases (git-fixes).
- PCI: pciehp: Fix AB-BA deadlock between reset_lock and device_lock (git-fixes).
- PCI: qcom: Fix the incorrect register usage in v2.7.0 config (git-fixes).
- RDMA/cma: Allow UD qp_type to join multicast only (git-fixes)
- RDMA/core: Fix GID entry ref leak when create_ah fails (git-fixes)
- RDMA/irdma: Add ipv4 check to irdma_find_listener() (git-fixes)
- RDMA/irdma: Fix memory leak of PBLE objects (git-fixes)
- RDMA/irdma: Increase iWARP CM default rexmit count (git-fixes)
- Remove obsolete KMP obsoletes (bsc#1210469).
- Revert 'Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work' (git-fixes).
- Revert 'pinctrl: amd: Disable and mask interrupts on resume' (git-fixes).
- USB: dwc3: fix runtime pm imbalance on probe errors (git-fixes).
- USB: dwc3: fix runtime pm imbalance on unbind (git-fixes).
- USB: serial: cp210x: add Silicon Labs IFS-USB-DATACABLE IDs (git-fixes).
- USB: serial: option: add Quectel RM500U-CN modem (git-fixes).
- USB: serial: option: add Telit FE990 compositions (git-fixes).
- USB: serial: option: add UNISOC vendor and TOZED LT70C product (git-fixes).
- amdgpu: disable powerpc support for the newer display engine (bsc#1194869).
- arm64: dts: imx8mm-evk: correct pmic clock source (git-fixes).
- arm64: dts: meson-g12-common: specify full DMC range (git-fixes).
- arm64: dts: qcom: ipq8074-hk01: enable QMP device, not the PHY node (git-fixes).
- arm64: dts: qcom: ipq8074: Fix the PCI I/O port range (git-fixes).
- arm64: dts: qcom: msm8994-kitakami: drop unit address from PMI8994 regulator (git-fixes).
- arm64: dts: qcom: msm8994-msft-lumia-octagon: drop unit address from PMI8994 regulator (git-fixes).
- arm64: dts: qcom: msm8996: Fix the PCI I/O port range (git-fixes).
- arm64: dts: qcom: msm8998: Fix stm-stimulus-base reg name (git-fixes).
- arm64: dts: qcom: msm8998: Fix the PCI I/O port range (git-fixes).
- arm64: dts: qcom: sc7180-trogdor-lazor: correct trackpad supply (git-fixes).
- arm64: dts: qcom: sdm845: Fix the PCI I/O port range (git-fixes).
- arm64: dts: qcom: sm8250: Fix the PCI I/O port range (git-fixes).
- arm64: dts: renesas: r8a774c0: Remove bogus voltages from OPP table (git-fixes).
- arm64: dts: renesas: r8a77990: Remove bogus voltages from OPP table (git-fixes).
- arm64: dts: ti: k3-j721e-main: Remove ti,strobe-sel property (git-fixes).
- bluetooth: Perform careful capability checks in hci_sock_ioctl() (git-fixes).
- cgroup/cpuset: Add cpuset_can_fork() and cpuset_cancel_fork() methods
- cgroup/cpuset: Make cpuset_fork() handle CLONE_INTO_CGROUP properly
- cgroup/cpuset: Wake up cpuset_attach_wq tasks in cpuset_cancel_attach() (bsc#1210827).
- cifs: fix negotiate context parsing (bsc#1210301).
- clk: add missing of_node_put() in 'assigned-clocks' property parsing (git-fixes).
- clk: at91: clk-sam9x60-pll: fix return value check (git-fixes).
- clk: rockchip: rk3399: allow clk_cifout to force clk_cifout_src to reparent (git-fixes).
- clk: sprd: set max_register according to mapping range (git-fixes).
- clocksource/drivers/davinci: Fix memory leak in davinci_timer_register when init fails (git-fixes).
- cpufreq: CPPC: Fix build error without CONFIG_ACPI_CPPC_CPUFREQ_FIE (bsc#1210953).
- cpufreq: CPPC: Fix performance/frequency conversion (git-fixes).
- cpumask: fix incorrect cpumask scanning result checks (bsc#1210943).
- crypto: caam - Clear some memory in instantiate_rng (git-fixes).
- crypto: drbg - Only fail when jent is unavailable in FIPS mode (git-fixes).
- crypto: sa2ul - Select CRYPTO_DES (git-fixes).
- crypto: safexcel - Cleanup ring IRQ workqueues on load failure (git-fixes).
- driver core: Do not require dynamic_debug for initcall_debug probe timing (git-fixes).
- drivers: staging: rtl8723bs: Fix locking in _rtw_join_timeout_handler() (git-fixes).
- drivers: staging: rtl8723bs: Fix locking in rtw_scan_timeout_handler() (git-fixes).
- drm/amd/display/dc/dce60/Makefile: Fix previous attempt to silence known override-init warnings (git-fixes).
- drm/amd/display: Fix potential null dereference (git-fixes).
- drm/amdgpu: Re-enable DCN for 64-bit powerpc (bsc#1194869).
- drm/armada: Fix a potential double free in an error handling path (git-fixes).
- drm/bridge: adv7533: Fix adv7533_mode_valid for adv7533 and adv7535 (git-fixes).
- drm/bridge: lt8912b: Fix DSI Video Mode (git-fixes).
- drm/bridge: lt9611: Fix PLL being unable to lock (git-fixes).
- drm/fb-helper: set x/yres_virtual in drm_fb_helper_check_var (git-fixes).
- drm/i915/dsi: fix DSS CTL register offsets for TGL+ (git-fixes).
- drm/i915: Fix fast wake AUX sync len (git-fixes).
- drm/i915: Make intel_get_crtc_new_encoder() less oopsy (git-fixes).
- drm/i915: fix race condition UAF in i915_perf_add_config_ioctl (git-fixes).
- drm/lima/lima_drv: Add missing unwind goto in lima_pdev_probe() (git-fixes).
- drm/msm/adreno: drop bogus pm_runtime_set_active() (git-fixes).
- drm/msm/disp/dpu: check for crtc enable rather than crtc active to release shared resources (git-fixes).
- drm/msm: fix NULL-deref on snapshot tear down (git-fixes).
- drm/nouveau/disp: Support more modes by checking with lower bpc (git-fixes).
- drm/panel: otm8009a: Set backlight parent to panel device (git-fixes).
- drm/probe-helper: Cancel previous job before starting new one (git-fixes).
- drm/rockchip: Drop unbalanced obj unref (git-fixes).
- drm/vgem: add missing mutex_destroy (git-fixes).
- drm: msm: adreno: Disable preemption on Adreno 510 (git-fixes).
- drm: panel-orientation-quirks: Add quirk for Lenovo Yoga Book X90F (git-fixes).
- drm: rcar-du: Fix a NULL vs IS_ERR() bug (git-fixes).
- dt-bindings: arm: fsl: Fix copy-paste error in comment (git-fixes).
- dt-bindings: iio: ti,tmp117: fix documentation link (git-fixes).
- dt-bindings: mailbox: qcom,apcs-kpss-global: fix SDX55 'if' match (git-fixes).
- dt-bindings: nvmem: qcom,spmi-sdam: fix example 'reg' property (git-fixes).
- dt-bindings: remoteproc: stm32-rproc: Typo fix (git-fixes).
- dt-bindings: soc: qcom: smd-rpm: re-add missing qcom,rpm-msm8994 (git-fixes).
- e1000e: Disable TSO on i219-LM card to increase speed (git-fixes).
- efi: sysfb_efi: Add quirk for Lenovo Yoga Book X91F/L (git-fixes).
- ext4: Fix deadlock during directory rename (bsc#1210763).
- ext4: Fix possible corruption when moving a directory (bsc#1210763).
- ext4: fix RENAME_WHITEOUT handling for inline directories (bsc#1210766).
- ext4: fix another off-by-one fsmap error on 1k block filesystems (bsc#1210767).
- ext4: fix bad checksum after online resize (bsc#1210762 bsc#1208076).
- ext4: fix cgroup writeback accounting with fs-layer encryption (bsc#1210765).
- ext4: fix corruption when online resizing a 1K bigalloc fs (bsc#1206891).
- ext4: fix incorrect options show of original mount_opt and extend mount_opt2 (bsc#1210764).
- ext4: fix possible double unlock when moving a directory (bsc#1210763).
- ext4: use ext4_journal_start/stop for fast commit transactions (bsc#1210793).
- fbmem: Reject FB_ACTIVATE_KD_TEXT from userspace (git-fixes).
- firmware: qcom_scm: Clear download bit during reboot (git-fixes).
- firmware: stratix10-svc: Fix an NULL vs IS_ERR() bug in probe (git-fixes).
- fpga: bridge: fix kernel-doc parameter description (git-fixes).
- hwmon: (adt7475) Use device_property APIs when configuring polarity (git-fixes).
- hwmon: (k10temp) Check range scale when CUR_TEMP register is read-write (git-fixes).
- hwmon: (pmbus/fsp-3y) Fix functionality bitmask in FSP-3Y YM-2151E (git-fixes).
- i2c: cadence: cdns_i2c_master_xfer(): Fix runtime PM leak on error path (git-fixes).
- i2c: hisi: Avoid redundant interrupts (git-fixes).
- i2c: imx-lpi2c: clean rx/tx buffers upon new message (git-fixes).
- i2c: ocores: generate stop condition after timeout in polling mode (git-fixes).
- i915/perf: Replace DRM_DEBUG with driver specific drm_dbg call (git-fixes).
- ice: avoid bonding causing auxiliary plug/unplug under RTNL lock (bsc#1210158).
- iio: adc: at91-sama5d2_adc: fix an error code in at91_adc_allocate_trigger() (git-fixes).
- iio: light: tsl2772: fix reading proximity-diodes from device tree (git-fixes).
- ipmi: fix SSIF not responding under certain cond (git-fixes).
- ipmi:ssif: Add send_retries increment (git-fixes).
- k-m-s: Drop Linux 2.6 support
- kABI: PCI: loongson: Prevent LS7A MRRS increases (kabi).
- kABI: x86/msi: Fix msi message data shadow struct (kabi).
- kabi/severities: ignore KABI for NVMe target (bsc#1174777).
- keys: Fix linking a duplicate key to a keyring's assoc_array (bsc#1207088).
- locking/rwbase: Mitigate indefinite writer starvation.
- media: av7110: prevent underflow in write_ts_to_decoder() (git-fixes).
- media: dm1105: Fix use after free bug in dm1105_remove due to race condition (git-fixes).
- media: max9286: Free control handler (git-fixes).
- media: rc: gpio-ir-recv: Fix support for wake-up (git-fixes).
- media: rkvdec: fix use after free bug in rkvdec_remove (git-fixes).
- media: saa7134: fix use after free bug in saa7134_finidev due to race condition (git-fixes).
- media: venus: dec: Fix handling of the start cmd (git-fixes).
- memstick: fix memory leak if card device is never registered (git-fixes).
- mm/filemap: fix page end in filemap_get_read_batch (bsc#1210768).
- mm: page_alloc: skip regions with hugetlbfs pages when allocating 1G pages (bsc#1210034).
- mm: take a page reference when removing device exclusive entries (bsc#1211025).
- mmc: sdhci-of-esdhc: fix quirk to ignore command inhibit for data (git-fixes).
- mmc: sdhci_am654: Set HIGH_SPEED_ENA for SDR12 and SDR25 (git-fixes).
- mtd: core: fix error path for nvmem provider (git-fixes).
- mtd: core: fix nvmem error reporting (git-fixes).
- mtd: core: provide unique name for nvmem device, take two (git-fixes).
- mtd: spi-nor: Fix a trivial typo (git-fixes).
- net: phy: nxp-c45-tja11xx: add remove callback (git-fixes).
- net: phy: nxp-c45-tja11xx: fix unsigned long multiplication overflow (git-fixes).
- nfsd: call op_release, even when op_func returns an error (git-fixes).
- nilfs2: fix potential UAF of struct nilfs_sc_info in nilfs_segctor_thread() (git-fixes).
- nilfs2: initialize unused bytes in segment summary blocks (git-fixes).
- nvme initialize core quirks before calling nvme_init_subsystem (git-fixes).
- nvme-auth: uninitialized variable in nvme_auth_transform_key() (git-fixes).
- nvme-fcloop: fix 'inconsistent {IN-HARDIRQ-W} -> {HARDIRQ-ON-W} usage' (git-fixes).
- nvme-hwmon: consistently ignore errors from nvme_hwmon_init (git-fixes).
- nvme-hwmon: kmalloc the NVME SMART log buffer (git-fixes).
- nvme-multipath: fix possible hang in live ns resize with ANA access (git-fixes).
- nvme-pci: fix doorbell buffer value endianness (git-fixes).
- nvme-pci: fix mempool alloc size (git-fixes).
- nvme-pci: fix page size checks (git-fixes).
- nvme-pci: fix timeout request state check (git-fixes).
- nvme-rdma: fix possible hang caused during ctrl deletion (git-fixes).
- nvme-tcp: fix possible circular locking when deleting a controller under memory pressure (git-fixes).
- nvme-tcp: fix possible hang caused during ctrl deletion (git-fixes).
- nvme-tcp: fix regression that causes sporadic requests to time out (git-fixes).
- nvme: Fix IOC_PR_CLEAR and IOC_PR_RELEASE ioctls for nvme devices (git-fixes).
- nvme: add device name to warning in uuid_show() (git-fixes).
- nvme: catch -ENODEV from nvme_revalidate_zones again (git-fixes).
- nvme: copy firmware_rev on each init (git-fixes).
- nvme: define compat_ioctl again to unbreak 32-bit userspace (git-fixes).
- nvme: fix async event trace event (git-fixes).
- nvme: fix handling single range discard request (git-fixes).
- nvme: fix per-namespace chardev deletion (git-fixes).
- nvme: fix the NVME_CMD_EFFECTS_CSE_MASK definition (git-fixes).
- nvme: fix the read-only state for zoned namespaces with unsupposed features (git-fixes).
- nvme: improve the NVME_CONNECT_AUTHREQ* definitions (git-fixes).
- nvme: move nvme_multi_css into nvme.h (git-fixes).
- nvme: return err on nvme_init_non_mdts_limits fail (git-fixes).
- nvme: send Identify with CNS 06h only to I/O controllers (bsc#1209693).
- nvme: set dma alignment to dword (git-fixes).
- nvme: use command_id instead of req->tag in trace_nvme_complete_rq() (git-fixes).
- nvmet-auth: do not try to cancel a non-initialized work_struct (git-fixes).
- nvmet-tcp: fix incomplete data digest send (git-fixes).
- nvmet-tcp: fix regression in data_digest calculation (git-fixes).
- nvmet: add helpers to set the result field for connect commands (git-fixes).
- nvmet: avoid potential UAF in nvmet_req_complete() (git-fixes).
- nvmet: do not defer passthrough commands with trivial effects to the workqueue (git-fixes).
- nvmet: fix I/O Command Set specific Identify Controller (git-fixes).
- nvmet: fix Identify Active Namespace ID list handling (git-fixes).
- nvmet: fix Identify Controller handling (git-fixes).
- nvmet: fix Identify Namespace handling (git-fixes).
- nvmet: fix a memory leak (git-fixes).
- nvmet: fix a memory leak in nvmet_auth_set_key (git-fixes).
- nvmet: fix a use-after-free (git-fixes).
- nvmet: fix invalid memory reference in nvmet_subsys_attr_qid_max_show (git-fixes).
- nvmet: force reconnect when number of queue changes (git-fixes).
- nvmet: looks at the passthrough controller when initializing CAP (git-fixes).
- nvmet: only allocate a single slab for bvecs (git-fixes).
- nvmet: use IOCB_NOWAIT only if the filesystem supports it (git-fixes).
- perf/core: Fix perf_output_begin parameter is incorrectly invoked in perf_event_bpf_output (git fixes).
- perf/core: Fix the same task check in perf_event_set_output (git fixes).
- perf: Fix check before add_event_to_groups() in perf_group_detach() (git fixes).
- perf: fix perf_event_context->time (git fixes).
- platform/x86 (gigabyte-wmi): Add support for A320M-S2H V2 (git-fixes).
- platform/x86: gigabyte-wmi: add support for X570S AORUS ELITE (git-fixes).
- power: supply: cros_usbpd: reclassify 'default case!' as debug (git-fixes).
- power: supply: generic-adc-battery: fix unit scaling (git-fixes).
- powerpc/64: Always build with 128-bit long double (bsc#1194869).
- powerpc/64e: Fix amdgpu build on Book3E w/o AltiVec (bsc#1194869).
- powerpc/hv-gpci: Fix hv_gpci event list (git fixes).
- powerpc/papr_scm: Update the NUMA distance table for the target node (bsc#1209999 ltc#202140 bsc#1142685 ltc#179509 git-fixes).
- powerpc/perf/hv-24x7: add missing RTAS retry status handling (git fixes).
- powerpc/pseries: Consolidate different NUMA distance update code paths (bsc#1209999 ltc#202140 bsc#1142685 ltc#179509 git-fixes).
- powerpc: declare unmodified attribute_group usages const (git-fixes).
- regulator: core: Avoid lockdep reports when resolving supplies (git-fixes).
- regulator: core: Consistently set mutex_owner when using ww_mutex_lock_slow() (git-fixes).
- regulator: core: Shorten off-on-delay-us for always-on/boot-on by time since booted (git-fixes).
- regulator: fan53555: Explicitly include bits header (git-fixes).
- regulator: fan53555: Fix wrong TCS_SLEW_MASK (git-fixes).
- regulator: stm32-pwr: fix of_iomap leak (git-fixes).
- remoteproc: Harden rproc_handle_vdev() against integer overflow (git-fixes).
- remoteproc: imx_rproc: Call of_node_put() on iteration error (git-fixes).
- remoteproc: st: Call of_node_put() on iteration error (git-fixes).
- remoteproc: stm32: Call of_node_put() on iteration error (git-fixes).
- rtc: meson-vrtc: Use ktime_get_real_ts64() to get the current time (git-fixes).
- rtc: omap: include header for omap_rtc_power_off_program prototype (git-fixes).
- sched/fair: Fix imbalance overflow (bsc#1155798).
- sched/fair: Limit sched slice duration (bsc#1189999).
- sched/fair: Move calculate of avg_load to a better location (bsc#1155798).
- sched/fair: Sanitize vruntime of entity being migrated (bsc#1203325).
- sched/fair: sanitize vruntime of entity being placed (bsc#1203325).
- sched/numa: Stop an exhastive search if an idle core is found (bsc#1189999).
- sched_getaffinity: do not assume 'cpumask_size()' is fully initialized (bsc#1155798).
- scsi: aic94xx: Add missing check for dma_map_single() (git-fixes).
- scsi: core: Add BLIST_NO_VPD_SIZE for some VDASD (git-fixes bsc#1203039).
- scsi: core: Add BLIST_SKIP_VPD_PAGES for SKhynix H28U74301AMR (git-fixes).
- scsi: core: Fix a procfs host directory removal regression (git-fixes).
- scsi: core: Fix a source code comment (git-fixes).
- scsi: core: Remove the /proc/scsi/${proc_name} directory earlier (git-fixes).
- scsi: hisi_sas: Check devm_add_action() return value (git-fixes).
- scsi: hisi_sas: Set a port invalid only if there are no devices attached when refreshing port id (git-fixes).
- scsi: ipr: Work around fortify-string warning (git-fixes).
- scsi: iscsi_tcp: Check that sock is valid before iscsi_set_param() (git-fixes).
- scsi: iscsi_tcp: Fix UAF during login when accessing the shost ipaddress (git-fixes).
- scsi: iscsi_tcp: Fix UAF during logout when accessing the shost ipaddress (git-fixes).
- scsi: kABI workaround for fc_host_fpin_rcv (git-fixes).
- scsi: libsas: Remove useless dev_list delete in sas_ex_discover_end_dev() (git-fixes).
- scsi: lpfc: Avoid usage of list iterator variable after loop (git-fixes).
- scsi: lpfc: Check kzalloc() in lpfc_sli4_cgn_params_read() (git-fixes).
- scsi: lpfc: Copyright updates for 14.2.0.11 patches (bsc#1210943).
- scsi: lpfc: Correct used_rpi count when devloss tmo fires with no recovery (bsc#1210943).
- scsi: lpfc: Defer issuing new PLOGI if received RSCN before completing REG_LOGIN (bsc#1210943).
- scsi: lpfc: Drop redundant pci_enable_pcie_error_reporting() (bsc#1210943).
- scsi: lpfc: Fix double word in comments (bsc#1210943).
- scsi: lpfc: Fix ioremap issues in lpfc_sli4_pci_mem_setup() (bsc#1210943).
- scsi: lpfc: Fix lockdep warning for rx_monitor lock when unloading driver (bsc#1210943).
- scsi: lpfc: Prevent lpfc_debugfs_lockstat_write() buffer overflow (bsc#1210943).
- scsi: lpfc: Record LOGO state with discovery engine even if aborted (bsc#1210943).
- scsi: lpfc: Reorder freeing of various DMA buffers and their list removal (bsc#1210943).
- scsi: lpfc: Revise lpfc_error_lost_link() reason code evaluation logic (bsc#1210943).
- scsi: lpfc: Silence an incorrect device output (bsc#1210943).
- scsi: lpfc: Skip waiting for register ready bits when in unrecoverable state (bsc#1210943).
- scsi: lpfc: Update lpfc version to 14.2.0.11 (bsc#1210943).
- scsi: megaraid_sas: Fix crash after a double completion (git-fixes).
- scsi: megaraid_sas: Update max supported LD IDs to 240 (git-fixes).
- scsi: mpt3sas: Do not print sense pool info twice (git-fixes).
- scsi: mpt3sas: Fix NULL pointer access in mpt3sas_transport_port_add() (git-fixes).
- scsi: mpt3sas: Fix a memory leak (git-fixes).
- scsi: qla2xxx: Fix memory leak in qla2x00_probe_one() (git-fixes).
- scsi: qla2xxx: Perform lockless command completion in abort path (git-fixes).
- scsi: scsi_dh_alua: Fix memleak for 'qdata' in alua_activate() (git-fixes).
- scsi: scsi_transport_fc: Add an additional flag to fc_host_fpin_rcv() (bsc#1210943).
- scsi: sd: Fix wrong zone_write_granularity value during revalidate (git-fixes).
- scsi: ses: Do not attach if enclosure has no components (git-fixes).
- scsi: ses: Fix possible addl_desc_ptr out-of-bounds accesses (git-fixes).
- scsi: ses: Fix possible desc_ptr out-of-bounds accesses (git-fixes).
- scsi: ses: Fix slab-out-of-bounds in ses_enclosure_data_process() (git-fixes).
- scsi: ses: Fix slab-out-of-bounds in ses_intf_remove() (git-fixes).
- scsi: snic: Fix memory leak with using debugfs_lookup() (git-fixes).
- seccomp: Move copy_seccomp() to no failure path (bsc#1210817).
- selftests/kselftest/runner/run_one(): allow running non-executable files (git-fixes).
- selftests: sigaltstack: fix -Wuninitialized (git-fixes).
- selinux: ensure av_permissions.h is built when needed (git-fixes).
- selinux: fix Makefile dependencies of flask.h (git-fixes).
- serial: 8250: Add missing wakeup event reporting (git-fixes).
- serial: 8250_bcm7271: Fix arbitration handling (git-fixes).
- serial: 8250_exar: derive nr_ports from PCI ID for Acces I/O cards (git-fixes).
- serial: exar: Add support for Sealevel 7xxxC serial cards (git-fixes).
- signal handling: do not use BUG_ON() for debugging (bsc#1210439).
- signal: Add SA_IMMUTABLE to ensure forced siganls do not get changed (bsc#1210816).
- signal: Do not always set SA_IMMUTABLE for forced signals (bsc#1210816).
- signal: HANDLER_EXIT should clear SIGNAL_UNKILLABLE (bsc#1210816).
- soc: ti: pm33xx: Fix refcount leak in am33xx_pm_probe (git-fixes).
- spi: cadence-quadspi: fix suspend-resume implementations (git-fixes).
- spi: fsl-spi: Fix CPM/QE mode Litte Endian (git-fixes).
- spi: qup: Do not skip cleanup in remove's error path (git-fixes).
- staging: iio: resolver: ads1210: fix config mode (git-fixes).
- staging: rtl8192e: Fix W_DISABLE# does not work after stop/start (git-fixes).
- stat: fix inconsistency between struct stat and struct compat_stat (git-fixes).
- sunrpc: only free unix grouplist after RCU settles (git-fixes).
- tty: Prevent writing chars during tcsetattr TCSADRAIN/FLUSH (git-fixes).
- tty: serial: fsl_lpuart: adjust buffer length to the intended size (git-fixes).
- udf: Check consistency of Space Bitmap Descriptor (bsc#1210771).
- udf: Fix a slab-out-of-bounds write bug in udf_find_entry() (bsc#1206649).
- udf: Support splicing to file (bsc#1210770).
- usb: chipidea: fix missing goto in `ci_hdrc_probe` (git-fixes).
- usb: chipidea: imx: avoid unnecessary probe defer (git-fixes).
- usb: dwc3: gadget: Change condition for processing suspend event (git-fixes).
- usb: dwc3: pci: add support for the Intel Meteor Lake-S (git-fixes).
- usb: gadget: tegra-xudc: Fix crash in vbus_draw (git-fixes).
- usb: gadget: udc: renesas_usb3: Fix use after free bug in renesas_usb3_remove due to race condition (git-fixes).
- usb: host: xhci-rcar: remove leftover quirk handling (git-fixes).
- virt/coco/sev-guest: Add throttling awareness (bsc#1209927).
- virt/coco/sev-guest: Carve out the request issuing logic into a helper (bsc#1209927).
- virt/coco/sev-guest: Check SEV_SNP attribute at probe time (bsc#1209927).
- virt/coco/sev-guest: Convert the sw_exit_info_2 checking to a switch-case (bsc#1209927).
- virt/coco/sev-guest: Do some code style cleanups (bsc#1209927).
- virt/coco/sev-guest: Remove the disable_vmpck label in handle_guest_request() (bsc#1209927).
- virt/coco/sev-guest: Simplify extended guest request handling (bsc#1209927).
- virt/sev-guest: Return -EIO if certificate buffer is not large enough (bsc#1209927).
- virtio_ring: do not update event idx on get_buf (git-fixes).
- vmci_host: fix a race condition in vmci_host_poll() causing GPF (git-fixes).
- vmxnet3: use gro callback when UPT is enabled (bsc#1209739).
- wifi: ath5k: fix an off by one check in ath5k_eeprom_read_freq_list() (git-fixes).
- wifi: ath6kl: minor fix for allocation size (git-fixes).
- wifi: ath6kl: reduce WARN to dev_dbg() in callback (git-fixes).
- wifi: ath9k: hif_usb: fix memory leak of remain_skbs (git-fixes).
- wifi: brcmfmac: slab-out-of-bounds read in brcmf_get_assoc_ies() (git-fixes).
- wifi: brcmfmac: support CQM RSSI notification with older firmware (git-fixes).
- wifi: iwlwifi: debug: fix crash in __iwl_err() (git-fixes).
- wifi: iwlwifi: fix duplicate entry in iwl_dev_info_table (git-fixes).
- wifi: iwlwifi: fw: fix memory leak in debugfs (git-fixes).
- wifi: iwlwifi: fw: move memset before early return (git-fixes).
- wifi: iwlwifi: make the loop for card preparation effective (git-fixes).
- wifi: iwlwifi: mvm: check firmware response size (git-fixes).
- wifi: iwlwifi: mvm: do not set CHECKSUM_COMPLETE for unsupported protocols (git-fixes).
- wifi: iwlwifi: mvm: fix mvmtxq->stopped handling (git-fixes).
- wifi: iwlwifi: mvm: initialize seq variable (git-fixes).
- wifi: iwlwifi: trans: do not trigger d3 interrupt twice (git-fixes).
- wifi: iwlwifi: yoyo: Fix possible division by zero (git-fixes).
- wifi: iwlwifi: yoyo: skip dump correctly on hw error (git-fixes).
- wifi: mac80211: adjust scan cancel comment/check (git-fixes).
- wifi: mt76: add missing locking to protect against concurrent rx/status calls (git-fixes).
- wifi: mt76: fix 6GHz high channel not be scanned (git-fixes).
- wifi: mt76: handle failure of vzalloc in mt7615_coredump_work (git-fixes).
- wifi: mwifiex: mark OF related data as maybe unused (git-fixes).
- wifi: rt2x00: Fix memory leak when handling surveys (git-fixes).
- wifi: rtlwifi: fix incorrect error codes in rtl_debugfs_set_write_reg() (git-fixes).
- wifi: rtlwifi: fix incorrect error codes in rtl_debugfs_set_write_rfreg() (git-fixes).
- wifi: rtw88: mac: Return the original error from rtw_mac_power_switch() (git-fixes).
- wifi: rtw88: mac: Return the original error from rtw_pwr_seq_parser() (git-fixes).
- wifi: rtw89: fix potential race condition between napi_init and napi_enable (git-fixes).
- writeback, cgroup: fix null-ptr-deref write in bdi_split_work_to_wbs (bsc#1210769).
- x86/MCE/AMD: Fix memory leak when threshold_create_bank() fails (git-fixes).
- x86/PCI: Add quirk for AMD XHCI controller that loses MSI-X state in D3hot (git-fixes).
- x86/bug: Prevent shadowing in __WARN_FLAGS (git-fixes).
- x86/bugs: Enable STIBP for IBPB mitigated RETBleed (git-fixes).
- x86/entry: Avoid very early RET (git-fixes).
- x86/entry: Do not call error_entry() for XENPV (git-fixes).
- x86/entry: Move CLD to the start of the idtentry macro (git-fixes).
- x86/entry: Move PUSH_AND_CLEAR_REGS out of error_entry() (git-fixes).
- x86/entry: Switch the stack after error_entry() returns (git-fixes).
- x86/fpu: Prevent FPU state corruption (git-fixes).
- x86/kvm: Preserve BSP MSR_KVM_POLL_CONTROL across suspend/resume (git-fixes).
- x86/msi: Fix msi message data shadow struct (git-fixes).
- x86/pci/xen: Disable PCI/MSI masking for XEN_HVM guests (git-fixes).
- x86/traps: Use pt_regs directly in fixup_bad_iret() (git-fixes).
- x86/tsx: Disable TSX development mode at boot (git-fixes).
- x86: __memcpy_flushcache: fix wrong alignment if size > 2^32 (git-fixes).
- xhci: fix debugfs register accesses while suspended (git-fixes).
kernel-default-base changed:
- Do not ship on s390x (bsc#1210729)
- Add exfat (bsc#1208822)
- Add _diag modules for included socket types (bsc#1204042)
ImportantSUSE bug 1142685SUSE bug 1155798SUSE bug 1174777SUSE bug 1189999SUSE bug 1194869SUSE bug 1203039SUSE bug 1203325SUSE bug 1204042SUSE bug 1206649SUSE bug 1206891SUSE bug 1206992SUSE bug 1207088SUSE bug 1208076SUSE bug 1208822SUSE bug 1208845SUSE bug 1209615SUSE bug 1209693SUSE bug 1209739SUSE bug 1209871SUSE bug 1209927SUSE bug 1209999SUSE bug 1210034SUSE bug 1210158SUSE bug 1210202SUSE bug 1210206SUSE bug 1210301SUSE bug 1210329SUSE bug 1210336SUSE bug 1210337SUSE bug 1210439SUSE bug 1210453SUSE bug 1210454SUSE bug 1210469SUSE bug 1210499SUSE bug 1210506SUSE bug 1210629SUSE bug 1210630SUSE bug 1210725SUSE bug 1210729SUSE bug 1210762SUSE bug 1210763SUSE bug 1210764SUSE bug 1210765SUSE bug 1210766SUSE bug 1210767SUSE bug 1210768SUSE bug 1210769SUSE bug 1210770SUSE bug 1210771SUSE bug 1210793SUSE bug 1210816SUSE bug 1210817SUSE bug 1210827SUSE bug 1210943SUSE bug 1210953SUSE bug 1210986SUSE bug 1211025CVE-2022-2196 at SUSECVE-2022-2196 at NVDCVE-2023-0386 at SUSECVE-2023-0386 at NVDCVE-2023-1670 at SUSECVE-2023-1670 at NVDCVE-2023-1855 at SUSECVE-2023-1855 at NVDCVE-2023-1989 at SUSECVE-2023-1989 at NVDCVE-2023-1990 at SUSECVE-2023-1990 at NVDCVE-2023-1998 at SUSECVE-2023-1998 at NVDCVE-2023-2008 at SUSECVE-2023-2008 at NVDCVE-2023-2019 at SUSECVE-2023-2019 at NVDCVE-2023-2176 at SUSECVE-2023-2176 at NVDCVE-2023-2235 at SUSECVE-2023-2235 at NVDCVE-2023-23006 at SUSECVE-2023-23006 at NVDCVE-2023-30772 at SUSECVE-2023-30772 at NVDcpe:/o:suse:sle-micro:5.4Security update for conmon (Important)SUSE Linux Enterprise Micro 5.4
This update of conmon fixes the following issues:
- rebuild the package with the go 19.9 secure release (bsc#1200441).
ImportantSUSE bug 1200441cpe:/o:suse:sle-micro:5.4Security update for curl (Important)SUSE Linux Enterprise Micro 5.4
This update for curl adds the following feature:
Update to version 8.0.1 (jsc#PED-2580)
- CVE-2023-28319: use-after-free in SSH sha256 fingerprint check (bsc#1211230).
- CVE-2023-28320: siglongjmp race condition (bsc#1211231).
- CVE-2023-28321: IDN wildcard matching (bsc#1211232).
- CVE-2023-28322: POST-after-PUT confusion (bsc#1211233).
ImportantSUSE bug 1211230SUSE bug 1211231SUSE bug 1211232SUSE bug 1211233CVE-2023-28319 at SUSECVE-2023-28319 at NVDCVE-2023-28320 at SUSECVE-2023-28320 at NVDCVE-2023-28321 at SUSECVE-2023-28321 at NVDCVE-2023-28322 at SUSECVE-2023-28322 at NVDcpe:/o:suse:sle-micro:5.4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.4
The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2023-2235: A use-after-free vulnerability in the Performance Events system can be exploited to achieve local privilege escalation (bsc#1210986).
- CVE-2022-2196: Fixed a regression related to KVM that allowed for speculative execution attacks (bsc#1206992).
- CVE-2023-23006: Fixed NULL checking against IS_ERR in dr_domain_init_resources (bsc#1208845).
- CVE-2023-1670: Fixed a use after free in the Xircom 16-bit PCMCIA Ethernet driver. A local user could use this flaw to crash the system or potentially escalate their privileges on the system (bsc#1209871).
- CVE-2023-2176: A vulnerability was found in compare_netdev_and_ip in drivers/infiniband/core/cma.c in RDMA. The improper cleanup results in out-of-boundary read, where a local user can utilize this problem to crash the system or escalation of privilege (bsc#1210629).
- CVE-2023-0386: A flaw was found where unauthorized access to the execution of the setuid file with capabilities was found in the OverlayFS subsystem, when a user copies a capable file from a nosuid mount into another mount. This uid mapping bug allowed a local user to escalate their privileges on the system (bsc#1209615).
- CVE-2023-1998: Fixed a use after free during login when accessing the shost ipaddress (bsc#1210506).
- CVE-2023-1855: Fixed a use after free in xgene_hwmon_remove (bsc#1210202).
- CVE-2023-30772: Fixed a race condition and resultant use-after-free in da9150_charger_remove (bsc#1210329).
- CVE-2023-2019: A flaw was found in the netdevsim device driver, more specifically within the scheduling of events. This issue results from the improper management of a reference count and may lead to a denial of service (bsc#1210454).
- CVE-2023-2008: A flaw was found in the fault handler of the udmabuf device driver. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code (bsc#1210453).
- CVE-2023-1989: Fixed a use after free in btsdio_remove (bsc#1210336).
- CVE-2023-1990: Fixed a use after free in ndlc_remove (bsc#1210337).
The following non-security bugs were fixed:
- ACPI: CPPC: Disable FIE if registers in PCC regions (bsc#1210953).
- ACPI: VIOT: Initialize the correct IOMMU fwspec (git-fixes).
- ACPI: resource: Add Medion S17413 to IRQ override quirk (git-fixes).
- ALSA: emu10k1: do not create old pass-through playback device on Audigy (git-fixes).
- ALSA: emu10k1: fix capture interrupt handler unlinking (git-fixes).
- ALSA: firewire-tascam: add missing unwind goto in snd_tscm_stream_start_duplex() (git-fixes).
- ALSA: hda/cirrus: Add extra 10 ms delay to allow PLL settle and lock (git-fixes).
- ALSA: hda/realtek: Add quirks for Lenovo Z13/Z16 Gen2 (git-fixes).
- ALSA: hda/realtek: Enable mute/micmute LEDs and speaker support for HP Laptops (git-fixes).
- ALSA: hda/realtek: Remove specific patch for Dell Precision 3260 (git-fixes).
- ALSA: hda/realtek: fix mute/micmute LEDs for a HP ProBook (git-fixes).
- ALSA: hda/realtek: fix speaker, mute/micmute LEDs not work on a HP platform (git-fixes).
- ALSA: hda/sigmatel: add pin overrides for Intel DP45SG motherboard (git-fixes).
- ALSA: hda/sigmatel: fix S/PDIF out on Intel D*45* motherboards (git-fixes).
- ALSA: hda: cs35l41: Enable Amp High Pass Filter (git-fixes).
- ALSA: hda: patch_realtek: add quirk for Asus N7601ZM (git-fixes).
- ALSA: i2c/cs8427: fix iec958 mixer control deactivation (git-fixes).
- ARM: 9290/1: uaccess: Fix KASAN false-positives (git-fixes).
- ARM: dts: exynos: fix WM8960 clock name in Itop Elite (git-fixes).
- ARM: dts: gta04: fix excess dma channel usage (git-fixes).
- ARM: dts: qcom: ipq4019: Fix the PCI I/O port range (git-fixes).
- ARM: dts: rockchip: fix a typo error for rk3288 spdif node (git-fixes).
- ARM: dts: s5pv210: correct MIPI CSIS clock name (git-fixes).
- ASN.1: Fix check for strdup() success (git-fixes).
- ASoC: cs35l41: Only disable internal boost (git-fixes).
- ASoC: es8316: Handle optional IRQ assignment (git-fixes).
- ASoC: fsl_asrc_dma: fix potential null-ptr-deref (git-fixes).
- ASoC: fsl_mqs: move of_node_put() to the correct location (git-fixes).
- Add 42a11bf5c543 cgroup/cpuset: Make cpuset_fork() handle CLONE_INTO_CGROUP properly
- Add eee878537941 cgroup/cpuset: Add cpuset_can_fork() and cpuset_cancel_fork() methods
- Bluetooth: Fix race condition in hidp_session_thread (git-fixes).
- Bluetooth: L2CAP: Fix use-after-free in l2cap_disconnect_{req,rsp} (git-fixes).
- Drivers: vmbus: Check for channel allocation before looking up relids (git-fixes).
- IB/mlx5: Add support for 400G_8X lane speed (git-fixes)
- Input: hp_sdc_rtc - mark an unused function as __maybe_unused (git-fixes).
- Input: raspberrypi-ts - fix refcount leak in rpi_ts_probe (git-fixes).
- KEYS: Add missing function documentation (git-fixes).
- KEYS: Create static version of public_key_verify_signature (git-fixes).
- NFS: Cleanup unused rpc_clnt variable (git-fixes).
- NFSD: Avoid calling OPDESC() with ops->opnum == OP_ILLEGAL (git-fixes).
- NFSD: callback request does not use correct credential for AUTH_SYS (git-fixes).
- PCI/EDR: Clear Device Status after EDR error recovery (git-fixes).
- PCI: dwc: Fix PORT_LINK_CONTROL update when CDM check enabled (git-fixes).
- PCI: imx6: Install the fault handler only on compatible match (git-fixes).
- PCI: loongson: Add more devices that need MRRS quirk (git-fixes).
- PCI: loongson: Prevent LS7A MRRS increases (git-fixes).
- PCI: pciehp: Fix AB-BA deadlock between reset_lock and device_lock (git-fixes).
- PCI: qcom: Fix the incorrect register usage in v2.7.0 config (git-fixes).
- RDMA/cma: Allow UD qp_type to join multicast only (git-fixes)
- RDMA/core: Fix GID entry ref leak when create_ah fails (git-fixes)
- RDMA/irdma: Add ipv4 check to irdma_find_listener() (git-fixes)
- RDMA/irdma: Fix memory leak of PBLE objects (git-fixes)
- RDMA/irdma: Increase iWARP CM default rexmit count (git-fixes)
- Remove obsolete KMP obsoletes (bsc#1210469).
- Revert 'Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work' (git-fixes).
- Revert 'pinctrl: amd: Disable and mask interrupts on resume' (git-fixes).
- USB: dwc3: fix runtime pm imbalance on probe errors (git-fixes).
- USB: dwc3: fix runtime pm imbalance on unbind (git-fixes).
- USB: serial: cp210x: add Silicon Labs IFS-USB-DATACABLE IDs (git-fixes).
- USB: serial: option: add Quectel RM500U-CN modem (git-fixes).
- USB: serial: option: add Telit FE990 compositions (git-fixes).
- USB: serial: option: add UNISOC vendor and TOZED LT70C product (git-fixes).
- amdgpu: disable powerpc support for the newer display engine (bsc#1194869).
- arm64: dts: imx8mm-evk: correct pmic clock source (git-fixes).
- arm64: dts: meson-g12-common: specify full DMC range (git-fixes).
- arm64: dts: qcom: ipq8074-hk01: enable QMP device, not the PHY node (git-fixes).
- arm64: dts: qcom: ipq8074: Fix the PCI I/O port range (git-fixes).
- arm64: dts: qcom: msm8994-kitakami: drop unit address from PMI8994 regulator (git-fixes).
- arm64: dts: qcom: msm8994-msft-lumia-octagon: drop unit address from PMI8994 regulator (git-fixes).
- arm64: dts: qcom: msm8996: Fix the PCI I/O port range (git-fixes).
- arm64: dts: qcom: msm8998: Fix stm-stimulus-base reg name (git-fixes).
- arm64: dts: qcom: msm8998: Fix the PCI I/O port range (git-fixes).
- arm64: dts: qcom: sc7180-trogdor-lazor: correct trackpad supply (git-fixes).
- arm64: dts: qcom: sdm845: Fix the PCI I/O port range (git-fixes).
- arm64: dts: qcom: sm8250: Fix the PCI I/O port range (git-fixes).
- arm64: dts: renesas: r8a774c0: Remove bogus voltages from OPP table (git-fixes).
- arm64: dts: renesas: r8a77990: Remove bogus voltages from OPP table (git-fixes).
- arm64: dts: ti: k3-j721e-main: Remove ti,strobe-sel property (git-fixes).
- arm64: enable jump-label jump-label was disabled on arm64 by a backport error.
- bluetooth: Perform careful capability checks in hci_sock_ioctl() (git-fixes).
- cgroup/cpuset: Wake up cpuset_attach_wq tasks in cpuset_cancel_attach() (bsc#1210827).
- cifs: fix negotiate context parsing (bsc#1210301).
- clk: add missing of_node_put() in 'assigned-clocks' property parsing (git-fixes).
- clk: at91: clk-sam9x60-pll: fix return value check (git-fixes).
- clk: rockchip: rk3399: allow clk_cifout to force clk_cifout_src to reparent (git-fixes).
- clk: sprd: set max_register according to mapping range (git-fixes).
- clocksource/drivers/davinci: Fix memory leak in davinci_timer_register when init fails (git-fixes).
- config: arm64: enable ERRATUM_843419 Config option was incorrectly replaced by the rt-refresh-configs script
- cpufreq: CPPC: Fix build error without CONFIG_ACPI_CPPC_CPUFREQ_FIE (bsc#1210953).
- cpufreq: CPPC: Fix performance/frequency conversion (git-fixes).
- cpumask: fix incorrect cpumask scanning result checks (bsc#1210943).
- crypto: caam - Clear some memory in instantiate_rng (git-fixes).
- crypto: drbg - Only fail when jent is unavailable in FIPS mode (git-fixes).
- crypto: sa2ul - Select CRYPTO_DES (git-fixes).
- crypto: safexcel - Cleanup ring IRQ workqueues on load failure (git-fixes).
- driver core: Do not require dynamic_debug for initcall_debug probe timing (git-fixes).
- drivers: staging: rtl8723bs: Fix locking in _rtw_join_timeout_handler() (git-fixes).
- drivers: staging: rtl8723bs: Fix locking in rtw_scan_timeout_handler() (git-fixes).
- drm/amd/display/dc/dce60/Makefile: Fix previous attempt to silence known override-init warnings (git-fixes).
- drm/amd/display: Fix potential null dereference (git-fixes).
- drm/amdgpu: Re-enable DCN for 64-bit powerpc (bsc#1194869).
- drm/armada: Fix a potential double free in an error handling path (git-fixes).
- drm/bridge: adv7533: Fix adv7533_mode_valid for adv7533 and adv7535 (git-fixes).
- drm/bridge: lt8912b: Fix DSI Video Mode (git-fixes).
- drm/bridge: lt9611: Fix PLL being unable to lock (git-fixes).
- drm/fb-helper: set x/yres_virtual in drm_fb_helper_check_var (git-fixes).
- drm/i915/dsi: fix DSS CTL register offsets for TGL+ (git-fixes).
- drm/i915: Fix fast wake AUX sync len (git-fixes).
- drm/i915: Make intel_get_crtc_new_encoder() less oopsy (git-fixes).
- drm/i915: fix race condition UAF in i915_perf_add_config_ioctl (git-fixes).
- drm/lima/lima_drv: Add missing unwind goto in lima_pdev_probe() (git-fixes).
- drm/msm/adreno: drop bogus pm_runtime_set_active() (git-fixes).
- drm/msm/disp/dpu: check for crtc enable rather than crtc active to release shared resources (git-fixes).
- drm/msm: fix NULL-deref on snapshot tear down (git-fixes).
- drm/nouveau/disp: Support more modes by checking with lower bpc (git-fixes).
- drm/panel: otm8009a: Set backlight parent to panel device (git-fixes).
- drm/probe-helper: Cancel previous job before starting new one (git-fixes).
- drm/rockchip: Drop unbalanced obj unref (git-fixes).
- drm/vgem: add missing mutex_destroy (git-fixes).
- drm: msm: adreno: Disable preemption on Adreno 510 (git-fixes).
- drm: panel-orientation-quirks: Add quirk for Lenovo Yoga Book X90F (git-fixes).
- drm: rcar-du: Fix a NULL vs IS_ERR() bug (git-fixes).
- dt-bindings: arm: fsl: Fix copy-paste error in comment (git-fixes).
- dt-bindings: iio: ti,tmp117: fix documentation link (git-fixes).
- dt-bindings: mailbox: qcom,apcs-kpss-global: fix SDX55 'if' match (git-fixes).
- dt-bindings: nvmem: qcom,spmi-sdam: fix example 'reg' property (git-fixes).
- dt-bindings: remoteproc: stm32-rproc: Typo fix (git-fixes).
- dt-bindings: soc: qcom: smd-rpm: re-add missing qcom,rpm-msm8994 (git-fixes).
- e1000e: Disable TSO on i219-LM card to increase speed (git-fixes).
- efi: sysfb_efi: Add quirk for Lenovo Yoga Book X91F/L (git-fixes).
- ext4: Fix deadlock during directory rename (bsc#1210763).
- ext4: Fix possible corruption when moving a directory (bsc#1210763).
- ext4: fix RENAME_WHITEOUT handling for inline directories (bsc#1210766).
- ext4: fix another off-by-one fsmap error on 1k block filesystems (bsc#1210767).
- ext4: fix bad checksum after online resize (bsc#1210762 bsc#1208076).
- ext4: fix cgroup writeback accounting with fs-layer encryption (bsc#1210765).
- ext4: fix corruption when online resizing a 1K bigalloc fs (bsc#1206891).
- ext4: fix incorrect options show of original mount_opt and extend mount_opt2 (bsc#1210764).
- ext4: fix possible double unlock when moving a directory (bsc#1210763).
- ext4: use ext4_journal_start/stop for fast commit transactions (bsc#1210793).
- fbmem: Reject FB_ACTIVATE_KD_TEXT from userspace (git-fixes).
- firmware: qcom_scm: Clear download bit during reboot (git-fixes).
- firmware: stratix10-svc: Fix an NULL vs IS_ERR() bug in probe (git-fixes).
- fpga: bridge: fix kernel-doc parameter description (git-fixes).
- hwmon: (adt7475) Use device_property APIs when configuring polarity (git-fixes).
- hwmon: (k10temp) Check range scale when CUR_TEMP register is read-write (git-fixes).
- hwmon: (pmbus/fsp-3y) Fix functionality bitmask in FSP-3Y YM-2151E (git-fixes).
- i2c: cadence: cdns_i2c_master_xfer(): Fix runtime PM leak on error path (git-fixes).
- i2c: hisi: Avoid redundant interrupts (git-fixes).
- i2c: imx-lpi2c: clean rx/tx buffers upon new message (git-fixes).
- i2c: ocores: generate stop condition after timeout in polling mode (git-fixes).
- i915/perf: Replace DRM_DEBUG with driver specific drm_dbg call (git-fixes).
- ice: avoid bonding causing auxiliary plug/unplug under RTNL lock (bsc#1210158).
- iio: adc: at91-sama5d2_adc: fix an error code in at91_adc_allocate_trigger() (git-fixes).
- iio: light: tsl2772: fix reading proximity-diodes from device tree (git-fixes).
- ipmi: fix SSIF not responding under certain cond (git-fixes).
- ipmi:ssif: Add send_retries increment (git-fixes).
- k-m-s: Drop Linux 2.6 support
- kABI: PCI: loongson: Prevent LS7A MRRS increases (kabi).
- kABI: x86/msi: Fix msi message data shadow struct (kabi).
- kabi/severities: ignore KABI for NVMe target (bsc#1174777) The target code is only for testing and there are no external users.
- keys: Fix linking a duplicate key to a keyring's assoc_array (bsc#1207088).
- locking/rwbase: Mitigate indefinite writer starvation.
- media: av7110: prevent underflow in write_ts_to_decoder() (git-fixes).
- media: dm1105: Fix use after free bug in dm1105_remove due to race condition (git-fixes).
- media: max9286: Free control handler (git-fixes).
- media: rc: gpio-ir-recv: Fix support for wake-up (git-fixes).
- media: rkvdec: fix use after free bug in rkvdec_remove (git-fixes).
- media: saa7134: fix use after free bug in saa7134_finidev due to race condition (git-fixes).
- media: venus: dec: Fix handling of the start cmd (git-fixes).
- memstick: fix memory leak if card device is never registered (git-fixes).
- mm/filemap: fix page end in filemap_get_read_batch (bsc#1210768).
- mm: page_alloc: skip regions with hugetlbfs pages when allocating 1G pages (bsc#1210034).
- mm: take a page reference when removing device exclusive entries (bsc#1211025).
- mmc: sdhci-of-esdhc: fix quirk to ignore command inhibit for data (git-fixes).
- mmc: sdhci_am654: Set HIGH_SPEED_ENA for SDR12 and SDR25 (git-fixes).
- mtd: core: fix error path for nvmem provider (git-fixes).
- mtd: core: fix nvmem error reporting (git-fixes).
- mtd: core: provide unique name for nvmem device, take two (git-fixes).
- mtd: spi-nor: Fix a trivial typo (git-fixes).
- net: phy: nxp-c45-tja11xx: add remove callback (git-fixes).
- net: phy: nxp-c45-tja11xx: fix unsigned long multiplication overflow (git-fixes).
- nfsd: call op_release, even when op_func returns an error (git-fixes).
- nilfs2: fix potential UAF of struct nilfs_sc_info in nilfs_segctor_thread() (git-fixes).
- nilfs2: initialize unused bytes in segment summary blocks (git-fixes).
- nvme initialize core quirks before calling nvme_init_subsystem (git-fixes).
- nvme-auth: uninitialized variable in nvme_auth_transform_key() (git-fixes).
- nvme-fcloop: fix 'inconsistent {IN-HARDIRQ-W} -> {HARDIRQ-ON-W} usage' (git-fixes).
- nvme-hwmon: consistently ignore errors from nvme_hwmon_init (git-fixes).
- nvme-hwmon: kmalloc the NVME SMART log buffer (git-fixes).
- nvme-multipath: fix possible hang in live ns resize with ANA access (git-fixes).
- nvme-pci: fix doorbell buffer value endianness (git-fixes).
- nvme-pci: fix mempool alloc size (git-fixes).
- nvme-pci: fix page size checks (git-fixes).
- nvme-pci: fix timeout request state check (git-fixes).
- nvme-rdma: fix possible hang caused during ctrl deletion (git-fixes).
- nvme-tcp: fix possible circular locking when deleting a controller under memory pressure (git-fixes).
- nvme-tcp: fix possible hang caused during ctrl deletion (git-fixes).
- nvme-tcp: fix regression that causes sporadic requests to time out (git-fixes).
- nvme: Fix IOC_PR_CLEAR and IOC_PR_RELEASE ioctls for nvme devices (git-fixes).
- nvme: add device name to warning in uuid_show() (git-fixes).
- nvme: catch -ENODEV from nvme_revalidate_zones again (git-fixes).
- nvme: copy firmware_rev on each init (git-fixes).
- nvme: define compat_ioctl again to unbreak 32-bit userspace (git-fixes).
- nvme: fix async event trace event (git-fixes).
- nvme: fix handling single range discard request (git-fixes).
- nvme: fix per-namespace chardev deletion (git-fixes).
- nvme: fix the NVME_CMD_EFFECTS_CSE_MASK definition (git-fixes).
- nvme: fix the read-only state for zoned namespaces with unsupposed features (git-fixes).
- nvme: improve the NVME_CONNECT_AUTHREQ* definitions (git-fixes).
- nvme: move nvme_multi_css into nvme.h (git-fixes).
- nvme: return err on nvme_init_non_mdts_limits fail (git-fixes).
- nvme: send Identify with CNS 06h only to I/O controllers (bsc#1209693).
- nvme: set dma alignment to dword (git-fixes).
- nvme: use command_id instead of req->tag in trace_nvme_complete_rq() (git-fixes).
- nvmet-auth: do not try to cancel a non-initialized work_struct (git-fixes).
- nvmet-tcp: fix incomplete data digest send (git-fixes).
- nvmet-tcp: fix regression in data_digest calculation (git-fixes).
- nvmet: add helpers to set the result field for connect commands (git-fixes).
- nvmet: avoid potential UAF in nvmet_req_complete() (git-fixes).
- nvmet: do not defer passthrough commands with trivial effects to the workqueue (git-fixes).
- nvmet: fix I/O Command Set specific Identify Controller (git-fixes).
- nvmet: fix Identify Active Namespace ID list handling (git-fixes).
- nvmet: fix Identify Controller handling (git-fixes).
- nvmet: fix Identify Namespace handling (git-fixes).
- nvmet: fix a memory leak (git-fixes).
- nvmet: fix a memory leak in nvmet_auth_set_key (git-fixes).
- nvmet: fix a use-after-free (git-fixes).
- nvmet: fix invalid memory reference in nvmet_subsys_attr_qid_max_show (git-fixes).
- nvmet: force reconnect when number of queue changes (git-fixes).
- nvmet: looks at the passthrough controller when initializing CAP (git-fixes).
- nvmet: only allocate a single slab for bvecs (git-fixes).
- nvmet: use IOCB_NOWAIT only if the filesystem supports it (git-fixes).
- perf/core: Fix perf_output_begin parameter is incorrectly invoked in perf_event_bpf_output (git fixes).
- perf/core: Fix the same task check in perf_event_set_output (git fixes).
- perf: Fix check before add_event_to_groups() in perf_group_detach() (git fixes).
- perf: fix perf_event_context->time (git fixes).
- platform/x86 (gigabyte-wmi): Add support for A320M-S2H V2 (git-fixes).
- platform/x86: gigabyte-wmi: add support for X570S AORUS ELITE (git-fixes).
- power: supply: cros_usbpd: reclassify 'default case!' as debug (git-fixes).
- power: supply: generic-adc-battery: fix unit scaling (git-fixes).
- powerpc/64: Always build with 128-bit long double (bsc#1194869).
- powerpc/64e: Fix amdgpu build on Book3E w/o AltiVec (bsc#1194869).
- powerpc/hv-gpci: Fix hv_gpci event list (git fixes).
- powerpc/papr_scm: Update the NUMA distance table for the target node (bsc#1209999 ltc#202140 bsc#1142685 ltc#179509 git-fixes).
- powerpc/perf/hv-24x7: add missing RTAS retry status handling (git fixes).
- powerpc/pseries: Consolidate different NUMA distance update code paths (bsc#1209999 ltc#202140 bsc#1142685 ltc#179509 git-fixes).
- powerpc: declare unmodified attribute_group usages const (git-fixes).
- regulator: core: Avoid lockdep reports when resolving supplies (git-fixes).
- regulator: core: Consistently set mutex_owner when using ww_mutex_lock_slow() (git-fixes).
- regulator: core: Shorten off-on-delay-us for always-on/boot-on by time since booted (git-fixes).
- regulator: fan53555: Explicitly include bits header (git-fixes).
- regulator: fan53555: Fix wrong TCS_SLEW_MASK (git-fixes).
- regulator: stm32-pwr: fix of_iomap leak (git-fixes).
- remoteproc: Harden rproc_handle_vdev() against integer overflow (git-fixes).
- remoteproc: imx_rproc: Call of_node_put() on iteration error (git-fixes).
- remoteproc: st: Call of_node_put() on iteration error (git-fixes).
- remoteproc: stm32: Call of_node_put() on iteration error (git-fixes).
- rtc: meson-vrtc: Use ktime_get_real_ts64() to get the current time (git-fixes).
- rtc: omap: include header for omap_rtc_power_off_program prototype (git-fixes).
- sched/fair: Fix imbalance overflow (bsc#1155798 (CPU scheduler functional and performance backports)).
- sched/fair: Limit sched slice duration (bsc#1189999 (Scheduler functional and performance backports)).
- sched/fair: Move calculate of avg_load to a better location (bsc#1155798 (CPU scheduler functional and performance backports)).
- sched/fair: Sanitize vruntime of entity being migrated (bsc#1203325).
- sched/fair: sanitize vruntime of entity being placed (bsc#1203325).
- sched/numa: Stop an exhastive search if an idle core is found (bsc#1189999 (Scheduler functional and performance backports)).
- sched_getaffinity: do not assume 'cpumask_size()' is fully initialized (bsc#1155798 (CPU scheduler functional and performance backports)).
- scsi: aic94xx: Add missing check for dma_map_single() (git-fixes).
- scsi: core: Add BLIST_NO_VPD_SIZE for some VDASD (git-fixes bsc#1203039) (renamed now that it's upstgream)
- scsi: core: Add BLIST_SKIP_VPD_PAGES for SKhynix H28U74301AMR (git-fixes).
- scsi: core: Fix a procfs host directory removal regression (git-fixes).
- scsi: core: Fix a source code comment (git-fixes).
- scsi: core: Remove the /proc/scsi/${proc_name} directory earlier (git-fixes).
- scsi: hisi_sas: Check devm_add_action() return value (git-fixes).
- scsi: hisi_sas: Set a port invalid only if there are no devices attached when refreshing port id (git-fixes).
- scsi: ipr: Work around fortify-string warning (git-fixes).
- scsi: iscsi_tcp: Check that sock is valid before iscsi_set_param() (git-fixes).
- scsi: iscsi_tcp: Fix UAF during login when accessing the shost ipaddress (git-fixes).
- scsi: iscsi_tcp: Fix UAF during logout when accessing the shost ipaddress (git-fixes).
- scsi: kABI workaround for fc_host_fpin_rcv (git-fixes).
- scsi: libsas: Remove useless dev_list delete in sas_ex_discover_end_dev() (git-fixes).
- scsi: lpfc: Avoid usage of list iterator variable after loop (git-fixes).
- scsi: lpfc: Check kzalloc() in lpfc_sli4_cgn_params_read() (git-fixes).
- scsi: lpfc: Copyright updates for 14.2.0.11 patches (bsc#1210943).
- scsi: lpfc: Correct used_rpi count when devloss tmo fires with no recovery (bsc#1210943).
- scsi: lpfc: Defer issuing new PLOGI if received RSCN before completing REG_LOGIN (bsc#1210943).
- scsi: lpfc: Drop redundant pci_enable_pcie_error_reporting() (bsc#1210943).
- scsi: lpfc: Fix double word in comments (bsc#1210943).
- scsi: lpfc: Fix ioremap issues in lpfc_sli4_pci_mem_setup() (bsc#1210943).
- scsi: lpfc: Fix lockdep warning for rx_monitor lock when unloading driver (bsc#1210943).
- scsi: lpfc: Prevent lpfc_debugfs_lockstat_write() buffer overflow (bsc#1210943).
- scsi: lpfc: Record LOGO state with discovery engine even if aborted (bsc#1210943).
- scsi: lpfc: Reorder freeing of various DMA buffers and their list removal (bsc#1210943).
- scsi: lpfc: Revise lpfc_error_lost_link() reason code evaluation logic (bsc#1210943).
- scsi: lpfc: Silence an incorrect device output (bsc#1210943).
- scsi: lpfc: Skip waiting for register ready bits when in unrecoverable state (bsc#1210943).
- scsi: lpfc: Update lpfc version to 14.2.0.11 (bsc#1210943).
- scsi: megaraid_sas: Fix crash after a double completion (git-fixes).
- scsi: megaraid_sas: Update max supported LD IDs to 240 (git-fixes).
- scsi: mpt3sas: Do not print sense pool info twice (git-fixes).
- scsi: mpt3sas: Fix NULL pointer access in mpt3sas_transport_port_add() (git-fixes).
- scsi: mpt3sas: Fix a memory leak (git-fixes).
- scsi: qla2xxx: Fix memory leak in qla2x00_probe_one() (git-fixes).
- scsi: qla2xxx: Perform lockless command completion in abort path (git-fixes).
- scsi: scsi_dh_alua: Fix memleak for 'qdata' in alua_activate() (git-fixes).
- scsi: scsi_transport_fc: Add an additional flag to fc_host_fpin_rcv() (bsc#1210943).
- scsi: sd: Fix wrong zone_write_granularity value during revalidate (git-fixes).
- scsi: ses: Do not attach if enclosure has no components (git-fixes).
- scsi: ses: Fix possible addl_desc_ptr out-of-bounds accesses (git-fixes).
- scsi: ses: Fix possible desc_ptr out-of-bounds accesses (git-fixes).
- scsi: ses: Fix slab-out-of-bounds in ses_enclosure_data_process() (git-fixes).
- scsi: ses: Fix slab-out-of-bounds in ses_intf_remove() (git-fixes).
- scsi: snic: Fix memory leak with using debugfs_lookup() (git-fixes).
- seccomp: Move copy_seccomp() to no failure path (bsc#1210817).
- selftests/kselftest/runner/run_one(): allow running non-executable files (git-fixes).
- selftests: sigaltstack: fix -Wuninitialized (git-fixes).
- selinux: ensure av_permissions.h is built when needed (git-fixes).
- selinux: fix Makefile dependencies of flask.h (git-fixes).
- serial: 8250: Add missing wakeup event reporting (git-fixes).
- serial: 8250_bcm7271: Fix arbitration handling (git-fixes).
- serial: 8250_exar: derive nr_ports from PCI ID for Acces I/O cards (git-fixes).
- serial: exar: Add support for Sealevel 7xxxC serial cards (git-fixes).
- signal handling: do not use BUG_ON() for debugging (bsc#1210439).
- signal: Add SA_IMMUTABLE to ensure forced siganls do not get changed (bsc#1210816).
- signal: Do not always set SA_IMMUTABLE for forced signals (bsc#1210816).
- signal: HANDLER_EXIT should clear SIGNAL_UNKILLABLE (bsc#1210816).
- soc: ti: pm33xx: Fix refcount leak in am33xx_pm_probe (git-fixes).
- spi: cadence-quadspi: fix suspend-resume implementations (git-fixes).
- spi: fsl-spi: Fix CPM/QE mode Litte Endian (git-fixes).
- spi: qup: Do not skip cleanup in remove's error path (git-fixes).
- staging: iio: resolver: ads1210: fix config mode (git-fixes).
- staging: rtl8192e: Fix W_DISABLE# does not work after stop/start (git-fixes).
- stat: fix inconsistency between struct stat and struct compat_stat (git-fixes).
- sunrpc: only free unix grouplist after RCU settles (git-fixes).
- supported.conf: declaring usb_f_ncm supported as requested in (jsc#PED-3750) Support for the legacy functionality g_ncm is still under discussion (see jsc-PED#3200) For maintainance see (jsc#PED-3759)
- supported.conf: support u_ether and libcomposite (jsc-PED#3750) This is necessary for g_ncm (for maintainance see jsc-PED#3759)
- tty: Prevent writing chars during tcsetattr TCSADRAIN/FLUSH (git-fixes).
- tty: serial: fsl_lpuart: adjust buffer length to the intended size (git-fixes).
- udf: Check consistency of Space Bitmap Descriptor (bsc#1210771).
- udf: Fix a slab-out-of-bounds write bug in udf_find_entry() (bsc#1206649).
- udf: Support splicing to file (bsc#1210770).
- usb: chipidea: fix missing goto in `ci_hdrc_probe` (git-fixes).
- usb: chipidea: imx: avoid unnecessary probe defer (git-fixes).
- usb: dwc3: gadget: Change condition for processing suspend event (git-fixes).
- usb: dwc3: pci: add support for the Intel Meteor Lake-S (git-fixes).
- usb: gadget: tegra-xudc: Fix crash in vbus_draw (git-fixes).
- usb: gadget: udc: renesas_usb3: Fix use after free bug in renesas_usb3_remove due to race condition (git-fixes).
- usb: host: xhci-rcar: remove leftover quirk handling (git-fixes).
- virt/coco/sev-guest: Add throttling awareness (bsc#1209927).
- virt/coco/sev-guest: Carve out the request issuing logic into a helper (bsc#1209927).
- virt/coco/sev-guest: Check SEV_SNP attribute at probe time (bsc#1209927).
- virt/coco/sev-guest: Convert the sw_exit_info_2 checking to a switch-case (bsc#1209927).
- virt/coco/sev-guest: Do some code style cleanups (bsc#1209927).
- virt/coco/sev-guest: Remove the disable_vmpck label in handle_guest_request() (bsc#1209927).
- virt/coco/sev-guest: Simplify extended guest request handling (bsc#1209927).
- virt/sev-guest: Return -EIO if certificate buffer is not large enough (bsc#1209927).
- virtio_ring: do not update event idx on get_buf (git-fixes).
- vmci_host: fix a race condition in vmci_host_poll() causing GPF (git-fixes).
- vmxnet3: use gro callback when UPT is enabled (bsc#1209739).
- wifi: ath5k: fix an off by one check in ath5k_eeprom_read_freq_list() (git-fixes).
- wifi: ath6kl: minor fix for allocation size (git-fixes).
- wifi: ath6kl: reduce WARN to dev_dbg() in callback (git-fixes).
- wifi: ath9k: hif_usb: fix memory leak of remain_skbs (git-fixes).
- wifi: brcmfmac: slab-out-of-bounds read in brcmf_get_assoc_ies() (git-fixes).
- wifi: brcmfmac: support CQM RSSI notification with older firmware (git-fixes).
- wifi: iwlwifi: debug: fix crash in __iwl_err() (git-fixes).
- wifi: iwlwifi: fix duplicate entry in iwl_dev_info_table (git-fixes).
- wifi: iwlwifi: fw: fix memory leak in debugfs (git-fixes).
- wifi: iwlwifi: fw: move memset before early return (git-fixes).
- wifi: iwlwifi: make the loop for card preparation effective (git-fixes).
- wifi: iwlwifi: mvm: check firmware response size (git-fixes).
- wifi: iwlwifi: mvm: do not set CHECKSUM_COMPLETE for unsupported protocols (git-fixes).
- wifi: iwlwifi: mvm: fix mvmtxq->stopped handling (git-fixes).
- wifi: iwlwifi: mvm: initialize seq variable (git-fixes).
- wifi: iwlwifi: trans: do not trigger d3 interrupt twice (git-fixes).
- wifi: iwlwifi: yoyo: Fix possible division by zero (git-fixes).
- wifi: iwlwifi: yoyo: skip dump correctly on hw error (git-fixes).
- wifi: mac80211: adjust scan cancel comment/check (git-fixes).
- wifi: mt76: add missing locking to protect against concurrent rx/status calls (git-fixes).
- wifi: mt76: fix 6GHz high channel not be scanned (git-fixes).
- wifi: mt76: handle failure of vzalloc in mt7615_coredump_work (git-fixes).
- wifi: mwifiex: mark OF related data as maybe unused (git-fixes).
- wifi: rt2x00: Fix memory leak when handling surveys (git-fixes).
- wifi: rtlwifi: fix incorrect error codes in rtl_debugfs_set_write_reg() (git-fixes).
- wifi: rtlwifi: fix incorrect error codes in rtl_debugfs_set_write_rfreg() (git-fixes).
- wifi: rtw88: mac: Return the original error from rtw_mac_power_switch() (git-fixes).
- wifi: rtw88: mac: Return the original error from rtw_pwr_seq_parser() (git-fixes).
- wifi: rtw89: fix potential race condition between napi_init and napi_enable (git-fixes).
- writeback, cgroup: fix null-ptr-deref write in bdi_split_work_to_wbs (bsc#1210769).
- x86/MCE/AMD: Fix memory leak when threshold_create_bank() fails (git-fixes).
- x86/PCI: Add quirk for AMD XHCI controller that loses MSI-X state in D3hot (git-fixes).
- x86/bug: Prevent shadowing in __WARN_FLAGS (git-fixes).
- x86/bugs: Enable STIBP for IBPB mitigated RETBleed (git-fixes).
- x86/entry: Avoid very early RET (git-fixes).
- x86/entry: Do not call error_entry() for XENPV (git-fixes).
- x86/entry: Move CLD to the start of the idtentry macro (git-fixes).
- x86/entry: Move PUSH_AND_CLEAR_REGS out of error_entry() (git-fixes).
- x86/entry: Switch the stack after error_entry() returns (git-fixes).
- x86/fpu: Prevent FPU state corruption (git-fixes).
- x86/kvm: Preserve BSP MSR_KVM_POLL_CONTROL across suspend/resume (git-fixes).
- x86/msi: Fix msi message data shadow struct (git-fixes).
- x86/pci/xen: Disable PCI/MSI masking for XEN_HVM guests (git-fixes).
- x86/traps: Use pt_regs directly in fixup_bad_iret() (git-fixes).
- x86/tsx: Disable TSX development mode at boot (git-fixes).
- x86: __memcpy_flushcache: fix wrong alignment if size > 2^32 (git-fixes).
- xhci: fix debugfs register accesses while suspended (git-fixes).
ImportantSUSE bug 1142685SUSE bug 1155798SUSE bug 1174777SUSE bug 1189999SUSE bug 1194869SUSE bug 1203039SUSE bug 1203325SUSE bug 1206649SUSE bug 1206891SUSE bug 1206992SUSE bug 1207088SUSE bug 1208076SUSE bug 1208845SUSE bug 1209615SUSE bug 1209693SUSE bug 1209739SUSE bug 1209871SUSE bug 1209927SUSE bug 1209999SUSE bug 1210034SUSE bug 1210158SUSE bug 1210202SUSE bug 1210206SUSE bug 1210301SUSE bug 1210329SUSE bug 1210336SUSE bug 1210337SUSE bug 1210439SUSE bug 1210453SUSE bug 1210454SUSE bug 1210469SUSE bug 1210506SUSE bug 1210629SUSE bug 1210725SUSE bug 1210762SUSE bug 1210763SUSE bug 1210764SUSE bug 1210765SUSE bug 1210766SUSE bug 1210767SUSE bug 1210768SUSE bug 1210769SUSE bug 1210770SUSE bug 1210771SUSE bug 1210793SUSE bug 1210816SUSE bug 1210817SUSE bug 1210827SUSE bug 1210943SUSE bug 1210953SUSE bug 1210986SUSE bug 1211025CVE-2022-2196 at SUSECVE-2022-2196 at NVDCVE-2023-0386 at SUSECVE-2023-0386 at NVDCVE-2023-1670 at SUSECVE-2023-1670 at NVDCVE-2023-1855 at SUSECVE-2023-1855 at NVDCVE-2023-1989 at SUSECVE-2023-1989 at NVDCVE-2023-1990 at SUSECVE-2023-1990 at NVDCVE-2023-1998 at SUSECVE-2023-1998 at NVDCVE-2023-2008 at SUSECVE-2023-2008 at NVDCVE-2023-2019 at SUSECVE-2023-2019 at NVDCVE-2023-2176 at SUSECVE-2023-2176 at NVDCVE-2023-2235 at SUSECVE-2023-2235 at NVDCVE-2023-23006 at SUSECVE-2023-23006 at NVDCVE-2023-30772 at SUSECVE-2023-30772 at NVDcpe:/o:suse:sle-micro:5.4Security update for ovmf (Important)SUSE Linux Enterprise Micro 5.4
This update for ovmf fixes the following issues:
- CVE-2021-38578: Fixed potential underflow in SmmEntryPointwhen computing BufferSize (bsc#1196741).
- CVE-2019-14560: Fixed potential secure boot bypass caused by improper check of GetEfiGlobalVariable2() return value (bsc#1174246).
- revert a patch to fix xen boot problems (bsc#1205613)
ImportantSUSE bug 1174246SUSE bug 1196741SUSE bug 1205613CVE-2019-14560 at SUSECVE-2019-14560 at NVDCVE-2021-38578 at SUSECVE-2021-38578 at NVDcpe:/o:suse:sle-micro:5.4Security update for ucode-intel (Important)SUSE Linux Enterprise Micro 5.4
This update for ucode-intel fixes the following issues:
- Updated to Intel CPU Microcode 20230512 release. (bsc#1211382).
- New platforms:
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
| ADL-N | A0 | 06-be-00/01 | | 00000010 | Core i3-N305/N300, N50/N97/N100/N200, Atom x7211E/x7213E/x7425E
| AZB | A0 | 06-9a-04/40 | | 00000004 | Intel(R) Atom(R) C1100
| AZB | R0 | 06-9a-04/40 | | 00000004 | Intel(R) Atom(R) C1100
- Updated Platforms
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
| ADL | L0 | 06-9a-03/80 | 00000429 | 0000042a | Core Gen12
| ADL | L0 | 06-9a-04/80 | 00000429 | 0000042a | Core Gen12
| AML-Y22 | H0 | 06-8e-09/10 | | 000000f2 | Core Gen8 Mobile
| AML-Y42 | V0 | 06-8e-0c/94 | 000000f4 | 000000f6 | Core Gen10 Mobile
| CFL-H | R0 | 06-9e-0d/22 | 000000f4 | 000000f8 | Core Gen9 Mobile
| CFL-H/S | P0 | 06-9e-0c/22 | 000000f0 | 000000f2 | Core Gen9
| CFL-H/S/E3 | U0 | 06-9e-0a/22 | 000000f0 | 000000f2 | Core Gen8 Desktop, Mobile, Xeon E
| CFL-S | B0 | 06-9e-0b/02 | 000000f0 | 000000f2 | Core Gen8
| CFL-U43e | D0 | 06-8e-0a/c0 | 000000f0 | 000000f2 | Core Gen8 Mobile
| CLX-SP | B0 | 06-55-06/bf | 04003303 | 04003501 | Xeon Scalable Gen2
| CLX-SP | B1 | 06-55-07/bf | 05003303 | 05003501 | Xeon Scalable Gen2
| CML-H | R1 | 06-a5-02/20 | 000000f4 | 000000f6 | Core Gen10 Mobile
| CML-S102 | Q0 | 06-a5-05/22 | 000000f4 | 000000f6 | Core Gen10
| CML-S62 | G1 | 06-a5-03/22 | 000000f4 | 000000f6 | Core Gen10
| CML-U62 V1 | A0 | 06-a6-00/80 | 000000f4 | 000000f6 | Core Gen10 Mobile
| CML-U62 V2 | K1 | 06-a6-01/80 | 000000f4 | 000000f6 | Core Gen10 Mobile
| CML-Y42 | V0 | 06-8e-0c/94 | 000000f4 | 000000f6 | Core Gen10 Mobile
| CPX-SP | A1 | 06-55-0b/bf | 07002503 | 07002601 | Xeon Scalable Gen3
| ICL-D | B0 | 06-6c-01/10 | 01000211 | 01000230 | Xeon D-17xx, D-27xx
| ICL-U/Y | D1 | 06-7e-05/80 | 000000b8 | 000000ba | Core Gen10 Mobile
| ICX-SP | D0 | 06-6a-06/87 | 0d000389 | 0d000390 | Xeon Scalable Gen3
| KBL-G/H/S/E3 | B0 | 06-9e-09/2a | 000000f0 | 000000f2 | Core Gen7; Xeon E3 v6
| KBL-U/Y | H0 | 06-8e-09/c0 | | 000000f2 | Core Gen7 Mobile
| LKF | B2/B3 | 06-8a-01/10 | 00000032 | 00000033 | Core w/Hybrid Technology
| RKL-S | B0 | 06-a7-01/02 | 00000057 | 00000058 | Core Gen11
| RPL-H 6+8 | J0 | 06-ba-02/07 | 0000410e | 00004112 | Core Gen13
| RPL-P 6+8 | J0 | 06-ba-02/07 | 0000410e | 00004112 | Core Gen13
| RPL-S | S0 | 06-b7-01/32 | 00000112 | 00000113 | Core Gen13
| RPL-U 2+8 | Q0 | 06-ba-03/07 | 0000410e | 00004112 | Core Gen13
| SKX-D | H0 | 06-55-04/b7 | | 02006f05 | Xeon D-21xx
| SKX-SP | B1 | 06-55-03/97 | 01000161 | 01000171 | Xeon Scalable
| SKX-SP | H0/M0/U0 | 06-55-04/b7 | | 02006f05 | Xeon Scalable
| SPR-HBM | B3 | 06-8f-08/10 | 2c000170 | 2c0001d1 | Xeon Max
| SPR-SP | E0 | 06-8f-04/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4
| SPR-SP | E2 | 06-8f-05/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4
| SPR-SP | E3 | 06-8f-06/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4
| SPR-SP | E4 | 06-8f-07/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4
| SPR-SP | E5 | 06-8f-08/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4
| SPR-SP | S2 | 06-8f-07/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4
| SPR-SP | S3 | 06-8f-08/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4
| TGL | B1 | 06-8c-01/80 | 000000a6 | 000000aa | Core Gen11 Mobile
| TGL-H | R0 | 06-8d-01/c2 | 00000042 | 00000044 | Core Gen11 Mobile
| TGL-R | C0 | 06-8c-02/c2 | 00000028 | 0000002a | Core Gen11 Mobile
| WHL-U | V0 | 06-8e-0c/94 | 000000f4 | 000000f6 | Core Gen8 Mobile
| WHL-U | W0 | 06-8e-0b/d0 | | 000000f2 | Core Gen8 Mobile
ImportantSUSE bug 1208479SUSE bug 1211382CVE-2022-33972 at SUSECVE-2022-33972 at NVDcpe:/o:suse:sle-micro:5.4Security update for containerd (Important)SUSE Linux Enterprise Micro 5.4
This update for containerd fixes the following issues:
- Rebuild containerd with a current version of go to catch up on bugfixes and security fixes (bsc#1210298)
ImportantSUSE bug 1210298cpe:/o:suse:sle-micro:5.4Security update for runc (Important)SUSE Linux Enterprise Micro 5.4
This update of runc fixes the following issues:
- rebuild the package with the go 19.9 secure release (bsc#1200441).
ImportantSUSE bug 1200441cpe:/o:suse:sle-micro:5.4Security update for c-ares (Important)SUSE Linux Enterprise Micro 5.4
This update for c-ares fixes the following issues:
Update to version 1.19.1:
- CVE-2023-32067: 0-byte UDP payload causes Denial of Service (bsc#1211604)
- CVE-2023-31147: Insufficient randomness in generation of DNS query IDs (bsc#1211605)
- CVE-2023-31130: Buffer Underwrite in ares_inet_net_pton() (bsc#1211606)
- CVE-2023-31124: AutoTools does not set CARES_RANDOM_FILE during cross compilation (bsc#1211607)
- Fix uninitialized memory warning in test
- ares_getaddrinfo() should allow a port of 0
- Fix memory leak in ares_send() on error
- Fix comment style in ares_data.h
- Fix typo in ares_init_options.3
- Sync ax_pthread.m4 with upstream
- Sync ax_cxx_compile_stdcxx_11.m4 with upstream to fix uclibc support
ImportantSUSE bug 1211604SUSE bug 1211605SUSE bug 1211606SUSE bug 1211607CVE-2023-31124 at SUSECVE-2023-31124 at NVDCVE-2023-31130 at SUSECVE-2023-31130 at NVDCVE-2023-31147 at SUSECVE-2023-31147 at NVDCVE-2023-32067 at SUSECVE-2023-32067 at NVDcpe:/o:suse:sle-micro:5.4Security update for cni-plugins (Important)SUSE Linux Enterprise Micro 5.4
This update of cni-plugins fixes the following issues:
- rebuild the package with the go 1.19 security release (bsc#1200441).
ImportantSUSE bug 1200441cpe:/o:suse:sle-micro:5.4Security update for cni (Important)SUSE Linux Enterprise Micro 5.4
This update of cni fixes the following issues:
- rebuild the package with the go 1.19 security release (bsc#1200441).
ImportantSUSE bug 1200441cpe:/o:suse:sle-micro:5.4Security update for tiff (Moderate)SUSE Linux Enterprise Micro 5.4
This update for tiff fixes the following issues:
Fixed multiple out of bounds read/write security issues:
CVE-2023-0795 (bsc#1208226), CVE-2023-0796 (bsc#1208227), CVE-2023-0797 (bsc#1208228),
CVE-2023-0798 (bsc#1208229), CVE-2023-0799 (bsc#1208230), CVE-2023-0800 (bsc#1208231),
CVE-2023-0801 (bsc#1208232), CVE-2023-0802 (bsc#1208233), CVE-2023-0803 (bsc#1208234),
CVE-2023-0804 (bsc#1208236).
ModerateSUSE bug 1208226SUSE bug 1208227SUSE bug 1208228SUSE bug 1208229SUSE bug 1208230SUSE bug 1208231SUSE bug 1208232SUSE bug 1208233SUSE bug 1208234SUSE bug 1208236CVE-2023-0795 at SUSECVE-2023-0795 at NVDCVE-2023-0796 at SUSECVE-2023-0796 at NVDCVE-2023-0797 at SUSECVE-2023-0797 at NVDCVE-2023-0798 at SUSECVE-2023-0798 at NVDCVE-2023-0799 at SUSECVE-2023-0799 at NVDCVE-2023-0800 at SUSECVE-2023-0800 at NVDCVE-2023-0801 at SUSECVE-2023-0801 at NVDCVE-2023-0802 at SUSECVE-2023-0802 at NVDCVE-2023-0803 at SUSECVE-2023-0803 at NVDCVE-2023-0804 at SUSECVE-2023-0804 at NVDcpe:/o:suse:sle-micro:5.4Security update for openssl-1_1 (Important)SUSE Linux Enterprise Micro 5.4
This update for openssl-1_1 fixes the following issues:
- CVE-2023-2650: Fixed possible denial of service translating ASN.1 object identifiers (bsc#1211430).
ImportantSUSE bug 1211430CVE-2023-2650 at SUSECVE-2023-2650 at NVDcpe:/o:suse:sle-micro:5.4Security update for cups (Important)SUSE Linux Enterprise Micro 5.4
This update for cups fixes the following issues:
- CVE-2023-32324: Fixed a buffer overflow in format_log_line() which could cause a denial-of-service (bsc#1211643).
ImportantSUSE bug 1211643CVE-2023-32324 at SUSECVE-2023-32324 at NVDcpe:/o:suse:sle-micro:5.4Security update for libvirt (Moderate)SUSE Linux Enterprise Micro 5.4
This update for libvirt fixes the following issues:
- CVE-2023-2700: Fixed a memory leak that could be triggered by
repeatedly querying an SR-IOV PCI device's capabilities
(bsc#1211390).
Non-security fixes:
- Fixed a potential crash during driver cleanup (bsc#1209861).
- Added Apparmor support for SUSE edk2 firmware paths (boo#1208567).
- Fixed lxc container initialization with systemd and hybrid groups
(boo#1183247).
- Added the option to specify the virtual CPU address size in bits for
qemu (bsc#1199583).
ModerateSUSE bug 1183247SUSE bug 1199583SUSE bug 1208567SUSE bug 1209861SUSE bug 1211390CVE-2023-2700 at SUSECVE-2023-2700 at NVDcpe:/o:suse:sle-micro:5.4Security update for openldap2 (Moderate)SUSE Linux Enterprise Micro 5.4
This update for openldap2 fixes the following issues:
- CVE-2023-2953: Fixed null pointer deref in ber_memalloc_x (bsc#1211795).
ModerateSUSE bug 1211795CVE-2023-2953 at SUSECVE-2023-2953 at NVDcpe:/o:suse:sle-micro:5.4Security update for opensc (Moderate)SUSE Linux Enterprise Micro 5.4
This update for opensc fixes the following issues:
- CVE-2023-2977: Fixed out of bounds read in pkcs15 cardos_have_verifyrc_package() (bsc#1211894).
ModerateSUSE bug 1211894CVE-2023-2977 at SUSECVE-2023-2977 at NVDcpe:/o:suse:sle-micro:5.4Security update for python3 (Moderate)SUSE Linux Enterprise Micro 5.4
This update for python3 fixes the following issues:
- CVE-2007-4559: Fixed filter for tarfile.extractall (bsc#1203750).
- Fixed unittest.mock.patch.dict returns function when applied to coroutines (bsc#1211158).
ModerateSUSE bug 1203750SUSE bug 1211158CVE-2007-4559 at SUSECVE-2007-4559 at NVDcpe:/o:suse:sle-micro:5.4Security update for Salt (Moderate)SUSE Linux Enterprise Micro 5.4
This update for salt fixes the following issues:
salt:
- Update to Salt release version 3006.0 (jsc#PED-4361)
* See release notes: https://docs.saltproject.io/en/latest/topics/releases/3006.0.html
- Add missing patch after rebase to fix collections Mapping issues
- Add python3-looseversion as new dependency for salt
- Add python3-packaging as new dependency for salt
- Allow entrypoint compatibility for 'importlib-metadata>=5.0.0' (bsc#1207071)
- Avoid conflicts with Salt dependencies versions (bsc#1211612)
- Avoid failures due transactional_update module not available in Salt 3006.0 (bsc#1211754)
- Create new salt-tests subpackage containing Salt tests
- Drop conflictive patch dicarded from upstream
- Fix package build with old setuptools versions
- Fix SLS rendering error when Jinja macros are used
- Fix version detection and avoid building and testing failures
- Prevent deadlocks in salt-ssh executions
- Require python3-jmespath runtime dependency (bsc#1209233)
- Make master_tops compatible with Salt 3000 and older minions (bsc#1212516, bsc#1212517)
python-jmespath:
- Deliver python3-jmespath to SUSE Linux Enterprise Micro on s390x architecture as it is now required by Salt
(no source changes)
python-ply:
- Deliver python3-ply to SUSE Linux Enterprise Micro on s390x architecture as it is a requirement for python-jmespath
(no source changes)
ModerateSUSE bug 1207071SUSE bug 1209233SUSE bug 1211612SUSE bug 1211754SUSE bug 1212516SUSE bug 1212517cpe:/o:suse:sle-micro:5.4Security update for salt and python-pyzmq (Moderate)SUSE Linux Enterprise Micro 5.4
This update for salt and python-pyzmq fixes the following issues:
salt:
- Update to Salt release version 3006.0 (jsc#PED-4361)
* See release notes: https://docs.saltproject.io/en/latest/topics/releases/3006.0.html
- Add missing patch after rebase to fix collections Mapping issues
- Add python3-looseversion as new dependency for salt
- Add python3-packaging as new dependency for salt
- Allow entrypoint compatibility for 'importlib-metadata>=5.0.0' (bsc#1207071)
- Avoid conflicts with Salt dependencies versions (bsc#1211612)
- Avoid failures due transactional_update module not available in Salt 3006.0 (bsc#1211754)
- Create new salt-tests subpackage containing Salt tests
- Drop conflictive patch dicarded from upstream
- Fix package build with old setuptools versions
- Fix SLS rendering error when Jinja macros are used
- Fix version detection and avoid building and testing failures
- Prevent deadlocks in salt-ssh executions
- Require python3-jmespath runtime dependency (bsc#1209233)
- Make master_tops compatible with Salt 3000 and older minions (bsc#1212516, bsc#1212517)
python-pyzmq:
- Update python-pyzmq to version 17.1.2 in LTSS products (bsc#1186945)
ModerateSUSE bug 1186945SUSE bug 1207071SUSE bug 1209233SUSE bug 1211612SUSE bug 1211754SUSE bug 1212516SUSE bug 1212517cpe:/o:suse:sle-micro:5.4Security update for open-vm-tools (Moderate)SUSE Linux Enterprise Micro 5.4
This update for open-vm-tools fixes the following issues:
- CVE-2023-20867: Fixed authentication bypass vulnerability in the vgauth module (bsc#1212143).
Bug fixes:
- Fixed build problem with grpc 1.54 (bsc#1210695).
ModerateSUSE bug 1210695SUSE bug 1212143CVE-2023-20867 at SUSECVE-2023-20867 at NVDcpe:/o:suse:sle-micro:5.4Security update for bluez (Important)SUSE Linux Enterprise Micro 5.4
This update for bluez fixes the following issues:
- CVE-2023-27349: Fixed crash while handling unsupported events (bsc#1210398).
ImportantSUSE bug 1210398CVE-2023-27349 at SUSECVE-2023-27349 at NVDcpe:/o:suse:sle-micro:5.4Security update for libX11 (Important)SUSE Linux Enterprise Micro 5.4
This update for libX11 fixes the following issues:
- CVE-2023-3138: Fixed buffer overflows in InitExt.c (bsc#1212102).
ImportantSUSE bug 1212102CVE-2023-3138 at SUSECVE-2023-3138 at NVDcpe:/o:suse:sle-micro:5.4Security update for cups (Important)SUSE Linux Enterprise Micro 5.4
This update for cups fixes the following issues:
- CVE-2023-34241: Fixed a use-after-free problem in cupsdAcceptClient() (bsc#1212230).
ImportantSUSE bug 1212230CVE-2023-34241 at SUSECVE-2023-34241 at NVDcpe:/o:suse:sle-micro:5.4Security update for vim (Important)SUSE Linux Enterprise Micro 5.4
This update for vim fixes the following issues:
- CVE-2023-2426: Fixed out-of-range pointer offset (bsc#1210996).
- CVE-2023-2609: Fixed NULL pointer dereference (bsc#1211256).
- CVE-2023-2610: Fixed integer overflow or wraparound (bsc#1211257).
ImportantSUSE bug 1210996SUSE bug 1211256SUSE bug 1211257CVE-2023-2426 at SUSECVE-2023-2426 at NVDCVE-2023-2609 at SUSECVE-2023-2609 at NVDCVE-2023-2610 at SUSECVE-2023-2610 at NVDcpe:/o:suse:sle-micro:5.4Security update for openssl-1_1 (Moderate)SUSE Linux Enterprise Micro 5.4
This update for openssl-1_1 fixes the following issues:
- CVE-2022-4304: Reworked the fix for the Timing-Oracle in RSA decryption.
The previous fix for this timing side channel turned out to cause a
severe 2-3x performance regression in the typical use case (bsc#1207534).
- Update further expiring certificates that affect the testsuite (bsc#1201627).
ModerateSUSE bug 1201627SUSE bug 1207534CVE-2022-4304 at SUSECVE-2022-4304 at NVDcpe:/o:suse:sle-micro:5.4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.4
The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2023-28410: Fixed improper restriction of operations within the bounds of a memory buffer in some Intel(R) i915 Graphics drivers that may have allowed an authenticated user to potentially enable escalation of privilege via local access (bsc#1211263).
- CVE-2023-2156: Fixed a flaw in the networking subsystem within the handling of the RPL protocol (bsc#1211131).
- CVE-2023-1382: Fixed denial of service in tipc_conn_close (bsc#1209288).
- CVE-2023-3006: Fixed a known cache speculation vulnerability, known as Branch History Injection (BHI) or Spectre-BHB, for the new hw AmpereOne (bsc#1211855).
- CVE-2023-2269: Fixed a denial-of-service problem due to a possible recursive locking scenario, resulting in a deadlock in table_clear in drivers/md/dm-ioctl.c (bsc#1210806).
- CVE-2023-1079: Fixed a use-after-free problem that could have been triggered in asus_kbd_backlight_set when plugging/disconnecting a malicious USB device (bsc#1208604).
- CVE-2023-2162: Fixed an use-after-free flaw in iscsi_sw_tcp_session_create (bsc#1210647).
- CVE-2023-33288: Fixed a use-after-free in bq24190_remove in drivers/power/supply/bq24190_charger.c (bsc#1211590).
- CVE-2022-45886: Fixed a .disconnect versus dvb_device_open race condition in dvb_net.c that lead to a use-after-free (bsc#1205760).
- CVE-2022-45885: Fixed a race condition in dvb_frontend.c that could cause a use-after-free when a device is disconnected (bsc#1205758).
- CVE-2022-45887: Fixed a memory leak in ttusb_dec.c caused by the lack of a dvb_frontend_detach call (bsc#1205762).
- CVE-2022-45919: Fixed a use-after-free in dvb_ca_en50221.c that could occur if there is a disconnect after an open, because of the lack of a wait_event (bsc#1205803).
- CVE-2022-45884: Fixed a use-after-free in dvbdev.c, related to dvb_register_device dynamically allocating fops (bsc#1205756).
- CVE-2023-31084: Fixed a blocking issue in drivers/media/dvb-core/dvb_frontend.c (bsc#1210783).
- CVE-2023-2002: Fixed a flaw that allowed an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication (bsc#1210533).
- CVE-2023-31436: Fixed an out-of-bounds write in qfq_change_class() because lmax can exceed QFQ_MIN_LMAX (bsc#1210940).
- CVE-2023-30456: Fixed an issue in arch/x86/kvm/vmx/nested.c with nVMX on x86_64 lacks consistency checks for CR0 and CR4 (bsc#1210294).
- CVE-2022-4269: Fixed a flaw was found inside the Traffic Control (TC) subsystem (bsc#1206024).
- CVE-2023-32233: Fixed a use-after-free in Netfilter nf_tables when processing batch requests (bsc#1211043).
- CVE-2023-1380: Fixed a slab-out-of-bound read problem in brcmf_get_assoc_ies() (bsc#1209287).
- CVE-2023-2513: Fixed a use-after-free vulnerability in the ext4 filesystem (bsc#1211105).
- CVE-2023-2483: Fixed a use after free bug in emac_remove caused by a race condition (bsc#1211037).
- CVE-2023-2124: Fixed an out-of-bound access in the XFS subsystem that could have lead to denial-of-service or potentially privilege escalation (bsc#1210498).
The following non-security bugs were fixed:
- 3c589_cs: Fix an error handling path in tc589_probe() (git-fixes).
- ACPI: EC: Fix oops when removing custom query handlers (git-fixes).
- ACPI: bus: Ensure that notify handlers are not running after removal (git-fixes).
- ACPI: processor: Fix evaluating _PDC method when running as Xen dom0 (git-fixes).
- ACPI: tables: Add support for NBFT (bsc#1195921).
- ACPICA: ACPICA: check null return of ACPI_ALLOCATE_ZEROED in acpi_db_display_objects (git-fixes).
- ACPICA: Avoid undefined behavior: applying zero offset to null pointer (git-fixes).
- ALSA: caiaq: input: Add error handling for unsupported input methods in `snd_usb_caiaq_input_init` (git-fixes).
- ALSA: cs46xx: mark snd_cs46xx_download_image as static (git-fixes).
- ALSA: firewire-digi00x: prevent potential use after free (git-fixes).
- ALSA: hda/ca0132: add quirk for EVGA X299 DARK (git-fixes).
- ALSA: hda/realtek: Add a quirk for HP EliteDesk 805 (git-fixes).
- ALSA: hda/realtek: Add quirk for 2nd ASUS GU603 (git-fixes).
- ALSA: hda/realtek: Add quirk for ASUS UM3402YAR using CS35L41 (git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo L140AU (git-fixes).
- ALSA: hda/realtek: Add quirk for HP EliteBook G10 laptops (git-fixes).
- ALSA: hda/realtek: Add quirk for ThinkPad P1 Gen 6 (git-fixes).
- ALSA: hda/realtek: Apply HP B&O top speaker profile to Pavilion 15 (git-fixes).
- ALSA: hda/realtek: Enable headset onLenovo M70/M90 (git-fixes).
- ALSA: hda/realtek: Fix mute and micmute LEDs for an HP laptop (git-fixes).
- ALSA: hda/realtek: Fix mute and micmute LEDs for yet another HP laptop (git-fixes).
- ALSA: hda/realtek: support HP Pavilion Aero 13-be0xxx Mute LED (git-fixes).
- ALSA: hda: Add NVIDIA codec IDs a3 through a7 to patch table (git-fixes).
- ALSA: hda: Fix Oops by 9.1 surround channel names (git-fixes).
- ALSA: usb-audio: Add a sample rate workaround for Line6 Pod Go (git-fixes).
- ALSA: usb-audio: Add quirk for Pioneer DDJ-800 (git-fixes).
- ARM64: dts: Add DTS files for bcmbca SoC BCM6858 (git-fixes).
- ARM: 9296/1: HP Jornada 7XX: fix kernel-doc warnings (git-fixes).
- ARM: dts: qcom: ipq8064: Fix the PCI I/O port range (git-fixes).
- ARM: dts: qcom: ipq8064: reduce pci IO size to 64K (git-fixes).
- ASOC: Intel: sof_sdw: add quirk for Intel 'Rooks County' NUC M15 (git-fixes).
- ASoC: Intel: Skylake: Fix declaration of enum skl_ch_cfg (git-fixes).
- ASoC: Intel: bytcr_rt5640: Add quirk for the Acer Iconia One 7 B1-750 (git-fixes).
- ASoC: fsl_micfil: Fix error handler with pm_runtime_enable (git-fixes).
- ASoC: lpass: Fix for KASAN use_after_free out of bounds (git-fixes).
- ASoC: rt5682: Disable jack detection interrupt during suspend (git-fixes).
- ASoC: soc-pcm: fix hw->formats cleared by soc_pcm_hw_init() for dpcm (git-fixes).
- Bluetooth: L2CAP: fix 'bad unlock balance' in l2cap_disconnect_rsp (git-fixes).
- Bluetooth: btintel: Add LE States quirk support (git-fixes).
- Bluetooth: hci_bcm: Fall back to getting bdaddr from EFI if not set (git-fixes).
- HID: logitech-hidpp: Do not use the USB serial for USB devices (git-fixes).
- HID: logitech-hidpp: Reconcile USB and Unifying serials (git-fixes).
- HID: microsoft: Add rumble support to latest xbox controllers (bsc#1211280).
- HID: wacom: Add new Intuos Pro Small (PTH-460) device IDs (git-fixes).
- HID: wacom: Force pen out of prox if no events have been received in a while (git-fixes).
- HID: wacom: Set a default resolution for older tablets (git-fixes).
- HID: wacom: add three styli to wacom_intuos_get_tool_type (git-fixes).
- HID: wacom: avoid integer overflow in wacom_intuos_inout() (git-fixes).
- HID: wacom: generic: Set battery quirk only when we see battery data (git-fixes).
- IB/hfi1: Fix SDMA mmu_rb_node not being evicted in LRU order (git-fixes)
- IB/hfi1: Fix bugs with non-PAGE_SIZE-end multi-iovec user SDMA requests (git-fixes)
- IB/hifi1: add a null check of kzalloc_node in hfi1_ipoib_txreq_init (git-fixes)
- Input: xpad - add constants for GIP interface numbers (git-fixes).
- KEYS: asymmetric: Copy sig and digest in public_key_verify_signature() (git-fixes).
- KVM: Destroy target device if coalesced MMIO unregistration fails (git-fixes)
- KVM: Disallow user memslot with size that exceeds 'unsigned long' (git-fixes)
- KVM: Do not create VM debugfs files outside of the VM directory (git-fixes)
- KVM: Do not set Accessed/Dirty bits for ZERO_PAGE (git-fixes)
- KVM: LAPIC: Enable timer posted-interrupt only when mwait/hlt is advertised (git-fixes).
- KVM: Prevent module exit until all VMs are freed (git-fixes)
- KVM: SVM: Do not rewrite guest ICR on AVIC IPI virtualization failure (git-fixes).
- KVM: SVM: Fix benign 'bool vs. int' comparison in svm_set_cr0() (git-fixes).
- KVM: SVM: Require logical ID to be power-of-2 for AVIC entry (git-fixes).
- KVM: SVM: Skip WRMSR fastpath on VM-Exit if next RIP isn't valid (git-fixes).
- KVM: SVM: hyper-v: placate modpost section mismatch error (git-fixes).
- KVM: VMX: Introduce vmx_msr_bitmap_l01_changed() helper (git-fixes).
- KVM: VMX: Resume guest immediately when injecting #GP on ECREATE (git-fixes).
- KVM: VMX: Set vmcs.PENDING_DBG.BS on #DB in STI/MOVSS blocking shadow (git-fixes).
- KVM: VMX: Use is_64_bit_mode() to check 64-bit mode in SGX handler (git-fixes).
- KVM: X86: Fix tlb flush for tdp in kvm_invalidate_pcid() (git-fixes).
- KVM: arm64: Do not arm a hrtimer for an already pending timer (git-fixes)
- KVM: arm64: Do not return from void function (git-fixes)
- KVM: arm64: Fix PAR_TO_HPFAR() to work independently of PA_BITS. (git-fixes)
- KVM: arm64: Fix S1PTW handling on RO memslots (git-fixes)
- KVM: arm64: Fix bad dereference on MTE-enabled systems (git-fixes)
- KVM: arm64: Fix buffer overflow in kvm_arm_set_fw_reg() (git-fixes)
- KVM: arm64: Fix kvm init failure when mode!=vhe and VA_BITS=52. (git-fixes)
- KVM: arm64: Free hypervisor allocations if vector slot init fails (git-fixes)
- KVM: arm64: GICv4.1: Fix race with doorbell on VPE (git-fixes)
- KVM: arm64: Limit length in kvm_vm_ioctl_mte_copy_tags() to INT_MAX (git-fixes)
- KVM: arm64: PMU: Restore the guest's EL0 event counting after (git-fixes)
- KVM: arm64: Reject 32bit user PSTATE on asymmetric systems (git-fixes)
- KVM: arm64: Stop handle_exit() from handling HVC twice when an SError (git-fixes)
- KVM: arm64: Treat PMCR_EL1.LC as RES1 on asymmetric systems (git-fixes)
- KVM: arm64: nvhe: Eliminate kernel-doc warnings (git-fixes)
- KVM: arm64: vgic: Fix exit condition in scan_its_table() (git-fixes)
- KVM: nVMX: Also filter MSR_IA32_VMX_TRUE_PINBASED_CTLS when eVMCS (git-fixes).
- KVM: nVMX: Do not use Enlightened MSR Bitmap for L3 (git-fixes).
- KVM: nVMX: Document that ignoring memory failures for VMCLEAR is deliberate (git-fixes).
- KVM: nVMX: Emulate NOPs in L2, and PAUSE if it's not intercepted (git-fixes).
- KVM: nVMX: Inject #GP, not #UD, if 'generic' VMXON CR0/CR4 check fails (git-fixes).
- KVM: nVMX: Prioritize TSS T-flag #DBs over Monitor Trap Flag (git-fixes).
- KVM: nVMX: Properly expose ENABLE_USR_WAIT_PAUSE control to L1 (git-fixes).
- KVM: nVMX: Treat General Detect #DB (DR7.GD=1) as fault-like (git-fixes).
- KVM: nVMX: eVMCS: Filter out VM_EXIT_SAVE_VMX_PREEMPTION_TIMER (git-fixes).
- KVM: x86/emulator: Emulate RDPID only if it is enabled in guest (git-fixes).
- KVM: x86/mmu: avoid NULL-pointer dereference on page freeing bugs (git-fixes).
- KVM: x86/pmu: Ignore pmu->global_ctrl check if vPMU does not support global_ctrl (git-fixes).
- KVM: x86/svm: add __GFP_ACCOUNT to __sev_dbg_{en,de}crypt_user() (git-fixes).
- KVM: x86/vmx: Do not skip segment attributes if unusable bit is set (git-fixes).
- KVM: x86/xen: Fix memory leak in kvm_xen_write_hypercall_page() (git-fixes).
- KVM: x86: Copy filter arg outside kvm_vm_ioctl_set_msr_filter() (git-fixes).
- KVM: x86: Do not change ICR on write to APIC_SELF_IPI (git-fixes).
- KVM: x86: Fail emulation during EMULTYPE_SKIP on any exception (git-fixes).
- KVM: x86: Inject #GP if WRMSR sets reserved bits in APIC Self-IPI (git-fixes).
- KVM: x86: Mask off reserved bits in CPUID.8000001FH (git-fixes).
- KVM: x86: Mask off unsupported and unknown bits of IA32_ARCH_CAPABILITIES (git-fixes).
- KVM: x86: Protect the unused bits in MSR exiting flags (git-fixes).
- KVM: x86: Remove a redundant guest cpuid check in kvm_set_cr4() (git-fixes).
- KVM: x86: Report deprecated x87 features in supported CPUID (git-fixes).
- KVM: x86: do not set st->preempted when going back to user space (git-fixes).
- KVM: x86: fix typo in __try_cmpxchg_user causing non-atomicness (git-fixes).
- KVM: x86: ioapic: Fix level-triggered EOI and userspace I/OAPIC reconfigure race (git-fixes).
- PCI/ASPM: Remove pcie_aspm_pm_state_change() (git-fixes).
- PM: hibernate: Do not get block device exclusively in test_resume mode (git-fixes).
- PM: hibernate: Turn snapshot_test into global variable (git-fixes).
- PM: hibernate: fix load_image_and_restore() error path (git-fixes).
- RDMA/bnxt_re: Fix a possible memory leak (git-fixes)
- RDMA/bnxt_re: Fix return value of bnxt_re_process_raw_qp_pkt_rx (git-fixes)
- RDMA/bnxt_re: Fix the page_size used during the MR creation (git-fixes)
- RDMA/cm: Trace icm_send_rej event before the cm state is reset (git-fixes)
- RDMA/core: Fix multiple -Warray-bounds warnings (git-fixes)
- RDMA/efa: Fix unsupported page sizes in device (git-fixes)
- RDMA/hns: Fix base address table allocation (git-fixes)
- RDMA/hns: Fix timeout attr in query qp for HIP08 (git-fixes)
- RDMA/hns: Modify the value of long message loopback slice (git-fixes)
- RDMA/irdma: Add SW mechanism to generate completions on error (jsc#SLE-18383).
- RDMA/irdma: Do not generate SW completions for NOPs (jsc#SLE-18383).
- RDMA/irdma: Fix Local Invalidate fencing (git-fixes)
- RDMA/irdma: Fix RQ completion opcode (jsc#SLE-18383).
- RDMA/irdma: Fix drain SQ hang with no completion (jsc#SLE-18383).
- RDMA/irdma: Fix inline for multiple SGE's (jsc#SLE-18383).
- RDMA/irdma: Prevent QP use after free (git-fixes)
- RDMA/irdma: Remove enum irdma_status_code (jsc#SLE-18383).
- RDMA/irdma: Remove excess error variables (jsc#SLE-18383).
- RDMA/mana: Remove redefinition of basic u64 type (bsc#1210741 jsc#PED-4022).
- RDMA/mana: hide new rdma_driver_ids (bsc#1210741 jsc#PED-4022).
- RDMA/mana_ib: Add a driver for Microsoft Azure Network Adapter (bsc#1210741 jsc#PED-4022).
- RDMA/mana_ib: Prevent array underflow in mana_ib_create_qp_raw() (bsc#1210741 jsc#PED-4022).
- RDMA/mlx4: Prevent shift wrapping in set_user_sq_size() (jsc#SLE-19255).
- RDMA/mlx5: Fix flow counter query via DEVX (git-fixes)
- RDMA/mlx5: Use correct device num_ports when modify DC (git-fixes)
- RDMA/rxe: Remove tasklet call from rxe_cq.c (git-fixes)
- RDMA/siw: Fix potential page_array out of range access (git-fixes)
- RDMA/siw: Remove namespace check from siw_netdev_event() (git-fixes)
- RDMA/srpt: Add a check for valid 'mad_agent' pointer (git-fixes)
- Revert 'KVM: set owner of cpu and vm file operations' (git-fixes)
- SMB3.1.1: add new tree connect ShareFlags (bsc#1193629).
- SMB3: Add missing locks to protect deferred close file list (git-fixes).
- SMB3: Close all deferred handles of inode in case of handle lease break (bsc#1193629).
- SMB3: Close deferred file handles in case of handle lease break (bsc#1193629).
- SMB3: drop reference to cfile before sending oplock break (bsc#1193629).
- SMB3: force unmount was failing to close deferred close files (bsc#1193629).
- SUNRPC: fix breakage caused by introduction of rq_xprt_ctxt (bsc#1210775).
- USB / dwc3: Fix a checkpatch warning in core.c (git-fixes).
- USB: UHCI: adjust zhaoxin UHCI controllers OverCurrent bit value (git-fixes).
- USB: core: Add routines for endpoint checks in old drivers (git-fixes).
- USB: sisusbvga: Add endpoint checks (git-fixes).
- USB: usbtmc: Fix direction for 0-length ioctl control messages (git-fixes).
- apparmor: add a kernel label to use on kernel objects (bsc#1211113).
- arm64: dts: Add DTS files for bcmbca SoC BCM4912 (git-fixes).
- arm64: dts: Add DTS files for bcmbca SoC BCM63158 (git-fixes).
- arm64: dts: Add base DTS file for bcmbca device Asus GT-AX6000 (git-fixes).
- arm64: dts: broadcom: bcm4908: add DT for Netgear RAXE500 (git-fixes).
- arm64: dts: qcom: msm8996: Add missing DWC3 quirks (git-fixes).
- arm64: errata: add detection for AMEVCNTR01 incrementing incorrectly (git-fixes) Enable workaround and fix kABI breakage.
- arm64: kgdb: Set PSTATE.SS to 1 to re-enable single-step (git-fixes)
- arm64: kgdb: Set PSTATE.SS to 1 to re-enable single-step (git-fixes).
- asm-generic/io.h: suppress endianness warnings for readq() and writeq() (git-fixes).
- ata: libata-scsi: Use correct device no in ata_find_dev() (git-fixes).
- ata: pata_octeon_cf: drop kernel-doc notation (git-fixes).
- block: add a bdev_max_zone_append_sectors helper (git-fixes).
- bluetooth: Add cmd validity checks at the start of hci_sock_ioctl() (git-fixes).
- bnxt: Do not read past the end of test names (jsc#SLE-18978).
- bnxt: prevent skb UAF after handing over to PTP worker (jsc#SLE-18978).
- bnxt_en: Add missing 200G link speed reporting (jsc#SLE-18978).
- bnxt_en: Avoid order-5 memory allocation for TPA data (jsc#SLE-18978).
- bnxt_en: Do not initialize PTP on older P3/P4 chips (jsc#SLE-18978).
- bnxt_en: Fix mqprio and XDP ring checking logic (jsc#SLE-18978).
- bnxt_en: Fix reporting of test result in ethtool selftest (jsc#SLE-18978).
- bnxt_en: Fix typo in PCI id to device description string mapping (jsc#SLE-18978).
- bnxt_en: fix NQ resource accounting during vf creation on 57500 chips (jsc#SLE-18978).
- bnxt_en: set missing reload flag in devlink features (jsc#SLE-18978).
- can: isotp: recvmsg(): allow MSG_CMSG_COMPAT flag (git-fixes).
- can: j1939: recvmsg(): allow MSG_CMSG_COMPAT flag (git-fixes).
- can: kvaser_pciefd: Call request_irq() before enabling interrupts (git-fixes).
- can: kvaser_pciefd: Clear listen-only bit if not explicitly requested (git-fixes).
- can: kvaser_pciefd: Disable interrupts in probe error path (git-fixes).
- can: kvaser_pciefd: Do not send EFLUSH command on TFD interrupt (git-fixes).
- can: kvaser_pciefd: Empty SRB buffer in probe (git-fixes).
- can: kvaser_pciefd: Set CAN_STATE_STOPPED in kvaser_pciefd_stop() (git-fixes).
- can: kvaser_usb: Add struct kvaser_usb_busparams (git-fixes).
- can: kvaser_usb: kvaser_usb_leaf: Get capabilities from device (git-fixes).
- can: kvaser_usb: kvaser_usb_leaf: Handle CMD_ERROR_EVENT (git-fixes).
- can: kvaser_usb: kvaser_usb_leaf: Rename {leaf,usbcan}_cmd_error_event to {leaf,usbcan}_cmd_can_error_event (git-fixes).
- can: kvaser_usb_leaf: Fix overread with an invalid command (git-fixes).
- cassini: Fix a memory leak in the error handling path of cas_init_one() (git-fixes).
- ceph: force updating the msg pointer in non-split case (bsc#1211804).
- cgroup.c: add helper __cset_cgroup_from_root to cleanup duplicated codes (bsc#1203906).
- cgroup: Homogenize cgroup_get_from_id() return value (bsc#1205650).
- cgroup: Honor caller's cgroup NS when resolving path (bsc#1205650).
- cgroup: Make cgroup_get_from_id() prettier (bsc#1205650).
- cgroup: Reorganize css_set_lock and kernfs path processing (bsc#1205650).
- cgroup: cgroup: Honor caller's cgroup NS when resolving cgroup id (bsc#1205650).
- cgroup: reduce dependency on cgroup_mutex (bsc#1205650).
- cifs: Avoid a cast in add_lease_context() (bsc#1193629).
- cifs: Simplify SMB2_open_init() (bsc#1193629).
- cifs: Simplify SMB2_open_init() (bsc#1193629).
- cifs: Simplify SMB2_open_init() (bsc#1193629).
- cifs: avoid dup prefix path in dfs_get_automount_devname() (git-fixes).
- cifs: avoid potential races when handling multiple dfs tcons (bsc#1208758).
- cifs: fix pcchunk length type in smb2_copychunk_range (bsc#1193629).
- cifs: fix potential race when tree connecting ipc (bsc#1208758).
- cifs: fix potential use-after-free bugs in TCP_Server_Info::hostname (bsc#1208758).
- cifs: fix sharing of DFS connections (bsc#1208758).
- cifs: fix smb1 mount regression (bsc#1193629).
- cifs: mapchars mount option ignored (bsc#1193629).
- cifs: missing lock when updating session status (bsc#1193629).
- cifs: print smb3_fs_context::source when mounting (bsc#1193629).
- cifs: protect access of TCP_Server_Info::{origin,leaf}_fullpath (bsc#1208758).
- cifs: protect session status check in smb2_reconnect() (bsc#1208758).
- cifs: release leases for deferred close handles when freezing (bsc#1193629).
- cifs: update internal module version number for cifs.ko (bsc#1193629).
- clk: qcom: gcc-sm8350: fix PCIe PIPE clocks handling (git-fixes).
- clk: qcom: regmap: add PHY clock source implementation (git-fixes).
- clk: tegra20: fix gcc-7 constant overflow warning (git-fixes).
- configfs: fix possible memory leak in configfs_create_dir() (git-fixes).
- crypto: acomp - define max size for destination (jsc#PED-3692)
- crypto: drivers - move from strlcpy with unused retval to (jsc#PED-3692)
- crypto: qat - Fix unsigned function returning negative (jsc#PED-3692)
- crypto: qat - Removes the x86 dependency on the QAT drivers (jsc#PED-3692)
- crypto: qat - abstract PFVF messages with struct pfvf_message (jsc#PED-3692)
- crypto: qat - abstract PFVF receive logic (jsc#PED-3692)
- crypto: qat - abstract PFVF send function (jsc#PED-3692)
- crypto: qat - add PFVF support to enable the reset of ring (jsc#PED-3692)
- crypto: qat - add PFVF support to the GEN4 host driver (jsc#PED-3692)
- crypto: qat - add VF and PF wrappers to common send function (jsc#PED-3692)
- crypto: qat - add backlog mechanism (jsc#PED-3692)
- crypto: qat - add check for invalid PFVF protocol version 0 (jsc#PED-3692)
- crypto: qat - add check to validate firmware images (jsc#PED-3692)
- crypto: qat - add limit to linked list parsing (jsc#PED-3692)
- crypto: qat - add misc workqueue (jsc#PED-3692)
- crypto: qat - add missing restarting event notification in (jsc#PED-3692)
- crypto: qat - add param check for DH (jsc#PED-3692)
- crypto: qat - add param check for RSA (jsc#PED-3692)
- crypto: qat - add pfvf_ops (jsc#PED-3692)
- crypto: qat - add resubmit logic for decompression (jsc#PED-3692)
- crypto: qat - add support for 401xx devices (jsc#PED-3692)
- crypto: qat - add support for compression for 4xxx (jsc#PED-3692)
- crypto: qat - add the adf_get_pmisc_base() helper function (jsc#PED-3692)
- crypto: qat - allow detection of dc capabilities for 4xxx (jsc#PED-3692)
- crypto: qat - change PFVF ACK behaviour (jsc#PED-3692)
- crypto: qat - change behaviour of (jsc#PED-3692)
- crypto: qat - change bufferlist logic interface (jsc#PED-3692)
- crypto: qat - config VFs based on ring-to-svc mapping (jsc#PED-3692)
- crypto: qat - differentiate between pf2vf and vf2pf offset (jsc#PED-3692)
- crypto: qat - disable AER if an error occurs in probe (jsc#PED-3692)
- crypto: qat - do not handle PFVF sources for qat_4xxx (jsc#PED-3692)
- crypto: qat - do not rely on min version (jsc#PED-3692)
- crypto: qat - enable deflate for QAT GEN4 (jsc#PED-3692)
- crypto: qat - enable power management for QAT GEN4 (jsc#PED-3692)
- crypto: qat - exchange device capabilities over PFVF (jsc#PED-3692)
- crypto: qat - exchange ring-to-service mappings over PFVF (jsc#PED-3692)
- crypto: qat - expose deflate through acomp api for QAT GEN2 (jsc#PED-3692)
- crypto: qat - expose device config through sysfs for 4xxx (jsc#PED-3692)
- crypto: qat - expose device state through sysfs for 4xxx (jsc#PED-3692)
- crypto: qat - extend buffer list interface (jsc#PED-3692)
- crypto: qat - extend crypto capability detection for 4xxx (jsc#PED-3692)
- crypto: qat - extract send and wait from (jsc#PED-3692)
- crypto: qat - fix DMA transfer direction (jsc#PED-3692)
- crypto: qat - fix ETR sources enabled by default on GEN2 (jsc#PED-3692)
- crypto: qat - fix VF IDs in PFVF log messages (jsc#PED-3692)
- crypto: qat - fix a signedness bug in get_service_enabled() (jsc#PED-3692)
- crypto: qat - fix a typo in a comment (jsc#PED-3692)
- crypto: qat - fix access to PFVF interrupt registers for GEN4 (jsc#PED-3692)
- crypto: qat - fix definition of ring reset results (jsc#PED-3692)
- crypto: qat - fix error return code in adf_probe (jsc#PED-3692)
- crypto: qat - fix handling of VF to PF interrupts (jsc#PED-3692)
- crypto: qat - fix initialization of pfvf cap_msg structures (jsc#PED-3692)
- crypto: qat - fix initialization of pfvf rts_map_msg (jsc#PED-3692)
- crypto: qat - fix off-by-one error in PFVF debug print (jsc#PED-3692)
- crypto: qat - fix wording and formatting in code comment (jsc#PED-3692)
- crypto: qat - flush vf workqueue at driver removal (jsc#PED-3692)
- crypto: qat - free irq in case of failure (jsc#PED-3692)
- crypto: qat - free irqs only if allocated (jsc#PED-3692)
- crypto: qat - generalize crypto request buffers (jsc#PED-3692)
- crypto: qat - get compression extended capabilities (jsc#PED-3692)
- crypto: qat - handle retries due to collisions in (jsc#PED-3692)
- crypto: qat - honor CRYPTO_TFM_REQ_MAY_SLEEP flag (jsc#PED-3692)
- crypto: qat - improve logging of PFVF messages (jsc#PED-3692)
- crypto: qat - improve the ACK timings in PFVF send (jsc#PED-3692)
- crypto: qat - introduce support for PFVF block messages (jsc#PED-3692)
- crypto: qat - leverage bitfield.h utils for PFVF messages (jsc#PED-3692)
- crypto: qat - leverage read_poll_timeout in PFVF send (jsc#PED-3692)
- crypto: qat - leverage the GEN2 VF mask definiton (jsc#PED-3692)
- crypto: qat - make PFVF message construction direction (jsc#PED-3692)
- crypto: qat - make PFVF send and receive direction agnostic (jsc#PED-3692)
- crypto: qat - move VF message handler to adf_vf2pf_msg.c (jsc#PED-3692)
- crypto: qat - move and rename GEN4 error register definitions (jsc#PED-3692)
- crypto: qat - move interrupt code out of the PFVF handler (jsc#PED-3692)
- crypto: qat - move pfvf collision detection values (jsc#PED-3692)
- crypto: qat - move vf2pf interrupt helpers (jsc#PED-3692)
- crypto: qat - pass the PF2VF responses back to the callers (jsc#PED-3692)
- crypto: qat - prevent spurious MSI interrupt in VF (jsc#PED-3692)
- crypto: qat - re-enable interrupts for legacy PFVF messages (jsc#PED-3692)
- crypto: qat - re-enable registration of algorithms (jsc#PED-3692)
- crypto: qat - refactor PF top half for PFVF (jsc#PED-3692)
- crypto: qat - refactor pfvf version request messages (jsc#PED-3692)
- crypto: qat - refactor submission logic (jsc#PED-3692)
- crypto: qat - relocate PFVF PF related logic (jsc#PED-3692)
- crypto: qat - relocate PFVF VF related logic (jsc#PED-3692)
- crypto: qat - relocate PFVF disabled function (jsc#PED-3692)
- crypto: qat - relocate and rename adf_sriov_prepare_restart() (jsc#PED-3692)
- crypto: qat - relocate backlog related structures (jsc#PED-3692)
- crypto: qat - relocate bufferlist logic (jsc#PED-3692)
- crypto: qat - relocate qat_algs_alloc_flags() (jsc#PED-3692)
- crypto: qat - remove duplicated logic across GEN2 drivers (jsc#PED-3692)
- crypto: qat - remove empty sriov_configure() (jsc#PED-3692)
- crypto: qat - remove line wrapping for pfvf_ops functions (jsc#PED-3692)
- crypto: qat - remove the unnecessary get_vintmsk_offset() (jsc#PED-3692)
- crypto: qat - remove unmatched CPU affinity to cluster IRQ (jsc#PED-3692)
- crypto: qat - remove unnecessary tests to detect PFVF support (jsc#PED-3692)
- crypto: qat - remove unneeded assignment (jsc#PED-3692)
- crypto: qat - remove unneeded braces (jsc#PED-3692)
- crypto: qat - remove unneeded packed attribute (jsc#PED-3692)
- crypto: qat - remove unused PFVF stubs (jsc#PED-3692)
- crypto: qat - rename and relocate GEN2 config function (jsc#PED-3692)
- crypto: qat - rename bufferlist functions (jsc#PED-3692)
- crypto: qat - rename pfvf collision constants (jsc#PED-3692)
- crypto: qat - reorganize PFVF code (jsc#PED-3692)
- crypto: qat - reorganize PFVF protocol definitions (jsc#PED-3692)
- crypto: qat - replace deprecated MSI API (jsc#PED-3692)
- crypto: qat - replace disable_vf2pf_interrupts() (jsc#PED-3692)
- crypto: qat - replace get_current_node() with numa_node_id() (jsc#PED-3692)
- crypto: qat - rework the VF2PF interrupt handling logic (jsc#PED-3692)
- crypto: qat - set CIPHER capability for QAT GEN2 (jsc#PED-3692)
- crypto: qat - set COMPRESSION capability for DH895XCC (jsc#PED-3692)
- crypto: qat - set COMPRESSION capability for QAT GEN2 (jsc#PED-3692)
- crypto: qat - set DMA mask to 48 bits for Gen2 (jsc#PED-3692)
- crypto: qat - set PFVF_MSGORIGIN just before sending (jsc#PED-3692)
- crypto: qat - share adf_enable_pf2vf_comms() from (jsc#PED-3692)
- crypto: qat - simplify adf_enable_aer() (jsc#PED-3692)
- crypto: qat - simplify code and axe the use of a deprecated (jsc#PED-3692)
- crypto: qat - split PFVF message decoding from handling (jsc#PED-3692)
- crypto: qat - stop using iommu_present() (jsc#PED-3692)
- crypto: qat - store the PFVF protocol version of the (jsc#PED-3692)
- crypto: qat - store the ring-to-service mapping (jsc#PED-3692)
- crypto: qat - support fast ACKs in the PFVF protocol (jsc#PED-3692)
- crypto: qat - support the reset of ring pairs on PF (jsc#PED-3692)
- crypto: qat - test PFVF registers for spurious interrupts on (jsc#PED-3692)
- crypto: qat - use enums for PFVF protocol codes (jsc#PED-3692)
- crypto: qat - use hweight for bit counting (jsc#PED-3692)
- crypto: qat - use pre-allocated buffers in datapath (jsc#PED-3692)
- crypto: qat - use reference to structure in dma_map_single() (jsc#PED-3692)
- crypto: qat - use u32 variables in all GEN4 pfvf_ops (jsc#PED-3692)
- crypto: sun8i-ss - Fix a test in sun8i_ss_setup_ivs() (git-fixes).
- cxgb4: fix missing unlock on ETHOFLD desc collect fail path (jsc#SLE-18992).
- debugfs: fix error when writing negative value to atomic_t debugfs file (git-fixes).
- dma: gpi: remove spurious unlock in gpi_ch_init (git-fixes).
- dmaengine: at_xdmac: do not enable all cyclic channels (git-fixes).
- dmaengine: dw-edma: Fix to change for continuous transfer (git-fixes).
- dmaengine: dw-edma: Fix to enable to issue dma request on DMA processing (git-fixes).
- dmaengine: idxd: Do not enable user type Work Queue without Shared Virtual Addressing (git-fixes).
- dmaengine: idxd: Only call idxd_enable_system_pasid() if succeeded in enabling SVA feature (git-fixes).
- dmaengine: idxd: Separate user and kernel pasid enabling (git-fixes).
- dmaengine: mv_xor_v2: Fix an error code (git-fixes).
- do not reuse connection if share marked as isolated (bsc#1193629).
- docs: networking: fix x25-iface.rst heading & index order (git-fixes).
- drivers: base: component: fix memory leak with using debugfs_lookup() (git-fixes).
- drivers: base: dd: fix memory leak with using debugfs_lookup() (git-fixes).
- drm-hyperv: Add a bug reference to two existing changes (bsc#1211281).
- drm/amd/display: Fix hang when skipping modeset (git-fixes).
- drm/amd/display: Use DC_LOG_DC in the trasform pixel function (git-fixes).
- drm/amd/display: fix flickering caused by S/G mode (git-fixes).
- drm/amd: Fix an out of bounds error in BIOS parser (git-fixes).
- drm/amdgpu/gfx: disable gfx9 cp_ecc_error_irq only when enabling legacy gfx ras (git-fixes).
- drm/amdgpu: Fix vram recover does not work after whole GPU reset (v2) (git-fixes).
- drm/amdgpu: add a missing lock for AMDGPU_SCHED (git-fixes).
- drm/amdgpu: disable sdma ecc irq only when sdma RAS is enabled in suspend (git-fixes).
- drm/displayid: add displayid_get_header() and check bounds better (git-fixes).
- drm/exynos: fix g2d_open/close helper function definitions (git-fixes).
- drm/i915/dg2: Add HDMI pixel clock frequencies 267.30 and 319.89 MHz (git-fixes).
- drm/i915/dg2: Add additional HDMI pixel clock frequencies (git-fixes).
- drm/i915/dg2: Support 4k@30 on HDMI (git-fixes).
- drm/i915/dp: prevent potential div-by-zero (git-fixes).
- drm/mipi-dsi: Set the fwnode for mipi_dsi_device (git-fixes).
- drm/msm/dp: Clean up handling of DP AUX interrupts (git-fixes).
- drm/msm/dp: unregister audio driver during unbind (git-fixes).
- drm/msm/dpu: Add INTF_5 interrupts (git-fixes).
- drm/msm/dpu: Move non-MDP_TOP INTF_INTR offsets out of hwio header (git-fixes).
- drm/msm/dpu: Remove duplicate register defines from INTF (git-fixes).
- drm/sched: Remove redundant check (git-fixes).
- drm/tegra: Avoid potential 32-bit integer overflow (git-fixes).
- drm/ttm/pool: Fix ttm_pool_alloc error path (git-fixes).
- drm/ttm: optimize pool allocations a bit v2 (git-fixes).
- dt-binding: cdns,usb3: Fix cdns,on-chip-buff-size type (git-fixes).
- dt-bindings: ata: ahci-ceva: Cover all 4 iommus entries (git-fixes).
- dt-bindings: ata: ahci-ceva: convert to yaml (git-fixes).
- dt-bindings: iio: adc: renesas,rcar-gyroadc: Fix adi,ad7476 compatible value (git-fixes).
- dt-bindings: usb: snps,dwc3: Fix 'snps,hsphy_interface' type (git-fixes).
- f2fs: Fix f2fs_truncate_partial_nodes ftrace event (git-fixes).
- fbdev: arcfb: Fix error handling in arcfb_probe() (git-fixes).
- fbdev: ep93xx-fb: Add missing clk_disable_unprepare in ep93xxfb_probe() (git-fixes).
- fbdev: stifb: Fall back to cfb_fillrect() on 32-bit HCRX cards (git-fixes).
- fbdev: udlfb: Fix endpoint check (git-fixes).
- firmware: arm_ffa: Check if ffa_driver remove is present before executing (git-fixes).
- firmware: arm_ffa: Set reserved/MBZ fields to zero in the memory descriptors (git-fixes).
- fuse: always revalidate rename target dentry (bsc#1211808).
- fuse: fix attr version comparison in fuse_read_update_size() (bsc#1211807).
- futex: Resend potentially swallowed owner death notification (git-fixes).
- google/gve:fix repeated words in comments (bsc#1211519).
- gpio: mockup: Fix mode of debugfs files (git-fixes).
- gve: Adding a new AdminQ command to verify driver (bsc#1211519).
- gve: Cache link_speed value from device (git-fixes).
- gve: Fix error return code in gve_prefill_rx_pages() (bsc#1211519).
- gve: Fix spelling mistake 'droping' -> 'dropping' (bsc#1211519).
- gve: Handle alternate miss completions (bsc#1211519).
- gve: Reduce alloc and copy costs in the GQ rx path (bsc#1211519).
- gve: Remove the code of clearing PBA bit (git-fixes).
- gve: Secure enough bytes in the first TX desc for all TCP pkts (git-fixes).
- gve: enhance no queue page list detection (bsc#1211519).
- i2c: omap: Fix standard mode false ACK readings (git-fixes).
- i2c: tegra: Fix PEC support for SMBUS block read (git-fixes).
- i40e: Add checking for null for nlmsg_find_attr() (jsc#SLE-18378).
- i40e: Fix ADQ rate limiting for PF (jsc#SLE-18378).
- i40e: Fix DMA mappings leak (jsc#SLE-18378).
- i40e: Fix VF hang when reset is triggered on another VF (jsc#SLE-18378).
- i40e: Fix VF set max MTU size (jsc#SLE-18378).
- i40e: Fix VF's MAC Address change on VM (jsc#SLE-18378).
- i40e: Fix adding ADQ filter to TC0 (jsc#SLE-18378).
- i40e: Fix calculating the number of queue pairs (jsc#SLE-18378).
- i40e: Fix erroneous adapter reinitialization during recovery process (jsc#SLE-18378).
- i40e: Fix ethtool rx-flow-hash setting for X722 (jsc#SLE-18378).
- i40e: Fix flow-type by setting GL_HASH_INSET registers (jsc#SLE-18378).
- i40e: Fix for VF MAC address 0 (jsc#SLE-18378).
- i40e: Fix incorrect address type for IPv6 flow rules (jsc#SLE-18378).
- i40e: Fix interface init with MSI interrupts (no MSI-X) (jsc#SLE-18378).
- i40e: Fix kernel crash during module removal (jsc#SLE-18378).
- i40e: Fix kernel crash during reboot when adapter is in recovery mode (jsc#SLE-18378).
- i40e: Fix set max_tx_rate when it is lower than 1 Mbps (jsc#SLE-18378).
- i40e: Fix the inability to attach XDP program on downed interface (jsc#SLE-18378).
- i40e: Refactor tc mqprio checks (jsc#SLE-18378).
- i40e: add double of VLAN header when computing the max MTU (jsc#SLE-18378).
- i40e: fix accessing vsi->active_filters without holding lock (jsc#SLE-18378).
- i40e: fix flow director packet filter programming (jsc#SLE-18378).
- i40e: fix i40e_setup_misc_vector() error handling (jsc#SLE-18378).
- i40e: fix registers dump after run ethtool adapter self test (jsc#SLE-18378).
- iavf/iavf_main: actually log ->src mask when talking about it (jsc#SLE-18385).
- iavf: Detach device during reset task (jsc#SLE-18385).
- iavf: Disallow changing rx/tx-frames and rx/tx-frames-irq (jsc#SLE-18385).
- iavf: Do not restart Tx queues after reset task failure (jsc#SLE-18385).
- iavf: Fix 'tc qdisc show' listing too many queues (jsc#SLE-18385).
- iavf: Fix a crash during reset task (jsc#SLE-18385).
- iavf: Fix bad page state (jsc#SLE-18385).
- iavf: Fix cached head and tail value for iavf_get_tx_pending (jsc#SLE-18385).
- iavf: Fix error handling in iavf_init_module() (jsc#SLE-18385).
- iavf: Fix max_rate limiting (jsc#SLE-18385).
- iavf: Fix race condition between iavf_shutdown and iavf_remove (jsc#SLE-18385).
- iavf: Fix set max MTU size with port VLAN and jumbo frames (jsc#SLE-18385).
- iavf: fix hang on reboot with ice (jsc#SLE-18385).
- iavf: fix inverted Rx hash condition leading to disabled hash (jsc#SLE-18385).
- iavf: fix non-tunneled IPv6 UDP packet type and hashing (jsc#SLE-18385).
- ice: Fix interrupt moderation settings getting cleared (jsc#SLE-18375).
- ice: Set txq_teid to ICE_INVAL_TEID on ring creation (jsc#SLE-18375).
- igb: Add lock to avoid data race (jsc#SLE-18379).
- igb: Enable SR-IOV after reinit (jsc#SLE-18379).
- igb: Initialize mailbox message for VF reset (jsc#SLE-18379).
- igb: conditionalize I2C bit banging on external thermal sensor support (jsc#SLE-18379).
- igb: revert rtnl_lock() that causes deadlock (jsc#SLE-18379).
- igbvf: Regard vf reset nack as success (jsc#SLE-18379).
- igc: Add checking for basetime less than zero (jsc#SLE-18377).
- igc: Add ndo_tx_timeout support (jsc#SLE-18377).
- igc: Enhance Qbv scheduling by using first flag bit (jsc#SLE-18377).
- igc: Fix PPS delta between two synchronized end-points (jsc#SLE-18377).
- igc: Lift TAPRIO schedule restriction (jsc#SLE-18377).
- igc: Reinstate IGC_REMOVED logic and implement it properly (jsc#SLE-18377).
- igc: Set Qbv start_time and end_time to end_time if not being configured in GCL (jsc#SLE-18377).
- igc: Use strict cycles for Qbv scheduling (jsc#SLE-18377).
- igc: allow BaseTime 0 enrollment for Qbv (jsc#SLE-18377).
- igc: fix the validation logic for taprio's gate list (jsc#SLE-18377).
- igc: read before write to SRRCTL register (jsc#SLE-18377).
- igc: recalculate Qbv end_time by considering cycle time (jsc#SLE-18377).
- igc: return an error if the mac type is unknown in igc_ptp_systim_to_hwtstamp() (jsc#SLE-18377).
- iio: accel: st_accel: Fix invalid mount_matrix on devices without ACPI _ONT method (git-fixes).
- iio: adc: ad7192: Change 'shorted' channels to differential (git-fixes).
- iio: adc: ad_sigma_delta: Fix IRQ issue by setting IRQ_DISABLE_UNLAZY flag (git-fixes).
- iio: adc: mxs-lradc: fix the order of two cleanup operations (git-fixes).
- iio: adc: palmas_gpadc: fix NULL dereference on rmmod (git-fixes).
- iio: dac: mcp4725: Fix i2c_master_send() return value handling (git-fixes).
- iio: imu: inv_icm42600: fix timestamp reset (git-fixes).
- iio: light: vcnl4035: fixed chip ID check (git-fixes).
- intel/igbvf: free irq on the error path in igbvf_request_msix() (jsc#SLE-18379).
- ipv6: sr: fix out-of-bounds read when setting HMAC data (bsc#1211592).
- iwlwifi: cfg: Add missing MODULE_FIRMWARE() for *.pnvm (bsc#1207553).
- ixgbe: Allow flow hash to be set via ethtool (jsc#SLE-18384).
- ixgbe: Enable setting RSS table to default values (jsc#SLE-18384).
- ixgbe: Fix panic during XDP_TX with > 64 CPUs (jsc#SLE-18384).
- ixgbe: add double of VLAN header when computing the max MTU (jsc#SLE-18384).
- ixgbe: allow to increase MTU to 3K with XDP enabled (jsc#SLE-18384).
- ixgbe: fix pci device refcount leak (jsc#SLE-18384).
- ixgbe: stop resetting SYSTIME in ixgbe_ptp_start_cyclecounter (jsc#SLE-18384).
- kABI workaround for btbcm.c (git-fixes).
- kABI workaround for mt76_poll_msec() (git-fixes).
- kABI: Fix kABI after backport Emulate RDPID only if it is enabled in guest (git-fixes)
- kabi/severities: added Microsoft mana symbold (bsc#1210551)
- kernel-binary: install expoline.o (boo#1210791 bsc#1211089)
- kernel-source: Remove unused macro variant_symbols
- kernel-spec-macros: Fix up obsolete_rebuilds_subpackage to generate obsoletes correctly (boo#1172073 bsc#1191731).
- kvm: x86: Disable KVM_HC_CLOCK_PAIRING if tsc is in always catchup mode (git-fixes).
- leds: Fix reference to led_set_brightness() in doc (git-fixes).
- leds: TI_LMU_COMMON: select REGMAP instead of depending on it (git-fixes).
- leds: tca6507: Fix error handling of using fwnode_property_read_string (git-fixes).
- libfs: add DEFINE_SIMPLE_ATTRIBUTE_SIGNED for signed value (git-fixes).
- locking/rwsem: Add __always_inline annotation to __down_read_common() and inlined callers (git-fixes).
- mailbox: zynqmp: Fix IPI isr handling (git-fixes).
- mailbox: zynqmp: Fix typo in IPI documentation (git-fixes).
- mce: fix set_mce_nospec to always unmap the whole page (git-fixes).
- media: cx23885: Fix a null-ptr-deref bug in buffer_prepare() and buffer_finish() (git-fixes).
- media: netup_unidvb: fix use-after-free at del_timer() (git-fixes).
- media: pci: tw68: Fix null-ptr-deref bug in buf prepare and finish (git-fixes).
- media: radio-shark: Add endpoint checks (git-fixes).
- media: rcar_fdp1: Fix the correct variable assignments (git-fixes).
- media: rcar_fdp1: Make use of the helper function devm_platform_ioremap_resource() (git-fixes).
- memstick: r592: Fix UAF bug in r592_remove due to race condition (bsc#1211449).
- mfd: dln2: Fix memory leak in dln2_probe() (git-fixes).
- mfd: tqmx86: Correct board names for TQMxE39x (git-fixes).
- mfd: tqmx86: Do not access I2C_DETECT register through io_base (git-fixes).
- misc: fastrpc: reject new invocations during device removal (git-fixes).
- misc: fastrpc: return -EPIPE to invocations on device removal (git-fixes).
- mmc: sdhci-esdhc-imx: make 'no-mmc-hs400' works (git-fixes).
- mmc: vub300: fix invalid response handling (git-fixes).
- mt76: mt7915: fix incorrect testmode ipg on band 1 caused by wmm_idx (git-fixes).
- mtd: rawnand: ingenic: fix empty stub helper definitions (git-fixes).
- mtd: rawnand: marvell: do not set the NAND frequency select (git-fixes).
- mtd: rawnand: marvell: ensure timing values are written (git-fixes).
- net/iucv: Fix size of interrupt data (bsc#1211465 git-fixes).
- net: accept UFOv6 packages in virtio_net_hdr_to_skb (git-fixes).
- net: cdc_ncm: Deal with too low values of dwNtbOutMaxSize (git-fixes).
- net: mana: Add new MANA VF performance counters for easier troubleshooting (bsc#1209982).
- net: mana: Add support for auxiliary device (bsc#1210741 jsc#PED-4022).
- net: mana: Add support for jumbo frame (bsc#1210551).
- net: mana: Check if netdev/napi_alloc_frag returns single page (bsc#1210551).
- net: mana: Define and process GDMA response code GDMA_STATUS_MORE_ENTRIES (bsc#1210741 jsc#PED-4022).
- net: mana: Define data structures for allocating doorbell page from GDMA (bsc#1210741 jsc#PED-4022).
- net: mana: Define data structures for protection domain and memory registration (bsc#1210741 jsc#PED-4022).
- net: mana: Define max values for SGL entries (bsc#1210741 jsc#PED-4022).
- net: mana: Enable RX path to handle various MTU sizes (bsc#1210551).
- net: mana: Export Work Queue functions for use by RDMA driver (bsc#1210741 jsc#PED-4022).
- net: mana: Fix perf regression: remove rx_cqes, tx_cqes counters (git-fixes).
- net: mana: Handle vport sharing between devices (bsc#1210741 jsc#PED-4022).
- net: mana: Move header files to a common location (bsc#1210741 jsc#PED-4022).
- net: mana: Record port number in netdev (bsc#1210741 jsc#PED-4022).
- net: mana: Record the physical address for doorbell page region (bsc#1210741 jsc#PED-4022).
- net: mana: Refactor RX buffer allocation code to prepare for various MTU (bsc#1210551).
- net: mana: Rename mana_refill_rxoob and remove some empty lines (bsc#1210551).
- net: mana: Set the DMA device max segment size (bsc#1210741 jsc#PED-4022).
- net: mana: Use napi_build_skb in RX path (bsc#1210551).
- net: mdio: mvusb: Fix an error handling path in mvusb_mdio_probe() (git-fixes).
- net: mellanox: mlxbf_gige: Fix skb_panic splat under memory pressure (bsc#1211564).
- net: phy: dp83867: add w/a for packet errors seen with short cables (git-fixes).
- net: qrtr: correct types of trace event parameters (git-fixes).
- net: skip virtio_net_hdr_set_proto if protocol already set (git-fixes).
- net: tun: avoid disabling NAPI twice (git-fixes).
- net: tun: fix bugs for oversize packet when napi frags enabled (git-fixes).
- net: tun: stop NAPI when detaching queues (git-fixes).
- net: tun: unlink NAPI from device on destruction (git-fixes).
- net: usb: qmi_wwan: Set DTR quirk for BroadMobi BM818 (git-fixes).
- net: virtio_net_hdr_to_skb: count transport header in UFO (git-fixes).
- nilfs2: do not write dirty data after degenerating to read-only (git-fixes).
- nilfs2: fix infinite loop in nilfs_mdt_get_block() (git-fixes).
- nilfs2: fix use-after-free bug of nilfs_root in nilfs_evict_inode() (git-fixes).
- nvme-fc: fix a missing queue put in nvmet_fc_ls_create_association (git-fixes).
- nvme-multipath: fix hang when disk goes live over reconnect (git-fixes).
- nvme-pci: add quirks for Samsung X5 SSDs (git-fixes).
- nvme-pci: add the IGNORE_DEV_SUBNQN quirk for Intel P4500/P4600 SSDs (git-fixes).
- nvme-pci: avoid the deepest sleep state on ZHITAI TiPro5000 SSDs (git-fixes).
- nvme-pci: avoid the deepest sleep state on ZHITAI TiPro7000 SSDs (git-fixes).
- nvme-pci: clear the prp2 field when not used (git-fixes).
- nvme-pci: disable write zeroes on various Kingston SSD (git-fixes).
- nvme-pci: fix a NULL pointer dereference in nvme_alloc_admin_tags (git-fixes).
- nvme-pci: mark Lexar NM760 as IGNORE_DEV_SUBNQN (git-fixes).
- nvme-pci: set min_align_mask before calculating max_hw_sectors (git-fixes).
- nvme-tcp: fix a possible UAF when failing to allocate an io queue (git-fixes).
- nvme-tcp: fix bogus request completion when failing to send AER (git-fixes).
- nvme-tcp: lockdep: annotate in-kernel sockets (git-fixes).
- nvme: add a bogus subsystem NQN quirk for Micron MTFDKBA2T0TFH (git-fixes).
- nvme: also return I/O command effects from nvme_command_effects (git-fixes).
- nvme: check for duplicate identifiers earlier (git-fixes).
- nvme: cleanup __nvme_check_ids (git-fixes).
- nvme: fix discard support without oncs (git-fixes).
- nvme: fix interpretation of DMRSL (git-fixes).
- nvme: fix multipath crash caused by flush request when blktrace is enabled (git-fixes).
- nvme: fix passthrough csi check (git-fixes).
- nvme: generalize the nvme_multi_css check in nvme_scan_ns (git-fixes).
- nvme: move the Samsung X5 quirk entry to the core quirks (git-fixes).
- nvme: rename nvme_validate_or_alloc_ns to nvme_scan_ns (git-fixes).
- nvme: set non-mdts limits in nvme_scan_work (git-fixes).
- nvmet-tcp: add bounds check on Transfer Tag (git-fixes).
- nvmet-tcp: fix lockdep complaint on nvmet_tcp_wq flush during queue teardown (git-fixes).
- nvmet-tcp: fix unhandled tcp states in nvmet_tcp_state_change() (git-fixes).
- nvmet: fix mar and mor off-by-one errors (git-fixes).
- nvmet: fix memory leak in nvmet_subsys_attr_model_store_locked (git-fixes).
- nvmet: fix workqueue MEM_RECLAIM flushing dependency (git-fixes).
- nvmet: move the call to nvmet_ns_changed out of nvmet_ns_revalidate (git-fixes).
- nvmet: use NVME_CMD_EFFECTS_CSUPP instead of open coding it (git-fixes).
- phy: st: miphy28lp: use _poll_timeout functions for waits (git-fixes).
- phy: tegra: xusb: Add missing tegra_xusb_port_unregister for usb2_port and ulpi_port (git-fixes).
- pinctrl: qcom: lpass-lpi: set output value before enabling output (git-fixes).
- pinctrl: renesas: r8a779a0: Remove incorrect AVB[01] pinmux configuration (git-fixes).
- platform/x86: hp-wmi: Support touchpad on/off (git-fixes).
- platform/x86: thinkpad_acpi: Fix platform profiles on T490 (git-fixes).
- platform/x86: touchscreen_dmi: Add info for the Dexp Ursus KX210i (git-fixes).
- platform/x86: touchscreen_dmi: Add upside-down quirk for GDIX1002 ts on the Juno Tablet (git-fixes).
- power: supply: bq24190_charger: using pm_runtime_resume_and_get instead of pm_runtime_get_sync (git-fixes).
- power: supply: bq27xxx: Add cache parameter to bq27xxx_battery_current_and_status() (git-fixes).
- power: supply: bq27xxx: After charger plug in/out wait 0.5s for things to stabilize (git-fixes).
- power: supply: bq27xxx: Ensure power_supply_changed() is called on current sign changes (git-fixes).
- power: supply: bq27xxx: Fix I2C IRQ race on remove (git-fixes).
- power: supply: bq27xxx: Fix poll_interval handling and races on remove (git-fixes).
- power: supply: bq27xxx: expose battery data when CI=1 (git-fixes).
- power: supply: leds: Fix blink to LED on transition (git-fixes).
- power: supply: sbs-charger: Fix INHIBITED bit for Status reg (git-fixes).
- powerpc/iommu: DMA address offset is incorrectly calculated with 2MB TCEs (jsc#SLE-19556 git-fixes).
- powerpc/rtas: use memmove for potentially overlapping buffer copy (bsc#1065729).
- powerpc: Do not try to copy PPR for task with NULL pt_regs (bsc#1065729).
- pstore: Revert pmsg_lock back to a normal mutex (git-fixes).
- purgatory: fix disabling debug info (git-fixes).
- pwm: meson: Fix axg ao mux parents (git-fixes).
- pwm: meson: Fix g12a ao clk81 name (git-fixes).
- qed/qed_dev: guard against a possible division by zero (jsc#SLE-19001).
- qed/qed_mng_tlv: correctly zero out ->min instead of ->hour (jsc#SLE-19001).
- qed/qed_sriov: guard against NULL derefs from qed_iov_get_vf_info (jsc#SLE-19001).
- qed: allow sleep in qed_mcp_trace_dump() (jsc#SLE-19001).
- qede: execute xdp_do_flush() before napi_complete_done() (jsc#SLE-19001).
- r8152: fix flow control issue of RTL8156A (git-fixes).
- r8152: fix the poor throughput for 2.5G devices (git-fixes).
- r8152: move setting r8153b_rx_agg_chg_indicate() (git-fixes).
- regmap: cache: Return error in cache sync operations for REGCACHE_NONE (git-fixes).
- regulator: mt6359: add read check for PMIC MT6359 (git-fixes).
- regulator: pca9450: Fix BUCK2 enable_mask (git-fixes).
- remoteproc: stm32_rproc: Add mutex protection for workqueue (git-fixes).
- ring-buffer: Ensure proper resetting of atomic variables in ring_buffer_reset_online_cpus (git-fixes).
- ring-buffer: Fix kernel-doc (git-fixes).
- ring-buffer: Sync IRQ works before buffer destruction (git-fixes).
- rpm/constraints.in: Increase disk size constraint for riscv64 to 52GB
- rtmutex: Ensure that the top waiter is always woken up (git-fixes).
- s390/ap: fix crash on older machines based on QCI info missing (bsc#1210947)
- s390/ctcm: Fix return type of ctc{mp,}m_tx() (git-fixes bsc#1211686).
- s390/dasd: fix hanging blockdevice after request requeue (git-fixes bsc#1211687).
- s390/extmem: return correct segment type in __segment_load() (bsc#1210450 git-fixes).
- s390/kprobes: fix current_kprobe never cleared after kprobes reenter (git-fixes bsc#1211688).
- s390/kprobes: fix irq mask clobbering on kprobe reenter from post_handler (git-fixes bsc#1211689).
- s390/lcs: Fix return type of lcs_start_xmit() (git-fixes bsc#1211690).
- s390/mem_detect: fix detect_memory() error handling (git-fixes bsc#1211691).
- s390/netiucv: Fix return type of netiucv_tx() (git-fixes bsc#1211692).
- s390/qdio: fix do_sqbs() inline assembly constraint (git-fixes bsc#1211693).
- s390/qeth: fix use-after-free in hsci (bsc#1210449 git-fixes).
- s390/uaccess: add missing earlyclobber annotations to __clear_user() (bsc#1209856 git-fixes).
- s390/vdso: remove -nostdlib compiler flag (git-fixes bsc#1211714).
- s390x: Fixed hard lockups while running stress-ng and LPAR hangs (bsc#1195655 ltc#195733).
- scsi: core: Improve scsi_vpd_inquiry() checks (git-fixes).
- scsi: hisi_sas: Handle NCQ error when IPTT is valid (git-fixes).
- scsi: libsas: Add sas_ata_device_link_abort() (git-fixes).
- scsi: libsas: Grab the ATA port lock in sas_ata_device_link_abort() (git-fixes).
- scsi: lpfc: Add new RCQE status for handling DMA failures (bsc#1211847).
- scsi: lpfc: Fix double free in lpfc_cmpl_els_logo_acc() caused by lpfc_nlp_not_used() (bsc#1211847).
- scsi: lpfc: Fix verbose logging for SCSI commands issued to SES devices (bsc#1211847).
- scsi: lpfc: Match lock ordering of lpfc_cmd->buf_lock and hbalock for abort paths (bsc#1211847).
- scsi: lpfc: Replace blk_irq_poll intr handler with threaded IRQ (bsc#1211847).
- scsi: lpfc: Update congestion warning notification period (bsc#1211847).
- scsi: lpfc: Update lpfc version to 14.2.0.12 (bsc#1211847).
- scsi: megaraid: Fix mega_cmd_done() CMDID_INT_CMDS (git-fixes).
- scsi: megaraid_sas: Fix fw_crash_buffer_show() (git-fixes).
- scsi: qedi: Fix use after free bug in qedi_remove() (git-fixes).
- scsi: qla2xxx: Drop redundant pci_enable_pcie_error_reporting() (bsc#1211960).
- scsi: qla2xxx: Fix hang in task management (bsc#1211960).
- scsi: qla2xxx: Fix mem access after free (bsc#1211960).
- scsi: qla2xxx: Fix task management cmd fail due to unavailable resource (bsc#1211960).
- scsi: qla2xxx: Fix task management cmd failure (bsc#1211960).
- scsi: qla2xxx: Multi-que support for TMF (bsc#1211960).
- scsi: qla2xxx: Refer directly to the qla2xxx_driver_template (bsc#1211960).
- scsi: qla2xxx: Remove default fabric ops callouts (bsc#1211960).
- scsi: qla2xxx: Replace all non-returning strlcpy() with strscpy() (bsc#1211960).
- scsi: qla2xxx: Update version to 10.02.08.300-k (bsc#1211960).
- scsi: qla2xxx: Wait for io return on terminate rport (bsc#1211960).
- scsi: ses: Handle enclosure with just a primary component gracefully (git-fixes).
- scsi: storvsc: Do not pass unused PFNs to Hyper-V host (git-fixes).
- selftests mount: Fix mount_setattr_test builds failed (git-fixes).
- selftests/resctrl: Allow ->setup() to return errors (git-fixes).
- selftests/resctrl: Check for return value after write_schemata() (git-fixes).
- selftests/resctrl: Extend CPU vendor detection (git-fixes).
- selftests/resctrl: Move ->setup() call outside of test specific branches (git-fixes).
- selftests/resctrl: Return NULL if malloc_and_init_memory() did not alloc mem (git-fixes).
- selftests/sgx: Add 'test_encl.elf' to TEST_FILES (git-fixes).
- selftests: mptcp: connect: skip if MPTCP is not supported (git-fixes).
- selftests: mptcp: pm nl: skip if MPTCP is not supported (git-fixes).
- selftests: mptcp: sockopt: skip if MPTCP is not supported (git-fixes).
- selftests: seg6: disable DAD on IPv6 router cfg for srv6_end_dt4_l3vpn_test (git-fixes).
- selftests: srv6: make srv6_end_dt46_l3vpn_test more robust (git-fixes).
- selftests: xsk: Disable IPv6 on VETH1 (git-fixes).
- selftets: seg6: disable rp_filter by default in srv6_end_dt4_l3vpn_test (git-fixes).
- selinux: do not use make's grouped targets feature yet (git-fixes).
- serial: 8250: Reinit port->pm on port specific driver unbind (git-fixes).
- serial: 8250_bcm7271: balance clk_enable calls (git-fixes).
- serial: 8250_bcm7271: fix leak in `brcmuart_probe` (git-fixes).
- serial: 8250_exar: Add support for USR298x PCI Modems (git-fixes).
- serial: 8250_tegra: Fix an error handling path in tegra_uart_probe() (git-fixes).
- serial: Add support for Advantech PCI-1611U card (git-fixes).
- serial: arc_uart: fix of_iomap leak in `arc_serial_probe` (git-fixes).
- serial: qcom-geni: fix enabling deactivated interrupt (git-fixes).
- serial: stm32: re-introduce an irq flag condition in usart_receive_chars (git-fixes).
- sfc: Change VF mac via PF as first preference if available (git-fixes).
- sfc: Fix module EEPROM reporting for QSFP modules (git-fixes).
- sfc: Fix use-after-free due to selftest_work (git-fixes).
- sfc: correctly advertise tunneled IPv6 segmentation (git-fixes).
- sfc: ef10: do not overwrite offload features at NIC reset (git-fixes).
- sfc: fix TX channel offset when using legacy interrupts (git-fixes).
- sfc: fix considering that all channels have TX queues (git-fixes).
- sfc: fix null pointer dereference in efx_hard_start_xmit (git-fixes).
- sfc: fix wrong tx channel offset with efx_separate_tx_channels (git-fixes).
- sfc: include vport_id in filter spec hash and equal() (git-fixes).
- smb3: display debug information better for encryption (bsc#1193629).
- smb3: fix problem remounting a share after shutdown (bsc#1193629).
- smb3: improve parallel reads of large files (bsc#1193629).
- smb3: make query_on_disk_id open context consistent and move to common code (bsc#1193629).
- smb3: move some common open context structs to smbfs_common (bsc#1193629).
- soundwire: qcom: correct setting ignore bit on v1.5.1 (git-fixes).
- soundwire: qcom: gracefully handle too many ports in DT (git-fixes).
- spi: spi-imx: fix MX51_ECSPI_* macros when cs > 3 (git-fixes).
- spi: spi-imx: using pm_runtime_resume_and_get instead of pm_runtime_get_sync (git-fixes).
- staging: rtl8192e: Replace macro RTL_PCI_DEVICE with PCI_DEVICE (git-fixes).
- struct ci_hdrc: hide new member at end (git-fixes).
- supported.conf: mark mana_ib supported
- swiotlb: relocate PageHighMem test away from rmem_swiotlb_setup (git-fixes).
- thunderbolt: Clear registers properly when auto clear isn't in use (bsc#1210165).
- thunderbolt: Mask ring interrupt on Intel hardware as well (bsc#1210165).
- tools/virtio: compile with -pthread (git-fixes).
- tools/virtio: fix the vringh test for virtio ring changes (git-fixes).
- tools/virtio: fix virtio_test execution (git-fixes).
- tools/virtio: initialize spinlocks in vring_test.c (git-fixes).
- tpm, tpm_tis: Claim locality before writing TPM_INT_ENABLE register (git-fixes).
- tpm, tpm_tis: Disable interrupts if tpm_tis_probe_irq() failed (git-fixes).
- tpm/tpm_tis: Disable interrupts for more Lenovo devices (git-fixes).
- tracing: Fix permissions for the buffer_percent file (git-fixes).
- tty: serial: fsl_lpuart: use UARTCTRL_TXINV to send break instead of UARTCTRL_SBK (git-fixes).
- usb-storage: fix deadlock when a scsi command timeouts more than once (git-fixes).
- usb: chipidea: core: fix possible concurrent when switch role (git-fixes).
- usb: dwc3: Align DWC3_EP_* flag macros (git-fixes).
- usb: dwc3: Fix a repeated word checkpatch warning (git-fixes).
- usb: dwc3: Fix ep0 handling when getting reset while doing control transfer (git-fixes).
- usb: dwc3: debugfs: Resume dwc3 before accessing registers (git-fixes).
- usb: dwc3: drd: use helper to get role-switch-default-mode (git-fixes).
- usb: dwc3: ep0: Do not prepare beyond Setup stage (git-fixes).
- usb: dwc3: gadget: Delay issuing End Transfer (git-fixes).
- usb: dwc3: gadget: Execute gadget stop after halting the controller (git-fixes).
- usb: dwc3: gadget: Improve dwc3_gadget_suspend() and dwc3_gadget_resume() (git-fixes).
- usb: dwc3: gadget: Only End Transfer for ep0 data phase (git-fixes).
- usb: dwc3: gadget: Stall and restart EP0 if host is unresponsive (git-fixes).
- usb: dwc3: remove a possible unnecessary 'out of memory' message (git-fixes).
- usb: gadget: f_fs: Add unbind event before functionfs_unbind (git-fixes).
- usb: gadget: u_ether: Fix host MAC address case (git-fixes).
- usb: mtu3: fix kernel panic at qmu transfer done irq handler (git-fixes).
- usb: typec: altmodes/displayport: fix pin_assignment_show (git-fixes).
- usb: typec: tcpm: fix multiple times discover svids error (git-fixes).
- usb: usbfs: Enforce page requirements for mmap (git-fixes).
- usb: usbfs: Use consistent mmap functions (git-fixes).
- usrmerge: Remove usrmerge compatibility symlink in buildroot (boo#1211796).
- vc_screen: reload load of struct vc_data pointer in vcs_write() to avoid UAF (git-fixes).
- vdpa: fix use-after-free on vp_vdpa_remove (git-fixes).
- vhost/net: Clear the pending messages when the backend is removed (git-fixes).
- virtio-net: Keep stop() to follow mirror sequence of open() (git-fixes).
- virtio-net: execute xdp_do_flush() before napi_complete_done() (git-fixes).
- virtio_net: bugfix overflow inside xdp_linearize_page() (git-fixes).
- virtio_net: split free_unused_bufs() (git-fixes).
- virtio_net: suppress cpu stall when free_unused_bufs (git-fixes).
- watchdog: dw_wdt: Fix the error handling path of dw_wdt_drv_probe() (git-fixes).
- watchdog: sp5100_tco: Immediately trigger upon starting (git-fixes).
- wifi: ath11k: Fix SKB corruption in REO destination ring (git-fixes).
- wifi: ath: Silence memcpy run-time false positive warning (git-fixes).
- wifi: brcmfmac: cfg80211: Pass the PMK in binary instead of hex (git-fixes).
- wifi: iwlwifi: dvm: Fix memcpy: detected field-spanning write backtrace (git-fixes).
- wifi: iwlwifi: fix OEM's name in the ppag approved list (git-fixes).
- wifi: iwlwifi: fw: fix DBGI dump (git-fixes).
- wifi: iwlwifi: mvm: do not trust firmware n_channels (git-fixes).
- wifi: iwlwifi: mvm: fix OEM's name in the tas approved list (git-fixes).
- wifi: iwlwifi: mvm: fix cancel_delayed_work_sync() deadlock (git-fixes).
- wifi: iwlwifi: pcie: Fix integer overflow in iwl_write_to_user_buf (git-fixes).
- wifi: iwlwifi: pcie: fix possible NULL pointer dereference (git-fixes).
- wifi: mac80211: fix min center freq offset tracing (git-fixes).
- wifi: mt76: add flexible polling wait-interval support (git-fixes).
- wifi: mt76: mt7921e: Set memory space enable in PCI_COMMAND if unset (git-fixes).
- wifi: mt76: mt7921e: fix probe timeout after reboot (git-fixes).
- wifi: mt76: mt7921e: improve reliability of dma reset (git-fixes).
- wifi: rtl8xxxu: RTL8192EU always needs full init (git-fixes).
- workqueue: Fix hung time report of worker pools (bsc#1211044).
- workqueue: Interrupted create_worker() is not a repeated event (bsc#1211044).
- workqueue: Print backtraces from CPUs with hung CPU bound workqueues (bsc#1211044).
- workqueue: Warn when a new worker could not be created (bsc#1211044).
- workqueue: Warn when a rescuer could not be created (bsc#1211044).
- x86, sched: Fix undefined reference to init_freq_invariance_cppc() build error (git-fixes).
- x86/MCE/AMD: Use an u64 for bank_map (git-fixes).
- x86/alternative: Make debug-alternative selective (bsc#1206578).
- x86/alternative: Report missing return thunk details (git-fixes).
- x86/alternative: Support relocations in alternatives (bsc#1206578).
- x86/amd: Use IBPB for firmware calls (git-fixes).
- x86/boot: Skip realmode init code when running as Xen PV guest (git-fixes).
- x86/bugs: Add 'unknown' reporting for MMIO Stale Data (git-fixes).
- x86/bugs: Do not enable IBPB at firmware entry when IBPB is not available (git-fixes).
- x86/bugs: Warn when 'ibrs' mitigation is selected on Enhanced IBRS parts (git-fixes).
- x86/crash: Disable virt in core NMI crash handler to avoid double shootdown (git-fixes).
- x86/delay: Fix the wrong asm constraint in delay_loop() (git-fixes).
- x86/entry: Build thunk_$(BITS) only if CONFIG_PREEMPTION=y (git-fixes).
- x86/fault: Cast an argument to the proper address space in prefetch() (git-fixes).
- x86/fpu/xsave: Initialize offset/size cache early (bsc#1211205).
- x86/fpu: Fix copy_xstate_to_uabi() to copy init states correctly (git-fixes).
- x86/fpu: Fix the init_fpstate size check with the actual size (git-fixes).
- x86/fpu: Use _Alignof to avoid undefined behavior in TYPE_ALIGN (git-fixes).
- x86/hyperv: Block root partition functionality in a Confidential VM (git-fixes).
- x86/lib/memmove: Decouple ERMS from FSRM (bsc#1206578).
- x86/mce: relocate set{clear}_mce_nospec() functions (git-fixes). This is a preparation for the next patch
- x86/microcode/AMD: Add a @cpu parameter to the reloading functions (git-fixes).
- x86/microcode/AMD: Fix mixed steppings support (git-fixes).
- x86/microcode/AMD: Track patch allocation size explicitly (git-fixes).
- x86/microcode: Add a parameter to microcode_check() to store CPU capabilities (git-fixes).
- x86/microcode: Add explicit CPU vendor dependency (git-fixes).
- x86/microcode: Adjust late loading result reporting message (git-fixes).
- x86/microcode: Rip out the OLD_INTERFACE (git-fixes).
- x86/mm: Cleanup the control_va_addr_alignment() __setup handler (git-fixes).
- x86/mm: Use proper mask when setting PUD mapping (git-fixes).
- x86/nospec: Unwreck the RSB stuffing (git-fixes).
- x86/numa: Use cpumask_available instead of hardcoded NULL check (git-fixes).
- x86/pat: Fix x86_has_pat_wp() (git-fixes).
- x86/pm: Add enumeration check before spec MSRs save/restore setup (git-fixes).
- x86/reboot: Disable SVM, not just VMX, when stopping CPUs (git-fixes).
- x86/resctrl: Fix min_cbm_bits for AMD (git-fixes).
- x86/sev: Add SEV-SNP guest feature negotiation support (git-fixes).
- x86/signal: Fix the value returned by strict_sas_size() (git-fixes).
- x86/speculation/mmio: Print SMT warning (git-fixes).
- x86/speculation: Identify processors vulnerable to SMT RSB predictions (git-fixes).
- x86/static_call: Serialize __static_call_fixup() properly (git-fixes).
- x86/syscall: Include asm/ptrace.h in syscall_wrapper header (git-fixes).
- x86/topology: Fix duplicated core ID within a package (git-fixes).
- x86/topology: Fix multiple packages shown on a single-package system (git-fixes).
- x86/tsx: Add a feature bit for TSX control MSR support (git-fixes).
- x86: Fix return value of __setup handlers (git-fixes).
- x86: drop bogus 'cc' clobber from __try_cmpxchg_user_asm() (git-fixes).
- xen/netback: do not do grant copy across page boundary (git-fixes).
- xen/netback: use same error messages for same errors (git-fixes).
- xhci-pci: Only run d3cold avoidance quirk for s2idle (git-fixes).
- xhci: Fix incorrect tracking of free space on transfer rings (git-fixes).
ImportantSUSE bug 1065729SUSE bug 1172073SUSE bug 1191731SUSE bug 1193629SUSE bug 1195655SUSE bug 1195921SUSE bug 1203906SUSE bug 1205650SUSE bug 1205756SUSE bug 1205758SUSE bug 1205760SUSE bug 1205762SUSE bug 1205803SUSE bug 1206024SUSE bug 1206578SUSE bug 1207553SUSE bug 1208604SUSE bug 1208758SUSE bug 1209287SUSE bug 1209288SUSE bug 1209856SUSE bug 1209982SUSE bug 1210165SUSE bug 1210294SUSE bug 1210449SUSE bug 1210450SUSE bug 1210498SUSE bug 1210533SUSE bug 1210551SUSE bug 1210647SUSE bug 1210741SUSE bug 1210775SUSE bug 1210783SUSE bug 1210791SUSE bug 1210806SUSE bug 1210940SUSE bug 1210947SUSE bug 1211037SUSE bug 1211043SUSE bug 1211044SUSE bug 1211089SUSE bug 1211105SUSE bug 1211113SUSE bug 1211131SUSE bug 1211205SUSE bug 1211263SUSE bug 1211280SUSE bug 1211281SUSE bug 1211449SUSE bug 1211465SUSE bug 1211519SUSE bug 1211564SUSE bug 1211590SUSE bug 1211592SUSE bug 1211686SUSE bug 1211687SUSE bug 1211688SUSE bug 1211689SUSE bug 1211690SUSE bug 1211691SUSE bug 1211692SUSE bug 1211693SUSE bug 1211714SUSE bug 1211796SUSE bug 1211804SUSE bug 1211807SUSE bug 1211808SUSE bug 1211847SUSE bug 1211855SUSE bug 1211960CVE-2022-4269 at SUSECVE-2022-4269 at NVDCVE-2022-45884 at SUSECVE-2022-45884 at NVDCVE-2022-45885 at SUSECVE-2022-45885 at NVDCVE-2022-45886 at SUSECVE-2022-45886 at NVDCVE-2022-45887 at SUSECVE-2022-45887 at NVDCVE-2022-45919 at SUSECVE-2022-45919 at NVDCVE-2023-1079 at SUSECVE-2023-1079 at NVDCVE-2023-1380 at SUSECVE-2023-1380 at NVDCVE-2023-1382 at SUSECVE-2023-1382 at NVDCVE-2023-2002 at SUSECVE-2023-2002 at NVDCVE-2023-2124 at SUSECVE-2023-2124 at NVDCVE-2023-2156 at SUSECVE-2023-2156 at NVDCVE-2023-2162 at SUSECVE-2023-2162 at NVDCVE-2023-2269 at SUSECVE-2023-2269 at NVDCVE-2023-2483 at SUSECVE-2023-2483 at NVDCVE-2023-2513 at SUSECVE-2023-2513 at NVDCVE-2023-28410 at SUSECVE-2023-28410 at NVDCVE-2023-3006 at SUSECVE-2023-3006 at NVDCVE-2023-30456 at SUSECVE-2023-30456 at NVDCVE-2023-31084 at SUSECVE-2023-31084 at NVDCVE-2023-31436 at SUSECVE-2023-31436 at NVDCVE-2023-32233 at SUSECVE-2023-32233 at NVDCVE-2023-33288 at SUSECVE-2023-33288 at NVDcpe:/o:suse:sle-micro:5.4Security update for libcap (Moderate)SUSE Linux Enterprise Micro 5.4
This update for libcap fixes the following issues:
- CVE-2023-2602: Fixed improper memory release in libcap/psx/psx.c:__wrap_pthread_create() (bsc#1211418).
- CVE-2023-2603: Fixed an integer overflow or wraparound in libcap/cap_alloc.c:_libcap_strdup() (bsc#1211419).
ModerateSUSE bug 1211418SUSE bug 1211419CVE-2023-2602 at SUSECVE-2023-2602 at NVDCVE-2023-2603 at SUSECVE-2023-2603 at NVDcpe:/o:suse:sle-micro:5.4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.4
The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2023-35828: Fixed a use-after-free flaw inside renesas_usb3_remove in drivers/usb/gadget/udc/renesas_usb3.c (bsc#1212513).
- CVE-2023-35823: Fixed a use-after-free in saa7134_finidev in drivers/media/pci/saa7134/saa7134-core.c (bsc#1212494).
- CVE-2023-35788: Fixed an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets in fl_set_geneve_opt in net/sched/cls_flower.c (bsc#1212504).
- CVE-2023-33288: Fixed a use-after-free in bq24190_remove in drivers/power/supply/bq24190_charger.c (bsc#1211590).
- CVE-2023-32233: Fixed a use-after-free in Netfilter nf_tables when processing batch requests (bsc#1211043).
- CVE-2023-3161: Fixed shift-out-of-bounds in fbcon_set_font() (bsc#1212154).
- CVE-2023-31436: Fixed an out-of-bounds write in qfq_change_class() because lmax can exceed QFQ_MIN_LMAX (bsc#1210940).
- CVE-2023-3141: Fixed a use-after-free flaw in r592_remove in drivers/memstick/host/r592.c, that allowed local attackers to crash the system at device disconnect (bsc#1212129).
- CVE-2023-31084: Fixed a blocking issue in drivers/media/dvb-core/dvb_frontend.c (bsc#1210783).
- CVE-2023-30456: Fixed an issue in arch/x86/kvm/vmx/nested.c with nVMX on x86_64 lacks consistency checks for CR0 and CR4 (bsc#1210294).
- CVE-2023-3006: Fixed a known cache speculation vulnerability, known as Branch History Injection (BHI) or Spectre-BHB, for the new hw AmpereOne (bsc#1211855).
- CVE-2023-28410: Fixed improper restriction of operations within the bounds of a memory buffer in some Intel(R) i915 Graphics drivers that may have allowed an authenticated user to potentially enable escalation of privilege via local access (bsc#1211263).
- CVE-2023-2513: Fixed a use-after-free vulnerability in the ext4 filesystem (bsc#1211105).
- CVE-2023-2483: Fixed a use after free bug in emac_remove due caused by a race condition (bsc#1211037).
- CVE-2023-2269: Fixed a denial-of-service problem due to a possible recursive locking scenario, resulting in a deadlock in table_clear in drivers/md/dm-ioctl.c (bsc#1210806).
- CVE-2023-2162: Fixed an use-after-free flaw in iscsi_sw_tcp_session_create (bsc#1210647).
- CVE-2023-2156: Fixed a flaw in the networking subsystem within the handling of the RPL protocol (bsc#1211131).
- CVE-2023-2124: Fixed an out-of-bound access in the XFS subsystem that could have lead to denial-of-service or potentially privilege escalation (bsc#1210498).
- CVE-2023-21102: Fixed possible bypass of shadow stack protection in __efi_rt_asm_wrapper of efi-rt-wrapper.S (bsc#1212155).
- CVE-2023-2002: Fixed a flaw that allowed an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication (bsc#1210533).
- CVE-2023-1382: Fixed denial of service in tipc_conn_close (bsc#1209288).
- CVE-2023-1380: Fixed a slab-out-of-bound read problem in brcmf_get_assoc_ies() (bsc#1209287).
- CVE-2023-1249: Fixed a use-after-free flaw inside the core dump subsystem, that could have been used to crash the system (bsc#1209039).
- CVE-2023-1079: Fixed a use-after-free problem that could have been triggered in asus_kbd_backlight_set when plugging/disconnecting a malicious USB device (bsc#1208604).
- CVE-2023-1077: Fixed a type confusion in pick_next_rt_entity(), that could cause memory corruption (bsc#1208600).
- CVE-2022-45919: Fixed a use-after-free in dvb_ca_en50221.c that could occur if there is a disconnect after an open, because of the lack of a wait_event (bsc#1205803).
- CVE-2022-45887: Fixed a memory leak in ttusb_dec.c caused by the lack of a dvb_frontend_detach call (bsc#1205762).
- CVE-2022-45886: Fixed a .disconnect versus dvb_device_open race condition in dvb_net.c that lead to a use-after-free (bsc#1205760).
- CVE-2022-45885: Fixed a race condition in dvb_frontend.c that could cause a use-after-free when a device is disconnected (bsc#1205758).
- CVE-2022-45884: Fixed a use-after-free in dvbdev.c, related to dvb_register_device dynamically allocating fops (bsc#1205756).
- CVE-2022-4269: Fixed a flaw was found inside the Traffic Control (TC) subsystem (bsc#1206024).
The following non-security bugs were fixed:
- 3c589_cs: Fix an error handling path in tc589_probe() (git-fixes).
- ACPI: EC: Fix oops when removing custom query handlers (git-fixes).
- ACPI: bus: Ensure that notify handlers are not running after removal (git-fixes).
- ACPI: processor: Fix evaluating _PDC method when running as Xen dom0 (git-fixes).
- ACPI: sleep: Avoid breaking S3 wakeup due to might_sleep() (git-fixes).
- ACPI: tables: Add support for NBFT (bsc#1195921).
- ACPICA: ACPICA: check null return of ACPI_ALLOCATE_ZEROED in acpi_db_display_objects (git-fixes).
- ACPICA: Avoid undefined behavior: applying zero offset to null pointer (git-fixes).
- ALSA: caiaq: input: Add error handling for unsupported input methods in `snd_usb_caiaq_input_init` (git-fixes).
- ALSA: cs46xx: mark snd_cs46xx_download_image as static (git-fixes).
- ALSA: firewire-digi00x: prevent potential use after free (git-fixes).
- ALSA: hda/ca0132: add quirk for EVGA X299 DARK (git-fixes).
- ALSA: hda/realtek: Add Lenovo P3 Tower platform (git-fixes).
- ALSA: hda/realtek: Add a quirk for Compaq N14JP6 (git-fixes).
- ALSA: hda/realtek: Add a quirk for HP EliteDesk 805 (git-fixes).
- ALSA: hda/realtek: Add a quirk for HP Slim Desktop S01 (git-fixes).
- ALSA: hda/realtek: Add quirk for 2nd ASUS GU603 (git-fixes).
- ALSA: hda/realtek: Add quirk for ASUS UM3402YAR using CS35L41 (git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo L140AU (git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo NS50AU (git-fixes).
- ALSA: hda/realtek: Add quirk for HP EliteBook G10 laptops (git-fixes).
- ALSA: hda/realtek: Add quirk for ThinkPad P1 Gen 6 (git-fixes).
- ALSA: hda/realtek: Add quirks for Asus ROG 2024 laptops using CS35L41 (git-fixes).
- ALSA: hda/realtek: Apply HP B&O top speaker profile to Pavilion 15 (git-fixes).
- ALSA: hda/realtek: Enable 4 amplifiers instead of 2 on a HP platform (git-fixes).
- ALSA: hda/realtek: Enable headset onLenovo M70/M90 (git-fixes).
- ALSA: hda/realtek: Fix mute and micmute LEDs for an HP laptop (git-fixes).
- ALSA: hda/realtek: Fix mute and micmute LEDs for yet another HP laptop (git-fixes).
- ALSA: hda/realtek: support HP Pavilion Aero 13-be0xxx Mute LED (git-fixes).
- ALSA: hda: Add NVIDIA codec IDs a3 through a7 to patch table (git-fixes).
- ALSA: hda: Fix Oops by 9.1 surround channel names (git-fixes).
- ALSA: hda: Fix unhandled register update during auto-suspend period (git-fixes).
- ALSA: hda: Glenfly: add HD Audio PCI IDs and HDMI Codec Vendor IDs (git-fixes).
- ALSA: oss: avoid missing-prototype warnings (git-fixes).
- ALSA: usb-audio: Add a sample rate workaround for Line6 Pod Go (git-fixes).
- ALSA: usb-audio: Add quirk flag for HEM devices to enable native DSD playback (git-fixes).
- ALSA: usb-audio: Add quirk for Pioneer DDJ-800 (git-fixes).
- ALSA: usb-audio: Fix broken resume due to UAC3 power state (git-fixes).
- ARM64: dts: Add DTS files for bcmbca SoC BCM6858 (git-fixes).
- ARM: 9295/1: unwind:fix unwind abort for uleb128 case (git-fixes)
- ARM: 9296/1: HP Jornada 7XX: fix kernel-doc warnings (git-fixes).
- ARM: cpu: Switch to arch_cpu_finalize_init() (bsc#1212448).
- ARM: dts: qcom: ipq8064: Fix the PCI I/O port range (git-fixes).
- ARM: dts: qcom: ipq8064: reduce pci IO size to 64K (git-fixes).
- ARM: dts: vexpress: add missing cache properties (git-fixes).
- ASOC: Intel: sof_sdw: add quirk for Intel 'Rooks County' NUC M15 (git-fixes).
- ASoC: Intel: Skylake: Fix declaration of enum skl_ch_cfg (git-fixes).
- ASoC: Intel: bytcr_rt5640: Add quirk for the Acer Iconia One 7 B1-750 (git-fixes).
- ASoC: codecs: wsa881x: do not set can_multi_write flag (git-fixes).
- ASoC: dwc: limit the number of overrun messages (git-fixes).
- ASoC: dwc: move DMA init to snd_soc_dai_driver probe() (git-fixes).
- ASoC: fsl_micfil: Fix error handler with pm_runtime_enable (git-fixes).
- ASoC: lpass: Fix for KASAN use_after_free out of bounds (git-fixes).
- ASoC: rt5682: Disable jack detection interrupt during suspend (git-fixes).
- ASoC: soc-pcm: fix hw->formats cleared by soc_pcm_hw_init() for dpcm (git-fixes).
- ASoC: soc-pcm: test if a BE can be prepared (git-fixes).
- ASoC: ssm2602: Add workaround for playback distortions (git-fixes).
- Add a bug reference to two existing drm-hyperv changes (bsc#1211281).
- Also include kernel-docs build requirements for ALP
- Avoid unsuported tar parameter on SLE12
- Bluetooth: Fix l2cap_disconnect_req deadlock (git-fixes).
- Bluetooth: Fix use-after-free in hci_remove_ltk/hci_remove_irk (git-fixes).
- Bluetooth: L2CAP: Add missing checks for invalid DCID (git-fixes).
- Bluetooth: L2CAP: fix 'bad unlock balance' in l2cap_disconnect_rsp (git-fixes).
- Bluetooth: btintel: Add LE States quirk support (git-fixes).
- Bluetooth: hci_bcm: Fall back to getting bdaddr from EFI if not set (git-fixes).
- Bluetooth: hci_qca: fix debugfs registration (git-fixes).
- Documentation/filesystems: ramfs-rootfs-initramfs: use :Author: (git-fixes).
- Documentation/filesystems: sharedsubtree: add section headings (git-fixes).
- HID: google: add jewel USB id (git-fixes).
- HID: logitech-hidpp: Do not use the USB serial for USB devices (git-fixes).
- HID: logitech-hidpp: Reconcile USB and Unifying serials (git-fixes).
- HID: microsoft: Add rumble support to latest xbox controllers (bsc#1211280).
- HID: wacom: Add new Intuos Pro Small (PTH-460) device IDs (git-fixes).
- HID: wacom: Force pen out of prox if no events have been received in a while (git-fixes).
- HID: wacom: Set a default resolution for older tablets (git-fixes).
- HID: wacom: add three styli to wacom_intuos_get_tool_type (git-fixes).
- HID: wacom: avoid integer overflow in wacom_intuos_inout() (git-fixes).
- HID: wacom: generic: Set battery quirk only when we see battery data (git-fixes).
- IB/hfi1: Fix SDMA mmu_rb_node not being evicted in LRU order (git-fixes)
- IB/hfi1: Fix bugs with non-PAGE_SIZE-end multi-iovec user SDMA requests (git-fixes)
- IB/hifi1: add a null check of kzalloc_node in hfi1_ipoib_txreq_init (git-fixes)
- IB/rdmavt: add missing locks in rvt_ruc_loopback (git-fixes)
- Input: fix open count when closing inhibited device (git-fixes).
- Input: psmouse - fix OOB access in Elantech protocol (git-fixes).
- Input: xpad - add constants for GIP interface numbers (git-fixes).
- Input: xpad - delete a Razer DeathAdder mouse VID/PID entry (git-fixes).
- KEYS: asymmetric: Copy sig and digest in public_key_verify_signature() (git-fixes).
- KVM: Destroy target device if coalesced MMIO unregistration fails (git-fixes)
- KVM: Disallow user memslot with size that exceeds 'unsigned long' (git-fixes)
- KVM: Do not create VM debugfs files outside of the VM directory (git-fixes)
- KVM: Do not set Accessed/Dirty bits for ZERO_PAGE (git-fixes)
- KVM: LAPIC: Enable timer posted-interrupt only when mwait/hlt is advertised (git-fixes).
- KVM: Prevent module exit until all VMs are freed (git-fixes)
- KVM: SVM: Do not rewrite guest ICR on AVIC IPI virtualization failure (git-fixes).
- KVM: SVM: Fix benign 'bool vs. int' comparison in svm_set_cr0() (git-fixes).
- KVM: SVM: Fix potential overflow in SEV's send|receive_update_data() (git-fixes).
- KVM: SVM: Require logical ID to be power-of-2 for AVIC entry (git-fixes).
- KVM: SVM: Skip WRMSR fastpath on VM-Exit if next RIP isn't valid (git-fixes).
- KVM: SVM: hyper-v: placate modpost section mismatch error (git-fixes).
- KVM: VMX: Introduce vmx_msr_bitmap_l01_changed() helper (git-fixes).
- KVM: VMX: Resume guest immediately when injecting #GP on ECREATE (git-fixes).
- KVM: VMX: Set vmcs.PENDING_DBG.BS on #DB in STI/MOVSS blocking shadow (git-fixes).
- KVM: VMX: Use is_64_bit_mode() to check 64-bit mode in SGX handler (git-fixes).
- KVM: X86: Fix tlb flush for tdp in kvm_invalidate_pcid() (git-fixes).
- KVM: arm64: Do not arm a hrtimer for an already pending timer (git-fixes)
- KVM: arm64: Do not hypercall before EL2 init (git-fixes)
- KVM: arm64: Do not return from void function (git-fixes)
- KVM: arm64: Fix PAR_TO_HPFAR() to work independently of PA_BITS. (git-fixes)
- KVM: arm64: Fix S1PTW handling on RO memslots (git-fixes)
- KVM: arm64: Fix bad dereference on MTE-enabled systems (git-fixes)
- KVM: arm64: Fix buffer overflow in kvm_arm_set_fw_reg() (git-fixes)
- KVM: arm64: Fix kvm init failure when mode!=vhe and VA_BITS=52. (git-fixes)
- KVM: arm64: Free hypervisor allocations if vector slot init fails (git-fixes)
- KVM: arm64: GICv4.1: Fix race with doorbell on VPE (git-fixes)
- KVM: arm64: Limit length in kvm_vm_ioctl_mte_copy_tags() to INT_MAX (git-fixes)
- KVM: arm64: PMU: Restore the guest's EL0 event counting after (git-fixes)
- KVM: arm64: Propagate errors from __pkvm_prot_finalize hypercall (git-fixes)
- KVM: arm64: Reject 32bit user PSTATE on asymmetric systems (git-fixes)
- KVM: arm64: Save PSTATE early on exit (git-fixes)
- KVM: arm64: Stop handle_exit() from handling HVC twice when an SError (git-fixes)
- KVM: arm64: Treat PMCR_EL1.LC as RES1 on asymmetric systems (git-fixes)
- KVM: arm64: nvhe: Eliminate kernel-doc warnings (git-fixes)
- KVM: arm64: vgic: Fix exit condition in scan_its_table() (git-fixes)
- KVM: arm64: vgic: Read HW interrupt pending state from the HW (git-fixes)
- KVM: nVMX: Also filter MSR_IA32_VMX_TRUE_PINBASED_CTLS when eVMCS (git-fixes).
- KVM: nVMX: Do not use Enlightened MSR Bitmap for L3 (git-fixes).
- KVM: nVMX: Document that ignoring memory failures for VMCLEAR is deliberate (git-fixes).
- KVM: nVMX: Emulate NOPs in L2, and PAUSE if it's not intercepted (git-fixes).
- KVM: nVMX: Inject #GP, not #UD, if 'generic' VMXON CR0/CR4 check fails (git-fixes).
- KVM: nVMX: Prioritize TSS T-flag #DBs over Monitor Trap Flag (git-fixes).
- KVM: nVMX: Properly expose ENABLE_USR_WAIT_PAUSE control to L1 (git-fixes).
- KVM: nVMX: Treat General Detect #DB (DR7.GD=1) as fault-like (git-fixes).
- KVM: nVMX: eVMCS: Filter out VM_EXIT_SAVE_VMX_PREEMPTION_TIMER (git-fixes).
- KVM: x86/emulator: Emulate RDPID only if it is enabled in guest (git-fixes).
- KVM: x86/mmu: avoid NULL-pointer dereference on page freeing bugs (git-fixes).
- KVM: x86/pmu: Ignore pmu->global_ctrl check if vPMU does not support global_ctrl (git-fixes).
- KVM: x86/svm: add __GFP_ACCOUNT to __sev_dbg_{en,de}crypt_user() (git-fixes).
- KVM: x86/vmx: Do not skip segment attributes if unusable bit is set (git-fixes).
- KVM: x86/xen: Fix memory leak in kvm_xen_write_hypercall_page() (git-fixes).
- KVM: x86: Copy filter arg outside kvm_vm_ioctl_set_msr_filter() (git-fixes).
- KVM: x86: Do not change ICR on write to APIC_SELF_IPI (git-fixes).
- KVM: x86: Fail emulation during EMULTYPE_SKIP on any exception (git-fixes).
- KVM: x86: Inject #GP if WRMSR sets reserved bits in APIC Self-IPI (git-fixes).
- KVM: x86: Mask off reserved bits in CPUID.8000001FH (git-fixes).
- KVM: x86: Mask off unsupported and unknown bits of IA32_ARCH_CAPABILITIES (git-fixes).
- KVM: x86: Protect the unused bits in MSR exiting flags (git-fixes).
- KVM: x86: Remove a redundant guest cpuid check in kvm_set_cr4() (git-fixes).
- KVM: x86: Report deprecated x87 features in supported CPUID (git-fixes).
- KVM: x86: do not set st->preempted when going back to user space (git-fixes).
- KVM: x86: fix typo in __try_cmpxchg_user causing non-atomicness (git-fixes).
- KVM: x86: ioapic: Fix level-triggered EOI and userspace I/OAPIC reconfigure race (git-fixes).
- PCI/ASPM: Remove pcie_aspm_pm_state_change() (git-fixes).
- PM: hibernate: Do not get block device exclusively in test_resume mode (git-fixes).
- PM: hibernate: Turn snapshot_test into global variable (git-fixes).
- PM: hibernate: fix load_image_and_restore() error path (git-fixes).
- RDMA/bnxt_re: Fix a possible memory leak (git-fixes)
- RDMA/bnxt_re: Fix return value of bnxt_re_process_raw_qp_pkt_rx (git-fixes)
- RDMA/bnxt_re: Fix the page_size used during the MR creation (git-fixes)
- RDMA/cm: Trace icm_send_rej event before the cm state is reset (git-fixes)
- RDMA/core: Fix multiple -Warray-bounds warnings (git-fixes)
- RDMA/efa: Fix unsupported page sizes in device (git-fixes)
- RDMA/hns: Fix base address table allocation (git-fixes)
- RDMA/hns: Fix timeout attr in query qp for HIP08 (git-fixes)
- RDMA/hns: Modify the value of long message loopback slice (git-fixes)
- RDMA/irdma: Add SW mechanism to generate completions on error (jsc#SLE-18383).
- RDMA/irdma: Do not generate SW completions for NOPs (jsc#SLE-18383).
- RDMA/irdma: Fix Local Invalidate fencing (git-fixes)
- RDMA/irdma: Fix RQ completion opcode (jsc#SLE-18383).
- RDMA/irdma: Fix drain SQ hang with no completion (jsc#SLE-18383).
- RDMA/irdma: Fix inline for multiple SGE's (jsc#SLE-18383).
- RDMA/irdma: Prevent QP use after free (git-fixes)
- RDMA/irdma: Remove enum irdma_status_code (jsc#SLE-18383).
- RDMA/irdma: Remove excess error variables (jsc#SLE-18383).
- RDMA/mana: Remove redefinition of basic u64 type (bsc#1210741 jsc#PED-4022).
- RDMA/mana: hide new rdma_driver_ids (bsc#1210741 jsc#PED-4022).
- RDMA/mana_ib: Add a driver for Microsoft Azure Network Adapter (bsc#1210741 jsc#PED-4022).
- RDMA/mana_ib: Fix a bug when the PF indicates more entries for registering memory on first packet (bsc#1210741 jsc#PED-4022).
- RDMA/mana_ib: Prevent array underflow in mana_ib_create_qp_raw() (bsc#1210741 jsc#PED-4022).
- RDMA/mlx4: Prevent shift wrapping in set_user_sq_size() (jsc#SLE-19255).
- RDMA/mlx5: Fix flow counter query via DEVX (git-fixes)
- RDMA/mlx5: Use correct device num_ports when modify DC (git-fixes)
- RDMA/rdmavt: Delete unnecessary NULL check (git-fixes)
- RDMA/rtrs-clt: Replace list_next_or_null_rr_rcu with an inline function (git-fixes)
- RDMA/rtrs-srv: Pass the correct number of entries for dma mapped SGL (git-fixes)
- RDMA/rxe: Fix the error 'trying to register non-static key in rxe_cleanup_task' (git-fixes)
- RDMA/rxe: Remove tasklet call from rxe_cq.c (git-fixes)
- RDMA/siw: Fix potential page_array out of range access (git-fixes)
- RDMA/siw: Remove namespace check from siw_netdev_event() (git-fixes)
- RDMA/srpt: Add a check for valid 'mad_agent' pointer (git-fixes)
- Remove orphaned CONFIG_PRINTK_SAFE_LOG_BUF_SHIFT (bsc#1189998 git-fixes).
- Revert 'KVM: set owner of cpu and vm file operations' (git-fixes)
- SMB3.1.1: add new tree connect ShareFlags (bsc#1193629).
- SMB3: Add missing locks to protect deferred close file list (git-fixes).
- SMB3: Close all deferred handles of inode in case of handle lease break (bsc#1193629).
- SMB3: Close deferred file handles in case of handle lease break (bsc#1193629).
- SMB3: drop reference to cfile before sending oplock break (bsc#1193629).
- SMB3: force unmount was failing to close deferred close files (bsc#1193629).
- SUNRPC: Clean up svc_deferred_class trace events (git-fixes).
- SUNRPC: fix breakage caused by introduction of rq_xprt_ctxt (bsc#1210775).
- Squashfs: fix handling and sanity checking of xattr_ids count (git-fixes).
- Trim obsolete KMP list. SLE11 is out of support, we do not need to handle upgrading from SLE11 SP1.
- USB / dwc3: Fix a checkpatch warning in core.c (git-fixes).
- USB: UHCI: adjust zhaoxin UHCI controllers OverCurrent bit value (git-fixes).
- USB: core: Add routines for endpoint checks in old drivers (git-fixes).
- USB: dwc3: fix use-after-free on core driver unbind (git-fixes).
- USB: dwc3: qcom: fix NULL-deref on suspend (git-fixes).
- USB: serial: option: add Quectel EM061KGL series (git-fixes).
- USB: sisusbvga: Add endpoint checks (git-fixes).
- USB: usbtmc: Fix direction for 0-length ioctl control messages (git-fixes).
- affs: initialize fsdata in affs_truncate() (git-fixes).
- apparmor: add a kernel label to use on kernel objects (bsc#1211113).
- arm64: Always load shadow stack pointer directly from the task struct (git-fixes)
- arm64: Stash shadow stack pointer in the task struct on interrupt (git-fixes)
- arm64: dts: Add DTS files for bcmbca SoC BCM4912 (git-fixes).
- arm64: dts: Add DTS files for bcmbca SoC BCM63158 (git-fixes).
- arm64: dts: Add base DTS file for bcmbca device Asus GT-AX6000 (git-fixes).
- arm64: dts: broadcom: bcm4908: add DT for Netgear RAXE500 (git-fixes).
- arm64: dts: imx8-ss-dma: assign default clock rate for lpuarts (git-fixes).
- arm64: dts: imx8mn-beacon: Fix SPI CS pinmux (git-fixes).
- arm64: dts: imx8qm-mek: correct GPIOs for USDHC2 CD and WP signals (git-fixes).
- arm64: dts: qcom: msm8996: Add missing DWC3 quirks (git-fixes).
- arm64: dts: qcom: sc7180-lite: Fix SDRAM freq for misidentified sc7180-lite boards (git-fixes).
- arm64: errata: add detection for AMEVCNTR01 incrementing incorrectly (git-fixes).
- arm64: kgdb: Set PSTATE.SS to 1 to re-enable single-step (git-fixes)
- arm64: kgdb: Set PSTATE.SS to 1 to re-enable single-step (git-fixes).
- asm-generic/io.h: suppress endianness warnings for readq() and writeq() (git-fixes).
- ata: libata-scsi: Use correct device no in ata_find_dev() (git-fixes).
- ata: pata_octeon_cf: drop kernel-doc notation (git-fixes).
- ath6kl: Use struct_group() to avoid size-mismatched casting (git-fixes).
- batman-adv: Broken sync while rescheduling delayed work (git-fixes).
- block: add a bdev_max_zone_append_sectors helper (git-fixes).
- bluetooth: Add cmd validity checks at the start of hci_sock_ioctl() (git-fixes).
- bnxt: Do not read past the end of test names (jsc#SLE-18978).
- bnxt: prevent skb UAF after handing over to PTP worker (jsc#SLE-18978).
- bnxt_en: Add missing 200G link speed reporting (jsc#SLE-18978).
- bnxt_en: Avoid order-5 memory allocation for TPA data (jsc#SLE-18978).
- bnxt_en: Do not initialize PTP on older P3/P4 chips (jsc#SLE-18978).
- bnxt_en: Do not issue AP reset during ethtool's reset operation (git-fixes).
- bnxt_en: Fix mqprio and XDP ring checking logic (jsc#SLE-18978).
- bnxt_en: Fix reporting of test result in ethtool selftest (jsc#SLE-18978).
- bnxt_en: Fix typo in PCI id to device description string mapping (jsc#SLE-18978).
- bnxt_en: Implement .set_port / .unset_port UDP tunnel callbacks (git-fixes).
- bnxt_en: Query default VLAN before VNIC setup on a VF (git-fixes).
- bnxt_en: Skip firmware fatal error recovery if chip is not accessible (git-fixes).
- bnxt_en: fix NQ resource accounting during vf creation on 57500 chips (jsc#SLE-18978).
- bnxt_en: set missing reload flag in devlink features (jsc#SLE-18978).
- bpf, arm64: Call build_prologue() first in first JIT pass (git-fixes)
- bpf, arm64: Clear prog->jited_len along prog->jited (git-fixes)
- bpf, arm64: Feed byte-offset into bpf line info (git-fixes)
- bpf, arm64: Use emit_addr_mov_i64() for BPF_PSEUDO_FUNC (git-fixes)
- bpf: Add extra path pointer check to d_path helper (git-fixes).
- bpf: Fix UAF in task local storage (bsc#1212564).
- can: isotp: recvmsg(): allow MSG_CMSG_COMPAT flag (git-fixes).
- can: j1939: avoid possible use-after-free when j1939_can_rx_register fails (git-fixes).
- can: j1939: change j1939_netdev_lock type to mutex (git-fixes).
- can: j1939: j1939_sk_send_loop_abort(): improved error queue handling in J1939 Socket (git-fixes).
- can: j1939: recvmsg(): allow MSG_CMSG_COMPAT flag (git-fixes).
- can: kvaser_pciefd: Call request_irq() before enabling interrupts (git-fixes).
- can: kvaser_pciefd: Clear listen-only bit if not explicitly requested (git-fixes).
- can: kvaser_pciefd: Disable interrupts in probe error path (git-fixes).
- can: kvaser_pciefd: Do not send EFLUSH command on TFD interrupt (git-fixes).
- can: kvaser_pciefd: Empty SRB buffer in probe (git-fixes).
- can: kvaser_pciefd: Set CAN_STATE_STOPPED in kvaser_pciefd_stop() (git-fixes).
- can: kvaser_usb: Add struct kvaser_usb_busparams (git-fixes).
- can: kvaser_usb: kvaser_usb_leaf: Get capabilities from device (git-fixes).
- can: kvaser_usb: kvaser_usb_leaf: Handle CMD_ERROR_EVENT (git-fixes).
- can: kvaser_usb: kvaser_usb_leaf: Rename {leaf,usbcan}_cmd_error_event to {leaf,usbcan}_cmd_can_error_event (git-fixes).
- can: kvaser_usb_leaf: Fix overread with an invalid command (git-fixes).
- cassini: Fix a memory leak in the error handling path of cas_init_one() (git-fixes).
- ceph: fix use-after-free bug for inodes when flushing capsnaps (bsc#1212540).
- ceph: force updating the msg pointer in non-split case (bsc#1211804).
- cgroup.c: add helper __cset_cgroup_from_root to cleanup duplicated codes (bsc#1203906).
- cgroup: Homogenize cgroup_get_from_id() return value (bsc#1205650).
- cgroup: Honor caller's cgroup NS when resolving path (bsc#1205650).
- cgroup: Make cgroup_get_from_id() prettier (bsc#1205650).
- cgroup: Reorganize css_set_lock and kernfs path processing (bsc#1205650).
- cgroup: Use cgroup_attach_{lock,unlock}() from cgroup_attach_task_all() (bsc#1212563).
- cgroup: always put cset in cgroup_css_set_put_fork (bsc#1212561).
- cgroup: cgroup: Honor caller's cgroup NS when resolving cgroup id (bsc#1205650).
- cgroup: fix missing cpus_read_{lock,unlock}() in cgroup_transfer_tasks() (bsc#1212563).
- cgroup: reduce dependency on cgroup_mutex (bsc#1205650).
- cifs: Avoid a cast in add_lease_context() (bsc#1193629).
- cifs: Simplify SMB2_open_init() (bsc#1193629).
- cifs: Simplify SMB2_open_init() (bsc#1193629).
- cifs: Simplify SMB2_open_init() (bsc#1193629).
- cifs: avoid dup prefix path in dfs_get_automount_devname() (git-fixes).
- cifs: avoid potential races when handling multiple dfs tcons (bsc#1208758).
- cifs: fix pcchunk length type in smb2_copychunk_range (bsc#1193629).
- cifs: fix potential race when tree connecting ipc (bsc#1208758).
- cifs: fix potential use-after-free bugs in TCP_Server_Info::hostname (bsc#1208758).
- cifs: fix sharing of DFS connections (bsc#1208758).
- cifs: fix smb1 mount regression (bsc#1193629).
- cifs: mapchars mount option ignored (bsc#1193629).
- cifs: missing lock when updating session status (bsc#1193629).
- cifs: print smb3_fs_context::source when mounting (bsc#1193629).
- cifs: protect access of TCP_Server_Info::{origin,leaf}_fullpath (bsc#1208758).
- cifs: protect session status check in smb2_reconnect() (bsc#1208758).
- cifs: release leases for deferred close handles when freezing (bsc#1193629).
- cifs: sanitize paths in cifs_update_super_prepath (git-fixes).
- cifs: update internal module version number for cifs.ko (bsc#1193629).
- clk: qcom: gcc-sm8350: fix PCIe PIPE clocks handling (git-fixes).
- clk: qcom: regmap: add PHY clock source implementation (git-fixes).
- clk: tegra20: fix gcc-7 constant overflow warning (git-fixes).
- configfs: fix possible memory leak in configfs_create_dir() (git-fixes).
- crypto: acomp - define max size for destination (jsc#PED-3692)
- crypto: drivers - move from strlcpy with unused retval to (jsc#PED-3692)
- crypto: qat - Fix unsigned function returning negative (jsc#PED-3692)
- crypto: qat - Removes the x86 dependency on the QAT drivers (jsc#PED-3692)
- crypto: qat - abstract PFVF messages with struct pfvf_message (jsc#PED-3692)
- crypto: qat - abstract PFVF receive logic (jsc#PED-3692)
- crypto: qat - abstract PFVF send function (jsc#PED-3692)
- crypto: qat - add PFVF support to enable the reset of ring (jsc#PED-3692)
- crypto: qat - add PFVF support to the GEN4 host driver (jsc#PED-3692)
- crypto: qat - add VF and PF wrappers to common send function (jsc#PED-3692)
- crypto: qat - add backlog mechanism (jsc#PED-3692)
- crypto: qat - add check for invalid PFVF protocol version 0 (jsc#PED-3692)
- crypto: qat - add check to validate firmware images (jsc#PED-3692)
- crypto: qat - add limit to linked list parsing (jsc#PED-3692)
- crypto: qat - add misc workqueue (jsc#PED-3692)
- crypto: qat - add missing restarting event notification in (jsc#PED-3692)
- crypto: qat - add param check for DH (jsc#PED-3692)
- crypto: qat - add param check for RSA (jsc#PED-3692)
- crypto: qat - add pfvf_ops (jsc#PED-3692)
- crypto: qat - add resubmit logic for decompression (jsc#PED-3692)
- crypto: qat - add support for 401xx devices (jsc#PED-3692)
- crypto: qat - add support for compression for 4xxx (jsc#PED-3692)
- crypto: qat - add the adf_get_pmisc_base() helper function (jsc#PED-3692)
- crypto: qat - allow detection of dc capabilities for 4xxx (jsc#PED-3692)
- crypto: qat - change PFVF ACK behaviour (jsc#PED-3692)
- crypto: qat - change behaviour of (jsc#PED-3692)
- crypto: qat - change bufferlist logic interface (jsc#PED-3692)
- crypto: qat - config VFs based on ring-to-svc mapping (jsc#PED-3692)
- crypto: qat - differentiate between pf2vf and vf2pf offset (jsc#PED-3692)
- crypto: qat - disable AER if an error occurs in probe (jsc#PED-3692)
- crypto: qat - do not handle PFVF sources for qat_4xxx (jsc#PED-3692)
- crypto: qat - do not rely on min version (jsc#PED-3692)
- crypto: qat - enable deflate for QAT GEN4 (jsc#PED-3692)
- crypto: qat - enable power management for QAT GEN4 (jsc#PED-3692)
- crypto: qat - exchange device capabilities over PFVF (jsc#PED-3692)
- crypto: qat - exchange ring-to-service mappings over PFVF (jsc#PED-3692)
- crypto: qat - expose deflate through acomp api for QAT GEN2 (jsc#PED-3692)
- crypto: qat - expose device config through sysfs for 4xxx (jsc#PED-3692)
- crypto: qat - expose device state through sysfs for 4xxx (jsc#PED-3692)
- crypto: qat - extend buffer list interface (jsc#PED-3692)
- crypto: qat - extend crypto capability detection for 4xxx (jsc#PED-3692)
- crypto: qat - extract send and wait from (jsc#PED-3692)
- crypto: qat - fix DMA transfer direction (jsc#PED-3692)
- crypto: qat - fix ETR sources enabled by default on GEN2 (jsc#PED-3692)
- crypto: qat - fix VF IDs in PFVF log messages (jsc#PED-3692)
- crypto: qat - fix a signedness bug in get_service_enabled() (jsc#PED-3692)
- crypto: qat - fix a typo in a comment (jsc#PED-3692)
- crypto: qat - fix access to PFVF interrupt registers for GEN4 (jsc#PED-3692)
- crypto: qat - fix definition of ring reset results (jsc#PED-3692)
- crypto: qat - fix error return code in adf_probe (jsc#PED-3692)
- crypto: qat - fix handling of VF to PF interrupts (jsc#PED-3692)
- crypto: qat - fix initialization of pfvf cap_msg structures (jsc#PED-3692)
- crypto: qat - fix initialization of pfvf rts_map_msg (jsc#PED-3692)
- crypto: qat - fix off-by-one error in PFVF debug print (jsc#PED-3692)
- crypto: qat - fix wording and formatting in code comment (jsc#PED-3692)
- crypto: qat - flush vf workqueue at driver removal (jsc#PED-3692)
- crypto: qat - free irq in case of failure (jsc#PED-3692)
- crypto: qat - free irqs only if allocated (jsc#PED-3692)
- crypto: qat - generalize crypto request buffers (jsc#PED-3692)
- crypto: qat - get compression extended capabilities (jsc#PED-3692)
- crypto: qat - handle retries due to collisions in (jsc#PED-3692)
- crypto: qat - honor CRYPTO_TFM_REQ_MAY_SLEEP flag (jsc#PED-3692)
- crypto: qat - improve logging of PFVF messages (jsc#PED-3692)
- crypto: qat - improve the ACK timings in PFVF send (jsc#PED-3692)
- crypto: qat - introduce support for PFVF block messages (jsc#PED-3692)
- crypto: qat - leverage bitfield.h utils for PFVF messages (jsc#PED-3692)
- crypto: qat - leverage read_poll_timeout in PFVF send (jsc#PED-3692)
- crypto: qat - leverage the GEN2 VF mask definiton (jsc#PED-3692)
- crypto: qat - make PFVF message construction direction (jsc#PED-3692)
- crypto: qat - make PFVF send and receive direction agnostic (jsc#PED-3692)
- crypto: qat - move VF message handler to adf_vf2pf_msg.c (jsc#PED-3692)
- crypto: qat - move and rename GEN4 error register definitions (jsc#PED-3692)
- crypto: qat - move interrupt code out of the PFVF handler (jsc#PED-3692)
- crypto: qat - move pfvf collision detection values (jsc#PED-3692)
- crypto: qat - move vf2pf interrupt helpers (jsc#PED-3692)
- crypto: qat - pass the PF2VF responses back to the callers (jsc#PED-3692)
- crypto: qat - prevent spurious MSI interrupt in VF (jsc#PED-3692)
- crypto: qat - re-enable interrupts for legacy PFVF messages (jsc#PED-3692)
- crypto: qat - re-enable registration of algorithms (jsc#PED-3692)
- crypto: qat - refactor PF top half for PFVF (jsc#PED-3692)
- crypto: qat - refactor pfvf version request messages (jsc#PED-3692)
- crypto: qat - refactor submission logic (jsc#PED-3692)
- crypto: qat - relocate PFVF PF related logic (jsc#PED-3692)
- crypto: qat - relocate PFVF VF related logic (jsc#PED-3692)
- crypto: qat - relocate PFVF disabled function (jsc#PED-3692)
- crypto: qat - relocate and rename adf_sriov_prepare_restart() (jsc#PED-3692)
- crypto: qat - relocate backlog related structures (jsc#PED-3692)
- crypto: qat - relocate bufferlist logic (jsc#PED-3692)
- crypto: qat - relocate qat_algs_alloc_flags() (jsc#PED-3692)
- crypto: qat - remove duplicated logic across GEN2 drivers (jsc#PED-3692)
- crypto: qat - remove empty sriov_configure() (jsc#PED-3692)
- crypto: qat - remove line wrapping for pfvf_ops functions (jsc#PED-3692)
- crypto: qat - remove the unnecessary get_vintmsk_offset() (jsc#PED-3692)
- crypto: qat - remove unmatched CPU affinity to cluster IRQ (jsc#PED-3692)
- crypto: qat - remove unnecessary tests to detect PFVF support (jsc#PED-3692)
- crypto: qat - remove unneeded assignment (jsc#PED-3692)
- crypto: qat - remove unneeded braces (jsc#PED-3692)
- crypto: qat - remove unneeded packed attribute (jsc#PED-3692)
- crypto: qat - remove unused PFVF stubs (jsc#PED-3692)
- crypto: qat - rename and relocate GEN2 config function (jsc#PED-3692)
- crypto: qat - rename bufferlist functions (jsc#PED-3692)
- crypto: qat - rename pfvf collision constants (jsc#PED-3692)
- crypto: qat - reorganize PFVF code (jsc#PED-3692)
- crypto: qat - reorganize PFVF protocol definitions (jsc#PED-3692)
- crypto: qat - replace deprecated MSI API (jsc#PED-3692)
- crypto: qat - replace disable_vf2pf_interrupts() (jsc#PED-3692)
- crypto: qat - replace get_current_node() with numa_node_id() (jsc#PED-3692)
- crypto: qat - rework the VF2PF interrupt handling logic (jsc#PED-3692)
- crypto: qat - set CIPHER capability for QAT GEN2 (jsc#PED-3692)
- crypto: qat - set COMPRESSION capability for DH895XCC (jsc#PED-3692)
- crypto: qat - set COMPRESSION capability for QAT GEN2 (jsc#PED-3692)
- crypto: qat - set DMA mask to 48 bits for Gen2 (jsc#PED-3692)
- crypto: qat - set PFVF_MSGORIGIN just before sending (jsc#PED-3692)
- crypto: qat - share adf_enable_pf2vf_comms() from (jsc#PED-3692)
- crypto: qat - simplify adf_enable_aer() (jsc#PED-3692)
- crypto: qat - simplify code and axe the use of a deprecated (jsc#PED-3692)
- crypto: qat - split PFVF message decoding from handling (jsc#PED-3692)
- crypto: qat - stop using iommu_present() (jsc#PED-3692)
- crypto: qat - store the PFVF protocol version of the (jsc#PED-3692)
- crypto: qat - store the ring-to-service mapping (jsc#PED-3692)
- crypto: qat - support fast ACKs in the PFVF protocol (jsc#PED-3692)
- crypto: qat - support the reset of ring pairs on PF (jsc#PED-3692)
- crypto: qat - test PFVF registers for spurious interrupts on (jsc#PED-3692)
- crypto: qat - use enums for PFVF protocol codes (jsc#PED-3692)
- crypto: qat - use hweight for bit counting (jsc#PED-3692)
- crypto: qat - use pre-allocated buffers in datapath (jsc#PED-3692)
- crypto: qat - use reference to structure in dma_map_single() (jsc#PED-3692)
- crypto: qat - use u32 variables in all GEN4 pfvf_ops (jsc#PED-3692)
- crypto: sun8i-ss - Fix a test in sun8i_ss_setup_ivs() (git-fixes).
- cxgb4: fix missing unlock on ETHOFLD desc collect fail path (jsc#SLE-18992).
- debugfs: fix error when writing negative value to atomic_t debugfs file (git-fixes).
- dma: gpi: remove spurious unlock in gpi_ch_init (git-fixes).
- dmaengine: at_xdmac: Move the free desc to the tail of the desc list (git-fixes).
- dmaengine: at_xdmac: do not enable all cyclic channels (git-fixes).
- dmaengine: at_xdmac: fix potential Oops in at_xdmac_prep_interleaved() (git-fixes).
- dmaengine: dw-edma: Fix to change for continuous transfer (git-fixes).
- dmaengine: dw-edma: Fix to enable to issue dma request on DMA processing (git-fixes).
- dmaengine: idxd: Do not enable user type Work Queue without Shared Virtual Addressing (git-fixes).
- dmaengine: idxd: Only call idxd_enable_system_pasid() if succeeded in enabling SVA feature (git-fixes).
- dmaengine: idxd: Separate user and kernel pasid enabling (git-fixes).
- dmaengine: mv_xor_v2: Fix an error code (git-fixes).
- dmaengine: pl330: rename _start to prevent build error (git-fixes).
- do not reuse connection if share marked as isolated (bsc#1193629).
- docs: networking: fix x25-iface.rst heading & index order (git-fixes).
- drivers: base: component: fix memory leak with using debugfs_lookup() (git-fixes).
- drivers: base: dd: fix memory leak with using debugfs_lookup() (git-fixes).
- drm/amd/display: Fix hang when skipping modeset (git-fixes).
- drm/amd/display: Use DC_LOG_DC in the trasform pixel function (git-fixes).
- drm/amd/display: edp do not add non-edid timings (git-fixes).
- drm/amd/display: fix flickering caused by S/G mode (git-fixes).
- drm/amd/pm: Fix power context allocation in SMU13 (git-fixes).
- drm/amd/pm: reverse mclk and fclk clocks levels for renoir (git-fixes).
- drm/amd/pm: reverse mclk and fclk clocks levels for vangogh (git-fixes).
- drm/amd/pm: reverse mclk and fclk clocks levels for yellow carp (git-fixes).
- drm/amd: Fix an out of bounds error in BIOS parser (git-fixes).
- drm/amdgpu/gfx: disable gfx9 cp_ecc_error_irq only when enabling legacy gfx ras (git-fixes).
- drm/amdgpu: Fix vram recover does not work after whole GPU reset (v2) (git-fixes).
- drm/amdgpu: Use the default reset when loading or reloading the driver (git-fixes).
- drm/amdgpu: add a missing lock for AMDGPU_SCHED (git-fixes).
- drm/amdgpu: disable sdma ecc irq only when sdma RAS is enabled in suspend (git-fixes).
- drm/amdgpu: fix xclk freq on CHIP_STONEY (git-fixes).
- drm/amdgpu: release gpu full access after 'amdgpu_device_ip_late_init' (git-fixes).
- drm/amdgpu: skip disabling fence driver src_irqs when device is unplugged (git-fixes).
- drm/amdgpu: update drm_display_info correctly when the edid is read (git-fixes).
- drm/ast: Fix ARM compatibility (git-fixes).
- drm/displayid: add displayid_get_header() and check bounds better (git-fixes).
- drm/exynos: fix g2d_open/close helper function definitions (git-fixes).
- drm/i915/dg2: Add HDMI pixel clock frequencies 267.30 and 319.89 MHz (git-fixes).
- drm/i915/dg2: Add additional HDMI pixel clock frequencies (git-fixes).
- drm/i915/dg2: Support 4k@30 on HDMI (git-fixes).
- drm/i915/dp: prevent potential div-by-zero (git-fixes).
- drm/i915/gt: Use the correct error value when kernel_context() fails (git-fixes).
- drm/i915/selftests: Add some missing error propagation (git-fixes).
- drm/i915/selftests: Increase timeout for live_parallel_switch (git-fixes).
- drm/i915/selftests: Stop using kthread_stop() (git-fixes).
- drm/i915: Explain the magic numbers for AUX SYNC/precharge length (git-fixes).
- drm/i915: Use 18 fast wake AUX sync len (git-fixes).
- drm/mipi-dsi: Set the fwnode for mipi_dsi_device (git-fixes).
- drm/msm/dp: Clean up handling of DP AUX interrupts (git-fixes).
- drm/msm/dp: unregister audio driver during unbind (git-fixes).
- drm/msm/dpu: Add INTF_5 interrupts (git-fixes).
- drm/msm/dpu: Move non-MDP_TOP INTF_INTR offsets out of hwio header (git-fixes).
- drm/msm/dpu: Remove duplicate register defines from INTF (git-fixes).
- drm/msm: Be more shouty if per-process pgtables are not working (git-fixes).
- drm/msm: Set max segment size earlier (git-fixes).
- drm/nouveau/dp: check for NULL nv_connector->native_mode (git-fixes).
- drm/nouveau: add nv_encoder pointer check for NULL (git-fixes).
- drm/nouveau: do not detect DSM for non-NVIDIA device (git-fixes).
- drm/sched: Remove redundant check (git-fixes).
- drm/tegra: Avoid potential 32-bit integer overflow (git-fixes).
- drm/ttm/pool: Fix ttm_pool_alloc error path (git-fixes).
- drm/ttm: optimize pool allocations a bit v2 (git-fixes).
- drm:amd:amdgpu: Fix missing buffer object unlock in failure path (git-fixes).
- dt-binding: cdns,usb3: Fix cdns,on-chip-buff-size type (git-fixes).
- dt-bindings: ata: ahci-ceva: Cover all 4 iommus entries (git-fixes).
- dt-bindings: ata: ahci-ceva: convert to yaml (git-fixes).
- dt-bindings: i3c: silvaco,i3c-master: fix missing schema restriction (git-fixes).
- dt-bindings: iio: adc: renesas,rcar-gyroadc: Fix adi,ad7476 compatible value (git-fixes).
- dt-bindings: usb: snps,dwc3: Fix 'snps,hsphy_interface' type (git-fixes).
- eeprom: at24: also select REGMAP (git-fixes).
- ext4: unconditionally enable the i_version counter (bsc#1211299).
- f2fs: Fix f2fs_truncate_partial_nodes ftrace event (git-fixes).
- fbcon: Fix null-ptr-deref in soft_cursor (git-fixes).
- fbdev: Prevent possible use-after-free in fb_release() (bsc#1152472).
- fbdev: arcfb: Fix error handling in arcfb_probe() (git-fixes).
- fbdev: ep93xx-fb: Add missing clk_disable_unprepare in ep93xxfb_probe() (git-fixes).
- fbdev: fbcon: Destroy mutex on freeing struct fb_info (bsc#1152489)
- fbdev: imsttfb: Fix use after free bug in imsttfb_probe (git-fixes bsc#1211387).
- fbdev: modedb: Add 1920x1080 at 60 Hz video mode (git-fixes).
- fbdev: stifb: Fall back to cfb_fillrect() on 32-bit HCRX cards (git-fixes).
- fbdev: stifb: Fix info entry in sti_struct on error path (git-fixes).
- fbdev: udlfb: Fix endpoint check (git-fixes).
- firmware: arm_ffa: Check if ffa_driver remove is present before executing (git-fixes).
- firmware: arm_ffa: Set handle field to zero in memory descriptor (git-fixes).
- firmware: arm_ffa: Set reserved/MBZ fields to zero in the memory descriptors (git-fixes).
- fs/jfs: fix shift exponent db_agl2size negative (git-fixes).
- fs: hfsplus: fix UAF issue in hfsplus_put_super (git-fixes).
- fs: jfs: fix possible NULL pointer dereference in dbFree() (git-fixes).
- fs: jfs: fix shift-out-of-bounds in dbAllocAG (git-fixes).
- fs: jfs: fix shift-out-of-bounds in dbDiscardAG (git-fixes).
- fs: sysv: Fix sysv_nblocks() returns wrong value (git-fixes).
- fuse: always revalidate rename target dentry (bsc#1211808).
- fuse: fix attr version comparison in fuse_read_update_size() (bsc#1211807).
- futex: Resend potentially swallowed owner death notification (git-fixes).
- google/gve:fix repeated words in comments (bsc#1211519).
- gpio: mockup: Fix mode of debugfs files (git-fixes).
- gve: Adding a new AdminQ command to verify driver (bsc#1211519).
- gve: Cache link_speed value from device (git-fixes).
- gve: Fix error return code in gve_prefill_rx_pages() (bsc#1211519).
- gve: Fix spelling mistake 'droping' -> 'dropping' (bsc#1211519).
- gve: Handle alternate miss completions (bsc#1211519).
- gve: Reduce alloc and copy costs in the GQ rx path (bsc#1211519).
- gve: Remove the code of clearing PBA bit (git-fixes).
- gve: Secure enough bytes in the first TX desc for all TCP pkts (git-fixes).
- gve: enhance no queue page list detection (bsc#1211519).
- hfs/hfsplus: avoid WARN_ON() for sanity check, use proper error handling (git-fixes).
- hfs/hfsplus: use WARN_ON for sanity check (git-fixes).
- hfs: Fix OOB Write in hfs_asc2mac (git-fixes).
- hfs: fix OOB Read in __hfs_brec_find (git-fixes).
- hfs: fix missing hfs_bnode_get() in __hfs_bnode_create (git-fixes).
- hfsplus: fix bug causing custom uid and gid being unable to be assigned with mount (git-fixes).
- i2c: mv64xxx: Fix reading invalid status value in atomic mode (git-fixes).
- i2c: omap: Fix standard mode false ACK readings (git-fixes).
- i2c: sprd: Delete i2c adapter in .remove's error path (git-fixes).
- i2c: tegra: Fix PEC support for SMBUS block read (git-fixes).
- i40e: Add checking for null for nlmsg_find_attr() (jsc#SLE-18378).
- i40e: Fix ADQ rate limiting for PF (jsc#SLE-18378).
- i40e: Fix DMA mappings leak (jsc#SLE-18378).
- i40e: Fix VF hang when reset is triggered on another VF (jsc#SLE-18378).
- i40e: Fix VF set max MTU size (jsc#SLE-18378).
- i40e: Fix VF's MAC Address change on VM (jsc#SLE-18378).
- i40e: Fix adding ADQ filter to TC0 (jsc#SLE-18378).
- i40e: Fix calculating the number of queue pairs (jsc#SLE-18378).
- i40e: Fix erroneous adapter reinitialization during recovery process (jsc#SLE-18378).
- i40e: Fix ethtool rx-flow-hash setting for X722 (jsc#SLE-18378).
- i40e: Fix flow-type by setting GL_HASH_INSET registers (jsc#SLE-18378).
- i40e: Fix for VF MAC address 0 (jsc#SLE-18378).
- i40e: Fix incorrect address type for IPv6 flow rules (jsc#SLE-18378).
- i40e: Fix interface init with MSI interrupts (no MSI-X) (jsc#SLE-18378).
- i40e: Fix kernel crash during module removal (jsc#SLE-18378).
- i40e: Fix kernel crash during reboot when adapter is in recovery mode (jsc#SLE-18378).
- i40e: Fix set max_tx_rate when it is lower than 1 Mbps (jsc#SLE-18378).
- i40e: Fix the inability to attach XDP program on downed interface (jsc#SLE-18378).
- i40e: Refactor tc mqprio checks (jsc#SLE-18378).
- i40e: add double of VLAN header when computing the max MTU (jsc#SLE-18378).
- i40e: fix accessing vsi->active_filters without holding lock (jsc#SLE-18378).
- i40e: fix flow director packet filter programming (jsc#SLE-18378).
- i40e: fix i40e_setup_misc_vector() error handling (jsc#SLE-18378).
- i40e: fix registers dump after run ethtool adapter self test (jsc#SLE-18378).
- iavf/iavf_main: actually log ->src mask when talking about it (jsc#SLE-18385).
- iavf: Detach device during reset task (jsc#SLE-18385).
- iavf: Disallow changing rx/tx-frames and rx/tx-frames-irq (jsc#SLE-18385).
- iavf: Do not restart Tx queues after reset task failure (jsc#SLE-18385).
- iavf: Fix 'tc qdisc show' listing too many queues (jsc#SLE-18385).
- iavf: Fix a crash during reset task (jsc#SLE-18385).
- iavf: Fix bad page state (jsc#SLE-18385).
- iavf: Fix cached head and tail value for iavf_get_tx_pending (jsc#SLE-18385).
- iavf: Fix error handling in iavf_init_module() (jsc#SLE-18385).
- iavf: Fix max_rate limiting (jsc#SLE-18385).
- iavf: Fix race condition between iavf_shutdown and iavf_remove (jsc#SLE-18385).
- iavf: Fix set max MTU size with port VLAN and jumbo frames (jsc#SLE-18385).
- iavf: fix hang on reboot with ice (jsc#SLE-18385).
- iavf: fix inverted Rx hash condition leading to disabled hash (jsc#SLE-18385).
- iavf: fix non-tunneled IPv6 UDP packet type and hashing (jsc#SLE-18385).
- iavf: remove mask from iavf_irq_enable_queues() (git-fixes).
- ice: Fix interrupt moderation settings getting cleared (jsc#SLE-18375).
- ice: Set txq_teid to ICE_INVAL_TEID on ring creation (jsc#SLE-18375).
- igb: Add lock to avoid data race (jsc#SLE-18379).
- igb: Enable SR-IOV after reinit (jsc#SLE-18379).
- igb: Initialize mailbox message for VF reset (jsc#SLE-18379).
- igb: conditionalize I2C bit banging on external thermal sensor support (jsc#SLE-18379).
- igb: fix bit_shift to be in [1..8] range (git-fixes).
- igb: fix nvm.ops.read() error handling (git-fixes).
- igb: revert rtnl_lock() that causes deadlock (jsc#SLE-18379).
- igbvf: Regard vf reset nack as success (jsc#SLE-18379).
- igc: Add checking for basetime less than zero (jsc#SLE-18377).
- igc: Add ndo_tx_timeout support (jsc#SLE-18377).
- igc: Clean the TX buffer and TX descriptor ring (git-fixes).
- igc: Enhance Qbv scheduling by using first flag bit (jsc#SLE-18377).
- igc: Fix PPS delta between two synchronized end-points (jsc#SLE-18377).
- igc: Fix possible system crash when loading module (git-fixes).
- igc: Lift TAPRIO schedule restriction (jsc#SLE-18377).
- igc: Reinstate IGC_REMOVED logic and implement it properly (jsc#SLE-18377).
- igc: Set Qbv start_time and end_time to end_time if not being configured in GCL (jsc#SLE-18377).
- igc: Use strict cycles for Qbv scheduling (jsc#SLE-18377).
- igc: allow BaseTime 0 enrollment for Qbv (jsc#SLE-18377).
- igc: fix the validation logic for taprio's gate list (jsc#SLE-18377).
- igc: read before write to SRRCTL register (jsc#SLE-18377).
- igc: recalculate Qbv end_time by considering cycle time (jsc#SLE-18377).
- igc: return an error if the mac type is unknown in igc_ptp_systim_to_hwtstamp() (jsc#SLE-18377).
- iio: accel: st_accel: Fix invalid mount_matrix on devices without ACPI _ONT method (git-fixes).
- iio: adc: ad7192: Change 'shorted' channels to differential (git-fixes).
- iio: adc: ad_sigma_delta: Fix IRQ issue by setting IRQ_DISABLE_UNLAZY flag (git-fixes).
- iio: adc: mxs-lradc: fix the order of two cleanup operations (git-fixes).
- iio: adc: palmas_gpadc: fix NULL dereference on rmmod (git-fixes).
- iio: dac: mcp4725: Fix i2c_master_send() return value handling (git-fixes).
- iio: imu: inv_icm42600: fix timestamp reset (git-fixes).
- iio: light: vcnl4035: fixed chip ID check (git-fixes).
- init, x86: Move mem_encrypt_init() into arch_cpu_finalize_init() (bsc#1212448).
- init: Invoke arch_cpu_finalize_init() earlier (bsc#1212448).
- init: Provide arch_cpu_finalize_init() (bsc#1212448).
- init: Remove check_bugs() leftovers (bsc#1212448).
- intel/igbvf: free irq on the error path in igbvf_request_msix() (jsc#SLE-18379).
- ipv6: sr: fix out-of-bounds read when setting HMAC data (bsc#1211592).
- iwlwifi: cfg: Add missing MODULE_FIRMWARE() for *.pnvm (bsc#1207553).
- ixgbe: Allow flow hash to be set via ethtool (jsc#SLE-18384).
- ixgbe: Enable setting RSS table to default values (jsc#SLE-18384).
- ixgbe: Fix panic during XDP_TX with > 64 CPUs (jsc#SLE-18384).
- ixgbe: add double of VLAN header when computing the max MTU (jsc#SLE-18384).
- ixgbe: allow to increase MTU to 3K with XDP enabled (jsc#SLE-18384).
- ixgbe: fix pci device refcount leak (jsc#SLE-18384).
- ixgbe: stop resetting SYSTIME in ixgbe_ptp_start_cyclecounter (jsc#SLE-18384).
- jfs: Fix fortify moan in symlink (git-fixes).
- kABI workaround for btbcm.c (git-fixes).
- kABI workaround for mt76_poll_msec() (git-fixes).
- kABI: Fix kABI after backport Emulate RDPID only if it is enabled in guest (git-fixes)
- kABI: Fixed broken 3rd party dirvers issue (bsc#1208050 bsc#1211414).
- kabi/severities: added Microsoft mana symbold (bsc#1210551)
- kernel-binary: install expoline.o (boo#1210791 bsc#1211089)
- kernel-docs: Add buildrequires on python3-base when using python3 The python3 binary is provided by python3-base.
- kernel-docs: Add missing top level chapter numbers on SLE12 SP5 (bsc#1212158).
- kernel-source: Remove unused macro variant_symbols
- kernel-spec-macros: Fix up obsolete_rebuilds_subpackage to generate obsoletes correctly (boo#1172073 bsc#1191731).
- kprobe: reverse kp->flags when arm_kprobe failed (git-fixes).
- kprobes: Fix check for probe enabled in kill_kprobe() (git-fixes).
- kprobes: Fix to handle forcibly unoptimized kprobes on freeing_list (git-fixes).
- kprobes: Forbid probing on trampoline and BPF code areas (git-fixes).
- kprobes: Prohibit probes in gate area (git-fixes).
- kprobes: Skip clearing aggrprobe's post_handler in kprobe-on-ftrace case (git-fixes).
- kprobes: do not call disarm_kprobe() for disabled kprobes (git-fixes).
- kvm: x86: Disable KVM_HC_CLOCK_PAIRING if tsc is in always catchup mode (git-fixes).
- leds: Fix reference to led_set_brightness() in doc (git-fixes).
- leds: TI_LMU_COMMON: select REGMAP instead of depending on it (git-fixes).
- leds: tca6507: Fix error handling of using fwnode_property_read_string (git-fixes).
- libfs: add DEFINE_SIMPLE_ATTRIBUTE_SIGNED for signed value (git-fixes).
- locking/rwsem: Add __always_inline annotation to __down_read_common() and inlined callers (git-fixes).
- lpfc: Account for fabric domain ctlr device loss recovery (bsc#1211346, bsc#1211852).
- lpfc: Change firmware upgrade logging to KERN_NOTICE instead of TRACE_EVENT (bsc#1211852).
- lpfc: Clean up SLI-4 CQE status handling (bsc#1211852).
- lpfc: Clear NLP_IN_DEV_LOSS flag if already in rediscovery (bsc#1211852).
- lpfc: Copyright updates for 14.2.0.13 patches (bsc#1211852).
- lpfc: Enhance congestion statistics collection (bsc#1211852).
- lpfc: Fix use-after-free rport memory access in lpfc_register_remote_port (bsc#1211852, bsc#1208410, bsc#1211346).
- lpfc: Revise NPIV ELS unsol rcv cmpl logic to drop ndlp based on nlp_state (bsc#1211852).
- lpfc: Update lpfc version to 14.2.0.13 (bsc#1211852).
- mailbox: mailbox-test: Fix potential double-free in mbox_test_message_write() (git-fixes).
- mailbox: mailbox-test: fix a locking issue in mbox_test_message_write() (git-fixes).
- mailbox: zynqmp: Fix IPI isr handling (git-fixes).
- mailbox: zynqmp: Fix typo in IPI documentation (git-fixes).
- mce: fix set_mce_nospec to always unmap the whole page (git-fixes).
- media: cx23885: Fix a null-ptr-deref bug in buffer_prepare() and buffer_finish() (git-fixes).
- media: dvb-usb-v2: ce6230: fix null-ptr-deref in ce6230_i2c_master_xfer() (git-fixes).
- media: dvb-usb-v2: ec168: fix null-ptr-deref in ec168_i2c_xfer() (git-fixes).
- media: dvb-usb-v2: rtl28xxu: fix null-ptr-deref in rtl28xxu_i2c_xfer (git-fixes).
- media: dvb-usb: az6027: fix three null-ptr-deref in az6027_i2c_xfer() (git-fixes).
- media: dvb-usb: digitv: fix null-ptr-deref in digitv_i2c_xfer() (git-fixes).
- media: dvb-usb: dw2102: fix uninit-value in su3000_read_mac_address (git-fixes).
- media: dvb_ca_en50221: fix a size write bug (git-fixes).
- media: dvb_demux: fix a bug for the continuity counter (git-fixes).
- media: mn88443x: fix !CONFIG_OF error by drop of_match_ptr from ID table (git-fixes).
- media: netup_unidvb: fix irq init by register it at the end of probe (git-fixes).
- media: netup_unidvb: fix use-after-free at del_timer() (git-fixes).
- media: pci: tw68: Fix null-ptr-deref bug in buf prepare and finish (git-fixes).
- media: radio-shark: Add endpoint checks (git-fixes).
- media: rcar_fdp1: Fix the correct variable assignments (git-fixes).
- media: rcar_fdp1: Make use of the helper function devm_platform_ioremap_resource() (git-fixes).
- memstick: r592: Fix UAF bug in r592_remove due to race condition (bsc#1211449).
- mfd: dln2: Fix memory leak in dln2_probe() (git-fixes).
- mfd: tqmx86: Correct board names for TQMxE39x (git-fixes).
- mfd: tqmx86: Do not access I2C_DETECT register through io_base (git-fixes).
- misc: fastrpc: reject new invocations during device removal (git-fixes).
- misc: fastrpc: return -EPIPE to invocations on device removal (git-fixes).
- mlxfw: fix null-ptr-deref in mlxfw_mfa2_tlv_next() (git-fixes).
- mm/vmalloc: do not output a spurious warning when huge vmalloc() fails (bsc#1211410).
- mm: vmalloc: avoid warn_alloc noise caused by fatal signal (bsc#1211410).
- mmc: sdhci-esdhc-imx: make 'no-mmc-hs400' works (git-fixes).
- mmc: vub300: fix invalid response handling (git-fixes).
- mt76: mt7915: fix incorrect testmode ipg on band 1 caused by wmm_idx (git-fixes).
- mtd: rawnand: ingenic: fix empty stub helper definitions (git-fixes).
- mtd: rawnand: marvell: do not set the NAND frequency select (git-fixes).
- mtd: rawnand: marvell: ensure timing values are written (git-fixes).
- net/iucv: Fix size of interrupt data (bsc#1211465 git-fixes).
- net/net_failover: fix txq exceeding warning (git-fixes).
- net/sched: fix initialization order when updating chain 0 head (git-fixes).
- net/sched: flower: fix possible OOB write in fl_set_geneve_opt() (git-fixes).
- net/sched: sch_netem: Fix arithmetic in netem_dump() for 32-bit platforms (git-fixes).
- net: accept UFOv6 packages in virtio_net_hdr_to_skb (git-fixes).
- net: cdc_ncm: Deal with too low values of dwNtbOutMaxSize (git-fixes).
- net: ena: Account for the number of processed bytes in XDP (git-fixes).
- net: ena: Do not register memory info on XDP exchange (git-fixes).
- net: ena: Fix rx_copybreak value update (git-fixes).
- net: ena: Fix toeplitz initial hash value (git-fixes).
- net: ena: Set default value for RX interrupt moderation (git-fixes).
- net: ena: Update NUMA TPH hint register upon NUMA node update (git-fixes).
- net: ena: Use bitmask to indicate packet redirection (git-fixes).
- net: hns3: add interrupts re-initialization while doing VF FLR (git-fixes).
- net: hns3: fix output information incomplete for dumping tx queue info with debugfs (git-fixes).
- net: hns3: fix reset delay time to avoid configuration timeout (git-fixes).
- net: hns3: fix sending pfc frames after reset issue (git-fixes).
- net: hns3: fix tm port shapping of fibre port is incorrect after driver initialization (git-fixes).
- net: mana: Add new MANA VF performance counters for easier troubleshooting (bsc#1209982).
- net: mana: Add support for auxiliary device (bsc#1210741 jsc#PED-4022).
- net: mana: Add support for jumbo frame (bsc#1210551).
- net: mana: Check if netdev/napi_alloc_frag returns single page (bsc#1210551).
- net: mana: Define and process GDMA response code GDMA_STATUS_MORE_ENTRIES (bsc#1210741 jsc#PED-4022).
- net: mana: Define data structures for allocating doorbell page from GDMA (bsc#1210741 jsc#PED-4022).
- net: mana: Define data structures for protection domain and memory registration (bsc#1210741 jsc#PED-4022).
- net: mana: Define max values for SGL entries (bsc#1210741 jsc#PED-4022).
- net: mana: Enable RX path to handle various MTU sizes (bsc#1210551).
- net: mana: Export Work Queue functions for use by RDMA driver (bsc#1210741 jsc#PED-4022).
- net: mana: Fix perf regression: remove rx_cqes, tx_cqes counters (git-fixes).
- net: mana: Handle vport sharing between devices (bsc#1210741 jsc#PED-4022).
- net: mana: Move header files to a common location (bsc#1210741 jsc#PED-4022).
- net: mana: Record port number in netdev (bsc#1210741 jsc#PED-4022).
- net: mana: Record the physical address for doorbell page region (bsc#1210741 jsc#PED-4022).
- net: mana: Refactor RX buffer allocation code to prepare for various MTU (bsc#1210551).
- net: mana: Rename mana_refill_rxoob and remove some empty lines (bsc#1210551).
- net: mana: Set the DMA device max segment size (bsc#1210741 jsc#PED-4022).
- net: mana: Use napi_build_skb in RX path (bsc#1210551).
- net: mdio: mvusb: Fix an error handling path in mvusb_mdio_probe() (git-fixes).
- net: mellanox: mlxbf_gige: Fix skb_panic splat under memory pressure (bsc#1211564).
- net: phy: dp83867: add w/a for packet errors seen with short cables (git-fixes).
- net: qrtr: correct types of trace event parameters (git-fixes).
- net: sched: fix possible refcount leak in tc_chain_tmplt_add() (git-fixes).
- net: skip virtio_net_hdr_set_proto if protocol already set (git-fixes).
- net: tun: avoid disabling NAPI twice (git-fixes).
- net: tun: fix bugs for oversize packet when napi frags enabled (git-fixes).
- net: tun: stop NAPI when detaching queues (git-fixes).
- net: tun: unlink NAPI from device on destruction (git-fixes).
- net: usb: qmi_wwan: Set DTR quirk for BroadMobi BM818 (git-fixes).
- net: usb: qmi_wwan: add support for Compal RXM-G1 (git-fixes).
- net: virtio_net_hdr_to_skb: count transport header in UFO (git-fixes).
- nfp: only report pause frame configuration for physical device (git-fixes).
- nilfs2: do not write dirty data after degenerating to read-only (git-fixes).
- nilfs2: fix incomplete buffer cleanup in nilfs_btnode_abort_change_key() (git-fixes).
- nilfs2: fix infinite loop in nilfs_mdt_get_block() (git-fixes).
- nilfs2: fix possible out-of-bounds segment allocation in resize ioctl (git-fixes).
- nilfs2: fix use-after-free bug of nilfs_root in nilfs_evict_inode() (git-fixes).
- nouveau: fix client work fence deletion race (git-fixes).
- nvme-fc: fix a missing queue put in nvmet_fc_ls_create_association (git-fixes).
- nvme-multipath: fix hang when disk goes live over reconnect (git-fixes).
- nvme-pci: add quirks for Samsung X5 SSDs (git-fixes).
- nvme-pci: add the IGNORE_DEV_SUBNQN quirk for Intel P4500/P4600 SSDs (git-fixes).
- nvme-pci: avoid the deepest sleep state on ZHITAI TiPro5000 SSDs (git-fixes).
- nvme-pci: avoid the deepest sleep state on ZHITAI TiPro7000 SSDs (git-fixes).
- nvme-pci: clear the prp2 field when not used (git-fixes).
- nvme-pci: disable write zeroes on various Kingston SSD (git-fixes).
- nvme-pci: fix a NULL pointer dereference in nvme_alloc_admin_tags (git-fixes).
- nvme-pci: mark Lexar NM760 as IGNORE_DEV_SUBNQN (git-fixes).
- nvme-pci: set min_align_mask before calculating max_hw_sectors (git-fixes).
- nvme-tcp: fix a possible UAF when failing to allocate an io queue (git-fixes).
- nvme-tcp: fix bogus request completion when failing to send AER (git-fixes).
- nvme-tcp: lockdep: annotate in-kernel sockets (git-fixes).
- nvme: add a bogus subsystem NQN quirk for Micron MTFDKBA2T0TFH (git-fixes).
- nvme: also return I/O command effects from nvme_command_effects (git-fixes).
- nvme: check for duplicate identifiers earlier (git-fixes).
- nvme: cleanup __nvme_check_ids (git-fixes).
- nvme: fix discard support without oncs (git-fixes).
- nvme: fix interpretation of DMRSL (git-fixes).
- nvme: fix multipath crash caused by flush request when blktrace is enabled (git-fixes).
- nvme: fix passthrough csi check (git-fixes).
- nvme: generalize the nvme_multi_css check in nvme_scan_ns (git-fixes).
- nvme: move the Samsung X5 quirk entry to the core quirks (git-fixes).
- nvme: rename nvme_validate_or_alloc_ns to nvme_scan_ns (git-fixes).
- nvme: set non-mdts limits in nvme_scan_work (git-fixes).
- nvmet-tcp: add bounds check on Transfer Tag (git-fixes).
- nvmet-tcp: fix lockdep complaint on nvmet_tcp_wq flush during queue teardown (git-fixes).
- nvmet-tcp: fix unhandled tcp states in nvmet_tcp_state_change() (git-fixes).
- nvmet: fix mar and mor off-by-one errors (git-fixes).
- nvmet: fix memory leak in nvmet_subsys_attr_model_store_locked (git-fixes).
- nvmet: fix workqueue MEM_RECLAIM flushing dependency (git-fixes).
- nvmet: move the call to nvmet_ns_changed out of nvmet_ns_revalidate (git-fixes).
- nvmet: use NVME_CMD_EFFECTS_CSUPP instead of open coding it (git-fixes).
- octeontx2-pf: Avoid use of GFP_KERNEL in atomic context (git-fixes).
- octeontx2-pf: Fix resource leakage in VF driver unbind (git-fixes).
- octeontx2-pf: Fix the use of GFP_KERNEL in atomic context on rt (git-fixes).
- octeontx2-pf: Recalculate UDP checksum for ptp 1-step sync packet (git-fixes).
- phy: st: miphy28lp: use _poll_timeout functions for waits (git-fixes).
- phy: tegra: xusb: Add missing tegra_xusb_port_unregister for usb2_port and ulpi_port (git-fixes).
- pinctrl: meson-axg: add missing GPIOA_18 gpio group (git-fixes).
- pinctrl: qcom: lpass-lpi: set output value before enabling output (git-fixes).
- pinctrl: renesas: r8a779a0: Remove incorrect AVB[01] pinmux configuration (git-fixes).
- platform/surface: aggregator: Allow completion work-items to be executed in parallel (git-fixes).
- platform/x86: asus-wmi: Ignore WMI events with codes 0x7B, 0xC0 (git-fixes).
- platform/x86: hp-wmi: Support touchpad on/off (git-fixes).
- platform/x86: intel_scu_pcidrv: Add back PCI ID for Medfield (git-fixes).
- platform/x86: thinkpad_acpi: Fix platform profiles on T490 (git-fixes).
- platform/x86: touchscreen_dmi: Add info for the Dexp Ursus KX210i (git-fixes).
- platform/x86: touchscreen_dmi: Add upside-down quirk for GDIX1002 ts on the Juno Tablet (git-fixes).
- power: supply: Fix logic checking if system is running from battery (git-fixes).
- power: supply: Ratelimit no data debug output (git-fixes).
- power: supply: ab8500: Fix external_power_changed race (git-fixes).
- power: supply: bq24190_charger: using pm_runtime_resume_and_get instead of pm_runtime_get_sync (git-fixes).
- power: supply: bq27xxx: Add cache parameter to bq27xxx_battery_current_and_status() (git-fixes).
- power: supply: bq27xxx: After charger plug in/out wait 0.5s for things to stabilize (git-fixes).
- power: supply: bq27xxx: Ensure power_supply_changed() is called on current sign changes (git-fixes).
- power: supply: bq27xxx: Fix I2C IRQ race on remove (git-fixes).
- power: supply: bq27xxx: Fix bq27xxx_battery_update() race condition (git-fixes).
- power: supply: bq27xxx: Fix poll_interval handling and races on remove (git-fixes).
- power: supply: bq27xxx: Move bq27xxx_battery_update() down (git-fixes).
- power: supply: bq27xxx: Use mod_delayed_work() instead of cancel() + schedule() (git-fixes).
- power: supply: bq27xxx: expose battery data when CI=1 (git-fixes).
- power: supply: leds: Fix blink to LED on transition (git-fixes).
- power: supply: sbs-charger: Fix INHIBITED bit for Status reg (git-fixes).
- power: supply: sc27xx: Fix external_power_changed race (git-fixes).
- powerpc/64s/radix: Fix soft dirty tracking (bsc#1065729).
- powerpc/64s: Make POWER10 and later use pause_short in cpu_relax loops (bsc#1209367 ltc#195662).
- powerpc/iommu: DMA address offset is incorrectly calculated with 2MB TCEs (jsc#SLE-19556 git-fixes).
- powerpc/purgatory: remove PGO flags (bsc#1194869).
- powerpc/rtas: use memmove for potentially overlapping buffer copy (bsc#1065729).
- powerpc: Do not try to copy PPR for task with NULL pt_regs (bsc#1065729).
- powerpc: Redefine HMT_xxx macros as empty on PPC32 (bsc#1209367 ltc#195662).
- powerpc: add ISA v3.0 / v3.1 wait opcode macro (bsc#1209367 ltc#195662).
- pstore: Revert pmsg_lock back to a normal mutex (git-fixes).
- purgatory: fix disabling debug info (git-fixes).
- pwm: meson: Fix axg ao mux parents (git-fixes).
- pwm: meson: Fix g12a ao clk81 name (git-fixes).
- qed/qed_dev: guard against a possible division by zero (jsc#SLE-19001).
- qed/qed_mng_tlv: correctly zero out ->min instead of ->hour (jsc#SLE-19001).
- qed/qed_sriov: guard against NULL derefs from qed_iov_get_vf_info (jsc#SLE-19001).
- qed/qede: Fix scheduling while atomic (git-fixes).
- qed: allow sleep in qed_mcp_trace_dump() (jsc#SLE-19001).
- qede: execute xdp_do_flush() before napi_complete_done() (jsc#SLE-19001).
- r8152: fix flow control issue of RTL8156A (git-fixes).
- r8152: fix the poor throughput for 2.5G devices (git-fixes).
- r8152: move setting r8153b_rx_agg_chg_indicate() (git-fixes).
- rcu: Fix missing TICK_DEP_MASK_RCU_EXP dependency check (git-fixes).
- regmap: Account for register length when chunking (git-fixes).
- regmap: cache: Return error in cache sync operations for REGCACHE_NONE (git-fixes).
- regmap: spi-avmm: Fix regmap_bus max_raw_write (git-fixes).
- regulator: Fix error checking for debugfs_create_dir (git-fixes).
- regulator: mt6359: add read check for PMIC MT6359 (git-fixes).
- regulator: pca9450: Fix BUCK2 enable_mask (git-fixes).
- regulator: pca9450: Fix LDO3OUT and LDO4OUT MASK (git-fixes).
- reiserfs: Add missing calls to reiserfs_security_free() (git-fixes).
- reiserfs: Add security prefix to xattr name in reiserfs_security_write() (git-fixes).
- remoteproc: stm32_rproc: Add mutex protection for workqueue (git-fixes).
- revert 'squashfs: harden sanity check in squashfs_read_xattr_id_table' (git-fixes).
- ring-buffer: Ensure proper resetting of atomic variables in ring_buffer_reset_online_cpus (git-fixes).
- ring-buffer: Fix kernel-doc (git-fixes).
- ring-buffer: Sync IRQ works before buffer destruction (git-fixes).
- rpm/constraints.in: Increase disk size constraint for riscv64 to 52GB
- rpm/kernel-binary.spec.in: Fix compatibility wth newer rpm
- rpm/kernel-docs.spec.in: pass PYTHON=python3 to fix build error (bsc#1160435)
- rpm/kernel-source.spec.in: Add patches.drm for moved DRM patches
- rtmutex: Ensure that the top waiter is always woken up (git-fixes).
- s390/ap: fix crash on older machines based on QCI info missing (bsc#1210947)
- s390/ctcm: Fix return type of ctc{mp,}m_tx() (git-fixes bsc#1211686).
- s390/dasd: Use correct lock while counting channel queue length (git-fixes bsc#1212592).
- s390/dasd: fix hanging blockdevice after request requeue (git-fixes bsc#1211687).
- s390/extmem: return correct segment type in __segment_load() (bsc#1210450 git-fixes).
- s390/kprobes: fix current_kprobe never cleared after kprobes reenter (git-fixes bsc#1211688).
- s390/kprobes: fix irq mask clobbering on kprobe reenter from post_handler (git-fixes bsc#1211689).
- s390/lcs: Fix return type of lcs_start_xmit() (git-fixes bsc#1211690).
- s390/mem_detect: fix detect_memory() error handling (git-fixes bsc#1211691).
- s390/netiucv: Fix return type of netiucv_tx() (git-fixes bsc#1211692).
- s390/qdio: fix do_sqbs() inline assembly constraint (git-fixes bsc#1211693).
- s390/qeth: fix use-after-free in hsci (bsc#1210449 git-fixes).
- s390/uaccess: add missing earlyclobber annotations to __clear_user() (bsc#1209856 git-fixes).
- s390/vdso: remove -nostdlib compiler flag (git-fixes bsc#1211714).
- s390: Hard lockups are observed while running stress-ng and LPAR hangs (bsc#1195655 ltc#195733).
- scsi: core: Decrease scsi_device's iorequest_cnt if dispatch failed (git-fixes).
- scsi: core: Improve scsi_vpd_inquiry() checks (git-fixes).
- scsi: hisi_sas: Handle NCQ error when IPTT is valid (git-fixes).
- scsi: libsas: Add sas_ata_device_link_abort() (git-fixes).
- scsi: libsas: Grab the ATA port lock in sas_ata_device_link_abort() (git-fixes).
- scsi: lpfc: Add new RCQE status for handling DMA failures (bsc#1211847).
- scsi: lpfc: Fix double free in lpfc_cmpl_els_logo_acc() caused by lpfc_nlp_not_used() (bsc#1211847).
- scsi: lpfc: Fix verbose logging for SCSI commands issued to SES devices (bsc#1211847).
- scsi: lpfc: Match lock ordering of lpfc_cmd->buf_lock and hbalock for abort paths (bsc#1211847).
- scsi: lpfc: Replace blk_irq_poll intr handler with threaded IRQ (bsc#1211847).
- scsi: lpfc: Update congestion warning notification period (bsc#1211847).
- scsi: lpfc: Update lpfc version to 14.2.0.12 (bsc#1211847).
- scsi: megaraid: Fix mega_cmd_done() CMDID_INT_CMDS (git-fixes).
- scsi: megaraid_sas: Fix fw_crash_buffer_show() (git-fixes).
- scsi: qedi: Fix use after free bug in qedi_remove() (git-fixes).
- scsi: qla2xxx: Drop redundant pci_enable_pcie_error_reporting() (bsc#1211960).
- scsi: qla2xxx: Fix hang in task management (bsc#1211960).
- scsi: qla2xxx: Fix mem access after free (bsc#1211960).
- scsi: qla2xxx: Fix task management cmd fail due to unavailable resource (bsc#1211960).
- scsi: qla2xxx: Fix task management cmd failure (bsc#1211960).
- scsi: qla2xxx: Multi-que support for TMF (bsc#1211960).
- scsi: qla2xxx: Refer directly to the qla2xxx_driver_template (bsc#1211960).
- scsi: qla2xxx: Remove default fabric ops callouts (bsc#1211960).
- scsi: qla2xxx: Replace all non-returning strlcpy() with strscpy() (bsc#1211960).
- scsi: qla2xxx: Update version to 10.02.08.300-k (bsc#1211960).
- scsi: qla2xxx: Wait for io return on terminate rport (bsc#1211960).
- scsi: ses: Handle enclosure with just a primary component gracefully (git-fixes).
- scsi: stex: Fix gcc 13 warnings (git-fixes).
- scsi: storvsc: Do not pass unused PFNs to Hyper-V host (git-fixes).
- selftests mount: Fix mount_setattr_test builds failed (git-fixes).
- selftests/ptp: Fix timestamp printf format for PTP_SYS_OFFSET (git-fixes).
- selftests/resctrl: Allow ->setup() to return errors (git-fixes).
- selftests/resctrl: Check for return value after write_schemata() (git-fixes).
- selftests/resctrl: Extend CPU vendor detection (git-fixes).
- selftests/resctrl: Move ->setup() call outside of test specific branches (git-fixes).
- selftests/resctrl: Return NULL if malloc_and_init_memory() did not alloc mem (git-fixes).
- selftests/sgx: Add 'test_encl.elf' to TEST_FILES (git-fixes).
- selftests: mptcp: connect: skip if MPTCP is not supported (git-fixes).
- selftests: mptcp: pm nl: skip if MPTCP is not supported (git-fixes).
- selftests: mptcp: sockopt: skip if MPTCP is not supported (git-fixes).
- selftests: seg6: disable DAD on IPv6 router cfg for srv6_end_dt4_l3vpn_test (git-fixes).
- selftests: srv6: make srv6_end_dt46_l3vpn_test more robust (git-fixes).
- selftests: xsk: Disable IPv6 on VETH1 (git-fixes).
- selftets: seg6: disable rp_filter by default in srv6_end_dt4_l3vpn_test (git-fixes).
- selinux: do not use make's grouped targets feature yet (git-fixes).
- serial: 8250: Reinit port->pm on port specific driver unbind (git-fixes).
- serial: 8250_bcm7271: balance clk_enable calls (git-fixes).
- serial: 8250_bcm7271: fix leak in `brcmuart_probe` (git-fixes).
- serial: 8250_exar: Add support for USR298x PCI Modems (git-fixes).
- serial: 8250_tegra: Fix an error handling path in tegra_uart_probe() (git-fixes).
- serial: Add support for Advantech PCI-1611U card (git-fixes).
- serial: arc_uart: fix of_iomap leak in `arc_serial_probe` (git-fixes).
- serial: lantiq: add missing interrupt ack (git-fixes).
- serial: qcom-geni: fix enabling deactivated interrupt (git-fixes).
- serial: stm32: re-introduce an irq flag condition in usart_receive_chars (git-fixes).
- sfc: Change VF mac via PF as first preference if available (git-fixes).
- sfc: Fix module EEPROM reporting for QSFP modules (git-fixes).
- sfc: Fix use-after-free due to selftest_work (git-fixes).
- sfc: correctly advertise tunneled IPv6 segmentation (git-fixes).
- sfc: disable RXFCS and RXALL features by default (git-fixes).
- sfc: ef10: do not overwrite offload features at NIC reset (git-fixes).
- sfc: fix TX channel offset when using legacy interrupts (git-fixes).
- sfc: fix considering that all channels have TX queues (git-fixes).
- sfc: fix null pointer dereference in efx_hard_start_xmit (git-fixes).
- sfc: fix wrong tx channel offset with efx_separate_tx_channels (git-fixes).
- sfc: include vport_id in filter spec hash and equal() (git-fixes).
- smb3: display debug information better for encryption (bsc#1193629).
- smb3: fix problem remounting a share after shutdown (bsc#1193629).
- smb3: improve parallel reads of large files (bsc#1193629).
- smb3: make query_on_disk_id open context consistent and move to common code (bsc#1193629).
- smb3: move some common open context structs to smbfs_common (bsc#1193629).
- soundwire: qcom: correct setting ignore bit on v1.5.1 (git-fixes).
- soundwire: qcom: gracefully handle too many ports in DT (git-fixes).
- spi: fsl-dspi: avoid SCK glitches with continuous transfers (git-fixes).
- spi: qup: Request DMA before enabling clocks (git-fixes).
- spi: spi-imx: fix MX51_ECSPI_* macros when cs > 3 (git-fixes).
- spi: spi-imx: using pm_runtime_resume_and_get instead of pm_runtime_get_sync (git-fixes).
- spi: tegra210-quad: Fix combined sequence (bsc#1212584)
- spi: tegra210-quad: Fix iterator outside loop (git-fixes).
- spi: tegra210-quad: Multi-cs support (bsc#1212584)
- squashfs: harden sanity check in squashfs_read_xattr_id_table (git-fixes).
- staging: rtl8192e: Replace macro RTL_PCI_DEVICE with PCI_DEVICE (git-fixes).
- struct ci_hdrc: hide new member at end (git-fixes).
- supported.conf: Move bt878 and bttv modules to kernel-*-extra (jsc#PED-3931)
- supported.conf: mark mana_ib supported
- swiotlb: relocate PageHighMem test away from rmem_swiotlb_setup (git-fixes).
- test_firmware: Use kstrtobool() instead of strtobool() (git-fixes).
- test_firmware: fix the memory leak of the allocated firmware buffer (git-fixes).
- test_firmware: prevent race conditions by a correct implementation of locking (git-fixes).
- thunderbolt: Clear registers properly when auto clear isn't in use (bsc#1210165).
- thunderbolt: Mask ring interrupt on Intel hardware as well (bsc#1210165).
- thunderbolt: dma_test: Use correct value for absent rings when creating paths (git-fixes).
- tls: Skip tls_append_frag on zero copy size (git-fixes).
- tools/virtio: compile with -pthread (git-fixes).
- tools/virtio: fix the vringh test for virtio ring changes (git-fixes).
- tools/virtio: fix virtio_test execution (git-fixes).
- tools/virtio: initialize spinlocks in vring_test.c (git-fixes).
- tools: bpftool: Remove invalid \' json escape (git-fixes).
- tpm, tpm_tis: Claim locality before writing TPM_INT_ENABLE register (git-fixes).
- tpm, tpm_tis: Disable interrupts if tpm_tis_probe_irq() failed (git-fixes).
- tpm, tpm_tis: Request threaded interrupt handler (git-fixes).
- tpm/tpm_tis: Disable interrupts for more Lenovo devices (git-fixes).
- tracing/histograms: Allow variables to have some modifiers (git-fixes).
- tracing/probe: trace_probe_primary_from_call(): checked list_first_entry (git-fixes).
- tracing: Fix permissions for the buffer_percent file (git-fixes).
- tracing: Have event format check not flag %p* on __get_dynamic_array() (git-fixes, bsc#1212350).
- tracing: Introduce helpers to safely handle dynamic-sized sockaddrs (git-fixes).
- tracing: Update print fmt check to handle new __get_sockaddr() macro (git-fixes, bsc#1212350).
- tty: serial: fsl_lpuart: use UARTCTRL_TXINV to send break instead of UARTCTRL_SBK (git-fixes).
- usb-storage: fix deadlock when a scsi command timeouts more than once (git-fixes).
- usb: cdns3: fix NCM gadget RX speed 20x slow than expection at iMX8QM (git-fixes).
- usb: chipidea: core: fix possible concurrent when switch role (git-fixes).
- usb: dwc3: Align DWC3_EP_* flag macros (git-fixes).
- usb: dwc3: Fix a repeated word checkpatch warning (git-fixes).
- usb: dwc3: Fix ep0 handling when getting reset while doing control transfer (git-fixes).
- usb: dwc3: debugfs: Resume dwc3 before accessing registers (git-fixes).
- usb: dwc3: drd: use helper to get role-switch-default-mode (git-fixes).
- usb: dwc3: ep0: Do not prepare beyond Setup stage (git-fixes).
- usb: dwc3: gadget: Delay issuing End Transfer (git-fixes).
- usb: dwc3: gadget: Execute gadget stop after halting the controller (git-fixes).
- usb: dwc3: gadget: Improve dwc3_gadget_suspend() and dwc3_gadget_resume() (git-fixes).
- usb: dwc3: gadget: Only End Transfer for ep0 data phase (git-fixes).
- usb: dwc3: gadget: Reset num TRBs before giving back the request (git-fixes).
- usb: dwc3: gadget: Stall and restart EP0 if host is unresponsive (git-fixes).
- usb: dwc3: remove a possible unnecessary 'out of memory' message (git-fixes).
- usb: gadget: f_fs: Add unbind event before functionfs_unbind (git-fixes).
- usb: gadget: u_ether: Fix host MAC address case (git-fixes).
- usb: mtu3: fix kernel panic at qmu transfer done irq handler (git-fixes).
- usb: typec: altmodes/displayport: fix pin_assignment_show (git-fixes).
- usb: typec: tcpm: fix multiple times discover svids error (git-fixes).
- usb: typec: ucsi: Fix command cancellation (git-fixes).
- usb: usbfs: Enforce page requirements for mmap (git-fixes).
- usb: usbfs: Use consistent mmap functions (git-fixes).
- usrmerge: Compatibility with earlier rpm (boo#1211796)
- vc_screen: reload load of struct vc_data pointer in vcs_write() to avoid UAF (git-fixes).
- vdpa: fix use-after-free on vp_vdpa_remove (git-fixes).
- vhost/net: Clear the pending messages when the backend is removed (git-fixes).
- virtio-net: Keep stop() to follow mirror sequence of open() (git-fixes).
- virtio-net: execute xdp_do_flush() before napi_complete_done() (git-fixes).
- virtio_net: bugfix overflow inside xdp_linearize_page() (git-fixes).
- virtio_net: split free_unused_bufs() (git-fixes).
- virtio_net: suppress cpu stall when free_unused_bufs (git-fixes).
- watchdog: dw_wdt: Fix the error handling path of dw_wdt_drv_probe() (git-fixes).
- watchdog: menz069_wdt: fix watchdog initialisation (git-fixes).
- watchdog: sp5100_tco: Immediately trigger upon starting (git-fixes).
- wifi: ath11k: Fix SKB corruption in REO destination ring (git-fixes).
- wifi: ath: Silence memcpy run-time false positive warning (git-fixes).
- wifi: b43: fix incorrect __packed annotation (git-fixes).
- wifi: brcmfmac: cfg80211: Pass the PMK in binary instead of hex (git-fixes).
- wifi: cfg80211: fix locking in regulatory disconnect (git-fixes).
- wifi: cfg80211: fix locking in sched scan stop work (git-fixes).
- wifi: iwlwifi: dvm: Fix memcpy: detected field-spanning write backtrace (git-fixes).
- wifi: iwlwifi: fix OEM's name in the ppag approved list (git-fixes).
- wifi: iwlwifi: fw: fix DBGI dump (git-fixes).
- wifi: iwlwifi: mvm: do not trust firmware n_channels (git-fixes).
- wifi: iwlwifi: mvm: fix OEM's name in the tas approved list (git-fixes).
- wifi: iwlwifi: mvm: fix cancel_delayed_work_sync() deadlock (git-fixes).
- wifi: iwlwifi: pcie: Fix integer overflow in iwl_write_to_user_buf (git-fixes).
- wifi: iwlwifi: pcie: fix possible NULL pointer dereference (git-fixes).
- wifi: mac80211: fix min center freq offset tracing (git-fixes).
- wifi: mac80211: simplify chanctx allocation (git-fixes).
- wifi: mt76: add flexible polling wait-interval support (git-fixes).
- wifi: mt76: mt7615: fix possible race in mt7615_mac_sta_poll (git-fixes).
- wifi: mt76: mt7921e: Set memory space enable in PCI_COMMAND if unset (git-fixes).
- wifi: mt76: mt7921e: fix probe timeout after reboot (git-fixes).
- wifi: mt76: mt7921e: improve reliability of dma reset (git-fixes).
- wifi: rtl8xxxu: RTL8192EU always needs full init (git-fixes).
- wifi: rtl8xxxu: fix authentication timeout due to incorrect RCR value (git-fixes).
- workqueue: Fix hung time report of worker pools (bsc#1211044).
- workqueue: Interrupted create_worker() is not a repeated event (bsc#1211044).
- workqueue: Print backtraces from CPUs with hung CPU bound workqueues (bsc#1211044).
- workqueue: Warn when a new worker could not be created (bsc#1211044).
- workqueue: Warn when a rescuer could not be created (bsc#1211044).
- x86, sched: Fix undefined reference to init_freq_invariance_cppc() build error (git-fixes).
- x86/MCE/AMD: Use an u64 for bank_map (git-fixes).
- x86/alternative: Make debug-alternative selective (bsc#1206578).
- x86/alternative: Report missing return thunk details (git-fixes).
- x86/alternative: Support relocations in alternatives (bsc#1206578).
- x86/amd: Use IBPB for firmware calls (git-fixes).
- x86/boot: Skip realmode init code when running as Xen PV guest (git-fixes).
- x86/bugs: Add 'unknown' reporting for MMIO Stale Data (git-fixes).
- x86/bugs: Do not enable IBPB at firmware entry when IBPB is not available (git-fixes).
- x86/bugs: Warn when 'ibrs' mitigation is selected on Enhanced IBRS parts (git-fixes).
- x86/cpu: Switch to arch_cpu_finalize_init() (bsc#1212448).
- x86/crash: Disable virt in core NMI crash handler to avoid double shootdown (git-fixes).
- x86/delay: Fix the wrong asm constraint in delay_loop() (git-fixes).
- x86/entry: Build thunk_$(BITS) only if CONFIG_PREEMPTION=y (git-fixes).
- x86/fault: Cast an argument to the proper address space in prefetch() (git-fixes).
- x86/fpu/xsave: Initialize offset/size cache early (bsc#1211205).
- x86/fpu: Fix copy_xstate_to_uabi() to copy init states correctly (git-fixes).
- x86/fpu: Fix the init_fpstate size check with the actual size (git-fixes).
- x86/fpu: Mark init functions __init (bsc#1212448).
- x86/fpu: Move FPU initialization into arch_cpu_finalize_init() (bsc#1212448).
- x86/fpu: Remove cpuinfo argument from init functions (bsc#1212448).
- x86/fpu: Use _Alignof to avoid undefined behavior in TYPE_ALIGN (git-fixes).
- x86/hyperv: Block root partition functionality in a Confidential VM (git-fixes).
- x86/init: Initialize signal frame size late (bsc#1212448).
- x86/kprobes: Fix __recover_optprobed_insn check optimizing logic (git-fixes).
- x86/lib/memmove: Decouple ERMS from FSRM (bsc#1206578).
- x86/mce: relocate set{clear}_mce_nospec() functions (git-fixes). This is a preparation for the next patch
- x86/microcode/AMD: Add a @cpu parameter to the reloading functions (git-fixes).
- x86/microcode/AMD: Fix mixed steppings support (git-fixes).
- x86/microcode/AMD: Track patch allocation size explicitly (git-fixes).
- x86/microcode: Add a parameter to microcode_check() to store CPU capabilities (git-fixes).
- x86/microcode: Add explicit CPU vendor dependency (git-fixes).
- x86/microcode: Adjust late loading result reporting message (git-fixes).
- x86/microcode: Check CPU capabilities after late microcode update correctly (git-fixes).
- x86/microcode: Rip out the OLD_INTERFACE (git-fixes).
- x86/mm: Cleanup the control_va_addr_alignment() __setup handler (git-fixes).
- x86/mm: Use proper mask when setting PUD mapping (git-fixes).
- x86/mm: fix poking_init() for Xen PV guests (git-fixes).
- x86/nospec: Unwreck the RSB stuffing (git-fixes).
- x86/numa: Use cpumask_available instead of hardcoded NULL check (git-fixes).
- x86/pat: Fix x86_has_pat_wp() (git-fixes).
- x86/pm: Add enumeration check before spec MSRs save/restore setup (git-fixes).
- x86/reboot: Disable SVM, not just VMX, when stopping CPUs (git-fixes).
- x86/resctrl: Fix min_cbm_bits for AMD (git-fixes).
- x86/sev: Add SEV-SNP guest feature negotiation support (git-fixes).
- x86/signal: Fix the value returned by strict_sas_size() (git-fixes).
- x86/speculation/mmio: Print SMT warning (git-fixes).
- x86/speculation: Identify processors vulnerable to SMT RSB predictions (git-fixes).
- x86/static_call: Serialize __static_call_fixup() properly (git-fixes).
- x86/syscall: Include asm/ptrace.h in syscall_wrapper header (git-fixes).
- x86/topology: Fix duplicated core ID within a package (git-fixes).
- x86/topology: Fix multiple packages shown on a single-package system (git-fixes).
- x86/tsx: Add a feature bit for TSX control MSR support (git-fixes).
- x86: Fix return value of __setup handlers (git-fixes).
- x86: drop bogus 'cc' clobber from __try_cmpxchg_user_asm() (git-fixes).
- xen/netback: do not do grant copy across page boundary (git-fixes).
- xen/netback: use same error messages for same errors (git-fixes).
- xfs: fix rm_offset flag handling in rmap keys (git-fixes).
- xfs: set bnobt/cntbt numrecs correctly when formatting new AGs (git-fixes).
- xhci-pci: Only run d3cold avoidance quirk for s2idle (git-fixes).
- xhci: Fix incorrect tracking of free space on transfer rings (git-fixes).
ImportantSUSE bug 1065729SUSE bug 1152472SUSE bug 1152489SUSE bug 1160435SUSE bug 1172073SUSE bug 1189998SUSE bug 1191731SUSE bug 1193629SUSE bug 1194869SUSE bug 1195655SUSE bug 1195921SUSE bug 1203906SUSE bug 1205650SUSE bug 1205756SUSE bug 1205758SUSE bug 1205760SUSE bug 1205762SUSE bug 1205803SUSE bug 1206024SUSE bug 1206578SUSE bug 1207553SUSE bug 1208050SUSE bug 1208410SUSE bug 1208600SUSE bug 1208604SUSE bug 1208758SUSE bug 1209039SUSE bug 1209287SUSE bug 1209288SUSE bug 1209367SUSE bug 1209856SUSE bug 1209982SUSE bug 1210165SUSE bug 1210294SUSE bug 1210449SUSE bug 1210450SUSE bug 1210498SUSE bug 1210533SUSE bug 1210551SUSE bug 1210647SUSE bug 1210741SUSE bug 1210775SUSE bug 1210783SUSE bug 1210791SUSE bug 1210806SUSE bug 1210940SUSE bug 1210947SUSE bug 1211037SUSE bug 1211043SUSE bug 1211044SUSE bug 1211089SUSE bug 1211105SUSE bug 1211113SUSE bug 1211131SUSE bug 1211205SUSE bug 1211263SUSE bug 1211280SUSE bug 1211281SUSE bug 1211299SUSE bug 1211346SUSE bug 1211387SUSE bug 1211410SUSE bug 1211414SUSE bug 1211449SUSE bug 1211465SUSE bug 1211519SUSE bug 1211564SUSE bug 1211590SUSE bug 1211592SUSE bug 1211686SUSE bug 1211687SUSE bug 1211688SUSE bug 1211689SUSE bug 1211690SUSE bug 1211691SUSE bug 1211692SUSE bug 1211693SUSE bug 1211714SUSE bug 1211796SUSE bug 1211804SUSE bug 1211807SUSE bug 1211808SUSE bug 1211847SUSE bug 1211852SUSE bug 1211855SUSE bug 1211960SUSE bug 1212129SUSE bug 1212154SUSE bug 1212155SUSE bug 1212158SUSE bug 1212350SUSE bug 1212448SUSE bug 1212494SUSE bug 1212504SUSE bug 1212513SUSE bug 1212540SUSE bug 1212561SUSE bug 1212563SUSE bug 1212564SUSE bug 1212584SUSE bug 1212592CVE-2022-4269 at SUSECVE-2022-4269 at NVDCVE-2022-45884 at SUSECVE-2022-45884 at NVDCVE-2022-45885 at SUSECVE-2022-45885 at NVDCVE-2022-45886 at SUSECVE-2022-45886 at NVDCVE-2022-45887 at SUSECVE-2022-45887 at NVDCVE-2022-45919 at SUSECVE-2022-45919 at NVDCVE-2023-1077 at SUSECVE-2023-1077 at NVDCVE-2023-1079 at SUSECVE-2023-1079 at NVDCVE-2023-1249 at SUSECVE-2023-1249 at NVDCVE-2023-1380 at SUSECVE-2023-1380 at NVDCVE-2023-1382 at SUSECVE-2023-1382 at NVDCVE-2023-2002 at SUSECVE-2023-2002 at NVDCVE-2023-21102 at SUSECVE-2023-21102 at NVDCVE-2023-2124 at SUSECVE-2023-2124 at NVDCVE-2023-2156 at SUSECVE-2023-2156 at NVDCVE-2023-2162 at SUSECVE-2023-2162 at NVDCVE-2023-2269 at SUSECVE-2023-2269 at NVDCVE-2023-2483 at SUSECVE-2023-2483 at NVDCVE-2023-2513 at SUSECVE-2023-2513 at NVDCVE-2023-28410 at SUSECVE-2023-28410 at NVDCVE-2023-3006 at SUSECVE-2023-3006 at NVDCVE-2023-30456 at SUSECVE-2023-30456 at NVDCVE-2023-31084 at SUSECVE-2023-31084 at NVDCVE-2023-3141 at SUSECVE-2023-3141 at NVDCVE-2023-31436 at SUSECVE-2023-31436 at NVDCVE-2023-3161 at SUSECVE-2023-3161 at NVDCVE-2023-32233 at SUSECVE-2023-32233 at NVDCVE-2023-33288 at SUSECVE-2023-33288 at NVDCVE-2023-35788 at SUSECVE-2023-35788 at NVDCVE-2023-35823 at SUSECVE-2023-35823 at NVDCVE-2023-35828 at SUSECVE-2023-35828 at NVDcpe:/o:suse:sle-micro:5.4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.4
The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2023-1829: Fixed a use-after-free vulnerability in the control index filter (tcindex) (bsc#1210335).
- CVE-2023-3389: Fixed a use-after-free vulnerability in the io_uring subsystem (bsc#1212838).
- CVE-2023-3090: Fixed a heap out-of-bounds write in the ipvlan network driver (bsc#1212842).
- CVE-2023-3111: Fixed a use-after-free vulnerability in prepare_to_relocate in fs/btrfs/relocation.c (bsc#1212051).
- CVE-2023-3212: Fixed a NULL pointer dereference flaw in the gfs2 file system (bsc#1212265).
- CVE-2023-3358: Fixed a NULL pointer dereference flaw in the Integrated Sensor Hub (ISH) driver (bsc#1212606).
- CVE-2023-3357: Fixed a NULL pointer dereference flaw in the AMD Sensor Fusion Hub driver (bsc#1212605).
The following non-security bugs were fixed:
- Get module prefix from kmod (bsc#1212835).
- Revert 'mtd: rawnand: arasan: Prevent an unsupported configuration' (git-fixes).
- Revert 'net: phy: dp83867: perform soft reset and retain established link' (git-fixes).
- alsa: ac97: Fix possible NULL dereference in snd_ac97_mixer (git-fixes).
- alsa: hda/realtek: Add 'Intel Reference board' and 'NUC 13' SSID in the ALC256 (git-fixes).
- alsa: hda/realtek: Add quirk for ASUS ROG G634Z (git-fixes).
- alsa: hda/realtek: Add quirk for ASUS ROG GV601V (git-fixes).
- alsa: hda/realtek: Add quirks for ASUS GU604V and GU603V (git-fixes).
- alsa: hda/realtek: Add quirks for ROG ALLY CS35l41 audio (git-fixes).
- alsa: hda/realtek: Enable mute/micmute LEDs and limit mic boost on EliteBook (git-fixes).
- amdgpu: validate offset_in_bo of drm_amdgpu_gem_va (git-fixes).
- arm64: Add missing Set/Way CMO encodings (git-fixes).
- arm64: dts: Move BCM4908 dts to bcmbca folder (git-fixes)
- arm64: dts: broadcom: bcmbca: bcm4908: fix NAND interrupt name (git-fixes)
- arm64: dts: broadcom: bcmbca: bcm4908: fix procmon nodename (git-fixes)
- arm64: dts: imx8mn-var-som: fix PHY detection bug by adding deassert (git-fixes)
- arm: dts: Fix erroneous ADS touchscreen polarities (git-fixes).
- asoc: es8316: Do not set rate constraints for unsupported MCLKs (git-fixes).
- asoc: es8316: Increment max value for ALC Capture Target Volume control (git-fixes).
- asoc: imx-audmix: check return value of devm_kasprintf() (git-fixes).
- asoc: mediatek: mt8173: Fix irq error path (git-fixes).
- asoc: nau8824: Add quirk to active-high jack-detect (git-fixes).
- asoc: simple-card: Add missing of_node_put() in case of error (git-fixes).
- bus: fsl-mc: fsl-mc-allocator: Drop a write-only variable (git-fixes).
- bus: ti-sysc: Fix dispc quirk masking bool variables (git-fixes).
- can: isotp: isotp_sendmsg(): fix return error fix on TX path (git-fixes).
- can: kvaser_pciefd: Remove handler for unused KVASER_PCIEFD_PACK_TYPE_EFRAME_ACK (git-fixes).
- can: kvaser_pciefd: Remove useless write to interrupt register (git-fixes).
- can: length: fix bitstuffing count (git-fixes).
- can: length: fix description of the RRS field (git-fixes).
- can: length: make header self contained (git-fixes).
- clk: Fix memory leak in devm_clk_notifier_register() (git-fixes).
- clk: cdce925: check return value of kasprintf() (git-fixes).
- clk: imx: clk-imx8mn: fix memory leak in imx8mn_clocks_probe (git-fixes).
- clk: imx: clk-imx8mp: improve error handling in imx8mp_clocks_probe() (git-fixes).
- clk: imx: scu: use _safe list iterator to avoid a use after free (git-fixes).
- clk: keystone: sci-clk: check return value of kasprintf() (git-fixes).
- clk: samsung: Add Exynos4212 compatible to CLKOUT driver (git-fixes).
- clk: si5341: check return value of {devm_}kasprintf() (git-fixes).
- clk: si5341: free unused memory on probe failure (git-fixes).
- clk: si5341: return error if one synth clock registration fails (git-fixes).
- clk: tegra: tegra124-emc: Fix potential memory leak (git-fixes).
- clk: ti: clkctrl: check return value of kasprintf() (git-fixes).
- clk: vc5: check memory returned by kasprintf() (git-fixes).
- clocksource/drivers/cadence-ttc: Fix memory leak in ttc_timer_probe (git-fixes).
- crypto: marvell/cesa - Fix type mismatch warning (git-fixes).
- crypto: nx - fix build warnings when DEBUG_FS is not enabled (git-fixes).
- drivers: meson: secure-pwrc: always enable DMA domain (git-fixes).
- drm/amd/display: Add logging for display MALL refresh setting (git-fixes).
- drm/amd/display: Add minimal pipe split transition state (git-fixes).
- drm/amd/display: Add wrapper to call planes and stream update (git-fixes).
- drm/amd/display: Explicitly specify update type per plane info change (git-fixes).
- drm/amd/display: Fix artifacting on eDP panels when engaging freesync video mode (git-fixes).
- drm/amd/display: Use dc_update_planes_and_stream (git-fixes).
- drm/amd/display: drop redundant memset() in get_available_dsc_slices() (git-fixes).
- drm/amd/display: fix the system hang while disable PSR (git-fixes).
- drm/amdkfd: Fix potential deallocation of previously deallocated memory (git-fixes).
- drm/bridge: tc358768: always enable HS video mode (git-fixes).
- drm/bridge: tc358768: fix PLL parameters computation (git-fixes).
- drm/bridge: tc358768: fix PLL target frequency (git-fixes).
- drm/bridge: tc358768: fix TCLK_ZEROCNT computation (git-fixes).
- drm/bridge: tc358768: fix TXTAGOCNT computation (git-fixes).
- drm/exynos: fix race condition UAF in exynos_g2d_exec_ioctl (git-fixes).
- drm/exynos: vidi: fix a wrong error return (git-fixes).
- drm/i915/gvt: remove unused variable gma_bottom in command parser (git-fixes).
- drm/msm/adreno: fix sparse warnings in a6xx code (git-fixes).
- drm/msm/dp: Free resources after unregistering them (git-fixes).
- drm/msm/dpu: correct MERGE_3D length (git-fixes).
- drm/msm/dpu: do not enable color-management if DSPPs are not available (git-fixes).
- drm/msm/dsi: do not allow enabling 14nm VCO with unprogrammed rate (git-fixes).
- drm/panel: sharp-ls043t1le01: adjust mode settings (git-fixes).
- drm/panel: simple: fix active size for Ampire AM-480272H3TMQW-T01H (git-fixes).
- drm/radeon: fix possible division-by-zero errors (git-fixes).
- drm/radeon: fix race condition UAF in radeon_gem_set_domain_ioctl (git-fixes).
- drm/rockchip: vop: Leave vblank enabled in self-refresh (git-fixes).
- drm/vram-helper: fix function names in vram helper doc (git-fixes).
- drm: sun4i_tcon: use devm_clk_get_enabled in `sun4i_tcon_init_clocks` (git-fixes).
- elf: correct note name comment (git-fixes).
- extcon: Fix kernel doc of property capability fields to avoid warnings (git-fixes).
- extcon: Fix kernel doc of property fields to avoid warnings (git-fixes).
- extcon: usbc-tusb320: Add USB TYPE-C support (git-fixes).
- extcon: usbc-tusb320: Call the Type-C IRQ handler only if a port is registered (git-fixes).
- extcon: usbc-tusb320: Unregister typec port on driver removal (git-fixes).
- extcon: usbc-tusb320: Update state on probe even if no IRQ pending (git-fixes).
- fbdev: omapfb: lcd_mipid: Fix an error handling path in mipid_spi_probe() (git-fixes).
- firmware: stratix10-svc: Fix a potential resource leak in svc_create_memory_pool() (git-fixes).
- hid: logitech-hidpp: add HIDPP_QUIRK_DELAYED_INIT for the T651 (git-fixes).
- hid: wacom: Add error check to wacom_parse_and_register() (git-fixes).
- hwmon: (gsc-hwmon) fix fan pwm temperature scaling (git-fixes).
- hwrng: imx-rngc - fix the timeout for init and self check (git-fixes).
- hwrng: st - keep clock enabled while hwrng is registered (git-fixes).
- i2c: imx-lpi2c: fix type char overflow issue when calculating the clock cycle (git-fixes).
- i2c: qup: Add missing unwind goto in qup_i2c_probe() (git-fixes).
- ib/hfi1: Fix wrong mmu_node used for user SDMA packet after invalidate (git-fixes)
- ib/isert: Fix dead lock in ib_isert (git-fixes)
- ib/isert: Fix incorrect release of isert connection (git-fixes)
- ib/isert: Fix possible list corruption in CMA handler (git-fixes)
- ib/uverbs: Fix to consider event queue closing also upon non-blocking mode (git-fixes)
- ibmvnic: Do not reset dql stats on NON_FATAL err (bsc#1212603 ltc#202604).
- ice, xsk: Diversify return values from xsk_wakeup call paths (git-fixes).
- ice: Do not double unplug aux on peer initiated reset (git-fixes).
- ice: Do not use WQ_MEM_RECLAIM flag for workqueue (git-fixes).
- ice: Fix DSCP PFC TLV creation (git-fixes).
- ice: Fix XDP memory leak when NIC is brought up and down (git-fixes).
- ice: Fix ice_xdp_xmit() when XDP TX queue number is not sufficient (git-fixes).
- ice: Fix memory corruption in VF driver (git-fixes).
- ice: Ignore EEXIST when setting promisc mode (git-fixes).
- ice: Prevent set_channel from changing queues while RDMA active (git-fixes).
- ice: Reset FDIR counter in FDIR init stage (git-fixes).
- ice: add profile conflict check for AVF FDIR (git-fixes).
- ice: block LAN in case of VF to VF offload (git-fixes).
- ice: config netdev tc before setting queues number (git-fixes).
- ice: copy last block omitted in ice_get_module_eeprom() (git-fixes).
- ice: ethtool: Prohibit improper channel config for DCB (git-fixes).
- ice: ethtool: advertise 1000M speeds properly (git-fixes).
- ice: fix invalid check for empty list in ice_sched_assoc_vsi_to_agg() (git-fixes).
- ice: fix wrong fallback logic for FDIR (git-fixes).
- ice: handle E822 generic device ID in PLDM header (git-fixes).
- ice: switch: fix potential memleak in ice_add_adv_recipe() (git-fixes).
- ice: use bitmap_free instead of devm_kfree (git-fixes).
- ice: xsk: use Rx ring's XDP ring when picking NAPI context (git-fixes).
- ieee802154: hwsim: Fix possible memory leaks (git-fixes).
- ifcvf/vDPA: fix misuse virtio-net device config size for blk dev (jsc#SLE-19253).
- iio: accel: fxls8962af: errata bug only applicable for FXLS8962AF (git-fixes).
- iio: accel: fxls8962af: fixup buffer scan element type (git-fixes).
- iio: adc: ad7192: Fix internal/external clock selection (git-fixes).
- iio: adc: ad7192: Fix null ad7192_state pointer access (git-fixes).
- input: adxl34x - do not hardcode interrupt trigger type (git-fixes).
- input: drv260x - fix typo in register value define (git-fixes).
- input: drv260x - remove unused .reg_defaults (git-fixes).
- input: drv260x - sleep between polling GO bit (git-fixes).
- input: soc_button_array - add invalid acpi_index DMI quirk handling (git-fixes).
- integrity: Fix possible multiple allocation in integrity_inode_get() (git-fixes).
- irqchip/clps711x: Remove unused clps711x_intc_init() function (git-fixes).
- irqchip/ftintc010: Mark all function static (git-fixes).
- irqchip/jcore-aic: Fix missing allocation of IRQ descriptors (git-fixes).
- kernel-docs: Use python3 together with python3-Sphinx (bsc#1212741).
- mailbox: ti-msgmgr: Fill non-message tx data fields with 0x0 (git-fixes).
- media: cec: core: do not set last_initiator if tx in progress (git-fixes).
- memory: brcmstb_dpfe: fix testing array offset after use (git-fixes).
- meson saradc: fix clock divider mask length (git-fixes).
- mfd: intel-lpss: Add missing check for platform_get_resource (git-fixes).
- mfd: pm8008: Fix module autoloading (git-fixes).
- mfd: rt5033: Drop rt5033-battery sub-device (git-fixes).
- mfd: stmfx: Fix error path in stmfx_chip_init (git-fixes).
- mfd: stmfx: Nullify stmfx->vdd in case of error (git-fixes).
- mfd: stmpe: Only disable the regulators if they are enabled (git-fixes).
- misc: fastrpc: Create fastrpc scalar with correct buffer count (git-fixes).
- misc: pci_endpoint_test: Free IRQs before removing the device (git-fixes).
- misc: pci_endpoint_test: Re-init completion for every test (git-fixes).
- mlx5: do not use RT_TOS for IPv6 flowlabel (jsc#SLE-19253).
- mmc: bcm2835: fix deferred probing (git-fixes).
- mmc: meson-gx: remove redundant mmc_request_done() call from irq context (git-fixes).
- mmc: mmci: Set PROBE_PREFER_ASYNCHRONOUS (git-fixes).
- mmc: mmci: stm32: fix max busy timeout calculation (git-fixes).
- mmc: mtk-sd: fix deferred probing (git-fixes).
- mmc: mvsdio: fix deferred probing (git-fixes).
- mmc: omap: fix deferred probing (git-fixes).
- mmc: omap_hsmmc: fix deferred probing (git-fixes).
- mmc: owl: fix deferred probing (git-fixes).
- mmc: sdhci-acpi: fix deferred probing (git-fixes).
- mmc: sdhci-msm: Disable broken 64-bit DMA on MSM8916 (git-fixes).
- mmc: sdhci-spear: fix deferred probing (git-fixes).
- mmc: sh_mmcif: fix deferred probing (git-fixes).
- mmc: sunxi: fix deferred probing (git-fixes).
- mmc: usdhi60rol0: fix deferred probing (git-fixes).
- mtd: rawnand: meson: fix unaligned DMA buffers handling (git-fixes).
- net/mlx5: Add forgotten cleanup calls into mlx5_init_once() error path (jsc#SLE-19253).
- net/mlx5: Allow async trigger completion execution on single CPU systems (jsc#SLE-19253).
- net/mlx5: Allow future addition of IPsec object modifiers (jsc#SLE-19253).
- net/mlx5: Avoid false positive lockdep warning by adding lock_class_key (jsc#SLE-19253).
- net/mlx5: Avoid recovery in probe flows (jsc#SLE-19253).
- net/mlx5: Bridge, fix ageing of peer FDB entries (jsc#SLE-19253).
- net/mlx5: Bridge, verify LAG state when adding bond to bridge (jsc#SLE-19253).
- net/mlx5: DR, Check force-loopback RC QP capability independently from RoCE (jsc#SLE-19253).
- net/mlx5: DR, Fix crc32 calculation to work on big-endian (BE) CPUs (jsc#SLE-19253).
- net/mlx5: DR, Fix missing flow_source when creating multi-destination FW table (jsc#SLE-19253).
- net/mlx5: Devcom, fix error flow in mlx5_devcom_register_device (jsc#SLE-19253).
- net/mlx5: Do not advertise IPsec netdev support for non-IPsec device (jsc#SLE-19253).
- net/mlx5: Do not use already freed action pointer (jsc#SLE-19253).
- net/mlx5: E-Switch, Fix an Oops in error handling code (jsc#SLE-19253).
- net/mlx5: E-Switch, properly handle ingress tagged packets on VST (jsc#SLE-19253).
- net/mlx5: E-switch, Create per vport table based on devlink encap mode (jsc#SLE-19253).
- net/mlx5: E-switch, Do not destroy indirect table in split rule (jsc#SLE-19253).
- net/mlx5: E-switch, Fix missing set of split_count when forward to ovs internal port (jsc#SLE-19253).
- net/mlx5: E-switch, Fix setting of reserved fields on MODIFY_SCHEDULING_ELEMENT (jsc#SLE-19253).
- net/mlx5: Enhance debug print in page allocation failure (jsc#SLE-19253).
- net/mlx5: Fix FW tracer timestamp calculation (jsc#SLE-19253).
- net/mlx5: Fix RoCE setting at HCA level (jsc#SLE-19253).
- net/mlx5: Fix crash during sync firmware reset (jsc#SLE-19253).
- net/mlx5: Fix error message when failing to allocate device memory (jsc#SLE-19253).
- net/mlx5: Fix handling of entry refcount when command is not issued to FW (jsc#SLE-19253).
- net/mlx5: Fix possible use-after-free in async command interface (jsc#SLE-19253).
- net/mlx5: Fix ptp max frequency adjustment range (jsc#SLE-19253).
- net/mlx5: Fix steering rules cleanup (jsc#SLE-19253).
- net/mlx5: Fix uninitialized variable bug in outlen_write() (jsc#SLE-19253).
- net/mlx5: Geneve, Fix handling of Geneve object id as error code (jsc#SLE-19253).
- net/mlx5: Initialize flow steering during driver probe (jsc#SLE-19253).
- net/mlx5: Read embedded cpu after init bit cleared (jsc#SLE-19253).
- net/mlx5: Read the TC mapping of all priorities on ETS query (jsc#SLE-19253).
- net/mlx5: Rearm the FW tracer after each tracer event (jsc#SLE-19253).
- net/mlx5: SF, Drain health before removing device (jsc#SLE-19253).
- net/mlx5: SF: Fix probing active SFs during driver probe phase (jsc#SLE-19253).
- net/mlx5: Serialize module cleanup with reload and remove (jsc#SLE-19253).
- net/mlx5: Wait for firmware to enable CRS before pci_restore_state (jsc#SLE-19253).
- net/mlx5: add IFC bits for bypassing port select flow table (git-fixes)
- net/mlx5: check attr pointer validity before dereferencing it (jsc#SLE-19253).
- net/mlx5: correct ECE offset in query qp output (jsc#SLE-19253).
- net/mlx5: fix missing mutex_unlock in mlx5_fw_fatal_reporter_err_work() (jsc#SLE-19253).
- net/mlx5: fs, fail conflicting actions (jsc#SLE-19253).
- net/mlx5: fw_tracer, Clear load bit when freeing string DBs buffers (jsc#SLE-19253).
- net/mlx5: fw_tracer, Fix event handling (jsc#SLE-19253).
- net/mlx5: fw_tracer, Zero consumer index when reloading the tracer (jsc#SLE-19253).
- net/mlx5e: Always clear dest encap in neigh-update-del (jsc#SLE-19253).
- net/mlx5e: Avoid false lock dependency warning on tc_ht even more (jsc#SLE-19253).
- net/mlx5e: Block entering switchdev mode with ns inconsistency (jsc#SLE-19253).
- net/mlx5e: Do not attach netdev profile while handling internal error (jsc#SLE-19253).
- net/mlx5e: Do not increment ESN when updating IPsec ESN state (jsc#SLE-19253).
- net/mlx5e: Do not support encap rules with gbp option (jsc#SLE-19253).
- net/mlx5e: E-Switch, Fix comparing termination table instance (jsc#SLE-19253).
- net/mlx5e: Extend SKB room check to include PTP-SQ (jsc#SLE-19253).
- net/mlx5e: Fix MPLSoUDP encap to use MPLS action information (jsc#SLE-19253).
- net/mlx5e: Fix SQ wake logic in ptp napi_poll context (jsc#SLE-19253).
- net/mlx5e: Fix capability check for updating vnic env counters (jsc#SLE-19253).
- net/mlx5e: Fix error handling in mlx5e_refresh_tirs (jsc#SLE-19253).
- net/mlx5e: Fix hw mtu initializing at XDP SQ allocation (jsc#SLE-19253).
- net/mlx5e: Fix the value of MLX5E_MAX_RQ_NUM_MTTS (jsc#SLE-19253).
- net/mlx5e: Fix use-after-free when reverting termination table (jsc#SLE-19253).
- net/mlx5e: Fix wrong application of the LRO state (jsc#SLE-19253).
- net/mlx5e: Fix wrong tc flag used when set hw-tc-offload off (jsc#SLE-19253).
- net/mlx5e: IPoIB, Do not allow CQE compression to be turned on by default (jsc#SLE-19253).
- net/mlx5e: IPoIB, Show unknown speed instead of error (jsc#SLE-19253).
- net/mlx5e: Modify slow path rules to go to slow fdb (jsc#SLE-19253).
- net/mlx5e: QoS, Fix wrongfully setting parent_element_id on MODIFY_SCHEDULING_ELEMENT (jsc#SLE-19253).
- net/mlx5e: Set uplink rep as NETNS_LOCAL (jsc#SLE-19253).
- net/mlx5e: TC, Fix ct_clear overwriting ct action metadata (jsc#SLE-19253).
- net/mlx5e: Update rx ring hw mtu upon each rx-fcs flag change (jsc#SLE-19253).
- net/mlx5e: Verify flow_source cap before using it (jsc#SLE-19253).
- net/mlx5e: do as little as possible in napi poll when budget is 0 (jsc#SLE-19253).
- net/mlx5e: kTLS, Fix build time constant test in RX (jsc#SLE-19253).
- net/mlx5e: kTLS, Fix build time constant test in TX (jsc#SLE-19253).
- net: mlx5: eliminate anonymous module_init & module_exit (jsc#SLE-19253).
- nfcsim.c: Fix error checking for debugfs_create_dir (git-fixes).
- nilfs2: fix buffer corruption due to concurrent device reads (git-fixes).
- nvme-core: fix dev_pm_qos memleak (git-fixes).
- nvme-core: fix memory leak in dhchap_ctrl_secret (git-fixes).
- nvme-core: fix memory leak in dhchap_secret_store (git-fixes).
- nvme-pci: add quirk for missing secondary temperature thresholds (git-fixes).
- nvme: double KA polling frequency to avoid KATO with TBKAS on (git-fixes).
- ocfs2: fix defrag path triggering jbd2 ASSERT (git-fixes).
- ocfs2: fix freeing uninitialized resource on ocfs2_dlm_shutdown (git-fixes).
- ocfs2: fix non-auto defrag path not working issue (git-fixes).
- pci/aspm: Disable ASPM on MFD function removal to avoid use-after-free (git-fixes).
- pci: Add pci_clear_master() stub for non-CONFIG_PCI (git-fixes).
- pci: Release resource invalidated by coalescing (git-fixes).
- pci: cadence: Fix Gen2 Link Retraining process (git-fixes).
- pci: endpoint: Add missing documentation about the MSI/MSI-X range (git-fixes).
- pci: ftpci100: Release the clock resources (git-fixes).
- pci: pciehp: Cancel bringup sequence if card is not present (git-fixes).
- pci: qcom: Disable write access to read only registers for IP v2.3.3 (git-fixes).
- pci: rockchip: Add poll and timeout to wait for PHY PLLs to be locked (git-fixes).
- pci: rockchip: Assert PCI Configuration Enable bit after probe (git-fixes).
- pci: rockchip: Fix legacy IRQ generation for RK3399 PCIe endpoint core (git-fixes).
- pci: rockchip: Set address alignment for endpoint mode (git-fixes).
- pci: rockchip: Use u32 variable to access 32-bit registers (git-fixes).
- pci: rockchip: Write PCI Device ID to correct register (git-fixes).
- pci: vmd: Reset VMD config register between soft reboots (git-fixes).
- pinctrl: at91-pio4: check return value of devm_kasprintf() (git-fixes).
- pinctrl: cherryview: Return correct value if pin in push-pull mode (git-fixes).
- pinctrl: microchip-sgpio: check return value of devm_kasprintf() (git-fixes).
- platform/x86: think-lmi: Correct NVME password handling (git-fixes).
- platform/x86: think-lmi: Correct System password interface (git-fixes).
- platform/x86: think-lmi: mutex protection around multiple WMI calls (git-fixes).
- platform/x86: thinkpad_acpi: Fix lkp-tests warnings for platform profiles (git-fixes).
- pm: domains: fix integer overflow issues in genpd_parse_state() (git-fixes).
- powerpc/64s/radix: Fix exit lazy tlb mm switch with irqs enabled (bsc#1194869).
- powerpc/iommu: Limit number of TCEs to 512 for H_STUFF_TCE hcall (bsc#1194869 bsc#1212701).
- powerpc/set_memory: Avoid spinlock recursion in change_page_attr() (bsc#1194869).
- pstore/ram: Add check for kstrdup (git-fixes).
- radeon: avoid double free in ci_dpm_init() (git-fixes).
- rdma/bnxt_re: Avoid calling wake_up threads from spin_lock context (git-fixes)
- rdma/bnxt_re: Disable/kill tasklet only if it is enabled (git-fixes)
- rdma/bnxt_re: Fix to remove an unnecessary log (git-fixes)
- rdma/bnxt_re: Fix to remove unnecessary return labels (git-fixes)
- rdma/bnxt_re: Remove a redundant check inside bnxt_re_update_gid (git-fixes)
- rdma/bnxt_re: Remove unnecessary checks (git-fixes)
- rdma/bnxt_re: Return directly without goto jumps (git-fixes)
- rdma/bnxt_re: Use unique names while registering interrupts (git-fixes)
- rdma/bnxt_re: wraparound mbox producer index (git-fixes)
- rdma/cma: Always set static rate to 0 for RoCE (git-fixes)
- rdma/hns: Fix hns_roce_table_get return value (git-fixes)
- rdma/irdma: avoid fortify-string warning in irdma_clr_wqes (git-fixes)
- rdma/mlx5: Do not set tx affinity when lag is in hash mode (git-fixes)
- rdma/mlx5: Fix affinity assignment (git-fixes)
- rdma/mlx5: Initiate dropless RQ for RAW Ethernet functions (git-fixes)
- rdma/mlx5: Rely on RoCE fw cap instead of devlink when setting profile (jsc#SLE-19253).
- rdma/rtrs: Fix rxe_dealloc_pd warning (git-fixes)
- rdma/rtrs: Fix the last iu->buf leak in err path (git-fixes)
- rdma/rxe: Fix packet length checks (git-fixes)
- rdma/rxe: Fix ref count error in check_rkey() (git-fixes)
- rdma/rxe: Fix rxe_cq_post (git-fixes)
- rdma/rxe: Fix the use-before-initialization error of resp_pkts (git-fixes)
- rdma/rxe: Remove dangling declaration of rxe_cq_disable() (git-fixes)
- rdma/rxe: Remove the unused variable obj (git-fixes)
- rdma/rxe: Removed unused name from rxe_task struct (git-fixes)
- rdma/uverbs: Restrict usage of privileged QKEYs (git-fixes)
- rdma/vmw_pvrdma: Remove unnecessary check on wr->opcode (git-fixes)
- regulator: core: Fix more error checking for debugfs_create_dir() (git-fixes).
- regulator: core: Streamline debugfs operations (git-fixes).
- regulator: helper: Document ramp_delay parameter of regulator_set_ramp_delay_regmap() (git-fixes).
- rpm/check-for-config-changes: ignore also PAHOLE_HAS_* We now also have options like CONFIG_PAHOLE_HAS_LANG_EXCLUDE.
- rtc: st-lpc: Release some resources in st_rtc_probe() in case of error (git-fixes).
- s390/gmap: voluntarily schedule during key setting (git-fixes bsc#1212892).
- s390/pkey: zeroize key blobs (git-fixes bsc#1212619).
- serial: 8250: lock port for UART_IER access in omap8250_irq() (git-fixes).
- serial: 8250: lock port for stop_rx() in omap8250_irq() (git-fixes).
- serial: 8250: omap: Fix freeing of resources on failed register (git-fixes).
- serial: 8250_omap: Use force_suspend and resume for system suspend (git-fixes).
- serial: atmel: do not enable IRQs prematurely (git-fixes).
- signal/s390: Use force_sigsegv in default_trap_handler (git-fixes bsc#1212861).
- soc/fsl/qe: fix usb.c build errors (git-fixes).
- soc: samsung: exynos-pmu: Re-introduce Exynos4212 support (git-fixes).
- soundwire: dmi-quirks: add new mapping for HP Spectre x360 (git-fixes).
- spi: dw: Round of n_bytes to power of 2 (git-fixes).
- spi: lpspi: disable lpspi module irq in DMA mode (git-fixes).
- spi: spi-geni-qcom: Correct CS_TOGGLE bit in SPI_TRANS_CFG (git-fixes).
- test_firmware: return ENOMEM instead of ENOSPC on failed memory allocation (git-fixes).
- thermal/drivers/sun8i: Fix some error handling paths in sun8i_ths_probe() (git-fixes).
- tracing/timer: Add missing hrtimer modes to decode_hrtimer_mode() (git-fixes).
- tty: serial: imx: fix rs485 rx after tx (git-fixes).
- tty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() in case of error (git-fixes).
- tty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() when iterating clk (git-fixes).
- usb: dwc3-meson-g12a: Fix an error handling path in dwc3_meson_g12a_probe() (git-fixes).
- usb: dwc3: gadget: Propagate core init errors to UDC during pullup (git-fixes).
- usb: dwc3: qcom: Fix an error handling path in dwc3_qcom_probe() (git-fixes).
- usb: dwc3: qcom: Fix potential memory leak (git-fixes).
- usb: dwc3: qcom: Release the correct resources in dwc3_qcom_remove() (git-fixes).
- usb: gadget: u_serial: Add null pointer check in gserial_suspend (git-fixes).
- usb: gadget: udc: fix NULL dereference in remove() (git-fixes).
- usb: hide unused usbfs_notify_suspend/resume functions (git-fixes).
- usb: phy: phy-tahvo: fix memory leak in tahvo_usb_probe() (git-fixes).
- usb: xhci: Remove unused udev from xhci_log_ctx trace event (git-fixes).
- usrmerge: Adjust module path in the kernel sources (bsc#1212835).
- vdpa/mlx5: Directly assign memory key (jsc#SLE-19253).
- vdpa/mlx5: Do not clear mr struct on destroy MR (jsc#SLE-19253).
- vdpa/mlx5: Fix wrong configuration of virtio_version_1_0 (jsc#SLE-19253).
- vdpa: Fix error logic in vdpa_nl_cmd_dev_get_doit (jsc#SLE-19253).
- vhost_vdpa: support PACKED when setting-getting vring_base (jsc#SLE-19253).
- w1: fix loop in w1_fini() (git-fixes).
- w1: w1_therm: fix locking behavior in convert_t (git-fixes).
- wifi: ath9k: Fix possible stall on ath9k_txq_list_has_key() (git-fixes).
- wifi: ath9k: avoid referencing uninit memory in ath9k_wmi_ctrl_rx (git-fixes).
- wifi: ath9k: convert msecs to jiffies where needed (git-fixes).
- wifi: ath9k: do not allow to overwrite ENDPOINT0 attributes (git-fixes).
- wifi: ath9k: fix AR9003 mac hardware hang check register offset calculation (git-fixes).
- wifi: atmel: Fix an error handling path in atmel_probe() (git-fixes).
- wifi: cfg80211: rewrite merging of inherited elements (git-fixes).
- wifi: iwlwifi: mvm: indicate HW decrypt for beacon protection (git-fixes).
- wifi: iwlwifi: pcie: fix NULL pointer dereference in iwl_pcie_irq_rx_msix_handler() (git-fixes).
- wifi: iwlwifi: pull from TXQs with softirqs disabled (git-fixes).
- wifi: mwifiex: Fix the size of a memory allocation in mwifiex_ret_802_11_scan() (git-fixes).
- wifi: orinoco: Fix an error handling path in orinoco_cs_probe() (git-fixes).
- wifi: orinoco: Fix an error handling path in spectrum_cs_probe() (git-fixes).
- wifi: rsi: Do not configure WoWlan in shutdown hook if not enabled (git-fixes).
- wifi: rsi: Do not set MMC_PM_KEEP_POWER in shutdown (git-fixes).
- wifi: wilc1000: fix for absent RSN capabilities WFA testcase (git-fixes).
- writeback: fix dereferencing NULL mapping->host on writeback_page_template (git-fixes).
- x86/build: Avoid relocation information in final vmlinux (bsc#1187829).
- x86/kprobes: Fix arch_check_optimized_kprobe check within optimized_kprobe range (git-fixes).
- x86/mm: Fix RESERVE_BRK() for older binutils (git-fixes).
- x86/mm: Fix use of uninitialized buffer in sme_enable() (git-fixes).
- x86/sgx: Fix race between reclaimer and page fault handler (git-fixes).
- x86/sgx: Mark PCMD page as dirty when modifying contents (git-fixes).
- x86/xen: fix secondary processor fpu initialization (bsc#1212869).
ImportantSUSE bug 1187829SUSE bug 1194869SUSE bug 1210335SUSE bug 1212051SUSE bug 1212265SUSE bug 1212603SUSE bug 1212605SUSE bug 1212606SUSE bug 1212619SUSE bug 1212701SUSE bug 1212741SUSE bug 1212835SUSE bug 1212838SUSE bug 1212842SUSE bug 1212861SUSE bug 1212869SUSE bug 1212892CVE-2023-1829 at SUSECVE-2023-1829 at NVDCVE-2023-3090 at SUSECVE-2023-3090 at NVDCVE-2023-3111 at SUSECVE-2023-3111 at NVDCVE-2023-3212 at SUSECVE-2023-3212 at NVDCVE-2023-3357 at SUSECVE-2023-3357 at NVDCVE-2023-3358 at SUSECVE-2023-3358 at NVDCVE-2023-3389 at SUSECVE-2023-3389 at NVDcpe:/o:suse:sle-micro:5.4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.4
The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2023-1829: Fixed a use-after-free vulnerability in the control index filter (tcindex) (bsc#1210335).
- CVE-2023-3389: Fixed a use-after-free vulnerability in the io_uring subsystem (bsc#1212838).
- CVE-2023-3090: Fixed a heap out-of-bounds write in the ipvlan network driver (bsc#1212842).
- CVE-2023-3111: Fixed a use-after-free vulnerability in prepare_to_relocate in fs/btrfs/relocation.c (bsc#1212051).
- CVE-2023-3212: Fixed a NULL pointer dereference flaw in the gfs2 file system (bsc#1212265).
- CVE-2023-3358: Fixed a NULL pointer dereference flaw in the Integrated Sensor Hub (ISH) driver (bsc#1212606).
- CVE-2023-3357: Fixed a NULL pointer dereference flaw in the AMD Sensor Fusion Hub driver (bsc#1212605).
- CVE-2023-35828: Fixed a use-after-free flaw in renesas_usb3_remove in drivers/usb/gadget/udc/renesas_usb3.c (bsc#1212513).
- CVE-2023-1249: Fixed a use-after-free flaw in the core dump subsystem that allowed a local user to crash the system (bsc#1209039).
- CVE-2023-35829: Fixed a use-after-free flaw in rkvdec_remove in drivers/staging/media/rkvdec/rkvdec.c (bsc#1212495).
- CVE-2023-35788: Fixed an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets in fl_set_geneve_opt in net/sched/cls_flower.c (bsc#1212504).
- CVE-2023-35823: Fixed a use-after-free flaw in saa7134_finidev in drivers/media/pci/saa7134/saa7134-core.c (bsc#1212494).
- CVE-2023-3161: Fixed shift-out-of-bounds in fbcon_set_font() (bsc#1212154).
- CVE-2023-21102: Fixed possible bypass of shadow stack protection in __efi_rt_asm_wrapper of efi-rt-wrapper.S (bsc#1212155).
- CVE-2023-3141: Fixed a use-after-free flaw in r592_remove in drivers/memstick/host/r592.c, that allowed local attackers to crash the system at device disconnect (bsc#1212129).
- CVE-2023-1077: Fixed a type confusion in pick_next_rt_entity(), that could cause memory corruption (bsc#1208600).
The following non-security bugs were fixed:
- Drop dvb-core fix patch due to a bug (bsc#1205758).
- Enable kernel modules bttv bt878 and snd-bt878 (jsc#PED-3931).
- Fix missing top level chapter numbers on SLE12 SP5 (bsc#1212158).
- Fix usrmerge error (boo#1211796).
- Generalize kernel-doc build requirements.
- Get module prefix from kmod (bsc#1212835).
- Remove orphaned CONFIG_PRINTK_SAFE_LOG_BUF_SHIFT (bsc#1189998 git-fixes).
- Revert 'mtd: rawnand: arasan: Prevent an unsupported configuration' (git-fixes).
- Revert 'net: phy: dp83867: perform soft reset and retain established link' (git-fixes).
- Squashfs: fix handling and sanity checking of xattr_ids count (git-fixes).
- Update the Mellanox/Nvidia mlx5_core driver (jsc#SLE-19253).
- acpi: sleep: Avoid breaking S3 wakeup due to might_sleep() (git-fixes).
- affs: initialize fsdata in affs_truncate() (git-fixes).
- alsa: ac97: Fix possible NULL dereference in snd_ac97_mixer (git-fixes).
- alsa: hda/realtek: Add 'Intel Reference board' and 'NUC 13' SSID in the ALC256 (git-fixes).
- alsa: hda/realtek: Add Lenovo P3 Tower platform (git-fixes).
- alsa: hda/realtek: Add a quirk for Compaq N14JP6 (git-fixes).
- alsa: hda/realtek: Add a quirk for HP Slim Desktop S01 (git-fixes).
- alsa: hda/realtek: Add quirk for ASUS ROG G634Z (git-fixes).
- alsa: hda/realtek: Add quirk for ASUS ROG GV601V (git-fixes).
- alsa: hda/realtek: Add quirk for Clevo NS50AU (git-fixes).
- alsa: hda/realtek: Add quirks for ASUS GU604V and GU603V (git-fixes).
- alsa: hda/realtek: Add quirks for Asus ROG 2024 laptops using CS35L41 (git-fixes).
- alsa: hda/realtek: Add quirks for ROG ALLY CS35l41 audio (git-fixes).
- alsa: hda/realtek: Enable 4 amplifiers instead of 2 on a HP platform (git-fixes).
- alsa: hda/realtek: Enable mute/micmute LEDs and limit mic boost on EliteBook (git-fixes).
- alsa: hda: Glenfly: add HD Audio PCI IDs and HDMI Codec Vendor IDs (git-fixes).
- alsa: oss: avoid missing-prototype warnings (git-fixes).
- alsa: usb-audio: Add quirk flag for HEM devices to enable native DSD playback (git-fixes).
- alsa: usb-audio: Fix broken resume due to UAC3 power state (git-fixes).
- amdgpu: validate offset_in_bo of drm_amdgpu_gem_va (git-fixes).
- arm64: Add missing Set/Way CMO encodings (git-fixes).
- arm64: Always load shadow stack pointer directly from the task struct (git-fixes)
- arm64: Stash shadow stack pointer in the task struct on interrupt (git-fixes)
- arm64: dts: Move BCM4908 dts to bcmbca folder (git-fixes)
- arm64: dts: broadcom: bcmbca: bcm4908: fix NAND interrupt name (git-fixes)
- arm64: dts: broadcom: bcmbca: bcm4908: fix procmon nodename (git-fixes)
- arm64: dts: imx8-ss-dma: assign default clock rate for lpuarts (git-fixes).
- arm64: dts: imx8mn-beacon: Fix SPI CS pinmux (git-fixes).
- arm64: dts: imx8mn-var-som: fix PHY detection bug by adding deassert (git-fixes)
- arm64: dts: imx8qm-mek: correct GPIOs for USDHC2 CD and WP signals (git-fixes).
- arm64: dts: qcom: sc7180-lite: Fix SDRAM freq for misidentified sc7180-lite boards (git-fixes).
- arm: 9295/1: unwind:fix unwind abort for uleb128 case (git-fixes)
- arm: cpu: Switch to arch_cpu_finalize_init() (bsc#1212448).
- arm: dts: Fix erroneous ADS touchscreen polarities (git-fixes).
- arm: dts: vexpress: add missing cache properties (git-fixes).
- asoc: codecs: wsa881x: do not set can_multi_write flag (git-fixes).
- asoc: dwc: limit the number of overrun messages (git-fixes).
- asoc: dwc: move DMA init to snd_soc_dai_driver probe() (git-fixes).
- asoc: es8316: Do not set rate constraints for unsupported MCLKs (git-fixes).
- asoc: es8316: Increment max value for ALC Capture Target Volume control (git-fixes).
- asoc: imx-audmix: check return value of devm_kasprintf() (git-fixes).
- asoc: mediatek: mt8173: Fix irq error path (git-fixes).
- asoc: nau8824: Add quirk to active-high jack-detect (git-fixes).
- asoc: simple-card: Add missing of_node_put() in case of error (git-fixes).
- asoc: soc-pcm: test if a BE can be prepared (git-fixes).
- asoc: ssm2602: Add workaround for playback distortions (git-fixes).
- ath6kl: Use struct_group() to avoid size-mismatched casting (git-fixes).
- batman-adv: Broken sync while rescheduling delayed work (git-fixes).
- binfmt_elf: Take the mmap lock when walking the VMA list (bsc#1209039 CVE-2023-1249).
- bluetooth: Fix l2cap_disconnect_req deadlock (git-fixes).
- bluetooth: Fix use-after-free in hci_remove_ltk/hci_remove_irk (git-fixes).
- bluetooth: L2CAP: Add missing checks for invalid DCID (git-fixes).
- bluetooth: hci_qca: fix debugfs registration (git-fixes).
- bnxt_en: Do not issue AP reset during ethtool's reset operation (git-fixes).
- bnxt_en: Implement .set_port / .unset_port UDP tunnel callbacks (git-fixes).
- bnxt_en: Query default VLAN before VNIC setup on a VF (git-fixes).
- bnxt_en: Skip firmware fatal error recovery if chip is not accessible (git-fixes).
- bpf, arm64: Call build_prologue() first in first JIT pass (git-fixes)
- bpf, arm64: Clear prog->jited_len along prog->jited (git-fixes)
- bpf, arm64: Feed byte-offset into bpf line info (git-fixes)
- bpf, arm64: Use emit_addr_mov_i64() for BPF_PSEUDO_FUNC (git-fixes)
- bpf: Add extra path pointer check to d_path helper (git-fixes).
- bpf: Fix UAF in task local storage (bsc#1212564).
- btrfs: unset reloc control if transaction commit fails in prepare_to_relocate() (bsc#1212051 CVE-2023-3111).
- bus: fsl-mc: fsl-mc-allocator: Drop a write-only variable (git-fixes).
- bus: ti-sysc: Fix dispc quirk masking bool variables (git-fixes).
- can: isotp: isotp_sendmsg(): fix return error fix on TX path (git-fixes).
- can: j1939: avoid possible use-after-free when j1939_can_rx_register fails (git-fixes).
- can: j1939: change j1939_netdev_lock type to mutex (git-fixes).
- can: j1939: j1939_sk_send_loop_abort(): improved error queue handling in J1939 Socket (git-fixes).
- can: kvaser_pciefd: Remove handler for unused KVASER_PCIEFD_PACK_TYPE_EFRAME_ACK (git-fixes).
- can: kvaser_pciefd: Remove useless write to interrupt register (git-fixes).
- can: length: fix bitstuffing count (git-fixes).
- can: length: fix description of the RRS field (git-fixes).
- can: length: make header self contained (git-fixes).
- ceph: fix use-after-free bug for inodes when flushing capsnaps (bsc#1212540).
- cgroup: Use cgroup_attach_{lock,unlock}() from cgroup_attach_task_all() (bsc#1212563).
- cgroup: always put cset in cgroup_css_set_put_fork (bsc#1212561).
- cgroup: fix missing cpus_read_{lock,unlock}() in cgroup_transfer_tasks() (bsc#1212563).
- clk: Fix memory leak in devm_clk_notifier_register() (git-fixes).
- clk: cdce925: check return value of kasprintf() (git-fixes).
- clk: imx: clk-imx8mn: fix memory leak in imx8mn_clocks_probe (git-fixes).
- clk: imx: clk-imx8mp: improve error handling in imx8mp_clocks_probe() (git-fixes).
- clk: imx: scu: use _safe list iterator to avoid a use after free (git-fixes).
- clk: keystone: sci-clk: check return value of kasprintf() (git-fixes).
- clk: samsung: Add Exynos4212 compatible to CLKOUT driver (git-fixes).
- clk: si5341: check return value of {devm_}kasprintf() (git-fixes).
- clk: si5341: free unused memory on probe failure (git-fixes).
- clk: si5341: return error if one synth clock registration fails (git-fixes).
- clk: tegra: tegra124-emc: Fix potential memory leak (git-fixes).
- clk: ti: clkctrl: check return value of kasprintf() (git-fixes).
- clk: vc5: check memory returned by kasprintf() (git-fixes).
- clocksource/drivers/cadence-ttc: Fix memory leak in ttc_timer_probe (git-fixes).
- crypto: marvell/cesa - Fix type mismatch warning (git-fixes).
- crypto: nx - fix build warnings when DEBUG_FS is not enabled (git-fixes).
- dmaengine: at_xdmac: Move the free desc to the tail of the desc list (git-fixes).
- dmaengine: at_xdmac: fix potential Oops in at_xdmac_prep_interleaved() (git-fixes).
- dmaengine: pl330: rename _start to prevent build error (git-fixes).
- drivers: meson: secure-pwrc: always enable DMA domain (git-fixes).
- drm/amd/display: Add logging for display MALL refresh setting (git-fixes).
- drm/amd/display: Add minimal pipe split transition state (git-fixes).
- drm/amd/display: Add wrapper to call planes and stream update (git-fixes).
- drm/amd/display: Explicitly specify update type per plane info change (git-fixes).
- drm/amd/display: Fix artifacting on eDP panels when engaging freesync video mode (git-fixes).
- drm/amd/display: Use dc_update_planes_and_stream (git-fixes).
- drm/amd/display: drop redundant memset() in get_available_dsc_slices() (git-fixes).
- drm/amd/display: edp do not add non-edid timings (git-fixes).
- drm/amd/display: fix the system hang while disable PSR (git-fixes).
- drm/amd/pm: Fix power context allocation in SMU13 (git-fixes).
- drm/amd/pm: reverse mclk and fclk clocks levels for renoir (git-fixes).
- drm/amd/pm: reverse mclk and fclk clocks levels for vangogh (git-fixes).
- drm/amd/pm: reverse mclk and fclk clocks levels for yellow carp (git-fixes).
- drm/amdgpu: Use the default reset when loading or reloading the driver (git-fixes).
- drm/amdgpu: fix xclk freq on CHIP_STONEY (git-fixes).
- drm/amdgpu: release gpu full access after 'amdgpu_device_ip_late_init' (git-fixes).
- drm/amdgpu: skip disabling fence driver src_irqs when device is unplugged (git-fixes).
- drm/amdkfd: Fix potential deallocation of previously deallocated memory (git-fixes).
- drm/ast: Fix ARM compatibility (git-fixes).
- drm/bridge: tc358768: always enable HS video mode (git-fixes).
- drm/bridge: tc358768: fix PLL parameters computation (git-fixes).
- drm/bridge: tc358768: fix PLL target frequency (git-fixes).
- drm/bridge: tc358768: fix TCLK_ZEROCNT computation (git-fixes).
- drm/bridge: tc358768: fix TXTAGOCNT computation (git-fixes).
- drm/exynos: fix race condition UAF in exynos_g2d_exec_ioctl (git-fixes).
- drm/exynos: vidi: fix a wrong error return (git-fixes).
- drm/i915/gt: Use the correct error value when kernel_context() fails (git-fixes).
- drm/i915/gvt: remove unused variable gma_bottom in command parser (git-fixes).
- drm/i915/selftests: Add some missing error propagation (git-fixes).
- drm/i915/selftests: Increase timeout for live_parallel_switch (git-fixes).
- drm/i915/selftests: Stop using kthread_stop() (git-fixes).
- drm/i915: Explain the magic numbers for AUX SYNC/precharge length (git-fixes).
- drm/i915: Use 18 fast wake AUX sync len (git-fixes).
- drm/msm/adreno: fix sparse warnings in a6xx code (git-fixes).
- drm/msm/dp: Free resources after unregistering them (git-fixes).
- drm/msm/dpu: correct MERGE_3D length (git-fixes).
- drm/msm/dpu: do not enable color-management if DSPPs are not available (git-fixes).
- drm/msm/dsi: do not allow enabling 14nm VCO with unprogrammed rate (git-fixes).
- drm/msm: Be more shouty if per-process pgtables are not working (git-fixes).
- drm/msm: Set max segment size earlier (git-fixes).
- drm/nouveau/dp: check for NULL nv_connector->native_mode (git-fixes).
- drm/nouveau: add nv_encoder pointer check for NULL (git-fixes).
- drm/nouveau: do not detect DSM for non-NVIDIA device (git-fixes).
- drm/panel: sharp-ls043t1le01: adjust mode settings (git-fixes).
- drm/panel: simple: fix active size for Ampire AM-480272H3TMQW-T01H (git-fixes).
- drm/radeon: fix possible division-by-zero errors (git-fixes).
- drm/radeon: fix race condition UAF in radeon_gem_set_domain_ioctl (git-fixes).
- drm/rockchip: vop: Leave vblank enabled in self-refresh (git-fixes).
- drm/vram-helper: fix function names in vram helper doc (git-fixes).
- drm: sun4i_tcon: use devm_clk_get_enabled in `sun4i_tcon_init_clocks` (git-fixes).
- drm:amd:amdgpu: Fix missing buffer object unlock in failure path (git-fixes).
- dt-bindings: i3c: silvaco,i3c-master: fix missing schema restriction (git-fixes).
- eeprom: at24: also select REGMAP (git-fixes).
- elf: correct note name comment (git-fixes).
- ext4: unconditionally enable the i_version counter (bsc#1211299).
- extcon: Fix kernel doc of property capability fields to avoid warnings (git-fixes).
- extcon: Fix kernel doc of property fields to avoid warnings (git-fixes).
- extcon: usbc-tusb320: Add USB TYPE-C support (git-fixes).
- extcon: usbc-tusb320: Call the Type-C IRQ handler only if a port is registered (git-fixes).
- extcon: usbc-tusb320: Unregister typec port on driver removal (git-fixes).
- extcon: usbc-tusb320: Update state on probe even if no IRQ pending (git-fixes).
- fbcon: Fix null-ptr-deref in soft_cursor (git-fixes).
- fbdev: Prevent possible use-after-free in fb_release() (bsc#1152472) Backporting changes: * replace refcount_read() with atomic_read()
- fbdev: fbcon: Destroy mutex on freeing struct fb_info (bsc#1152489)
- fbdev: imsttfb: Fix use after free bug in imsttfb_probe (git-fixes bsc#1211387).
- fbdev: modedb: Add 1920x1080 at 60 Hz video mode (git-fixes).
- fbdev: omapfb: lcd_mipid: Fix an error handling path in mipid_spi_probe() (git-fixes).
- fbdev: stifb: Fix info entry in sti_struct on error path (git-fixes).
- firmware: arm_ffa: Set handle field to zero in memory descriptor (git-fixes).
- firmware: stratix10-svc: Fix a potential resource leak in svc_create_memory_pool() (git-fixes).
- fs/jfs: fix shift exponent db_agl2size negative (git-fixes).
- fs: hfsplus: fix UAF issue in hfsplus_put_super (git-fixes).
- fs: jfs: fix possible NULL pointer dereference in dbFree() (git-fixes).
- fs: jfs: fix shift-out-of-bounds in dbAllocAG (git-fixes).
- fs: jfs: fix shift-out-of-bounds in dbDiscardAG (git-fixes).
- fs: sysv: Fix sysv_nblocks() returns wrong value (git-fixes).
- gfs2: Do not deref jdesc in evict (bsc#1212265 CVE-2023-3212).
- hfs/hfsplus: avoid WARN_ON() for sanity check, use proper error handling (git-fixes).
- hfs/hfsplus: use WARN_ON for sanity check (git-fixes).
- hfs: Fix OOB Write in hfs_asc2mac (git-fixes).
- hfs: fix OOB Read in __hfs_brec_find (git-fixes).
- hfs: fix missing hfs_bnode_get() in __hfs_bnode_create (git-fixes).
- hfsplus: fix bug causing custom uid and gid being unable to be assigned with mount (git-fixes).
- hid: amd_sfh: Add missing check for dma_alloc_coherent (bsc#1212605 CVE-2023-3357).
- hid: google: add jewel USB id (git-fixes).
- hid: logitech-hidpp: add HIDPP_QUIRK_DELAYED_INIT for the T651 (git-fixes).
- hid: wacom: Add error check to wacom_parse_and_register() (git-fixes).
- hwmon: (gsc-hwmon) fix fan pwm temperature scaling (git-fixes).
- hwrng: imx-rngc - fix the timeout for init and self check (git-fixes).
- hwrng: st - keep clock enabled while hwrng is registered (git-fixes).
- i2c: imx-lpi2c: fix type char overflow issue when calculating the clock cycle (git-fixes).
- i2c: mv64xxx: Fix reading invalid status value in atomic mode (git-fixes).
- i2c: qup: Add missing unwind goto in qup_i2c_probe() (git-fixes).
- i2c: sprd: Delete i2c adapter in .remove's error path (git-fixes).
- iavf: remove mask from iavf_irq_enable_queues() (git-fixes).
- ib/hfi1: Fix wrong mmu_node used for user SDMA packet after invalidate (git-fixes)
- ib/isert: Fix dead lock in ib_isert (git-fixes)
- ib/isert: Fix incorrect release of isert connection (git-fixes)
- ib/isert: Fix possible list corruption in CMA handler (git-fixes)
- ib/rdmavt: add missing locks in rvt_ruc_loopback (git-fixes)
- ib/uverbs: Fix to consider event queue closing also upon non-blocking mode (git-fixes)
- ibmvnic: Do not reset dql stats on NON_FATAL err (bsc#1212603 ltc#202604).
- ice, xsk: Diversify return values from xsk_wakeup call paths (git-fixes).
- ice: Do not double unplug aux on peer initiated reset (git-fixes).
- ice: Do not use WQ_MEM_RECLAIM flag for workqueue (git-fixes).
- ice: Fix DSCP PFC TLV creation (git-fixes).
- ice: Fix XDP memory leak when NIC is brought up and down (git-fixes).
- ice: Fix ice_xdp_xmit() when XDP TX queue number is not sufficient (git-fixes).
- ice: Fix memory corruption in VF driver (git-fixes).
- ice: Ignore EEXIST when setting promisc mode (git-fixes).
- ice: Prevent set_channel from changing queues while RDMA active (git-fixes).
- ice: Reset FDIR counter in FDIR init stage (git-fixes).
- ice: add profile conflict check for AVF FDIR (git-fixes).
- ice: block LAN in case of VF to VF offload (git-fixes).
- ice: config netdev tc before setting queues number (git-fixes).
- ice: copy last block omitted in ice_get_module_eeprom() (git-fixes).
- ice: ethtool: Prohibit improper channel config for DCB (git-fixes).
- ice: ethtool: advertise 1000M speeds properly (git-fixes).
- ice: fix invalid check for empty list in ice_sched_assoc_vsi_to_agg() (git-fixes).
- ice: fix wrong fallback logic for FDIR (git-fixes).
- ice: handle E822 generic device ID in PLDM header (git-fixes).
- ice: switch: fix potential memleak in ice_add_adv_recipe() (git-fixes).
- ice: use bitmap_free instead of devm_kfree (git-fixes).
- ice: xsk: use Rx ring's XDP ring when picking NAPI context (git-fixes).
- ieee802154: hwsim: Fix possible memory leaks (git-fixes).
- ifcvf/vDPA: fix misuse virtio-net device config size for blk dev (jsc#SLE-19253).
- igb: fix bit_shift to be in [1..8] range (git-fixes).
- igb: fix nvm.ops.read() error handling (git-fixes).
- igc: Clean the TX buffer and TX descriptor ring (git-fixes).
- igc: Fix possible system crash when loading module (git-fixes).
- iio: accel: fxls8962af: errata bug only applicable for FXLS8962AF (git-fixes).
- iio: accel: fxls8962af: fixup buffer scan element type (git-fixes).
- iio: adc: ad7192: Fix internal/external clock selection (git-fixes).
- iio: adc: ad7192: Fix null ad7192_state pointer access (git-fixes).
- init, x86: Move mem_encrypt_init() into arch_cpu_finalize_init() (bsc#1212448).
- init: Invoke arch_cpu_finalize_init() earlier (bsc#1212448).
- init: Provide arch_cpu_finalize_init() (bsc#1212448).
- init: Remove check_bugs() leftovers (bsc#1212448).
- input: adxl34x - do not hardcode interrupt trigger type (git-fixes).
- input: drv260x - fix typo in register value define (git-fixes).
- input: drv260x - remove unused .reg_defaults (git-fixes).
- input: drv260x - sleep between polling GO bit (git-fixes).
- input: fix open count when closing inhibited device (git-fixes).
- input: psmouse - fix OOB access in Elantech protocol (git-fixes).
- input: soc_button_array - add invalid acpi_index DMI quirk handling (git-fixes).
- input: xpad - delete a Razer DeathAdder mouse VID/PID entry (git-fixes).
- integrity: Fix possible multiple allocation in integrity_inode_get() (git-fixes).
- io_uring: hold uring mutex around poll removal (bsc#1212838 CVE-2023-3389).
- ipvlan:Fix out-of-bounds caused by unclear skb->cb (bsc#1212842 CVE-2023-3090).
- irqchip/clps711x: Remove unused clps711x_intc_init() function (git-fixes).
- irqchip/ftintc010: Mark all function static (git-fixes).
- irqchip/jcore-aic: Fix missing allocation of IRQ descriptors (git-fixes).
- jfs: Fix fortify moan in symlink (git-fixes).
- kernel-binary: Add back kernel-default-base guarded by option Add configsh option for splitting off kernel-default-base, and for not signing the kernel on non-efi
- kernel-docs: Add buildrequires on python3-base when using python3 The python3 binary is provided by python3-base.
- kernel-docs: Use python3 together with python3-Sphinx (bsc#1212741).
- kprobe: reverse kp->flags when arm_kprobe failed (git-fixes).
- kprobes: Fix check for probe enabled in kill_kprobe() (git-fixes).
- kprobes: Fix to handle forcibly unoptimized kprobes on freeing_list (git-fixes).
- kprobes: Forbid probing on trampoline and BPF code areas (git-fixes).
- kprobes: Prohibit probes in gate area (git-fixes).
- kprobes: Skip clearing aggrprobe's post_handler in kprobe-on-ftrace case (git-fixes).
- kprobes: do not call disarm_kprobe() for disabled kprobes (git-fixes).
- kvm: arm64: Do not hypercall before EL2 init (git-fixes)
- kvm: arm64: Propagate errors from __pkvm_prot_finalize hypercall (git-fixes)
- kvm: arm64: Save PSTATE early on exit (git-fixes)
- kvm: arm64: vgic: Read HW interrupt pending state from the HW (git-fixes)
- lpfc: Account for fabric domain ctlr device loss recovery (bsc#1211346, bsc#1211852).
- lpfc: Change firmware upgrade logging to KERN_NOTICE instead of TRACE_EVENT (bsc#1211852).
- lpfc: Clean up SLI-4 CQE status handling (bsc#1211852).
- lpfc: Clear NLP_IN_DEV_LOSS flag if already in rediscovery (bsc#1211852).
- lpfc: Copyright updates for 14.2.0.13 patches (bsc#1211852).
- lpfc: Enhance congestion statistics collection (bsc#1211852).
- lpfc: Fix use-after-free rport memory access in lpfc_register_remote_port (bsc#1211852, bsc#1208410, bsc#1211346).
- lpfc: Revise NPIV ELS unsol rcv cmpl logic to drop ndlp based on nlp_state (bsc#1211852).
- lpfc: Update lpfc version to 14.2.0.13 (bsc#1211852).
- mailbox: mailbox-test: Fix potential double-free in mbox_test_message_write() (git-fixes).
- mailbox: mailbox-test: fix a locking issue in mbox_test_message_write() (git-fixes).
- mailbox: ti-msgmgr: Fill non-message tx data fields with 0x0 (git-fixes).
- media: cec: core: do not set last_initiator if tx in progress (git-fixes).
- media: dvb-usb-v2: ce6230: fix null-ptr-deref in ce6230_i2c_master_xfer() (git-fixes).
- media: dvb-usb-v2: ec168: fix null-ptr-deref in ec168_i2c_xfer() (git-fixes).
- media: dvb-usb-v2: rtl28xxu: fix null-ptr-deref in rtl28xxu_i2c_xfer (git-fixes).
- media: dvb-usb: az6027: fix three null-ptr-deref in az6027_i2c_xfer() (git-fixes).
- media: dvb-usb: digitv: fix null-ptr-deref in digitv_i2c_xfer() (git-fixes).
- media: dvb-usb: dw2102: fix uninit-value in su3000_read_mac_address (git-fixes).
- media: dvb_ca_en50221: fix a size write bug (git-fixes).
- media: dvb_demux: fix a bug for the continuity counter (git-fixes).
- media: mn88443x: fix !CONFIG_OF error by drop of_match_ptr from ID table (git-fixes).
- media: netup_unidvb: fix irq init by register it at the end of probe (git-fixes).
- memory: brcmstb_dpfe: fix testing array offset after use (git-fixes).
- meson saradc: fix clock divider mask length (git-fixes).
- mfd: intel-lpss: Add missing check for platform_get_resource (git-fixes).
- mfd: pm8008: Fix module autoloading (git-fixes).
- mfd: rt5033: Drop rt5033-battery sub-device (git-fixes).
- mfd: stmfx: Fix error path in stmfx_chip_init (git-fixes).
- mfd: stmfx: Nullify stmfx->vdd in case of error (git-fixes).
- mfd: stmpe: Only disable the regulators if they are enabled (git-fixes).
- misc: fastrpc: Create fastrpc scalar with correct buffer count (git-fixes).
- misc: pci_endpoint_test: Free IRQs before removing the device (git-fixes).
- misc: pci_endpoint_test: Re-init completion for every test (git-fixes).
- mlx5: do not use RT_TOS for IPv6 flowlabel (jsc#SLE-19253).
- mlxfw: fix null-ptr-deref in mlxfw_mfa2_tlv_next() (git-fixes).
- mm/vmalloc: do not output a spurious warning when huge vmalloc() fails (bsc#1211410).
- mm: Move mm_cachep initialization to mm_init() (bsc#1212448).
- mm: vmalloc: avoid warn_alloc noise caused by fatal signal (bsc#1211410).
- mmc: bcm2835: fix deferred probing (git-fixes).
- mmc: meson-gx: remove redundant mmc_request_done() call from irq context (git-fixes).
- mmc: mmci: Set PROBE_PREFER_ASYNCHRONOUS (git-fixes).
- mmc: mmci: stm32: fix max busy timeout calculation (git-fixes).
- mmc: mtk-sd: fix deferred probing (git-fixes).
- mmc: mvsdio: fix deferred probing (git-fixes).
- mmc: omap: fix deferred probing (git-fixes).
- mmc: omap_hsmmc: fix deferred probing (git-fixes).
- mmc: owl: fix deferred probing (git-fixes).
- mmc: sdhci-acpi: fix deferred probing (git-fixes).
- mmc: sdhci-msm: Disable broken 64-bit DMA on MSM8916 (git-fixes).
- mmc: sdhci-spear: fix deferred probing (git-fixes).
- mmc: sh_mmcif: fix deferred probing (git-fixes).
- mmc: sunxi: fix deferred probing (git-fixes).
- mmc: usdhi60rol0: fix deferred probing (git-fixes).
- mtd: rawnand: meson: fix unaligned DMA buffers handling (git-fixes).
- net/mlx5: Add forgotten cleanup calls into mlx5_init_once() error path (jsc#SLE-19253).
- net/mlx5: Allow async trigger completion execution on single CPU systems (jsc#SLE-19253).
- net/mlx5: Allow future addition of IPsec object modifiers (jsc#SLE-19253).
- net/mlx5: Avoid false positive lockdep warning by adding lock_class_key (jsc#SLE-19253).
- net/mlx5: Avoid recovery in probe flows (jsc#SLE-19253).
- net/mlx5: Bridge, fix ageing of peer FDB entries (jsc#SLE-19253).
- net/mlx5: Bridge, verify LAG state when adding bond to bridge (jsc#SLE-19253).
- net/mlx5: DR, Check force-loopback RC QP capability independently from RoCE (jsc#SLE-19253).
- net/mlx5: DR, Fix crc32 calculation to work on big-endian (BE) CPUs (jsc#SLE-19253).
- net/mlx5: DR, Fix missing flow_source when creating multi-destination FW table (jsc#SLE-19253).
- net/mlx5: Devcom, fix error flow in mlx5_devcom_register_device (jsc#SLE-19253).
- net/mlx5: Do not advertise IPsec netdev support for non-IPsec device (jsc#SLE-19253).
- net/mlx5: Do not use already freed action pointer (jsc#SLE-19253).
- net/mlx5: E-Switch, Fix an Oops in error handling code (jsc#SLE-19253).
- net/mlx5: E-Switch, properly handle ingress tagged packets on VST (jsc#SLE-19253).
- net/mlx5: E-switch, Create per vport table based on devlink encap mode (jsc#SLE-19253).
- net/mlx5: E-switch, Do not destroy indirect table in split rule (jsc#SLE-19253).
- net/mlx5: E-switch, Fix missing set of split_count when forward to ovs internal port (jsc#SLE-19253).
- net/mlx5: E-switch, Fix setting of reserved fields on MODIFY_SCHEDULING_ELEMENT (jsc#SLE-19253).
- net/mlx5: Enhance debug print in page allocation failure (jsc#SLE-19253).
- net/mlx5: Fix FW tracer timestamp calculation (jsc#SLE-19253).
- net/mlx5: Fix RoCE setting at HCA level (jsc#SLE-19253).
- net/mlx5: Fix crash during sync firmware reset (jsc#SLE-19253).
- net/mlx5: Fix error message when failing to allocate device memory (jsc#SLE-19253).
- net/mlx5: Fix handling of entry refcount when command is not issued to FW (jsc#SLE-19253).
- net/mlx5: Fix possible use-after-free in async command interface (jsc#SLE-19253).
- net/mlx5: Fix ptp max frequency adjustment range (jsc#SLE-19253).
- net/mlx5: Fix steering rules cleanup (jsc#SLE-19253).
- net/mlx5: Fix uninitialized variable bug in outlen_write() (jsc#SLE-19253).
- net/mlx5: Geneve, Fix handling of Geneve object id as error code (jsc#SLE-19253).
- net/mlx5: Initialize flow steering during driver probe (jsc#SLE-19253).
- net/mlx5: Read embedded cpu after init bit cleared (jsc#SLE-19253).
- net/mlx5: Read the TC mapping of all priorities on ETS query (jsc#SLE-19253).
- net/mlx5: Rearm the FW tracer after each tracer event (jsc#SLE-19253).
- net/mlx5: SF, Drain health before removing device (jsc#SLE-19253).
- net/mlx5: SF: Fix probing active SFs during driver probe phase (jsc#SLE-19253).
- net/mlx5: Serialize module cleanup with reload and remove (jsc#SLE-19253).
- net/mlx5: Wait for firmware to enable CRS before pci_restore_state (jsc#SLE-19253).
- net/mlx5: add IFC bits for bypassing port select flow table (git-fixes)
- net/mlx5: check attr pointer validity before dereferencing it (jsc#SLE-19253).
- net/mlx5: correct ECE offset in query qp output (jsc#SLE-19253).
- net/mlx5: fix missing mutex_unlock in mlx5_fw_fatal_reporter_err_work() (jsc#SLE-19253).
- net/mlx5: fs, fail conflicting actions (jsc#SLE-19253).
- net/mlx5: fw_tracer, Clear load bit when freeing string DBs buffers (jsc#SLE-19253).
- net/mlx5: fw_tracer, Fix event handling (jsc#SLE-19253).
- net/mlx5: fw_tracer, Zero consumer index when reloading the tracer (jsc#SLE-19253).
- net/mlx5e: Always clear dest encap in neigh-update-del (jsc#SLE-19253).
- net/mlx5e: Avoid false lock dependency warning on tc_ht even more (jsc#SLE-19253).
- net/mlx5e: Block entering switchdev mode with ns inconsistency (jsc#SLE-19253).
- net/mlx5e: Do not attach netdev profile while handling internal error (jsc#SLE-19253).
- net/mlx5e: Do not increment ESN when updating IPsec ESN state (jsc#SLE-19253).
- net/mlx5e: Do not support encap rules with gbp option (jsc#SLE-19253).
- net/mlx5e: E-Switch, Fix comparing termination table instance (jsc#SLE-19253).
- net/mlx5e: Extend SKB room check to include PTP-SQ (jsc#SLE-19253).
- net/mlx5e: Fix MPLSoUDP encap to use MPLS action information (jsc#SLE-19253).
- net/mlx5e: Fix SQ wake logic in ptp napi_poll context (jsc#SLE-19253).
- net/mlx5e: Fix capability check for updating vnic env counters (jsc#SLE-19253).
- net/mlx5e: Fix error handling in mlx5e_refresh_tirs (jsc#SLE-19253).
- net/mlx5e: Fix hw mtu initializing at XDP SQ allocation (jsc#SLE-19253).
- net/mlx5e: Fix the value of MLX5E_MAX_RQ_NUM_MTTS (jsc#SLE-19253).
- net/mlx5e: Fix use-after-free when reverting termination table (jsc#SLE-19253).
- net/mlx5e: Fix wrong application of the LRO state (jsc#SLE-19253).
- net/mlx5e: Fix wrong tc flag used when set hw-tc-offload off (jsc#SLE-19253).
- net/mlx5e: IPoIB, Do not allow CQE compression to be turned on by default (jsc#SLE-19253).
- net/mlx5e: IPoIB, Show unknown speed instead of error (jsc#SLE-19253).
- net/mlx5e: Modify slow path rules to go to slow fdb (jsc#SLE-19253).
- net/mlx5e: QoS, Fix wrongfully setting parent_element_id on MODIFY_SCHEDULING_ELEMENT (jsc#SLE-19253).
- net/mlx5e: Set uplink rep as NETNS_LOCAL (jsc#SLE-19253).
- net/mlx5e: TC, Fix ct_clear overwriting ct action metadata (jsc#SLE-19253).
- net/mlx5e: Update rx ring hw mtu upon each rx-fcs flag change (jsc#SLE-19253).
- net/mlx5e: Verify flow_source cap before using it (jsc#SLE-19253).
- net/mlx5e: do as little as possible in napi poll when budget is 0 (jsc#SLE-19253).
- net/mlx5e: kTLS, Fix build time constant test in RX (jsc#SLE-19253).
- net/mlx5e: kTLS, Fix build time constant test in TX (jsc#SLE-19253).
- net/net_failover: fix txq exceeding warning (git-fixes).
- net/sched: fix initialization order when updating chain 0 head (git-fixes).
- net/sched: flower: fix possible OOB write in fl_set_geneve_opt() (git-fixes).
- net/sched: sch_netem: Fix arithmetic in netem_dump() for 32-bit platforms (git-fixes).
- net/sched: tcindex: Do not use perfect hashing (bsc#1210335 CVE-2023-1829).
- net: ena: Account for the number of processed bytes in XDP (git-fixes).
- net: ena: Do not register memory info on XDP exchange (git-fixes).
- net: ena: Fix rx_copybreak value update (git-fixes).
- net: ena: Fix toeplitz initial hash value (git-fixes).
- net: ena: Set default value for RX interrupt moderation (git-fixes).
- net: ena: Update NUMA TPH hint register upon NUMA node update (git-fixes).
- net: ena: Use bitmask to indicate packet redirection (git-fixes).
- net: hns3: add interrupts re-initialization while doing VF FLR (git-fixes).
- net: hns3: fix output information incomplete for dumping tx queue info with debugfs (git-fixes).
- net: hns3: fix reset delay time to avoid configuration timeout (git-fixes).
- net: hns3: fix sending pfc frames after reset issue (git-fixes).
- net: hns3: fix tm port shapping of fibre port is incorrect after driver initialization (git-fixes).
- net: mlx5: eliminate anonymous module_init & module_exit (jsc#SLE-19253).
- net: sched: fix possible refcount leak in tc_chain_tmplt_add() (git-fixes).
- net: usb: qmi_wwan: add support for Compal RXM-G1 (git-fixes).
- nfcsim.c: Fix error checking for debugfs_create_dir (git-fixes).
- nfp: only report pause frame configuration for physical device (git-fixes).
- nilfs2: fix buffer corruption due to concurrent device reads (git-fixes).
- nilfs2: fix incomplete buffer cleanup in nilfs_btnode_abort_change_key() (git-fixes).
- nilfs2: fix possible out-of-bounds segment allocation in resize ioctl (git-fixes).
- nouveau: fix client work fence deletion race (git-fixes).
- nvme-core: fix dev_pm_qos memleak (git-fixes).
- nvme-core: fix memory leak in dhchap_ctrl_secret (git-fixes).
- nvme-core: fix memory leak in dhchap_secret_store (git-fixes).
- nvme-pci: add quirk for missing secondary temperature thresholds (git-fixes).
- nvme: double KA polling frequency to avoid KATO with TBKAS on (git-fixes).
- ocfs2: fix defrag path triggering jbd2 ASSERT (git-fixes).
- ocfs2: fix freeing uninitialized resource on ocfs2_dlm_shutdown (git-fixes).
- ocfs2: fix non-auto defrag path not working issue (git-fixes).
- octeontx2-pf: Avoid use of GFP_KERNEL in atomic context (git-fixes).
- octeontx2-pf: Fix resource leakage in VF driver unbind (git-fixes).
- octeontx2-pf: Fix the use of GFP_KERNEL in atomic context on rt (git-fixes).
- octeontx2-pf: Recalculate UDP checksum for ptp 1-step sync packet (git-fixes).
- pci/aspm: Disable ASPM on MFD function removal to avoid use-after-free (git-fixes).
- pci: Add pci_clear_master() stub for non-CONFIG_PCI (git-fixes).
- pci: Release resource invalidated by coalescing (git-fixes).
- pci: cadence: Fix Gen2 Link Retraining process (git-fixes).
- pci: endpoint: Add missing documentation about the MSI/MSI-X range (git-fixes).
- pci: ftpci100: Release the clock resources (git-fixes).
- pci: pciehp: Cancel bringup sequence if card is not present (git-fixes).
- pci: qcom: Disable write access to read only registers for IP v2.3.3 (git-fixes).
- pci: rockchip: Add poll and timeout to wait for PHY PLLs to be locked (git-fixes).
- pci: rockchip: Assert PCI Configuration Enable bit after probe (git-fixes).
- pci: rockchip: Fix legacy IRQ generation for RK3399 PCIe endpoint core (git-fixes).
- pci: rockchip: Set address alignment for endpoint mode (git-fixes).
- pci: rockchip: Use u32 variable to access 32-bit registers (git-fixes).
- pci: rockchip: Write PCI Device ID to correct register (git-fixes).
- pci: vmd: Reset VMD config register between soft reboots (git-fixes).
- pinctrl: at91-pio4: check return value of devm_kasprintf() (git-fixes).
- pinctrl: cherryview: Return correct value if pin in push-pull mode (git-fixes).
- pinctrl: meson-axg: add missing GPIOA_18 gpio group (git-fixes).
- pinctrl: microchip-sgpio: check return value of devm_kasprintf() (git-fixes).
- platform/surface: aggregator: Allow completion work-items to be executed in parallel (git-fixes).
- platform/x86: asus-wmi: Ignore WMI events with codes 0x7B, 0xC0 (git-fixes).
- platform/x86: intel_scu_pcidrv: Add back PCI ID for Medfield (git-fixes).
- platform/x86: think-lmi: Correct NVME password handling (git-fixes).
- platform/x86: think-lmi: Correct System password interface (git-fixes).
- platform/x86: think-lmi: mutex protection around multiple WMI calls (git-fixes).
- platform/x86: thinkpad_acpi: Fix lkp-tests warnings for platform profiles (git-fixes).
- pm: domains: fix integer overflow issues in genpd_parse_state() (git-fixes).
- power: supply: Fix logic checking if system is running from battery (git-fixes).
- power: supply: Ratelimit no data debug output (git-fixes).
- power: supply: ab8500: Fix external_power_changed race (git-fixes).
- power: supply: bq27xxx: Use mod_delayed_work() instead of cancel() + schedule() (git-fixes).
- power: supply: sc27xx: Fix external_power_changed race (git-fixes).
- powerpc/64s/radix: Fix exit lazy tlb mm switch with irqs enabled (bsc#1194869).
- powerpc/64s/radix: Fix soft dirty tracking (bsc#1065729).
- powerpc/64s: Make POWER10 and later use pause_short in cpu_relax loops (bsc#1209367 ltc#195662).
- powerpc/iommu: Limit number of TCEs to 512 for H_STUFF_TCE hcall (bsc#1194869 bsc#1212701).
- powerpc/purgatory: remove PGO flags (bsc#1194869).
- powerpc/set_memory: Avoid spinlock recursion in change_page_attr() (bsc#1194869).
- powerpc: Redefine HMT_xxx macros as empty on PPC32 (bsc#1209367 ltc#195662).
- powerpc: add ISA v3.0 / v3.1 wait opcode macro (bsc#1209367 ltc#195662).
- pstore/ram: Add check for kstrdup (git-fixes).
- qed/qede: Fix scheduling while atomic (git-fixes).
- radeon: avoid double free in ci_dpm_init() (git-fixes).
- rcu: Fix missing TICK_DEP_MASK_RCU_EXP dependency check (git-fixes).
- rdma/bnxt_re: Avoid calling wake_up threads from spin_lock context (git-fixes)
- rdma/bnxt_re: Disable/kill tasklet only if it is enabled (git-fixes)
- rdma/bnxt_re: Fix to remove an unnecessary log (git-fixes)
- rdma/bnxt_re: Fix to remove unnecessary return labels (git-fixes)
- rdma/bnxt_re: Remove a redundant check inside bnxt_re_update_gid (git-fixes)
- rdma/bnxt_re: Remove unnecessary checks (git-fixes)
- rdma/bnxt_re: Return directly without goto jumps (git-fixes)
- rdma/bnxt_re: Use unique names while registering interrupts (git-fixes)
- rdma/bnxt_re: wraparound mbox producer index (git-fixes)
- rdma/cma: Always set static rate to 0 for RoCE (git-fixes)
- rdma/hns: Fix hns_roce_table_get return value (git-fixes)
- rdma/irdma: avoid fortify-string warning in irdma_clr_wqes (git-fixes)
- rdma/mlx5: Do not set tx affinity when lag is in hash mode (git-fixes)
- rdma/mlx5: Fix affinity assignment (git-fixes)
- rdma/mlx5: Initiate dropless RQ for RAW Ethernet functions (git-fixes)
- rdma/mlx5: Rely on RoCE fw cap instead of devlink when setting profile (jsc#SLE-19253).
- rdma/rtrs-clt: Replace list_next_or_null_rr_rcu with an inline function (git-fixes)
- rdma/rtrs-srv: Pass the correct number of entries for dma mapped SGL (git-fixes)
- rdma/rtrs: Fix rxe_dealloc_pd warning (git-fixes)
- rdma/rtrs: Fix the last iu->buf leak in err path (git-fixes)
- rdma/rxe: Fix packet length checks (git-fixes)
- rdma/rxe: Fix ref count error in check_rkey() (git-fixes)
- rdma/rxe: Fix rxe_cq_post (git-fixes)
- rdma/rxe: Fix the error 'trying to register non-static key in rxe_cleanup_task' (git-fixes)
- rdma/rxe: Fix the use-before-initialization error of resp_pkts (git-fixes)
- rdma/rxe: Remove dangling declaration of rxe_cq_disable() (git-fixes)
- rdma/rxe: Remove the unused variable obj (git-fixes)
- rdma/rxe: Removed unused name from rxe_task struct (git-fixes)
- rdma/uverbs: Restrict usage of privileged QKEYs (git-fixes)
- rdma/vmw_pvrdma: Remove unnecessary check on wr->opcode (git-fixes)
- regmap: Account for register length when chunking (git-fixes).
- regmap: spi-avmm: Fix regmap_bus max_raw_write (git-fixes).
- regulator: Fix error checking for debugfs_create_dir (git-fixes).
- regulator: core: Fix more error checking for debugfs_create_dir() (git-fixes).
- regulator: core: Streamline debugfs operations (git-fixes).
- regulator: helper: Document ramp_delay parameter of regulator_set_ramp_delay_regmap() (git-fixes).
- regulator: pca9450: Fix LDO3OUT and LDO4OUT MASK (git-fixes).
- reiserfs: Add missing calls to reiserfs_security_free() (git-fixes).
- reiserfs: Add security prefix to xattr name in reiserfs_security_write() (git-fixes).
- revert 'squashfs: harden sanity check in squashfs_read_xattr_id_table' (git-fixes).
- rpm/check-for-config-changes: ignore also PAHOLE_HAS_* We now also have options like CONFIG_PAHOLE_HAS_LANG_EXCLUDE.
- rpm/kernel-binary.spec.in: Fix compatibility wth newer rpm
- rpm/kernel-docs.spec.in: pass PYTHON=python3 to fix build error (bsc#1160435)
- rtc: st-lpc: Release some resources in st_rtc_probe() in case of error (git-fixes).
- s390/dasd: Use correct lock while counting channel queue length (git-fixes bsc#1212592).
- s390/gmap: voluntarily schedule during key setting (git-fixes bsc#1212892).
- s390/pkey: zeroize key blobs (git-fixes bsc#1212619).
- sched/rt: pick_next_rt_entity(): check list_entry (bsc#1208600 CVE-2023-1077)
- scsi: core: Decrease scsi_device's iorequest_cnt if dispatch failed (git-fixes).
- scsi: stex: Fix gcc 13 warnings (git-fixes).
- selftests/ptp: Fix timestamp printf format for PTP_SYS_OFFSET (git-fixes).
- serial: 8250: lock port for UART_IER access in omap8250_irq() (git-fixes).
- serial: 8250: lock port for stop_rx() in omap8250_irq() (git-fixes).
- serial: 8250: omap: Fix freeing of resources on failed register (git-fixes).
- serial: 8250_omap: Use force_suspend and resume for system suspend (git-fixes).
- serial: atmel: do not enable IRQs prematurely (git-fixes).
- serial: lantiq: add missing interrupt ack (git-fixes).
- sfc: disable RXFCS and RXALL features by default (git-fixes).
- signal/s390: Use force_sigsegv in default_trap_handler (git-fixes bsc#1212861).
- soc/fsl/qe: fix usb.c build errors (git-fixes).
- soc: samsung: exynos-pmu: Re-introduce Exynos4212 support (git-fixes).
- soundwire: dmi-quirks: add new mapping for HP Spectre x360 (git-fixes).
- spi: dw: Round of n_bytes to power of 2 (git-fixes).
- spi: fsl-dspi: avoid SCK glitches with continuous transfers (git-fixes).
- spi: lpspi: disable lpspi module irq in DMA mode (git-fixes).
- spi: qup: Request DMA before enabling clocks (git-fixes).
- spi: spi-geni-qcom: Correct CS_TOGGLE bit in SPI_TRANS_CFG (git-fixes).
- spi: tegra210-quad: Fix combined sequence (bsc#1212584)
- spi: tegra210-quad: Fix iterator outside loop (git-fixes).
- spi: tegra210-quad: Multi-cs support (bsc#1212584)
- squashfs: harden sanity check in squashfs_read_xattr_id_table (git-fixes).
- staging: octeon: delete my name from TODO contact (git-fixes).
- sunrpc: Clean up svc_deferred_class trace events (git-fixes).
- supported.conf: Move bt878 and bttv modules to kernel-*-extra (jsc#PED-3931)
- test_firmware: Use kstrtobool() instead of strtobool() (git-fixes).
- test_firmware: fix the memory leak of the allocated firmware buffer (git-fixes).
- test_firmware: prevent race conditions by a correct implementation of locking (git-fixes).
- test_firmware: return ENOMEM instead of ENOSPC on failed memory allocation (git-fixes).
- thermal/drivers/sun8i: Fix some error handling paths in sun8i_ths_probe() (git-fixes).
- thunderbolt: dma_test: Use correct value for absent rings when creating paths (git-fixes).
- tls: Skip tls_append_frag on zero copy size (git-fixes).
- tools: bpftool: Remove invalid \' json escape (git-fixes).
- tpm, tpm_tis: Request threaded interrupt handler (git-fixes).
- tracing/histograms: Allow variables to have some modifiers (git-fixes).
- tracing/probe: trace_probe_primary_from_call(): checked list_first_entry (git-fixes).
- tracing/timer: Add missing hrtimer modes to decode_hrtimer_mode() (git-fixes).
- tracing: Have event format check not flag %p* on __get_dynamic_array() (git-fixes, bsc#1212350).
- tracing: Introduce helpers to safely handle dynamic-sized sockaddrs (git-fixes).
- tracing: Update print fmt check to handle new __get_sockaddr() macro (git-fixes, bsc#1212350).
- tty: serial: imx: fix rs485 rx after tx (git-fixes).
- tty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() in case of error (git-fixes).
- tty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() when iterating clk (git-fixes).
- usb: cdns3: fix NCM gadget RX speed 20x slow than expection at iMX8QM (git-fixes).
- usb: dwc3-meson-g12a: Fix an error handling path in dwc3_meson_g12a_probe() (git-fixes).
- usb: dwc3: fix use-after-free on core driver unbind (git-fixes).
- usb: dwc3: gadget: Propagate core init errors to UDC during pullup (git-fixes).
- usb: dwc3: gadget: Reset num TRBs before giving back the request (git-fixes).
- usb: dwc3: qcom: Fix an error handling path in dwc3_qcom_probe() (git-fixes).
- usb: dwc3: qcom: Fix potential memory leak (git-fixes).
- usb: dwc3: qcom: Release the correct resources in dwc3_qcom_remove() (git-fixes).
- usb: dwc3: qcom: fix NULL-deref on suspend (git-fixes).
- usb: gadget: u_serial: Add null pointer check in gserial_suspend (git-fixes).
- usb: gadget: udc: fix NULL dereference in remove() (git-fixes).
- usb: hide unused usbfs_notify_suspend/resume functions (git-fixes).
- usb: phy: phy-tahvo: fix memory leak in tahvo_usb_probe() (git-fixes).
- usb: serial: option: add Quectel EM061KGL series (git-fixes).
- usb: typec: ucsi: Fix command cancellation (git-fixes).
- usb: xhci: Remove unused udev from xhci_log_ctx trace event (git-fixes).
- usrmerge: Adjust module path in the kernel sources (bsc#1212835).
- usrmerge: Compatibility with earlier rpm (boo#1211796)
- vdpa/mlx5: Directly assign memory key (jsc#SLE-19253).
- vdpa/mlx5: Do not clear mr struct on destroy MR (jsc#SLE-19253).
- vdpa/mlx5: Fix wrong configuration of virtio_version_1_0 (jsc#SLE-19253).
- vdpa: Fix error logic in vdpa_nl_cmd_dev_get_doit (jsc#SLE-19253).
- vhost_vdpa: support PACKED when setting-getting vring_base (jsc#SLE-19253).
- w1: fix loop in w1_fini() (git-fixes).
- w1: w1_therm: fix locking behavior in convert_t (git-fixes).
- watchdog: menz069_wdt: fix watchdog initialisation (git-fixes).
- wifi: ath9k: Fix possible stall on ath9k_txq_list_has_key() (git-fixes).
- wifi: ath9k: avoid referencing uninit memory in ath9k_wmi_ctrl_rx (git-fixes).
- wifi: ath9k: convert msecs to jiffies where needed (git-fixes).
- wifi: ath9k: do not allow to overwrite ENDPOINT0 attributes (git-fixes).
- wifi: ath9k: fix AR9003 mac hardware hang check register offset calculation (git-fixes).
- wifi: atmel: Fix an error handling path in atmel_probe() (git-fixes).
- wifi: b43: fix incorrect __packed annotation (git-fixes).
- wifi: cfg80211: fix locking in regulatory disconnect (git-fixes).
- wifi: cfg80211: fix locking in sched scan stop work (git-fixes).
- wifi: cfg80211: rewrite merging of inherited elements (git-fixes).
- wifi: iwlwifi: mvm: indicate HW decrypt for beacon protection (git-fixes).
- wifi: iwlwifi: pcie: fix NULL pointer dereference in iwl_pcie_irq_rx_msix_handler() (git-fixes).
- wifi: iwlwifi: pull from TXQs with softirqs disabled (git-fixes).
- wifi: mac80211: simplify chanctx allocation (git-fixes).
- wifi: mt76: mt7615: fix possible race in mt7615_mac_sta_poll (git-fixes).
- wifi: mwifiex: Fix the size of a memory allocation in mwifiex_ret_802_11_scan() (git-fixes).
- wifi: orinoco: Fix an error handling path in orinoco_cs_probe() (git-fixes).
- wifi: orinoco: Fix an error handling path in spectrum_cs_probe() (git-fixes).
- wifi: rsi: Do not configure WoWlan in shutdown hook if not enabled (git-fixes).
- wifi: rsi: Do not set MMC_PM_KEEP_POWER in shutdown (git-fixes).
- wifi: rtl8xxxu: fix authentication timeout due to incorrect RCR value (git-fixes).
- wifi: wilc1000: fix for absent RSN capabilities WFA testcase (git-fixes).
- writeback: fix dereferencing NULL mapping->host on writeback_page_template (git-fixes).
- x86/build: Avoid relocation information in final vmlinux (bsc#1187829).
- x86/cpu: Switch to arch_cpu_finalize_init() (bsc#1212448).
- x86/fpu: Mark init functions __init (bsc#1212448).
- x86/fpu: Move FPU initialization into arch_cpu_finalize_init() (bsc#1212448).
- x86/fpu: Remove cpuinfo argument from init functions (bsc#1212448).
- x86/init: Initialize signal frame size late (bsc#1212448).
- x86/kprobes: Fix __recover_optprobed_insn check optimizing logic (git-fixes).
- x86/kprobes: Fix arch_check_optimized_kprobe check within optimized_kprobe range (git-fixes).
- x86/microcode/amd: Remove load_microcode_amd()'s bsp parameter (git-fixes).
- x86/microcode: Print previous version of microcode after reload (git-fixes).
- x86/mm: Fix RESERVE_BRK() for older binutils (git-fixes).
- x86/mm: Fix use of uninitialized buffer in sme_enable() (git-fixes).
- x86/mm: Initialize text poking earlier (bsc#1212448).
- x86/mm: Use mm_alloc() in poking_init() (bsc#1212448).
- x86/mm: fix poking_init() for Xen PV guests (git-fixes).
- x86/sgx: Fix race between reclaimer and page fault handler (git-fixes).
- x86/sgx: Mark PCMD page as dirty when modifying contents (git-fixes).
- x86/xen: fix secondary processor fpu initialization (bsc#1212869).
- xfs: fix rm_offset flag handling in rmap keys (git-fixes).
- xfs: set bnobt/cntbt numrecs correctly when formatting new AGs (git-fixes).
ImportantSUSE bug 1065729SUSE bug 1152472SUSE bug 1152489SUSE bug 1160435SUSE bug 1187829SUSE bug 1189998SUSE bug 1194869SUSE bug 1205758SUSE bug 1208410SUSE bug 1208600SUSE bug 1209039SUSE bug 1209367SUSE bug 1210335SUSE bug 1211299SUSE bug 1211346SUSE bug 1211387SUSE bug 1211410SUSE bug 1211449SUSE bug 1211796SUSE bug 1211852SUSE bug 1212051SUSE bug 1212129SUSE bug 1212154SUSE bug 1212155SUSE bug 1212158SUSE bug 1212265SUSE bug 1212350SUSE bug 1212448SUSE bug 1212494SUSE bug 1212495SUSE bug 1212504SUSE bug 1212513SUSE bug 1212540SUSE bug 1212561SUSE bug 1212563SUSE bug 1212564SUSE bug 1212584SUSE bug 1212592SUSE bug 1212603SUSE bug 1212605SUSE bug 1212606SUSE bug 1212619SUSE bug 1212701SUSE bug 1212741SUSE bug 1212835SUSE bug 1212838SUSE bug 1212842SUSE bug 1212861SUSE bug 1212869SUSE bug 1212892CVE-2023-1077 at SUSECVE-2023-1077 at NVDCVE-2023-1249 at SUSECVE-2023-1249 at NVDCVE-2023-1829 at SUSECVE-2023-1829 at NVDCVE-2023-21102 at SUSECVE-2023-21102 at NVDCVE-2023-3090 at SUSECVE-2023-3090 at NVDCVE-2023-3111 at SUSECVE-2023-3111 at NVDCVE-2023-3141 at SUSECVE-2023-3141 at NVDCVE-2023-3161 at SUSECVE-2023-3161 at NVDCVE-2023-3212 at SUSECVE-2023-3212 at NVDCVE-2023-3357 at SUSECVE-2023-3357 at NVDCVE-2023-3358 at SUSECVE-2023-3358 at NVDCVE-2023-3389 at SUSECVE-2023-3389 at NVDCVE-2023-35788 at SUSECVE-2023-35788 at NVDCVE-2023-35823 at SUSECVE-2023-35823 at NVDCVE-2023-35828 at SUSECVE-2023-35828 at NVDCVE-2023-35829 at SUSECVE-2023-35829 at NVDcpe:/o:suse:sle-micro:5.4Security update for python-requests (Moderate)SUSE Linux Enterprise Micro 5.4
This update for python-requests fixes the following issues:
- CVE-2023-32681: Fixed unintended leak of Proxy-Authorization header (bsc#1211674).
ModerateSUSE bug 1211674CVE-2023-32681 at SUSECVE-2023-32681 at NVDcpe:/o:suse:sle-micro:5.4Security update for cni (Important)SUSE Linux Enterprise Micro 5.4
This update of cni fixes the following issues:
- rebuild the package with the go 1.20 security release (bsc#1206346).
ImportantSUSE bug 1206346cpe:/o:suse:sle-micro:5.4Security update for cni-plugins (Important)SUSE Linux Enterprise Micro 5.4
This update of cni-plugins fixes the following issues:
- rebuild the package with the go 1.20 security release (bsc#1206346).
ImportantSUSE bug 1206346cpe:/o:suse:sle-micro:5.4Security update for dbus-1 (Moderate)SUSE Linux Enterprise Micro 5.4
This update for dbus-1 fixes the following issues:
- CVE-2023-34969: Fixed a possible dbus-daemon crash by an unprivileged users (bsc#1212126).
ModerateSUSE bug 1212126CVE-2023-34969 at SUSECVE-2023-34969 at NVDcpe:/o:suse:sle-micro:5.4Security update for perl (Important)SUSE Linux Enterprise Micro 5.4
This update for perl fixes the following issues:
- CVE-2023-31484: Enable TLS cert verification in CPAN (bsc#1210999).
ImportantSUSE bug 1210999CVE-2023-31484 at SUSECVE-2023-31484 at NVDcpe:/o:suse:sle-micro:5.4Security update for curl (Moderate)SUSE Linux Enterprise Micro 5.4
This update for curl fixes the following issues:
- CVE-2023-32001: Fixed TOCTOU race condition (bsc#1213237).
ModerateSUSE bug 1213237CVE-2023-32001 at SUSECVE-2023-32001 at NVDcpe:/o:suse:sle-micro:5.4Security update for samba (Important)SUSE Linux Enterprise Micro 5.4
This update for samba fixes the following issues:
- CVE-2022-2127: Fixed issue where lm_resp_len was not checked properly in winbindd_pam_auth_crap_send (bsc#1213174).
- CVE-2023-34966: Fixed samba spotlight mdssvc RPC Request Infinite Loop Denial-of-Service Vulnerability (bsc#1213173).
- CVE-2023-34967: Fixed samba spotlight mdssvc RPC Request Type Confusion Denial-of-Service Vulnerability (bsc#1213172).
- CVE-2023-34968: Fixed spotlight server-side Share Path Disclosure (bsc#1213171).
Bugfixes:
- Fixed trust relationship failure (bsc#1213384).
ImportantSUSE bug 1213171SUSE bug 1213172SUSE bug 1213173SUSE bug 1213174SUSE bug 1213384CVE-2022-2127 at SUSECVE-2022-2127 at NVDCVE-2023-34966 at SUSECVE-2023-34966 at NVDCVE-2023-34967 at SUSECVE-2023-34967 at NVDCVE-2023-34968 at SUSECVE-2023-34968 at NVDcpe:/o:suse:sle-micro:5.4Security update for openssh (Important)SUSE Linux Enterprise Micro 5.4
This update for openssh fixes the following issues:
- CVE-2023-38408: Fixed a condition where specific libaries loaded via
ssh-agent(1)'s PKCS#11 support could be abused to achieve remote code
execution via a forwarded agent socket if those libraries were present on the
victim's system and if the agent was forwarded to an attacker-controlled
system. [bsc#1213504, CVE-2023-38408]
- Close the right filedescriptor and also close fdh in read_hmac to avoid file
descriptor leaks. [bsc#1209536]
- Attempts to mitigate instances of secrets lingering in memory after a session
exits. [bsc#1186673, bsc#1213004, bsc#1213008]
ImportantSUSE bug 1186673SUSE bug 1209536SUSE bug 1213004SUSE bug 1213008SUSE bug 1213504CVE-2023-38408 at SUSECVE-2023-38408 at NVDcpe:/o:suse:sle-micro:5.4Security update for openssl-1_1 (Moderate)SUSE Linux Enterprise Micro 5.4
This update for openssl-1_1 fixes the following issues:
- CVE-2023-3446: Fixed DH_check() excessive time with over sized modulus (bsc#1213487).
ModerateSUSE bug 1213487CVE-2023-3446 at SUSECVE-2023-3446 at NVDcpe:/o:suse:sle-micro:5.4Security update for conmon (Important)SUSE Linux Enterprise Micro 5.4
This update for conmon fixes the following issues:
conmon was updated to version 2.1.7:
- Bumped go version to 1.19 (bsc#1209307).
Bugfixes:
- Fixed leaking symbolic links in the opt_socket_path directory.
- Fixed cgroup oom issues (bsc#1208737).
- Fixed OOM watcher for cgroupv2 `oom_kill` events.
ImportantSUSE bug 1208737SUSE bug 1209307cpe:/o:suse:sle-micro:5.4Security update for cdi-apiserver-container, cdi-cloner-container, cdi-controller-container, cdi-importer-container, cdi-operator-container, cdi-uploadproxy-container, cdi-uploadserver-container, containerized-data-importer (Moderate)SUSE Linux Enterprise Micro 5.4
This update for cdi-apiserver-container, cdi-cloner-container, cdi-controller-container, cdi-importer-container, cdi-operator-container, cdi-uploadproxy-container, cdi-uploadserver-container, containerized-data-importer fixes the following issues:
This update rebuilds containerized-data-importer against the current GO security release.
Moderatecpe:/o:suse:sle-micro:5.4Security update for librsvg (Important)SUSE Linux Enterprise Micro 5.4
This update for librsvg fixes the following issues:
librsvg was updated to version 2.52.10:
- CVE-2023-38633: Fixed directory traversal in URI decoder (bsc#1213502).
ImportantSUSE bug 1213502CVE-2023-38633 at SUSECVE-2023-38633 at NVDcpe:/o:suse:sle-micro:5.4Security update for kernel-firmware (Moderate)SUSE Linux Enterprise Micro 5.4
This update for kernel-firmware fixes the following issues:
- CVE-2023-20593: Fixed AMD ucode for ZenBleed vulnerability (bsc#1213286).
ModerateSUSE bug 1213286CVE-2023-20593 at SUSECVE-2023-20593 at NVDcpe:/o:suse:sle-micro:5.4Security update for kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container (Moderate)SUSE Linux Enterprise Micro 5.4
This update for kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container fixes the following issues:
This update rebuilds the kubevirt stack with the current GO release.
Moderatecpe:/o:suse:sle-micro:5.4Security update for SUSE Manager Client Tools (Moderate)SUSE Linux Enterprise Micro 5.4
This update fixes the following issues:
python-tornado:
- Security fixes:
* CVE-2023-28370: Fixed an open redirect issue in the static file handler (bsc#1211741)
prometheus-blackbox_exporter:
- Use obscpio for go modules service
- Set version number
- Set build date from SOURCE_DATE_EPOCH
- Update to 0.24.0 (bsc#1212279, jsc#PED-4556)
* Requires go1.19
- Avoid empty validation script
- Add rc symlink for backwards compatibility
spacecmd:
- Version 4.3.22-1
* Bypass traditional systems check on older SUMA instances (bsc#1208612)
ModerateSUSE bug 1208612SUSE bug 1211741SUSE bug 1212279CVE-2023-28370 at SUSECVE-2023-28370 at NVDcpe:/o:suse:sle-micro:5.4Security update for salt (Moderate)SUSE Linux Enterprise Micro 5.4
This update for salt fixes the following issues:
Security fixes:
- CVE-2023-28370: Fix an open redirect vulnerability in 'StaticFileHandler' under certain configurations (bsc#1211741)
Bug fixes:
- Prevent error loading 'known_hosts' when '$HOME' is not set (bsc#1210994)
- Fix ModuleNotFoundError and other issues raised by salt-support module (bsc#1211591)
ModerateSUSE bug 1210994SUSE bug 1211591SUSE bug 1211741CVE-2023-28370 at SUSECVE-2023-28370 at NVDcpe:/o:suse:sle-micro:5.4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.4
The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2023-2985: Fixed an use-after-free vulnerability in hfsplus_put_super in fs/hfsplus/super.c that could allow a local user to cause a denial of service (bsc#1211867).
- CVE-2023-3117: Fixed an use-after-free vulnerability in the netfilter subsystem when processing named and anonymous sets in batch requests that could allow a local user with CAP_NET_ADMIN capability to crash or potentially escalate their privileges on the system (bsc#1213245).
- CVE-2023-3390: Fixed an use-after-free vulnerability in the netfilter subsystem in net/netfilter/nf_tables_api.c that could allow a local attacker with user access to cause a privilege escalation issue (bsc#1212846).
- CVE-2023-3812: Fixed an out-of-bounds memory access flaw in the TUN/TAP device driver functionality that could allow a local user to crash or potentially escalate their privileges on the system (bsc#1213543).
- CVE-2023-20593: Fixed a ZenBleed issue in 'Zen 2' CPUs that could allow an attacker to potentially access sensitive information (bsc#1213286).
- CVE-2023-31248: Fixed an use-after-free vulnerability in nft_chain_lookup_byid that could allow a local attacker to escalate their privilege (bsc#1213061).
- CVE-2023-35001: Fixed an out-of-bounds memory access flaw in nft_byteorder that could allow a local attacker to escalate their privilege (bsc#1213059).
The following non-security bugs were fixed:
- ACPI: utils: Fix acpi_evaluate_dsm_typed() redefinition error (git-fixes).
- ALSA: fireface: make read-only const array for model names static (git-fixes).
- ALSA: hda/realtek - remove 3k pull low procedure (git-fixes).
- ALSA: hda/realtek: Add quirk for ASUS ROG G614Jx (git-fixes).
- ALSA: hda/realtek: Add quirk for ASUS ROG GA402X (git-fixes).
- ALSA: hda/realtek: Add quirk for ASUS ROG GX650P (git-fixes).
- ALSA: hda/realtek: Add quirk for ASUS ROG GZ301V (git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo NPx0SNx (git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo NS70AU (git-fixes).
- ALSA: hda/realtek: Add quirks for Unis H3C Desktop B760 & Q760 (git-fixes).
- ALSA: hda/realtek: Add support for DELL Oasis 13/14/16 laptops (git-fixes).
- ALSA: hda/realtek: Amend G634 quirk to enable rear speakers (git-fixes).
- ALSA: hda/realtek: Enable Mute LED on HP Laptop 15s-eq2xxx (git-fixes).
- ALSA: hda/realtek: Fix generic fixup definition for cs35l41 amp (git-fixes).
- ALSA: hda/realtek: Whitespace fix (git-fixes).
- ALSA: hda: fix a possible null-pointer dereference due to data race in snd_hdac_regmap_sync() (git-fixes).
- ALSA: oxfw: make read-only const array models static (git-fixes).
- ALSA: pcm: Fix potential data race at PCM memory allocation helpers (git-fixes).
- ASoC: codecs: wcd-mbhc-v2: fix resource leaks on component remove (git-fixes).
- ASoC: codecs: wcd934x: fix resource leaks on component remove (git-fixes).
- ASoC: codecs: wcd938x: fix codec initialisation race (git-fixes).
- ASoC: codecs: wcd938x: fix dB range for HPHL and HPHR (git-fixes).
- ASoC: codecs: wcd938x: fix missing clsh ctrl error handling (git-fixes).
- ASoC: codecs: wcd938x: fix soundwire initialisation race (git-fixes).
- ASoC: tegra: Fix ADX byte map (git-fixes).
- ASoC: tegra: Fix AMX byte map (git-fixes).
- Add MODULE_FIRMWARE() for FIRMWARE_TG357766 (git-fixes).
- Documentation: ABI: sysfs-class-net-qmi: pass_through contact update (git-fixes).
- Documentation: bonding: fix the doc of peer_notif_delay (git-fixes).
- Documentation: timers: hrtimers: Make hybrid union historical (git-fixes).
- Enable NXP SNVS RTC driver for i.MX 8MQ/8MP (jsc#PED-4758)
- Fix documentation of panic_on_warn (git-fixes).
- IB/hfi1: Use bitmap_zalloc() when applicable (git-fixes)
- PCI/PM: Avoid putting EloPOS E2/S2/H2 PCIe Ports in D3cold (git-fixes).
- PCI: Add function 1 DMA alias quirk for Marvell 88SE9235 (git-fixes).
- RDMA/rxe: Fix access checks in rxe_check_bind_mw (git-fixes)
- Revert 'arm64: dts: zynqmp: Add address-cells property to interrupt (git-fixes)
- Revert 'drm/amd/display: edp do not add non-edid timings' (git-fixes).
- USB: dwc2: Fix some error handling paths (git-fixes).
- USB: dwc2: platform: Improve error reporting for problems during .remove() (git-fixes).
- USB: gadget: udc: core: Offload usb_udc_vbus_handler processing (git-fixes).
- USB: gadget: udc: core: Prevent soft_connect_store() race (git-fixes).
- USB: serial: option: add LARA-R6 01B PIDs (git-fixes).
- Update config and supported.conf files due to renaming.
- apparmor: fix missing error check for rhashtable_insert_fast (git-fixes).
- arm64/mm: mark private VM_FAULT_X defines as vm_fault_t (git-fixes)
- arm64: dts: microchip: sparx5: do not use PSCI on reference boards (git-fixes)
- arm64: vdso: Pass (void *) to virt_to_page() (git-fixes)
- arm64: xor-neon: mark xor_arm64_neon_*() static (git-fixes)
- can: bcm: Fix UAF in bcm_proc_show() (git-fixes).
- cifs: add a warning when the in-flight count goes negative (bsc#1193629).
- cifs: address unused variable warning (bsc#1193629).
- cifs: do all necessary checks for credits within or before locking (bsc#1193629).
- cifs: fix lease break oops in xfstest generic/098 (bsc#1193629).
- cifs: fix max_credits implementation (bsc#1193629).
- cifs: fix session state check in reconnect to avoid use-after-free issue (bsc#1193629).
- cifs: fix session state check in smb2_find_smb_ses (bsc#1193629).
- cifs: fix session state transition to avoid use-after-free issue (bsc#1193629).
- cifs: fix sockaddr comparison in iface_cmp (bsc#1193629).
- cifs: fix status checks in cifs_tree_connect (bsc#1193629).
- cifs: log session id when a matching ses is not found (bsc#1193629).
- cifs: new dynamic tracepoint to track ses not found errors (bsc#1193629).
- cifs: prevent use-after-free by freeing the cfile later (bsc#1193629).
- cifs: print all credit counters in DebugData (bsc#1193629).
- cifs: print client_guid in DebugData (bsc#1193629).
- cifs: print more detail when invalidate_inode_mapping fails (bsc#1193629).
- cifs: print nosharesock value while dumping mount options (bsc#1193629).
- clk: qcom: camcc-sc7180: Add parent dependency to all camera GDSCs (git-fixes).
- clk: qcom: gcc-ipq6018: Use floor ops for sdcc clocks (git-fixes).
- codel: fix kernel-doc notation warnings (git-fixes).
- crypto: kpp - Add helper to set reqsize (git-fixes).
- crypto: qat - Use helper to set reqsize (git-fixes).
- devlink: fix kernel-doc notation warnings (git-fixes).
- docs: networking: Update codeaurora references for rmnet (git-fixes).
- drm/amd/display: Correct `DMUB_FW_VERSION` macro (git-fixes).
- drm/amdgpu: Set vmbo destroy after pt bo is created (git-fixes).
- drm/amdgpu: Validate VM ioctl flags (git-fixes).
- drm/amdgpu: avoid restore process run into dead loop (git-fixes).
- drm/amdgpu: fix clearing mappings for BOs that are always valid in VM (git-fixes).
- drm/atomic: Allow vblank-enabled + self-refresh 'disable' (git-fixes).
- drm/atomic: Fix potential use-after-free in nonblocking commits (git-fixes).
- drm/bridge: tc358768: Add atomic_get_input_bus_fmts() implementation (git-fixes).
- drm/bridge: tc358768: fix TCLK_TRAILCNT computation (git-fixes).
- drm/bridge: tc358768: fix THS_TRAILCNT computation (git-fixes).
- drm/bridge: tc358768: fix THS_ZEROCNT computation (git-fixes).
- drm/client: Fix memory leak in drm_client_target_cloned (git-fixes).
- drm/i915/psr: Use hw.adjusted mode when calculating io/fast wake times (git-fixes).
- drm/i915: Fix one wrong caching mode enum usage (git-fixes).
- drm/msm/disp/dpu: get timing engine status from intf status register (git-fixes).
- drm/msm/dpu: Set DPU_DATA_HCTL_EN for in INTF_SC7180_MASK (git-fixes).
- drm/panel: simple: Add Powertip PH800480T013 drm_display_mode flags (git-fixes).
- drm/panel: simple: Add connector_type for innolux_at043tn24 (git-fixes).
- drm/ttm: Do not leak a resource on swapout move error (git-fixes).
- dt-bindings: phy: brcm,brcmstb-usb-phy: Fix error in 'compatible' conditional schema (git-fixes).
- ext4: Fix reusing stale buffer heads from last failed mounting (bsc#1213020).
- ext4: add EA_INODE checking to ext4_iget() (bsc#1213106).
- ext4: add ext4_sb_block_valid() refactored out of ext4_inode_block_valid() (bsc#1213088).
- ext4: add lockdep annotations for i_data_sem for ea_inode's (bsc#1213109).
- ext4: add strict range checks while freeing blocks (bsc#1213089).
- ext4: avoid deadlock in fs reclaim with page writeback (bsc#1213016).
- ext4: bail out of ext4_xattr_ibody_get() fails for any reason (bsc#1213018).
- ext4: block range must be validated before use in ext4_mb_clear_bb() (bsc#1213090).
- ext4: check iomap type only if ext4_iomap_begin() does not fail (bsc#1213103).
- ext4: disallow ea_inodes with extended attributes (bsc#1213108).
- ext4: fail ext4_iget if special inode unallocated (bsc#1213010).
- ext4: fix WARNING in ext4_update_inline_data (bsc#1213012).
- ext4: fix WARNING in mb_find_extent (bsc#1213099).
- ext4: fix bug_on in __es_tree_search caused by bad quota inode (bsc#1213111).
- ext4: fix data races when using cached status extents (bsc#1213102).
- ext4: fix deadlock when converting an inline directory in nojournal mode (bsc#1213105).
- ext4: fix i_disksize exceeding i_size problem in paritally written case (bsc#1213015).
- ext4: fix lockdep warning when enabling MMP (bsc#1213100).
- ext4: fix task hung in ext4_xattr_delete_inode (bsc#1213096).
- ext4: fix to check return value of freeze_bdev() in ext4_shutdown() (bsc#1213021).
- ext4: fix use-after-free read in ext4_find_extent for bigalloc + inline (bsc#1213098).
- ext4: improve error handling from ext4_dirhash() (bsc#1213104).
- ext4: improve error recovery code paths in __ext4_remount() (bsc#1213017).
- ext4: move where set the MAY_INLINE_DATA flag is set (bsc#1213011).
- ext4: only update i_reserved_data_blocks on successful block allocation (bsc#1213019).
- ext4: refactor ext4_free_blocks() to pull out ext4_mb_clear_bb() (bsc#1213087).
- ext4: refuse to create ea block when umounted (bsc#1213093).
- ext4: set lockdep subclass for the ea_inode in ext4_xattr_inode_cache_find() (bsc#1213107).
- ext4: turn quotas off if mount failed after enabling quotas (bsc#1213110).
- ext4: update s_journal_inum if it changes after journal replay (bsc#1213094).
- ext4: use ext4_fc_tl_mem in fast-commit replay path (bsc#1213092).
- ext4: zero i_disksize when initializing the bootloader inode (bsc#1213013).
- fbdev: au1200fb: Fix missing IRQ check in au1200fb_drv_probe (git-fixes).
- fbdev: imxfb: warn about invalid left/right margin (git-fixes).
- fuse: ioctl: translate ENOSYS in outarg (bsc#1213524).
- fuse: revalidate: do not invalidate if interrupted (bsc#1213523).
- hvcs: Fix hvcs port reference counting (bsc#1213134 ltc#202861).
- hvcs: Get reference to tty in remove (bsc#1213134 ltc#202861).
- hvcs: Synchronize hotplug remove with port free (bsc#1213134 ltc#202861).
- hvcs: Use dev_groups to manage hvcs device attributes (bsc#1213134 ltc#202861).
- hvcs: Use driver groups to manage driver attributes (bsc#1213134 ltc#202861).
- hvcs: Use vhangup in hotplug remove (bsc#1213134 ltc#202861).
- hwmon: (adm1275) Allow setting sample averaging (git-fixes).
- hwmon: (pmbus/adm1275) Fix problems with temperature monitoring on ADM1272 (git-fixes).
- i2c: xiic: Defer xiic_wakeup() and __xiic_start_xfer() in xiic_process() (git-fixes).
- i2c: xiic: Do not try to handle more interrupt events after error (git-fixes).
- inotify: Avoid reporting event with invalid wd (bsc#1213025).
- jbd2: fix data missing when reusing bh which is ready to be checkpointed (bsc#1213095).
- jdb2: Do not refuse invalidation of already invalidated buffers (bsc#1213014).
- kABI: do not check external trampolines for signature (kabi bsc#1207894 bsc#1211243).
- kabi/severities: Add VAS symbols changed due to recent fix VAS accelerators are directly tied to the architecture, there is no reason to have out-of-tree production drivers
- kselftest: vDSO: Fix accumulation of uninitialized ret when CLOCK_REALTIME is undefined (git-fixes).
- leds: trigger: netdev: Recheck NETDEV_LED_MODE_LINKUP on dev rename (git-fixes).
- media: atomisp: gmin_platform: fix out_len in gmin_get_config_dsm_var() (git-fixes).
- media: cec: i2c: ch7322: also select REGMAP (git-fixes).
- media: i2c: Correct format propagation for st-mipid02 (git-fixes).
- media: usb: Check az6007_read() return value (git-fixes).
- media: usb: siano: Fix warning due to null work_func_t function pointer (git-fixes).
- media: venus: helpers: Fix ALIGN() of non power of two (git-fixes).
- media: videodev2.h: Fix struct v4l2_input tuner index comment (git-fixes).
- memcg: drop kmem.limit_in_bytes (bsc#1208788, bsc#1212905).
- mmc: core: disable TRIM on Kingston EMMC04G-M627 (git-fixes).
- mmc: sdhci: fix DMA configure compatibility issue when 64bit DMA mode is used (git-fixes).
- net: mana: Add support for vlan tagging (bsc#1212301).
- net: phy: prevent stale pointer dereference in phy_init() (git-fixes).
- ntb: amd: Fix error handling in amd_ntb_pci_driver_init() (git-fixes).
- ntb: idt: Fix error handling in idt_pci_driver_init() (git-fixes).
- ntb: intel: Fix error handling in intel_ntb_pci_driver_init() (git-fixes).
- ntb: ntb_tool: Add check for devm_kcalloc (git-fixes).
- ntb: ntb_transport: fix possible memory leak while device_register() fails (git-fixes).
- nvme-multipath: support io stats on the mpath device (bsc#1210565).
- nvme: introduce nvme_start_request (bsc#1210565).
- ocfs2: Switch to security_inode_init_security() (git-fixes).
- ocfs2: check new file size on fallocate call (git-fixes).
- ocfs2: fix use-after-free when unmounting read-only filesystem (git-fixes).
- opp: Fix use-after-free in lazy_opp_tables after probe deferral (git-fixes).
- phy: Revert 'phy: Remove SOC_EXYNOS4212 dep. from PHY_EXYNOS4X12_USB' (git-fixes).
- phy: tegra: xusb: Clear the driver reference in usb-phy dev (git-fixes).
- phy: tegra: xusb: check return value of devm_kzalloc() (git-fixes).
- pie: fix kernel-doc notation warning (git-fixes).
- pinctrl: amd: Detect internal GPIO0 debounce handling (git-fixes).
- pinctrl: amd: Fix mistake in handling clearing pins at startup (git-fixes).
- pinctrl: amd: Only use special debounce behavior for GPIO 0 (git-fixes).
- powerpc/64: Only WARN if __pa()/__va() called with bad addresses (bsc#1194869).
- powerpc/64s: Fix VAS mm use after free (bsc#1194869).
- powerpc/book3s64/mm: Fix DirectMap stats in /proc/meminfo (bsc#1194869).
- powerpc/bpf: Fix use of user_pt_regs in uapi (bsc#1194869).
- powerpc/ftrace: Remove ftrace init tramp once kernel init is complete (bsc#1194869).
- powerpc/interrupt: Do not read MSR from interrupt_exit_kernel_prepare() (bsc#1194869).
- powerpc/mm/dax: Fix the condition when checking if altmap vmemap can cross-boundary (bsc#1150305 ltc#176097 git-fixes).
- powerpc/mm: Switch obsolete dssall to .long (bsc#1194869).
- powerpc/powernv/sriov: perform null check on iov before dereferencing iov (bsc#1194869).
- powerpc/powernv/vas: Assign real address to rx_fifo in vas_rx_win_attr (bsc#1194869).
- powerpc/prom_init: Fix kernel config grep (bsc#1194869).
- powerpc/secvar: fix refcount leak in format_show() (bsc#1194869).
- powerpc/xics: fix refcount leak in icp_opal_init() (bsc#1194869).
- powerpc: clean vdso32 and vdso64 directories (bsc#1194869).
- powerpc: define get_cycles macro for arch-override (bsc#1194869).
- powerpc: update ppc_save_regs to save current r1 in pt_regs (bsc#1194869).
- pwm: ab8500: Fix error code in probe() (git-fixes).
- pwm: imx-tpm: force 'real_period' to be zero in suspend (git-fixes).
- pwm: sysfs: Do not apply state to already disabled PWMs (git-fixes).
- rpm/check-for-config-changes: ignore also RISCV_ISA_* and DYNAMIC_SIGFRAME They depend on CONFIG_TOOLCHAIN_HAS_*.
- rsi: remove kernel-doc comment marker (git-fixes).
- s390/ap: fix status returned by ap_aqic() (git-fixes bsc#1213259).
- s390/ap: fix status returned by ap_qact() (git-fixes bsc#1213258).
- s390/debug: add _ASM_S390_ prefix to header guard (git-fixes bsc#1213263).
- s390/percpu: add READ_ONCE() to arch_this_cpu_to_op_simple() (git-fixes bsc#1213252).
- s390: define RUNTIME_DISCARD_EXIT to fix link error with GNU ld < 2.36 (git-fixes bsc#1213264).
- s390: discard .interp section (git-fixes bsc#1213247).
- sched/debug: fix dentry leak in update_sched_domain_debugfs (git-fixes)
- sched: Fix DEBUG && !SCHEDSTATS warn (git-fixes)
- security: keys: Modify mismatched function name (git-fixes).
- selftests: mptcp: depend on SYN_COOKIES (git-fixes).
- selftests: mptcp: sockopt: return error if wrong mark (git-fixes).
- selftests: rtnetlink: remove netdevsim device after ipsec offload test (git-fixes).
- selftests: tc: add 'ct' action kconfig dep (git-fixes).
- selftests: tc: add ConnTrack procfs kconfig (git-fixes).
- selftests: tc: set timeout to 15 minutes (git-fixes).
- signal/powerpc: On swapcontext failure force SIGSEGV (bsc#1194869).
- signal: Replace force_sigsegv(SIGSEGV) with force_fatal_sig(SIGSEGV) (bsc#1194869).
- smb3: do not reserve too many oplock credits (bsc#1193629).
- smb3: missing null check in SMB2_change_notify (bsc#1193629).
- smb: client: fix broken file attrs with nodfs mounts (bsc#1193629).
- smb: client: fix missed ses refcounting (git-fixes).
- smb: client: fix parsing of source mount option (bsc#1193629).
- smb: client: fix shared DFS root mounts with different prefixes (bsc#1193629).
- smb: client: fix warning in CIFSFindFirst() (bsc#1193629).
- smb: client: fix warning in CIFSFindNext() (bsc#1193629).
- smb: client: fix warning in cifs_match_super() (bsc#1193629).
- smb: client: fix warning in cifs_smb3_do_mount() (bsc#1193629).
- smb: client: fix warning in generic_ip_connect() (bsc#1193629).
- smb: client: improve DFS mount check (bsc#1193629).
- smb: client: remove redundant pointer 'server' (bsc#1193629).
- smb: delete an unnecessary statement (bsc#1193629).
- smb: move client and server files to common directory fs/smb (bsc#1193629).
- smb: remove obsolete comment (bsc#1193629).
- soundwire: qcom: fix storing port config out-of-bounds (git-fixes).
- spi: bcm-qspi: return error if neither hif_mspi nor mspi is available (git-fixes).
- spi: bcm63xx: fix max prepend length (git-fixes).
- tpm: tpm_vtpm_proxy: fix a race condition in /dev/vtpmx creation (git-fixes).
- tty: serial: fsl_lpuart: add earlycon for imx8ulp platform (git-fixes).
- ubi: Fix failure attaching when vid_hdr offset equals to (sub)page size (bsc#1210584).
- ubi: ensure that VID header offset + VID header size <= alloc, size (bsc#1210584).
- udf: Avoid double brelse() in udf_rename() (bsc#1213032).
- udf: Define EFSCORRUPTED error code (bsc#1213038).
- udf: Detect system inodes linked into directory hierarchy (bsc#1213114).
- udf: Discard preallocation before extending file with a hole (bsc#1213036).
- udf: Do not bother looking for prealloc extents if i_lenExtents matches i_size (bsc#1213035).
- udf: Do not bother merging very long extents (bsc#1213040).
- udf: Do not update file length for failed writes to inline files (bsc#1213041).
- udf: Fix error handling in udf_new_inode() (bsc#1213112).
- udf: Fix extending file within last block (bsc#1213037).
- udf: Fix preallocation discarding at indirect extent boundary (bsc#1213034).
- udf: Preserve link count of system files (bsc#1213113).
- udf: Truncate added extents on failed expansion (bsc#1213039).
- wifi: airo: avoid uninitialized warning in airo_get_rate() (git-fixes).
- wifi: ray_cs: Drop useless status variable in parse_addr() (git-fixes).
- wifi: ray_cs: Utilize strnlen() in parse_addr() (git-fixes).
- wifi: rtw89: debug: fix error code in rtw89_debug_priv_send_h2c_set() (git-fixes).
- wl3501_cs: use eth_hw_addr_set() (git-fixes).
- writeback: fix call of incorrect macro (bsc#1213024).
- x86: Fix .brk attribute in linker script (git-fixes).
- xfs: AIL needs asynchronous CIL forcing (bsc#1211811).
- xfs: CIL work is serialised, not pipelined (bsc#1211811).
- xfs: XLOG_STATE_IOERROR must die (bsc#1211811).
- xfs: async CIL flushes need pending pushes to be made stable (bsc#1211811).
- xfs: attach iclog callbacks in xlog_cil_set_ctx_write_state() (bsc#1211811).
- xfs: clean up the rtbitmap fsmap backend (git-fixes).
- xfs: do not deplete the reserve pool when trying to shrink the fs (git-fixes).
- xfs: do not reverse order of items in bulk AIL insertion (git-fixes).
- xfs: do not run shutdown callbacks on active iclogs (bsc#1211811).
- xfs: drop async cache flushes from CIL commits (bsc#1211811).
- xfs: factor out log write ordering from xlog_cil_push_work() (bsc#1211811).
- xfs: fix getfsmap reporting past the last rt extent (git-fixes).
- xfs: fix integer overflows in the fsmap rtbitmap and logdev backends (git-fixes).
- xfs: fix interval filtering in multi-step fsmap queries (git-fixes).
- xfs: fix logdev fsmap query result filtering (git-fixes).
- xfs: fix off-by-one error when the last rt extent is in use (git-fixes).
- xfs: fix uninitialized variable access (git-fixes).
- xfs: make fsmap backend function key parameters const (git-fixes).
- xfs: make the record pointer passed to query_range functions const (git-fixes).
- xfs: move the CIL workqueue to the CIL (bsc#1211811).
- xfs: move xlog_commit_record to xfs_log_cil.c (bsc#1211811).
- xfs: order CIL checkpoint start records (bsc#1211811).
- xfs: pass a CIL context to xlog_write() (bsc#1211811).
- xfs: pass explicit mount pointer to rtalloc query functions (git-fixes).
- xfs: rework xlog_state_do_callback() (bsc#1211811).
- xfs: run callbacks before waking waiters in xlog_state_shutdown_callbacks (bsc#1211811).
- xfs: separate out log shutdown callback processing (bsc#1211811).
- xfs: wait iclog complete before tearing down AIL (bsc#1211811).
- xhci: Fix TRB prefetch issue of ZHAOXIN hosts (git-fixes).
- xhci: Fix resume issue of some ZHAOXIN hosts (git-fixes).
- xhci: Show ZHAOXIN xHCI root hub speed correctly (git-fixes).
ImportantSUSE bug 1150305SUSE bug 1193629SUSE bug 1194869SUSE bug 1207894SUSE bug 1208788SUSE bug 1210565SUSE bug 1210584SUSE bug 1210853SUSE bug 1211243SUSE bug 1211811SUSE bug 1211867SUSE bug 1212301SUSE bug 1212846SUSE bug 1212905SUSE bug 1213010SUSE bug 1213011SUSE bug 1213012SUSE bug 1213013SUSE bug 1213014SUSE bug 1213015SUSE bug 1213016SUSE bug 1213017SUSE bug 1213018SUSE bug 1213019SUSE bug 1213020SUSE bug 1213021SUSE bug 1213024SUSE bug 1213025SUSE bug 1213032SUSE bug 1213034SUSE bug 1213035SUSE bug 1213036SUSE bug 1213037SUSE bug 1213038SUSE bug 1213039SUSE bug 1213040SUSE bug 1213041SUSE bug 1213059SUSE bug 1213061SUSE bug 1213087SUSE bug 1213088SUSE bug 1213089SUSE bug 1213090SUSE bug 1213092SUSE bug 1213093SUSE bug 1213094SUSE bug 1213095SUSE bug 1213096SUSE bug 1213098SUSE bug 1213099SUSE bug 1213100SUSE bug 1213102SUSE bug 1213103SUSE bug 1213104SUSE bug 1213105SUSE bug 1213106SUSE bug 1213107SUSE bug 1213108SUSE bug 1213109SUSE bug 1213110SUSE bug 1213111SUSE bug 1213112SUSE bug 1213113SUSE bug 1213114SUSE bug 1213134SUSE bug 1213245SUSE bug 1213247SUSE bug 1213252SUSE bug 1213258SUSE bug 1213259SUSE bug 1213263SUSE bug 1213264SUSE bug 1213286SUSE bug 1213523SUSE bug 1213524SUSE bug 1213543SUSE bug 1213705CVE-2023-20593 at SUSECVE-2023-20593 at NVDCVE-2023-2985 at SUSECVE-2023-2985 at NVDCVE-2023-3117 at SUSECVE-2023-3117 at NVDCVE-2023-31248 at SUSECVE-2023-31248 at NVDCVE-2023-3390 at SUSECVE-2023-3390 at NVDCVE-2023-35001 at SUSECVE-2023-35001 at NVDCVE-2023-3812 at SUSECVE-2023-3812 at NVDcpe:/o:suse:sle-micro:5.4Security update for gstreamer-plugins-base (Important)SUSE Linux Enterprise Micro 5.4
This update for gstreamer-plugins-base fixes the following issues:
- CVE-2023-37327: Fixed GStreamer FLAC File Parsing Integer Overflow (bsc#1213128).
- CVE-2023-37328: Fixed Heap-based Buffer Overflow in GStreamer PGS (bsc#1213131).
ImportantSUSE bug 1213128SUSE bug 1213131CVE-2023-37327 at SUSECVE-2023-37327 at NVDCVE-2023-37328 at SUSECVE-2023-37328 at NVDcpe:/o:suse:sle-micro:5.4Security update for qemu (Important)SUSE Linux Enterprise Micro 5.4
This update for qemu fixes the following issues:
- CVE-2023-2861: Fixed improper access control on special files in 9pfs (bsc#1212968).
- CVE-2023-3301: Fixed NULL pointer dereference in vhost_vdpa_get_vhost_net() (bsc#1213414).
- CVE-2023-3255: Fixed infinite loop in inflate_buffer() leads to denial of service (bsc#1213001).
ImportantSUSE bug 1212968SUSE bug 1213001SUSE bug 1213414CVE-2023-2861 at SUSECVE-2023-2861 at NVDCVE-2023-3255 at SUSECVE-2023-3255 at NVDCVE-2023-3301 at SUSECVE-2023-3301 at NVDcpe:/o:suse:sle-micro:5.4Security update for bluez (Moderate)SUSE Linux Enterprise Micro 5.4
This update for bluez fixes the following issues:
- CVE-2021-41229: Fix leaking buffers stored in cstates cache. (bsc#1192760)
ModerateSUSE bug 1192760CVE-2021-41229 at SUSECVE-2021-41229 at NVDcpe:/o:suse:sle-micro:5.4Security update for openssl-3 (Moderate)SUSE Linux Enterprise Micro 5.4
This update for openssl-3 fixes the following issues:
- CVE-2023-3817: Fixed a potential DoS due to excessive time spent checking DH q parameter value. (bsc#1213853)
ModerateSUSE bug 1213853CVE-2023-3817 at SUSECVE-2023-3817 at NVDcpe:/o:suse:sle-micro:5.4Security update for libyajl (Moderate)SUSE Linux Enterprise Micro 5.4
This update for libyajl fixes the following issues:
- CVE-2023-33460: Fixed memory leak which could cause out-of-memory in server (bsc#1212928).
ModerateSUSE bug 1212928CVE-2023-33460 at SUSECVE-2023-33460 at NVDcpe:/o:suse:sle-micro:5.4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.4
The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2022-40982: Fixed transient execution attack called 'Gather Data Sampling' (bsc#1206418).
- CVE-2023-0459: Fixed information leak in __uaccess_begin_nospec (bsc#1211738).
- CVE-2023-20569: Fixed side channel attack ‘Inception’ or ‘RAS Poisoning’ (bsc#1213287).
- CVE-2023-21400: Fixed several memory corruptions due to improper locking in io_uring (bsc#1213272).
- CVE-2023-2156: Fixed a flaw in the networking subsystem within the handling of the RPL protocol (bsc#1211131).
- CVE-2023-2166: Fixed NULL pointer dereference in can_rcv_filter (bsc#1210627).
- CVE-2023-31083: Fixed race condition in hci_uart_tty_ioctl (bsc#1210780).
- CVE-2023-3268: Fixed an out of bounds memory access flaw in relay_file_read_start_pos in the relayfs (bsc#1212502).
- CVE-2023-3567: Fixed a use-after-free in vcs_read in drivers/tty/vt/vc_screen.c (bsc#1213167).
- CVE-2023-3609: Fixed reference counter leak leading to overflow in net/sched (bsc#1213586).
- CVE-2023-3611: Fixed an out-of-bounds write in net/sched sch_qfq(bsc#1213585).
- CVE-2023-3776: Fixed improper refcount update in cls_fw leads to use-after-free (bsc#1213588).
- CVE-2023-4004: Fixed improper element removal netfilter nft_set_pipapo (bsc#1213812).
The following non-security bugs were fixed:
- afs: Fix access after dec in put functions (git-fixes).
- afs: Fix afs_getattr() to refetch file status if callback break occurred (git-fixes).
- afs: Fix dynamic root getattr (git-fixes).
- afs: Fix fileserver probe RTT handling (git-fixes).
- afs: Fix infinite loop found by xfstest generic/676 (git-fixes).
- afs: Fix lost servers_outstanding count (git-fixes).
- afs: Fix server->active leak in afs_put_server (git-fixes).
- afs: Fix setting of mtime when creating a file/dir/symlink (git-fixes).
- afs: Fix updating of i_size with dv jump from server (git-fixes).
- afs: Fix vlserver probe RTT handling (git-fixes).
- afs: Return -EAGAIN, not -EREMOTEIO, when a file already locked (git-fixes).
- afs: Use refcount_t rather than atomic_t (git-fixes).
- afs: Use the operation issue time instead of the reply time for callbacks (git-fixes).
- afs: adjust ack interpretation to try and cope with nat (git-fixes).
- alsa: emu10k1: roll up loops in dsp setup code for audigy (git-fixes).
- alsa: hda/realtek: support asus g713pv laptop (git-fixes).
- alsa: hda/relatek: enable mute led on hp 250 g8 (git-fixes).
- alsa: usb-audio: add quirk for microsoft modern wireless headset (bsc#1207129).
- alsa: usb-audio: update for native dsd support quirks (git-fixes).
- asoc: atmel: fix the 8k sample parameter in i2sc master (git-fixes).
- asoc: codecs: es8316: fix dmic config (git-fixes).
- asoc: da7219: check for failure reading aad irq events (git-fixes).
- asoc: da7219: flush pending aad irq when suspending (git-fixes).
- asoc: fsl_sai: disable bit clock with transmitter (git-fixes).
- asoc: fsl_spdif: silence output on stop (git-fixes).
- asoc: rt5682-sdw: fix for jd event handling in clockstop mode0 (git-fixes).
- asoc: rt711-sdca: fix for jd event handling in clockstop mode0 (git-fixes).
- asoc: rt711: fix for jd event handling in clockstop mode0 (git-fixes).
- asoc: wm8904: fill the cache for wm8904_adc_test_0 register (git-fixes).
- ata: pata_ns87415: mark ns87560_tf_read static (git-fixes).
- block, bfq: Fix division by zero error on zero wsum (bsc#1213653).
- block: Fix a source code comment in include/uapi/linux/blkzoned.h (git-fixes).
- can: gs_usb: gs_can_close(): add missing set of CAN state to CAN_STATE_STOPPED (git-fixes).
- ceph: do not let check_caps skip sending responses for revoke msgs (bsc#1213856).
- coda: Avoid partial allocation of sig_inputArgs (git-fixes).
- dlm: fix missing lkb refcount handling (git-fixes).
- dlm: fix plock invalid read (git-fixes).
- documentation: devices.txt: reconcile serial/ucc_uart minor numers (git-fixes).
- drm/amd/display: Disable MPC split by default on special asic (git-fixes).
- drm/amd/display: Keep PHY active for DP displays on DCN31 (git-fixes).
- drm/client: Fix memory leak in drm_client_modeset_probe (git-fixes).
- drm/msm/adreno: Fix snapshot BINDLESS_DATA size (git-fixes).
- drm/msm/dpu: drop enum dpu_core_perf_data_bus_id (git-fixes).
- drm/msm: Fix IS_ERR_OR_NULL() vs NULL check in a5xx_submit_in_rb() (git-fixes).
- drm/radeon: Fix integer overflow in radeon_cs_parser_init (git-fixes).
- file: always lock position for FMODE_ATOMIC_POS (bsc#1213759).
- fs: dlm: add midcomms init/start functions (git-fixes).
- fs: dlm: do not set stop rx flag after node reset (git-fixes).
- fs: dlm: filter user dlm messages for kernel locks (git-fixes).
- fs: dlm: fix log of lowcomms vs midcomms (git-fixes).
- fs: dlm: fix race between test_bit() and queue_work() (git-fixes).
- fs: dlm: fix race in lowcomms (git-fixes).
- fs: dlm: handle -EBUSY first in lock arg validation (git-fixes).
- fs: dlm: move sending fin message into state change handling (git-fixes).
- fs: dlm: retry accept() until -EAGAIN or error returns (git-fixes).
- fs: dlm: return positive pid value for F_GETLK (git-fixes).
- fs: dlm: start midcomms before scand (git-fixes).
- fs: hfsplus: remove WARN_ON() from hfsplus_cat_{read,write}_inode() (git-fixes).
- fs: jfs: Fix UBSAN: array-index-out-of-bounds in dbAllocDmapLev (git-fixes).
- fs: jfs: check for read-only mounted filesystem in txbegin (git-fixes).
- fs: jfs: fix null-ptr-deref read in txbegin (git-fixes).
- gve: Set default duplex configuration to full (git-fixes).
- gve: unify driver name usage (git-fixes).
- hwmon: (k10temp) Enable AMD3255 Proc to show negative temperature (git-fixes).
- hwmon: (nct7802) Fix for temp6 (PECI1) processed even if PECI1 disabled (git-fixes).
- iavf: Fix out-of-bounds when setting channels on remove (git-fixes).
- iavf: Fix use-after-free in free_netdev (git-fixes).
- iavf: use internal state to free traffic IRQs (git-fixes).
- igc: Check if hardware TX timestamping is enabled earlier (git-fixes).
- igc: Enable and fix RX hash usage by netstack (git-fixes).
- igc: Fix Kernel Panic during ndo_tx_timeout callback (git-fixes).
- igc: Fix inserting of empty frame for launchtime (git-fixes).
- igc: Fix launchtime before start of cycle (git-fixes).
- igc: Fix race condition in PTP tx code (git-fixes).
- igc: Handle PPS start time programming for past time values (git-fixes).
- igc: Prevent garbled TX queue with XDP ZEROCOPY (git-fixes).
- igc: Remove delay during TX ring configuration (git-fixes).
- igc: Work around HW bug causing missing timestamps (git-fixes).
- igc: set TP bit in 'supported' and 'advertising' fields of ethtool_link_ksettings (git-fixes).
- input: i8042 - add clevo pcx0dx to i8042 quirk table (git-fixes).
- input: iqs269a - do not poll during ati (git-fixes).
- input: iqs269a - do not poll during suspend or resume (git-fixes).
- jffs2: GC deadlock reading a page that is used in jffs2_write_begin() (git-fixes).
- jffs2: fix memory leak in jffs2_do_fill_super (git-fixes).
- jffs2: fix memory leak in jffs2_do_mount_fs (git-fixes).
- jffs2: fix memory leak in jffs2_scan_medium (git-fixes).
- jffs2: fix use-after-free in jffs2_clear_xattr_subsystem (git-fixes).
- jffs2: reduce stack usage in jffs2_build_xattr_subsystem() (git-fixes).
- jfs: jfs_dmap: Validate db_l2nbperpage while mounting (git-fixes).
- kvm: arm64: do not read a hw interrupt pending state in user context (git-fixes)
- kvm: arm64: warn if accessing timer pending state outside of vcpu (bsc#1213620)
- kvm: do not null dereference ops->destroy (git-fixes)
- kvm: downgrade two bug_ons to warn_on_once (git-fixes)
- kvm: initialize debugfs_dentry when a vm is created to avoid null (git-fixes)
- kvm: s390: pv: fix index value of replaced asce (git-fixes bsc#1213867).
- kvm: vmx: inject #gp on encls if vcpu has paging disabled (cr0.pg==0) (git-fixes).
- kvm: vmx: inject #gp, not #ud, if sgx2 encls leafs are unsupported (git-fixes).
- kvm: vmx: restore vmx_vmexit alignment (git-fixes).
- kvm: x86: account fastpath-only vm-exits in vcpu stats (git-fixes).
- libceph: harden msgr2.1 frame segment length checks (bsc#1213857).
- media: staging: atomisp: select V4L2_FWNODE (git-fixes).
- net/sched: sch_qfq: refactor parsing of netlink parameters (bsc#1213585).
- net/sched: sch_qfq: reintroduce lmax bound check for MTU (bsc#1213585).
- net: ena: fix shift-out-of-bounds in exponential backoff (git-fixes).
- net: mana: Batch ringing RX queue doorbell on receiving packets (bsc#1212901).
- net: mana: Use the correct WQE count for ringing RQ doorbell (bsc#1212901).
- net: phy: marvell10g: fix 88x3310 power up (git-fixes).
- nfsd: add encoding of op_recall flag for write delegation (git-fixes).
- nfsd: fix double fget() bug in __write_ports_addfd() (git-fixes).
- nfsd: fix sparse warning (git-fixes).
- nfsd: remove open coding of string copy (git-fixes).
- nfsv4.1: always send a reclaim_complete after establishing lease (git-fixes).
- nfsv4.1: freeze the session table upon receiving nfs4err_badsession (git-fixes).
- nvme-pci: fix DMA direction of unmapping integrity data (git-fixes).
- nvme-pci: remove nvme_queue from nvme_iod (git-fixes).
- octeontx-af: fix hardware timestamp configuration (git-fixes).
- octeontx2-af: Move validation of ptp pointer before its usage (git-fixes).
- octeontx2-pf: Add additional check for MCAM rules (git-fixes).
- phy: hisilicon: Fix an out of bounds check in hisi_inno_phy_probe() (git-fixes).
- pinctrl: amd: Do not show `Invalid config param` errors (git-fixes).
- pinctrl: amd: Use amd_pinconf_set() for all config options (git-fixes).
- platform/x86: msi-laptop: Fix rfkill out-of-sync on MSI Wind U100 (git-fixes).
- rdma/bnxt_re: fix hang during driver unload (git-fixes)
- rdma/bnxt_re: prevent handling any completions after qp destroy (git-fixes)
- rdma/core: update cma destination address on rdma_resolve_addr (git-fixes)
- rdma/irdma: add missing read barriers (git-fixes)
- rdma/irdma: fix data race on cqp completion stats (git-fixes)
- rdma/irdma: fix data race on cqp request done (git-fixes)
- rdma/irdma: fix op_type reporting in cqes (git-fixes)
- rdma/irdma: report correct wc error (git-fixes)
- rdma/mlx4: make check for invalid flags stricter (git-fixes)
- rdma/mthca: fix crash when polling cq for shared qps (git-fixes)
- regmap: Account for register length in SMBus I/O limits (git-fixes).
- regmap: Drop initial version of maximum transfer length fixes (git-fixes).
- revert 'debugfs, coccinelle: check for obsolete define_simple_attribute() usage' (git-fixes).
- revert 'nfsv4: retry lock on old_stateid during delegation return' (git-fixes).
- revert 'usb: dwc3: core: enable autoretry feature in the controller' (git-fixes).
- revert 'usb: gadget: tegra-xudc: fix error check in tegra_xudc_powerdomain_init()' (git-fixes).
- revert 'usb: xhci: tegra: fix error check' (git-fixes).
- revert 'xhci: add quirk for host controllers that do not update endpoint dcs' (git-fixes).
- rxrpc, afs: Fix selection of abort codes (git-fixes).
- s390/bpf: Add expoline to tail calls (git-fixes bsc#1213870).
- s390/dasd: fix hanging device after quiesce/resume (git-fixes bsc#1213810).
- s390/decompressor: specify __decompress() buf len to avoid overflow (git-fixes bsc#1213863).
- s390/ipl: add missing intersection check to ipl_report handling (git-fixes bsc#1213871).
- s390/qeth: Fix vipa deletion (git-fixes bsc#1213713).
- s390/vmem: fix empty page tables cleanup under KASAN (git-fixes bsc#1213715).
- s390: introduce nospec_uses_trampoline() (git-fixes bsc#1213870).
- scftorture: Count reschedule IPIs (git-fixes).
- scsi: lpfc: Abort outstanding ELS cmds when mailbox timeout error is detected (bsc#1213756).
- scsi: lpfc: Avoid -Wstringop-overflow warning (bsc#1213756).
- scsi: lpfc: Clean up SLI-4 sysfs resource reporting (bsc#1213756).
- scsi: lpfc: Copyright updates for 14.2.0.14 patches (bsc#1213756).
- scsi: lpfc: Fix a possible data race in lpfc_unregister_fcf_rescan() (bsc#1213756).
- scsi: lpfc: Fix incorrect big endian type assignment in bsg loopback path (bsc#1213756).
- scsi: lpfc: Fix incorrect big endian type assignments in FDMI and VMID paths (bsc#1213756).
- scsi: lpfc: Fix lpfc_name struct packing (bsc#1213756).
- scsi: lpfc: Make fabric zone discovery more robust when handling unsolicited LOGO (bsc#1213756).
- scsi: lpfc: Pull out fw diagnostic dump log message from driver's trace buffer (bsc#1213756).
- scsi: lpfc: Qualify ndlp discovery state when processing RSCN (bsc#1213756).
- scsi: lpfc: Refactor cpu affinity assignment paths (bsc#1213756).
- scsi: lpfc: Remove extra ndlp kref decrement in FLOGI cmpl for loop topology (bsc#1213756).
- scsi: lpfc: Replace all non-returning strlcpy() with strscpy() (bsc#1213756).
- scsi: lpfc: Replace one-element array with flexible-array member (bsc#1213756).
- scsi: lpfc: Revise ndlp kref handling for dev_loss_tmo_callbk and lpfc_drop_node (bsc#1213756).
- scsi: lpfc: Set Establish Image Pair service parameter only for Target Functions (bsc#1213756).
- scsi: lpfc: Simplify fcp_abort transport callback log message (bsc#1213756).
- scsi: lpfc: Update lpfc version to 14.2.0.14 (bsc#1213756).
- scsi: lpfc: Use struct_size() helper (bsc#1213756).
- scsi: qla2xxx: Adjust IOCB resource on qpair create (bsc#1213747).
- scsi: qla2xxx: Array index may go out of bound (bsc#1213747).
- scsi: qla2xxx: Avoid fcport pointer dereference (bsc#1213747).
- scsi: qla2xxx: Check valid rport returned by fc_bsg_to_rport() (bsc#1213747).
- scsi: qla2xxx: Correct the index of array (bsc#1213747).
- scsi: qla2xxx: Drop useless LIST_HEAD (bsc#1213747).
- scsi: qla2xxx: Fix NULL pointer dereference in target mode (bsc#1213747).
- scsi: qla2xxx: Fix TMF leak through (bsc#1213747).
- scsi: qla2xxx: Fix buffer overrun (bsc#1213747).
- scsi: qla2xxx: Fix command flush during TMF (bsc#1213747).
- scsi: qla2xxx: Fix deletion race condition (bsc#1213747).
- scsi: qla2xxx: Fix end of loop test (bsc#1213747).
- scsi: qla2xxx: Fix erroneous link up failure (bsc#1213747).
- scsi: qla2xxx: Fix error code in qla2x00_start_sp() (bsc#1213747).
- scsi: qla2xxx: Fix potential NULL pointer dereference (bsc#1213747).
- scsi: qla2xxx: Fix session hang in gnl (bsc#1213747).
- scsi: qla2xxx: Limit TMF to 8 per function (bsc#1213747).
- scsi: qla2xxx: Pointer may be dereferenced (bsc#1213747).
- scsi: qla2xxx: Remove unused nvme_ls_waitq wait queue (bsc#1213747).
- scsi: qla2xxx: Replace one-element array with DECLARE_FLEX_ARRAY() helper (bsc#1213747).
- scsi: qla2xxx: Silence a static checker warning (bsc#1213747).
- scsi: qla2xxx: Turn off noisy message log (bsc#1213747).
- scsi: qla2xxx: Update version to 10.02.08.400-k (bsc#1213747).
- scsi: qla2xxx: Update version to 10.02.08.500-k (bsc#1213747).
- scsi: qla2xxx: Use vmalloc_array() and vcalloc() (bsc#1213747).
- scsi: qla2xxx: fix inconsistent TMF timeout (bsc#1213747).
- serial: qcom-geni: drop bogus runtime pm state update (git-fixes).
- serial: sifive: Fix sifive_serial_console_setup() section (git-fixes).
- soundwire: qcom: update status correctly with mask (git-fixes).
- staging: ks7010: potential buffer overflow in ks_wlan_set_encode_ext() (git-fixes).
- staging: r8712: Fix memory leak in _r8712_init_xmit_priv() (git-fixes).
- sunrpc: always free ctxt when freeing deferred request (git-fixes).
- sunrpc: double free xprt_ctxt while still in use (git-fixes).
- sunrpc: fix trace_svc_register() call site (git-fixes).
- sunrpc: fix uaf in svc_tcp_listen_data_ready() (git-fixes).
- sunrpc: remove dead code in svc_tcp_release_rqst() (git-fixes).
- sunrpc: remove the maximum number of retries in call_bind_status (git-fixes).
- svcrdma: Prevent page release when nothing was received (git-fixes).
- tpm_tis: Explicitly check for error code (git-fixes).
- tty: n_gsm: fix UAF in gsm_cleanup_mux (git-fixes).
- ubifs: Add missing iput if do_tmpfile() failed in rename whiteout (git-fixes).
- ubifs: Error path in ubifs_remount_rw() seems to wrongly free write buffers (git-fixes).
- ubifs: Fix 'ui->dirty' race between do_tmpfile() and writeback work (git-fixes).
- ubifs: Fix AA deadlock when setting xattr for encrypted file (git-fixes).
- ubifs: Fix build errors as symbol undefined (git-fixes).
- ubifs: Fix deadlock in concurrent rename whiteout and inode writeback (git-fixes).
- ubifs: Fix memory leak in alloc_wbufs() (git-fixes).
- ubifs: Fix memory leak in do_rename (git-fixes).
- ubifs: Fix read out-of-bounds in ubifs_wbuf_write_nolock() (git-fixes).
- ubifs: Fix to add refcount once page is set private (git-fixes).
- ubifs: Fix wrong dirty space budget for dirty inode (git-fixes).
- ubifs: Free memory for tmpfile name (git-fixes).
- ubifs: Rectify space amount budget for mkdir/tmpfile operations (git-fixes).
- ubifs: Rectify space budget for ubifs_symlink() if symlink is encrypted (git-fixes).
- ubifs: Rectify space budget for ubifs_xrename() (git-fixes).
- ubifs: Rename whiteout atomically (git-fixes).
- ubifs: Reserve one leb for each journal head while doing budget (git-fixes).
- ubifs: do_rename: Fix wrong space budget when target inode's nlink > 1 (git-fixes).
- ubifs: rename_whiteout: Fix double free for whiteout_ui->data (git-fixes).
- ubifs: rename_whiteout: correct old_dir size computing (git-fixes).
- ubifs: setflags: Make dirtied_ino_d 8 bytes aligned (git-fixes).
- ubifs: ubifs_writepage: Mark page dirty after writing inode failed (git-fixes).
- usb: dwc3: do not reset device side if dwc3 was configured as host-only (git-fixes).
- usb: dwc3: pci: skip BYT GPIO lookup table for hardwired phy (git-fixes).
- usb: gadget: core: remove unbalanced mutex_unlock in usb_gadget_activate (git-fixes).
- usb: xhci-mtk: set the dma max_seg_size (git-fixes).
- vhost: support PACKED when setting-getting vring_base (git-fixes).
- vhost_net: revert upend_idx only on retriable error (git-fixes).
- virtio-net: Maintain reverse cleanup order (git-fixes).
- virtio_net: Fix error unwinding of XDP initialization (git-fixes).
- x86/PVH: obtain VGA console info in Dom0 (git-fixes).
- xen/blkfront: Only check REQ_FUA for writes (git-fixes).
- xen/pvcalls-back: fix double frees with pvcalls_new_active_socket() (git-fixes).
ImportantSUSE bug 1206418SUSE bug 1207129SUSE bug 1210627SUSE bug 1210780SUSE bug 1211131SUSE bug 1211738SUSE bug 1212502SUSE bug 1212604SUSE bug 1212901SUSE bug 1213167SUSE bug 1213272SUSE bug 1213287SUSE bug 1213304SUSE bug 1213585SUSE bug 1213586SUSE bug 1213588SUSE bug 1213620SUSE bug 1213653SUSE bug 1213713SUSE bug 1213715SUSE bug 1213747SUSE bug 1213756SUSE bug 1213759SUSE bug 1213777SUSE bug 1213810SUSE bug 1213812SUSE bug 1213842SUSE bug 1213856SUSE bug 1213857SUSE bug 1213863SUSE bug 1213867SUSE bug 1213870SUSE bug 1213871CVE-2022-40982 at SUSECVE-2022-40982 at NVDCVE-2023-0459 at SUSECVE-2023-0459 at NVDCVE-2023-20569 at SUSECVE-2023-20569 at NVDCVE-2023-21400 at SUSECVE-2023-21400 at NVDCVE-2023-2156 at SUSECVE-2023-2156 at NVDCVE-2023-2166 at SUSECVE-2023-2166 at NVDCVE-2023-31083 at SUSECVE-2023-31083 at NVDCVE-2023-3268 at SUSECVE-2023-3268 at NVDCVE-2023-3567 at SUSECVE-2023-3567 at NVDCVE-2023-3609 at SUSECVE-2023-3609 at NVDCVE-2023-3611 at SUSECVE-2023-3611 at NVDCVE-2023-3776 at SUSECVE-2023-3776 at NVDCVE-2023-4004 at SUSECVE-2023-4004 at NVDcpe:/o:suse:sle-micro:5.4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.4
The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2022-40982: Fixed transient execution attack called 'Gather Data Sampling' (bsc#1206418).
- CVE-2023-0459: Fixed information leak in __uaccess_begin_nospec (bsc#1211738).
- CVE-2023-20569: Fixed side channel attack ‘Inception’ or ‘RAS Poisoning’ (bsc#1213287).
- CVE-2023-20593: Fixed a ZenBleed issue in 'Zen 2' CPUs that could allow an attacker to potentially access sensitive information (bsc#1213286).
- CVE-2023-21400: Fixed several memory corruptions due to improper locking in io_uring (bsc#1213272).
- CVE-2023-2156: Fixed a flaw in the networking subsystem within the handling of the RPL protocol (bsc#1211131).
- CVE-2023-2166: Fixed NULL pointer dereference in can_rcv_filter (bsc#1210627).
- CVE-2023-2985: Fixed an use-after-free vulnerability in hfsplus_put_super in fs/hfsplus/super.c that could allow a local user to cause a denial of service (bsc#1211867).
- CVE-2023-31083: Fixed race condition in hci_uart_tty_ioctl (bsc#1210780).
- CVE-2023-3117: Fixed an use-after-free vulnerability in the netfilter subsystem when processing named and anonymous sets in batch requests that could allow a local user with CAP_NET_ADMIN capability to crash or potentially escalate their privileges on the system (bsc#1213245).
- CVE-2023-31248: Fixed an use-after-free vulnerability in nft_chain_lookup_byid that could allow a local attacker to escalate their privilege (bsc#1213061).
- CVE-2023-3268: Fixed an out of bounds memory access flaw in relay_file_read_start_pos in the relayfs (bsc#1212502).
- CVE-2023-3390: Fixed an use-after-free vulnerability in the netfilter subsystem in net/netfilter/nf_tables_api.c that could allow a local attacker with user access to cause a privilege escalation issue (bsc#1212846).
- CVE-2023-35001: Fixed an out-of-bounds memory access flaw in nft_byteorder that could allow a local attacker to escalate their privilege (bsc#1213059).
- CVE-2023-3567: Fixed a use-after-free in vcs_read in drivers/tty/vt/vc_screen.c (bsc#1213167).
- CVE-2023-3609: Fixed reference counter leak leading to overflow in net/sched (bsc#1213586).
- CVE-2023-3611: Fixed an out-of-bounds write in net/sched sch_qfq(bsc#1213585).
- CVE-2023-3776: Fixed improper refcount update in cls_fw leads to use-after-free (bsc#1213588).
- CVE-2023-3812: Fixed an out-of-bounds memory access flaw in the TUN/TAP device driver functionality that could allow a local user to crash or potentially escalate their privileges on the system (bsc#1213543).
- CVE-2023-4004: Fixed improper element removal netfilter nft_set_pipapo (bsc#1213812).
The following non-security bugs were fixed:
- acpi: utils: fix acpi_evaluate_dsm_typed() redefinition error (git-fixes).
- add module_firmware() for firmware_tg357766 (git-fixes).
- afs: adjust ack interpretation to try and cope with nat (git-fixes).
- afs: fix access after dec in put functions (git-fixes).
- afs: fix afs_getattr() to refetch file status if callback break occurred (git-fixes).
- afs: fix dynamic root getattr (git-fixes).
- afs: fix fileserver probe rtt handling (git-fixes).
- afs: fix infinite loop found by xfstest generic/676 (git-fixes).
- afs: fix lost servers_outstanding count (git-fixes).
- afs: fix server->active leak in afs_put_server (git-fixes).
- afs: fix setting of mtime when creating a file/dir/symlink (git-fixes).
- afs: fix updating of i_size with dv jump from server (git-fixes).
- afs: fix vlserver probe rtt handling (git-fixes).
- afs: return -eagain, not -eremoteio, when a file already locked (git-fixes).
- afs: use refcount_t rather than atomic_t (git-fixes).
- afs: use the operation issue time instead of the reply time for callbacks (git-fixes).
- alsa: emu10k1: roll up loops in dsp setup code for audigy (git-fixes).
- alsa: fireface: make read-only const array for model names static (git-fixes).
- alsa: hda/realtek - remove 3k pull low procedure (git-fixes).
- alsa: hda/realtek: add quirk for asus rog g614jx (git-fixes).
- alsa: hda/realtek: add quirk for asus rog ga402x (git-fixes).
- alsa: hda/realtek: add quirk for asus rog gx650p (git-fixes).
- alsa: hda/realtek: add quirk for asus rog gz301v (git-fixes).
- alsa: hda/realtek: add quirk for clevo npx0snx (git-fixes).
- alsa: hda/realtek: add quirk for clevo ns70au (git-fixes).
- alsa: hda/realtek: add quirks for unis h3c desktop b760 & q760 (git-fixes).
- alsa: hda/realtek: add support for dell oasis 13/14/16 laptops (git-fixes).
- alsa: hda/realtek: amend g634 quirk to enable rear speakers (git-fixes).
- alsa: hda/realtek: enable mute led on hp laptop 15s-eq2xxx (git-fixes).
- alsa: hda/realtek: fix generic fixup definition for cs35l41 amp (git-fixes).
- alsa: hda/realtek: support asus g713pv laptop (git-fixes).
- alsa: hda/realtek: whitespace fix (git-fixes).
- alsa: hda/relatek: enable mute led on hp 250 g8 (git-fixes).
- alsa: hda: fix a possible null-pointer dereference due to data race in snd_hdac_regmap_sync() (git-fixes).
- alsa: oxfw: make read-only const array models static (git-fixes).
- alsa: pcm: fix potential data race at pcm memory allocation helpers (git-fixes).
- alsa: usb-audio: add quirk for microsoft modern wireless headset (bsc#1207129).
- alsa: usb-audio: update for native dsd support quirks (git-fixes).
- apparmor: fix missing error check for rhashtable_insert_fast (git-fixes).
- arm64/mm: mark private vm_fault_x defines as vm_fault_t (git-fixes)
- arm64: dts: microchip: sparx5: do not use psci on reference boards (git-fixes)
- arm64: vdso: pass (void *) to virt_to_page() (git-fixes)
- arm64: xor-neon: mark xor_arm64_neon_*() static (git-fixes)
- asoc: atmel: fix the 8k sample parameter in i2sc master (git-fixes).
- asoc: codecs: es8316: fix dmic config (git-fixes).
- asoc: codecs: wcd-mbhc-v2: fix resource leaks on component remove (git-fixes).
- asoc: codecs: wcd934x: fix resource leaks on component remove (git-fixes).
- asoc: codecs: wcd938x: fix codec initialisation race (git-fixes).
- asoc: codecs: wcd938x: fix db range for hphl and hphr (git-fixes).
- asoc: codecs: wcd938x: fix missing clsh ctrl error handling (git-fixes).
- asoc: codecs: wcd938x: fix soundwire initialisation race (git-fixes).
- asoc: da7219: check for failure reading aad irq events (git-fixes).
- asoc: da7219: flush pending aad irq when suspending (git-fixes).
- asoc: fsl_sai: disable bit clock with transmitter (git-fixes).
- asoc: fsl_spdif: silence output on stop (git-fixes).
- asoc: rt5682-sdw: fix for jd event handling in clockstop mode0 (git-fixes).
- asoc: rt711-sdca: fix for jd event handling in clockstop mode0 (git-fixes).
- asoc: rt711: fix for jd event handling in clockstop mode0 (git-fixes).
- asoc: tegra: fix adx byte map (git-fixes).
- asoc: tegra: fix amx byte map (git-fixes).
- asoc: wm8904: fill the cache for wm8904_adc_test_0 register (git-fixes).
- ata: pata_ns87415: mark ns87560_tf_read static (git-fixes).
- block, bfq: fix division by zero error on zero wsum (bsc#1213653).
- block: fix a source code comment in include/uapi/linux/blkzoned.h (git-fixes).
- can: bcm: fix uaf in bcm_proc_show() (git-fixes).
- can: gs_usb: gs_can_close(): add missing set of can state to can_state_stopped (git-fixes).
- ceph: do not let check_caps skip sending responses for revoke msgs (bsc#1213856).
- cifs: add a warning when the in-flight count goes negative (bsc#1193629).
- cifs: address unused variable warning (bsc#1193629).
- cifs: do all necessary checks for credits within or before locking (bsc#1193629).
- cifs: fix lease break oops in xfstest generic/098 (bsc#1193629).
- cifs: fix max_credits implementation (bsc#1193629).
- cifs: fix session state check in reconnect to avoid use-after-free issue (bsc#1193629).
- cifs: fix session state check in smb2_find_smb_ses (bsc#1193629).
- cifs: fix session state transition to avoid use-after-free issue (bsc#1193629).
- cifs: fix sockaddr comparison in iface_cmp (bsc#1193629).
- cifs: fix status checks in cifs_tree_connect (bsc#1193629).
- cifs: log session id when a matching ses is not found (bsc#1193629).
- cifs: new dynamic tracepoint to track ses not found errors (bsc#1193629).
- cifs: prevent use-after-free by freeing the cfile later (bsc#1193629).
- cifs: print all credit counters in debugdata (bsc#1193629).
- cifs: print client_guid in debugdata (bsc#1193629).
- cifs: print more detail when invalidate_inode_mapping fails (bsc#1193629).
- cifs: print nosharesock value while dumping mount options (bsc#1193629).
- clk: qcom: camcc-sc7180: add parent dependency to all camera gdscs (git-fixes).
- clk: qcom: gcc-ipq6018: use floor ops for sdcc clocks (git-fixes).
- coda: avoid partial allocation of sig_inputargs (git-fixes).
- codel: fix kernel-doc notation warnings (git-fixes).
- crypto: kpp - add helper to set reqsize (git-fixes).
- crypto: qat - use helper to set reqsize (git-fixes).
- delete suse/memcg-drop-kmem-limit_in_bytes. drop the patch in order to fix bsc#1213705.
- devlink: fix kernel-doc notation warnings (git-fixes).
- dlm: fix missing lkb refcount handling (git-fixes).
- dlm: fix plock invalid read (git-fixes).
- docs: networking: update codeaurora references for rmnet (git-fixes).
- documentation: abi: sysfs-class-net-qmi: pass_through contact update (git-fixes).
- documentation: bonding: fix the doc of peer_notif_delay (git-fixes).
- documentation: devices.txt: reconcile serial/ucc_uart minor numers (git-fixes).
- documentation: timers: hrtimers: make hybrid union historical (git-fixes).
- drm/amd/display: correct `dmub_fw_version` macro (git-fixes).
- drm/amd/display: disable mpc split by default on special asic (git-fixes).
- drm/amd/display: keep phy active for dp displays on dcn31 (git-fixes).
- drm/amdgpu: avoid restore process run into dead loop (git-fixes).
- drm/amdgpu: fix clearing mappings for bos that are always valid in vm (git-fixes).
- drm/amdgpu: set vmbo destroy after pt bo is created (git-fixes).
- drm/amdgpu: validate vm ioctl flags (git-fixes).
- drm/atomic: allow vblank-enabled + self-refresh 'disable' (git-fixes).
- drm/atomic: fix potential use-after-free in nonblocking commits (git-fixes).
- drm/bridge: tc358768: add atomic_get_input_bus_fmts() implementation (git-fixes).
- drm/bridge: tc358768: fix tclk_trailcnt computation (git-fixes).
- drm/bridge: tc358768: fix ths_trailcnt computation (git-fixes).
- drm/bridge: tc358768: fix ths_zerocnt computation (git-fixes).
- drm/client: fix memory leak in drm_client_modeset_probe (git-fixes).
- drm/client: fix memory leak in drm_client_target_cloned (git-fixes).
- drm/i915/psr: use hw.adjusted mode when calculating io/fast wake times (git-fixes).
- drm/i915: fix one wrong caching mode enum usage (git-fixes).
- drm/msm/adreno: fix snapshot bindless_data size (git-fixes).
- drm/msm/disp/dpu: get timing engine status from intf status register (git-fixes).
- drm/msm/dpu: drop enum dpu_core_perf_data_bus_id (git-fixes).
- drm/msm/dpu: set dpu_data_hctl_en for in intf_sc7180_mask (git-fixes).
- drm/msm: fix is_err_or_null() vs null check in a5xx_submit_in_rb() (git-fixes).
- drm/panel: simple: add connector_type for innolux_at043tn24 (git-fixes).
- drm/panel: simple: add powertip ph800480t013 drm_display_mode flags (git-fixes).
- drm/radeon: fix integer overflow in radeon_cs_parser_init (git-fixes).
- drm/ttm: do not leak a resource on swapout move error (git-fixes).
- drop amdgpu patches for fixing regression (bsc#1213304,bsc#1213777)
- dt-bindings: phy: brcm,brcmstb-usb-phy: fix error in 'compatible' conditional schema (git-fixes).
- enable nxp snvs rtc driver for i.mx 8mq/8mp (jsc#PED-4758)
- ext4: add ea_inode checking to ext4_iget() (bsc#1213106).
- ext4: add ext4_sb_block_valid() refactored out of ext4_inode_block_valid() (bsc#1213088).
- ext4: add lockdep annotations for i_data_sem for ea_inode's (bsc#1213109).
- ext4: add strict range checks while freeing blocks (bsc#1213089).
- ext4: avoid deadlock in fs reclaim with page writeback (bsc#1213016).
- ext4: bail out of ext4_xattr_ibody_get() fails for any reason (bsc#1213018).
- ext4: block range must be validated before use in ext4_mb_clear_bb() (bsc#1213090).
- ext4: check iomap type only if ext4_iomap_begin() does not fail (bsc#1213103).
- ext4: disallow ea_inodes with extended attributes (bsc#1213108).
- ext4: fail ext4_iget if special inode unallocated (bsc#1213010).
- ext4: fix bug_on in __es_tree_search caused by bad quota inode (bsc#1213111).
- ext4: fix data races when using cached status extents (bsc#1213102).
- ext4: fix deadlock when converting an inline directory in nojournal mode (bsc#1213105).
- ext4: fix i_disksize exceeding i_size problem in paritally written case (bsc#1213015).
- ext4: fix lockdep warning when enabling mmp (bsc#1213100).
- ext4: fix reusing stale buffer heads from last failed mounting (bsc#1213020).
- ext4: fix task hung in ext4_xattr_delete_inode (bsc#1213096).
- ext4: fix to check return value of freeze_bdev() in ext4_shutdown() (bsc#1213021).
- ext4: fix use-after-free read in ext4_find_extent for bigalloc + inline (bsc#1213098).
- ext4: fix warning in ext4_update_inline_data (bsc#1213012).
- ext4: fix warning in mb_find_extent (bsc#1213099).
- ext4: improve error handling from ext4_dirhash() (bsc#1213104).
- ext4: improve error recovery code paths in __ext4_remount() (bsc#1213017).
- ext4: move where set the may_inline_data flag is set (bsc#1213011).
- ext4: only update i_reserved_data_blocks on successful block allocation (bsc#1213019).
- ext4: refactor ext4_free_blocks() to pull out ext4_mb_clear_bb() (bsc#1213087).
- ext4: refuse to create ea block when umounted (bsc#1213093).
- ext4: set lockdep subclass for the ea_inode in ext4_xattr_inode_cache_find() (bsc#1213107).
- ext4: turn quotas off if mount failed after enabling quotas (bsc#1213110).
- ext4: update s_journal_inum if it changes after journal replay (bsc#1213094).
- ext4: use ext4_fc_tl_mem in fast-commit replay path (bsc#1213092).
- ext4: zero i_disksize when initializing the bootloader inode (bsc#1213013).
- fbdev: au1200fb: fix missing irq check in au1200fb_drv_probe (git-fixes).
- fbdev: imxfb: warn about invalid left/right margin (git-fixes).
- file: always lock position for fmode_atomic_pos (bsc#1213759).
- fix documentation of panic_on_warn (git-fixes).
- fs: dlm: add midcomms init/start functions (git-fixes).
- fs: dlm: do not set stop rx flag after node reset (git-fixes).
- fs: dlm: filter user dlm messages for kernel locks (git-fixes).
- fs: dlm: fix log of lowcomms vs midcomms (git-fixes).
- fs: dlm: fix race between test_bit() and queue_work() (git-fixes).
- fs: dlm: fix race in lowcomms (git-fixes).
- fs: dlm: handle -ebusy first in lock arg validation (git-fixes).
- fs: dlm: move sending fin message into state change handling (git-fixes).
- fs: dlm: retry accept() until -eagain or error returns (git-fixes).
- fs: dlm: return positive pid value for f_getlk (git-fixes).
- fs: dlm: start midcomms before scand (git-fixes).
- fs: hfsplus: remove warn_on() from hfsplus_cat_{read,write}_inode() (git-fixes).
- fs: jfs: check for read-only mounted filesystem in txbegin (git-fixes).
- fs: jfs: fix null-ptr-deref read in txbegin (git-fixes).
- fs: jfs: fix ubsan: array-index-out-of-bounds in dballocdmaplev (git-fixes).
- fuse: ioctl: translate enosys in outarg (bsc#1213524).
- fuse: revalidate: do not invalidate if interrupted (bsc#1213523).
- gve: set default duplex configuration to full (git-fixes).
- gve: unify driver name usage (git-fixes).
- hvcs: fix hvcs port reference counting (bsc#1213134 ltc#202861).
- hvcs: get reference to tty in remove (bsc#1213134 ltc#202861).
- hvcs: synchronize hotplug remove with port free (bsc#1213134 ltc#202861).
- hvcs: use dev_groups to manage hvcs device attributes (bsc#1213134 ltc#202861).
- hvcs: use driver groups to manage driver attributes (bsc#1213134 ltc#202861).
- hvcs: use vhangup in hotplug remove (bsc#1213134 ltc#202861).
- hwmon: (adm1275) allow setting sample averaging (git-fixes).
- hwmon: (k10temp) enable amd3255 proc to show negative temperature (git-fixes).
- hwmon: (nct7802) fix for temp6 (peci1) processed even if peci1 disabled (git-fixes).
- hwmon: (pmbus/adm1275) fix problems with temperature monitoring on adm1272 (git-fixes).
- i2c: xiic: defer xiic_wakeup() and __xiic_start_xfer() in xiic_process() (git-fixes).
- i2c: xiic: do not try to handle more interrupt events after error (git-fixes).
- iavf: fix out-of-bounds when setting channels on remove (git-fixes).
- iavf: fix use-after-free in free_netdev (git-fixes).
- iavf: use internal state to free traffic irqs (git-fixes).
- ib/hfi1: use bitmap_zalloc() when applicable (git-fixes)
- igc: check if hardware tx timestamping is enabled earlier (git-fixes).
- igc: enable and fix rx hash usage by netstack (git-fixes).
- igc: fix inserting of empty frame for launchtime (git-fixes).
- igc: fix kernel panic during ndo_tx_timeout callback (git-fixes).
- igc: fix launchtime before start of cycle (git-fixes).
- igc: fix race condition in ptp tx code (git-fixes).
- igc: handle pps start time programming for past time values (git-fixes).
- igc: prevent garbled tx queue with xdp zerocopy (git-fixes).
- igc: remove delay during tx ring configuration (git-fixes).
- igc: set tp bit in 'supported' and 'advertising' fields of ethtool_link_ksettings (git-fixes).
- igc: work around hw bug causing missing timestamps (git-fixes).
- inotify: avoid reporting event with invalid wd (bsc#1213025).
- input: i8042 - add clevo pcx0dx to i8042 quirk table (git-fixes).
- input: iqs269a - do not poll during ati (git-fixes).
- input: iqs269a - do not poll during suspend or resume (git-fixes).
- jbd2: fix data missing when reusing bh which is ready to be checkpointed (bsc#1213095).
- jdb2: do not refuse invalidation of already invalidated buffers (bsc#1213014).
- jffs2: fix memory leak in jffs2_do_fill_super (git-fixes).
- jffs2: fix memory leak in jffs2_do_mount_fs (git-fixes).
- jffs2: fix memory leak in jffs2_scan_medium (git-fixes).
- jffs2: fix use-after-free in jffs2_clear_xattr_subsystem (git-fixes).
- jffs2: gc deadlock reading a page that is used in jffs2_write_begin() (git-fixes).
- jffs2: reduce stack usage in jffs2_build_xattr_subsystem() (git-fixes).
- jfs: jfs_dmap: validate db_l2nbperpage while mounting (git-fixes).
- kabi/severities: add vas symbols changed due to recent fix vas accelerators are directly tied to the architecture, there is no reason to have out-of-tree production drivers
- kabi: do not check external trampolines for signature (kabi bsc#1207894 bsc#1211243).
- kernel-binary.spec.in: remove superfluous %% in supplements fixes: 02b7735e0caf ('rpm/kernel-binary.spec.in: add enhances and supplements tags to in-tree kmps')
- kselftest: vdso: fix accumulation of uninitialized ret when clock_realtime is undefined (git-fixes).
- kvm: arm64: do not read a hw interrupt pending state in user context (git-fixes)
- kvm: arm64: warn if accessing timer pending state outside of vcpu (bsc#1213620)
- kvm: do not null dereference ops->destroy (git-fixes)
- kvm: downgrade two bug_ons to warn_on_once (git-fixes)
- kvm: initialize debugfs_dentry when a vm is created to avoid null (git-fixes)
- kvm: s390: pv: fix index value of replaced asce (git-fixes bsc#1213867).
- kvm: vmx: inject #gp on encls if vcpu has paging disabled (cr0.pg==0) (git-fixes).
- kvm: vmx: inject #gp, not #ud, if sgx2 encls leafs are unsupported (git-fixes).
- kvm: vmx: restore vmx_vmexit alignment (git-fixes).
- kvm: x86: account fastpath-only vm-exits in vcpu stats (git-fixes).
- leds: trigger: netdev: recheck netdev_led_mode_linkup on dev rename (git-fixes).
- libceph: harden msgr2.1 frame segment length checks (bsc#1213857).
- media: atomisp: gmin_platform: fix out_len in gmin_get_config_dsm_var() (git-fixes).
- media: cec: i2c: ch7322: also select regmap (git-fixes).
- media: i2c: correct format propagation for st-mipid02 (git-fixes).
- media: staging: atomisp: select v4l2_fwnode (git-fixes).
- media: usb: check az6007_read() return value (git-fixes).
- media: usb: siano: fix warning due to null work_func_t function pointer (git-fixes).
- media: venus: helpers: fix align() of non power of two (git-fixes).
- media: videodev2.h: fix struct v4l2_input tuner index comment (git-fixes).
- memcg: drop kmem.limit_in_bytes (bsc#1208788, bsc#1212905).
- mmc: core: disable trim on kingston emmc04g-m627 (git-fixes).
- mmc: sdhci: fix dma configure compatibility issue when 64bit dma mode is used (git-fixes).
- net/sched: sch_qfq: refactor parsing of netlink parameters (bsc#1213585).
- net/sched: sch_qfq: reintroduce lmax bound check for mtu (bsc#1213585).
- net: ena: fix shift-out-of-bounds in exponential backoff (git-fixes).
- net: mana: add support for vlan tagging (bsc#1212301).
- net: mana: batch ringing rx queue doorbell on receiving packets (bsc#1212901).
- net: mana: use the correct wqe count for ringing rq doorbell (bsc#1212901).
- net: phy: marvell10g: fix 88x3310 power up (git-fixes).
- net: phy: prevent stale pointer dereference in phy_init() (git-fixes).
- nfsd: add encoding of op_recall flag for write delegation (git-fixes).
- nfsd: fix double fget() bug in __write_ports_addfd() (git-fixes).
- nfsd: fix sparse warning (git-fixes).
- nfsd: remove open coding of string copy (git-fixes).
- nfsv4.1: always send a reclaim_complete after establishing lease (git-fixes).
- nfsv4.1: freeze the session table upon receiving nfs4err_badsession (git-fixes).
- ntb: amd: fix error handling in amd_ntb_pci_driver_init() (git-fixes).
- ntb: idt: fix error handling in idt_pci_driver_init() (git-fixes).
- ntb: intel: fix error handling in intel_ntb_pci_driver_init() (git-fixes).
- ntb: ntb_tool: add check for devm_kcalloc (git-fixes).
- ntb: ntb_transport: fix possible memory leak while device_register() fails (git-fixes).
- nvme-multipath: support io stats on the mpath device (bsc#1210565).
- nvme-pci: fix dma direction of unmapping integrity data (git-fixes).
- nvme-pci: remove nvme_queue from nvme_iod (git-fixes).
- nvme: introduce nvme_start_request (bsc#1210565).
- ocfs2: check new file size on fallocate call (git-fixes).
- ocfs2: fix use-after-free when unmounting read-only filesystem (git-fixes).
- ocfs2: switch to security_inode_init_security() (git-fixes).
- octeontx-af: fix hardware timestamp configuration (git-fixes).
- octeontx2-af: move validation of ptp pointer before its usage (git-fixes).
- octeontx2-pf: add additional check for mcam rules (git-fixes).
- opp: fix use-after-free in lazy_opp_tables after probe deferral (git-fixes).
- pci/pm: avoid putting elopos e2/s2/h2 pcie ports in d3cold (git-fixes).
- pci: add function 1 dma alias quirk for marvell 88se9235 (git-fixes).
- phy: hisilicon: fix an out of bounds check in hisi_inno_phy_probe() (git-fixes).
- phy: revert 'phy: remove soc_exynos4212 dep. from phy_exynos4x12_usb' (git-fixes).
- phy: tegra: xusb: check return value of devm_kzalloc() (git-fixes).
- phy: tegra: xusb: clear the driver reference in usb-phy dev (git-fixes).
- pie: fix kernel-doc notation warning (git-fixes).
- pinctrl: amd: detect internal gpio0 debounce handling (git-fixes).
- pinctrl: amd: do not show `invalid config param` errors (git-fixes).
- pinctrl: amd: fix mistake in handling clearing pins at startup (git-fixes).
- pinctrl: amd: only use special debounce behavior for gpio 0 (git-fixes).
- pinctrl: amd: use amd_pinconf_set() for all config options (git-fixes).
- platform/x86: msi-laptop: fix rfkill out-of-sync on msi wind u100 (git-fixes).
- powerpc/64: only warn if __pa()/__va() called with bad addresses (bsc#1194869).
- powerpc/64s: fix vas mm use after free (bsc#1194869).
- powerpc/book3s64/mm: fix directmap stats in /proc/meminfo (bsc#1194869).
- powerpc/bpf: fix use of user_pt_regs in uapi (bsc#1194869).
- powerpc/ftrace: remove ftrace init tramp once kernel init is complete (bsc#1194869).
- powerpc/interrupt: do not read msr from interrupt_exit_kernel_prepare() (bsc#1194869).
- powerpc/mm/dax: fix the condition when checking if altmap vmemap can cross-boundary (bsc#1150305 ltc#176097 git-fixes).
- powerpc/mm: switch obsolete dssall to .long (bsc#1194869).
- powerpc/powernv/sriov: perform null check on iov before dereferencing iov (bsc#1194869).
- powerpc/powernv/vas: assign real address to rx_fifo in vas_rx_win_attr (bsc#1194869).
- powerpc/prom_init: fix kernel config grep (bsc#1194869).
- powerpc/secvar: fix refcount leak in format_show() (bsc#1194869).
- powerpc/xics: fix refcount leak in icp_opal_init() (bsc#1194869).
- powerpc: clean vdso32 and vdso64 directories (bsc#1194869).
- powerpc: define get_cycles macro for arch-override (bsc#1194869).
- powerpc: update ppc_save_regs to save current r1 in pt_regs (bsc#1194869).
- pwm: ab8500: fix error code in probe() (git-fixes).
- pwm: imx-tpm: force 'real_period' to be zero in suspend (git-fixes).
- pwm: sysfs: do not apply state to already disabled pwms (git-fixes).
- rdma/bnxt_re: fix hang during driver unload (git-fixes)
- rdma/bnxt_re: prevent handling any completions after qp destroy (git-fixes)
- rdma/core: update cma destination address on rdma_resolve_addr (git-fixes)
- rdma/irdma: add missing read barriers (git-fixes)
- rdma/irdma: fix data race on cqp completion stats (git-fixes)
- rdma/irdma: fix data race on cqp request done (git-fixes)
- rdma/irdma: fix op_type reporting in cqes (git-fixes)
- rdma/irdma: report correct wc error (git-fixes)
- rdma/mlx4: make check for invalid flags stricter (git-fixes)
- rdma/mthca: fix crash when polling cq for shared qps (git-fixes)
- rdma/rxe: fix access checks in rxe_check_bind_mw (git-fixes)
- regmap: account for register length in smbus i/o limits (git-fixes).
- regmap: drop initial version of maximum transfer length fixes (git-fixes).
- revert 'arm64: dts: zynqmp: add address-cells property to interrupt (git-fixes)
- revert 'debugfs, coccinelle: check for obsolete define_simple_attribute() usage' (git-fixes).
- revert 'drm/amd/display: edp do not add non-edid timings' (git-fixes).
- revert 'nfsv4: retry lock on old_stateid during delegation return' (git-fixes).
- revert 'usb: dwc3: core: enable autoretry feature in the controller' (git-fixes).
- revert 'usb: gadget: tegra-xudc: fix error check in tegra_xudc_powerdomain_init()' (git-fixes).
- revert 'usb: xhci: tegra: fix error check' (git-fixes).
- revert 'xhci: add quirk for host controllers that do not update endpoint dcs' (git-fixes).
- rpm/check-for-config-changes: ignore also riscv_isa_* and dynamic_sigframe they depend on config_toolchain_has_*.
- rpm: update dependency to match current kmod.
- rsi: remove kernel-doc comment marker (git-fixes).
- rxrpc, afs: fix selection of abort codes (git-fixes).
- s390/ap: fix status returned by ap_aqic() (git-fixes bsc#1213259).
- s390/ap: fix status returned by ap_qact() (git-fixes bsc#1213258).
- s390/bpf: add expoline to tail calls (git-fixes bsc#1213870).
- s390/dasd: fix hanging device after quiesce/resume (git-fixes bsc#1213810).
- s390/debug: add _asm_s390_ prefix to header guard (git-fixes bsc#1213263).
- s390/decompressor: specify __decompress() buf len to avoid overflow (git-fixes bsc#1213863).
- s390/ipl: add missing intersection check to ipl_report handling (git-fixes bsc#1213871).
- s390/percpu: add read_once() to arch_this_cpu_to_op_simple() (git-fixes bsc#1213252).
- s390/qeth: fix vipa deletion (git-fixes bsc#1213713).
- s390/vmem: fix empty page tables cleanup under kasan (git-fixes bsc#1213715).
- s390: define runtime_discard_exit to fix link error with gnu ld < 2.36 (git-fixes bsc#1213264).
- s390: discard .interp section (git-fixes bsc#1213247).
- s390: introduce nospec_uses_trampoline() (git-fixes bsc#1213870).
- scftorture: count reschedule ipis (git-fixes).
- sched/debug: fix dentry leak in update_sched_domain_debugfs (git-fixes)
- sched: fix debug && !schedstats warn (git-fixes)
- scsi: lpfc: abort outstanding els cmds when mailbox timeout error is detected (bsc#1213756).
- scsi: lpfc: avoid -wstringop-overflow warning (bsc#1213756).
- scsi: lpfc: clean up sli-4 sysfs resource reporting (bsc#1213756).
- scsi: lpfc: copyright updates for 14.2.0.14 patches (bsc#1213756).
- scsi: lpfc: fix a possible data race in lpfc_unregister_fcf_rescan() (bsc#1213756).
- scsi: lpfc: fix incorrect big endian type assignment in bsg loopback path (bsc#1213756).
- scsi: lpfc: fix incorrect big endian type assignments in fdmi and vmid paths (bsc#1213756).
- scsi: lpfc: fix lpfc_name struct packing (bsc#1213756).
- scsi: lpfc: make fabric zone discovery more robust when handling unsolicited logo (bsc#1213756).
- scsi: lpfc: pull out fw diagnostic dump log message from driver's trace buffer (bsc#1213756).
- scsi: lpfc: qualify ndlp discovery state when processing rscn (bsc#1213756).
- scsi: lpfc: refactor cpu affinity assignment paths (bsc#1213756).
- scsi: lpfc: remove extra ndlp kref decrement in flogi cmpl for loop topology (bsc#1213756).
- scsi: lpfc: replace all non-returning strlcpy() with strscpy() (bsc#1213756).
- scsi: lpfc: replace one-element array with flexible-array member (bsc#1213756).
- scsi: lpfc: revise ndlp kref handling for dev_loss_tmo_callbk and lpfc_drop_node (bsc#1213756).
- scsi: lpfc: set establish image pair service parameter only for target functions (bsc#1213756).
- scsi: lpfc: simplify fcp_abort transport callback log message (bsc#1213756).
- scsi: lpfc: update lpfc version to 14.2.0.14 (bsc#1213756).
- scsi: lpfc: use struct_size() helper (bsc#1213756).
- scsi: qla2xxx: adjust iocb resource on qpair create (bsc#1213747).
- scsi: qla2xxx: array index may go out of bound (bsc#1213747).
- scsi: qla2xxx: avoid fcport pointer dereference (bsc#1213747).
- scsi: qla2xxx: check valid rport returned by fc_bsg_to_rport() (bsc#1213747).
- scsi: qla2xxx: correct the index of array (bsc#1213747).
- scsi: qla2xxx: drop useless list_head (bsc#1213747).
- scsi: qla2xxx: fix buffer overrun (bsc#1213747).
- scsi: qla2xxx: fix command flush during tmf (bsc#1213747).
- scsi: qla2xxx: fix deletion race condition (bsc#1213747).
- scsi: qla2xxx: fix end of loop test (bsc#1213747).
- scsi: qla2xxx: fix erroneous link up failure (bsc#1213747).
- scsi: qla2xxx: fix error code in qla2x00_start_sp() (bsc#1213747).
- scsi: qla2xxx: fix inconsistent tmf timeout (bsc#1213747).
- scsi: qla2xxx: fix null pointer dereference in target mode (bsc#1213747).
- scsi: qla2xxx: fix potential null pointer dereference (bsc#1213747).
- scsi: qla2xxx: fix session hang in gnl (bsc#1213747).
- scsi: qla2xxx: fix tmf leak through (bsc#1213747).
- scsi: qla2xxx: limit tmf to 8 per function (bsc#1213747).
- scsi: qla2xxx: pointer may be dereferenced (bsc#1213747).
- scsi: qla2xxx: remove unused nvme_ls_waitq wait queue (bsc#1213747).
- scsi: qla2xxx: replace one-element array with declare_flex_array() helper (bsc#1213747).
- scsi: qla2xxx: silence a static checker warning (bsc#1213747).
- scsi: qla2xxx: turn off noisy message log (bsc#1213747).
- scsi: qla2xxx: update version to 10.02.08.400-k (bsc#1213747).
- scsi: qla2xxx: update version to 10.02.08.500-k (bsc#1213747).
- scsi: qla2xxx: use vmalloc_array() and vcalloc() (bsc#1213747).
- security: keys: modify mismatched function name (git-fixes).
- selftests: mptcp: depend on syn_cookies (git-fixes).
- selftests: mptcp: sockopt: return error if wrong mark (git-fixes).
- selftests: rtnetlink: remove netdevsim device after ipsec offload test (git-fixes).
- selftests: tc: add 'ct' action kconfig dep (git-fixes).
- selftests: tc: add conntrack procfs kconfig (git-fixes).
- selftests: tc: set timeout to 15 minutes (git-fixes).
- serial: qcom-geni: drop bogus runtime pm state update (git-fixes).
- serial: sifive: fix sifive_serial_console_setup() section (git-fixes).
- signal/powerpc: on swapcontext failure force sigsegv (bsc#1194869).
- signal: replace force_sigsegv(sigsegv) with force_fatal_sig(sigsegv) (bsc#1194869).
- smb3: do not reserve too many oplock credits (bsc#1193629).
- smb3: missing null check in smb2_change_notify (bsc#1193629).
- smb: client: fix broken file attrs with nodfs mounts (bsc#1193629).
- smb: client: fix missed ses refcounting (git-fixes).
- smb: client: fix parsing of source mount option (bsc#1193629).
- smb: client: fix shared dfs root mounts with different prefixes (bsc#1193629).
- smb: client: fix warning in cifs_match_super() (bsc#1193629).
- smb: client: fix warning in cifs_smb3_do_mount() (bsc#1193629).
- smb: client: fix warning in cifsfindfirst() (bsc#1193629).
- smb: client: fix warning in cifsfindnext() (bsc#1193629).
- smb: client: fix warning in generic_ip_connect() (bsc#1193629).
- smb: client: improve dfs mount check (bsc#1193629).
- smb: client: remove redundant pointer 'server' (bsc#1193629).
- smb: delete an unnecessary statement (bsc#1193629).
- smb: move client and server files to common directory fs/smb (bsc#1193629).
- smb: remove obsolete comment (bsc#1193629).
- soundwire: qcom: fix storing port config out-of-bounds (git-fixes).
- soundwire: qcom: update status correctly with mask (git-fixes).
- spi: bcm-qspi: return error if neither hif_mspi nor mspi is available (git-fixes).
- spi: bcm63xx: fix max prepend length (git-fixes).
- staging: ks7010: potential buffer overflow in ks_wlan_set_encode_ext() (git-fixes).
- staging: r8712: fix memory leak in _r8712_init_xmit_priv() (git-fixes).
- sunrpc: always free ctxt when freeing deferred request (git-fixes).
- sunrpc: double free xprt_ctxt while still in use (git-fixes).
- sunrpc: fix trace_svc_register() call site (git-fixes).
- sunrpc: fix uaf in svc_tcp_listen_data_ready() (git-fixes).
- sunrpc: remove dead code in svc_tcp_release_rqst() (git-fixes).
- sunrpc: remove the maximum number of retries in call_bind_status (git-fixes).
- svcrdma: prevent page release when nothing was received (git-fixes).
- tpm: tpm_vtpm_proxy: fix a race condition in /dev/vtpmx creation (git-fixes).
- tpm_tis: explicitly check for error code (git-fixes).
- tty: n_gsm: fix uaf in gsm_cleanup_mux (git-fixes).
- tty: serial: fsl_lpuart: add earlycon for imx8ulp platform (git-fixes).
- ubi: ensure that vid header offset + vid header size <= alloc, size (bsc#1210584).
- ubi: fix failure attaching when vid_hdr offset equals to (sub)page size (bsc#1210584).
- ubifs: add missing iput if do_tmpfile() failed in rename whiteout (git-fixes).
- ubifs: do_rename: fix wrong space budget when target inode's nlink > 1 (git-fixes).
- ubifs: error path in ubifs_remount_rw() seems to wrongly free write buffers (git-fixes).
- ubifs: fix 'ui->dirty' race between do_tmpfile() and writeback work (git-fixes).
- ubifs: fix aa deadlock when setting xattr for encrypted file (git-fixes).
- ubifs: fix build errors as symbol undefined (git-fixes).
- ubifs: fix deadlock in concurrent rename whiteout and inode writeback (git-fixes).
- ubifs: fix memory leak in alloc_wbufs() (git-fixes).
- ubifs: fix memory leak in do_rename (git-fixes).
- ubifs: fix read out-of-bounds in ubifs_wbuf_write_nolock() (git-fixes).
- ubifs: fix to add refcount once page is set private (git-fixes).
- ubifs: fix wrong dirty space budget for dirty inode (git-fixes).
- ubifs: free memory for tmpfile name (git-fixes).
- ubifs: rectify space amount budget for mkdir/tmpfile operations (git-fixes).
- ubifs: rectify space budget for ubifs_symlink() if symlink is encrypted (git-fixes).
- ubifs: rectify space budget for ubifs_xrename() (git-fixes).
- ubifs: rename whiteout atomically (git-fixes).
- ubifs: rename_whiteout: correct old_dir size computing (git-fixes).
- ubifs: rename_whiteout: fix double free for whiteout_ui->data (git-fixes).
- ubifs: reserve one leb for each journal head while doing budget (git-fixes).
- ubifs: setflags: make dirtied_ino_d 8 bytes aligned (git-fixes).
- ubifs: ubifs_writepage: mark page dirty after writing inode failed (git-fixes).
- udf: avoid double brelse() in udf_rename() (bsc#1213032).
- udf: define efscorrupted error code (bsc#1213038).
- udf: detect system inodes linked into directory hierarchy (bsc#1213114).
- udf: discard preallocation before extending file with a hole (bsc#1213036).
- udf: do not bother looking for prealloc extents if i_lenextents matches i_size (bsc#1213035).
- udf: do not bother merging very long extents (bsc#1213040).
- udf: do not update file length for failed writes to inline files (bsc#1213041).
- udf: fix error handling in udf_new_inode() (bsc#1213112).
- udf: fix extending file within last block (bsc#1213037).
- udf: fix preallocation discarding at indirect extent boundary (bsc#1213034).
- udf: preserve link count of system files (bsc#1213113).
- udf: truncate added extents on failed expansion (bsc#1213039).
- update config and supported.conf files due to renaming.
- update suse/rdma-mthca-fix-crash-when-polling-cq-for-shared-qps. (git-fixes bsc#1212604). added bug reference.
- usb: dwc2: fix some error handling paths (git-fixes).
- usb: dwc2: platform: improve error reporting for problems during .remove() (git-fixes).
- usb: dwc3: do not reset device side if dwc3 was configured as host-only (git-fixes).
- usb: dwc3: pci: skip byt gpio lookup table for hardwired phy (git-fixes).
- usb: gadget: core: remove unbalanced mutex_unlock in usb_gadget_activate (git-fixes).
- usb: gadget: udc: core: offload usb_udc_vbus_handler processing (git-fixes).
- usb: gadget: udc: core: prevent soft_connect_store() race (git-fixes).
- usb: serial: option: add lara-r6 01b pids (git-fixes).
- usb: xhci-mtk: set the dma max_seg_size (git-fixes).
- vhost: support packed when setting-getting vring_base (git-fixes).
- vhost_net: revert upend_idx only on retriable error (git-fixes).
- virtio-net: maintain reverse cleanup order (git-fixes).
- virtio_net: fix error unwinding of xdp initialization (git-fixes).
- wifi: airo: avoid uninitialized warning in airo_get_rate() (git-fixes).
- wifi: ray_cs: drop useless status variable in parse_addr() (git-fixes).
- wifi: ray_cs: utilize strnlen() in parse_addr() (git-fixes).
- wifi: rtw89: debug: fix error code in rtw89_debug_priv_send_h2c_set() (git-fixes).
- wl3501_cs: use eth_hw_addr_set() (git-fixes).
- writeback: fix call of incorrect macro (bsc#1213024).
- x86/pvh: obtain vga console info in dom0 (git-fixes).
- x86: fix .brk attribute in linker script (git-fixes).
- xen/blkfront: only check req_fua for writes (git-fixes).
- xen/pvcalls-back: fix double frees with pvcalls_new_active_socket() (git-fixes).
- xfs: ail needs asynchronous cil forcing (bsc#1211811).
- xfs: async cil flushes need pending pushes to be made stable (bsc#1211811).
- xfs: attach iclog callbacks in xlog_cil_set_ctx_write_state() (bsc#1211811).
- xfs: cil work is serialised, not pipelined (bsc#1211811).
- xfs: clean up the rtbitmap fsmap backend (git-fixes).
- xfs: do not deplete the reserve pool when trying to shrink the fs (git-fixes).
- xfs: do not reverse order of items in bulk ail insertion (git-fixes).
- xfs: do not run shutdown callbacks on active iclogs (bsc#1211811).
- xfs: drop async cache flushes from cil commits (bsc#1211811).
- xfs: factor out log write ordering from xlog_cil_push_work() (bsc#1211811).
- xfs: fix getfsmap reporting past the last rt extent (git-fixes).
- xfs: fix integer overflows in the fsmap rtbitmap and logdev backends (git-fixes).
- xfs: fix interval filtering in multi-step fsmap queries (git-fixes).
- xfs: fix logdev fsmap query result filtering (git-fixes).
- xfs: fix off-by-one error when the last rt extent is in use (git-fixes).
- xfs: fix uninitialized variable access (git-fixes).
- xfs: make fsmap backend function key parameters const (git-fixes).
- xfs: make the record pointer passed to query_range functions const (git-fixes).
- xfs: move the cil workqueue to the cil (bsc#1211811).
- xfs: move xlog_commit_record to xfs_log_cil.c (bsc#1211811).
- xfs: order cil checkpoint start records (bsc#1211811).
- xfs: pass a cil context to xlog_write() (bsc#1211811).
- xfs: pass explicit mount pointer to rtalloc query functions (git-fixes).
- xfs: rework xlog_state_do_callback() (bsc#1211811).
- xfs: run callbacks before waking waiters in xlog_state_shutdown_callbacks (bsc#1211811).
- xfs: separate out log shutdown callback processing (bsc#1211811).
- xfs: wait iclog complete before tearing down ail (bsc#1211811).
- xfs: xlog_state_ioerror must die (bsc#1211811).
- xhci: fix resume issue of some zhaoxin hosts (git-fixes).
- xhci: fix trb prefetch issue of zhaoxin hosts (git-fixes).
- xhci: show zhaoxin xhci root hub speed correctly (git-fixes).
ImportantSUSE bug 1150305SUSE bug 1193629SUSE bug 1194869SUSE bug 1206418SUSE bug 1207129SUSE bug 1207894SUSE bug 1208788SUSE bug 1210565SUSE bug 1210584SUSE bug 1210627SUSE bug 1210780SUSE bug 1210853SUSE bug 1211131SUSE bug 1211243SUSE bug 1211738SUSE bug 1211811SUSE bug 1211867SUSE bug 1212301SUSE bug 1212502SUSE bug 1212604SUSE bug 1212846SUSE bug 1212901SUSE bug 1212905SUSE bug 1213010SUSE bug 1213011SUSE bug 1213012SUSE bug 1213013SUSE bug 1213014SUSE bug 1213015SUSE bug 1213016SUSE bug 1213017SUSE bug 1213018SUSE bug 1213019SUSE bug 1213020SUSE bug 1213021SUSE bug 1213024SUSE bug 1213025SUSE bug 1213032SUSE bug 1213034SUSE bug 1213035SUSE bug 1213036SUSE bug 1213037SUSE bug 1213038SUSE bug 1213039SUSE bug 1213040SUSE bug 1213041SUSE bug 1213059SUSE bug 1213061SUSE bug 1213087SUSE bug 1213088SUSE bug 1213089SUSE bug 1213090SUSE bug 1213092SUSE bug 1213093SUSE bug 1213094SUSE bug 1213095SUSE bug 1213096SUSE bug 1213098SUSE bug 1213099SUSE bug 1213100SUSE bug 1213102SUSE bug 1213103SUSE bug 1213104SUSE bug 1213105SUSE bug 1213106SUSE bug 1213107SUSE bug 1213108SUSE bug 1213109SUSE bug 1213110SUSE bug 1213111SUSE bug 1213112SUSE bug 1213113SUSE bug 1213114SUSE bug 1213134SUSE bug 1213167SUSE bug 1213245SUSE bug 1213247SUSE bug 1213252SUSE bug 1213258SUSE bug 1213259SUSE bug 1213263SUSE bug 1213264SUSE bug 1213272SUSE bug 1213286SUSE bug 1213287SUSE bug 1213304SUSE bug 1213523SUSE bug 1213524SUSE bug 1213543SUSE bug 1213585SUSE bug 1213586SUSE bug 1213588SUSE bug 1213620SUSE bug 1213653SUSE bug 1213705SUSE bug 1213713SUSE bug 1213715SUSE bug 1213747SUSE bug 1213756SUSE bug 1213759SUSE bug 1213777SUSE bug 1213810SUSE bug 1213812SUSE bug 1213856SUSE bug 1213857SUSE bug 1213863SUSE bug 1213867SUSE bug 1213870SUSE bug 1213871CVE-2022-40982 at SUSECVE-2022-40982 at NVDCVE-2023-0459 at SUSECVE-2023-0459 at NVDCVE-2023-20569 at SUSECVE-2023-20569 at NVDCVE-2023-20593 at SUSECVE-2023-20593 at NVDCVE-2023-21400 at SUSECVE-2023-21400 at NVDCVE-2023-2156 at SUSECVE-2023-2156 at NVDCVE-2023-2166 at SUSECVE-2023-2166 at NVDCVE-2023-2985 at SUSECVE-2023-2985 at NVDCVE-2023-31083 at SUSECVE-2023-31083 at NVDCVE-2023-3117 at SUSECVE-2023-3117 at NVDCVE-2023-31248 at SUSECVE-2023-31248 at NVDCVE-2023-3268 at SUSECVE-2023-3268 at NVDCVE-2023-3390 at SUSECVE-2023-3390 at NVDCVE-2023-35001 at SUSECVE-2023-35001 at NVDCVE-2023-3567 at SUSECVE-2023-3567 at NVDCVE-2023-3609 at SUSECVE-2023-3609 at NVDCVE-2023-3611 at SUSECVE-2023-3611 at NVDCVE-2023-3776 at SUSECVE-2023-3776 at NVDCVE-2023-3812 at SUSECVE-2023-3812 at NVDCVE-2023-4004 at SUSECVE-2023-4004 at NVDcpe:/o:suse:sle-micro:5.4Security update for pcre2 (Moderate)SUSE Linux Enterprise Micro 5.4
This update for pcre2 fixes the following issues:
- CVE-2022-41409: Fixed integer overflow vulnerability in pcre2test that allows attackers to cause a denial of service via negative input (bsc#1213514).
ModerateSUSE bug 1213514CVE-2022-41409 at SUSECVE-2022-41409 at NVDcpe:/o:suse:sle-micro:5.4Security update for kernel-firmware (Moderate)SUSE Linux Enterprise Micro 5.4
This update for kernel-firmware fixes the following issues:
- CVE-2023-20569: Fixed AMD 19h ucode to mitigate a side channel vulnerability in some of the AMD CPUs. (bsc#1213287)
ModerateSUSE bug 1213287CVE-2023-20569 at SUSECVE-2023-20569 at NVDcpe:/o:suse:sle-micro:5.4Security update for krb5 (Important)SUSE Linux Enterprise Micro 5.4
This update for krb5 fixes the following issues:
- CVE-2023-36054: Fixed a DoS that could be triggered by an authenticated remote user. (bsc#1214054)
ImportantSUSE bug 1214054CVE-2023-36054 at SUSECVE-2023-36054 at NVDcpe:/o:suse:sle-micro:5.4Security update for python-configobj (Low)SUSE Linux Enterprise Micro 5.4
This update for python-configobj fixes the following issues:
- CVE-2023-26112: Fixed regular expression denial of service vulnerability in validate.py (bsc#1210070).
LowSUSE bug 1210070CVE-2023-26112 at SUSECVE-2023-26112 at NVDcpe:/o:suse:sle-micro:5.4Security update for ucode-intel (Important)SUSE Linux Enterprise Micro 5.4
This update for ucode-intel fixes the following issues:
- Updated to Intel CPU Microcode 20230808 release. (bsc#1214099)
- CVE-2022-40982: Fixed a potential security vulnerability in some Intel? Processors which may allow information disclosure.
- CVE-2023-23908: Fixed a potential security vulnerability in some 3rd Generation Intel? Xeon? Scalable processors which may allow information disclosure.
- CVE-2022-41804: Fixed a potential security vulnerability in some Intel? Xeon? Processors with Intel? Software Guard Extensions (SGX) which may allow escalation of privilege.
ImportantSUSE bug 1206418SUSE bug 1214099CVE-2022-40982 at SUSECVE-2022-40982 at NVDCVE-2022-41804 at SUSECVE-2022-41804 at NVDCVE-2023-23908 at SUSECVE-2023-23908 at NVDcpe:/o:suse:sle-micro:5.4Security update for xen (Moderate)SUSE Linux Enterprise Micro 5.4
This update for xen fixes the following issues:
- CVE-2023-20569: Fixed side channel attack Inception or RAS Poisoning. (bsc#1214082, XSA-434)
- CVE-2022-40982: Fixed transient execution attack called 'Gather Data Sampling'. (bsc#1214083, XSA-435)
- CVE-2023-20593: Fixed a ZenBleed issue in 'Zen 2' CPUs that could allow an attacker to potentially access sensitive information. (bsc#1213616, XSA-433)
ModerateSUSE bug 1027519SUSE bug 1213616SUSE bug 1214082SUSE bug 1214083CVE-2022-40982 at SUSECVE-2022-40982 at NVDCVE-2023-20569 at SUSECVE-2023-20569 at NVDCVE-2023-20593 at SUSECVE-2023-20593 at NVDcpe:/o:suse:sle-micro:5.4Security update for openssl-1_1 (Moderate)SUSE Linux Enterprise Micro 5.4
This update for openssl-1_1 fixes the following issues:
- CVE-2023-3817: Fixed a potential DoS due to excessive time spent checking DH q parameter value. (bsc#1213853)
- Don't pass zero length input to EVP_Cipher because s390x assembler optimized AES cannot handle zero size. (bsc#1213517)
ModerateSUSE bug 1213517SUSE bug 1213853CVE-2023-3817 at SUSECVE-2023-3817 at NVDcpe:/o:suse:sle-micro:5.4Feature update for LibreOffice and xmlsec1 (Important)SUSE Linux Enterprise Micro 5.4
This update for LibreOffice and xmlsec1 fixes the following issue:
libreoffice:
- Version update from 7.4.3.2 to 7.5.4.1 (jsc#PED-3561, jsc#PED-3550, jsc#3549):
* For the highlights of changes of version 7.5 please consult the official release notes:
https://wiki.documentfoundation.org/ReleaseNotes/7.5
* Security issues fixed:
+ CVE-2023-0950: Fixed stack underflow in ScInterpreter (bsc#1209242)
+ CVE-2023-2255: Fixed vulnerability where remote documents could be loaded without prompt via IFrame (bsc#1211746)
* Bug fixes:
+ Fix PPTX shadow effect for table offset (bsc#1204040)
+ Fix ability to set the default tab size for each text object (bsc#1198666)
+ Fix PPTX extra vertical space between different text formats (bsc#1200085)
+ Do not use binutils-gold as the package is unmaintained and will be removed in the future (boo#1210687)
* Updated bundled dependencies:
* boost version update from 1_77_0 to 1_80_0
* curl version update from 7.83.1 to 8.0.1
* gpgme version update from 1.16.0 to 1.18.0
* icu4c-data version update from 70_1 to 72_1
* icu4c version update from 70_1 to 72_1
* pdfium version update from 4699 to 5408
* poppler version update from 21.11.0 to 22.12.0
xmlsec1:
- Version update from 1.2.28 to 1.2.37 required by LibreOffice 7.5.2.2 (jsc#PED-3561, jsc#PED-3550):
* Retired the XMLSec mailing list 'xmlsec@aleksey.com' and the XMLSec Online Signature Verifier.
* Migration to OpenSSL 3.0 API Note that OpenSSL engines are disabled by default when XMLSec library is compiled
against OpenSSL 3.0.
To re-enable OpenSSL engines, use `--enable-openssl3-engines` configure flag
(there will be a lot of deprecation warnings).
* The OpenSSL before 1.1.0 and LibreSSL before 2.7.0 are now deprecated and will be removed in the future versions of
XMLSec Library.
* Refactored all the integer casts to ensure cast-safety. Fixed all warnings and enabled `-Werror` and `-pedantic`
flags on CI builds.
* Added configure flag to use size_t for xmlSecSize (currently disabled by default for backward compatibility).
* Support for OpenSSL compiled with OPENSSL_NO_ERR.
* Full support for LibreSSL 3.5.0 and above
* Several other small fixes
* Fix decrypting session key for two recipients
* Added `--privkey-openssl-engine` option to enhance openssl engine support
* Remove MD5 for NSS 3.59 and above
* Fix PKCS12_parse return code handling
* Fix OpenSSL lookup
* xmlSecX509DataGetNodeContent(): don't return 0 for non-empty elements - fix for LibreOffice
* Unload error strings in OpenSSL shutdown.
* Make userData available when executing preExecCallback function
* Add an option to use secure memset.
* Enabled XML_PARSE_HUGE for all xml parsers.
* Various build and tests fixes and improvements.
* Move remaining private header files away from xmlsec/include/`` folder
- Other packaging changes:
* Relax the crypto policies for the test-suite. It allows the tests using certificates with small key lengths to pass.
* Pass `--disable-md5` to configure: The cryptographic strength of the MD5 algorithm is sufficiently doubtful that its
use is discouraged at this time. It is not listed as an algorithm in [XMLDSIG-CORE1]
https://www.w3.org/TR/xmlsec-algorithms/#bib-XMLDSIG-CORE1
ImportantSUSE bug 1198666SUSE bug 1200085SUSE bug 1204040SUSE bug 1209242SUSE bug 1210687SUSE bug 1211746CVE-2023-0950 at SUSECVE-2023-0950 at NVDCVE-2023-2255 at SUSECVE-2023-2255 at NVDcpe:/o:suse:sle-micro:5.4Security update for gawk (Low)SUSE Linux Enterprise Micro 5.4
This update for gawk fixes the following issues:
- CVE-2023-4156: Fix a heap out of bound read by validating the index into argument list. (bsc#1214025)
LowSUSE bug 1214025CVE-2023-4156 at SUSECVE-2023-4156 at NVDcpe:/o:suse:sle-micro:5.4Security update for ca-certificates-mozilla (Important)SUSE Linux Enterprise Micro 5.4
This update for ca-certificates-mozilla fixes the following issues:
- Updated to 2.62 state of Mozilla SSL root CAs (bsc#1214248)
Added:
- Atos TrustedRoot Root CA ECC G2 2020
- Atos TrustedRoot Root CA ECC TLS 2021
- Atos TrustedRoot Root CA RSA G2 2020
- Atos TrustedRoot Root CA RSA TLS 2021
- BJCA Global Root CA1
- BJCA Global Root CA2
- LAWtrust Root CA2 (4096)
- Sectigo Public Email Protection Root E46
- Sectigo Public Email Protection Root R46
- Sectigo Public Server Authentication Root E46
- Sectigo Public Server Authentication Root R46
- SSL.com Client ECC Root CA 2022
- SSL.com Client RSA Root CA 2022
- SSL.com TLS ECC Root CA 2022
- SSL.com TLS RSA Root CA 2022
Removed CAs:
- Chambers of Commerce Root
- E-Tugra Certification Authority
- E-Tugra Global Root CA ECC v3
- E-Tugra Global Root CA RSA v3
- Hongkong Post Root CA 1
ImportantSUSE bug 1214248cpe:/o:suse:sle-micro:5.4Security update for freetype2 (Moderate)SUSE Linux Enterprise Micro 5.4
This update for freetype2 fixes the following issues:
- CVE-2023-2004: Fixed integer overflow in tt_hvadvance_adjust (bsc#1210419).
ModerateSUSE bug 1210419CVE-2023-2004 at SUSECVE-2023-2004 at NVDcpe:/o:suse:sle-micro:5.4Security update for haproxy (Moderate)SUSE Linux Enterprise Micro 5.4
This update for haproxy fixes the following issues:
- CVE-2023-40225: Fixed request smuggling with empty content-length header value (bsc#1214102).
ModerateSUSE bug 1214102CVE-2023-40225 at SUSECVE-2023-40225 at NVDcpe:/o:suse:sle-micro:5.4Security update for procps (Low)SUSE Linux Enterprise Micro 5.4
This update for procps fixes the following issues:
- CVE-2023-4016: Fixed ps buffer overflow (bsc#1214290).
LowSUSE bug 1214290CVE-2023-4016 at SUSECVE-2023-4016 at NVDcpe:/o:suse:sle-micro:5.4Security update for open-vm-tools (Important)SUSE Linux Enterprise Micro 5.4
This update for open-vm-tools fixes the following issues:
- CVE-2023-20900: Fixed SAML token signature bypass vulnerability (bsc#1214566).
This update also ships a open-vm-tools-containerinfo plugin. (jsc#PED-3421)
ImportantSUSE bug 1214566CVE-2023-20900 at SUSECVE-2023-20900 at NVDcpe:/o:suse:sle-micro:5.4Security update for docker (Moderate)SUSE Linux Enterprise Micro 5.4
This update for docker fixes the following issues:
- Update to Docker 24.0.5-ce.
See upstream changelong online at
<https://docs.docker.com/engine/release-notes/24.0/#2405> bsc#1213229
- Update to Docker 24.0.4-ce.
See upstream changelog online at
<https://docs.docker.com/engine/release-notes/24.0/#2404>. bsc#1213500
- Update to Docker 24.0.3-ce.
See upstream changelog online at
<https://docs.docker.com/engine/release-notes/24.0/#2403>. bsc#1213120
- Recommend docker-rootless-extras instead of Require(ing) it, given
it's an additional functionality and not inherently required for
docker to function.
- Add docker-rootless-extras subpackage (https://docs.docker.com/engine/security/rootless)
- Update to Docker 24.0.2-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/24.0/#2402>. bsc#1212368
* Includes the upstreamed fix for the mount table pollution issue.
bsc#1210797
- Add Recommends for docker-buildx, and add /usr/lib/docker/cli-plugins as
being provided by this package.
- was rebuilt against current GO compiler.
ModerateSUSE bug 1210797SUSE bug 1212368SUSE bug 1213120SUSE bug 1213229SUSE bug 1213500SUSE bug 1214107SUSE bug 1214108SUSE bug 1214109CVE-2023-28840 at SUSECVE-2023-28840 at NVDCVE-2023-28841 at SUSECVE-2023-28841 at NVDCVE-2023-28842 at SUSECVE-2023-28842 at NVDcpe:/o:suse:sle-micro:5.4Security update for libssh2_org (Important)SUSE Linux Enterprise Micro 5.4
This update for libssh2_org fixes the following issues:
- CVE-2020-22218: Fixed a bug in _libssh2_packet_add() which allows to access out of bounds memory. (bsc#1214527)
ImportantSUSE bug 1214527CVE-2020-22218 at SUSECVE-2020-22218 at NVDcpe:/o:suse:sle-micro:5.4Security update for icu73_2 (Moderate)SUSE Linux Enterprise Micro 5.4
This update for icu73_2 fixes the following issues:
- Update to release 73.2
* CLDR extends the support for “short” Chinese sort orders to
cover some additional, required characters for Level 2. This
is carried over into ICU collation.
* ICU has a modified character conversion table, mapping some
GB18030 characters to Unicode characters that were encoded
after GB18030-2005.
- fixes builds where UCHAR_TYPE is re-defined such as libqt5-qtwebengine
- Update to release 73.1
* Improved Japanese and Korean short-text line breaking
* Reduction of C++ memory use in date formatting
- Update to release 72.1
* Support for Unicode 15, including new characters, scripts,
emoji, and corresponding API constants.
* Support for CLDR 42 locale data with various additions and
corrections.
* Shift to tzdb 2022e. Pre-1970 data for a number of timezones
has been removed.
- bump library packagename to libicu71 to match the version.
- update to 71.1:
* updates to CLDR 41 locale data with various additions and corrections.
* phrase-based line breaking for Japanese. Existing line breaking methods
follow standards and conventions for body text but do not work well for
short Japanese text, such as in titles and headings. This new feature is
optimized for these use cases.
* support for Hindi written in Latin letters (hi_Latn). The CLDR data for
this increasingly popular locale has been significantly revised and
expanded. Note that based on user expectations, hi_Latn incorporates a
large amount of English, and can also be referred to as “Hinglish”.
* time zone data updated to version 2022a. Note that pre-1970 data for a
number of time zones has been removed, as has been the case in the upstream
tzdata release since 2021b.
- ICU-21793 Fix ucptrietest golden diff [bsc#1192935]
- Update to release 70.1:
* Unicode 14 (new characters, scripts, emoji, and API constants)
* CLDR 40 (many additions and corrections)
* Fixes for measurement unit formatting
* Can now be built with up to C++20 compilers
- ICU-21613 Fix undefined behaviour in ComplexUnitsConverter::applyRounder
- Update to release 69.1
* CLDR 39
* For Norwegian, 'no' is back to being the canonical code, with
'nb' treated as equivalent. This aligns handling of Norwegian
with other macro language codes.
* Binary prefixes in measurement units (KiB, MiB, etc.)
* Time zone offsets from local time: New APIs
BasicTimeZone::getOffsetFromLocal() (C++) and
ucal_getTimeZoneOffsetFromLocal()
- Backport ICU-21366 (bsc#1182645)
- Update to release 68.2
* Fix memory problem in FormattedStringBuilder
* Fix assertion when setKeywordValue w/ long value.
* Fix UBSan breakage on 8bit of rbbi
* fix int32_t overflow in listFormat
* Fix memory handling in MemoryPool::operator=()
* Fix memory leak in AliasReplacer
- Add back icu.keyring, see https://unicode-org.atlassian.net/browse/ICU-21361
Update to release 68.1:
* CLDR 38
* Measurement unit preferences
* PluralRules selection for ranges of numbers
* Locale ID canonicalization now conforms to the CLDR spec
including edge cases
* DateIntervalFormat supports output options such as capitalization
* Measurement units are normalized in skeleton string output
* Time zone data (tzdata) version 2020d
- Add the provides for libicu to Make .Net core can install
successfully. (bsc#1167603, bsc#1161007)
Update to version 67.1:
* Unicode 13 (ICU-20893, same as in ICU 66)
+ Total of 5930 new characters
+ 4 new scripts
+ 55 new emoji characters, plus additional new sequences
+ New CJK extension, first characters in plane 3: U+30000..U+3134A
* CLDR 37
+ New language at Modern coverage: Nigerian Pidgin
+ New languages at Basic coverage: Fulah (Adlam), Maithili,
Manipuri, Santali, Sindhi (Devanagari), Sundanese
+ Region containment: EU no longer includes GB
+ Unicode 13 root collation data and Chinese data for collation and transliteration
* DateTimePatternGenerator now obeys the 'hc' preference in the locale identifier (ICU-20442)
* Various other improvements for ECMA-402 conformance
* Number skeletons have a new 'concise' form that can be used in MessageFormat strings (ICU-20418)
* Currency formatting options for formal and other currency display name variants (ICU-20854)
* ListFormatter: new public API to select the style & type (ICU-12863)
* ListFormatter now selects the proper “and”/“or” form for Spanish & Hebrew (ICU-21016)
* Locale ID canonicalization upgraded to implement the complete CLDR spec (ICU-20834, ICU-20272)
* LocaleMatcher: New option to ignore one-way matches (ICU-20936),
and other tweaks to the code (ICU-20916, ICU-20917) and data (from CLDR)
* acceptLanguage() reimplemented via LocaleMatcher (ICU-20700)
* Data build tool: tzdbNames.res moved from the 'zone_tree' category to the 'zone_supplemental' category (ICU-21073)
* Fixed uses of u8'literals' broken by the C++20 introduction of the incompatible char8_t type (ICU-20972),
* and added a few API overloads to reduce the need for reinterpret_cast (ICU-20984).
* Support for manipulating CLDR 37 unit identifiers in MeasureUnit.
* Fix potential integer overflow in UnicodeString:doAppend (bsc#1166844, CVE-2020-10531).
Update to version 66.1:
* Unicode 13 support
* Fix uses of u8'literals' broken by C++20 introduction of
incompatible char8_t type. (ICU-20972)
* use LocalMemory for cmd to prevent use after free
(bsc#1193951 CVE-2020-21913).
- Remove /usr/lib(64)/icu/current [bsc#1158955].
Update to release 65.1 (jsc#SLE-11118):
* Updated to CLDR 36 locale data with many additions and
corrections, and some new measurement units.
* The Java LocaleMatcher API is improved, and ported to C++.
ModerateSUSE bug 1030253SUSE bug 1095425SUSE bug 1103893SUSE bug 1112183SUSE bug 1146907SUSE bug 1158955SUSE bug 1159131SUSE bug 1161007SUSE bug 1162882SUSE bug 1166844SUSE bug 1167603SUSE bug 1182252SUSE bug 1182645SUSE bug 1192935SUSE bug 1193951SUSE bug 354372SUSE bug 437293SUSE bug 824262CVE-2020-10531 at SUSECVE-2020-10531 at NVDCVE-2020-21913 at SUSECVE-2020-21913 at NVDcpe:/o:suse:sle-micro:5.4Security update for shadow (Low)SUSE Linux Enterprise Micro 5.4
This update for shadow fixes the following issues:
- CVE-2023-4641: Fixed potential password leak (bsc#1214806).
LowSUSE bug 1214806CVE-2023-4641 at SUSECVE-2023-4641 at NVDcpe:/o:suse:sle-micro:5.4Security update for gcc12 (Important)SUSE Linux Enterprise Micro 5.4
This update for gcc12 fixes the following issues:
- CVE-2023-4039: Fixed incorrect stack protector for C99 VLAs on Aarch64 (bsc#1214052).
ImportantSUSE bug 1214052CVE-2023-4039 at SUSECVE-2023-4039 at NVDcpe:/o:suse:sle-micro:5.4Security update for libxml2 (Important)SUSE Linux Enterprise Micro 5.4
This update for libxml2 fixes the following issues:
- CVE-2023-39615: Fixed crafted xml can cause global buffer overflow (bsc#1214768).
ImportantSUSE bug 1214768CVE-2023-39615 at SUSECVE-2023-39615 at NVDcpe:/o:suse:sle-micro:5.4Security update for cups (Important)SUSE Linux Enterprise Micro 5.4
This update for cups fixes the following issues:
- CVE-2023-4504: Fixed heap overflow in OpenPrinting CUPS Postscript Parsing (bsc#1215204).
- CVE-2023-32360: Fixed Information leak through Cups-Get-Document operation (bsc#1214254).
ImportantSUSE bug 1214254SUSE bug 1215204CVE-2023-32360 at SUSECVE-2023-32360 at NVDCVE-2023-4504 at SUSECVE-2023-4504 at NVDcpe:/o:suse:sle-micro:5.4Security update for cni (Important)SUSE Linux Enterprise Micro 5.4
This update of cni fixes the following issues:
- rebuild the package with the go 1.21 security release (bsc#1212475).
ImportantSUSE bug 1212475cpe:/o:suse:sle-micro:5.4Security update for cni-plugins (Important)SUSE Linux Enterprise Micro 5.4
This update of cni-plugins fixes the following issues:
- rebuild the package with the go 1.21 security release (bsc#1212475).
ImportantSUSE bug 1212475cpe:/o:suse:sle-micro:5.4Security update for containerd (Important)SUSE Linux Enterprise Micro 5.4
This update of containerd fixes the following issues:
- rebuild the package with the go 1.21 security release (bsc#1212475).
ImportantSUSE bug 1212475cpe:/o:suse:sle-micro:5.4Security update for supportutils (Moderate)SUSE Linux Enterprise Micro 5.4
This update for supportutils fixes the following issues:
Security fixes:
- CVE-2022-45154: Removed iSCSI passwords (bsc#1207598).
Other Fixes:
- Changes in version 3.1.26
+ powerpc plugin to collect the slots and active memory (bsc#1210950)
+ A Cleartext Storage of Sensitive Information vulnerability CVE-2022-45154
+ supportconfig: collect BPF information (pr#154)
+ Added additional iscsi information (pr#155)
- Added run time detection (bsc#1213127)
- Changes for supportutils version 3.1.25
+ Removed iSCSI passwords CVE-2022-45154 (bsc#1207598)
+ powerpc: Collect lsslot,amsstat, and opal elogs (pr#149)
+ powerpc: collect invscout logs (pr#150)
+ powerpc: collect RMC status logs (pr#151)
+ Added missing nvme nbft commands (bsc#1211599)
+ Fixed invalid nvme commands (bsc#1211598)
+ Added missing podman information (PED-1703, bsc#1181477)
+ Removed dependency on sysfstools
+ Check for systool use (bsc#1210015)
+ Added selinux checking (bsc#1209979)
+ Updated SLES_VER matrix
- Fixed missing status detail for apparmor (bsc#1196933)
- Corrected invalid argument list in docker.txt (bsc#1206608)
- Applies limit equally to sar data and text files (bsc#1207543)
- Collects hwinfo hardware logs (bsc#1208928)
- Collects lparnumascore logs (issue#148)
- Add dependency to `numactl` on ppc64le and `s390x`, this enforces
that `numactl --hardware` data is provided in supportconfigs
- Changes to supportconfig.rc version 3.1.11-35
+ Corrected _sanitize_file to include iscsi.conf and others (bsc#1206402)
- Changes to supportconfig version 3.1.11-46.4
+ Added plymouth_info
- Changes to getappcore version 1.53.02
+ The location of chkbin was updated earlier. This documents that
change (bsc#1205533, bsc#1204942)
ModerateSUSE bug 1181477SUSE bug 1196933SUSE bug 1204942SUSE bug 1205533SUSE bug 1206402SUSE bug 1206608SUSE bug 1207543SUSE bug 1207598SUSE bug 1208928SUSE bug 1209979SUSE bug 1210015SUSE bug 1210950SUSE bug 1211598SUSE bug 1211599SUSE bug 1213127CVE-2022-45154 at SUSECVE-2022-45154 at NVDcpe:/o:suse:sle-micro:5.4Security update for curl (Important)SUSE Linux Enterprise Micro 5.4
This update for curl fixes the following issues:
- CVE-2023-38039: Fixed possible DoS when receiving too large HTTP header. (bsc#1215026)
ImportantSUSE bug 1215026CVE-2023-38039 at SUSECVE-2023-38039 at NVDcpe:/o:suse:sle-micro:5.4Security update for python3 (Important)SUSE Linux Enterprise Micro 5.4
This update for python3 fixes the following issues:
- CVE-2023-40217: Fixed TLS handshake bypass on closed sockets (bsc#1214692).
ImportantSUSE bug 1214692CVE-2023-40217 at SUSECVE-2023-40217 at NVDcpe:/o:suse:sle-micro:5.4Security update for xen (Important)SUSE Linux Enterprise Micro 5.4
This update for xen fixes the following issues:
- CVE-2023-20588: Fixed AMD CPU transitional execution leak via division by zero (XSA-439) (bsc#1215474).
- CVE-2023-34322: Fixed top-level shadow reference dropped too early for 64-bit PV guests (XSA-438) (bsc#1215145).
ImportantSUSE bug 1215145SUSE bug 1215474CVE-2023-20588 at SUSECVE-2023-20588 at NVDCVE-2023-34322 at SUSECVE-2023-34322 at NVDcpe:/o:suse:sle-micro:5.4Securitys update for open-vm-tools (Important)SUSE Linux Enterprise Micro 5.4
This update for open-vm-tools fixes the following issues:
Update to 12.3.0 (build 22234872) (bsc#1214850)
- There are no new features in the open-vm-tools 12.3.0 release. This is
primarily a maintenance release that addresses a few critical problems,
including:
- This release integrates CVE-2023-20900 without the need for a patch.
For more information on this vulnerability and its impact on VMware
products, see
https://www.vmware.com/security/advisories/VMSA-2023-0019.html.
- A tools.conf configuration setting is available to temporaily direct
Linux quiesced snaphots to restore pre open-vm-tools 12.2.0 behavior
of ignoring file systems already frozen.
- Building of the VMware Guest Authentication Service (VGAuth) using
'xml-security-c' and 'xerces-c' is being deprecated.
- A number of Coverity reported issues have been addressed.
- A number of GitHub issues and pull requests have been handled.
Please see the Resolves Issues section of the Release Notes.
- For issues resolved in this release, see the Resolved Issues section
of the Release Notes.
- For complete details, see:
https://github.com/vmware/open-vm-tools/releases/tag/stable-12.3.0
- Release Notes are available at
https://github.com/vmware/open-vm-tools/blob/stable-12.3.0/ReleaseNotes.md
- The granular changes that have gone into the 12.3.0 release are in the
ChangeLog at
https://github.com/vmware/open-vm-tools/blob/stable-12.3.0/open-vm-tools/ChangeLog
- Fix (bsc#1205927) - hv_vmbus module is loaded unnecessarily in VMware guests
- jsc#PED-1344 - reinable building containerinfo plugin for SLES 15 SP4.
ImportantSUSE bug 1205927SUSE bug 1214850CVE-2023-20900 at SUSECVE-2023-20900 at NVDcpe:/o:suse:sle-micro:5.4Security update for salt (Moderate)SUSE Linux Enterprise Micro 5.4
This update for salt fixes the following issues:
Security issues fixed:
- CVE-2023-20897: Fixed DOS in minion return. (bsc#1214796, bsc#1213441)
- CVE-2023-20898: Fixed Git Providers can read from the wrong environment because they get the same cache directory base
name. (bsc#1214797, bsc#1193948)
Bugs fixed:
- Create minion_id with reproducible mtime
- Fix broken tests to make them running in the testsuite
- Fix detection of Salt codename by 'salt_version' execution module
- Fix inconsistency in reported version by egg-info metadata (bsc#1215489)
- Fix regression: multiple values for keyword argument 'saltenv' (bsc#1212844)
- Fix the regression of user.present state when group is unset (bsc#1212855)
- Fix utf8 handling in 'pass' renderer and make it more robust
- Fix zypper repositories always being reconfigured
- Make sure configured user is properly set by Salt (bsc#1210994)
- Prevent possible exceptions on salt.utils.user.get_group_dict (bsc#1212794)
- Revert usage of long running REQ channel to prevent possible missing responses on requests and duplicated responses
(bsc#1213960, bsc#1213630, bsc#1213257)
ModerateSUSE bug 1193948SUSE bug 1210994SUSE bug 1212794SUSE bug 1212844SUSE bug 1212855SUSE bug 1213257SUSE bug 1213441SUSE bug 1213630SUSE bug 1213960SUSE bug 1214796SUSE bug 1214797SUSE bug 1215489CVE-2023-20897 at SUSECVE-2023-20897 at NVDCVE-2023-20898 at SUSECVE-2023-20898 at NVDcpe:/o:suse:sle-micro:5.4Security update for runc (Important)SUSE Linux Enterprise Micro 5.4
This update of runc fixes the following issues:
- Update to runc v1.1.8.
Upstream changelog is available from
<https://github.com/opencontainers/runc/releases/tag/v1.1.8>.
- rebuild the package with the go 1.21 security release (bsc#1212475).
ImportantSUSE bug 1212475cpe:/o:suse:sle-micro:5.4Security update for mdadm (Moderate)SUSE Linux Enterprise Micro 5.4
This update for mdadm fixes the following issues:
- CVE-2023-28736: Fixed a buffer overflow (bsc#1214244).
- CVE-2023-28938: Fixed uncontrolled resource consumption (bsc#1214245).
ModerateSUSE bug 1214244SUSE bug 1214245CVE-2023-28736 at SUSECVE-2023-28736 at NVDCVE-2023-28938 at SUSECVE-2023-28938 at NVDcpe:/o:suse:sle-micro:5.4Security update for libeconf (Important)SUSE Linux Enterprise Micro 5.4
This update for libeconf fixes the following issues:
Update to version 0.5.2.
- CVE-2023-30078, CVE-2023-32181: Fixed a stack-buffer-overflow vulnerability in 'econf_writeFile' function (bsc#1211078).
- CVE-2023-30079, CVE-2023-22652: Fixed a stack-buffer-overflow vulnerability in 'read_file' function. (bsc#1211078)
ImportantSUSE bug 1211078CVE-2023-22652 at SUSECVE-2023-22652 at NVDCVE-2023-30078 at SUSECVE-2023-30078 at NVDCVE-2023-30079 at SUSECVE-2023-30079 at NVDCVE-2023-32181 at SUSECVE-2023-32181 at NVDcpe:/o:suse:sle-micro:5.4Security update for vim (Important)SUSE Linux Enterprise Micro 5.4
This update for vim fixes the following issues:
Security fixes:
- CVE-2023-4733: Fixed use-after-free in function buflist_altfpos (bsc#1215004).
- CVE-2023-4734: Fixed segmentation fault in function f_fullcommand (bsc#1214925).
- CVE-2023-4735: Fixed out of bounds write in ops.c (bsc#1214924).
- CVE-2023-4738: Fixed heap buffer overflow in vim_regsub_both (bsc#1214922).
- CVE-2023-4752: Fixed heap use-after-free in function ins_compl_get_exp (bsc#1215006).
- CVE-2023-4781: Fixed heap buffer overflow in function vim_regsub_both (bsc#1215033).
Other fixes:
- Update to version 9.0 with patch level 1894,
for the complete list of changes see https://github.com/vim/vim/compare/v9.0.1443...v9.0.1894
- Use app icons generated from vimlogo.eps in the source tarball;
add higher resolution icons of sizes 128x128, 256x256, and 512x512 as png sources
ImportantSUSE bug 1214922SUSE bug 1214924SUSE bug 1214925SUSE bug 1215004SUSE bug 1215006SUSE bug 1215033CVE-2023-4733 at SUSECVE-2023-4733 at NVDCVE-2023-4734 at SUSECVE-2023-4734 at NVDCVE-2023-4735 at SUSECVE-2023-4735 at NVDCVE-2023-4738 at SUSECVE-2023-4738 at NVDCVE-2023-4752 at SUSECVE-2023-4752 at NVDCVE-2023-4781 at SUSECVE-2023-4781 at NVDcpe:/o:suse:sle-micro:5.4Security update for libX11 (Moderate)SUSE Linux Enterprise Micro 5.4
This update for libX11 fixes the following issues:
- CVE-2023-43786: Fixed stack exhaustion from infinite recursion in PutSubImage() (bsc#1215684).
- CVE-2023-43787: Fixed integer overflow in XCreateImage() leading to a heap overflow (bsc#1215685).
- CVE-2023-43785: Fixed out-of-bounds memory access in _XkbReadKeySyms() (bsc#1215683).
ModerateSUSE bug 1215683SUSE bug 1215684SUSE bug 1215685CVE-2023-43785 at SUSECVE-2023-43785 at NVDCVE-2023-43786 at SUSECVE-2023-43786 at NVDCVE-2023-43787 at SUSECVE-2023-43787 at NVDcpe:/o:suse:sle-micro:5.4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.4
The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2023-2007: Fixed a flaw in the DPT I2O Controller driver that could allow an attacker to escalate privileges and execute arbitrary code in the context of the kernel (bsc#1210448).
- CVE-2023-20588: Fixed a division-by-zero error on some AMD processors that can potentially return speculative data resulting in loss of confidentiality (bsc#1213927).
- CVE-2023-34319: Fixed buffer overrun triggered by unusual packet in xen/netback (XSA-432) (bsc#1213546).
- CVE-2023-3610: Fixed use-after-free vulnerability in nf_tables can be exploited to achieve local privilege escalation (bsc#1213580).
- CVE-2023-37453: Fixed oversight in SuperSpeed initialization (bsc#1213123).
- CVE-2023-3772: Fixed a flaw in XFRM subsystem that may have allowed a malicious user with CAP_NET_ADMIN privileges to directly dereference a NULL pointer leading to a possible kernel crash and denial of service (bsc#1213666).
- CVE-2023-3863: Fixed a use-after-free flaw was found in nfc_llcp_find_local that allowed a local user with special privileges to impact a kernel information leak issue (bsc#1213601).
- CVE-2023-4128: Fixed a use-after-free flaw in net/sched/cls_fw.c that allowed a local attacker to perform a local privilege escalation due to incorrect handling of the existing filter, leading to a kernel information leak issue (bsc#1214149).
- CVE-2023-4133: Fixed use after free bugs caused by circular dependency problem in cxgb4 (bsc#1213970).
- CVE-2023-4134: Fixed use-after-free in cyttsp4_watchdog_work() (bsc#1213971).
- CVE-2023-4147: Fixed use-after-free in nf_tables_newrule (bsc#1213968).
- CVE-2023-4194: Fixed a type confusion in net tun_chr_open() (bsc#1214019).
- CVE-2023-4273: Fixed a flaw in the exFAT driver of the Linux kernel that alloawed a local privileged attacker to overflow the kernel stack (bsc#1214120).
- CVE-2023-4387: Fixed use-after-free flaw in vmxnet3_rq_alloc_rx_buf that could allow a local attacker to crash the system due to a double-free (bsc#1214350).
- CVE-2023-4459: Fixed a NULL pointer dereference flaw in vmxnet3_rq_cleanup that may have allowed a local attacker with normal user privilege to cause a denial of service (bsc#1214451).
- CVE-2023-4569: Fixed information leak in nft_set_catchall_flush in net/netfilter/nf_tables_api.c (bsc#1214729).
The following non-security bugs were fixed:
- Drop amdgpu patch causing spamming (bsc#1215523)
- acpi: processor: perflib: avoid updating frequency qos unnecessarily (git-fixes).
- acpi: processor: perflib: use the 'no limit' frequency qos (git-fixes).
- acpi: x86: s2idle: fix a logic error parsing amd constraints table (git-fixes).
- alsa: ac97: fix possible error value of *rac97 (git-fixes).
- alsa: hda/cs8409: support new dell dolphin variants (git-fixes).
- alsa: hda/realtek - remodified 3k pull low procedure (git-fixes).
- alsa: hda/realtek: add quirk for hp victus 16-d1xxx to enable mute led (git-fixes).
- alsa: hda/realtek: add quirk for mute leds on hp envy x360 15-eu0xxx (git-fixes).
- alsa: hda/realtek: add quirks for hp g11 laptops (git-fixes).
- alsa: hda/realtek: switch dell oasis models to use spi (git-fixes).
- alsa: pcm: fix missing fixup call in compat hw_refine ioctl (git-fixes).
- alsa: usb-audio: add support for mythware xa001au capture and playback interfaces (git-fixes).
- alsa: usb-audio: fix init call orders for uac1 (git-fixes).
- alsa: ymfpci: fix the missing snd_card_free() call at probe error (git-fixes).
- amba: bus: fix refcount leak (git-fixes).
- arm64: dts: imx8mn-var-som: add missing pull-up for onboard phy reset pinmux (git-fixes).
- arm64: dts: qcom: qrb5165-rb5: fix thermal zone conflict (git-fixes).
- arm64: dts: rockchip: disable hs400 for emmc on rock pi 4 (git-fixes).
- arm: dts: imx6dl: prtrvt, prtvt7, prti6q, prtwd2: fix usb related warnings (git-fixes).
- arm: dts: imx6sll: fixup of operating points (git-fixes).
- arm: spear: do not use timer namespace for timer_shutdown() function (bsc#1213970).
- asoc: lower 'no backend dais enabled for ... port' log severity (git-fixes).
- asoc: meson: axg-tdm-formatter: fix channel slot allocation (git-fixes).
- asoc: rt5665: add missed regulator_bulk_disable (git-fixes).
- asoc: sof: intel: fix soundwire/hdaudio mutual exclusion (git-fixes).
- asoc: stac9766: fix build errors with regmap_ac97 (git-fixes).
- asoc: tegra: fix sfc conversion for few rates (git-fixes).
- audit: fix possible soft lockup in __audit_inode_child() (git-fixes).
- backlight/bd6107: compare against struct fb_info.device (git-fixes).
- backlight/gpio_backlight: compare against struct fb_info.device (git-fixes).
- backlight/lv5207lp: compare against struct fb_info.device (git-fixes).
- batman-adv: do not get eth header before batadv_check_management_packet (git-fixes).
- batman-adv: do not increase mtu when set by user (git-fixes).
- batman-adv: fix batadv_v_ogm_aggr_send memory leak (git-fixes).
- batman-adv: fix tt global entry leak when client roamed back (git-fixes).
- batman-adv: hold rtnl lock during mtu update via netlink (git-fixes).
- batman-adv: trigger events for auto adjusted mtu (git-fixes).
- bluetooth: btusb: add mt7922 bluetooth id for the asus ally (git-fixes).
- bluetooth: btusb: do not call kfree_skb() under spin_lock_irqsave() (git-fixes).
- bluetooth: fix potential use-after-free when clear keys (git-fixes).
- bluetooth: l2cap: fix use-after-free (git-fixes).
- bluetooth: l2cap: fix use-after-free in l2cap_sock_ready_cb (git-fixes).
- bluetooth: nokia: fix value check in nokia_bluetooth_serdev_probe() (git-fixes).
- bluetooth: remove unused declaration amp_read_loc_info() (git-fixes).
- bnx2x: fix page fault following eeh recovery (bsc#1214299).
- bpf: disable preemption in bpf_event_output (git-fixes).
- bus: ti-sysc: fix build warning for 64-bit build (git-fixes).
- bus: ti-sysc: fix cast to enum warning (git-fixes).
- bus: ti-sysc: flush posted write on enable before reset (git-fixes).
- can: gs_usb: gs_usb_receive_bulk_callback(): count rx overflow errors also in case of oom (git-fixes).
- ceph: defer stopping mdsc delayed_work (bsc#1214392).
- ceph: do not check for quotas on mds stray dirs (bsc#1214238).
- ceph: never send metrics if disable_send_metrics is set (bsc#1214180).
- check-for-config-changes: ignore builtin_return_address_strips_pac (bsc#1214380). gcc7 on sle 15 does not support this while later gcc does.
- cifs: add missing return value check for cifs_sb_tlink (bsc#1193629).
- cifs: allow dumping keys for directories too (bsc#1193629).
- cifs: fix mid leak during reconnection after timeout threshold (git-fixes).
- cifs: if deferred close is disabled then close files immediately (git-fixes).
- cifs: is_network_name_deleted should return a bool (bsc#1193629).
- cifs: update internal module version number for cifs.ko (bsc#1193629).
- clk: fix slab-out-of-bounds error in devm_clk_release() (git-fixes).
- clk: fix undefined reference to `clk_rate_exclusive_{get,put}' (git-fixes).
- clk: imx8mp: fix sai4 clock (git-fixes).
- clk: imx: composite-8m: fix clock pauses when set_rate would be a no-op (git-fixes).
- clk: imx: pll14xx: dynamically configure pll for 393216000/361267200hz (git-fixes).
- clk: qcom: camcc-sc7180: fix async resume during probe (git-fixes).
- clk: qcom: gcc-mdm9615: use proper parent for pll0_vote clock (git-fixes).
- clk: qcom: gcc-sc7180: fix up gcc_sdcc2_apps_clk_src (git-fixes).
- clk: qcom: gcc-sm8250: fix gcc_sdcc2_apps_clk_src (git-fixes).
- clk: sunxi-ng: modify mismatched function name (git-fixes).
- clocksource/drivers/arm_arch_timer: do not use timer namespace for timer_shutdown() function (bsc#1213970).
- clocksource/drivers/sp804: do not use timer namespace for timer_shutdown() function (bsc#1213970).
- config_nvme_verbose_errors=y gone with a82baa8083b
- config_printk_safe_log_buf_shift=13 gone with 7e152d55123
- cpu/smt: allow enabling partial smt states via sysfs (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588).
- cpu/smt: create topology_smt_thread_allowed() (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588).
- cpu/smt: move smt prototypes into cpu_smt.h (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588).
- cpu/smt: move smt/control simple exit cases earlier (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588).
- cpu/smt: remove topology_smt_supported() (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588).
- cpu/smt: store the current/max number of threads (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588).
- cpufreq: fix the race condition while updating the transition_task of policy (git-fixes).
- cpufreq: intel_pstate: adjust balance_performance epp for sapphire rapids (bsc#1214659).
- cpufreq: intel_pstate: enable hwp io boost for all servers (bsc#1208949 jsc#ped-6003 jsc#ped-6004).
- cpufreq: intel_pstate: fix scaling for hybrid-capable systems with disabled e-cores (bsc#1212526 bsc#1214368 jsc#ped-4927 jsc#ped-4929).
- cpufreq: intel_pstate: hybrid: rework hwp calibration (bsc#1212526 bsc#1214368 jsc#ped-4927 jsc#ped-4929).
- cpufreq: intel_pstate: hybrid: use known scaling factor for p-cores (bsc#1212526 bsc#1214368 jsc#ped-4927 jsc#ped-4929).
- cpufreq: intel_pstate: read all msrs on the target cpu (bsc#1212526 bsc#1214368 jsc#ped-4927 jsc#ped-4929).
- created new preempt kernel flavor configs are cloned from the respective $arch/default configs. all changed configs appart from config_preempt->y are a result of dependencies, namely many lock/unlock primitives are no longer inlined in the preempt kernel. tree_rcu has been also changed to preempt_rcu which is the default implementation for preempt kernel.
- crypto: caam - fix unchecked return value error (git-fixes).
- crypto: stm32 - properly handle pm_runtime_get failing (git-fixes).
- dma-buf/sw_sync: avoid recursive lock during fence signal (git-fixes).
- dma-buf/sync_file: fix docs syntax (git-fixes).
- dmaengine: idxd: modify the dependence of attribute pasid_enabled (git-fixes).
- dmaengine: mcf-edma: fix a potential un-allocated memory access (git-fixes).
- dmaengine: pl330: return dma_paused when transaction is paused (git-fixes).
- dmaengine: ste_dma40: add missing irq check in d40_probe (git-fixes).
- docs/process/howto: replace c89 with c11 (bsc#1214756).
- docs: kernel-parameters: refer to the correct bitmap function (git-fixes).
- docs: networking: replace skb_hwtstamp_tx with skb_tstamp_tx (git-fixes).
- docs: printk-formats: fix hex printing of signed values (git-fixes).
- documentation: devices.txt: fix minors for ttycpm* (git-fixes).
- documentation: devices.txt: remove ttyioc* (git-fixes).
- documentation: devices.txt: remove ttysioc* (git-fixes).
- driver core: test_async: fix an error code (git-fixes).
- drivers: clk: keystone: fix parameter judgment in _of_pll_clk_init() (git-fixes).
- drivers: usb: smsusb: fix error handling code in smsusb_init_device (git-fixes).
- drm/amd/display: check attr flag before set cursor degamma on dcn3+ (git-fixes).
- drm/amd/display: check tg is non-null before checking if enabled (git-fixes).
- drm/amd/display: do not wait for mpc idle if tg is disabled (git-fixes).
- drm/amd/display: fix access hdcp_workqueue assert (git-fixes).
- drm/amd/display: phase3 mst hdcp for multiple displays (git-fixes).
- drm/amd/display: save restore hdcp state when display is unplugged from mst hub (git-fixes).
- drm/amd/pm: fix variable dereferenced issue in amdgpu_device_attr_create() (git-fixes).
- drm/amd: flush any delayed gfxoff on suspend entry (git-fixes).
- drm/amdgpu: avoid integer overflow warning in amdgpu_device_resize_fb_bar() (git-fixes).
- drm/amdgpu: fix potential fence use-after-free v2 (git-fixes).
- drm/amdgpu: install stub fence into potential unused fence pointers (git-fixes).
- drm/amdgpu: use rmw accessors for changing lnkctl (git-fixes).
- drm/armada: fix off-by-one error in armada_overlay_get_property() (git-fixes).
- drm/ast: fix dram init on ast2200 (git-fixes).
- drm/atomic-helper: update reference to drm_crtc_force_disable_all() (git-fixes).
- drm/bridge: anx7625: drop device lock before drm_helper_hpd_irq_event() (git-fixes).
- drm/bridge: fix -wunused-const-variable= warning (git-fixes).
- drm/bridge: tc358764: fix debug print parameter order (git-fixes).
- drm/etnaviv: fix dumping of active mmu context (git-fixes).
- drm/mediatek: fix dereference before null check (git-fixes).
- drm/mediatek: fix potential memory leak if vmap() fail (git-fixes).
- drm/msm/a2xx: call adreno_gpu_init() earlier (git-fixes).
- drm/msm/mdp5: do not leak some plane state (git-fixes).
- drm/msm: update dev core dump to not print backwards (git-fixes).
- drm/nouveau/disp: revert a null check inside nouveau_connector_get_modes (git-fixes).
- drm/nouveau/gr: enable memory loads on helper invocation on all channels (git-fixes).
- drm/panel: simple: add missing connector type and pixel format for auo t215hvn01 (git-fixes).
- drm/panel: simple: fix auo g121ean01 panel timings according to the docs (git-fixes).
- drm/qxl: fix uaf on handle creation (git-fixes).
- drm/radeon: use rmw accessors for changing lnkctl (git-fixes).
- drm/rockchip: do not spam logs in atomic check (git-fixes).
- drm/shmem-helper: reset vma->vm_ops before calling dma_buf_mmap() (git-fixes).
- drm/tegra: dpaux: fix incorrect return value of platform_get_irq (git-fixes).
- drm/ttm: check null pointer before accessing when swapping (git-fixes).
- drm/ttm: never consider pinned bos for eviction&swap (git-fixes).
- drm/vmwgfx: fix shader stage validation (git-fixes).
- drm: adv7511: fix low refresh rate register for adv7533/5 (git-fixes).
- drm: xlnx: zynqmp_dpsub: add missing check for dma_set_mask (git-fixes).
- drop cfg80211 lock fix patches that caused a regression (bsc#1213757)
- drop rtsx patch that caused a regression (bsc#1214397,bsc#1214428)
- dt-bindings: clock: xlnx,versal-clk: drop select:false (git-fixes).
- dt-bindings: clocks: imx8mp: make sai4 a dummy clock (git-fixes).
- dt-bindings: crypto: ti,sa2ul: make power-domains conditional (git-fixes).
- e1000: fix typos in comments (jsc#ped-5738).
- e1000: remove unnecessary use of kmap_atomic() (jsc#ped-5738).
- e1000: switch to napi_build_skb() (jsc#ped-5738).
- e1000: switch to napi_consume_skb() (jsc#ped-5738).
- enable analog devices industrial ethernet phy driver (jsc#ped-4759)
- exfat: fix unexpected eof while reading dir (bsc#1214000).
- exfat: release s_lock before calling dir_emit() (bsc#1214000).
- exfat_iterate(): do not open-code file_inode(file) (bsc#1214000).
- fbdev/ep93xx-fb: do not assign to struct fb_info.dev (git-fixes).
- fbdev: fix potential oob read in fast_imageblit() (git-fixes).
- fbdev: fix sys_imageblit() for arbitrary image widths (git-fixes).
- fbdev: improve performance of sys_imageblit() (git-fixes).
- fbdev: mmp: fix value check in mmphw_probe() (git-fixes).
- file: reinstate f_pos locking optimization for regular files (bsc#1213759).
- firmware: arm_scmi: drop of node reference in the transport channel setup (git-fixes).
- firmware: cs_dsp: fix new control name check (git-fixes).
- firmware: meson_sm: fix to avoid potential null pointer dereference (git-fixes).
- firmware: stratix10-svc: fix an null vs is_err() bug in probe (git-fixes).
- fs/sysv: null check to prevent null-ptr-deref bug (git-fixes).
- ftrace: fix possible warning on checking all pages used in ftrace_process_locs() (git-fixes).
- gpio: mvebu: fix irq domain leak (git-fixes).
- gpio: mvebu: make use of devm_pwmchip_add (git-fixes).
- gpio: tps68470: make tps68470_gpio_output() always set the initial value (git-fixes).
- hid: add quirk for 03f0:464a hp elite presenter mouse (git-fixes).
- hid: logitech-dj: fix error handling in logi_dj_recv_switch_to_dj_mode() (git-fixes).
- hid: logitech-hidpp: add usb and bluetooth ids for the logitech g915 tkl keyboard (git-fixes).
- hid: multitouch: correct devm device reference for hidinput input_dev name (git-fixes).
- hid: wacom: remove the battery when the ekr is off (git-fixes).
- hwmon: (pmbus/bel-pfe) enable pmbus_skip_status_check for pfe1100 (git-fixes).
- hwmon: (tmp513) fix the channel number in tmp51x_is_visible() (git-fixes).
- hwpoison: offline support: fix spelling in documentation/abi/ (git-fixes).
- hwrng: iproc-rng200 - implement suspend and resume calls (git-fixes).
- hwrng: nomadik - keep clock enabled while hwrng is registered (git-fixes).
- hwrng: pic32 - use devm_clk_get_enabled (git-fixes).
- i2c: bcm-iproc: fix bcm_iproc_i2c_isr deadlock issue (git-fixes).
- i2c: delete error messages for failed memory allocations (git-fixes).
- i2c: designware: correct length byte validation logic (git-fixes).
- i2c: designware: handle invalid smbus block data response length value (git-fixes).
- i2c: hisi: only handle the interrupt of the driver's transfer (git-fixes).
- i2c: improve size determinations (git-fixes).
- i2c: nomadik: remove a useless call in the remove function (git-fixes).
- i2c: nomadik: remove unnecessary goto label (git-fixes).
- i2c: nomadik: use devm_clk_get_enabled() (git-fixes).
- i40e: fix an null vs is_err() bug for debugfs_create_dir() (git-fixes).
- iavf: fix potential races for fdir filters (git-fixes).
- ib/hfi1: fix possible panic during hotplug remove (git-fixes)
- ib/uverbs: fix an potential error pointer dereference (git-fixes)
- ice: fix crash by keep old cfg when update tcs more than queues (git-fixes).
- ice: fix max_rate check while configuring tx rate limits (git-fixes).
- ice: fix memory management in ice_ethtool_fdir.c (git-fixes).
- ice: fix rdma vsi removal during queue rebuild (git-fixes).
- iio: adc: ina2xx: avoid null pointer dereference on of device match (git-fixes).
- iio: adc: stx104: implement and utilize register structures (git-fixes).
- iio: adc: stx104: utilize iomap interface (git-fixes).
- iio: cros_ec: fix the allocation size for cros_ec_command (git-fixes).
- input: exc3000 - properly stop timer on shutdown (git-fixes).
- intel/e1000:fix repeated words in comments (jsc#ped-5738).
- intel: remove unused macros (jsc#ped-5738).
- iommu/amd: add pci segment support for ivrs_ commands (git-fixes).
- iommu/amd: fix compile warning in init code (git-fixes).
- iommu/amd: fix ill-formed ivrs_ioapic, ivrs_hpet and ivrs_acpihid options (git-fixes).
- iommu/amd: fix ivrs_acpihid cmdline parsing code (git-fixes).
- iommu/amd: fix pci device refcount leak in ppr_notifier() (git-fixes).
- iommu/amd: use full 64-bit value in build_completion_wait() (git-fixes).
- iommu/arm-smmu-v3: check return value after calling platform_get_resource() (git-fixes).
- iommu/arm-smmu-v3: fix event handling soft lockup (git-fixes).
- iommu/arm-smmu-v3: make default domain type of hisilicon ptt device to identity (git-fixes).
- iommu/arm-smmu: fix possible null-ptr-deref in arm_smmu_device_probe() (git-fixes).
- iommu/dart: initialize dart_streams_enable (git-fixes).
- iommu/dma: fix incorrect error return on iommu deferred attach (git-fixes).
- iommu/dma: fix iova map result check bug (git-fixes).
- iommu/dma: return error code from iommu_dma_map_sg() (git-fixes).
- iommu/fsl_pamu: fix resource leak in fsl_pamu_probe() (git-fixes).
- iommu/io-pgtable-arm-v7s: add a quirk to allow pgtable pa up to 35bit (git-fixes).
- iommu/iova: fix module config properly (git-fixes).
- iommu/omap: fix buffer overflow in debugfs (git-fixes).
- iommu/rockchip: fix permission bits in page table entries v2 (git-fixes).
- iommu/sun50i: consider all fault sources for reset (git-fixes).
- iommu/sun50i: fix flush size (git-fixes).
- iommu/sun50i: fix r/w permission check (git-fixes).
- iommu/sun50i: fix reset release (git-fixes).
- iommu/sun50i: implement .iotlb_sync_map (git-fixes).
- iommu/sun50i: remove iommu_domain_identity (git-fixes).
- iommu/vt-d: add rpls to quirk list to skip te disabling (git-fixes).
- iommu/vt-d: check correct capability for sagaw determination (git-fixes).
- iommu/vt-d: clean up si_domain in the init_dmars() error path (git-fixes).
- iommu/vt-d: correctly calculate sagaw value of iommu (git-fixes).
- iommu/vt-d: fix kdump kernels boot failure with scalable mode (git-fixes).
- iommu/vt-d: fix pci device refcount leak in dmar_dev_scope_init() (git-fixes).
- iommu/vt-d: fix pci device refcount leak in has_external_pci() (git-fixes).
- iommu/vt-d: preset access bit for iova in fl non-leaf paging entries (git-fixes).
- iommu/vt-d: set sre bit only when hardware has srs cap (git-fixes).
- ipmi:ssif: add check for kstrdup (git-fixes).
- ipmi:ssif: fix a memory leak when scanning for an adapter (git-fixes).
- ipmi_si: fix a memleak in try_smi_init() (git-fixes).
- jffs2: correct logic when creating a hole in jffs2_write_begin (git-fixes).
- kabi/severities: ignore newly added srso mitigation functions
- kabi: allow extra bugsints (bsc#1213927).
- kbuild: add -wno-shift-negative-value where -wextra is used (bsc#1214756).
- kbuild: move to -std=gnu11 (bsc#1214756).
- kernel-binary: common dependencies cleanup common dependencies are copied to a subpackage, there is no need for copying defines or build dependencies there.
- kernel-binary: drop code for kerntypes support kerntypes was a suse-specific feature dropped before sle 12.
- kunit: make kunit_test_timeout compatible with comment (git-fixes).
- kvm: s390: fix sthyi error handling (git-fixes bsc#1214370).
- leds: fix bug_on check for led_color_id_multi that is always false (git-fixes).
- leds: multicolor: use rounded division when calculating color components (git-fixes).
- leds: pwm: fix error code in led_pwm_create_fwnode() (git-fixes).
- leds: trigger: tty: do not use led_on/off constants, use led_blink_set_oneshot instead (git-fixes).
- leds: turris-omnia: drop unnecessary mutex locking (git-fixes).
- lib/test_meminit: allocate pages up to order max_order (git-fixes).
- lib/test_meminit: destroy cache in kmem_cache_alloc_bulk() test (git-fixes).
- libceph: fix potential hang in ceph_osdc_notify() (bsc#1214393).
- md/raid0: factor out helper for mapping and submitting a bio (bsc#1213916).
- md/raid0: fix performance regression for large sequential writes (bsc#1213916).
- media: ad5820: drop unsupported ad5823 from i2c_ and of_device_id tables (git-fixes).
- media: cx24120: add retval check for cx24120_message_send() (git-fixes).
- media: dib7000p: fix potential division by zero (git-fixes).
- media: dvb-usb: m920x: fix a potential memory leak in m920x_i2c_xfer() (git-fixes).
- media: go7007: remove redundant if statement (git-fixes).
- media: i2c: ccs: check rules is non-null (git-fixes).
- media: i2c: rdacm21: fix uninitialized value (git-fixes).
- media: i2c: tvp5150: check return value of devm_kasprintf() (git-fixes).
- media: ov2680: add ov2680_fill_format() helper function (git-fixes).
- media: ov2680: do not take the lock for try_fmt calls (git-fixes).
- media: ov2680: fix ov2680_bayer_order() (git-fixes).
- media: ov2680: fix ov2680_set_fmt() which == v4l2_subdev_format_try not working (git-fixes).
- media: ov2680: fix regulators being left enabled on ov2680_power_on() errors (git-fixes).
- media: ov2680: fix vflip / hflip set functions (git-fixes).
- media: ov2680: remove video_v4l2_subdev_api ifdef-s (git-fixes).
- media: ov5640: enable mipi interface in ov5640_set_power_mipi() (git-fixes).
- media: rkvdec: increase max supported height for h.264 (git-fixes).
- media: v4l2-core: fix a potential resource leak in v4l2_fwnode_parse_link() (git-fixes).
- media: v4l2-mem2mem: add lock to protect parameter num_rdy (git-fixes).
- media: venus: hfi_venus: only consider sys_idle_indicator on v1 (git-fixes).
- media: venus: hfi_venus: write to vidc_ctrl_init after unmasking interrupts (git-fixes).
- misc: rtsx: judge aspm mode to set petxcfg reg (git-fixes).
- mkspec: allow unsupported kmps (bsc#1214386)
- mlxsw: pci: add shutdown method in pci driver (git-fixes).
- mmc: block: fix in_flight[issue_type] value error (git-fixes).
- mmc: moxart: read scr register without changing byte order (git-fixes).
- mmc: wbsd: fix double mmc_free_host() in wbsd_init() (git-fixes).
- module: avoid allocation if module is already present and ready (bsc#1213921).
- module: extract patient module check into helper (bsc#1213921).
- module: move check_modinfo() early to early_mod_check() (bsc#1213921).
- module: move early sanity checks into a helper (bsc#1213921).
- move upstreamed powerpc patches into sorted section
- mtd: rawnand: brcmnand: fix crash during the panic_write (git-fixes).
- mtd: rawnand: brcmnand: fix mtd oobsize (git-fixes).
- mtd: rawnand: brcmnand: fix potential false time out warning (git-fixes).
- mtd: rawnand: brcmnand: fix potential out-of-bounds access in oob write (git-fixes).
- mtd: rawnand: fsl_upm: fix an off-by one test in fun_exec_op() (git-fixes).
- mtd: rawnand: fsmc: handle clk prepare error in fsmc_nand_resume() (git-fixes).
- mtd: rawnand: omap_elm: fix incorrect type in assignment (git-fixes).
- mtd: rawnand: rockchip: align hwecc vs. raw page helper layouts (git-fixes).
- mtd: rawnand: rockchip: fix oobfree offset and description (git-fixes).
- mtd: spi-nor: check bus width while setting qe bit (git-fixes).
- mtd: spinand: toshiba: fix ecc_get_status (git-fixes).
- n_tty: rename tail to old_tail in n_tty_read() (git-fixes).
- net: hns3: fix wrong bw weight of disabled tc issue (git-fixes).
- net: ieee802154: at86rf230: stop leaking skb's (git-fixes).
- net: mana: fix mana vf unload when hardware is unresponsive (git-fixes).
- net: phy: at803x: remove set/get wol callbacks for ar8032 (git-fixes).
- net: phy: broadcom: stub c45 read/write for 54810 (git-fixes).
- net: phy: fix irq-based wake-on-lan over hibernate / power off (git-fixes).
- net: usb: lan78xx: reorder cleanup operations to avoid uaf bugs (git-fixes).
- net: usbnet: fix warning in usbnet_start_xmit/usb_submit_urb (git-fixes).
- netfs: fix lockdep warning from taking sb_writers whilst holding mmap_lock (bsc#1214742).
- netfs: fix missing xas_retry() calls in xarray iteration (bsc#1213946).
- netfs: fix parameter of cleanup() (bsc#1214743).
- nfsd: remove incorrect check in nfsd4_validate_stateid (git-fixes).
- nilfs2: fix use-after-free of nilfs_root in dirtying inodes via iput (git-fixes).
- nilfs2: fix warning in mark_buffer_dirty due to discarded buffer reuse (git-fixes).
- nvme-rdma: fix potential unbalanced freeze & unfreeze (bsc#1208902).
- nvme-tcp: fix potential unbalanced freeze & unfreeze (bsc#1208902).
- objtool/x86: fix srso mess (git-fixes).
- objtool/x86: fixup frame-pointer vs rethunk (git-fixes).
- objtool: union instruction::{call_dest,jump_table} (git-fixes).
- old-flavors: drop 2.6 kernels. 2.6 based kernels are eol, upgrading from them is no longer suported.
- pci/aspm: avoid link retraining race (git-fixes).
- pci/aspm: factor out pcie_wait_for_retrain() (git-fixes).
- pci/aspm: return 0 or -etimedout from pcie_retrain_link() (git-fixes).
- pci: acpiphp: reassign resources on bridge if necessary (git-fixes).
- pci: acpiphp: use pci_assign_unassigned_bridge_resources() only for non-root bus (git-fixes).
- pci: mark nvidia t4 gpus to avoid bus reset (git-fixes).
- pci: meson: remove cast between incompatible function type (git-fixes).
- pci: microchip: correct the ded and sec interrupt bit offsets (git-fixes).
- pci: microchip: remove cast between incompatible function type (git-fixes).
- pci: pciehp: use rmw accessors for changing lnkctl (git-fixes).
- pci: rockchip: remove writes to unused registers (git-fixes).
- pci: s390: fix use-after-free of pci resources with per-function hotplug (git-fixes).
- pci: tegra194: fix possible array out of bounds access (git-fixes).
- pcmcia: rsrc_nonstatic: fix memory leak in nonstatic_release_resource_db() (git-fixes).
- phy/rockchip: inno-hdmi: do not power on rk3328 post pll on reg write (git-fixes).
- phy/rockchip: inno-hdmi: round fractal pixclock in rk3328 recalc_rate (git-fixes).
- phy/rockchip: inno-hdmi: use correct vco_div_5 macro on rk3328 (git-fixes).
- phy: qcom-snps-femto-v2: keep cfg_ahb_clk enabled during runtime suspend (git-fixes).
- phy: qcom-snps-femto-v2: properly enable ref clock (git-fixes).
- phy: qcom-snps: correct struct qcom_snps_hsphy kerneldoc (git-fixes).
- phy: qcom-snps: use dev_err_probe() to simplify code (git-fixes).
- pinctrl: cherryview: fix address_space_handler() argument (git-fixes).
- pinctrl: mcp23s08: check return value of devm_kasprintf() (git-fixes).
- pinctrl: renesas: rza2: add lock around pinctrl_generic{{add,remove}_group,{add,remove}_function} (git-fixes).
- platform/x86: dell-sysman: fix reference leak (git-fixes).
- pm / devfreq: fix leak in devfreq_dev_release() (git-fixes).
- powerpc/64e: fix kexec build error (bsc#1212091 ltc#199106).
- powerpc/iommu: do not set failed sg dma_address to dma_mapping_error (bsc#1212091 ltc#199106).
- powerpc/iommu: fix iommu_table_in_use for a small default dma window case (bsc#1212091 ltc#199106).
- powerpc/iommu: incorrect ddw table is referenced for sr-iov device (bsc#1212091 ltc#199106).
- powerpc/iommu: return error code from .map_sg() ops (bsc#1212091 ltc#199106).
- powerpc/iommu: tces are incorrectly manipulated with dlpar add/remove of memory (bsc#1212091 ltc#199106).
- powerpc/kernel/iommu: add new iommu_table_in_use() helper (bsc#1212091 ltc#199106).
- powerpc/kexec: fix build failure from uninitialised variable (bsc#1212091 ltc#199106).
- powerpc/mm/altmap: fix altmap boundary check (bsc#1120059 git-fixes).
- powerpc/pseries/ddw: do not try direct mapping with persistent memory and one window (bsc#1212091 ltc#199106).
- powerpc/pseries/ddw: simplify enable_ddw() (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: add ddw_list_new_entry() helper (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: add ddw_property_create() and refactor enable_ddw() (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: add iommu_pseries_alloc_table() helper (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: add of_node_put() before break (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: allow ddw windows starting at 0x00 (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: check if the default window in use before removing it (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: create huge dma window if no mmio32 is present (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: find existing ddw with given property name (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: make use of ddw for indirect mapping (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: print ibm,query-pe-dma-windows parameters (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: rename 'direct window' to 'dma window' (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: reorganize iommu_table_setparms*() with new helper (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: replace hard-coded page shift (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: update remove_dma_window() to accept property name (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: use correct vfree for it_map (bsc#1212091 ltc#199106).
- powerpc/pseries: add __init attribute to eligible functions (bsc#1212091 ltc#199106).
- powerpc/pseries: honour current smt state when dlpar onlining cpus (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588).
- powerpc/pseries: initialise cpu hotplug callbacks earlier (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588).
- powerpc/rtas: block error injection when locked down (bsc#1023051).
- powerpc/rtas: enture rtas_call is called with mmu enabled (bsc#1023051).
- powerpc/rtas_flash: allow user copy to flash block cache objects (bsc#1194869).
- powerpc/security: fix speculation_store_bypass reporting on power10 (bsc#1188885 ltc#193722 git-fixes).
- powerpc: add hotplug_smt support (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). update config files.
- powerpc: fix typos in comments (bsc#1212091 ltc#199106).
- powerpc: move dma64_propname define to a header (bsc#1214297 ltc#197503).
- pseries/iommu/ddw: fix kdump to work in absence of ibm,dma-window (bsc#1214297 ltc#197503).
- pstore/ram: check start of empty przs during init (git-fixes).
- pwm: add a stub for devm_pwmchip_add() (git-fixes).
- pwm: meson: fix handling of period/duty if greater than uint_max (git-fixes).
- pwm: meson: simplify duplicated per-channel tracking (git-fixes).
- qed: fix scheduling in a tasklet while getting stats (git-fixes).
- rdma/bnxt_re: fix error handling in probe failure path (git-fixes)
- rdma/bnxt_re: fix max_qp count for virtual functions (git-fixes)
- rdma/efa: fix wrong resources deallocation order (git-fixes)
- rdma/hns: fix cq and qp cache affinity (git-fixes)
- rdma/hns: fix incorrect post-send with direct wqe of wr-list (git-fixes)
- rdma/hns: fix port active speed (git-fixes)
- rdma/irdma: prevent zero-length stag registration (git-fixes)
- rdma/irdma: replace one-element array with flexible-array member (git-fixes)
- rdma/mlx5: return the firmware result upon destroying qp/rq (git-fixes)
- rdma/qedr: remove a duplicate assignment in irdma_query_ah() (git-fixes)
- rdma/siw: balance the reference of cep->kref in the error path (git-fixes)
- rdma/siw: correct wrong debug message (git-fixes)
- rdma/umem: set iova in odp flow (git-fixes)
- readme.branch: add miroslav franc as a sle15-sp4 co-maintainer.
- regmap: rbtree: use alloc_flags for memory allocations (git-fixes).
- revert 'ib/isert: fix incorrect release of isert connection' (git-fixes)
- revert 'tracing: add '(fault)' name injection to kernel probes' (git-fixes).
- ring-buffer: do not swap cpu_buffer during resize process (git-fixes).
- ring-buffer: fix deadloop issue on reading trace_pipe (git-fixes).
- ring-buffer: fix wrong stat of cpu_buffer->read (git-fixes).
- rpmsg: glink: add check for kstrdup (git-fixes).
- s390/purgatory: disable branch profiling (git-fixes bsc#1214372).
- sched/fair: fix inaccurate tally of ttwu_move_affine (git fixes).
- sched/fair: use recent_used_cpu to test p->cpus_ptr (git fixes).
- sched/psi: use kernfs polling functions for psi trigger polling (bsc#1209799).
- scsi: bsg: increase number of devices (bsc#1210048).
- scsi: core: do not wait for quiesce in scsi_device_block() (bsc#1209284).
- scsi: core: do not wait for quiesce in scsi_stop_queue() (bsc#1209284).
- scsi: core: improve warning message in scsi_device_block() (bsc#1209284).
- scsi: core: merge scsi_internal_device_block() and device_block() (bsc#1209284).
- scsi: rdma/srp: fix residual handling (git-fixes)
- scsi: sg: increase number of devices (bsc#1210048).
- scsi: storvsc: always set no_report_opcodes (git-fixes).
- scsi: storvsc: fix handling of virtual fibre channel timeouts (git-fixes).
- scsi: storvsc: handle srb status value 0x30 (git-fixes).
- scsi: storvsc: limit max_sectors for virtual fibre channel devices (git-fixes).
- scsi: zfcp: defer fc_rport blocking until after adisc response (git-fixes bsc#1214371).
- selftests/futex: order calls to futex_lock_pi (git-fixes).
- selftests/harness: actually report skip for signal tests (git-fixes).
- selftests/resctrl: close perf value read fd on errors (git-fixes).
- selftests/resctrl: do not leak buffer in fill_cache() (git-fixes).
- selftests/resctrl: unmount resctrl fs if child fails to run benchmark (git-fixes).
- selftests/rseq: check if libc rseq support is registered (git-fixes).
- selftests: forwarding: add a helper to skip test when using veth pairs (git-fixes).
- selftests: forwarding: ethtool: skip when using veth pairs (git-fixes).
- selftests: forwarding: ethtool_extended_state: skip when using veth pairs (git-fixes).
- selftests: forwarding: skip test when no interfaces are specified (git-fixes).
- selftests: forwarding: switch off timeout (git-fixes).
- selftests: forwarding: tc_actions: cleanup temporary files when test is aborted (git-fixes).
- selftests: forwarding: tc_actions: use ncat instead of nc (git-fixes).
- selftests: forwarding: tc_flower: relax success criterion (git-fixes).
- selftests: mirror_gre_changes: tighten up the ttl test match (git-fixes).
- serial: sc16is7xx: fix broken port 0 uart init (git-fixes).
- serial: sc16is7xx: fix bug when first setting gpio direction (git-fixes).
- serial: sprd: assign sprd_port after initialized to avoid wrong access (git-fixes).
- serial: sprd: fix dma buffer leak issue (git-fixes).
- serial: tegra: handle clk prepare error in tegra_uart_hw_init() (git-fixes).
- sfc: fix crash when reading stats while nic is resetting (git-fixes).
- smb3: do not send lease break acknowledgment if all file handles have been closed (git-fixes).
- smb3: do not set ntlmssp_version flag for negotiate not auth request (bsc#1193629).
- smb: client: fix -wstringop-overflow issues (bsc#1193629).
- smb: client: fix dfs link mount against w2k8 (bsc#1212142).
- smb: client: fix null auth (git-fixes).
- soc: aspeed: socinfo: add kfree for kstrdup (git-fixes).
- soundwire: bus: pm_runtime_request_resume on peripheral attachment (git-fixes).
- soundwire: fix enumeration completion (git-fixes).
- spi: tegra20-sflash: fix to check return value of platform_get_irq() in tegra_sflash_probe() (git-fixes).
- supported.conf: fix typos for -!optional markers
- target: compare and write backend driver sense handling (bsc#1177719 bsc#1213026).
- target_core_rbd: fix leak and reduce kmalloc calls (bsc#1212873).
- target_core_rbd: fix rbd_img_request.snap_id assignment (bsc#1212857).
- target_core_rbd: remove snapshot existence validation code (bsc#1212857).
- thunderbolt: read retimer nvm authentication status prior tb_retimer_set_inbound_sbtx() (git-fixes).
- timers: add shutdown mechanism to the internal functions (bsc#1213970).
- timers: provide timer_shutdown[_sync]() (bsc#1213970).
- timers: rename del_timer() to timer_delete() (bsc#1213970).
- timers: rename del_timer_sync() to timer_delete_sync() (bsc#1213970).
- timers: replace bug_on()s (bsc#1213970).
- timers: silently ignore timers with a null function (bsc#1213970).
- timers: split [try_to_]del_timer[_sync]() to prepare for shutdown mode (bsc#1213970).
- timers: update kernel-doc for various functions (bsc#1213970).
- timers: use del_timer_sync() even on up (bsc#1213970).
- tracing/histograms: add histograms to hist_vars if they have referenced variables (git-fixes).
- tracing/histograms: return an error if we fail to add histogram to hist_vars list (git-fixes).
- tracing/probes: fix not to count error code to total length (git-fixes).
- tracing/probes: fix to avoid double count of the string length on the array (git-fixes).
- tracing/probes: fix to record 0-length data_loc in fetch_store_string*() if fails (git-fixes).
- tracing/probes: fix to update dynamic data counter if fetcharg uses it (git-fixes).
- tracing: fix cpu buffers unavailable due to 'record_disabled' missed (git-fixes).
- tracing: fix memleak due to race between current_tracer and trace (git-fixes).
- tracing: fix memory leak of iter->temp when reading trace_pipe (git-fixes).
- tracing: fix null pointer dereference in tracing_err_log_open() (git-fixes).
- tracing: fix warning in trace_buffered_event_disable() (git-fixes).
- tty: fix hang on tty device with no_room set (git-fixes).
- tty: n_gsm: fix the uaf caused by race condition in gsm_cleanup_mux (git-fixes).
- tty: serial: fsl_lpuart: add i.mxrt1050 support (git-fixes).
- tty: serial: fsl_lpuart: clear the error flags by writing 1 for lpuart32 platforms (git-fixes).
- tty: serial: fsl_lpuart: make rx_watermark configurable for different platforms (git-fixes).
- tty: serial: fsl_lpuart: reduce rx watermark to 0 on ls1028a (git-fixes).
- ubifs: fix memleak when insert_old_idx() failed (git-fixes).
- update patches.suse/cpufreq-intel_pstate-fix-cpu-pstate.turbo_freq-initi (git-fixes bsc#1212526 bsc#1214368 jsc#ped-4927 jsc#ped-4929).
- usb-storage: alauda: fix uninit-value in alauda_check_media() (git-fixes).
- usb: chipidea: imx: add missing usb phy dpdm wakeup setting (git-fixes).
- usb: chipidea: imx: do not request qos for imx8ulp (git-fixes).
- usb: chipidea: imx: improve logic if samsung,picophy-* parameter is 0 (git-fixes).
- usb: common: usb-conn-gpio: prevent bailing out if initial role is none (git-fixes).
- usb: dwc3: fix typos in gadget.c (git-fixes).
- usb: dwc3: meson-g12a: do post init to fix broken usb after resumption (git-fixes).
- usb: dwc3: properly handle processing of pending events (git-fixes).
- usb: gadget: f_mass_storage: fix unused variable warning (git-fixes).
- usb: gadget: fix the memory leak in raw_gadget driver (git-fixes).
- usb: gadget: u_serial: avoid spinlock recursion in __gs_console_push (git-fixes).
- usb: ohci-at91: fix the unhandle interrupt when resume (git-fixes).
- usb: phy: mxs: fix getting wrong state with mxs_phy_is_otg_host() (git-fixes).
- usb: quirks: add quirk for focusrite scarlett (git-fixes).
- usb: serial: option: add quectel ec200a module support (git-fixes).
- usb: serial: option: support quectel em060k_128 (git-fixes).
- usb: serial: simple: add kaufmann rks+can vcp (git-fixes).
- usb: serial: simple: sort driver entries (git-fixes).
- usb: typec: altmodes/displayport: signal hpd when configuring pin assignment (git-fixes).
- usb: typec: tcpm: fix response to vsafe0v event (git-fixes).
- usb: typec: tcpm: set initial svdm version based on pd revision (git-fixes).
- usb: zaurus: add id for a-300/b-500/c-700 (git-fixes).
- watchdog: sp5100_tco: support hygon fch/sch (server controller hub) (git-fixes).
- wifi: ath10k: use rmw accessors for changing lnkctl (git-fixes).
- wifi: ath11k: use rmw accessors for changing lnkctl (git-fixes).
- wifi: ath9k: fix races between ath9k_wmi_cmd and ath9k_wmi_ctrl_rx (git-fixes).
- wifi: ath9k: protect wmi command response buffer replacement with a lock (git-fixes).
- wifi: ath9k: use is_err() with debugfs_create_dir() (git-fixes).
- wifi: cfg80211: fix return value in scan logic (git-fixes).
- wifi: cfg80211: fix sband iftype data lookup for ap_vlan (git-fixes).
- wifi: mt76: mt7615: do not advertise 5 ghz on first phy of mt7615d (dbdc) (git-fixes).
- wifi: mt76: mt7915: fix power-limits while chan_switch (git-fixes).
- wifi: mt76: mt7921: do not support one stream on secondary antenna only (git-fixes).
- wifi: mt76: testmode: add nla_policy for mt76_tm_attr_tx_length (git-fixes).
- wifi: mwifiex: avoid possible null skb pointer dereference (git-fixes).
- wifi: mwifiex: fix error recovery in pcie buffer descriptor management (git-fixes).
- wifi: mwifiex: fix memory leak in mwifiex_histogram_read() (git-fixes).
- wifi: mwifiex: fix missed return in oob checks failed path (git-fixes).
- wifi: mwifiex: fix oob and integer underflow when rx packets (git-fixes).
- wifi: nl80211/cfg80211: add forgotten nla_policy for bss color attribute (git-fixes).
- wifi: radiotap: fix kernel-doc notation warnings (git-fixes).
- wifi: rtw89: debug: fix error handling in rtw89_debug_priv_btc_manual_set() (git-fixes).
- x86/alternative: make custom return thunk unconditional (git-fixes).
- x86/cpu/amd: disable xsaves on amd family 0x17 (git-fixes).
- x86/cpu/kvm: provide untrain_ret_vm (git-fixes).
- x86/cpu: clean up srso return thunk mess (git-fixes).
- x86/cpu: cleanup the untrain mess (git-fixes).
- x86/cpu: fix __x86_return_thunk symbol type (git-fixes).
- x86/cpu: fix up srso_safe_ret() and __x86_return_thunk() (git-fixes).
- x86/cpu: rename original retbleed methods (git-fixes).
- x86/cpu: rename srso_(.*)_alias to srso_alias_\1 (git-fixes).
- x86/mce: make sure logged mces are processed after sysfs update (git-fixes).
- x86/retpoline,kprobes: fix position of thunk sections with config_lto_clang (git-fixes).
- x86/retpoline,kprobes: skip optprobe check for indirect jumps with retpolines and ibt (git-fixes).
- x86/retpoline: do not clobber rflags during srso_safe_ret() (git-fixes).
- x86/sev: Make enc_dec_hypercall() accept a size instead of npages (bsc#1214635).
- x86/speculation: add cpu_show_gds() prototype (git-fixes).
- x86/speculation: mark all skylake cpus as vulnerable to gds (git-fixes).
- x86/srso: correct the mitigation status when smt is disabled (git-fixes).
- x86/srso: disable the mitigation on unaffected configurations (git-fixes).
- x86/srso: explain the untraining sequences a bit more (git-fixes).
- x86/srso: fix build breakage with the llvm linker (git-fixes).
- x86/srso: fix return thunks in generated code (git-fixes).
- x86/static_call: fix __static_call_fixup() (git-fixes).
- xfs: fix sb write verify for lazysbcount (bsc#1214661).
ImportantSUSE bug 1023051SUSE bug 1120059SUSE bug 1177719SUSE bug 1188885SUSE bug 1193629SUSE bug 1194869SUSE bug 1205462SUSE bug 1208902SUSE bug 1208949SUSE bug 1209284SUSE bug 1209799SUSE bug 1210048SUSE bug 1210448SUSE bug 1212091SUSE bug 1212142SUSE bug 1212526SUSE bug 1212857SUSE bug 1212873SUSE bug 1213026SUSE bug 1213123SUSE bug 1213546SUSE bug 1213580SUSE bug 1213601SUSE bug 1213666SUSE bug 1213757SUSE bug 1213759SUSE bug 1213916SUSE bug 1213921SUSE bug 1213927SUSE bug 1213946SUSE bug 1213968SUSE bug 1213970SUSE bug 1213971SUSE bug 1214000SUSE bug 1214019SUSE bug 1214120SUSE bug 1214149SUSE bug 1214180SUSE bug 1214238SUSE bug 1214285SUSE bug 1214297SUSE bug 1214299SUSE bug 1214350SUSE bug 1214368SUSE bug 1214370SUSE bug 1214371SUSE bug 1214372SUSE bug 1214380SUSE bug 1214386SUSE bug 1214392SUSE bug 1214393SUSE bug 1214397SUSE bug 1214428SUSE bug 1214451SUSE bug 1214635SUSE bug 1214659SUSE bug 1214661SUSE bug 1214729SUSE bug 1214742SUSE bug 1214743SUSE bug 1214756SUSE bug 1215522SUSE bug 1215523SUSE bug 1215552SUSE bug 1215553CVE-2023-2007 at SUSECVE-2023-2007 at NVDCVE-2023-20588 at SUSECVE-2023-20588 at NVDCVE-2023-34319 at SUSECVE-2023-34319 at NVDCVE-2023-3610 at SUSECVE-2023-3610 at NVDCVE-2023-37453 at SUSECVE-2023-37453 at NVDCVE-2023-3772 at SUSECVE-2023-3772 at NVDCVE-2023-3863 at SUSECVE-2023-3863 at NVDCVE-2023-4128 at SUSECVE-2023-4128 at NVDCVE-2023-4133 at SUSECVE-2023-4133 at NVDCVE-2023-4134 at SUSECVE-2023-4134 at NVDCVE-2023-4147 at SUSECVE-2023-4147 at NVDCVE-2023-4194 at SUSECVE-2023-4194 at NVDCVE-2023-4273 at SUSECVE-2023-4273 at NVDCVE-2023-4387 at SUSECVE-2023-4387 at NVDCVE-2023-4459 at SUSECVE-2023-4459 at NVDCVE-2023-4569 at SUSECVE-2023-4569 at NVDcpe:/o:suse:sle-micro:5.4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.4
The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2023-2007: Fixed a flaw in the DPT I2O Controller driver that could allow an attacker to escalate privileges and execute arbitrary code in the context of the kernel (bsc#1210448).
- CVE-2023-20588: Fixed a division-by-zero error on some AMD processors that can potentially return speculative data resulting in loss of confidentiality (bsc#1213927).
- CVE-2023-34319: Fixed buffer overrun triggered by unusual packet in xen/netback (XSA-432) (bsc#1213546).
- CVE-2023-3610: Fixed use-after-free vulnerability in nf_tables can be exploited to achieve local privilege escalation (bsc#1213580).
- CVE-2023-37453: Fixed oversight in SuperSpeed initialization (bsc#1213123).
- CVE-2023-3772: Fixed a flaw in XFRM subsystem that may have allowed a malicious user with CAP_NET_ADMIN privileges to directly dereference a NULL pointer leading to a possible kernel crash and denial of service (bsc#1213666).
- CVE-2023-3863: Fixed a use-after-free flaw was found in nfc_llcp_find_local that allowed a local user with special privileges to impact a kernel information leak issue (bsc#1213601).
- CVE-2023-4128: Fixed a use-after-free flaw in net/sched/cls_fw.c that allowed a local attacker to perform a local privilege escalation due to incorrect handling of the existing filter, leading to a kernel information leak issue (bsc#1214149).
- CVE-2023-4133: Fixed use after free bugs caused by circular dependency problem in cxgb4 (bsc#1213970).
- CVE-2023-4134: Fixed use-after-free in cyttsp4_watchdog_work() (bsc#1213971).
- CVE-2023-4147: Fixed use-after-free in nf_tables_newrule (bsc#1213968).
- CVE-2023-4194: Fixed a type confusion in net tun_chr_open() (bsc#1214019).
- CVE-2023-4273: Fixed a flaw in the exFAT driver of the Linux kernel that alloawed a local privileged attacker to overflow the kernel stack (bsc#1214120).
- CVE-2023-4387: Fixed use-after-free flaw in vmxnet3_rq_alloc_rx_buf that could allow a local attacker to crash the system due to a double-free (bsc#1214350).
- CVE-2023-4459: Fixed a NULL pointer dereference flaw in vmxnet3_rq_cleanup that may have allowed a local attacker with normal user privilege to cause a denial of service (bsc#1214451).
- CVE-2023-4569: Fixed information leak in nft_set_catchall_flush in net/netfilter/nf_tables_api.c (bsc#1214729).
The following non-security bugs were fixed:
- Drop amdgpu patch causing spamming (bsc#1215523)
- acpi: processor: perflib: avoid updating frequency qos unnecessarily (git-fixes).
- acpi: processor: perflib: use the 'no limit' frequency qos (git-fixes).
- acpi: x86: s2idle: fix a logic error parsing amd constraints table (git-fixes).
- alsa: ac97: fix possible error value of *rac97 (git-fixes).
- alsa: hda/cs8409: support new dell dolphin variants (git-fixes).
- alsa: hda/realtek - remodified 3k pull low procedure (git-fixes).
- alsa: hda/realtek: add quirk for hp victus 16-d1xxx to enable mute led (git-fixes).
- alsa: hda/realtek: add quirk for mute leds on hp envy x360 15-eu0xxx (git-fixes).
- alsa: hda/realtek: add quirks for hp g11 laptops (git-fixes).
- alsa: hda/realtek: switch dell oasis models to use spi (git-fixes).
- alsa: pcm: fix missing fixup call in compat hw_refine ioctl (git-fixes).
- alsa: usb-audio: add support for mythware xa001au capture and playback interfaces (git-fixes).
- alsa: usb-audio: fix init call orders for uac1 (git-fixes).
- alsa: ymfpci: fix the missing snd_card_free() call at probe error (git-fixes).
- amba: bus: fix refcount leak (git-fixes).
- arm64: dts: imx8mn-var-som: add missing pull-up for onboard phy reset pinmux (git-fixes).
- arm64: dts: qcom: qrb5165-rb5: fix thermal zone conflict (git-fixes).
- arm64: dts: rockchip: disable hs400 for emmc on rock pi 4 (git-fixes).
- arm: dts: imx6dl: prtrvt, prtvt7, prti6q, prtwd2: fix usb related warnings (git-fixes).
- arm: dts: imx6sll: fixup of operating points (git-fixes).
- arm: spear: do not use timer namespace for timer_shutdown() function (bsc#1213970).
- asoc: lower 'no backend dais enabled for ... port' log severity (git-fixes).
- asoc: meson: axg-tdm-formatter: fix channel slot allocation (git-fixes).
- asoc: rt5665: add missed regulator_bulk_disable (git-fixes).
- asoc: sof: intel: fix soundwire/hdaudio mutual exclusion (git-fixes).
- asoc: stac9766: fix build errors with regmap_ac97 (git-fixes).
- asoc: tegra: fix sfc conversion for few rates (git-fixes).
- audit: fix possible soft lockup in __audit_inode_child() (git-fixes).
- backlight/bd6107: compare against struct fb_info.device (git-fixes).
- backlight/gpio_backlight: compare against struct fb_info.device (git-fixes).
- backlight/lv5207lp: compare against struct fb_info.device (git-fixes).
- batman-adv: do not get eth header before batadv_check_management_packet (git-fixes).
- batman-adv: do not increase mtu when set by user (git-fixes).
- batman-adv: fix batadv_v_ogm_aggr_send memory leak (git-fixes).
- batman-adv: fix tt global entry leak when client roamed back (git-fixes).
- batman-adv: trigger events for auto adjusted mtu (git-fixes).
- bluetooth: btusb: add mt7922 bluetooth id for the asus ally (git-fixes).
- bluetooth: btusb: do not call kfree_skb() under spin_lock_irqsave() (git-fixes).
- bluetooth: fix potential use-after-free when clear keys (git-fixes).
- bluetooth: l2cap: fix use-after-free (git-fixes).
- bluetooth: l2cap: fix use-after-free in l2cap_sock_ready_cb (git-fixes).
- bluetooth: nokia: fix value check in nokia_bluetooth_serdev_probe() (git-fixes).
- bluetooth: remove unused declaration amp_read_loc_info() (git-fixes).
- bnx2x: fix page fault following eeh recovery (bsc#1214299).
- bpf: disable preemption in bpf_event_output (git-fixes).
- bus: ti-sysc: fix build warning for 64-bit build (git-fixes).
- bus: ti-sysc: fix cast to enum warning (git-fixes).
- bus: ti-sysc: flush posted write on enable before reset (git-fixes).
- can: gs_usb: gs_usb_receive_bulk_callback(): count rx overflow errors also in case of oom (git-fixes).
- ceph: defer stopping mdsc delayed_work (bsc#1214392).
- ceph: do not check for quotas on mds stray dirs (bsc#1214238).
- ceph: never send metrics if disable_send_metrics is set (bsc#1214180).
- check-for-config-changes: ignore builtin_return_address_strips_pac (bsc#1214380). gcc7 on sle 15 does not support this while later gcc does.
- cifs: add missing return value check for cifs_sb_tlink (bsc#1193629).
- cifs: allow dumping keys for directories too (bsc#1193629).
- cifs: fix mid leak during reconnection after timeout threshold (git-fixes).
- cifs: if deferred close is disabled then close files immediately (git-fixes).
- cifs: is_network_name_deleted should return a bool (bsc#1193629).
- cifs: update internal module version number for cifs.ko (bsc#1193629).
- clk: fix slab-out-of-bounds error in devm_clk_release() (git-fixes).
- clk: fix undefined reference to `clk_rate_exclusive_{get,put}' (git-fixes).
- clk: imx8mp: fix sai4 clock (git-fixes).
- clk: imx: composite-8m: fix clock pauses when set_rate would be a no-op (git-fixes).
- clk: imx: pll14xx: dynamically configure pll for 393216000/361267200hz (git-fixes).
- clk: qcom: camcc-sc7180: fix async resume during probe (git-fixes).
- clk: qcom: gcc-mdm9615: use proper parent for pll0_vote clock (git-fixes).
- clk: qcom: gcc-sc7180: fix up gcc_sdcc2_apps_clk_src (git-fixes).
- clk: qcom: gcc-sm8250: fix gcc_sdcc2_apps_clk_src (git-fixes).
- clk: sunxi-ng: modify mismatched function name (git-fixes).
- clocksource/drivers/arm_arch_timer: do not use timer namespace for timer_shutdown() function (bsc#1213970).
- clocksource/drivers/sp804: do not use timer namespace for timer_shutdown() function (bsc#1213970).
- config_nvme_verbose_errors=y gone with a82baa8083b
- config_printk_safe_log_buf_shift=13 gone with 7e152d55123
- cpu/smt: allow enabling partial smt states via sysfs (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588).
- cpu/smt: create topology_smt_thread_allowed() (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588).
- cpu/smt: move smt prototypes into cpu_smt.h (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588).
- cpu/smt: move smt/control simple exit cases earlier (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588).
- cpu/smt: remove topology_smt_supported() (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588).
- cpu/smt: store the current/max number of threads (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588).
- cpufreq: fix the race condition while updating the transition_task of policy (git-fixes).
- cpufreq: intel_pstate: adjust balance_performance epp for sapphire rapids (bsc#1214659).
- cpufreq: intel_pstate: enable hwp io boost for all servers (bsc#1208949 jsc#ped-6003 jsc#ped-6004).
- cpufreq: intel_pstate: fix scaling for hybrid-capable systems with disabled e-cores (bsc#1212526 bsc#1214368 jsc#ped-4927 jsc#ped-4929).
- cpufreq: intel_pstate: hybrid: rework hwp calibration (bsc#1212526 bsc#1214368 jsc#ped-4927 jsc#ped-4929).
- cpufreq: intel_pstate: hybrid: use known scaling factor for p-cores (bsc#1212526 bsc#1214368 jsc#ped-4927 jsc#ped-4929).
- cpufreq: intel_pstate: read all msrs on the target cpu (bsc#1212526 bsc#1214368 jsc#ped-4927 jsc#ped-4929).
- created new preempt kernel flavor configs are cloned from the respective $arch/default configs. all changed configs appart from config_preempt->y are a result of dependencies, namely many lock/unlock primitives are no longer inlined in the preempt kernel. tree_rcu has been also changed to preempt_rcu which is the default implementation for preempt kernel.
- crypto: caam - fix unchecked return value error (git-fixes).
- crypto: stm32 - properly handle pm_runtime_get failing (git-fixes).
- dma-buf/sw_sync: avoid recursive lock during fence signal (git-fixes).
- dma-buf/sync_file: fix docs syntax (git-fixes).
- dmaengine: idxd: modify the dependence of attribute pasid_enabled (git-fixes).
- dmaengine: mcf-edma: fix a potential un-allocated memory access (git-fixes).
- dmaengine: pl330: return dma_paused when transaction is paused (git-fixes).
- dmaengine: ste_dma40: add missing irq check in d40_probe (git-fixes).
- docs/process/howto: replace c89 with c11 (bsc#1214756).
- docs: kernel-parameters: refer to the correct bitmap function (git-fixes).
- docs: networking: replace skb_hwtstamp_tx with skb_tstamp_tx (git-fixes).
- docs: printk-formats: fix hex printing of signed values (git-fixes).
- documentation: devices.txt: fix minors for ttycpm* (git-fixes).
- documentation: devices.txt: remove ttyioc* (git-fixes).
- documentation: devices.txt: remove ttysioc* (git-fixes).
- driver core: test_async: fix an error code (git-fixes).
- drivers: clk: keystone: fix parameter judgment in _of_pll_clk_init() (git-fixes).
- drivers: usb: smsusb: fix error handling code in smsusb_init_device (git-fixes).
- drm/amd/display: check attr flag before set cursor degamma on dcn3+ (git-fixes).
- drm/amd/display: check tg is non-null before checking if enabled (git-fixes).
- drm/amd/display: do not wait for mpc idle if tg is disabled (git-fixes).
- drm/amd/display: fix access hdcp_workqueue assert (git-fixes).
- drm/amd/display: phase3 mst hdcp for multiple displays (git-fixes).
- drm/amd/display: save restore hdcp state when display is unplugged from mst hub (git-fixes).
- drm/amd/pm: fix variable dereferenced issue in amdgpu_device_attr_create() (git-fixes).
- drm/amd: flush any delayed gfxoff on suspend entry (git-fixes).
- drm/amdgpu: avoid integer overflow warning in amdgpu_device_resize_fb_bar() (git-fixes).
- drm/amdgpu: fix potential fence use-after-free v2 (git-fixes).
- drm/amdgpu: install stub fence into potential unused fence pointers (git-fixes).
- drm/amdgpu: use rmw accessors for changing lnkctl (git-fixes).
- drm/armada: fix off-by-one error in armada_overlay_get_property() (git-fixes).
- drm/ast: fix dram init on ast2200 (git-fixes).
- drm/bridge: anx7625: drop device lock before drm_helper_hpd_irq_event() (git-fixes).
- drm/bridge: fix -wunused-const-variable= warning (git-fixes).
- drm/bridge: tc358764: fix debug print parameter order (git-fixes).
- drm/etnaviv: fix dumping of active mmu context (git-fixes).
- drm/mediatek: fix dereference before null check (git-fixes).
- drm/mediatek: fix potential memory leak if vmap() fail (git-fixes).
- drm/msm/a2xx: call adreno_gpu_init() earlier (git-fixes).
- drm/msm/mdp5: do not leak some plane state (git-fixes).
- drm/nouveau/disp: revert a null check inside nouveau_connector_get_modes (git-fixes).
- drm/nouveau/gr: enable memory loads on helper invocation on all channels (git-fixes).
- drm/panel: simple: add missing connector type and pixel format for auo t215hvn01 (git-fixes).
- drm/panel: simple: fix auo g121ean01 panel timings according to the docs (git-fixes).
- drm/qxl: fix uaf on handle creation (git-fixes).
- drm/radeon: use rmw accessors for changing lnkctl (git-fixes).
- drm/rockchip: do not spam logs in atomic check (git-fixes).
- drm/shmem-helper: reset vma->vm_ops before calling dma_buf_mmap() (git-fixes).
- drm/tegra: dpaux: fix incorrect return value of platform_get_irq (git-fixes).
- drm/ttm: check null pointer before accessing when swapping (git-fixes).
- drm/ttm: never consider pinned bos for eviction&swap (git-fixes).
- drm/vmwgfx: fix shader stage validation (git-fixes).
- drm: xlnx: zynqmp_dpsub: add missing check for dma_set_mask (git-fixes).
- drop cfg80211 lock fix patches that caused a regression (bsc#1213757)
- drop rtsx patch that caused a regression (bsc#1214397,bsc#1214428)
- dt-bindings: clock: xlnx,versal-clk: drop select:false (git-fixes).
- dt-bindings: clocks: imx8mp: make sai4 a dummy clock (git-fixes).
- dt-bindings: crypto: ti,sa2ul: make power-domains conditional (git-fixes).
- e1000: fix typos in comments (jsc#ped-5738).
- e1000: remove unnecessary use of kmap_atomic() (jsc#ped-5738).
- e1000: switch to napi_build_skb() (jsc#ped-5738).
- e1000: switch to napi_consume_skb() (jsc#ped-5738).
- enable analog devices industrial ethernet phy driver (jsc#ped-4759)
- exfat: fix unexpected eof while reading dir (bsc#1214000).
- exfat: release s_lock before calling dir_emit() (bsc#1214000).
- exfat_iterate(): do not open-code file_inode(file) (bsc#1214000).
- fbdev/ep93xx-fb: do not assign to struct fb_info.dev (git-fixes).
- fbdev: fix potential oob read in fast_imageblit() (git-fixes).
- fbdev: fix sys_imageblit() for arbitrary image widths (git-fixes).
- fbdev: improve performance of sys_imageblit() (git-fixes).
- fbdev: mmp: fix value check in mmphw_probe() (git-fixes).
- file: reinstate f_pos locking optimization for regular files (bsc#1213759).
- firmware: arm_scmi: drop of node reference in the transport channel setup (git-fixes).
- firmware: cs_dsp: fix new control name check (git-fixes).
- firmware: meson_sm: fix to avoid potential null pointer dereference (git-fixes).
- firmware: stratix10-svc: fix an null vs is_err() bug in probe (git-fixes).
- fs/sysv: null check to prevent null-ptr-deref bug (git-fixes).
- ftrace: fix possible warning on checking all pages used in ftrace_process_locs() (git-fixes).
- gpio: mvebu: fix irq domain leak (git-fixes).
- gpio: mvebu: make use of devm_pwmchip_add (git-fixes).
- gpio: tps68470: make tps68470_gpio_output() always set the initial value (git-fixes).
- hid: add quirk for 03f0:464a hp elite presenter mouse (git-fixes).
- hid: logitech-dj: fix error handling in logi_dj_recv_switch_to_dj_mode() (git-fixes).
- hid: logitech-hidpp: add usb and bluetooth ids for the logitech g915 tkl keyboard (git-fixes).
- hid: multitouch: correct devm device reference for hidinput input_dev name (git-fixes).
- hid: wacom: remove the battery when the ekr is off (git-fixes).
- hwmon: (pmbus/bel-pfe) enable pmbus_skip_status_check for pfe1100 (git-fixes).
- hwmon: (tmp513) fix the channel number in tmp51x_is_visible() (git-fixes).
- hwpoison: offline support: fix spelling in documentation/abi/ (git-fixes).
- hwrng: iproc-rng200 - implement suspend and resume calls (git-fixes).
- hwrng: nomadik - keep clock enabled while hwrng is registered (git-fixes).
- hwrng: pic32 - use devm_clk_get_enabled (git-fixes).
- i2c: bcm-iproc: fix bcm_iproc_i2c_isr deadlock issue (git-fixes).
- i2c: designware: correct length byte validation logic (git-fixes).
- i2c: designware: handle invalid smbus block data response length value (git-fixes).
- i2c: hisi: only handle the interrupt of the driver's transfer (git-fixes).
- i2c: improve size determinations (git-fixes).
- i2c: nomadik: remove a useless call in the remove function (git-fixes).
- i2c: nomadik: remove unnecessary goto label (git-fixes).
- i2c: nomadik: use devm_clk_get_enabled() (git-fixes).
- i40e: fix an null vs is_err() bug for debugfs_create_dir() (git-fixes).
- iavf: fix potential races for fdir filters (git-fixes).
- ib/hfi1: fix possible panic during hotplug remove (git-fixes)
- ib/uverbs: fix an potential error pointer dereference (git-fixes)
- ice: fix max_rate check while configuring tx rate limits (git-fixes).
- ice: fix memory management in ice_ethtool_fdir.c (git-fixes).
- ice: fix rdma vsi removal during queue rebuild (git-fixes).
- iio: adc: ina2xx: avoid null pointer dereference on of device match (git-fixes).
- iio: adc: stx104: implement and utilize register structures (git-fixes).
- iio: adc: stx104: utilize iomap interface (git-fixes).
- iio: cros_ec: fix the allocation size for cros_ec_command (git-fixes).
- input: exc3000 - properly stop timer on shutdown (git-fixes).
- intel/e1000:fix repeated words in comments (jsc#ped-5738).
- intel: remove unused macros (jsc#ped-5738).
- iommu/amd: add pci segment support for ivrs_ commands (git-fixes).
- iommu/amd: fix compile warning in init code (git-fixes).
- iommu/amd: fix ill-formed ivrs_ioapic, ivrs_hpet and ivrs_acpihid options (git-fixes).
- iommu/amd: fix ivrs_acpihid cmdline parsing code (git-fixes).
- iommu/amd: fix pci device refcount leak in ppr_notifier() (git-fixes).
- iommu/amd: use full 64-bit value in build_completion_wait() (git-fixes).
- iommu/arm-smmu-v3: check return value after calling platform_get_resource() (git-fixes).
- iommu/arm-smmu-v3: fix event handling soft lockup (git-fixes).
- iommu/arm-smmu-v3: make default domain type of hisilicon ptt device to identity (git-fixes).
- iommu/arm-smmu: fix possible null-ptr-deref in arm_smmu_device_probe() (git-fixes).
- iommu/dart: initialize dart_streams_enable (git-fixes).
- iommu/dma: fix incorrect error return on iommu deferred attach (git-fixes).
- iommu/dma: fix iova map result check bug (git-fixes).
- iommu/dma: return error code from iommu_dma_map_sg() (git-fixes).
- iommu/fsl_pamu: fix resource leak in fsl_pamu_probe() (git-fixes).
- iommu/io-pgtable-arm-v7s: add a quirk to allow pgtable pa up to 35bit (git-fixes).
- iommu/iova: fix module config properly (git-fixes).
- iommu/omap: fix buffer overflow in debugfs (git-fixes).
- iommu/rockchip: fix permission bits in page table entries v2 (git-fixes).
- iommu/sun50i: consider all fault sources for reset (git-fixes).
- iommu/sun50i: fix flush size (git-fixes).
- iommu/sun50i: fix r/w permission check (git-fixes).
- iommu/sun50i: fix reset release (git-fixes).
- iommu/sun50i: implement .iotlb_sync_map (git-fixes).
- iommu/sun50i: remove iommu_domain_identity (git-fixes).
- iommu/vt-d: add rpls to quirk list to skip te disabling (git-fixes).
- iommu/vt-d: check correct capability for sagaw determination (git-fixes).
- iommu/vt-d: clean up si_domain in the init_dmars() error path (git-fixes).
- iommu/vt-d: correctly calculate sagaw value of iommu (git-fixes).
- iommu/vt-d: fix kdump kernels boot failure with scalable mode (git-fixes).
- iommu/vt-d: fix pci device refcount leak in dmar_dev_scope_init() (git-fixes).
- iommu/vt-d: fix pci device refcount leak in has_external_pci() (git-fixes).
- iommu/vt-d: preset access bit for iova in fl non-leaf paging entries (git-fixes).
- iommu/vt-d: set sre bit only when hardware has srs cap (git-fixes).
- ipmi:ssif: add check for kstrdup (git-fixes).
- ipmi:ssif: fix a memory leak when scanning for an adapter (git-fixes).
- ipmi_si: fix a memleak in try_smi_init() (git-fixes).
- jffs2: correct logic when creating a hole in jffs2_write_begin (git-fixes).
- kabi/severities: ignore newly added srso mitigation functions
- kabi: allow extra bugsints (bsc#1213927).
- kbuild: add -wno-shift-negative-value where -wextra is used (bsc#1214756).
- kbuild: move to -std=gnu11 (bsc#1214756).
- kernel-binary: common dependencies cleanup common dependencies are copied to a subpackage, there is no need for copying defines or build dependencies there.
- kernel-binary: drop code for kerntypes support kerntypes was a suse-specific feature dropped before sle 12.
- kunit: make kunit_test_timeout compatible with comment (git-fixes).
- kvm: s390: fix sthyi error handling (git-fixes bsc#1214370).
- leds: fix bug_on check for led_color_id_multi that is always false (git-fixes).
- leds: multicolor: use rounded division when calculating color components (git-fixes).
- leds: pwm: fix error code in led_pwm_create_fwnode() (git-fixes).
- leds: trigger: tty: do not use led_on/off constants, use led_blink_set_oneshot instead (git-fixes).
- leds: turris-omnia: drop unnecessary mutex locking (git-fixes).
- lib/test_meminit: allocate pages up to order max_order (git-fixes).
- lib/test_meminit: destroy cache in kmem_cache_alloc_bulk() test (git-fixes).
- libceph: fix potential hang in ceph_osdc_notify() (bsc#1214393).
- md/raid0: factor out helper for mapping and submitting a bio (bsc#1213916).
- md/raid0: fix performance regression for large sequential writes (bsc#1213916).
- media: ad5820: drop unsupported ad5823 from i2c_ and of_device_id tables (git-fixes).
- media: cx24120: add retval check for cx24120_message_send() (git-fixes).
- media: dib7000p: fix potential division by zero (git-fixes).
- media: dvb-usb: m920x: fix a potential memory leak in m920x_i2c_xfer() (git-fixes).
- media: go7007: remove redundant if statement (git-fixes).
- media: i2c: ccs: check rules is non-null (git-fixes).
- media: i2c: rdacm21: fix uninitialized value (git-fixes).
- media: i2c: tvp5150: check return value of devm_kasprintf() (git-fixes).
- media: ov2680: add ov2680_fill_format() helper function (git-fixes).
- media: ov2680: do not take the lock for try_fmt calls (git-fixes).
- media: ov2680: fix ov2680_bayer_order() (git-fixes).
- media: ov2680: fix ov2680_set_fmt() which == v4l2_subdev_format_try not working (git-fixes).
- media: ov2680: fix regulators being left enabled on ov2680_power_on() errors (git-fixes).
- media: ov2680: fix vflip / hflip set functions (git-fixes).
- media: ov2680: remove video_v4l2_subdev_api ifdef-s (git-fixes).
- media: ov5640: enable mipi interface in ov5640_set_power_mipi() (git-fixes).
- media: rkvdec: increase max supported height for h.264 (git-fixes).
- media: v4l2-core: fix a potential resource leak in v4l2_fwnode_parse_link() (git-fixes).
- media: v4l2-mem2mem: add lock to protect parameter num_rdy (git-fixes).
- media: venus: hfi_venus: only consider sys_idle_indicator on v1 (git-fixes).
- media: venus: hfi_venus: write to vidc_ctrl_init after unmasking interrupts (git-fixes).
- misc: rtsx: judge aspm mode to set petxcfg reg (git-fixes).
- mkspec: allow unsupported kmps (bsc#1214386)
- mlxsw: pci: add shutdown method in pci driver (git-fixes).
- mmc: block: fix in_flight[issue_type] value error (git-fixes).
- mmc: moxart: read scr register without changing byte order (git-fixes).
- mmc: wbsd: fix double mmc_free_host() in wbsd_init() (git-fixes).
- module: avoid allocation if module is already present and ready (bsc#1213921).
- module: extract patient module check into helper (bsc#1213921).
- module: move check_modinfo() early to early_mod_check() (bsc#1213921).
- module: move early sanity checks into a helper (bsc#1213921).
- move upstreamed hid patch into sorted section
- move upstreamed powerpc patches into sorted section
- mtd: rawnand: brcmnand: fix crash during the panic_write (git-fixes).
- mtd: rawnand: brcmnand: fix mtd oobsize (git-fixes).
- mtd: rawnand: brcmnand: fix potential false time out warning (git-fixes).
- mtd: rawnand: brcmnand: fix potential out-of-bounds access in oob write (git-fixes).
- mtd: rawnand: fsl_upm: fix an off-by one test in fun_exec_op() (git-fixes).
- mtd: rawnand: fsmc: handle clk prepare error in fsmc_nand_resume() (git-fixes).
- mtd: rawnand: omap_elm: fix incorrect type in assignment (git-fixes).
- mtd: rawnand: rockchip: align hwecc vs. raw page helper layouts (git-fixes).
- mtd: rawnand: rockchip: fix oobfree offset and description (git-fixes).
- mtd: spi-nor: check bus width while setting qe bit (git-fixes).
- mtd: spinand: toshiba: fix ecc_get_status (git-fixes).
- n_tty: rename tail to old_tail in n_tty_read() (git-fixes).
- net: hns3: fix wrong bw weight of disabled tc issue (git-fixes).
- net: ieee802154: at86rf230: stop leaking skb's (git-fixes).
- net: mana: fix mana vf unload when hardware is unresponsive (git-fixes).
- net: phy: at803x: remove set/get wol callbacks for ar8032 (git-fixes).
- net: phy: broadcom: stub c45 read/write for 54810 (git-fixes).
- net: phy: fix irq-based wake-on-lan over hibernate / power off (git-fixes).
- net: usb: lan78xx: reorder cleanup operations to avoid uaf bugs (git-fixes).
- net: usbnet: fix warning in usbnet_start_xmit/usb_submit_urb (git-fixes).
- netfs: fix lockdep warning from taking sb_writers whilst holding mmap_lock (bsc#1214742).
- netfs: fix missing xas_retry() calls in xarray iteration (bsc#1213946).
- netfs: fix parameter of cleanup() (bsc#1214743).
- nfsd: remove incorrect check in nfsd4_validate_stateid (git-fixes).
- nilfs2: fix use-after-free of nilfs_root in dirtying inodes via iput (git-fixes).
- nilfs2: fix warning in mark_buffer_dirty due to discarded buffer reuse (git-fixes).
- nvme-rdma: fix potential unbalanced freeze & unfreeze (bsc#1208902).
- nvme-tcp: fix potential unbalanced freeze & unfreeze (bsc#1208902).
- objtool/x86: fix srso mess (git-fixes).
- objtool/x86: fixup frame-pointer vs rethunk (git-fixes).
- objtool: union instruction::{call_dest,jump_table} (git-fixes).
- old-flavors: drop 2.6 kernels. 2.6 based kernels are eol, upgrading from them is no longer suported.
- pci/aspm: avoid link retraining race (git-fixes).
- pci/aspm: factor out pcie_wait_for_retrain() (git-fixes).
- pci/aspm: return 0 or -etimedout from pcie_retrain_link() (git-fixes).
- pci: acpiphp: reassign resources on bridge if necessary (git-fixes).
- pci: acpiphp: use pci_assign_unassigned_bridge_resources() only for non-root bus (git-fixes).
- pci: mark nvidia t4 gpus to avoid bus reset (git-fixes).
- pci: meson: remove cast between incompatible function type (git-fixes).
- pci: microchip: correct the ded and sec interrupt bit offsets (git-fixes).
- pci: microchip: remove cast between incompatible function type (git-fixes).
- pci: pciehp: use rmw accessors for changing lnkctl (git-fixes).
- pci: rockchip: remove writes to unused registers (git-fixes).
- pci: s390: fix use-after-free of pci resources with per-function hotplug (git-fixes).
- pci: tegra194: fix possible array out of bounds access (git-fixes).
- pcmcia: rsrc_nonstatic: fix memory leak in nonstatic_release_resource_db() (git-fixes).
- phy/rockchip: inno-hdmi: do not power on rk3328 post pll on reg write (git-fixes).
- phy/rockchip: inno-hdmi: round fractal pixclock in rk3328 recalc_rate (git-fixes).
- phy/rockchip: inno-hdmi: use correct vco_div_5 macro on rk3328 (git-fixes).
- phy: qcom-snps-femto-v2: keep cfg_ahb_clk enabled during runtime suspend (git-fixes).
- phy: qcom-snps-femto-v2: properly enable ref clock (git-fixes).
- phy: qcom-snps: correct struct qcom_snps_hsphy kerneldoc (git-fixes).
- phy: qcom-snps: use dev_err_probe() to simplify code (git-fixes).
- pinctrl: cherryview: fix address_space_handler() argument (git-fixes).
- pinctrl: mcp23s08: check return value of devm_kasprintf() (git-fixes).
- pinctrl: renesas: rza2: add lock around pinctrl_generic{{add,remove}_group,{add,remove}_function} (git-fixes).
- platform/x86: dell-sysman: fix reference leak (git-fixes).
- pm / devfreq: fix leak in devfreq_dev_release() (git-fixes).
- powerpc/64e: fix kexec build error (bsc#1212091 ltc#199106).
- powerpc/iommu: do not set failed sg dma_address to dma_mapping_error (bsc#1212091 ltc#199106).
- powerpc/iommu: fix iommu_table_in_use for a small default dma window case (bsc#1212091 ltc#199106).
- powerpc/iommu: incorrect ddw table is referenced for sr-iov device (bsc#1212091 ltc#199106).
- powerpc/iommu: return error code from .map_sg() ops (bsc#1212091 ltc#199106).
- powerpc/iommu: tces are incorrectly manipulated with dlpar add/remove of memory (bsc#1212091 ltc#199106).
- powerpc/kernel/iommu: add new iommu_table_in_use() helper (bsc#1212091 ltc#199106).
- powerpc/kexec: fix build failure from uninitialised variable (bsc#1212091 ltc#199106).
- powerpc/mm/altmap: fix altmap boundary check (bsc#1120059 git-fixes).
- powerpc/pseries/ddw: do not try direct mapping with persistent memory and one window (bsc#1212091 ltc#199106).
- powerpc/pseries/ddw: simplify enable_ddw() (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: add ddw_list_new_entry() helper (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: add ddw_property_create() and refactor enable_ddw() (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: add iommu_pseries_alloc_table() helper (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: add of_node_put() before break (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: allow ddw windows starting at 0x00 (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: check if the default window in use before removing it (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: create huge dma window if no mmio32 is present (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: find existing ddw with given property name (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: make use of ddw for indirect mapping (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: print ibm,query-pe-dma-windows parameters (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: rename 'direct window' to 'dma window' (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: reorganize iommu_table_setparms*() with new helper (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: replace hard-coded page shift (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: update remove_dma_window() to accept property name (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: use correct vfree for it_map (bsc#1212091 ltc#199106).
- powerpc/pseries: add __init attribute to eligible functions (bsc#1212091 ltc#199106).
- powerpc/pseries: honour current smt state when dlpar onlining cpus (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588).
- powerpc/pseries: initialise cpu hotplug callbacks earlier (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588).
- powerpc/rtas: block error injection when locked down (bsc#1023051).
- powerpc/rtas: enture rtas_call is called with mmu enabled (bsc#1023051).
- powerpc/rtas_flash: allow user copy to flash block cache objects (bsc#1194869).
- powerpc/security: fix speculation_store_bypass reporting on power10 (bsc#1188885 ltc#193722 git-fixes).
- powerpc: add hotplug_smt support (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). update config files.
- powerpc: fix typos in comments (bsc#1212091 ltc#199106).
- powerpc: move dma64_propname define to a header (bsc#1214297 ltc#197503).
- pseries/iommu/ddw: fix kdump to work in absence of ibm,dma-window (bsc#1214297 ltc#197503).
- pstore/ram: check start of empty przs during init (git-fixes).
- pwm: add a stub for devm_pwmchip_add() (git-fixes).
- pwm: meson: fix handling of period/duty if greater than uint_max (git-fixes).
- pwm: meson: simplify duplicated per-channel tracking (git-fixes).
- qed: fix scheduling in a tasklet while getting stats (git-fixes).
- rdma/bnxt_re: fix error handling in probe failure path (git-fixes)
- rdma/bnxt_re: fix max_qp count for virtual functions (git-fixes)
- rdma/efa: fix wrong resources deallocation order (git-fixes)
- rdma/hns: fix cq and qp cache affinity (git-fixes)
- rdma/hns: fix incorrect post-send with direct wqe of wr-list (git-fixes)
- rdma/hns: fix port active speed (git-fixes)
- rdma/irdma: prevent zero-length stag registration (git-fixes)
- rdma/irdma: replace one-element array with flexible-array member (git-fixes)
- rdma/mlx5: return the firmware result upon destroying qp/rq (git-fixes)
- rdma/qedr: remove a duplicate assignment in irdma_query_ah() (git-fixes)
- rdma/siw: balance the reference of cep->kref in the error path (git-fixes)
- rdma/siw: correct wrong debug message (git-fixes)
- rdma/umem: set iova in odp flow (git-fixes)
- readme.branch: add miroslav franc as a sle15-sp4 co-maintainer.
- regmap: rbtree: use alloc_flags for memory allocations (git-fixes).
- revert 'ib/isert: fix incorrect release of isert connection' (git-fixes)
- revert 'tracing: add '(fault)' name injection to kernel probes' (git-fixes).
- ring-buffer: do not swap cpu_buffer during resize process (git-fixes).
- ring-buffer: fix deadloop issue on reading trace_pipe (git-fixes).
- ring-buffer: fix wrong stat of cpu_buffer->read (git-fixes).
- rpmsg: glink: add check for kstrdup (git-fixes).
- s390/purgatory: disable branch profiling (git-fixes bsc#1214372).
- sched/fair: fix inaccurate tally of ttwu_move_affine (git fixes).
- sched/fair: use recent_used_cpu to test p->cpus_ptr (git fixes).
- sched/psi: use kernfs polling functions for psi trigger polling (bsc#1209799).
- scsi: bsg: increase number of devices (bsc#1210048).
- scsi: core: do not wait for quiesce in scsi_device_block() (bsc#1209284).
- scsi: core: do not wait for quiesce in scsi_stop_queue() (bsc#1209284).
- scsi: core: improve warning message in scsi_device_block() (bsc#1209284).
- scsi: core: merge scsi_internal_device_block() and device_block() (bsc#1209284).
- scsi: rdma/srp: fix residual handling (git-fixes)
- scsi: sg: increase number of devices (bsc#1210048).
- scsi: storvsc: always set no_report_opcodes (git-fixes).
- scsi: storvsc: fix handling of virtual fibre channel timeouts (git-fixes).
- scsi: storvsc: handle srb status value 0x30 (git-fixes).
- scsi: storvsc: limit max_sectors for virtual fibre channel devices (git-fixes).
- scsi: zfcp: defer fc_rport blocking until after adisc response (git-fixes bsc#1214371).
- selftests/futex: order calls to futex_lock_pi (git-fixes).
- selftests/harness: actually report skip for signal tests (git-fixes).
- selftests/resctrl: close perf value read fd on errors (git-fixes).
- selftests/resctrl: do not leak buffer in fill_cache() (git-fixes).
- selftests/resctrl: unmount resctrl fs if child fails to run benchmark (git-fixes).
- selftests/rseq: check if libc rseq support is registered (git-fixes).
- selftests: forwarding: add a helper to skip test when using veth pairs (git-fixes).
- selftests: forwarding: ethtool: skip when using veth pairs (git-fixes).
- selftests: forwarding: ethtool_extended_state: skip when using veth pairs (git-fixes).
- selftests: forwarding: skip test when no interfaces are specified (git-fixes).
- selftests: forwarding: switch off timeout (git-fixes).
- selftests: forwarding: tc_actions: cleanup temporary files when test is aborted (git-fixes).
- selftests: forwarding: tc_actions: use ncat instead of nc (git-fixes).
- selftests: forwarding: tc_flower: relax success criterion (git-fixes).
- selftests: mirror_gre_changes: tighten up the ttl test match (git-fixes).
- serial: sc16is7xx: fix broken port 0 uart init (git-fixes).
- serial: sc16is7xx: fix bug when first setting gpio direction (git-fixes).
- serial: sprd: assign sprd_port after initialized to avoid wrong access (git-fixes).
- serial: sprd: fix dma buffer leak issue (git-fixes).
- serial: tegra: handle clk prepare error in tegra_uart_hw_init() (git-fixes).
- sfc: fix crash when reading stats while nic is resetting (git-fixes).
- smb3: do not send lease break acknowledgment if all file handles have been closed (git-fixes).
- smb3: do not set ntlmssp_version flag for negotiate not auth request (bsc#1193629).
- smb: client: fix -wstringop-overflow issues (bsc#1193629).
- smb: client: fix dfs link mount against w2k8 (bsc#1212142).
- smb: client: fix null auth (git-fixes).
- soc: aspeed: socinfo: add kfree for kstrdup (git-fixes).
- soundwire: bus: pm_runtime_request_resume on peripheral attachment (git-fixes).
- soundwire: fix enumeration completion (git-fixes).
- spi: tegra20-sflash: fix to check return value of platform_get_irq() in tegra_sflash_probe() (git-fixes).
- supported.conf: fix typos for -!optional markers
- target: compare and write backend driver sense handling (bsc#1177719 bsc#1213026).
- target_core_rbd: fix leak and reduce kmalloc calls (bsc#1212873).
- target_core_rbd: fix rbd_img_request.snap_id assignment (bsc#1212857).
- target_core_rbd: remove snapshot existence validation code (bsc#1212857).
- thunderbolt: read retimer nvm authentication status prior tb_retimer_set_inbound_sbtx() (git-fixes).
- timers: add shutdown mechanism to the internal functions (bsc#1213970).
- timers: provide timer_shutdown[_sync]() (bsc#1213970).
- timers: rename del_timer() to timer_delete() (bsc#1213970).
- timers: rename del_timer_sync() to timer_delete_sync() (bsc#1213970).
- timers: replace bug_on()s (bsc#1213970).
- timers: silently ignore timers with a null function (bsc#1213970).
- timers: split [try_to_]del_timer[_sync]() to prepare for shutdown mode (bsc#1213970).
- timers: update kernel-doc for various functions (bsc#1213970).
- timers: use del_timer_sync() even on up (bsc#1213970).
- tracing/histograms: add histograms to hist_vars if they have referenced variables (git-fixes).
- tracing/histograms: return an error if we fail to add histogram to hist_vars list (git-fixes).
- tracing/probes: fix not to count error code to total length (git-fixes).
- tracing/probes: fix to avoid double count of the string length on the array (git-fixes).
- tracing/probes: fix to record 0-length data_loc in fetch_store_string*() if fails (git-fixes).
- tracing: fix cpu buffers unavailable due to 'record_disabled' missed (git-fixes).
- tracing: fix memleak due to race between current_tracer and trace (git-fixes).
- tracing: fix memory leak of iter->temp when reading trace_pipe (git-fixes).
- tracing: fix null pointer dereference in tracing_err_log_open() (git-fixes).
- tracing: fix warning in trace_buffered_event_disable() (git-fixes).
- tty: fix hang on tty device with no_room set (git-fixes).
- tty: n_gsm: fix the uaf caused by race condition in gsm_cleanup_mux (git-fixes).
- tty: serial: fsl_lpuart: add i.mxrt1050 support (git-fixes).
- tty: serial: fsl_lpuart: clear the error flags by writing 1 for lpuart32 platforms (git-fixes).
- tty: serial: fsl_lpuart: make rx_watermark configurable for different platforms (git-fixes).
- tty: serial: fsl_lpuart: reduce rx watermark to 0 on ls1028a (git-fixes).
- ubifs: fix memleak when insert_old_idx() failed (git-fixes).
- update cpufreq-intel_pstate-fix-cpu-pstate.turbo_freq-initi (git-fixes bsc#1212526 bsc#1214368 jsc#ped-4927 jsc#ped-4929).
- usb-storage: alauda: fix uninit-value in alauda_check_media() (git-fixes).
- usb: chipidea: imx: add missing usb phy dpdm wakeup setting (git-fixes).
- usb: chipidea: imx: do not request qos for imx8ulp (git-fixes).
- usb: chipidea: imx: improve logic if samsung,picophy-* parameter is 0 (git-fixes).
- usb: common: usb-conn-gpio: prevent bailing out if initial role is none (git-fixes).
- usb: dwc3: fix typos in gadget.c (git-fixes).
- usb: dwc3: meson-g12a: do post init to fix broken usb after resumption (git-fixes).
- usb: dwc3: properly handle processing of pending events (git-fixes).
- usb: gadget: f_mass_storage: fix unused variable warning (git-fixes).
- usb: gadget: fix the memory leak in raw_gadget driver (git-fixes).
- usb: gadget: u_serial: avoid spinlock recursion in __gs_console_push (git-fixes).
- usb: ohci-at91: fix the unhandle interrupt when resume (git-fixes).
- usb: phy: mxs: fix getting wrong state with mxs_phy_is_otg_host() (git-fixes).
- usb: quirks: add quirk for focusrite scarlett (git-fixes).
- usb: serial: option: add quectel ec200a module support (git-fixes).
- usb: serial: option: support quectel em060k_128 (git-fixes).
- usb: serial: simple: add kaufmann rks+can vcp (git-fixes).
- usb: serial: simple: sort driver entries (git-fixes).
- usb: typec: altmodes/displayport: signal hpd when configuring pin assignment (git-fixes).
- usb: typec: tcpm: fix response to vsafe0v event (git-fixes).
- usb: typec: tcpm: set initial svdm version based on pd revision (git-fixes).
- usb: zaurus: add id for a-300/b-500/c-700 (git-fixes).
- watchdog: sp5100_tco: support hygon fch/sch (server controller hub) (git-fixes).
- wifi: ath10k: use rmw accessors for changing lnkctl (git-fixes).
- wifi: ath11k: use rmw accessors for changing lnkctl (git-fixes).
- wifi: ath9k: fix races between ath9k_wmi_cmd and ath9k_wmi_ctrl_rx (git-fixes).
- wifi: ath9k: protect wmi command response buffer replacement with a lock (git-fixes).
- wifi: ath9k: use is_err() with debugfs_create_dir() (git-fixes).
- wifi: cfg80211: fix return value in scan logic (git-fixes).
- wifi: cfg80211: fix sband iftype data lookup for ap_vlan (git-fixes).
- wifi: mt76: mt7615: do not advertise 5 ghz on first phy of mt7615d (dbdc) (git-fixes).
- wifi: mt76: mt7915: fix power-limits while chan_switch (git-fixes).
- wifi: mt76: mt7921: do not support one stream on secondary antenna only (git-fixes).
- wifi: mt76: testmode: add nla_policy for mt76_tm_attr_tx_length (git-fixes).
- wifi: mwifiex: avoid possible null skb pointer dereference (git-fixes).
- wifi: mwifiex: fix error recovery in pcie buffer descriptor management (git-fixes).
- wifi: mwifiex: fix memory leak in mwifiex_histogram_read() (git-fixes).
- wifi: mwifiex: fix missed return in oob checks failed path (git-fixes).
- wifi: mwifiex: fix oob and integer underflow when rx packets (git-fixes).
- wifi: nl80211/cfg80211: add forgotten nla_policy for bss color attribute (git-fixes).
- wifi: radiotap: fix kernel-doc notation warnings (git-fixes).
- wifi: rtw89: debug: fix error handling in rtw89_debug_priv_btc_manual_set() (git-fixes).
- x86/alternative: make custom return thunk unconditional (git-fixes).
- x86/cpu/amd: disable xsaves on amd family 0x17 (git-fixes).
- x86/cpu/kvm: provide untrain_ret_vm (git-fixes).
- x86/cpu: clean up srso return thunk mess (git-fixes).
- x86/cpu: cleanup the untrain mess (git-fixes).
- x86/cpu: fix __x86_return_thunk symbol type (git-fixes).
- x86/cpu: fix up srso_safe_ret() and __x86_return_thunk() (git-fixes).
- x86/cpu: rename original retbleed methods (git-fixes).
- x86/cpu: rename srso_(.*)_alias to srso_alias_\1 (git-fixes).
- x86/mce: make sure logged mces are processed after sysfs update (git-fixes).
- x86/retpoline,kprobes: fix position of thunk sections with config_lto_clang (git-fixes).
- x86/retpoline,kprobes: skip optprobe check for indirect jumps with retpolines and ibt (git-fixes).
- x86/retpoline: do not clobber rflags during srso_safe_ret() (git-fixes).
- x86/sev: Make enc_dec_hypercall() accept a size instead of npages (bsc#1214635).
- x86/speculation: add cpu_show_gds() prototype (git-fixes).
- x86/speculation: mark all skylake cpus as vulnerable to gds (git-fixes).
- x86/srso: correct the mitigation status when smt is disabled (git-fixes).
- x86/srso: disable the mitigation on unaffected configurations (git-fixes).
- x86/srso: explain the untraining sequences a bit more (git-fixes).
- x86/srso: fix build breakage with the llvm linker (git-fixes).
- x86/srso: fix return thunks in generated code (git-fixes).
- x86/static_call: fix __static_call_fixup() (git-fixes).
- xfs: fix sb write verify for lazysbcount (bsc#1214661).
ImportantSUSE bug 1023051SUSE bug 1120059SUSE bug 1177719SUSE bug 1188885SUSE bug 1193629SUSE bug 1194869SUSE bug 1205462SUSE bug 1208902SUSE bug 1208949SUSE bug 1209284SUSE bug 1209799SUSE bug 1210048SUSE bug 1210448SUSE bug 1212091SUSE bug 1212142SUSE bug 1212526SUSE bug 1212857SUSE bug 1212873SUSE bug 1213026SUSE bug 1213123SUSE bug 1213546SUSE bug 1213580SUSE bug 1213601SUSE bug 1213666SUSE bug 1213757SUSE bug 1213759SUSE bug 1213916SUSE bug 1213921SUSE bug 1213927SUSE bug 1213946SUSE bug 1213968SUSE bug 1213970SUSE bug 1213971SUSE bug 1214000SUSE bug 1214019SUSE bug 1214120SUSE bug 1214149SUSE bug 1214180SUSE bug 1214238SUSE bug 1214285SUSE bug 1214297SUSE bug 1214299SUSE bug 1214350SUSE bug 1214368SUSE bug 1214370SUSE bug 1214371SUSE bug 1214372SUSE bug 1214380SUSE bug 1214386SUSE bug 1214392SUSE bug 1214393SUSE bug 1214397SUSE bug 1214428SUSE bug 1214451SUSE bug 1214635SUSE bug 1214659SUSE bug 1214661SUSE bug 1214729SUSE bug 1214742SUSE bug 1214743SUSE bug 1214756SUSE bug 1215522SUSE bug 1215523SUSE bug 1215552SUSE bug 1215553CVE-2023-2007 at SUSECVE-2023-2007 at NVDCVE-2023-20588 at SUSECVE-2023-20588 at NVDCVE-2023-34319 at SUSECVE-2023-34319 at NVDCVE-2023-3610 at SUSECVE-2023-3610 at NVDCVE-2023-37453 at SUSECVE-2023-37453 at NVDCVE-2023-3772 at SUSECVE-2023-3772 at NVDCVE-2023-3863 at SUSECVE-2023-3863 at NVDCVE-2023-4128 at SUSECVE-2023-4128 at NVDCVE-2023-4133 at SUSECVE-2023-4133 at NVDCVE-2023-4134 at SUSECVE-2023-4134 at NVDCVE-2023-4147 at SUSECVE-2023-4147 at NVDCVE-2023-4194 at SUSECVE-2023-4194 at NVDCVE-2023-4273 at SUSECVE-2023-4273 at NVDCVE-2023-4387 at SUSECVE-2023-4387 at NVDCVE-2023-4459 at SUSECVE-2023-4459 at NVDCVE-2023-4569 at SUSECVE-2023-4569 at NVDcpe:/o:suse:sle-micro:5.4Security update for nghttp2 (Important)SUSE Linux Enterprise Micro 5.4
This update for nghttp2 fixes the following issues:
- CVE-2023-35945: Fixed memory leak when PUSH_PROMISE or HEADERS frame cannot be sent (bsc#1215713).
ImportantSUSE bug 1215713CVE-2023-35945 at SUSECVE-2023-35945 at NVDcpe:/o:suse:sle-micro:5.4Security update for conmon (Important)SUSE Linux Enterprise Micro 5.4
This update for conmon fixes the following issues:
conmon was rebuilt using go1.21 (bsc#1215806)
ImportantSUSE bug 1215806cpe:/o:suse:sle-micro:5.4Security update for curl (Important)SUSE Linux Enterprise Micro 5.4
This update for curl fixes the following issues:
- CVE-2023-38545: Fixed a heap buffer overflow in SOCKS5. (bsc#1215888)
- CVE-2023-38546: Fixed a cookie injection with none file. (bsc#1215889)
ImportantSUSE bug 1215888SUSE bug 1215889CVE-2023-38545 at SUSECVE-2023-38545 at NVDCVE-2023-38546 at SUSECVE-2023-38546 at NVDcpe:/o:suse:sle-micro:5.4Security update for xen (Important)SUSE Linux Enterprise Micro 5.4
This update for xen fixes the following issues:
- CVE-2023-34323: A transaction conflict can crash C Xenstored (XSA-440, bsc#1215744)
- CVE-2023-34326: Missing IOMMU TLB flushing (XSA-442, bsc#1215746)
- CVE-2023-34325: Multiple vulnerabilities in libfsimage disk handling (XSA-443, bsc#1215747)
- CVE-2023-34327: Debug Mask handling (XSA-444, bsc#1215748)
- CVE-2023-34328: Debug Mask handling (XSA-444, bsc#1215748)
ImportantSUSE bug 1215744SUSE bug 1215746SUSE bug 1215747SUSE bug 1215748CVE-2023-34323 at SUSECVE-2023-34323 at NVDCVE-2023-34325 at SUSECVE-2023-34325 at NVDCVE-2023-34326 at SUSECVE-2023-34326 at NVDCVE-2023-34327 at SUSECVE-2023-34327 at NVDCVE-2023-34328 at SUSECVE-2023-34328 at NVDcpe:/o:suse:sle-micro:5.4Security update for qemu (Important)SUSE Linux Enterprise Micro 5.4
This update for qemu fixes the following issues:
- CVE-2023-3180: Fixed a buffer overflow in the virtio-crypto device
(bsc#1213925).
- CVE-2021-3750: Fixed a DMA reentrancy in the USB EHCI device that
could lead to use-after-free (bsc#1190011).
- CVE-2021-3638: Fixed a buffer overflow in the ati-vga device
(bsc#1188609).
- CVE-2023-3354: Fixed an issue when performing a TLS handshake that
could lead to remote denial of service via VNC connection
(bsc#1212850).
- CVE-2023-0330: Fixed a DMA reentrancy issue in the lsi53c895a device
that could lead to a stack overflow (bsc#1207205).
Non-security fixes:
- Fixed a potential build issue in the librm subcomponent
(bsc#1215311).
- Fixed a potential crash during VM migration (bsc#1213663).
- Fixed potential issues during installation on a Xen host
(bsc#1179993, bsc#1181740).
ImportantSUSE bug 1179993SUSE bug 1181740SUSE bug 1188609SUSE bug 1190011SUSE bug 1207205SUSE bug 1212850SUSE bug 1213663SUSE bug 1213925SUSE bug 1215311CVE-2021-3638 at SUSECVE-2021-3638 at NVDCVE-2021-3750 at SUSECVE-2021-3750 at NVDCVE-2023-0330 at SUSECVE-2023-0330 at NVDCVE-2023-3180 at SUSECVE-2023-3180 at NVDCVE-2023-3354 at SUSECVE-2023-3354 at NVDcpe:/o:suse:sle-micro:5.4Security update for samba (Important)SUSE Linux Enterprise Micro 5.4
This update for samba fixes the following issues:
- CVE-2023-4091: Fixed a bug where a client can truncate file with read-only permissions. (bsc#1215904)
- CVE-2023-42669: Fixed a bug in 'rpcecho' development server which allows Denial of Service via sleep() call on AD DC. (bso#1215905)
- CVE-2023-4154: Fixed a bug in dirsync which allows SYSTEM access with only 'GUID_DRS_GET_CHANGES' right. (bsc#1215908)
ImportantSUSE bug 1213940SUSE bug 1215904SUSE bug 1215905SUSE bug 1215908CVE-2023-4091 at SUSECVE-2023-4091 at NVDCVE-2023-4154 at SUSECVE-2023-4154 at NVDCVE-2023-42669 at SUSECVE-2023-42669 at NVDcpe:/o:suse:sle-micro:5.4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.4
The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2023-4563: Fixed an use-after-free flaw in the nftables sub-component. This vulnerability could allow a local attacker to crash the system or lead to a kernel information leak problem. (bsc#1214727)
- CVE-2023-39194: Fixed a flaw in the processing of state filters which could allow a local attackers to disclose sensitive information. (bsc#1215861)
- CVE-2023-39193: Fixed a flaw in the processing of state filters which could allow a local attackers to disclose sensitive information. (bsc#1215860)
- CVE-2023-39192: Fixed a flaw in the u32_match_it function which could allow a local attackers to disclose sensitive information. (bsc#1215858)
- CVE-2023-42754: Fixed a null pointer dereference in ipv4_link_failure which could lead an authenticated attacker to trigger a DoS. (bsc#1215467)
- CVE-2023-5345: fixed an use-after-free vulnerability in the fs/smb/client component which could be exploited to achieve local privilege escalation. (bsc#1215899)
- CVE-2023-4155: Fixed a flaw in KVM AMD Secure Encrypted Virtualization (SEV). An attacker can trigger a stack overflow and cause a denial of service or potentially guest-to-host escape in kernel configurations without stack guard pages. (bsc#1214022)
- CVE-2023-4389: Fixed a reference counting issue in the Btrfs filesystem that could be exploited in order to leak internal kernel information or crash the system (bsc#1214351).
- CVE-2023-42753: Fixed an array indexing vulnerability in the netfilter subsystem. This issue may have allowed a local user to crash the system or potentially escalate their privileges (bsc#1215150).
- CVE-2023-1206: Fixed a hash collision flaw in the IPv6 connection lookup table. A user located in the local network or with a high bandwidth connection can increase the CPU usage of the server that accepts IPV6 connections up to 95% (bsc#1212703).
- CVE-2023-4921: Fixed a use-after-free vulnerability in the QFQ network scheduler which could be exploited to achieve local privilege escalatio (bsc#1215275).
- CVE-2023-4622: Fixed a use-after-free vulnerability in the Unix domain sockets component which could be exploited to achieve local privilege escalation (bsc#1215117).
- CVE-2023-4623: Fixed a use-after-free issue in the HFSC network scheduler which could be exploited to achieve local privilege escalation (bsc#1215115).
- CVE-2023-1859: Fixed a use-after-free flaw in Xen transport for 9pfs which could be exploited to crash the system (bsc#1210169).
- CVE-2023-4881: Fixed a out-of-bounds write flaw in the netfilter subsystem that could lead to potential information disclosure or a denial of service (bsc#1215221).
- CVE-2023-2177: Fixed a null pointer dereference issue in the sctp network protocol which could allow a user to crash the system (bsc#1210643).
- CVE-2023-1192: Fixed use-after-free in cifs_demultiplex_thread() (bsc#1208995).
The following non-security bugs were fixed:
- ALSA: hda/cirrus: Fix broken audio on hardware with two CS42L42 codecs (git-fixes).
- ALSA: hda/realtek: Splitting the UX3402 into two separate models (git-fixes).
- ARM: pxa: remove use of symbol_get() (git-fixes).
- arm64: csum: Fix OoB access in IP checksum code for negative lengths (git-fixes).
- arm64: module-plts: inline linux/moduleloader.h (git-fixes)
- arm64: module: Use module_init_layout_section() to spot init sections (git-fixes)
- arm64: sdei: abort running SDEI handlers during crash (git-fixes)
- arm64: tegra: Update AHUB clock parent and rate (git-fixes)
- arm64/fpsimd: Only provide the length to cpufeature for xCR registers (git-fixes)
- ASoC: imx-audmix: Fix return error with devm_clk_get() (git-fixes).
- ASoC: meson: spdifin: start hw on dai probe (git-fixes).
- ASoC: soc-utils: Export snd_soc_dai_is_dummy() symbol (git-fixes).
- ASoC: tegra: Fix redundant PLLA and PLLA_OUT0 updates (git-fixes).
- ata: libata: disallow dev-initiated LPM transitions to unsupported states (git-fixes).
- ata: pata_falcon: fix IO base selection for Q40 (git-fixes).
- ata: pata_ftide010: Add missing MODULE_DESCRIPTION (git-fixes).
- ata: sata_gemini: Add missing MODULE_DESCRIPTION (git-fixes).
- backlight: gpio_backlight: Drop output GPIO direction check for initial power state (git-fixes).
- blk-iocost: fix divide by 0 error in calc_lcoefs() (bsc#1214986).
- blk-iocost: use spin_lock_irqsave in adjust_inuse_and_calc_cost (bsc#1214992).
- block/mq-deadline: use correct way to throttling write requests (bsc#1214993).
- Bluetooth: btsdio: fix use after free bug in btsdio_remove due to race condition (git-fixes).
- bnx2x: new flag for track HW resource allocation (bsc#1202845 bsc#1215322).
- bpf: Clear the probe_addr for uprobe (git-fixes).
- btrfs: do not hold CPU for too long when defragging a file (bsc#1214988).
- drm: gm12u320: Fix the timeout usage for usb_bulk_msg() (git-fixes).
- drm/amd/display: fix the white screen issue when >= 64GB DRAM (git-fixes).
- drm/amd/display: prevent potential division by zero errors (git-fixes).
- drm/display: Do not assume dual mode adaptors support i2c sub-addressing (bsc#1213808).
- drm/i915: mark requests for GuC virtual engines to avoid use-after-free (git-fixes).
- drm/i915/gvt: Drop unused helper intel_vgpu_reset_gtt() (git-fixes).
- drm/virtio: Correct drm_gem_shmem_get_sg_table() error handling (git-fixes).
- drm/virtio: Use appropriate atomic state in virtio_gpu_plane_cleanup_fb() (git-fixes).
- ext4: avoid potential data overflow in next_linear_group (bsc#1214951).
- ext4: correct inline offset when handling xattrs in inode body (bsc#1214950).
- ext4: fix memory leaks in ext4_fname_{setup_filename,prepare_lookup} (bsc#1214954).
- ext4: fix wrong unit use in ext4_mb_clear_bb (bsc#1214943).
- ext4: fix wrong unit use in ext4_mb_new_blocks (bsc#1214944).
- ext4: get block from bh in ext4_free_blocks for fast commit replay (bsc#1214942).
- ext4: reflect error codes from ext4_multi_mount_protect() to its callers (bsc#1214941).
- ext4: Remove ext4 locking of moved directory (bsc#1214957).
- ext4: set goal start correctly in ext4_mb_normalize_request (bsc#1214940).
- fs: do not update freeing inode i_io_list (bsc#1214813).
- fs: Establish locking order for unrelated directories (bsc#1214958).
- fs: Lock moved directories (bsc#1214959).
- fs: lockd: avoid possible wrong NULL parameter (git-fixes).
- fs: no need to check source (bsc#1215752).
- fs: record I_DIRTY_TIME even if inode already has I_DIRTY_INODE (bsc#1214813).
- fuse: nlookup missing decrement in fuse_direntplus_link (bsc#1215581).
- gve: Add AF_XDP zero-copy support for GQI-QPL format (bsc#1214479).
- gve: Add XDP DROP and TX support for GQI-QPL format (bsc#1214479).
- gve: Add XDP REDIRECT support for GQI-QPL format (bsc#1214479).
- gve: Changes to add new TX queues (bsc#1214479).
- gve: Control path for DQO-QPL (bsc#1214479).
- gve: fix frag_list chaining (bsc#1214479).
- gve: Fix gve interrupt names (bsc#1214479).
- gve: RX path for DQO-QPL (bsc#1214479).
- gve: trivial spell fix Recive to Receive (bsc#1214479).
- gve: Tx path for DQO-QPL (bsc#1214479).
- gve: Unify duplicate GQ min pkt desc size constants (bsc#1214479).
- gve: use vmalloc_array and vcalloc (bsc#1214479).
- gve: XDP support GQI-QPL: helper function changes (bsc#1214479).
- hwrng: virtio - add an internal buffer (git-fixes).
- hwrng: virtio - always add a pending request (git-fixes).
- hwrng: virtio - do not wait on cleanup (git-fixes).
- hwrng: virtio - do not waste entropy (git-fixes).
- hwrng: virtio - Fix race on data_avail and actual data (git-fixes).
- i2c: aspeed: Reset the i2c controller when timeout occurs (git-fixes).
- i3c: master: svc: fix probe failure when no i3c device exist (git-fixes).
- idr: fix param name in idr_alloc_cyclic() doc (git-fixes).
- Input: tca6416-keypad - fix interrupt enable disbalance (git-fixes).
- iommu/virtio: Detach domain on endpoint release (git-fixes).
- jbd2: check 'jh->b_transaction' before removing it from checkpoint (bsc#1214953).
- jbd2: correct the end of the journal recovery scan range (bsc#1214955).
- jbd2: fix a race when checking checkpoint buffer busy (bsc#1214949).
- jbd2: fix checkpoint cleanup performance regression (bsc#1214952).
- jbd2: Fix wrongly judgement for buffer head removing while doing checkpoint (bsc#1214948).
- jbd2: recheck chechpointing non-dirty buffer (bsc#1214945).
- jbd2: remove journal_clean_one_cp_list() (bsc#1214947).
- jbd2: remove t_checkpoint_io_list (bsc#1214946).
- jbd2: restore t_checkpoint_io_list to maintain kABI (bsc#1214946).
- kabi/severities: ignore mlx4 internal symbols
- kconfig: fix possible buffer overflow (git-fixes).
- kernel-binary: Move build-time definitions together Move source list and build architecture to buildrequires to aid in future reorganization of the spec template.
- kernel-binary: python3 is needed for build At least scripts/bpf_helpers_doc.py requires python3 since Linux 4.18 Other simimlar scripts may exist.
- kselftest/runner.sh: Propagate SIGTERM to runner child (git-fixes).
- KVM: s390: fix KVM_S390_GET_CMMA_BITS for GFNs in memslot holes (git-fixes bsc#1215915).
- KVM: s390: interrupt: use READ_ONCE() before cmpxchg() (git-fixes bsc#1215896).
- KVM: s390: pv: fix external interruption loop not always detected (git-fixes bsc#1215916).
- KVM: s390: vsie: Fix the initialization of the epoch extension (epdx) field (git-fixes bsc#1215894).
- KVM: s390: vsie: fix the length of APCB bitmap (git-fixes bsc#1215895).
- KVM: s390/diag: fix racy access of physical cpu number in diag 9c handler (git-fixes bsc#1215911).
- KVM: SVM: Remove a duplicate definition of VMCB_AVIC_APIC_BAR_MASK (git-fixes).
- KVM: VMX: Fix header file dependency of asm/vmx.h (git-fixes).
- KVM: x86: Fix KVM_CAP_SYNC_REGS's sync_regs() TOCTOU issues (git-fixes).
- KVM: x86/mmu: Include mmu.h in spte.h (git-fixes).
- loop: Fix use-after-free issues (bsc#1214991).
- loop: loop_set_status_from_info() check before assignment (bsc#1214990).
- mlx4: Avoid resetting MLX4_INTFF_BONDING per driver (bsc#1187236).
- mlx4: Connect the ethernet part to the auxiliary bus (bsc#1187236).
- mlx4: Connect the infiniband part to the auxiliary bus (bsc#1187236).
- mlx4: Delete custom device management logic (bsc#1187236).
- mlx4: Get rid of the mlx4_interface.activate callback (bsc#1187236).
- mlx4: Get rid of the mlx4_interface.get_dev callback (bsc#1187236).
- mlx4: Move the bond work to the core driver (bsc#1187236).
- mlx4: Register mlx4 devices to an auxiliary virtual bus (bsc#1187236).
- mlx4: Rename member mlx4_en_dev.nb to netdev_nb (bsc#1187236).
- mlx4: Replace the mlx4_interface.event callback with a notifier (bsc#1187236).
- mlx4: Use 'void *' as the event param of mlx4_dispatch_event() (bsc#1187236).
- module: Expose module_init_layout_section() (git-fixes)
- net: do not allow gso_size to be set to GSO_BY_FRAGS (git-fixes).
- net: mana: Add page pool for RX buffers (bsc#1214040).
- net: mana: Configure hwc timeout from hardware (bsc#1214037).
- net: phy: micrel: Correct bit assignments for phy_device flags (git-fixes).
- net: usb: qmi_wwan: add Quectel EM05GV2 (git-fixes).
- net/mlx4: Remove many unnecessary NULL values (bsc#1187236).
- NFS: Guard against READDIR loop when entry names exceed MAXNAMELEN (git-fixes).
- NFS/blocklayout: Use the passed in gfp flags (git-fixes).
- NFS/pNFS: Fix assignment of xprtdata.cred (git-fixes).
- NFS/pNFS: Report EINVAL errors from connect() to the server (git-fixes).
- NFSD: da_addr_body field missing in some GETDEVICEINFO replies (git-fixes).
- NFSD: fix change_info in NFSv4 RENAME replies (git-fixes).
- NFSD: Fix race to FREE_STATEID and cl_revoked (git-fixes).
- NFSv4: Fix dropped lock for racing OPEN and delegation return (git-fixes).
- NFSv4: fix out path in __nfs4_get_acl_uncached (git-fixes).
- NFSv4.2: fix error handling in nfs42_proc_getxattr (git-fixes).
- NFSv4.2: fix handling of COPY ERR_OFFLOAD_NO_REQ (git-fixes).
- NFSv4/pNFS: minor fix for cleanup path in nfs4_get_device_info (git-fixes).
- ntb: Clean up tx tail index on link down (git-fixes).
- ntb: Drop packets when qp link is down (git-fixes).
- ntb: Fix calculation ntb_transport_tx_free_entry() (git-fixes).
- nvme-auth: use chap->s2 to indicate bidirectional authentication (bsc#1214543).
- nvme-tcp: add recovery_delay to sysfs (bsc#1201284).
- nvme-tcp: delay error recovery until the next KATO interval (bsc#1201284).
- nvme-tcp: Do not terminate commands when in RESETTING (bsc#1201284).
- nvme-tcp: make 'err_work' a delayed work (bsc#1201284).
- PCI: Free released resource after coalescing (git-fixes).
- platform/mellanox: mlxbf-pmc: Fix potential buffer overflows (git-fixes).
- platform/mellanox: mlxbf-pmc: Fix reading of unprogrammed events (git-fixes).
- platform/mellanox: mlxbf-tmfifo: Drop jumbo frames (git-fixes).
- platform/mellanox: mlxbf-tmfifo: Drop the Rx packet if no more descriptors (git-fixes).
- platform/x86: intel_scu_ipc: Check status after timeout in busy_loop() (git-fixes).
- platform/x86: intel_scu_ipc: Check status upon timeout in ipc_wait_for_interrupt() (git-fixes).
- platform/x86: intel_scu_ipc: Do not override scu in intel_scu_ipc_dev_simple_command() (git-fixes).
- platform/x86: intel_scu_ipc: Fail IPC send if still busy (git-fixes).
- powerpc/fadump: make is_kdump_kernel() return false when fadump is active (bsc#1212639 ltc#202582).
- powerpc/iommu: Fix notifiers being shared by PCI and VIO buses (bsc#1065729).
- powerpc/rtas: mandate RTAS syscall filtering (bsc#1023051).
- powerpc/xics: Remove unnecessary endian conversion (bsc#1065729).
- printk: ringbuffer: Fix truncating buffer size min_t cast (bsc#1215875).
- pwm: lpc32xx: Remove handling of PWM channels (git-fixes).
- quota: add new helper dquot_active() (bsc#1214998).
- quota: factor out dquot_write_dquot() (bsc#1214995).
- quota: fix dqput() to follow the guarantees dquot_srcu should provide (bsc#1214963).
- quota: fix warning in dqgrab() (bsc#1214962).
- quota: Properly disable quotas when add_dquot_ref() fails (bsc#1214961).
- quota: rename dquot_active() to inode_quota_active() (bsc#1214997).
- s390/qeth: Do not call dev_close/dev_open (DOWN/UP) (bsc#1214873 git-fixes).
- s390/zcrypt: do not leak memory if dev_set_name() fails (git-fixes bsc#1215148).
- scsi: 3w-xxxx: Add error handling for initialization failure in tw_probe() (git-fixes).
- scsi: 53c700: Check that command slot is not NULL (git-fixes).
- scsi: core: Fix legacy /proc parsing buffer overflow (git-fixes).
- scsi: core: Fix possible memory leak if device_add() fails (git-fixes).
- scsi: fnic: Replace return codes in fnic_clean_pending_aborts() (git-fixes).
- scsi: lpfc: Do not abuse UUID APIs and LPFC_COMPRESS_VMID_SIZE (git-fixes).
- scsi: lpfc: Early return after marking final NLP_DROPPED flag in dev_loss_tmo (git-fixes).
- scsi: lpfc: Fix the NULL vs IS_ERR() bug for debugfs_create_file() (git-fixes).
- scsi: lpfc: Modify when a node should be put in device recovery mode during RSCN (git-fixes).
- scsi: lpfc: Prevent use-after-free during rmmod with mapped NVMe rports (git-fixes).
- scsi: lpfc: Remove reftag check in DIF paths (git-fixes).
- scsi: qedf: Add synchronization between I/O completions and abort (bsc#1210658).
- scsi: qedf: Fix firmware halt over suspend and resume (git-fixes).
- scsi: qedf: Fix NULL dereference in error handling (git-fixes).
- scsi: qedi: Fix firmware halt over suspend and resume (git-fixes).
- scsi: qla2xxx: Add logs for SFP temperature monitoring (bsc#1214928).
- scsi: qla2xxx: Allow 32-byte CDBs (bsc#1214928).
- scsi: qla2xxx: Error code did not return to upper layer (bsc#1214928).
- scsi: qla2xxx: Fix firmware resource tracking (bsc#1214928).
- scsi: qla2xxx: Fix NULL vs IS_ERR() bug for debugfs_create_dir() (git-fixes).
- scsi: qla2xxx: Fix smatch warn for qla_init_iocb_limit() (bsc#1214928).
- scsi: qla2xxx: Flush mailbox commands on chip reset (bsc#1214928).
- scsi: qla2xxx: Move resource to allow code reuse (bsc#1214928).
- scsi: qla2xxx: Remove unsupported ql2xenabledif option (bsc#1214928).
- scsi: qla2xxx: Remove unused declarations (bsc#1214928).
- scsi: qla2xxx: Remove unused variables in qla24xx_build_scsi_type_6_iocbs() (bsc#1214928).
- scsi: qla2xxx: Update version to 10.02.09.100-k (bsc#1214928).
- scsi: qla2xxx: Use raw_smp_processor_id() instead of smp_processor_id() (git-fixes).
- scsi: scsi_debug: Remove dead code (git-fixes).
- scsi: snic: Fix double free in snic_tgt_create() (git-fixes).
- scsi: snic: Fix possible memory leak if device_add() fails (git-fixes).
- scsi: storvsc: Handle additional SRB status values (git-fixes).
- scsi: zfcp: Fix a double put in zfcp_port_enqueue() (git-fixes bsc#1215941).
- selftests: tracing: Fix to unmount tracefs for recovering environment (git-fixes).
- SUNRPC: Mark the cred for revalidation if the server rejects it (git-fixes).
- tcpm: Avoid soft reset when partner does not support get_status (git-fixes).
- tracing: Fix race issue between cpu buffer write and swap (git-fixes).
- tracing: Remove extra space at the end of hwlat_detector/mode (git-fixes).
- tracing: Remove unnecessary copying of tr->current_trace (git-fixes).
- uapi: stddef.h: Fix __DECLARE_FLEX_ARRAY for C++ (git-fixes).
- udf: Fix extension of the last extent in the file (bsc#1214964).
- udf: Fix file corruption when appending just after end of preallocated extent (bsc#1214965).
- udf: Fix off-by-one error when discarding preallocation (bsc#1214966).
- udf: Fix uninitialized array access for some pathnames (bsc#1214967).
- uprobes/x86: Allow to probe a NOP instruction with 0x66 prefix (git-fixes).
- usb: ehci: add workaround for chipidea PORTSC.PEC bug (git-fixes).
- usb: ehci: move new member has_ci_pec_bug into hole (git-fixes).
- usb: serial: option: add FOXCONN T99W368/T99W373 product (git-fixes).
- usb: serial: option: add Quectel EM05G variant (0x030e) (git-fixes).
- usb: typec: tcpci: clear the fault status bit (git-fixes).
- usb: typec: tcpci: move tcpci.h to include/linux/usb/ (git-fixes).
- vhost_vdpa: fix the crash in unmap a large memory (git-fixes).
- vhost-scsi: unbreak any layout for response (git-fixes).
- vhost: allow batching hint without size (git-fixes).
- vhost: fix hung thread due to erroneous iotlb entries (git-fixes).
- vhost: handle error while adding split ranges to iotlb (git-fixes).
- virtio_net: add checking sq is full inside xdp xmit (git-fixes).
- virtio_net: Fix probe failed when modprobe virtio_net (git-fixes).
- virtio_net: reorder some funcs (git-fixes).
- virtio_net: separate the logic of checking whether sq is full (git-fixes).
- virtio_ring: fix avail_wrap_counter in virtqueue_add_packed (git-fixes).
- virtio-mmio: do not break lifecycle of vm_dev (git-fixes).
- virtio-net: fix race between set queues and probe (git-fixes).
- virtio-net: set queues after driver_ok (git-fixes).
- virtio-rng: make device ready before making request (git-fixes).
- virtio: acknowledge all features before access (git-fixes).
- vmcore: remove dependency with is_kdump_kernel() for exporting vmcore (bsc#1212639 ltc#202582).
- watchdog: intel-mid_wdt: add MODULE_ALIAS() to allow auto-load (git-fixes).
- word-at-a-time: use the same return type for has_zero regardless of endianness (bsc#1065729).
- x86/alternative: Fix race in try_get_desc() (git-fixes).
- x86/boot/e820: Fix typo in e820.c comment (git-fixes).
- x86/bugs: Reset speculation control settings on init (git-fixes).
- x86/cpu: Add Lunar Lake M (git-fixes).
- x86/cpu: Add model number for Intel Arrow Lake processor (git-fixes).
- x86/fpu: Take task_struct* in copy_sigframe_from_user_to_xstate() (git-fixes).
- x86/head/64: Switch to KERNEL_CS as soon as new GDT is installed (git-fixes).
- x86/i8259: Mark legacy PIC interrupts with IRQ_LEVEL (git-fixes).
- x86/ioapic: Do not return 0 from arch_dynirq_lower_bound() (git-fixes).
- x86/ioremap: Fix page aligned size calculation in __ioremap_caller() (git-fixes).
- x86/mce: Retrieve poison range from hardware (git-fixes).
- x86/mem_encrypt: Unbreak the AMD_MEM_ENCRYPT=n build (git-fixes).
- x86/mm: Avoid incomplete Global INVLPG flushes (git-fixes).
- x86/mm: Do not shuffle CPU entry areas without KASLR (git-fixes).
- x86/purgatory: remove PGO flags (git-fixes).
- x86/PVH: avoid 32-bit build warning when obtaining VGA console info (git-fixes).
- x86/reboot: Disable virtualization in an emergency if SVM is supported (git-fixes).
- x86/resctl: fix scheduler confusion with 'current' (git-fixes).
- x86/resctrl: Fix task CLOSID/RMID update race (git-fixes).
- x86/resctrl: Fix to restore to original value when re-enabling hardware prefetch register (git-fixes).
- x86/rtc: Remove __init for runtime functions (git-fixes).
- x86/sgx: Reduce delay and interference of enclave release (git-fixes).
- x86/srso: Do not probe microcode in a guest (git-fixes).
- x86/srso: Fix SBPB enablement for spec_rstack_overflow=off (git-fixes).
- x86/srso: Fix srso_show_state() side effect (git-fixes).
- x86/srso: Set CPUID feature bits independently of bug or mitigation status (git-fixes).
- x86/virt: Force GIF=1 prior to disabling SVM (for reboot flows) (git-fixes).
- xen: remove a confusing comment on auto-translated guest I/O (git-fixes).
- xprtrdma: Remap Receive buffers after a reconnect (git-fixes).
ImportantSUSE bug 1202845SUSE bug 1213808SUSE bug 1214928SUSE bug 1214940SUSE bug 1214941SUSE bug 1214942SUSE bug 1214943SUSE bug 1214944SUSE bug 1214950SUSE bug 1214951SUSE bug 1214954SUSE bug 1214957SUSE bug 1214986SUSE bug 1214988SUSE bug 1214992SUSE bug 1214993SUSE bug 1215322SUSE bug 1215877SUSE bug 1215894SUSE bug 1215895SUSE bug 1215896SUSE bug 1215911SUSE bug 1215915SUSE bug 1215916CVE-2023-1192 at SUSECVE-2023-1192 at NVDCVE-2023-1206 at SUSECVE-2023-1206 at NVDCVE-2023-1859 at SUSECVE-2023-1859 at NVDCVE-2023-2177 at SUSECVE-2023-2177 at NVDCVE-2023-39192 at SUSECVE-2023-39192 at NVDCVE-2023-39193 at SUSECVE-2023-39193 at NVDCVE-2023-39194 at SUSECVE-2023-39194 at NVDCVE-2023-4155 at SUSECVE-2023-4155 at NVDCVE-2023-42753 at SUSECVE-2023-42753 at NVDCVE-2023-42754 at SUSECVE-2023-42754 at NVDCVE-2023-4389 at SUSECVE-2023-4389 at NVDCVE-2023-4563 at SUSECVE-2023-4563 at NVDCVE-2023-4622 at SUSECVE-2023-4622 at NVDCVE-2023-4623 at SUSECVE-2023-4623 at NVDCVE-2023-4881 at SUSECVE-2023-4881 at NVDCVE-2023-4921 at SUSECVE-2023-4921 at NVDCVE-2023-5345 at SUSECVE-2023-5345 at NVDcpe:/o:suse:sle-micro:5.4Security update for opensc (Important)SUSE Linux Enterprise Micro 5.4
This update for opensc fixes the following issues:
- CVE-2023-40660: Fixed a PIN bypass that could be triggered when
cards tracked their own login state (bsc#1215762).
- CVE-2023-40661: Fixed several memory safety issues that could happen
during the card enrollment process using pkcs15-init (bsc#1215761).
ImportantSUSE bug 1215761SUSE bug 1215762CVE-2023-40660 at SUSECVE-2023-40660 at NVDCVE-2023-40661 at SUSECVE-2023-40661 at NVDcpe:/o:suse:sle-micro:5.4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.4
The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2023-39194: Fixed an out of bounds read in the XFRM subsystem (bsc#1215861).
- CVE-2023-39193: Fixed an out of bounds read in the xtables subsystem (bsc#1215860).
- CVE-2023-39192: Fixed an out of bounds read in the netfilter (bsc#1215858).
- CVE-2023-42754: Fixed a NULL pointer dereference in the IPv4 stack that could lead to denial of service (bsc#1215467).
- CVE-2023-4389: Fixed a reference counting issue in the Btrfs filesystem that could be exploited in order to leak internal kernel information or crash the system (bsc#1214351).
- CVE-2023-5345: fixed an use-after-free vulnerability in the fs/smb/client component which could be exploited to achieve local privilege escalation. (bsc#1215899)
- CVE-2023-42753: Fixed an array indexing vulnerability in the netfilter subsystem. This issue may have allowed a local user to crash the system or potentially escalate their privileges (bsc#1215150).
- CVE-2023-1206: Fixed a hash collision flaw in the IPv6 connection lookup table. A user located in the local network or with a high bandwidth connection can increase the CPU usage of the server that accepts IPV6 connections up to 95% (bsc#1212703).
- CVE-2023-4921: Fixed a use-after-free vulnerability in the QFQ network scheduler which could be exploited to achieve local privilege escalatio (bsc#1215275).
- CVE-2023-4622: Fixed a use-after-free vulnerability in the Unix domain sockets component which could be exploited to achieve local privilege escalation (bsc#1215117).
- CVE-2023-4623: Fixed a use-after-free issue in the HFSC network scheduler which could be exploited to achieve local privilege escalation (bsc#1215115).
- CVE-2023-4155: Fixed a flaw in KVM AMD Secure Encrypted Virtualization (SEV). An attacker can trigger a stack overflow and cause a denial of service or potentially guest-to-host escape in kernel configurations without stack guard pages. (bsc#1214022)
- CVE-2023-1859: Fixed a use-after-free flaw in Xen transport for 9pfs which could be exploited to crash the system (bsc#1210169).
- CVE-2023-4881: Fixed a out-of-bounds write flaw in the netfilter subsystem that could lead to potential information disclosure or a denial of service (bsc#1215221).
- CVE-2023-2177: Fixed a null pointer dereference issue in the sctp network protocol which could allow a user to crash the system (bsc#1210643).
- CVE-2023-4563: Fixed an use-after-free flaw in the nftables sub-component. This vulnerability could allow a local attacker to crash the system or lead to a kernel information leak problem. (bsc#1214727)
- CVE-2023-1192: Fixed use-after-free in cifs_demultiplex_thread() (bsc#1208995).
The following non-security bugs were fixed:
- ALSA: hda/cirrus: Fix broken audio on hardware with two CS42L42 codecs (git-fixes).
- ALSA: hda/realtek: Splitting the UX3402 into two separate models (git-fixes).
- ARM: pxa: remove use of symbol_get() (git-fixes).
- arm64: csum: Fix OoB access in IP checksum code for negative lengths (git-fixes).
- arm64: module-plts: inline linux/moduleloader.h (git-fixes)
- arm64: module: Use module_init_layout_section() to spot init sections (git-fixes)
- arm64: sdei: abort running SDEI handlers during crash (git-fixes)
- arm64: tegra: Update AHUB clock parent and rate (git-fixes)
- arm64/fpsimd: Only provide the length to cpufeature for xCR registers (git-fixes)
- ASoC: imx-audmix: Fix return error with devm_clk_get() (git-fixes).
- ASoC: meson: spdifin: start hw on dai probe (git-fixes).
- ASoC: soc-utils: Export snd_soc_dai_is_dummy() symbol (git-fixes).
- ASoC: tegra: Fix redundant PLLA and PLLA_OUT0 updates (git-fixes).
- ata: libata: disallow dev-initiated LPM transitions to unsupported states (git-fixes).
- ata: pata_falcon: fix IO base selection for Q40 (git-fixes).
- ata: pata_ftide010: Add missing MODULE_DESCRIPTION (git-fixes).
- ata: sata_gemini: Add missing MODULE_DESCRIPTION (git-fixes).
- backlight: gpio_backlight: Drop output GPIO direction check for initial power state (git-fixes).
- blk-iocost: fix divide by 0 error in calc_lcoefs() (bsc#1214986).
- blk-iocost: use spin_lock_irqsave in adjust_inuse_and_calc_cost (bsc#1214992).
- block/mq-deadline: use correct way to throttling write requests (bsc#1214993).
- Bluetooth: btsdio: fix use after free bug in btsdio_remove due to race condition (git-fixes).
- bnx2x: new flag for track HW resource allocation (bsc#1202845 bsc#1215322).
- bpf: Clear the probe_addr for uprobe (git-fixes).
- btrfs: do not hold CPU for too long when defragging a file (bsc#1214988).
- drm: gm12u320: Fix the timeout usage for usb_bulk_msg() (git-fixes).
- drm/amd/display: fix the white screen issue when >= 64GB DRAM (git-fixes).
- drm/amd/display: prevent potential division by zero errors (git-fixes).
- drm/display: Do not assume dual mode adaptors support i2c sub-addressing (bsc#1213808).
- drm/i915: mark requests for GuC virtual engines to avoid use-after-free (git-fixes).
- drm/i915/gvt: Drop unused helper intel_vgpu_reset_gtt() (git-fixes).
- drm/virtio: Correct drm_gem_shmem_get_sg_table() error handling (git-fixes).
- drm/virtio: Use appropriate atomic state in virtio_gpu_plane_cleanup_fb() (git-fixes).
- ext4: avoid potential data overflow in next_linear_group (bsc#1214951).
- ext4: correct inline offset when handling xattrs in inode body (bsc#1214950).
- ext4: fix memory leaks in ext4_fname_{setup_filename,prepare_lookup} (bsc#1214954).
- ext4: fix wrong unit use in ext4_mb_clear_bb (bsc#1214943).
- ext4: fix wrong unit use in ext4_mb_new_blocks (bsc#1214944).
- ext4: get block from bh in ext4_free_blocks for fast commit replay (bsc#1214942).
- ext4: reflect error codes from ext4_multi_mount_protect() to its callers (bsc#1214941).
- ext4: Remove ext4 locking of moved directory (bsc#1214957).
- ext4: set goal start correctly in ext4_mb_normalize_request (bsc#1214940).
- fs: do not update freeing inode i_io_list (bsc#1214813).
- fs: Establish locking order for unrelated directories (bsc#1214958).
- fs: Lock moved directories (bsc#1214959).
- fs: lockd: avoid possible wrong NULL parameter (git-fixes).
- fs: no need to check source (bsc#1215752).
- fs: record I_DIRTY_TIME even if inode already has I_DIRTY_INODE (bsc#1214813).
- fuse: nlookup missing decrement in fuse_direntplus_link (bsc#1215581).
- gve: Add AF_XDP zero-copy support for GQI-QPL format (bsc#1214479).
- gve: Add XDP DROP and TX support for GQI-QPL format (bsc#1214479).
- gve: Add XDP REDIRECT support for GQI-QPL format (bsc#1214479).
- gve: Changes to add new TX queues (bsc#1214479).
- gve: Control path for DQO-QPL (bsc#1214479).
- gve: fix frag_list chaining (bsc#1214479).
- gve: Fix gve interrupt names (bsc#1214479).
- gve: RX path for DQO-QPL (bsc#1214479).
- gve: trivial spell fix Recive to Receive (bsc#1214479).
- gve: Tx path for DQO-QPL (bsc#1214479).
- gve: Unify duplicate GQ min pkt desc size constants (bsc#1214479).
- gve: use vmalloc_array and vcalloc (bsc#1214479).
- gve: XDP support GQI-QPL: helper function changes (bsc#1214479).
- hwrng: virtio - add an internal buffer (git-fixes).
- hwrng: virtio - always add a pending request (git-fixes).
- hwrng: virtio - do not wait on cleanup (git-fixes).
- hwrng: virtio - do not waste entropy (git-fixes).
- hwrng: virtio - Fix race on data_avail and actual data (git-fixes).
- i2c: aspeed: Reset the i2c controller when timeout occurs (git-fixes).
- i3c: master: svc: fix probe failure when no i3c device exist (git-fixes).
- idr: fix param name in idr_alloc_cyclic() doc (git-fixes).
- Input: tca6416-keypad - fix interrupt enable disbalance (git-fixes).
- iommu/virtio: Detach domain on endpoint release (git-fixes).
- jbd2: check 'jh->b_transaction' before removing it from checkpoint (bsc#1214953).
- jbd2: correct the end of the journal recovery scan range (bsc#1214955).
- jbd2: fix a race when checking checkpoint buffer busy (bsc#1214949).
- jbd2: fix checkpoint cleanup performance regression (bsc#1214952).
- jbd2: Fix wrongly judgement for buffer head removing while doing checkpoint (bsc#1214948).
- jbd2: recheck chechpointing non-dirty buffer (bsc#1214945).
- jbd2: remove journal_clean_one_cp_list() (bsc#1214947).
- jbd2: remove t_checkpoint_io_list (bsc#1214946).
- jbd2: restore t_checkpoint_io_list to maintain kABI (bsc#1214946).
- kabi/severities: ignore mlx4 internal symbols
- kconfig: fix possible buffer overflow (git-fixes).
- kernel-binary: Move build-time definitions together Move source list and build architecture to buildrequires to aid in future reorganization of the spec template.
- kernel-binary: python3 is needed for build At least scripts/bpf_helpers_doc.py requires python3 since Linux 4.18 Other simimlar scripts may exist.
- kselftest/runner.sh: Propagate SIGTERM to runner child (git-fixes).
- KVM: s390: fix KVM_S390_GET_CMMA_BITS for GFNs in memslot holes (git-fixes bsc#1215915).
- KVM: s390: interrupt: use READ_ONCE() before cmpxchg() (git-fixes bsc#1215896).
- KVM: s390: pv: fix external interruption loop not always detected (git-fixes bsc#1215916).
- KVM: s390: vsie: Fix the initialization of the epoch extension (epdx) field (git-fixes bsc#1215894).
- KVM: s390: vsie: fix the length of APCB bitmap (git-fixes bsc#1215895).
- KVM: s390/diag: fix racy access of physical cpu number in diag 9c handler (git-fixes bsc#1215911).
- KVM: SVM: Remove a duplicate definition of VMCB_AVIC_APIC_BAR_MASK (git-fixes).
- KVM: VMX: Fix header file dependency of asm/vmx.h (git-fixes).
- KVM: x86: Fix KVM_CAP_SYNC_REGS's sync_regs() TOCTOU issues (git-fixes).
- KVM: x86/mmu: Include mmu.h in spte.h (git-fixes).
- loop: Fix use-after-free issues (bsc#1214991).
- loop: loop_set_status_from_info() check before assignment (bsc#1214990).
- mlx4: Avoid resetting MLX4_INTFF_BONDING per driver (bsc#1187236).
- mlx4: Connect the ethernet part to the auxiliary bus (bsc#1187236).
- mlx4: Connect the infiniband part to the auxiliary bus (bsc#1187236).
- mlx4: Delete custom device management logic (bsc#1187236).
- mlx4: Get rid of the mlx4_interface.activate callback (bsc#1187236).
- mlx4: Get rid of the mlx4_interface.get_dev callback (bsc#1187236).
- mlx4: Move the bond work to the core driver (bsc#1187236).
- mlx4: Register mlx4 devices to an auxiliary virtual bus (bsc#1187236).
- mlx4: Rename member mlx4_en_dev.nb to netdev_nb (bsc#1187236).
- mlx4: Replace the mlx4_interface.event callback with a notifier (bsc#1187236).
- mlx4: Use 'void *' as the event param of mlx4_dispatch_event() (bsc#1187236).
- net: do not allow gso_size to be set to GSO_BY_FRAGS (git-fixes).
- net: mana: Add page pool for RX buffers (bsc#1214040).
- net: mana: Configure hwc timeout from hardware (bsc#1214037).
- net: phy: micrel: Correct bit assignments for phy_device flags (git-fixes).
- net: usb: qmi_wwan: add Quectel EM05GV2 (git-fixes).
- net/mlx4: Remove many unnecessary NULL values (bsc#1187236).
- NFS: Guard against READDIR loop when entry names exceed MAXNAMELEN (git-fixes).
- NFS/blocklayout: Use the passed in gfp flags (git-fixes).
- NFS/pNFS: Report EINVAL errors from connect() to the server (git-fixes).
- NFSD: da_addr_body field missing in some GETDEVICEINFO replies (git-fixes).
- NFSD: fix change_info in NFSv4 RENAME replies (git-fixes).
- NFSD: Fix race to FREE_STATEID and cl_revoked (git-fixes).
- NFSv4: Fix dropped lock for racing OPEN and delegation return (git-fixes).
- NFSv4: fix out path in __nfs4_get_acl_uncached (git-fixes).
- NFSv4.2: fix error handling in nfs42_proc_getxattr (git-fixes).
- NFSv4.2: fix handling of COPY ERR_OFFLOAD_NO_REQ (git-fixes).
- NFSv4/pnfs: minor fix for cleanup path in nfs4_get_device_info (git-fixes).
- ntb: Clean up tx tail index on link down (git-fixes).
- ntb: Drop packets when qp link is down (git-fixes).
- ntb: Fix calculation ntb_transport_tx_free_entry() (git-fixes).
- nvme-auth: use chap->s2 to indicate bidirectional authentication (bsc#1214543).
- nvme-tcp: add recovery_delay to sysfs (bsc#1201284).
- nvme-tcp: delay error recovery until the next KATO interval (bsc#1201284).
- nvme-tcp: Do not terminate commands when in RESETTING (bsc#1201284).
- nvme-tcp: make 'err_work' a delayed work (bsc#1201284).
- PCI: Free released resource after coalescing (git-fixes).
- platform/mellanox: mlxbf-pmc: Fix potential buffer overflows (git-fixes).
- platform/mellanox: mlxbf-pmc: Fix reading of unprogrammed events (git-fixes).
- platform/mellanox: mlxbf-tmfifo: Drop jumbo frames (git-fixes).
- platform/mellanox: mlxbf-tmfifo: Drop the Rx packet if no more descriptors (git-fixes).
- platform/x86: intel_scu_ipc: Check status after timeout in busy_loop() (git-fixes).
- platform/x86: intel_scu_ipc: Check status upon timeout in ipc_wait_for_interrupt() (git-fixes).
- platform/x86: intel_scu_ipc: Do not override scu in intel_scu_ipc_dev_simple_command() (git-fixes).
- platform/x86: intel_scu_ipc: Fail IPC send if still busy (git-fixes).
- pNFS: Fix assignment of xprtdata.cred (git-fixes).
- powerpc/fadump: make is_kdump_kernel() return false when fadump is active (bsc#1212639 ltc#202582).
- powerpc/iommu: Fix notifiers being shared by PCI and VIO buses (bsc#1065729).
- powerpc/rtas: mandate RTAS syscall filtering (bsc#1023051).
- powerpc/xics: Remove unnecessary endian conversion (bsc#1065729).
- printk: ringbuffer: Fix truncating buffer size min_t cast (bsc#1215875).
- pwm: lpc32xx: Remove handling of PWM channels (git-fixes).
- quota: add new helper dquot_active() (bsc#1214998).
- quota: factor out dquot_write_dquot() (bsc#1214995).
- quota: fix dqput() to follow the guarantees dquot_srcu should provide (bsc#1214963).
- quota: fix warning in dqgrab() (bsc#1214962).
- quota: Properly disable quotas when add_dquot_ref() fails (bsc#1214961).
- quota: rename dquot_active() to inode_quota_active() (bsc#1214997).
- s390/zcrypt: do not leak memory if dev_set_name() fails (git-fixes bsc#1215148).
- scsi: 3w-xxxx: Add error handling for initialization failure in tw_probe() (git-fixes).
- scsi: 53c700: Check that command slot is not NULL (git-fixes).
- scsi: core: Fix legacy /proc parsing buffer overflow (git-fixes).
- scsi: core: Fix possible memory leak if device_add() fails (git-fixes).
- scsi: fnic: Replace return codes in fnic_clean_pending_aborts() (git-fixes).
- scsi: lpfc: Do not abuse UUID APIs and LPFC_COMPRESS_VMID_SIZE (git-fixes).
- scsi: lpfc: Early return after marking final NLP_DROPPED flag in dev_loss_tmo (git-fixes).
- scsi: lpfc: Fix the NULL vs IS_ERR() bug for debugfs_create_file() (git-fixes).
- scsi: lpfc: Modify when a node should be put in device recovery mode during RSCN (git-fixes).
- scsi: lpfc: Prevent use-after-free during rmmod with mapped NVMe rports (git-fixes).
- scsi: lpfc: Remove reftag check in DIF paths (git-fixes).
- scsi: qedf: Add synchronization between I/O completions and abort (bsc#1210658).
- scsi: qedf: Fix firmware halt over suspend and resume (git-fixes).
- scsi: qedf: Fix NULL dereference in error handling (git-fixes).
- scsi: qedi: Fix firmware halt over suspend and resume (git-fixes).
- scsi: qla2xxx: Add logs for SFP temperature monitoring (bsc#1214928).
- scsi: qla2xxx: Allow 32-byte CDBs (bsc#1214928).
- scsi: qla2xxx: Error code did not return to upper layer (bsc#1214928).
- scsi: qla2xxx: Fix firmware resource tracking (bsc#1214928).
- scsi: qla2xxx: Fix NULL vs IS_ERR() bug for debugfs_create_dir() (git-fixes).
- scsi: qla2xxx: Fix smatch warn for qla_init_iocb_limit() (bsc#1214928).
- scsi: qla2xxx: Flush mailbox commands on chip reset (bsc#1214928).
- scsi: qla2xxx: Move resource to allow code reuse (bsc#1214928).
- scsi: qla2xxx: Remove unsupported ql2xenabledif option (bsc#1214928).
- scsi: qla2xxx: Remove unused declarations (bsc#1214928).
- scsi: qla2xxx: Remove unused variables in qla24xx_build_scsi_type_6_iocbs() (bsc#1214928).
- scsi: qla2xxx: Update version to 10.02.09.100-k (bsc#1214928).
- scsi: qla2xxx: Use raw_smp_processor_id() instead of smp_processor_id() (git-fixes).
- scsi: scsi_debug: Remove dead code (git-fixes).
- scsi: snic: Fix double free in snic_tgt_create() (git-fixes).
- scsi: snic: Fix possible memory leak if device_add() fails (git-fixes).
- scsi: storvsc: Handle additional SRB status values (git-fixes).
- scsi: zfcp: Fix a double put in zfcp_port_enqueue() (git-fixes bsc#1215941).
- selftests: tracing: Fix to unmount tracefs for recovering environment (git-fixes).
- SUNRPC: Mark the cred for revalidation if the server rejects it (git-fixes).
- tcpm: Avoid soft reset when partner does not support get_status (git-fixes).
- tracing: Fix race issue between cpu buffer write and swap (git-fixes).
- tracing: Remove extra space at the end of hwlat_detector/mode (git-fixes).
- tracing: Remove unnecessary copying of tr->current_trace (git-fixes).
- uapi: stddef.h: Fix __DECLARE_FLEX_ARRAY for C++ (git-fixes).
- udf: Fix extension of the last extent in the file (bsc#1214964).
- udf: Fix file corruption when appending just after end of preallocated extent (bsc#1214965).
- udf: Fix off-by-one error when discarding preallocation (bsc#1214966).
- udf: Fix uninitialized array access for some pathnames (bsc#1214967).
- uprobes/x86: Allow to probe a NOP instruction with 0x66 prefix (git-fixes).
- usb: ehci: add workaround for chipidea PORTSC.PEC bug (git-fixes).
- usb: ehci: move new member has_ci_pec_bug into hole (git-fixes).
- usb: serial: option: add FOXCONN T99W368/T99W373 product (git-fixes).
- usb: serial: option: add Quectel EM05G variant (0x030e) (git-fixes).
- usb: typec: tcpci: clear the fault status bit (git-fixes).
- usb: typec: tcpci: move tcpci.h to include/linux/usb/ (git-fixes).
- vhost_vdpa: fix the crash in unmap a large memory (git-fixes).
- vhost-scsi: unbreak any layout for response (git-fixes).
- vhost: allow batching hint without size (git-fixes).
- vhost: fix hung thread due to erroneous iotlb entries (git-fixes).
- vhost: handle error while adding split ranges to iotlb (git-fixes).
- virtio_net: add checking sq is full inside xdp xmit (git-fixes).
- virtio_net: Fix probe failed when modprobe virtio_net (git-fixes).
- virtio_net: reorder some funcs (git-fixes).
- virtio_net: separate the logic of checking whether sq is full (git-fixes).
- virtio_ring: fix avail_wrap_counter in virtqueue_add_packed (git-fixes).
- virtio-mmio: do not break lifecycle of vm_dev (git-fixes).
- virtio-net: fix race between set queues and probe (git-fixes).
- virtio-net: set queues after driver_ok (git-fixes).
- virtio-rng: make device ready before making request (git-fixes).
- virtio: acknowledge all features before access (git-fixes).
- vmcore: remove dependency with is_kdump_kernel() for exporting vmcore (bsc#1212639 ltc#202582).
- watchdog: intel-mid_wdt: add MODULE_ALIAS() to allow auto-load (git-fixes).
- word-at-a-time: use the same return type for has_zero regardless of endianness (bsc#1065729).
- x86/alternative: Fix race in try_get_desc() (git-fixes).
- x86/boot/e820: Fix typo in e820.c comment (git-fixes).
- x86/bugs: Reset speculation control settings on init (git-fixes).
- x86/cpu: Add Lunar Lake M (git-fixes).
- x86/cpu: Add model number for Intel Arrow Lake processor (git-fixes).
- x86/fpu: Take task_struct* in copy_sigframe_from_user_to_xstate() (git-fixes).
- x86/head/64: Switch to KERNEL_CS as soon as new GDT is installed (git-fixes).
- x86/i8259: Mark legacy PIC interrupts with IRQ_LEVEL (git-fixes).
- x86/ioapic: Do not return 0 from arch_dynirq_lower_bound() (git-fixes).
- x86/ioremap: Fix page aligned size calculation in __ioremap_caller() (git-fixes).
- x86/mce: Retrieve poison range from hardware (git-fixes).
- x86/mem_encrypt: Unbreak the AMD_MEM_ENCRYPT=n build (git-fixes).
- x86/mm: Avoid incomplete Global INVLPG flushes (git-fixes).
- x86/mm: Do not shuffle CPU entry areas without KASLR (git-fixes).
- x86/purgatory: remove PGO flags (git-fixes).
- x86/PVH: avoid 32-bit build warning when obtaining VGA console info (git-fixes).
- x86/reboot: Disable virtualization in an emergency if SVM is supported (git-fixes).
- x86/resctl: fix scheduler confusion with 'current' (git-fixes).
- x86/resctrl: Fix task CLOSID/RMID update race (git-fixes).
- x86/resctrl: Fix to restore to original value when re-enabling hardware prefetch register (git-fixes).
- x86/rtc: Remove __init for runtime functions (git-fixes).
- x86/sgx: Reduce delay and interference of enclave release (git-fixes).
- x86/srso: Do not probe microcode in a guest (git-fixes).
- x86/srso: Fix SBPB enablement for spec_rstack_overflow=off (git-fixes).
- x86/srso: Fix srso_show_state() side effect (git-fixes).
- x86/srso: Set CPUID feature bits independently of bug or mitigation status (git-fixes).
- x86/virt: Force GIF=1 prior to disabling SVM (for reboot flows) (git-fixes).
- xen: remove a confusing comment on auto-translated guest I/O (git-fixes).
- xprtrdma: Remap Receive buffers after a reconnect (git-fixes).
ImportantSUSE bug 1202845SUSE bug 1213808SUSE bug 1214928SUSE bug 1214940SUSE bug 1214941SUSE bug 1214942SUSE bug 1214943SUSE bug 1214944SUSE bug 1214950SUSE bug 1214951SUSE bug 1214954SUSE bug 1214957SUSE bug 1214986SUSE bug 1214988SUSE bug 1214992SUSE bug 1214993SUSE bug 1215322SUSE bug 1215877SUSE bug 1215894SUSE bug 1215895SUSE bug 1215896SUSE bug 1215911SUSE bug 1215915SUSE bug 1215916CVE-2023-1192 at SUSECVE-2023-1192 at NVDCVE-2023-1206 at SUSECVE-2023-1206 at NVDCVE-2023-1859 at SUSECVE-2023-1859 at NVDCVE-2023-2177 at SUSECVE-2023-2177 at NVDCVE-2023-39192 at SUSECVE-2023-39192 at NVDCVE-2023-39193 at SUSECVE-2023-39193 at NVDCVE-2023-39194 at SUSECVE-2023-39194 at NVDCVE-2023-4155 at SUSECVE-2023-4155 at NVDCVE-2023-42753 at SUSECVE-2023-42753 at NVDCVE-2023-42754 at SUSECVE-2023-42754 at NVDCVE-2023-4389 at SUSECVE-2023-4389 at NVDCVE-2023-4563 at SUSECVE-2023-4563 at NVDCVE-2023-4622 at SUSECVE-2023-4622 at NVDCVE-2023-4623 at SUSECVE-2023-4623 at NVDCVE-2023-4881 at SUSECVE-2023-4881 at NVDCVE-2023-4921 at SUSECVE-2023-4921 at NVDCVE-2023-5345 at SUSECVE-2023-5345 at NVDcpe:/o:suse:sle-micro:5.4Security update for python-urllib3 (Moderate)SUSE Linux Enterprise Micro 5.4
This update for python-urllib3 fixes the following issues:
- CVE-2023-43804: Fixed a potential cookie leak via HTTP redirect if
the user manually set the corresponding header (bsc#1215968).
ModerateSUSE bug 1215968CVE-2023-43804 at SUSECVE-2023-43804 at NVDcpe:/o:suse:sle-micro:5.4Security update for glibc (Important)SUSE Linux Enterprise Micro 5.4
This update for glibc fixes the following issues:
Security issue fixed:
- CVE-2023-4813: Fixed a potential use-after-free in gaih_inet() (bsc#1215286, BZ #28931)
Also a regression from a previous update was fixed:
- elf: Align argument of __munmap to page size (bsc#1215891, BZ #28676)
ImportantSUSE bug 1215286SUSE bug 1215891CVE-2023-4813 at SUSECVE-2023-4813 at NVDcpe:/o:suse:sle-micro:5.4Security update for cni (Important)SUSE Linux Enterprise Micro 5.4
This update of cni fixes the following issues:
- rebuild the package with the go 1.21 security release (bsc#1212475).
ImportantSUSE bug 1212475SUSE bug 1216006cpe:/o:suse:sle-micro:5.4Security update for cni-plugins (Important)SUSE Linux Enterprise Micro 5.4
This update of cni-plugins fixes the following issues:
- rebuild the package with the go 1.21 security release (bsc#1212475).
ImportantSUSE bug 1212475SUSE bug 1216006cpe:/o:suse:sle-micro:5.4Security update for suse-module-tools (Important)SUSE Linux Enterprise Micro 5.4
This update for suse-module-tools fixes the following issues:
- Updated to version 15.4.18:
- CVE-2023-1829: Blacklisted the Linux kernel tcindex classifier
module (bsc#1210335).
- CVE-2023-23559: Blacklisted the Linux kernel RNDIS modules
(bsc#1205767, jsc#PED-5731).
ImportantSUSE bug 1205767SUSE bug 1210335CVE-2023-1829 at SUSECVE-2023-1829 at NVDCVE-2023-23559 at SUSECVE-2023-23559 at NVDcpe:/o:suse:sle-micro:5.4Security update for grub2 (Important)SUSE Linux Enterprise Micro 5.4
This update for grub2 fixes the following issues:
Security fixes:
- CVE-2023-4692: Fixed an out-of-bounds write at fs/ntfs.c which may lead to unsigned code execution. (bsc#1215935)
- CVE-2023-4693: Fixed an out-of-bounds read at fs/ntfs.c which may lead to leak sensitive information. (bsc#1215936)
Other fixes:
- Fix a boot delay issue in PowerPC PXE boot (bsc#1201300)
ImportantSUSE bug 1201300SUSE bug 1215935SUSE bug 1215936CVE-2023-4692 at SUSECVE-2023-4692 at NVDCVE-2023-4693 at SUSECVE-2023-4693 at NVDcpe:/o:suse:sle-micro:5.4Security update for gcc13 (Important)SUSE Linux Enterprise Micro 5.4
This update for gcc13 fixes the following issues:
This update ship the GCC 13.2 compiler suite and its base libraries.
The compiler base libraries are provided for all SUSE Linux Enterprise 15
versions and replace the same named GCC 12 ones.
The new compilers for C, C++, and Fortran are provided for SUSE Linux
Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module.
The Go, D, Ada and Modula 2 language compiler parts are available
unsupported via the PackageHub repositories.
To use gcc13 compilers use:
- install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages.
- override your Makefile to use CC=gcc13, CXX=g++13 and similar overrides for the other languages.
For a full changelog with all new GCC13 features, check out
https://gcc.gnu.org/gcc-13/changes.html
Detailed changes:
* CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable
length stack allocations. (bsc#1214052)
- Turn cross compiler to s390x to a glibc cross. [bsc#1214460]
- Also handle -static-pie in the default-PIE specs
- Fixed missed optimization in Skia resulting in Firefox crashes when
building with LTO. [bsc#1212101]
- Make libstdc++6-devel packages own their directories since they
can be installed standalone. [bsc#1211427]
- Add new x86-related intrinsics (amxcomplexintrin.h).
- RISC-V: Add support for inlining subword atomic operations
- Use --enable-link-serialization rather that --enable-link-mutex,
the benefit of the former one is that the linker jobs are not
holding tokens of the make's jobserver.
- Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd
for the general state of BPF with GCC.
- Add bootstrap conditional to allow --without=bootstrap to be
specified to speed up local builds for testing.
- Bump included newlib to version 4.3.0.
- Also package libhwasan_preinit.o on aarch64.
- Configure external timezone database provided by the timezone
package. Make libstdc++6 recommend timezone to get a fully
working std::chrono. Install timezone when running the testsuite.
- Package libhwasan_preinit.o on x86_64.
- Fixed unwinding on aarch64 with pointer signing. [bsc#1206684]
- Enable PRU flavour for gcc13
- update floatn fixinclude pickup to check each header separately (bsc#1206480)
- Redo floatn fixinclude pick-up to simply keep what is there.
- Bump libgo SONAME to libgo22.
- Do not package libhwasan for biarch (32-bit architecture)
as the extension depends on 64-bit pointers.
- Adjust floatn fixincludes guard to work with SLE12 and earlier
SLE15.
- Depend on at least LLVM 13 for GCN cross compiler.
- Update embedded newlib to version 4.2.0
- Allow cross-pru-gcc12-bootstrap for armv7l architecture.
PRU architecture is used for real-time MCUs embedded into TI
armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for
armv7l in order to build both host applications and PRU firmware
during the same build.
ImportantSUSE bug 1206480SUSE bug 1206684SUSE bug 1210557SUSE bug 1211427SUSE bug 1212101SUSE bug 1213915SUSE bug 1214052SUSE bug 1214460CVE-2023-4039 at SUSECVE-2023-4039 at NVDcpe:/o:suse:sle-micro:5.4Security update for openssl-3 (Important)SUSE Linux Enterprise Micro 5.4
This update for openssl-3 fixes the following issues:
- CVE-2023-5363: Incorrect cipher key and IV length processing. (bsc#1216163)
- CVE-2023-3817: Add test of DH_check() with q = p + 1. (bsc#1213853)
ImportantSUSE bug 1213853SUSE bug 1216163CVE-2023-3817 at SUSECVE-2023-3817 at NVDCVE-2023-5363 at SUSECVE-2023-5363 at NVDcpe:/o:suse:sle-micro:5.4Recommended update for libssh2_org (Moderate)SUSE Linux Enterprise Micro 5.4
This update for libssh2_org fixes the following issues:
- Upgrade to version 1.11.0 in SLE-15: [jsc#PED-7040]
Update to 1.11.0:
* Enhancements and bugfixes
- Adds support for encrypt-then-mac (ETM) MACs
- Adds support for AES-GCM crypto protocols
- Adds support for sk-ecdsa-sha2-nistp256 and sk-ssh-ed25519 keys
- Adds support for RSA certificate authentication
- Adds FIDO support with *_sk() functions
- Adds RSA-SHA2 key upgrading to OpenSSL, WinCNG, mbedTLS, OS400 backends
- Adds Agent Forwarding and libssh2_agent_sign()
- Adds support for Channel Signal message libssh2_channel_signal_ex()
- Adds support to get the user auth banner message libssh2_userauth_banner()
- Adds LIBSSH2_NO_{MD5, HMAC_RIPEMD, DSA, RSA, RSA_SHA1, ECDSA, ED25519,
AES_CBC, AES_CTR, BLOWFISH, RC4, CAST, 3DES} options
- Adds direct stream UNIX sockets with libssh2_channel_direct_streamlocal_ex()
- Adds wolfSSL support to CMake file
- Adds mbedTLS 3.x support
- Adds LibreSSL 3.5 support
- Adds support for CMake 'unity' builds
- Adds CMake support for building shared and static libs in a single pass
- Adds symbol hiding support to CMake
- Adds support for libssh2.rc for all build tools
- Adds .zip, .tar.xz and .tar.bz2 release tarballs
- Enables ed25519 key support for LibreSSL 3.7.0 or higher
- Improves OpenSSL 1.1 and 3 compatibility
- Now requires OpenSSL 1.0.2 or newer
- Now requires CMake 3.1 or newer
- SFTP: Adds libssh2_sftp_open_ex_r() and libssh2_sftp_open_r() extended APIs
- SFTP: No longer has a packet limit when reading a directory
- SFTP: now parses attribute extensions if they exist
- SFTP: no longer will busy loop if SFTP fails to initialize
- SFTP: now clear various errors as expected
- SFTP: no longer skips files if the line buffer is too small
- SCP: add option to not quote paths
- SCP: Enables 64-bit offset support unconditionally
- Now skips leading \r and \n characters in banner_receive()
- Enables secure memory zeroing with all build tools on all platforms
- No longer logs SSH_MSG_REQUEST_FAILURE packets from keepalive
- Speed up base64 encoding by 7x
- Assert if there is an attempt to write a value that is too large
- WinCNG: fix memory leak in _libssh2_dh_secret()
- Added protection against possible null pointer dereferences
- Agent now handles overly large comment lengths
- Now ensure KEX replies don't include extra bytes
- Fixed possible buffer overflow when receiving SSH_MSG_USERAUTH_BANNER
- Fixed possible buffer overflow in keyboard interactive code path
- Fixed overlapping memcpy()
- Fixed Windows UWP builds
- Fixed DLL import name
- Renamed local RANDOM_PADDING macro to avoid unexpected define on Windows
- Support for building with gcc versions older than 8
- Improvements to CMake, Makefile, NMakefile, GNUmakefile, autoreconf files
- Restores ANSI C89 compliance
- Enabled new compiler warnings and fixed/silenced them
- Improved error messages
- Now uses CIFuzz
- Numerous minor code improvements
- Improvements to CI builds
- Improvements to unit tests
- Improvements to doc files
- Improvements to example files
- Removed 'old gex' build option
- Removed no-encryption/no-mac builds
- Removed support for NetWare and Watcom wmake build files
- Bump to version 1.10.0
* Enhancements and bugfixes:
* support ECDSA certificate authentication
* fix detailed _libssh2_error being overwritten by generic errors
* unified error handling
* fix _libssh2_random() silently discarding errors
* don't error if using keys without RSA
* avoid OpenSSL latent error in FIPS mode
* fix EVP_Cipher interface change in openssl 3
* fix potential overwrite of buffer when reading stdout of command
* use string_buf in ecdh_sha2_nistp() to avoid attempting to parse malformed data
* correct a typo which may lead to stack overflow
* fix random big number generation to match openssl
* added key exchange group16-sha512 and group18-sha512.
* add support for an OSS Fuzzer fuzzing target
* adds support for ECDSA for both key exchange and host key algorithms
* clean up curve25519 code
* update the min, preferred and max DH group values based on RFC 8270.
* changed type of LIBSSH2_FX_* constants to unsigned long
* added diffie-hellman-group14-sha256 kex
* fix for use of uninitialized aes_ctr_cipher.key_len when using HAVE_OPAQUE_STRUCTS, regression
* fixes memory leaks and use after free AES EVP_CIPHER contexts when using OpenSSL 1.0.x.
* fixes crash with delayed compression option using Bitvise server.
* adds support for PKIX key reading
* use new API to parse data in packet_x11_open() for better bounds checking.
* double the static buffer size when reading and writing known hosts
* improved bounds checking in packet_queue_listener
* improve message parsing (CVE-2019-17498)
* improve bounds checking in kex_agree_methods()
* adding SSH agent forwarding.
* fix agent forwarding message, updated example.
* added integration test code and cmake target. Added example to cmake list.
* don't call `libssh2_crypto_exit()` until `_libssh2_initialized` count is down to zero.
* add an EWOULDBLOCK check for better portability
* fix off by one error when loading public keys with no id
* fix use-after-free crash on reinitialization of openssl backend
* preserve error info from agent_list_identities()
* make sure the error code is set in _libssh2_channel_open()
* fixed misspellings
* fix potential typecast error for `_libssh2_ecdsa_key_get_curve_type`
* rename _libssh2_ecdsa_key_get_curve_type to _libssh2_ecdsa_get_curve_type
ModerateCVE-2019-17498 at SUSECVE-2019-17498 at NVDcpe:/o:suse:sle-micro:5.4Security update for nghttp2 (Important)SUSE Linux Enterprise Micro 5.4
This update for nghttp2 fixes the following issues:
- CVE-2023-44487: Fixed HTTP/2 Rapid Reset attack. (bsc#1216174)
ImportantSUSE bug 1216123SUSE bug 1216174CVE-2023-44487 at SUSECVE-2023-44487 at NVDcpe:/o:suse:sle-micro:5.4Security update for zlib (Moderate)SUSE Linux Enterprise Micro 5.4
This update for zlib fixes the following issues:
- CVE-2023-45853: Fixed an integer overflow that would lead to a
buffer overflow in the minizip subcomponent (bsc#1216378).
ModerateSUSE bug 1216378CVE-2023-45853 at SUSECVE-2023-45853 at NVDcpe:/o:suse:sle-micro:5.4Security update for zchunk (Important)SUSE Linux Enterprise Micro 5.4
This update for zchunk fixes the following issues:
- CVE-2023-46228: Fixed a handle overflow errors in malformed zchunk files. (bsc#1216268)
ImportantSUSE bug 1216268CVE-2023-46228 at SUSECVE-2023-46228 at NVDcpe:/o:suse:sle-micro:5.4Security update for open-vm-tools (Important)SUSE Linux Enterprise Micro 5.4
This update for open-vm-tools fixes the following issues:
- CVE-2023-34058: Fixed a SAML token signature bypass issue
(bsc#1216432).
- CVE-2023-34059: Fixed a privilege escalation issue through
vmware-user-suid-wrapper (bsc#1216433).
ImportantSUSE bug 1216432SUSE bug 1216433CVE-2023-34058 at SUSECVE-2023-34058 at NVDCVE-2023-34059 at SUSECVE-2023-34059 at NVDcpe:/o:suse:sle-micro:5.4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.4
The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2023-3777: Fixed a use-after-free vulnerability in netfilter: nf_tables component can be exploited to achieve local privilege escalation. (bsc#1215095)
- CVE-2023-46813: Fixed a local privilege escalation with user-space programs that have access to MMIO regions (bsc#1212649).
- CVE-2023-31085: Fixed a divide-by-zero error in do_div(sz,mtd->erasesize) that could cause a local DoS. (bsc#1210778)
- CVE-2023-45862: Fixed an issue in the ENE UB6250 reader driver whwere an object could potentially extend beyond the end of an allocation causing. (bsc#1216051)
- CVE-2023-5178: Fixed an UAF in queue intialization setup. (bsc#1215768)
- CVE-2023-2163: Fixed an incorrect verifier pruning in BPF that could lead to unsafe code paths being incorrectly marked as safe, resulting in arbitrary read/write in kernel memory, lateral privilege escalation, and container escape. (bsc#1215518)
- CVE-2023-34324: Fixed a possible deadlock in Linux kernel event handling. (bsc#1215745).
- CVE-2023-39189: Fixed a flaw in the Netfilter subsystem that could allow a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure. (bsc#1216046)
The following non-security bugs were fixed:
- 9p: virtio: make sure 'offs' is initialized in zc_request (git-fixes).
- ACPI: irq: Fix incorrect return value in acpi_register_gsi() (git-fixes).
- ACPI: resource: Skip IRQ override on ASUS ExpertBook B1402CBA (git-fixes).
- ALSA: hda/realtek: Change model for Intel RVP board (git-fixes).
- ALSA: hda: Disable power save for solving pop issue on Lenovo ThinkCentre M70q (git-fixes).
- ALSA: usb-audio: Fix microphone sound on Opencomm2 Headset (git-fixes).
- ASoC: codecs: wcd938x-sdw: fix runtime PM imbalance on probe errors (git-fixes).
- ASoC: codecs: wcd938x-sdw: fix use after free on driver unbind (git-fixes).
- ASoC: codecs: wcd938x: drop bogus bind error handling (git-fixes).
- ASoC: codecs: wcd938x: fix unbind tear down order (git-fixes).
- ASoC: fsl: imx-pcm-rpmsg: Add SNDRV_PCM_INFO_BATCH flag (git-fixes).
- ASoC: imx-rpmsg: Set ignore_pmdown_time for dai_link (git-fixes).
- ASoC: pxa: fix a memory leak in probe() (git-fixes).
- Bluetooth: Avoid redundant authentication (git-fixes).
- Bluetooth: Fix a refcnt underflow problem for hci_conn (git-fixes).
- Bluetooth: Reject connection with the device which has same BD_ADDR (git-fixes).
- Bluetooth: avoid memcmp() out of bounds warning (git-fixes).
- Bluetooth: btusb: add shutdown function for QCA6174 (git-fixes).
- Bluetooth: hci_event: Fix coding style (git-fixes).
- Bluetooth: hci_event: Fix using memcmp when comparing keys (git-fixes).
- Bluetooth: hci_event: Ignore NULL link key (git-fixes).
- Bluetooth: hci_sock: Correctly bounds check and pad HCI_MON_NEW_INDEX name (git-fixes).
- Bluetooth: hci_sock: fix slab oob read in create_monitor_event (git-fixes).
- Bluetooth: vhci: Fix race when opening vhci device (git-fixes).
- Documentation: qat: change kernel version (PED-6401).
- Documentation: qat: rewrite description (PED-6401).
- Drivers: hv: vmbus: Call hv_synic_free() if hv_synic_alloc() fails (git-fixes).
- Drivers: hv: vmbus: Fix vmbus_wait_for_unload() to scan present CPUs (git-fixes).
- Fix metadata references
- HID: holtek: fix slab-out-of-bounds Write in holtek_kbd_input_event (git-fixes).
- HID: intel-ish-hid: ipc: Disable and reenable ACPI GPE bit (git-fixes).
- HID: logitech-hidpp: Fix kernel crash on receiver USB disconnect (git-fixes).
- HID: multitouch: Add required quirk for Synaptics 0xcd7e device (git-fixes).
- HID: sony: Fix a potential memory leak in sony_probe() (git-fixes).
- HID: sony: remove duplicate NULL check before calling usb_free_urb() (git-fixes).
- IB/mlx4: Fix the size of a buffer in add_port_entries() (git-fixes)
- Input: goodix - ensure int GPIO is in input for gpio_count == 1 && gpio_int_idx == 0 case (git-fixes).
- Input: powermate - fix use-after-free in powermate_config_complete (git-fixes).
- Input: psmouse - fix fast_reconnect function for PS/2 mode (git-fixes).
- Input: xpad - add PXN V900 support (git-fixes).
- KVM: SVM: Do not kill SEV guest if SMAP erratum triggers in usermode (git-fixes).
- KVM: s390: fix gisa destroy operation might lead to cpu stalls (git-fixes bsc#1216512).
- KVM: x86/mmu: Reconstruct shadow page root if the guest PDPTEs is changed (git-fixes).
- KVM: x86: Fix clang -Wimplicit-fallthrough in do_host_cpuid() (git-fixes).
- KVM: x86: Move open-coded CPUID leaf 0x80000021 EAX bit propagation code (bsc#1213772).
- KVM: x86: Propagate the AMD Automatic IBRS feature to the guest (bsc#1213772).
- KVM: x86: add support for CPUID leaf 0x80000021 (bsc#1213772).
- KVM: x86: synthesize CPUID leaf 0x80000021h if useful (bsc#1213772).
- KVM: x86: work around QEMU issue with synthetic CPUID leaves (git-fixes).
- RDMA/cma: Fix truncation compilation warning in make_cma_ports (git-fixes)
- RDMA/cma: Initialize ib_sa_multicast structure to 0 when join (git-fixes)
- RDMA/core: Require admin capabilities to set system parameters (git-fixes)
- RDMA/cxgb4: Check skb value for failure to allocate (git-fixes)
- RDMA/mlx5: Fix NULL string error (git-fixes)
- RDMA/siw: Fix connection failure handling (git-fixes)
- RDMA/srp: Do not call scsi_done() from srp_abort() (git-fixes)
- RDMA/uverbs: Fix typo of sizeof argument (git-fixes)
- Revert 'pinctrl: avoid unsafe code pattern in find_pinctrl()' (git-fixes).
- Revert 'tty: n_gsm: fix UAF in gsm_cleanup_mux' (git-fixes).
- USB: serial: option: add Fibocom to DELL custom modem FM101R-GL (git-fixes).
- USB: serial: option: add Telit LE910C4-WWX 0x1035 composition (git-fixes).
- USB: serial: option: add entry for Sierra EM9191 with new firmware (git-fixes).
- ata: libata-core: Do not register PM operations for SAS ports (git-fixes).
- ata: libata-core: Fix ata_port_request_pm() locking (git-fixes).
- ata: libata-core: Fix port and device removal (git-fixes).
- ata: libata-sata: increase PMP SRST timeout to 10s (git-fixes).
- ata: libata-scsi: ignore reserved bits for REPORT SUPPORTED OPERATION CODES (git-fixes).
- blk-cgroup: Fix NULL deref caused by blkg_policy_data being installed before init (bsc#1216062).
- blk-cgroup: support to track if policy is online (bsc#1216062).
- bpf: propagate precision in ALU/ALU64 operations (git-fixes).
- bus: ti-sysc: Fix missing AM35xx SoC matching (git-fixes).
- bus: ti-sysc: Use fsleep() instead of usleep_range() in sysc_reset() (git-fixes).
- cgroup/cpuset: Change references of cpuset_mutex to cpuset_rwsem (bsc#1215955).
- cgroup: Remove duplicates in cgroup v1 tasks file (bsc#1211307).
- clk: tegra: fix error return case for recalc_rate (git-fixes).
- counter: microchip-tcb-capture: Fix the use of internal GCLK logic (git-fixes).
- crypto: qat - Include algapi.h for low-level Crypto API (PED-6401).
- crypto: qat - Remove unused function declarations (PED-6401).
- crypto: qat - add fw_counters debugfs file (PED-6401).
- crypto: qat - add heartbeat counters check (PED-6401).
- crypto: qat - add heartbeat feature (PED-6401).
- crypto: qat - add internal timer for qat 4xxx (PED-6401).
- crypto: qat - add measure clock frequency (PED-6401).
- crypto: qat - add missing function declaration in adf_dbgfs.h (PED-6401).
- crypto: qat - add qat_zlib_deflate (PED-6401).
- crypto: qat - add support for 402xx devices (PED-6401).
- crypto: qat - change value of default idle filter (PED-6401).
- crypto: qat - delay sysfs initialization (PED-6401).
- crypto: qat - do not export adf_init_admin_pm() (PED-6401).
- crypto: qat - drop log level of msg in get_instance_node() (PED-6401).
- crypto: qat - drop obsolete heartbeat interface (PED-6401).
- crypto: qat - drop redundant adf_enable_aer() (PED-6401).
- crypto: qat - expose pm_idle_enabled through sysfs (PED-6401).
- crypto: qat - extend buffer list logic interface (PED-6401).
- crypto: qat - extend configuration for 4xxx (PED-6401).
- crypto: qat - fix apply custom thread-service mapping for dc service (PED-6401).
- crypto: qat - fix concurrency issue when device state changes (PED-6401).
- crypto: qat - fix crypto capability detection for 4xxx (PED-6401).
- crypto: qat - fix spelling mistakes from 'bufer' to 'buffer' (PED-6401).
- crypto: qat - make fw images name constant (PED-6401).
- crypto: qat - make state machine functions static (PED-6401).
- crypto: qat - move dbgfs init to separate file (PED-6401).
- crypto: qat - move returns to default case (PED-6401).
- crypto: qat - refactor device restart logic (PED-6401).
- crypto: qat - refactor fw config logic for 4xxx (PED-6401).
- crypto: qat - remove ADF_STATUS_PF_RUNNING flag from probe (PED-6401).
- crypto: qat - replace state machine calls (PED-6401).
- crypto: qat - replace the if statement with min() (PED-6401).
- crypto: qat - set deprecated capabilities as reserved (PED-6401).
- crypto: qat - unmap buffer before free for DH (PED-6401).
- crypto: qat - unmap buffers before free for RSA (PED-6401).
- crypto: qat - update slice mask for 4xxx devices (PED-6401).
- crypto: qat - use kfree_sensitive instead of memset/kfree() (PED-6401).
- dmaengine: idxd: use spin_lock_irqsave before wait_event_lock_irq (git-fixes).
- dmaengine: mediatek: Fix deadlock caused by synchronize_irq() (git-fixes).
- dmaengine: stm32-mdma: abort resume if no ongoing transfer (git-fixes).
- drm/amd/display: Do not check registers, if using AUX BL control (git-fixes).
- drm/amd/display: Do not set dpms_off for seamless boot (git-fixes).
- drm/amdgpu: Handle null atom context in VBIOS info ioctl (git-fixes).
- drm/amdgpu: add missing NULL check (git-fixes).
- drm/i915: Retry gtt fault when out of fence registers (git-fixes).
- drm/msm/dp: do not reinitialize phy unless retry during link training (git-fixes).
- drm/msm/dpu: change _dpu_plane_calc_bw() to use u64 to avoid overflow (git-fixes).
- drm/msm/dsi: fix irq_of_parse_and_map() error checking (git-fixes).
- drm/msm/dsi: skip the wait for video mode done if not applicable (git-fixes).
- drm/vmwgfx: fix typo of sizeof argument (git-fixes).
- drm: panel-orientation-quirks: Add quirk for One Mix 2S (git-fixes).
- firmware: arm_ffa: Do not set the memory region attributes for MEM_LEND (git-fixes).
- firmware: imx-dsp: Fix an error handling path in imx_dsp_setup_channels() (git-fixes).
- gpio: aspeed: fix the GPIO number passed to pinctrl_gpio_set_config() (git-fixes).
- gpio: pmic-eic-sprd: Add can_sleep flag for PMIC EIC chip (git-fixes).
- gpio: pxa: disable pinctrl calls for MMP_GPIO (git-fixes).
- gpio: tb10x: Fix an error handling path in tb10x_gpio_probe() (git-fixes).
- gpio: timberdale: Fix potential deadlock on &tgpio->lock (git-fixes).
- gpio: vf610: set value before the direction to avoid a glitch (git-fixes).
- gve: Do not fully free QPL pages on prefill errors (git-fixes).
- i2c: i801: unregister tco_pdev in i801_probe() error path (git-fixes).
- i2c: mux: Avoid potential false error message in i2c_mux_add_adapter (git-fixes).
- i2c: mux: demux-pinctrl: check the return value of devm_kstrdup() (git-fixes).
- i2c: mux: gpio: Add missing fwnode_handle_put() (git-fixes).
- i2c: mux: gpio:?Replace custom acpi_get_local_address() (git-fixes).
- i2c: npcm7xx: Fix callback completion ordering (git-fixes).
- ieee802154: ca8210: Fix a potential UAF in ca8210_probe (git-fixes).
- iio: pressure: bmp280: Fix NULL pointer exception (git-fixes).
- iio: pressure: dps310: Adjust Timeout Settings (git-fixes).
- iio: pressure: ms5611: ms5611_prom_is_valid false negative bug (git-fixes).
- iommu/amd/io-pgtable: Implement map_pages io_pgtable_ops callback (bsc#1212423).
- iommu/amd/io-pgtable: Implement unmap_pages io_pgtable_ops callback (bsc#1212423).
- iommu/amd: Add map/unmap_pages() iommu_domain_ops callback support (bsc#1212423).
- kabi: blkcg_policy_data fix KABI (bsc#1216062).
- kabi: workaround for enum nft_trans_phase (bsc#1215104).
- kprobes: Prohibit probing on CFI preamble symbol (git-fixes).
- leds: Drop BUG_ON check for LED_COLOR_ID_MULTI (git-fixes).
- mm, memcg: reconsider kmem.limit_in_bytes deprecation (bsc#1208788 bsc#1213705).
- mmc: core: Capture correct oemid-bits for eMMC cards (git-fixes).
- mmc: core: sdio: hold retuning if sdio in 1-bit mode (git-fixes).
- mmc: mtk-sd: Use readl_poll_timeout_atomic in msdc_reset_hw (git-fixes).
- mtd: physmap-core: Restore map_rom fallback (git-fixes).
- mtd: rawnand: arasan: Ensure program page operations are successful (git-fixes).
- mtd: rawnand: marvell: Ensure program page operations are successful (git-fixes).
- mtd: rawnand: pl353: Ensure program page operations are successful (git-fixes).
- mtd: rawnand: qcom: Unmap the right resource upon probe failure (git-fixes).
- mtd: spinand: micron: correct bitmask for ecc status (git-fixes).
- net/sched: fix netdevice reference leaks in attach_default_qdiscs() (git-fixes).
- net: mana: Fix TX CQE error handling (bsc#1215986).
- net: mana: Fix oversized sge0 for GSO packets (bsc#1215986).
- net: nfc: llcp: Add lock when modifying device list (git-fixes).
- net: rfkill: gpio: prevent value glitch during probe (git-fixes).
- net: sched: add barrier to fix packet stuck problem for lockless qdisc (bsc#1216345).
- net: sched: fixed barrier to prevent skbuff sticking in qdisc backlog (bsc#1216345).
- net: usb: dm9601: fix uninitialized variable use in dm9601_mdio_read (git-fixes).
- net: usb: smsc75xx: Fix uninit-value access in __smsc75xx_read_reg (git-fixes).
- net: usb: smsc95xx: Fix an error code in smsc95xx_reset() (git-fixes).
- netfilter: nf_tables: add NFT_TRANS_PREPARE_ERROR to deal with bound set/chain (git-fixes).
- netfilter: nf_tables: unbind non-anonymous set if rule construction fails (git-fixes).
- nfc: nci: assert requested protocol is valid (git-fixes).
- nfc: nci: fix possible NULL pointer dereference in send_acknowledge() (git-fixes).
- nilfs2: fix potential use after free in nilfs_gccache_submit_read_data() (git-fixes).
- nvme-fc: Prevent null pointer dereference in nvme_fc_io_getuuid() (bsc#1214842).
- phy: mapphone-mdm6600: Fix pinctrl_pm handling for sleep pins (git-fixes).
- phy: mapphone-mdm6600: Fix runtime PM for remove (git-fixes).
- phy: mapphone-mdm6600: Fix runtime disable on probe (git-fixes).
- pinctrl: avoid unsafe code pattern in find_pinctrl() (git-fixes).
- pinctrl: renesas: rzn1: Enable missing PINMUX (git-fixes).
- platform/surface: platform_profile: Propagate error if profile registration fails (git-fixes).
- platform/x86: asus-wmi: Change ASUS_WMI_BRN_DOWN code from 0x20 to 0x2e (git-fixes).
- platform/x86: asus-wmi: Map 0x2a code, Ignore 0x2b and 0x2c events (git-fixes).
- platform/x86: think-lmi: Fix reference leak (git-fixes).
- platform/x86: touchscreen_dmi: Add info for the Positivo C4128B (git-fixes).
- power: supply: ucs1002: fix error code in ucs1002_get_property() (git-fixes).
- quota: Fix slow quotaoff (bsc#1216621).
- r8152: check budget for r8152_poll() (git-fixes).
- regmap: fix NULL deref on lookup (git-fixes).
- regmap: rbtree: Fix wrong register marked as in-cache when creating new node (git-fixes).
- ring-buffer: Avoid softlockup in ring_buffer_resize() (git-fixes).
- ring-buffer: Do not attempt to read past 'commit' (git-fixes).
- ring-buffer: Fix bytes info in per_cpu buffer stats (git-fixes).
- ring-buffer: Update 'shortest_full' in polling (git-fixes).
- s390/cio: fix a memleak in css_alloc_subchannel (git-fixes bsc#1216510).
- s390/pci: fix iommu bitmap allocation (git-fixes bsc#1216511).
- s390: add z16 elf platform (git-fixes LTC#203789 bsc#1215956 LTC#203788 bsc#1215957).
- sched/cpuset: Bring back cpuset_mutex (bsc#1215955).
- sched/deadline,rt: Remove unused parameter from pick_next_[rt|dl]_entity() (git fixes (sched)).
- sched/rt: Fix live lock between select_fallback_rq() and RT push (git fixes (sched)).
- sched/rt: Fix sysctl_sched_rr_timeslice intial value (git fixes (sched)).
- serial: 8250_port: Check IRQ data before use (git-fixes).
- soc: imx8m: Enable OCOTP clock for imx8mm before reading registers (git-fixes).
- spi: nxp-fspi: reset the FLSHxCR1 registers (git-fixes).
- spi: stm32: add a delay before SPI disable (git-fixes).
- spi: sun6i: fix race between DMA RX transfer completion and RX FIFO drain (git-fixes).
- spi: sun6i: reduce DMA RX transfer width to single byte (git-fixes).
- thunderbolt: Check that lane 1 is in CL0 before enabling lane bonding (git-fixes).
- thunderbolt: Workaround an IOMMU fault on certain systems with Intel Maple Ridge (git-fixes).
- tracing: Have current_trace inc the trace array ref count (git-fixes).
- tracing: Have event inject files inc the trace array ref count (git-fixes).
- tracing: Have option files inc the trace array ref count (git-fixes).
- tracing: Have tracing_max_latency inc the trace array ref count (git-fixes).
- tracing: Increase trace array ref count on enable and filter files (git-fixes).
- tracing: Make trace_marker{,_raw} stream-like (git-fixes).
- usb: cdnsp: Fixes issue with dequeuing not queued requests (git-fixes).
- usb: dwc3: Soft reset phy on probe for host (git-fixes).
- usb: gadget: ncm: Handle decoding of multiple NTB's in unwrap call (git-fixes).
- usb: gadget: udc-xilinx: replace memcpy with memcpy_toio (git-fixes).
- usb: musb: Get the musb_qh poniter after musb_giveback (git-fixes).
- usb: musb: Modify the 'HWVers' register address (git-fixes).
- usb: typec: altmodes/displayport: Signal hpd low when exiting mode (git-fixes).
- usb: xhci: xhci-ring: Use sysdev for mapping bounce buffer (git-fixes).
- vmbus_testing: fix wrong python syntax for integer value comparison (git-fixes).
- vringh: do not use vringh_kiov_advance() in vringh_iov_xfer() (git-fixes).
- watchdog: iTCO_wdt: No need to stop the timer in probe (git-fixes).
- watchdog: iTCO_wdt: Set NO_REBOOT if the watchdog is not already running (git-fixes).
- wifi: cfg80211: Fix 6GHz scan configuration (git-fixes).
- wifi: cfg80211: avoid leaking stack data into trace (git-fixes).
- wifi: iwlwifi: Ensure ack flag is properly cleared (git-fixes).
- wifi: iwlwifi: dbg_ini: fix structure packing (git-fixes).
- wifi: iwlwifi: mvm: Fix a memory corruption issue (git-fixes).
- wifi: mac80211: allow transmitting EAPOL frames with tainted key (git-fixes).
- wifi: mt76: mt76x02: fix MT76x0 external LNA gain handling (git-fixes).
- wifi: mwifiex: Fix oob check condition in mwifiex_process_rx_packet (git-fixes).
- wifi: mwifiex: Fix tlv_buf_left calculation (git-fixes).
- wifi: mwifiex: Sanity check tlv_len and tlv_bitmap_len (git-fixes).
- x86/cpu, kvm: Add the NO_NESTED_DATA_BP feature (bsc#1213772).
- x86/cpu, kvm: Add the Null Selector Clears Base feature (bsc#1213772).
- x86/cpu, kvm: Add the SMM_CTL MSR not present feature (bsc#1213772).
- x86/cpu, kvm: Move X86_FEATURE_LFENCE_RDTSC to its native leaf (bsc#1213772).
- x86/cpu: Enable STIBP on AMD if Automatic IBRS is enabled (bsc#1213772).
- x86/cpu: Support AMD Automatic IBRS (bsc#1213772).
- x86/sev: Check IOBM for IOIO exceptions from user-space (bsc#1212649).
- x86/sev: Check for user-space IOIO pointing to kernel space (bsc#1212649).
- x86/sev: Disable MMIO emulation from user mode (bsc#1212649).
- xen-netback: use default TX queue size for vifs (git-fixes).
ImportantSUSE bug 1211307SUSE bug 1212423SUSE bug 1213772SUSE bug 1215955SUSE bug 1216062SUSE bug 1216512CVE-2023-2163 at SUSECVE-2023-2163 at NVDCVE-2023-31085 at SUSECVE-2023-31085 at NVDCVE-2023-34324 at SUSECVE-2023-34324 at NVDCVE-2023-3777 at SUSECVE-2023-3777 at NVDCVE-2023-39189 at SUSECVE-2023-39189 at NVDCVE-2023-45862 at SUSECVE-2023-45862 at NVDCVE-2023-46813 at SUSECVE-2023-46813 at NVDCVE-2023-5178 at SUSECVE-2023-5178 at NVDcpe:/o:suse:sle-micro:5.4Security update for kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container (Important)SUSE Linux Enterprise Micro 5.4
This update for kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container fixes the following issues:
kubevirt is rebuilt against the current GO security release.
- Set cache mode on hotplugged disks
- Delete VMI prior to NFS server pod in tests
Importantcpe:/o:suse:sle-micro:5.4Security update for tiff (Moderate)SUSE Linux Enterprise Micro 5.4
This update for tiff fixes the following issues:
- CVE-2023-38289: Fixed a NULL pointer dereference in raw2tiff
(bsc#1213589).
- CVE-2023-38288: Fixed an integer overflow in raw2tiff (bsc#1213590).
- CVE-2023-3576: Fixed a memory leak in tiffcrop (bsc#1213273).
- CVE-2020-18768: Fixed an out of bounds read in tiffcp (bsc#1214574).
- CVE-2023-26966: Fixed an out of bounds read when transforming a
little-endian file to a big-endian output (bsc#1212881)
- CVE-2023-3618: Fixed a NULL pointer dereference while encoding FAX3
files (bsc#1213274).
- CVE-2023-2908: Fixed an undefined behavior issue when doing pointer
arithmetic on a NULL pointer (bsc#1212888).
- CVE-2023-3316: Fixed a NULL pointer dereference while opening a file
in an inaccessible path (bsc#1212535).
- CVE-2023-25433: Fixed a buffer overflow in tiffcrop (bsc#1212883).
ModerateSUSE bug 1212535SUSE bug 1212881SUSE bug 1212883SUSE bug 1212888SUSE bug 1213273SUSE bug 1213274SUSE bug 1213589SUSE bug 1213590SUSE bug 1214574CVE-2020-18768 at SUSECVE-2020-18768 at NVDCVE-2023-25433 at SUSECVE-2023-25433 at NVDCVE-2023-26966 at SUSECVE-2023-26966 at NVDCVE-2023-2908 at SUSECVE-2023-2908 at NVDCVE-2023-3316 at SUSECVE-2023-3316 at NVDCVE-2023-3576 at SUSECVE-2023-3576 at NVDCVE-2023-3618 at SUSECVE-2023-3618 at NVDCVE-2023-38288 at SUSECVE-2023-38288 at NVDCVE-2023-38289 at SUSECVE-2023-38289 at NVDcpe:/o:suse:sle-micro:5.4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.4
The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2023-2163: Fixed an incorrect verifier pruning in BPF that could lead to unsafe code paths being incorrectly marked as safe, resulting in arbitrary read/write in kernel memory, lateral privilege escalation, and container escape. (bsc#1215518)
- CVE-2023-34324: Fixed a possible deadlock in Linux kernel event handling. (bsc#1215745).
- CVE-2023-39189: Fixed a flaw in the Netfilter subsystem that could allow a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure. (bsc#1216046)
- CVE-2023-5178: Fixed an UAF in queue intialization setup. (bsc#1215768)
- CVE-2023-31085: Fixed a divide-by-zero error in do_div(sz,mtd->erasesize) that could cause a local DoS. (bsc#1210778)
- CVE-2023-39193: Fixed an out of bounds read in the xtables subsystem (bsc#1215860).
- CVE-2023-3777: Fixed a use-after-free vulnerability in netfilter: nf_tables component can be exploited to achieve local privilege escalation. (bsc#1215095)
The following non-security bugs were fixed:
- 9p: virtio: make sure 'offs' is initialized in zc_request (git-fixes).
- ACPI: irq: Fix incorrect return value in acpi_register_gsi() (git-fixes).
- ACPI: resource: Skip IRQ override on ASUS ExpertBook B1402CBA (git-fixes).
- ALSA: hda: Disable power save for solving pop issue on Lenovo ThinkCentre M70q (git-fixes).
- ALSA: hda/realtek: Change model for Intel RVP board (git-fixes).
- ALSA: usb-audio: Fix microphone sound on Opencomm2 Headset (git-fixes).
- ASoC: codecs: wcd938x-sdw: fix runtime PM imbalance on probe errors (git-fixes).
- ASoC: codecs: wcd938x-sdw: fix use after free on driver unbind (git-fixes).
- ASoC: codecs: wcd938x: drop bogus bind error handling (git-fixes).
- ASoC: codecs: wcd938x: fix unbind tear down order (git-fixes).
- ASoC: fsl: imx-pcm-rpmsg: Add SNDRV_PCM_INFO_BATCH flag (git-fixes).
- ASoC: imx-rpmsg: Set ignore_pmdown_time for dai_link (git-fixes).
- ASoC: pxa: fix a memory leak in probe() (git-fixes).
- ata: libata-core: Do not register PM operations for SAS ports (git-fixes).
- ata: libata-core: Fix ata_port_request_pm() locking (git-fixes).
- ata: libata-core: Fix port and device removal (git-fixes).
- ata: libata-sata: increase PMP SRST timeout to 10s (git-fixes).
- ata: libata-scsi: ignore reserved bits for REPORT SUPPORTED OPERATION CODES (git-fixes).
- blk-cgroup: Fix NULL deref caused by blkg_policy_data being installed before init (bsc#1216062).
- blk-cgroup: support to track if policy is online (bsc#1216062).
- Bluetooth: avoid memcmp() out of bounds warning (git-fixes).
- Bluetooth: Avoid redundant authentication (git-fixes).
- Bluetooth: btusb: add shutdown function for QCA6174 (git-fixes).
- Bluetooth: Fix a refcnt underflow problem for hci_conn (git-fixes).
- Bluetooth: hci_event: Fix coding style (git-fixes).
- Bluetooth: hci_event: Fix using memcmp when comparing keys (git-fixes).
- Bluetooth: hci_event: Ignore NULL link key (git-fixes).
- Bluetooth: hci_sock: Correctly bounds check and pad HCI_MON_NEW_INDEX name (git-fixes).
- Bluetooth: hci_sock: fix slab oob read in create_monitor_event (git-fixes).
- Bluetooth: Reject connection with the device which has same BD_ADDR (git-fixes).
- Bluetooth: vhci: Fix race when opening vhci device (git-fixes).
- bpf: propagate precision in ALU/ALU64 operations (git-fixes).
- bus: ti-sysc: Fix missing AM35xx SoC matching (git-fixes).
- bus: ti-sysc: Use fsleep() instead of usleep_range() in sysc_reset() (git-fixes).
- cgroup: Remove duplicates in cgroup v1 tasks file (bsc#1211307).
- cgroup/cpuset: Change references of cpuset_mutex to cpuset_rwsem (bsc#1215955).
- clk: tegra: fix error return case for recalc_rate (git-fixes).
- counter: microchip-tcb-capture: Fix the use of internal GCLK logic (git-fixes).
- crypto: qat - add fw_counters debugfs file (PED-6401).
- crypto: qat - add heartbeat counters check (PED-6401).
- crypto: qat - add heartbeat feature (PED-6401).
- crypto: qat - add internal timer for qat 4xxx (PED-6401).
- crypto: qat - add measure clock frequency (PED-6401).
- crypto: qat - add missing function declaration in adf_dbgfs.h (PED-6401).
- crypto: qat - add qat_zlib_deflate (PED-6401).
- crypto: qat - add support for 402xx devices (PED-6401).
- crypto: qat - change value of default idle filter (PED-6401).
- crypto: qat - delay sysfs initialization (PED-6401).
- crypto: qat - do not export adf_init_admin_pm() (PED-6401).
- crypto: qat - drop log level of msg in get_instance_node() (PED-6401).
- crypto: qat - drop obsolete heartbeat interface (PED-6401).
- crypto: qat - drop redundant adf_enable_aer() (PED-6401).
- crypto: qat - expose pm_idle_enabled through sysfs (PED-6401).
- crypto: qat - extend buffer list logic interface (PED-6401).
- crypto: qat - extend configuration for 4xxx (PED-6401).
- crypto: qat - fix apply custom thread-service mapping for dc service (PED-6401).
- crypto: qat - fix concurrency issue when device state changes (PED-6401).
- crypto: qat - fix crypto capability detection for 4xxx (PED-6401).
- crypto: qat - fix spelling mistakes from 'bufer' to 'buffer' (PED-6401).
- crypto: qat - Include algapi.h for low-level Crypto API (PED-6401).
- crypto: qat - make fw images name constant (PED-6401).
- crypto: qat - make state machine functions static (PED-6401).
- crypto: qat - move dbgfs init to separate file (PED-6401).
- crypto: qat - move returns to default case (PED-6401).
- crypto: qat - refactor device restart logic (PED-6401).
- crypto: qat - refactor fw config logic for 4xxx (PED-6401).
- crypto: qat - remove ADF_STATUS_PF_RUNNING flag from probe (PED-6401).
- crypto: qat - Remove unused function declarations (PED-6401).
- crypto: qat - replace state machine calls (PED-6401).
- crypto: qat - replace the if statement with min() (PED-6401).
- crypto: qat - set deprecated capabilities as reserved (PED-6401).
- crypto: qat - unmap buffer before free for DH (PED-6401).
- crypto: qat - unmap buffers before free for RSA (PED-6401).
- crypto: qat - update slice mask for 4xxx devices (PED-6401).
- crypto: qat - use kfree_sensitive instead of memset/kfree() (PED-6401).
- dmaengine: idxd: use spin_lock_irqsave before wait_event_lock_irq (git-fixes).
- dmaengine: mediatek: Fix deadlock caused by synchronize_irq() (git-fixes).
- dmaengine: stm32-mdma: abort resume if no ongoing transfer (git-fixes).
- Documentation: qat: change kernel version (PED-6401).
- Documentation: qat: rewrite description (PED-6401).
- Drivers: hv: vmbus: Call hv_synic_free() if hv_synic_alloc() fails (git-fixes).
- Drivers: hv: vmbus: Fix vmbus_wait_for_unload() to scan present CPUs (git-fixes).
- drm: panel-orientation-quirks: Add quirk for One Mix 2S (git-fixes).
- drm/amd/display: Do not check registers, if using AUX BL control (git-fixes).
- drm/amd/display: Do not set dpms_off for seamless boot (git-fixes).
- drm/amdgpu: add missing NULL check (git-fixes).
- drm/amdgpu: Handle null atom context in VBIOS info ioctl (git-fixes).
- drm/i915: Retry gtt fault when out of fence registers (git-fixes).
- drm/msm/dp: do not reinitialize phy unless retry during link training (git-fixes).
- drm/msm/dpu: change _dpu_plane_calc_bw() to use u64 to avoid overflow (git-fixes).
- drm/msm/dsi: fix irq_of_parse_and_map() error checking (git-fixes).
- drm/msm/dsi: skip the wait for video mode done if not applicable (git-fixes).
- drm/vmwgfx: fix typo of sizeof argument (git-fixes).
- firmware: arm_ffa: Do not set the memory region attributes for MEM_LEND (git-fixes).
- firmware: imx-dsp: Fix an error handling path in imx_dsp_setup_channels() (git-fixes).
- gpio: aspeed: fix the GPIO number passed to pinctrl_gpio_set_config() (git-fixes).
- gpio: pmic-eic-sprd: Add can_sleep flag for PMIC EIC chip (git-fixes).
- gpio: pxa: disable pinctrl calls for MMP_GPIO (git-fixes).
- gpio: tb10x: Fix an error handling path in tb10x_gpio_probe() (git-fixes).
- gpio: timberdale: Fix potential deadlock on &tgpio->lock (git-fixes).
- gpio: vf610: set value before the direction to avoid a glitch (git-fixes).
- gve: Do not fully free QPL pages on prefill errors (git-fixes).
- HID: holtek: fix slab-out-of-bounds Write in holtek_kbd_input_event (git-fixes).
- HID: intel-ish-hid: ipc: Disable and reenable ACPI GPE bit (git-fixes).
- HID: logitech-hidpp: Fix kernel crash on receiver USB disconnect (git-fixes).
- HID: multitouch: Add required quirk for Synaptics 0xcd7e device (git-fixes).
- HID: sony: Fix a potential memory leak in sony_probe() (git-fixes).
- HID: sony: remove duplicate NULL check before calling usb_free_urb() (git-fixes).
- i2c: i801: unregister tco_pdev in i801_probe() error path (git-fixes).
- i2c: mux: Avoid potential false error message in i2c_mux_add_adapter (git-fixes).
- i2c: mux: demux-pinctrl: check the return value of devm_kstrdup() (git-fixes).
- i2c: mux: gpio: Add missing fwnode_handle_put() (git-fixes).
- i2c: mux: gpio:?Replace custom acpi_get_local_address() (git-fixes).
- i2c: npcm7xx: Fix callback completion ordering (git-fixes).
- IB/mlx4: Fix the size of a buffer in add_port_entries() (git-fixes)
- ieee802154: ca8210: Fix a potential UAF in ca8210_probe (git-fixes).
- iio: pressure: bmp280: Fix NULL pointer exception (git-fixes).
- iio: pressure: dps310: Adjust Timeout Settings (git-fixes).
- iio: pressure: ms5611: ms5611_prom_is_valid false negative bug (git-fixes).
- Input: goodix - ensure int GPIO is in input for gpio_count == 1 && gpio_int_idx == 0 case (git-fixes).
- Input: powermate - fix use-after-free in powermate_config_complete (git-fixes).
- Input: psmouse - fix fast_reconnect function for PS/2 mode (git-fixes).
- Input: xpad - add PXN V900 support (git-fixes).
- iommu/amd: Add map/unmap_pages() iommu_domain_ops callback support (bsc#1212423).
- iommu/amd/io-pgtable: Implement map_pages io_pgtable_ops callback (bsc#1212423).
- iommu/amd/io-pgtable: Implement unmap_pages io_pgtable_ops callback (bsc#1212423).
- kabi: blkcg_policy_data fix KABI (bsc#1216062).
- kabi: workaround for enum nft_trans_phase (bsc#1215104).
- kprobes: Prohibit probing on CFI preamble symbol (git-fixes).
- KVM: s390: fix gisa destroy operation might lead to cpu stalls (git-fixes bsc#1216512).
- KVM: SVM: Do not kill SEV guest if SMAP erratum triggers in usermode (git-fixes).
- KVM: x86: add support for CPUID leaf 0x80000021 (bsc#1213772).
- KVM: x86: Fix clang -Wimplicit-fallthrough in do_host_cpuid() (git-fixes).
- KVM: x86: Move open-coded CPUID leaf 0x80000021 EAX bit propagation code (bsc#1213772).
- KVM: x86: Propagate the AMD Automatic IBRS feature to the guest (bsc#1213772).
- KVM: x86: synthesize CPUID leaf 0x80000021h if useful (bsc#1213772).
- KVM: x86: work around QEMU issue with synthetic CPUID leaves (git-fixes).
- KVM: x86/mmu: Reconstruct shadow page root if the guest PDPTEs is changed (git-fixes).
- leds: Drop BUG_ON check for LED_COLOR_ID_MULTI (git-fixes).
- mm, memcg: reconsider kmem.limit_in_bytes deprecation (bsc#1208788 bsc#1213705).
- mmc: core: Capture correct oemid-bits for eMMC cards (git-fixes).
- mmc: core: sdio: hold retuning if sdio in 1-bit mode (git-fixes).
- mmc: mtk-sd: Use readl_poll_timeout_atomic in msdc_reset_hw (git-fixes).
- mtd: physmap-core: Restore map_rom fallback (git-fixes).
- mtd: rawnand: arasan: Ensure program page operations are successful (git-fixes).
- mtd: rawnand: marvell: Ensure program page operations are successful (git-fixes).
- mtd: rawnand: pl353: Ensure program page operations are successful (git-fixes).
- mtd: rawnand: qcom: Unmap the right resource upon probe failure (git-fixes).
- mtd: spinand: micron: correct bitmask for ecc status (git-fixes).
- net: mana: Fix oversized sge0 for GSO packets (bsc#1215986).
- net: mana: Fix TX CQE error handling (bsc#1215986).
- net: nfc: llcp: Add lock when modifying device list (git-fixes).
- net: rfkill: gpio: prevent value glitch during probe (git-fixes).
- net: sched: add barrier to fix packet stuck problem for lockless qdisc (bsc#1216345).
- net: sched: fixed barrier to prevent skbuff sticking in qdisc backlog (bsc#1216345).
- net: usb: dm9601: fix uninitialized variable use in dm9601_mdio_read (git-fixes).
- net: usb: smsc75xx: Fix uninit-value access in __smsc75xx_read_reg (git-fixes).
- net: usb: smsc75xx: Fix uninit-value access in __smsc75xx_read_reg (git-fixes).
- net: usb: smsc95xx: Fix an error code in smsc95xx_reset() (git-fixes).
- net/sched: fix netdevice reference leaks in attach_default_qdiscs() (git-fixes).
- netfilter: nf_tables: add NFT_TRANS_PREPARE_ERROR to deal with bound set/chain (git-fixes).
- netfilter: nf_tables: unbind non-anonymous set if rule construction fails (git-fixes).
- nfc: nci: assert requested protocol is valid (git-fixes).
- nfc: nci: fix possible NULL pointer dereference in send_acknowledge() (git-fixes).
- nilfs2: fix potential use after free in nilfs_gccache_submit_read_data() (git-fixes).
- nvme-fc: Prevent null pointer dereference in nvme_fc_io_getuuid() (bsc#1214842).
- phy: mapphone-mdm6600: Fix pinctrl_pm handling for sleep pins (git-fixes).
- phy: mapphone-mdm6600: Fix runtime disable on probe (git-fixes).
- phy: mapphone-mdm6600: Fix runtime PM for remove (git-fixes).
- pinctrl: avoid unsafe code pattern in find_pinctrl() (git-fixes).
- pinctrl: renesas: rzn1: Enable missing PINMUX (git-fixes).
- platform/surface: platform_profile: Propagate error if profile registration fails (git-fixes).
- platform/x86: asus-wmi: Change ASUS_WMI_BRN_DOWN code from 0x20 to 0x2e (git-fixes).
- platform/x86: asus-wmi: Map 0x2a code, Ignore 0x2b and 0x2c events (git-fixes).
- platform/x86: think-lmi: Fix reference leak (git-fixes).
- platform/x86: touchscreen_dmi: Add info for the Positivo C4128B (git-fixes).
- power: supply: ucs1002: fix error code in ucs1002_get_property() (git-fixes).
- r8152: check budget for r8152_poll() (git-fixes).
- RDMA/cma: Fix truncation compilation warning in make_cma_ports (git-fixes)
- RDMA/cma: Initialize ib_sa_multicast structure to 0 when join (git-fixes)
- RDMA/core: Require admin capabilities to set system parameters (git-fixes)
- RDMA/cxgb4: Check skb value for failure to allocate (git-fixes)
- RDMA/mlx5: Fix NULL string error (git-fixes)
- RDMA/siw: Fix connection failure handling (git-fixes)
- RDMA/srp: Do not call scsi_done() from srp_abort() (git-fixes)
- RDMA/uverbs: Fix typo of sizeof argument (git-fixes)
- regmap: fix NULL deref on lookup (git-fixes).
- regmap: rbtree: Fix wrong register marked as in-cache when creating new node (git-fixes).
- ring-buffer: Avoid softlockup in ring_buffer_resize() (git-fixes).
- ring-buffer: Do not attempt to read past 'commit' (git-fixes).
- ring-buffer: Fix bytes info in per_cpu buffer stats (git-fixes).
- ring-buffer: Update 'shortest_full' in polling (git-fixes).
- s390: add z16 elf platform (git-fixes LTC#203789 bsc#1215956 LTC#203788 bsc#1215957).
- s390/cio: fix a memleak in css_alloc_subchannel (git-fixes bsc#1216510).
- s390/pci: fix iommu bitmap allocation (git-fixes bsc#1216511).
- sched/cpuset: Bring back cpuset_mutex (bsc#1215955).
- sched/deadline,rt: Remove unused parameter from pick_next_[rt|dl]_entity() (git fixes (sched)).
- sched/rt: Fix live lock between select_fallback_rq() and RT push (git fixes (sched)).
- sched/rt: Fix sysctl_sched_rr_timeslice intial value (git fixes (sched)).
- serial: 8250_port: Check IRQ data before use (git-fixes).
- soc: imx8m: Enable OCOTP clock for imx8mm before reading registers (git-fixes).
- spi: nxp-fspi: reset the FLSHxCR1 registers (git-fixes).
- spi: stm32: add a delay before SPI disable (git-fixes).
- spi: sun6i: fix race between DMA RX transfer completion and RX FIFO drain (git-fixes).
- spi: sun6i: reduce DMA RX transfer width to single byte (git-fixes).
- thunderbolt: Check that lane 1 is in CL0 before enabling lane bonding (git-fixes).
- thunderbolt: Workaround an IOMMU fault on certain systems with Intel Maple Ridge (git-fixes).
- tracing: Have current_trace inc the trace array ref count (git-fixes).
- tracing: Have event inject files inc the trace array ref count (git-fixes).
- tracing: Have option files inc the trace array ref count (git-fixes).
- tracing: Have tracing_max_latency inc the trace array ref count (git-fixes).
- tracing: Increase trace array ref count on enable and filter files (git-fixes).
- tracing: Make trace_marker{,_raw} stream-like (git-fixes).
- usb: cdnsp: Fixes issue with dequeuing not queued requests (git-fixes).
- usb: dwc3: Soft reset phy on probe for host (git-fixes).
- usb: gadget: ncm: Handle decoding of multiple NTB's in unwrap call (git-fixes).
- usb: gadget: udc-xilinx: replace memcpy with memcpy_toio (git-fixes).
- usb: musb: Get the musb_qh poniter after musb_giveback (git-fixes).
- usb: musb: Modify the 'HWVers' register address (git-fixes).
- usb: serial: option: add entry for Sierra EM9191 with new firmware (git-fixes).
- usb: serial: option: add Fibocom to DELL custom modem FM101R-GL (git-fixes).
- usb: serial: option: add Telit LE910C4-WWX 0x1035 composition (git-fixes).
- usb: typec: altmodes/displayport: Signal hpd low when exiting mode (git-fixes).
- usb: xhci: xhci-ring: Use sysdev for mapping bounce buffer (git-fixes).
- vmbus_testing: fix wrong python syntax for integer value comparison (git-fixes).
- vringh: do not use vringh_kiov_advance() in vringh_iov_xfer() (git-fixes).
- watchdog: iTCO_wdt: No need to stop the timer in probe (git-fixes).
- watchdog: iTCO_wdt: Set NO_REBOOT if the watchdog is not already running (git-fixes).
- wifi: cfg80211: avoid leaking stack data into trace (git-fixes).
- wifi: cfg80211: Fix 6GHz scan configuration (git-fixes).
- wifi: iwlwifi: dbg_ini: fix structure packing (git-fixes).
- wifi: iwlwifi: Ensure ack flag is properly cleared (git-fixes).
- wifi: iwlwifi: mvm: Fix a memory corruption issue (git-fixes).
- wifi: mac80211: allow transmitting EAPOL frames with tainted key (git-fixes).
- wifi: mt76: mt76x02: fix MT76x0 external LNA gain handling (git-fixes).
- wifi: mwifiex: Fix oob check condition in mwifiex_process_rx_packet (git-fixes).
- wifi: mwifiex: Fix tlv_buf_left calculation (git-fixes).
- wifi: mwifiex: Sanity check tlv_len and tlv_bitmap_len (git-fixes).
- x86/cpu, kvm: Add the NO_NESTED_DATA_BP feature (bsc#1213772).
- x86/cpu, kvm: Add the Null Selector Clears Base feature (bsc#1213772).
- x86/cpu, kvm: Add the SMM_CTL MSR not present feature (bsc#1213772).
- x86/cpu, kvm: Move X86_FEATURE_LFENCE_RDTSC to its native leaf (bsc#1213772).
- x86/cpu: Enable STIBP on AMD if Automatic IBRS is enabled (bsc#1213772).
- x86/cpu: Support AMD Automatic IBRS (bsc#1213772).
- x86/sev: Check for user-space IOIO pointing to kernel space (bsc#1212649).
- x86/sev: Check IOBM for IOIO exceptions from user-space (bsc#1212649).
- x86/sev: Disable MMIO emulation from user mode (bsc#1212649).
- xen-netback: use default TX queue size for vifs (git-fixes).
ImportantSUSE bug 1208788SUSE bug 1210778SUSE bug 1211307SUSE bug 1212423SUSE bug 1212649SUSE bug 1213705SUSE bug 1213772SUSE bug 1214842SUSE bug 1215095SUSE bug 1215104SUSE bug 1215518SUSE bug 1215955SUSE bug 1215956SUSE bug 1215957SUSE bug 1215986SUSE bug 1216062SUSE bug 1216345SUSE bug 1216510SUSE bug 1216511SUSE bug 1216512SUSE bug 1216621CVE-2023-2163 at SUSECVE-2023-2163 at NVDCVE-2023-31085 at SUSECVE-2023-31085 at NVDCVE-2023-34324 at SUSECVE-2023-34324 at NVDCVE-2023-3777 at SUSECVE-2023-3777 at NVDCVE-2023-39189 at SUSECVE-2023-39189 at NVDCVE-2023-39193 at SUSECVE-2023-39193 at NVDCVE-2023-5178 at SUSECVE-2023-5178 at NVDcpe:/o:suse:sle-micro:5.4Security update for salt (Important)SUSE Linux Enterprise Micro 5.4
This update for salt fixes the following issues:
Security issues fixed:
- CVE-2023-34049: arbitrary code execution via symlink attack (bsc#1215157)
Bugs fixed:
- Fix optimization_order opt to prevent testsuite fails
- Improve salt.utils.json.find_json to avoid fails (bsc#1213293)
- Use salt-call from salt bundle with transactional_update
- Only call native_str on curl_debug message in tornado when needed
- Implement the calling for batch async from the salt CLI
- Fix calculation of SLS context vars when trailing dots
on targetted sls/state (bsc#1213518)
- Rename salt-tests to python3-salt-testsuite
- Allow all primitive grain types for autosign_grains (bsc#1214477)
ImportantSUSE bug 1213293SUSE bug 1213518SUSE bug 1214477SUSE bug 1215157CVE-2023-34049 at SUSECVE-2023-34049 at NVDcpe:/o:suse:sle-micro:5.4Security update for salt (Important)SUSE Linux Enterprise Micro 5.4
This update for salt fixes the following issues:
Security issues fixed:
- CVE-2023-34049: arbitrary code execution via symlink attack (bsc#1215157)
Bugs fixed:
- Fix optimization_order opt to prevent testsuite fails
- Improve salt.utils.json.find_json to avoid fails (bsc#1213293)
- Use salt-call from salt bundle with transactional_update
- Only call native_str on curl_debug message in tornado when needed
- Implement the calling for batch async from the salt CLI
- Fix calculation of SLS context vars when trailing dots
on targetted sls/state (bsc#1213518)
- Rename salt-tests to python3-salt-testsuite
- Allow all primitive grain types for autosign_grains (bsc#1214477)
ImportantSUSE bug 1213293SUSE bug 1213518SUSE bug 1214477SUSE bug 1215157CVE-2023-34049 at SUSECVE-2023-34049 at NVDcpe:/o:suse:sle-micro:5.4Security update for containerized-data-importer (Important)SUSE Linux Enterprise Micro 5.4
This update for containerized-data-importer fixes the following issue:
- rebuild with current go compiler
Importantcpe:/o:suse:sle-micro:5.4Security update for kernel-firmware-nvidia-gspx-G06, nvidia-open-driver-G06-signed (Moderate)SUSE Linux Enterprise Micro 5.4
This update for kernel-firmware-nvidia-gspx-G06, nvidia-open-driver-G06-signed fixes the following issues:
Security issues fixed:
- CVE-2023-31022: Fixed NULL ptr deref in kernel module layer
Changes in kernel-firmware-nvidia-gspx-G06:
- update firmware to version 535.129.03
Changes in nvidia-open-driver-G06-signed:
- Update to version 535.129.03
ModerateSUSE bug 1216826CVE-2023-31022 at SUSECVE-2023-31022 at NVDcpe:/o:suse:sle-micro:5.4Security update for ucode-intel (Important)SUSE Linux Enterprise Micro 5.4
This update for ucode-intel fixes the following issues:
- Updated to Intel CPU Microcode 20231114 pre-release (labeled 20231113). (bsc#1215278)
- CVE-2023-23583: Fixed potential CPU deadlocks or privilege escalation. (bsc#1215278)
ImportantSUSE bug 1215278CVE-2023-23583 at SUSECVE-2023-23583 at NVDcpe:/o:suse:sle-micro:5.4Security update for python-urllib3 (Moderate)SUSE Linux Enterprise Micro 5.4
This update for python-urllib3 fixes the following issues:
- CVE-2023-45803: Fix a request body leak that could occur when
receiving a 303 HTTP response (bsc#1216377).
ModerateSUSE bug 1216377CVE-2023-45803 at SUSECVE-2023-45803 at NVDcpe:/o:suse:sle-micro:5.4Security update for xen (Important)SUSE Linux Enterprise Micro 5.4
This update for xen fixes the following issues:
- CVE-2023-20588: AMD CPU transitional execution leak via division by zero (XSA-439) (bsc#1215474).
- CVE-2023-34322: top-level shadow reference dropped too early for 64-bit PV guests (XSA-438) (bsc#1215145).
- CVE-2023-34325: Multiple vulnerabilities in libfsimage disk handling (XSA-443) (bsc#1215747).
- CVE-2023-34326: x86/AMD: missing IOMMU TLB flushing (XSA-442) (bsc#1215746).
- CVE-2023-34327,CVE-2023-34328: x86/AMD: Debug Mask handling (XSA-444) (bsc#1215748).
- CVE-2023-46835: x86/AMD: mismatch in IOMMU quarantine page table levels (XSA-445) (bsc#1216654).
- CVE-2023-46836: x86: BTC/SRSO fixes not fully effective (XSA-446) (bsc#1216807).
- Upstream bug fixes (bsc#1027519)
ImportantSUSE bug 1027519SUSE bug 1215145SUSE bug 1215474SUSE bug 1215746SUSE bug 1215747SUSE bug 1215748SUSE bug 1216654SUSE bug 1216807CVE-2023-20588 at SUSECVE-2023-20588 at NVDCVE-2023-34322 at SUSECVE-2023-34322 at NVDCVE-2023-34325 at SUSECVE-2023-34325 at NVDCVE-2023-34326 at SUSECVE-2023-34326 at NVDCVE-2023-34327 at SUSECVE-2023-34327 at NVDCVE-2023-34328 at SUSECVE-2023-34328 at NVDCVE-2023-46835 at SUSECVE-2023-46835 at NVDCVE-2023-46836 at SUSECVE-2023-46836 at NVDcpe:/o:suse:sle-micro:5.4Security update for ucode-intel (Important)SUSE Linux Enterprise Micro 5.4
This update for ucode-intel fixes the following issues:
- Updated to Intel CPU Microcode 20231114 release. (bsc#1215278)
- CVE-2023-23583: Fixed potential CPU deadlocks or privilege escalation. (bsc#1215278)
ImportantSUSE bug 1215278CVE-2023-23583 at SUSECVE-2023-23583 at NVDcpe:/o:suse:sle-micro:5.4Security update for avahi (Moderate)SUSE Linux Enterprise Micro 5.4
This update for avahi fixes the following issues:
- CVE-2023-38470: Ensure each label is at least one byte long (bsc#1215947).
- CVE-2023-38473: Fixed a reachable assertion when parsing a host name (bsc#1216419).
ModerateSUSE bug 1215947SUSE bug 1216419CVE-2023-38470 at SUSECVE-2023-38470 at NVDCVE-2023-38473 at SUSECVE-2023-38473 at NVDcpe:/o:suse:sle-micro:5.4Security update for python3-setuptools (Moderate)SUSE Linux Enterprise Micro 5.4
This update for python3-setuptools fixes the following issues:
- CVE-2022-40897: Fixed Regular Expression Denial of Service (ReDoS) in package_index.py (bsc#1206667).
ModerateSUSE bug 1206667CVE-2022-40897 at SUSECVE-2022-40897 at NVDcpe:/o:suse:sle-micro:5.4Security update for openssl-1_1 (Important)SUSE Linux Enterprise Micro 5.4
This update for openssl-1_1 fixes the following issues:
- CVE-2023-5678: Fixed generating and checking of excessively long X9.42 DH keys that resulted in a possible Denial of Service (bsc#1216922).
ImportantSUSE bug 1216922CVE-2023-5678 at SUSECVE-2023-5678 at NVDcpe:/o:suse:sle-micro:5.4Security update for libxml2 (Moderate)SUSE Linux Enterprise Micro 5.4
This update for libxml2 fixes the following issues:
- CVE-2023-45322: Fixed a use-after-free in xmlUnlinkNode() in tree.c (bsc#1216129).
ModerateSUSE bug 1216129CVE-2023-45322 at SUSECVE-2023-45322 at NVDcpe:/o:suse:sle-micro:5.4Security update for fdo-client (Moderate)SUSE Linux Enterprise Micro 5.4
This update for fdo-client fixes the following issues:
- Removed build key via utils/keys_gen.sh. (bsc#1216293)
ModerateSUSE bug 1216293cpe:/o:suse:sle-micro:5.4Security update for vim (Important)SUSE Linux Enterprise Micro 5.4
This update for vim fixes the following issues:
- CVE-2023-5344: Heap-based Buffer Overflow in vim prior to 9.0.1969 (bsc#1215940)
- CVE-2023-5441: segfault in exmode when redrawing (bsc#1216001)
- CVE-2023-5535: use-after-free from buf_contents_changed() (bsc#1216167)
- CVE-2023-46246: Integer Overflow in :history command (bsc#1216696)
ImportantSUSE bug 1215940SUSE bug 1216001SUSE bug 1216167SUSE bug 1216696CVE-2023-46246 at SUSECVE-2023-46246 at NVDCVE-2023-5344 at SUSECVE-2023-5344 at NVDCVE-2023-5441 at SUSECVE-2023-5441 at NVDCVE-2023-5535 at SUSECVE-2023-5535 at NVDcpe:/o:suse:sle-micro:5.4Security update for squashfs (Important)SUSE Linux Enterprise Micro 5.4
This update for squashfs fixes the following issues:
- CVE-2015-4645,CVE-2015-4646: Multiple buffer overflows fixed in squashfs-tools (bsc#935380)
- CVE-2021-40153: Fixed an issue where an attacker might have been able to write a file outside of destination (bsc#1189936)
- CVE-2021-41072: Fixed an issue where an attacker might have been
able to write a file outside the destination directory via a
symlink (bsc#1190531).
update to 4.6.1:
* Race condition which can cause corruption of the 'fragment
table' fixed. This is a regression introduced in August 2022,
and it has been seen when tailend packing is used (-tailends option).
* Fix build failure when the tools are being built without
extended attribute (XATTRs) support.
* Fix XATTR error message when an unrecognised prefix is
found
* Fix incorrect free of pointer when an unrecognised XATTR
prefix is found.
* Major improvements in extended attribute handling,
pseudo file handling, and miscellaneous new options and
improvements
* Extended attribute handling improved in Mksquashfs and
Sqfstar
* New Pseudo file xattr definition to add extended
attributes to files.
* New xattrs-add Action to add extended attributes to files
* Extended attribute handling improved in Unsquashfs
* Other major improvements
* Unsquashfs can now output Pseudo files to standard out.
* Mksquashfs can now input Pseudo files from standard in.
* Squashfs filesystems can now be converted (different
block size compression etc) without unpacking to an
intermediate filesystem or mounting, by piping the output of
Unsquashfs to Mksquashfs.
* Pseudo files are now supported by Sqfstar.
* 'Non-anchored' excludes are now supported by Unsquashfs.
update to 4.5.1 (bsc#1190531, CVE-2021-41072):
* This release adds Manpages for Mksquashfs(1), Unsquashfs(1),
Sqfstar(1) and Sqfscat(1).
* The -help text output from the utilities has been improved
and extended as well (but the Manpages are now more
comprehensive).
* CVE-2021-41072 which is a writing outside of destination
exploit, has been fixed.
* The number of hard-links in the filesystem is now also
displayed by Mksquashfs in the output summary.
* The number of hard-links written by Unsquashfs is now
also displayed in the output summary.
* Unsquashfs will now write to a pre-existing destination
directory, rather than aborting.
* Unsquashfs now allows '.' to used as the destination, to
extract to the current directory.
* The Unsquashfs progress bar now tracks empty files and
hardlinks, in addition to data blocks.
* -no-hardlinks option has been implemented for Sqfstar.
* More sanity checking for 'corrupted' filesystems, including
checks for multiply linked directories and directory loops.
* Options that may cause filesystems to be unmountable have
been moved into a new 'experts' category in the Mksquashfs
help text (and Manpage).
* Maximum cpiostyle filename limited to PATH_MAX. This
prevents attempts to overflow the stack, or cause system
calls to fail with a too long pathname.
* Don't always use 'max open file limit' when calculating
length of queues, as a very large file limit can cause
Unsquashfs to abort. Instead use the smaller of max open
file limit and cache size.
* Fix Mksquashfs silently ignoring Pseudo file definitions
when appending.
* Don't abort if no XATTR support has been built in, and
there's XATTRs in the filesystem. This is a regression
introduced in 2019 in Version 4.4.
* Fix duplicate check when the last file block is sparse.
update to 4.5:
* Mksquashfs now supports 'Actions'.
* New sqfstar command which will create a Squashfs image from a tar archive.
* Tar style handling of source pathnames in Mksquashfs.
* Cpio style handling of source pathnames in Mksquashfs.
* New option to throttle the amount of CPU and I/O.
* Mksquashfs now allows no source directory to be specified.
* New Pseudo file 'R' definition which allows a Regular file
o be created with data stored within the Pseudo file.
* Symbolic links are now followed in extract files
* Unsquashfs now supports 'exclude' files.
* Max depth traversal option added.
* Unsquashfs can now output a 'Pseudo file' representing the
input Squashfs filesystem.
* New -one-file-system option in Mksquashfs.
* New -no-hardlinks option in Mksquashfs.
* Exit code in Unsquashfs changed to distinguish between
non-fatal errors (exit 2), and fatal errors (exit 1).
* Xattr id count added in Unsquashfs '-stat' output.
* Unsquashfs 'write outside directory' exploit fixed.
* Error handling in Unsquashfs writer thread fixed.
* Fix failure to truncate destination if appending aborted.
* Prevent Mksquashfs reading the destination file.
ImportantSUSE bug 1189936SUSE bug 1190531SUSE bug 935380CVE-2015-4645 at SUSECVE-2015-4645 at NVDCVE-2015-4646 at SUSECVE-2015-4646 at NVDCVE-2021-40153 at SUSECVE-2021-40153 at NVDCVE-2021-41072 at SUSECVE-2021-41072 at NVDcpe:/o:suse:sle-micro:5.4Security update for sqlite3 (Important)SUSE Linux Enterprise Micro 5.4
This update for sqlite3 fixes the following issues:
- CVE-2023-2137: Fixed heap buffer overflow (bsc#1210660).
ImportantSUSE bug 1210660CVE-2023-2137 at SUSECVE-2023-2137 at NVDcpe:/o:suse:sle-micro:5.4Security update for traceroute (Moderate)SUSE Linux Enterprise Micro 5.4
This update for traceroute fixes the following issues:
- CVE-2023-46316: wrapper scripts do not properly parse command lines (bsc#1216591).
ModerateSUSE bug 1216591CVE-2023-46316 at SUSECVE-2023-46316 at NVDcpe:/o:suse:sle-micro:5.4Security update for haproxy (Moderate)SUSE Linux Enterprise Micro 5.4
This update for haproxy fixes the following issues:
- CVE-2023-45539: Fixed misinterpretation of a path_end rule with # as part of the URI component (bsc#1217653).
ModerateSUSE bug 1217653CVE-2023-45539 at SUSECVE-2023-45539 at NVDcpe:/o:suse:sle-micro:5.4Security update for openssl-3 (Important)SUSE Linux Enterprise Micro 5.4
This update for openssl-3 fixes the following issues:
- CVE-2023-5678: Fixed generating and checking of excessively long X9.42 DH keys that resulted in a possible Denial of Service (bsc#1216922).
Bug fixes:
- The default /etc/ssl/openssl3.cnf file will include any configuration files that
other packages might place into /etc/ssl/engines3.d/ and
/etc/ssl/engdef3.d/.
- Create the two new necessary directores for the above. [bsc#1194187, bsc#1207472]
ImportantSUSE bug 1194187SUSE bug 1207472SUSE bug 1216922CVE-2023-5678 at SUSECVE-2023-5678 at NVDcpe:/o:suse:sle-micro:5.4Security update for curl (Moderate)SUSE Linux Enterprise Micro 5.4
This update for curl fixes the following issues:
- CVE-2023-46218: Fixed cookie mixed case PSL bypass (bsc#1217573).
- CVE-2023-46219: HSTS long file name clears contents (bsc#1217574).
ModerateSUSE bug 1217573SUSE bug 1217574CVE-2023-46218 at SUSECVE-2023-46218 at NVDCVE-2023-46219 at SUSECVE-2023-46219 at NVDcpe:/o:suse:sle-micro:5.4Security update for kernel-firmware (Important)SUSE Linux Enterprise Micro 5.4
This update for kernel-firmware fixes the following issues:
Update AMD ucode to 20231030 (bsc#1215831):
- CVE-2022-23820: Failure to validate the AMD SMM communication buffer may allow an attacker to corrupt the SMRAM potentially leading to arbitrary code execution.
- CVE-2021-46774: Insufficient input validation in ABL may enable a privileged attacker to perform arbitrary DRAM writes, potentially resulting in code execution and privilege escalation.
- CVE-2023-20533: Insufficient DRAM address validation in System Management Unit (SMU) may allow an attacker using DMA to read/write from/to invalid DRAM address potentially resulting in denial-of-service.
0 CVE-2023-20519: A Use-After-Free vulnerability in the management of an SNP guest context page may allow a malicious hypervisor to masquerade as the guest's migration agent resulting in a potential loss of guest integrity.
- CVE-2023-20566: Improper address validation in ASP with SNP enabled may potentially allow an attacker to compromise guest memory integrity.
- CVE-2023-20521: TOCTOU in the ASP Bootloader may allow an attacker with physical access to tamper with SPI ROM records after memory content verification, potentially leading to loss of confidentiality or a denial of service.
- CVE-2021-46766: Improper clearing of sensitive data in the ASP Bootloader may expose secret keys to a privileged attacker accessing ASP SRAM, potentially leading to a loss of confidentiality.
- CVE-2022-23830: SMM configuration may not be immutable, as intended, when SNP is enabled resulting in a potential limited loss of guest memory integrity.
- CVE-2023-20526: Insufficient input validation in the ASP Bootloader may enable a privileged attacker with physical access to expose the contents of ASP memory potentially leading to a loss of confidentiality.
- CVE-2021-26345: Failure to validate the value in APCB may allow an attacker with physical access to tamper with the APCB token to force an out-of-bounds memory read potentially resulting in a denial of service.
- CVE-2023-20592: Issue with INVD instruction aka CacheWarpAttack (bsc#1215823).
ImportantSUSE bug 1215823SUSE bug 1215831CVE-2021-26345 at SUSECVE-2021-26345 at NVDCVE-2021-46766 at SUSECVE-2021-46766 at NVDCVE-2021-46774 at SUSECVE-2021-46774 at NVDCVE-2022-23820 at SUSECVE-2022-23820 at NVDCVE-2022-23830 at SUSECVE-2022-23830 at NVDCVE-2023-20519 at SUSECVE-2023-20519 at NVDCVE-2023-20521 at SUSECVE-2023-20521 at NVDCVE-2023-20526 at SUSECVE-2023-20526 at NVDCVE-2023-20533 at SUSECVE-2023-20533 at NVDCVE-2023-20566 at SUSECVE-2023-20566 at NVDCVE-2023-20592 at SUSECVE-2023-20592 at NVDcpe:/o:suse:sle-micro:5.4Security update for suse-build-key (Important)SUSE Linux Enterprise Micro 5.4
This update for suse-build-key fixes the following issues:
This update runs a import-suse-build-key script.
The previous libzypp-post-script based installation is replaced
with a systemd timer and service (bsc#1217215 bsc#1216410 jsc#PED-2777).
- suse-build-key-import.service
- suse-build-key-import.timer
It imports the future SUSE Linux Enterprise 15 4096 bit RSA key primary and reserve keys.
After successful import the timer is disabled.
To manually import them you can also run:
# rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-3fa1d6ce-63c9481c.asc
# rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-d588dc46-63c939db.asc
ImportantSUSE bug 1216410SUSE bug 1217215cpe:/o:suse:sle-micro:5.4Security update for cdi-apiserver-container, cdi-cloner-container, cdi-controller-container, cdi-importer-container, cdi-operator-container, cdi-uploadproxy-container, cdi-uploadserver-container, containerized-data-importer (Important)SUSE Linux Enterprise Micro 5.4
This update for cdi-apiserver-container, cdi-cloner-container, cdi-controller-container, cdi-importer-container, cdi-operator-container, cdi-uploadproxy-container, cdi-uploadserver-container, containerized-data-importer fixes the following issues:
This update rebuilds containerized-data-importer and its containers against updated
GO and updated base images.
Importantcpe:/o:suse:sle-micro:5.4Security update for kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container (Important)SUSE Linux Enterprise Micro 5.4
This update for kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container fixes the following issues:
Kubevirt is rebuilt against updated dependencies to fix security issues.
Importantcpe:/o:suse:sle-micro:5.4Security update for catatonit, containerd, runc (Important)SUSE Linux Enterprise Micro 5.4
This update of runc and containerd fixes the following issues:
containerd:
- Update to containerd v1.7.8. Upstream release notes:
https://github.com/containerd/containerd/releases/tag/v1.7.8
* CVE-2022-1996: Fixed CORS bypass in go-restful (bsc#1200528)
catatonit:
- Update to catatonit v0.2.0.
* Change license to GPL-2.0-or-later.
- Update to catatont v0.1.7
* This release adds the ability for catatonit to be used as the only
process in a pause container, by passing the -P flag (in this mode no
subprocess is spawned and thus no signal forwarding is done).
- Update to catatonit v0.1.6, which fixes a few bugs -- mainly ones related to
socket activation or features somewhat adjacent to socket activation (such as
passing file descriptors).
runc:
- Update to runc v1.1.10. Upstream changelog is available from
https://github.com/opencontainers/runc/releases/tag/v1.1.10
ImportantSUSE bug 1200528CVE-2022-1996 at SUSECVE-2022-1996 at NVDcpe:/o:suse:sle-micro:5.4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.4
The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2023-6176: Fixed a denial of service in the cryptographic algorithm scatterwalk functionality (bsc#1217332).
- CVE-2023-2006: Fixed a race condition in the RxRPC network protocol (bsc#1210447).
- CVE-2023-39197: Fixed a out-of-bounds read in nf_conntrack_dccp_packet() (bsc#1216976).
- CVE-2023-4244: Fixed a use-after-free in the nf_tables component, which could be exploited to achieve local privilege escalation (bsc#1215420).
- CVE-2023-6039: Fixed a use-after-free in lan78xx_disconnect in drivers/net/usb/lan78xx.c (bsc#1217068).
- CVE-2023-45863: Fixed a out-of-bounds write in fill_kobj_path() (bsc#1216058).
- CVE-2023-5158: Fixed a denial of service in vringh_kiov_advance() in drivers/vhost/vringh.c in the host side of a virtio ring (bsc#1215710).
- CVE-2023-45871: Fixed an issue in the IGB driver, where the buffer size may not be adequate for frames larger than the MTU (bsc#1216259).
- CVE-2023-5717: Fixed a heap out-of-bounds write vulnerability in the Performance Events component (bsc#1216584).
- CVE-2023-39198: Fixed a race condition leading to use-after-free in qxl_mode_dumb_create() (bsc#1216965).
- CVE-2023-25775: Fixed improper access control in the Intel Ethernet Controller RDMA driver (bsc#1216959).
- CVE-2023-46862: Fixed a NULL pointer dereference in io_uring_show_fdinfo() (bsc#1216693).
The following non-security bugs were fixed:
- ACPI: FPDT: properly handle invalid FPDT subtables (git-fixes).
- ACPI: resource: Do IRQ override on TongFang GMxXGxx (git-fixes).
- ACPI: resource: Skip IRQ override on ASUS ExpertBook B1402CVA (git-fixes).
- ACPI: sysfs: Fix create_pnp_modalias() and create_of_modalias() (git-fixes).
- ALSA: hda/realtek - Add Dell ALC295 to pin fall back table (git-fixes).
- ALSA: hda/realtek - Enable internal speaker of ASUS K6500ZC (git-fixes).
- ALSA: hda/realtek: Add quirks for HP Laptops (git-fixes).
- ALSA: hda/realtek: Enable Mute LED on HP 255 G10 (git-fixes).
- ALSA: hda/realtek: Enable Mute LED on HP 255 G8 (git-fixes).
- ALSA: hda: Disable power-save on KONTRON SinglePC (bsc#1217140).
- ALSA: hda: Fix possible null-ptr-deref when assigning a stream (git-fixes).
- ALSA: hda: cs35l41: Fix unbalanced pm_runtime_get() (git-fixes).
- ALSA: hda: cs35l41: Undo runtime PM changes at driver exit time (git-fixes).
- ALSA: hda: intel-dsp-config: Fix JSL Chromebook quirk detection (git-fixes).
- ALSA: info: Fix potential deadlock at disconnection (git-fixes).
- ARM: 9321/1: memset: cast the constant byte to unsigned char (git-fixes).
- ASoC: Intel: Skylake: Fix mem leak when parsing UUIDs fails (git-fixes).
- ASoC: ams-delta.c: use component after check (git-fixes).
- ASoC: codecs: wsa-macro: fix uninitialized stack variables with name prefix (git-fixes).
- ASoC: cs35l41: Undo runtime PM changes at driver exit time (git-fixes).
- ASoC: cs35l41: Verify PM runtime resume errors in IRQ handler (git-fixes).
- ASoC: fsl: Fix PM disable depth imbalance in fsl_easrc_probe (git-fixes).
- ASoC: fsl: mpc5200_dma.c: Fix warning of Function parameter or member not described (git-fixes).
- ASoC: hdmi-codec: register hpd callback on component probe (git-fixes).
- ASoC: rt5650: fix the wrong result of key button (git-fixes).
- ASoC: simple-card: fixup asoc_simple_probe() error handling (git-fixes).
- ASoC: ti: omap-mcbsp: Fix runtime PM underflow warnings (git-fixes).
- Bluetooth: btusb: Add 0bda:b85b for Fn-Link RTL8852BE (git-fixes).
- Bluetooth: btusb: Add RTW8852BE device 13d3:3570 to device tables (git-fixes).
- Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x0cb8:0xc559 (git-fixes).
- Bluetooth: btusb: Add date->evt_skb is NULL check (git-fixes).
- Disable Loongson drivers Loongson is a mips architecture, it does not make sense to build Loongson drivers on other architectures.
- Documentation: networking: correct possessive 'its' (bsc#1215458).
- Drivers: hv: vmbus: Remove unused extern declaration vmbus_ontimer() (git-fixes).
- Ensure ia32_emulation is always enabled for kernel-obs-build If ia32_emulation is disabled by default, ensure it is enabled back for OBS kernel to allow building 32bit binaries (jsc#PED-3184) [ms: Always pass the parameter, no need to grep through the config which may not be very reliable]
- Fix termination state for idr_for_each_entry_ul() (git-fixes).
- HID: Add quirk for Dell Pro Wireless Keyboard and Mouse KM5221W (git-fixes).
- HID: hyperv: Replace one-element array with flexible-array member (git-fixes).
- HID: hyperv: avoid struct memcpy overrun warning (git-fixes).
- HID: hyperv: remove unused struct synthhid_msg (git-fixes).
- HID: lenovo: Detect quirk-free fw on cptkbd and stop applying workaround (git-fixes).
- HID: logitech-hidpp: Do not restart IO, instead defer hid_connect() only (git-fixes).
- HID: logitech-hidpp: Move get_wireless_feature_index() check to hidpp_connect_event() (git-fixes).
- HID: logitech-hidpp: Remove HIDPP_QUIRK_NO_HIDINPUT quirk (git-fixes).
- HID: logitech-hidpp: Revert 'Do not restart communication if not necessary' (git-fixes).
- Input: synaptics-rmi4 - fix use after free in rmi_unregister_function() (git-fixes).
- Input: synaptics-rmi4 - handle reset delay when using SMBus trsnsport (git-fixes).
- Input: xpad - add VID for Turtle Beach controllers (git-fixes).
- PCI/ASPM: Fix L1 substate handling in aspm_attr_store_common() (git-fixes).
- PCI/sysfs: Protect driver's D3cold preference from user space (git-fixes).
- PCI: Disable ATS for specific Intel IPU E2000 devices (bsc#1215458).
- PCI: Extract ATS disabling to a helper function (bsc#1215458).
- PCI: Prevent xHCI driver from claiming AMD VanGogh USB3 DRD device (git-fixes).
- PCI: Use FIELD_GET() in Sapphire RX 5600 XT Pulse quirk (git-fixes).
- PCI: Use FIELD_GET() to extract Link Width (git-fixes).
- PCI: exynos: Do not discard .remove() callback (git-fixes).
- PCI: keystone: Do not discard .probe() callback (git-fixes).
- PCI: keystone: Do not discard .remove() callback (git-fixes).
- PCI: tegra194: Use FIELD_GET()/FIELD_PREP() with Link Width fields (git-fixes).
- PM / devfreq: rockchip-dfi: Make pmu regmap mandatory (git-fixes).
- PM: hibernate: Use __get_safe_page() rather than touching the list (git-fixes).
- USB: dwc2: write HCINT with INTMASK applied (bsc#1214286).
- USB: dwc3: qcom: fix ACPI platform device leak (git-fixes).
- USB: dwc3: qcom: fix resource leaks on probe deferral (git-fixes).
- USB: dwc3: qcom: fix software node leak on probe errors (git-fixes).
- USB: dwc3: qcom: fix wakeup after probe deferral (git-fixes).
- USB: serial: option: add Fibocom L7xx modules (git-fixes).
- USB: serial: option: add Luat Air72*U series products (git-fixes).
- USB: serial: option: do not claim interface 4 for ZTE MF290 (git-fixes).
- USB: serial: option: fix FM101R-GL defines (git-fixes).
- USB: usbip: fix stub_dev hub disconnect (git-fixes).
- arm/xen: fix xen_vcpu_info allocation alignment (git-fixes).
- arm64: Add Cortex-A520 CPU part definition (git-fixes)
- arm64: allow kprobes on EL0 handlers (git-fixes)
- arm64: armv8_deprecated move emulation functions (git-fixes)
- arm64: armv8_deprecated: fix unused-function error (git-fixes)
- arm64: armv8_deprecated: fold ops into insn_emulation (git-fixes)
- arm64: armv8_deprecated: move aarch32 helper earlier (git-fixes)
- arm64: armv8_deprecated: rework deprected instruction handling (git-fixes)
- arm64: consistently pass ESR_ELx to die() (git-fixes)
- arm64: die(): pass 'err' as long (git-fixes)
- arm64: factor insn read out of call_undef_hook() (git-fixes)
- arm64: factor out EL1 SSBS emulation hook (git-fixes)
- arm64: report EL1 UNDEFs better (git-fixes)
- arm64: rework BTI exception handling (git-fixes)
- arm64: rework EL0 MRS emulation (git-fixes)
- arm64: rework FPAC exception handling (git-fixes)
- arm64: split EL0/EL1 UNDEF handlers (git-fixes)
- ata: pata_isapnp: Add missing error check for devm_ioport_map() (git-fixes).
- atl1c: Work around the DMA RX overflow issue (git-fixes).
- atm: iphase: Do PCI error checks on own line (git-fixes).
- blk-mq: Do not clear driver tags own mapping (bsc#1217366).
- blk-mq: fix null pointer dereference in blk_mq_clear_rq_mapping() (bsc#1217366).
- bluetooth: Add device 0bda:887b to device tables (git-fixes).
- bluetooth: Add device 13d3:3571 to device tables (git-fixes).
- can: dev: can_put_echo_skb(): do not crash kernel if can_priv::echo_skb is accessed out of bounds (git-fixes).
- can: dev: can_restart(): do not crash kernel if carrier is OK (git-fixes).
- can: dev: can_restart(): fix race condition between controller restart and netif_carrier_on() (git-fixes).
- can: isotp: add local echo tx processing for consecutive frames (git-fixes).
- can: isotp: fix race between isotp_sendsmg() and isotp_release() (git-fixes).
- can: isotp: fix tx state handling for echo tx processing (git-fixes).
- can: isotp: handle wait_event_interruptible() return values (git-fixes).
- can: isotp: isotp_bind(): return -EINVAL on incorrect CAN ID formatting (git-fixes).
- can: isotp: isotp_sendmsg(): fix TX state detection and wait behavior (git-fixes).
- can: isotp: remove re-binding of bound socket (git-fixes).
- can: isotp: sanitize CAN ID checks in isotp_bind() (git-fixes).
- can: isotp: set max PDU size to 64 kByte (git-fixes).
- can: isotp: split tx timer into transmission and timeout (git-fixes).
- can: sja1000: Fix comment (git-fixes).
- clk: Sanitize possible_parent_show to Handle Return Value of of_clk_get_parent_name (git-fixes).
- clk: imx: Select MXC_CLK for CLK_IMX8QXP (git-fixes).
- clk: imx: imx8mq: correct error handling path (git-fixes).
- clk: imx: imx8qxp: Fix elcdif_pll clock (git-fixes).
- clk: keystone: pll: fix a couple NULL vs IS_ERR() checks (git-fixes).
- clk: mediatek: clk-mt2701: Add check for mtk_alloc_clk_data (git-fixes).
- clk: mediatek: clk-mt6765: Add check for mtk_alloc_clk_data (git-fixes).
- clk: mediatek: clk-mt6779: Add check for mtk_alloc_clk_data (git-fixes).
- clk: mediatek: clk-mt6797: Add check for mtk_alloc_clk_data (git-fixes).
- clk: mediatek: clk-mt7629-eth: Add check for mtk_alloc_clk_data (git-fixes).
- clk: mediatek: clk-mt7629: Add check for mtk_alloc_clk_data (git-fixes).
- clk: npcm7xx: Fix incorrect kfree (git-fixes).
- clk: qcom: clk-rcg2: Fix clock rate overflow for high parent frequencies (git-fixes).
- clk: qcom: config IPQ_APSS_6018 should depend on QCOM_SMEM (git-fixes).
- clk: qcom: gcc-sm8150: Fix gcc_sdcc2_apps_clk_src (git-fixes).
- clk: qcom: ipq6018: drop the CLK_SET_RATE_PARENT flag from PLL clocks (git-fixes).
- clk: qcom: mmcc-msm8998: Do not check halt bit on some branch clks (git-fixes).
- clk: qcom: mmcc-msm8998: Fix the SMMU GDSC (git-fixes).
- clk: scmi: Free scmi_clk allocated when the clocks with invalid info are skipped (git-fixes).
- clk: ti: Add ti_dt_clk_name() helper to use clock-output-names (git-fixes).
- clk: ti: Update component clocks to use ti_dt_clk_name() (git-fixes).
- clk: ti: Update pll and clockdomain clocks to use ti_dt_clk_name() (git-fixes).
- clk: ti: change ti_clk_register[_omap_hw]() API (git-fixes).
- clk: ti: fix double free in of_ti_divider_clk_setup() (git-fixes).
- crypto: caam/jr - fix Chacha20 + Poly1305 self test failure (git-fixes).
- crypto: caam/qi2 - fix Chacha20 + Poly1305 self test failure (git-fixes).
- crypto: hisilicon/hpre - Fix a erroneous check after snprintf() (git-fixes).
- dmaengine: pxa_dma: Remove an erroneous BUG_ON() in pxad_free_desc() (git-fixes).
- dmaengine: ste_dma40: Fix PM disable depth imbalance in d40_probe (git-fixes).
- dmaengine: stm32-mdma: correct desc prep when channel running (git-fixes).
- dmaengine: ti: edma: handle irq_of_parse_and_map() errors (git-fixes).
- docs: net: move the probe and open/close sections of driver.rst up (bsc#1215458).
- docs: net: reformat driver.rst from a list to sections (bsc#1215458).
- docs: net: use C syntax highlight in driver.rst (bsc#1215458).
- drm/amd/display: Avoid NULL dereference of timing generator (git-fixes).
- drm/amd/display: Change the DMCUB mailbox memory location from FB to inbox (git-fixes).
- drm/amd/display: remove useless check in should_enable_fbc() (git-fixes).
- drm/amd/display: use full update for clip size increase of large plane source (git-fixes).
- drm/amd/pm: Handle non-terminated overdrive commands (git-fixes).
- drm/amd: Fix UBSAN array-index-out-of-bounds for Polaris and Tonga (git-fixes).
- drm/amd: Fix UBSAN array-index-out-of-bounds for SMU7 (git-fixes).
- drm/amdgpu: Fix a null pointer access when the smc_rreg pointer is NULL (git-fixes).
- drm/amdgpu: Fix potential null pointer derefernce (git-fixes).
- drm/amdgpu: do not use ATRM for external devices (git-fixes).
- drm/amdgpu: fix error handling in amdgpu_bo_list_get() (git-fixes).
- drm/amdgpu: fix software pci_unplug on some chips (git-fixes).
- drm/amdkfd: Fix a race condition of vram buffer unref in svm code (git-fixes).
- drm/amdkfd: Fix shift out-of-bounds issue (git-fixes).
- drm/amdkfd: fix some race conditions in vram buffer alloc/free of svm code (git-fixes).
- drm/bridge: Fix kernel-doc typo in desc of output_bus_cfg in drm_bridge_state (git-fixes).
- drm/bridge: lt8912b: Add missing drm_bridge_attach call (git-fixes).
- drm/bridge: lt8912b: Fix bridge_detach (git-fixes).
- drm/bridge: lt8912b: Fix crash on bridge detach (git-fixes).
- drm/bridge: lt8912b: Manually disable HPD only if it was enabled (git-fixes).
- drm/bridge: lt8912b: Register and attach our DSI device at probe (git-fixes).
- drm/bridge: lt8912b: Switch to devm MIPI-DSI helpers (git-fixes).
- drm/bridge: lt9611uxc: Register and attach our DSI device at probe (git-fixes).
- drm/bridge: lt9611uxc: Switch to devm MIPI-DSI helpers (git-fixes).
- drm/bridge: lt9611uxc: fix the race in the error path (git-fixes).
- drm/bridge: tc358768: Disable non-continuous clock mode (git-fixes).
- drm/bridge: tc358768: Fix bit updates (git-fixes).
- drm/bridge: tc358768: Fix use of uninitialized variable (git-fixes).
- drm/gud: Use size_add() in call to struct_size() (git-fixes).
- drm/i915/pmu: Check if pmu is closed before stopping event (git-fixes).
- drm/i915: Fix potential spectre vulnerability (git-fixes).
- drm/komeda: drop all currently held locks if deadlock happens (git-fixes).
- drm/mediatek: Fix iommu fault by swapping FBs after updating plane state (git-fixes).
- drm/mediatek: Fix iommu fault during crtc enabling (git-fixes).
- drm/mipi-dsi: Create devm device attachment (git-fixes).
- drm/mipi-dsi: Create devm device registration (git-fixes).
- drm/msm/dp: skip validity check for DP CTS EDID checksum (git-fixes).
- drm/panel/panel-tpo-tpg110: fix a possible null pointer dereference (git-fixes).
- drm/panel: fix a possible null pointer dereference (git-fixes).
- drm/panel: simple: Fix Innolux G101ICE-L01 bus flags (git-fixes).
- drm/panel: simple: Fix Innolux G101ICE-L01 timings (git-fixes).
- drm/panel: st7703: Pick different reset sequence (git-fixes).
- drm/qxl: prevent memory leak (git-fixes).
- drm/radeon: possible buffer overflow (git-fixes).
- drm/rockchip: Fix type promotion bug in rockchip_gem_iommu_map() (git-fixes).
- drm/rockchip: cdn-dp: Fix some error handling paths in cdn_dp_probe() (git-fixes).
- drm/rockchip: vop: Fix call to crtc reset helper (git-fixes).
- drm/rockchip: vop: Fix color for RGB888/BGR888 format on VOP full (git-fixes).
- drm/rockchip: vop: Fix reset of state in duplicate state crtc funcs (git-fixes).
- drm/syncobj: fix DRM_SYNCOBJ_WAIT_FLAGS_WAIT_AVAILABLE (git-fixes).
- drm/vc4: fix typo (git-fixes).
- drm: vmwgfx_surface.c: copy user-array safely (git-fixes).
- dt-bindings: usb: hcd: add missing phy name to example (git-fixes).
- dt-bindings: usb: qcom,dwc3: fix example wakeup interrupt types (git-fixes).
- fbdev: fsl-diu-fb: mark wr_reg_wa() static (git-fixes).
- fbdev: imsttfb: Fix error path of imsttfb_probe() (git-fixes).
- fbdev: imsttfb: Release framebuffer and dealloc cmap on error path (git-fixes).
- fbdev: imsttfb: fix a resource leak in probe (git-fixes).
- fbdev: imsttfb: fix double free in probe() (git-fixes).
- fbdev: omapfb: Drop unused remove function (git-fixes).
- firewire: core: fix possible memory leak in create_units() (git-fixes).
- firmware/imx-dsp: Fix use_after_free in imx_dsp_setup_channels() (git-fixes).
- gpio: mockup: fix kerneldoc (git-fixes).
- gpio: mockup: remove unused field (git-fixes).
- hid: cp2112: Fix duplicate workqueue initialization (git-fixes).
- hv: simplify sysctl registration (git-fixes).
- hv_netvsc: Fix race of register_netdevice_notifier and VF register (git-fixes).
- hv_netvsc: Mark VF as slave before exposing it to user-mode (git-fixes).
- hv_netvsc: fix netvsc_send_completion to avoid multiple message length checks (git-fixes).
- hv_netvsc: fix race of netvsc and VF register_netdevice (git-fixes).
- hwmon: (coretemp) Fix potentially truncated sysfs attribute name (git-fixes).
- i2c: aspeed: Fix i2c bus hang in slave read (git-fixes).
- i2c: core: Run atomic i2c xfer when !preemptible (git-fixes).
- i2c: designware: Disable TX_EMPTY irq while waiting for block length byte (git-fixes).
- i2c: dev: copy userspace array safely (git-fixes).
- i2c: i801: fix potential race in i801_block_transaction_byte_by_byte (git-fixes).
- i2c: iproc: handle invalid slave state (git-fixes).
- i2c: muxes: i2c-demux-pinctrl: Use of_get_i2c_adapter_by_node() (git-fixes).
- i2c: muxes: i2c-mux-gpmux: Use of_get_i2c_adapter_by_node() (git-fixes).
- i2c: muxes: i2c-mux-pinctrl: Use of_get_i2c_adapter_by_node() (git-fixes).
- i2c: stm32f7: Fix PEC handling in case of SMBUS transfers (git-fixes).
- i2c: sun6i-p2wi: Prevent potential division by zero (git-fixes).
- i3c: Fix potential refcount leak in i3c_master_register_new_i3c_devs (git-fixes).
- i3c: master: cdns: Fix reading status register (git-fixes).
- i3c: master: mipi-i3c-hci: Fix a kernel panic for accessing DAT_data (git-fixes).
- i3c: master: svc: fix SDA keep low when polling IBIWON timeout happen (git-fixes).
- i3c: master: svc: fix check wrong status register in irq handler (git-fixes).
- i3c: master: svc: fix ibi may not return mandatory data byte (git-fixes).
- i3c: master: svc: fix race condition in ibi work thread (git-fixes).
- i3c: master: svc: fix wrong data return when IBI happen during start frame (git-fixes).
- i3c: mipi-i3c-hci: Fix out of bounds access in hci_dma_irq_handler (git-fixes).
- i915/perf: Fix NULL deref bugs with drm_dbg() calls (git-fixes).
- idpf: add RX splitq napi poll support (bsc#1215458).
- idpf: add SRIOV support and other ndo_ops (bsc#1215458).
- idpf: add TX splitq napi poll support (bsc#1215458).
- idpf: add controlq init and reset checks (bsc#1215458).
- idpf: add core init and interrupt request (bsc#1215458).
- idpf: add create vport and netdev configuration (bsc#1215458).
- idpf: add ethtool callbacks (bsc#1215458).
- idpf: add module register and probe functionality (bsc#1215458).
- idpf: add ptypes and MAC filter support (bsc#1215458).
- idpf: add singleq start_xmit and napi poll (bsc#1215458).
- idpf: add splitq start_xmit (bsc#1215458).
- idpf: cancel mailbox work in error path (bsc#1215458).
- idpf: configure resources for RX queues (bsc#1215458).
- idpf: configure resources for TX queues (bsc#1215458).
- idpf: fix potential use-after-free in idpf_tso() (bsc#1215458).
- idpf: initialize interrupts and enable vport (bsc#1215458).
- idpf: set scheduling mode for completion queue (bsc#1215458).
- iio: adc: xilinx-xadc: Correct temperature offset/scale for UltraScale (git-fixes).
- iio: adc: xilinx-xadc: Do not clobber preset voltage/temperature thresholds (git-fixes).
- iio: exynos-adc: request second interupt only when touchscreen mode is used (git-fixes).
- irqchip/stm32-exti: add missing DT IRQ flag translation (git-fixes).
- kabi/severities: ignore kabi in rxrpc (bsc#1210447) The rxrpc module is built since SLE15-SP3 but it is not shipped as part of any SLE product, only in Leap (in kernel-*-optional).
- kernel-binary: suse-module-tools is also required when installed Requires(pre) adds dependency for the specific sciptlet. However, suse-module-tools also ships modprobe.d files which may be needed at posttrans time or any time the kernel is on the system for generating ramdisk. Add plain Requires as well.
- kernel-source: Move provides after sources
- kernel/fork: beware of __put_task_struct() calling context (bsc#1189998 (PREEMPT_RT prerequisite backports)).
- kernel/fork: beware of __put_task_struct() calling context (bsc#1216761).
- leds: pwm: Do not disable the PWM when the LED should be off (git-fixes).
- leds: trigger: ledtrig-cpu:: Fix 'output may be truncated' issue for 'cpu' (git-fixes).
- leds: turris-omnia: Do not use SMBUS calls (git-fixes).
- lsm: fix default return value for inode_getsecctx (git-fixes).
- lsm: fix default return value for vm_enough_memory (git-fixes).
- media: bttv: fix use after free error due to btv->timeout timer (git-fixes).
- media: ccs: Correctly initialise try compose rectangle (git-fixes).
- media: ccs: Fix driver quirk struct documentation (git-fixes).
- media: cedrus: Fix clock/reset sequence (git-fixes).
- media: cobalt: Use FIELD_GET() to extract Link Width (git-fixes).
- media: gspca: cpia1: shift-out-of-bounds in set_flicker (git-fixes).
- media: i2c: max9286: Fix some redundant of_node_put() calls (git-fixes).
- media: imon: fix access to invalid resource for the second interface (git-fixes).
- media: lirc: drop trailing space from scancode transmit (git-fixes).
- media: qcom: camss: Fix VFE-17x vfe_disable_output() (git-fixes).
- media: qcom: camss: Fix missing vfe_lite clocks check (git-fixes).
- media: qcom: camss: Fix pm_domain_on sequence in probe (git-fixes).
- media: qcom: camss: Fix vfe_get() error jump (git-fixes).
- media: sharp: fix sharp encoding (git-fixes).
- media: siano: Drop unnecessary error check for debugfs_create_dir/file() (git-fixes).
- media: venus: hfi: add checks to handle capabilities from firmware (git-fixes).
- media: venus: hfi: add checks to perform sanity on queue pointers (git-fixes).
- media: venus: hfi: fix the check to handle session buffer requirement (git-fixes).
- media: venus: hfi_parser: Add check to keep the number of codecs within range (git-fixes).
- media: vidtv: mux: Add check and kfree for kstrdup (git-fixes).
- media: vidtv: psi: Add check for kstrdup (git-fixes).
- media: vivid: avoid integer overflow (git-fixes).
- mfd: arizona-spi: Set pdata.hpdet_channel for ACPI enumerated devs (git-fixes).
- mfd: core: Ensure disabled devices are skipped without aborting (git-fixes).
- mfd: dln2: Fix double put in dln2_probe (git-fixes).
- misc: fastrpc: Clean buffers on remote invocation failures (git-fixes).
- misc: pci_endpoint_test: Add Device ID for R-Car S4-8 PCIe controller (git-fixes).
- mm/hmm: fault non-owner device private entries (bsc#1216844, jsc#PED-7237, git-fixes).
- mmc: block: Be sure to wait while busy in CQE error recovery (git-fixes).
- mmc: block: Do not lose cache flush during CQE error recovery (git-fixes).
- mmc: block: Retry commands in CQE error recovery (git-fixes).
- mmc: cqhci: Fix task clearing in CQE error recovery (git-fixes).
- mmc: cqhci: Increase recovery halt timeout (git-fixes).
- mmc: cqhci: Warn of halt or task clear failure (git-fixes).
- mmc: meson-gx: Remove setting of CMD_CFG_ERROR (git-fixes).
- mmc: sdhci-pci-gli: A workaround to allow GL9750 to enter ASPM L1.2 (git-fixes).
- mmc: sdhci-pci-gli: GL9750: Mask the replay timer timeout of AER (git-fixes).
- mmc: sdhci_am654: fix start loop index for TAP value parsing (git-fixes).
- mmc: vub300: fix an error code (git-fixes).
- modpost: fix tee MODULE_DEVICE_TABLE built on big-endian host (git-fixes).
- mt76: dma: use kzalloc instead of devm_kzalloc for txwi (git-fixes).
- mtd: cfi_cmdset_0001: Byte swap OTP info (git-fixes).
- mtd: rawnand: arasan: Include ECC syndrome along with in-band data while checking for ECC failure (git-fixes).
- net-memcg: Fix scope of sockmem pressure indicators (bsc#1216759).
- net: Avoid address overwrite in kernel_connect (bsc#1216861).
- net: add macro netif_subqueue_completed_wake (bsc#1215458).
- net: fix use-after-free in tw_timer_handler (bsc#1217195).
- net: ieee802154: adf7242: Fix some potential buffer overflow in adf7242_stats_show() (git-fixes).
- net: mana: Fix return type of mana_start_xmit() (git-fixes).
- net: piggy back on the memory barrier in bql when waking queues (bsc#1215458).
- net: provide macros for commonly copied lockless queue stop/wake code (bsc#1215458).
- net: usb: ax88179_178a: fix failed operations during ax88179_reset (git-fixes).
- net: usb: smsc95xx: Fix uninit-value access in smsc95xx_read_reg (git-fixes).
- nvme: update firmware version after commit (bsc#1215292).
- pcmcia: cs: fix possible hung task and memory leak pccardd() (git-fixes).
- pcmcia: ds: fix possible name leak in error path in pcmcia_device_add() (git-fixes).
- pcmcia: ds: fix refcount leak in pcmcia_device_add() (git-fixes).
- pinctrl: avoid reload of p state in list iteration (git-fixes).
- platform/x86: thinkpad_acpi: Add battery quirk for Thinkpad X120e (git-fixes).
- platform/x86: wmi: Fix opening of char device (git-fixes).
- platform/x86: wmi: Fix probe failure when failing to register WMI devices (git-fixes).
- platform/x86: wmi: remove unnecessary initializations (git-fixes).
- powerpc: Do not clobber f0/vs0 during fp|altivec register save (bsc#1217780).
- pwm: Fix double shift bug (git-fixes).
- pwm: brcmstb: Utilize appropriate clock APIs in suspend/resume (git-fixes).
- pwm: sti: Reduce number of allocations and drop usage of chip_data (git-fixes).
- r8152: Cancel hw_phy_work if we have an error in probe (git-fixes).
- r8152: Check for unplug in r8153b_ups_en() / r8153c_ups_en() (git-fixes).
- r8152: Check for unplug in rtl_phy_patch_request() (git-fixes).
- r8152: Increase USB control msg timeout to 5000ms as per spec (git-fixes).
- r8152: Release firmware if we have an error in probe (git-fixes).
- r8152: Run the unload routine if we have errors during probe (git-fixes).
- regmap: Ensure range selector registers are updated after cache sync (git-fixes).
- regmap: debugfs: Fix a erroneous check after snprintf() (git-fixes).
- regmap: prevent noinc writes from clobbering cache (git-fixes).
- s390/ap: fix AP bus crash on early config change callback invocation (git-fixes bsc#1217687).
- s390/cio: unregister device when the only path is gone (git-fixes bsc#1217609).
- s390/cmma: fix detection of DAT pages (LTC#203997 bsc#1217086).
- s390/cmma: fix handling of swapper_pg_dir and invalid_pg_dir (LTC#203997 bsc#1217086).
- s390/cmma: fix initial kernel address space page table walk (LTC#203997 bsc#1217086).
- s390/crashdump: fix TOD programmable field size (git-fixes bsc#1217205).
- s390/dasd: fix hanging device after request requeue (git-fixes LTC#203629 bsc#1215124).
- s390/dasd: protect device queue against concurrent access (git-fixes bsc#1217515).
- s390/dasd: use correct number of retries for ERP requests (git-fixes bsc#1217598).
- s390/ipl: add missing secure/has_secure file to ipl type 'unknown' (bsc#1214976 git-fixes).
- s390/mm: add missing arch_set_page_dat() call to gmap allocations (LTC#203997 bsc#1217086).
- s390/mm: add missing arch_set_page_dat() call to vmem_crst_alloc() (LTC#203997 bsc#1217086).
- s390/pkey: fix/harmonize internal keyblob headers (git-fixes bsc#1217200).
- s390/ptrace: fix PTRACE_GET_LAST_BREAK error handling (git-fixes bsc#1217599).
- sbsa_gwdt: Calculate timeout with 64-bit math (git-fixes).
- scsi: lpfc: Copyright updates for 14.2.0.16 patches (bsc#1217731).
- scsi: lpfc: Correct maximum PCI function value for RAS fw logging (bsc#1217731).
- scsi: lpfc: Eliminate unnecessary relocking in lpfc_check_nlp_post_devloss() (bsc#1217731).
- scsi: lpfc: Enhance driver logging for selected discovery events (bsc#1217731).
- scsi: lpfc: Fix list_entry null check warning in lpfc_cmpl_els_plogi() (bsc#1217731).
- scsi: lpfc: Fix possible file string name overflow when updating firmware (bsc#1217731).
- scsi: lpfc: Introduce LOG_NODE_VERBOSE messaging flag (bsc#1217124).
- scsi: lpfc: Refactor and clean up mailbox command memory free (bsc#1217731).
- scsi: lpfc: Reject received PRLIs with only initiator fcn role for NPIV ports (bsc#1217124).
- scsi: lpfc: Remove unnecessary zero return code assignment in lpfc_sli4_hba_setup (bsc#1217124).
- scsi: lpfc: Return early in lpfc_poll_eratt() when the driver is unloading (bsc#1217731).
- scsi: lpfc: Treat IOERR_SLI_DOWN I/O completion status the same as pci offline (bsc#1217124).
- scsi: lpfc: Update lpfc version to 14.2.0.15 (bsc#1217124).
- scsi: lpfc: Update lpfc version to 14.2.0.16 (bsc#1217731).
- scsi: lpfc: Validate ELS LS_ACC completion payload (bsc#1217124).
- scsi: qla2xxx: Fix double free of dsd_list during driver load (git-fixes).
- scsi: qla2xxx: Use FIELD_GET() to extract PCIe capability fields (git-fixes).
- selftests/efivarfs: create-read: fix a resource leak (git-fixes).
- selftests/pidfd: Fix ksft print formats (git-fixes).
- selftests/resctrl: Ensure the benchmark commands fits to its array (git-fixes).
- selftests/resctrl: Reduce failures due to outliers in MBA/MBM tests (git-fixes).
- selftests/resctrl: Remove duplicate feature check from CMT test (git-fixes).
- seq_buf: fix a misleading comment (git-fixes).
- serial: exar: Revert 'serial: exar: Add support for Sealevel 7xxxC serial cards' (git-fixes).
- serial: meson: Use platform_get_irq() to get the interrupt (git-fixes).
- soc: qcom: llcc: Handle a second device without data corruption (git-fixes).
- spi: nxp-fspi: use the correct ioremap function (git-fixes).
- spi: spi-zynq-qspi: add spi-mem to driver kconfig dependencies (git-fixes).
- spi: tegra: Fix missing IRQ check in tegra_slink_probe() (git-fixes).
- staging: media: ipu3: remove ftrace-like logging (git-fixes).
- string.h: add array-wrappers for (v)memdup_user() (git-fixes).
- supported.conf: marked idpf supported
- thermal: core: prevent potential string overflow (git-fixes).
- treewide: Spelling fix in comment (git-fixes).
- tty/sysrq: replace smp_processor_id() with get_cpu() (git-fixes).
- tty: 8250: Add Brainboxes Oxford Semiconductor-based quirks (git-fixes).
- tty: 8250: Add support for Brainboxes UP cards (git-fixes).
- tty: 8250: Add support for Intashield IS-100 (git-fixes).
- tty: 8250: Add support for Intashield IX cards (git-fixes).
- tty: 8250: Add support for additional Brainboxes PX cards (git-fixes).
- tty: 8250: Add support for additional Brainboxes UC cards (git-fixes).
- tty: 8250: Fix port count of PX-257 (git-fixes).
- tty: 8250: Fix up PX-803/PX-857 (git-fixes).
- tty: 8250: Remove UC-257 and UC-431 (git-fixes).
- tty: Fix uninit-value access in ppp_sync_receive() (git-fixes).
- tty: n_gsm: fix race condition in status line change on dead connections (git-fixes).
- tty: serial: meson: fix hard LOCKUP on crtscts mode (git-fixes).
- tty: tty_jobctrl: fix pid memleak in disassociate_ctty() (git-fixes).
- tty: vcc: Add check for kstrdup() in vcc_probe() (git-fixes).
- usb: cdnsp: Fix deadlock issue during using NCM gadget (git-fixes).
- usb: chipidea: Fix DMA overwrite for Tegra (git-fixes).
- usb: chipidea: Simplify Tegra DMA alignment code (git-fixes).
- usb: dwc2: fix possible NULL pointer dereference caused by driver concurrency (git-fixes).
- usb: dwc3: Fix default mode initialization (git-fixes).
- usb: dwc3: set the dma max_seg_size (git-fixes).
- usb: gadget: f_ncm: Always set current gadget in ncm_bind() (git-fixes).
- usb: raw-gadget: properly handle interrupted requests (git-fixes).
- usb: storage: set 1.50 as the lower bcdDevice for older 'Super Top' compatibility (git-fixes).
- usb: typec: tcpm: Fix NULL pointer dereference in tcpm_pd_svdm() (git-fixes).
- usb: typec: tcpm: Skip hard reset when in error recovery (git-fixes).
- virtchnl: add virtchnl version 2 ops (bsc#1215458).
- wifi: ath10k: Do not touch the CE interrupt registers after power up (git-fixes).
- wifi: ath10k: fix clang-specific fortify warning (git-fixes).
- wifi: ath11k: debugfs: fix to work with multiple PCI devices (git-fixes).
- wifi: ath11k: fix dfs radar event locking (git-fixes).
- wifi: ath11k: fix htt pktlog locking (git-fixes).
- wifi: ath11k: fix temperature event locking (git-fixes).
- wifi: ath9k: fix clang-specific fortify warnings (git-fixes).
- wifi: iwlwifi: Use FW rate for non-data frames (git-fixes).
- wifi: iwlwifi: call napi_synchronize() before freeing rx/tx queues (git-fixes).
- wifi: iwlwifi: empty overflow queue during flush (git-fixes).
- wifi: iwlwifi: honor the enable_ini value (git-fixes).
- wifi: iwlwifi: pcie: synchronize IRQs before NAPI (git-fixes).
- wifi: mac80211: do not return unset power in ieee80211_get_tx_power() (git-fixes).
- wifi: mac80211: fix # of MSDU in A-MSDU calculation (git-fixes).
- wifi: mt76: mt7603: rework/fix rx pse hang check (git-fixes).
- wifi: rtlwifi: fix EDCA limit set by BT coexistence (git-fixes).
- wifi: rtw88: debug: Fix the NULL vs IS_ERR() bug for debugfs_create_file() (git-fixes).
- x86/alternative: Add a __alt_reloc_selftest() prototype (git-fixes).
- x86/cpu: Fix AMD erratum #1485 on Zen4-based CPUs (git-fixes).
- x86/fpu: Set X86_FEATURE_OSXSAVE feature after enabling OSXSAVE in CR4 (git-fixes).
- x86/hyperv: Add HV_EXPOSE_INVARIANT_TSC define (git-fixes).
- x86/hyperv: Improve code for referencing hyperv_pcpu_input_arg (git-fixes).
- x86/hyperv: Make hv_get_nmi_reason public (git-fixes).
- x86/hyperv: fix a warning in mshyperv.h (git-fixes).
- x86/sev: Do not try to parse for the CC blob on non-AMD hardware (git-fixes).
- x86/sev: Fix calculation of end address based on number of pages (git-fixes).
- x86/sev: Use the GHCB protocol when available for SNP CPUID requests (git-fixes).
- x86: Move gds_ucode_mitigated() declaration to header (git-fixes).
- xfs: add attr state machine tracepoints (git-fixes).
- xfs: can't use kmem_zalloc() for attribute buffers (bsc#1216909).
- xfs: constify btree function parameters that are not modified (git-fixes).
- xfs: convert AGF log flags to unsigned (git-fixes).
- xfs: convert AGI log flags to unsigned (git-fixes).
- xfs: convert attr type flags to unsigned (git-fixes).
- xfs: convert bmap extent type flags to unsigned (git-fixes).
- xfs: convert bmapi flags to unsigned (git-fixes).
- xfs: convert btree buffer log flags to unsigned (git-fixes).
- xfs: convert buffer flags to unsigned (git-fixes).
- xfs: convert buffer log item flags to unsigned (git-fixes).
- xfs: convert da btree operations flags to unsigned (git-fixes).
- xfs: convert dquot flags to unsigned (git-fixes).
- xfs: convert inode lock flags to unsigned (git-fixes).
- xfs: convert log item tracepoint flags to unsigned (git-fixes).
- xfs: convert log ticket and iclog flags to unsigned (git-fixes).
- xfs: convert quota options flags to unsigned (git-fixes).
- xfs: convert scrub type flags to unsigned (git-fixes).
- xfs: disambiguate units for ftrace fields tagged 'blkno', 'block', or 'bno' (git-fixes).
- xfs: disambiguate units for ftrace fields tagged 'count' (git-fixes).
- xfs: disambiguate units for ftrace fields tagged 'len' (git-fixes).
- xfs: disambiguate units for ftrace fields tagged 'offset' (git-fixes).
- xfs: make the key parameters to all btree key comparison functions const (git-fixes).
- xfs: make the key parameters to all btree query range functions const (git-fixes).
- xfs: make the keys and records passed to btree inorder functions const (git-fixes).
- xfs: make the pointer passed to btree set_root functions const (git-fixes).
- xfs: make the start pointer passed to btree alloc_block functions const (git-fixes).
- xfs: make the start pointer passed to btree update_lastrec functions const (git-fixes).
- xfs: mark the record passed into btree init_key functions as const (git-fixes).
- xfs: mark the record passed into xchk_btree functions as const (git-fixes).
- xfs: remove xfs_btree_cur_t typedef (git-fixes).
- xfs: rename i_disk_size fields in ftrace output (git-fixes).
- xfs: resolve fork names in trace output (git-fixes).
- xfs: standardize AG block number formatting in ftrace output (git-fixes).
- xfs: standardize AG number formatting in ftrace output (git-fixes).
- xfs: standardize daddr formatting in ftrace output (git-fixes).
- xfs: standardize inode generation formatting in ftrace output (git-fixes).
- xfs: standardize inode number formatting in ftrace output (git-fixes).
- xfs: standardize remaining xfs_buf length tracepoints (git-fixes).
- xfs: standardize rmap owner number formatting in ftrace output (git-fixes).
- xhci: Enable RPM on controllers that support low-power states (git-fixes).
- xhci: Loosen RPM as default policy to cover for AMD xHC 1.1 (git-fixes).
ImportantSUSE bug 1084909SUSE bug 1189998SUSE bug 1210447SUSE bug 1214286SUSE bug 1214976SUSE bug 1215124SUSE bug 1215292SUSE bug 1215420SUSE bug 1215458SUSE bug 1215710SUSE bug 1216058SUSE bug 1216105SUSE bug 1216259SUSE bug 1216584SUSE bug 1216693SUSE bug 1216759SUSE bug 1216761SUSE bug 1216844SUSE bug 1216861SUSE bug 1216909SUSE bug 1216959SUSE bug 1216965SUSE bug 1216976SUSE bug 1217036SUSE bug 1217068SUSE bug 1217086SUSE bug 1217124SUSE bug 1217140SUSE bug 1217195SUSE bug 1217200SUSE bug 1217205SUSE bug 1217332SUSE bug 1217366SUSE bug 1217515SUSE bug 1217598SUSE bug 1217599SUSE bug 1217609SUSE bug 1217687SUSE bug 1217731SUSE bug 1217780CVE-2023-2006 at SUSECVE-2023-2006 at NVDCVE-2023-25775 at SUSECVE-2023-25775 at NVDCVE-2023-39197 at SUSECVE-2023-39197 at NVDCVE-2023-39198 at SUSECVE-2023-39198 at NVDCVE-2023-4244 at SUSECVE-2023-4244 at NVDCVE-2023-45863 at SUSECVE-2023-45863 at NVDCVE-2023-45871 at SUSECVE-2023-45871 at NVDCVE-2023-46862 at SUSECVE-2023-46862 at NVDCVE-2023-5158 at SUSECVE-2023-5158 at NVDCVE-2023-5717 at SUSECVE-2023-5717 at NVDCVE-2023-6039 at SUSECVE-2023-6039 at NVDCVE-2023-6176 at SUSECVE-2023-6176 at NVDcpe:/o:suse:sle-micro:5.4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.4
The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2023-6176: Fixed a denial of service in the cryptographic algorithm scatterwalk functionality (bsc#1217332).
- CVE-2023-2006: Fixed a race condition in the RxRPC network protocol (bsc#1210447).
- CVE-2023-39197: Fixed a out-of-bounds read in nf_conntrack_dccp_packet() (bsc#1216976).
- CVE-2023-4244: Fixed a use-after-free in the nf_tables component, which could be exploited to achieve local privilege escalation (bsc#1215420).
- CVE-2023-6039: Fixed a use-after-free in lan78xx_disconnect in drivers/net/usb/lan78xx.c (bsc#1217068).
- CVE-2023-45863: Fixed a out-of-bounds write in fill_kobj_path() (bsc#1216058).
- CVE-2023-5158: Fixed a denial of service in vringh_kiov_advance() in drivers/vhost/vringh.c in the host side of a virtio ring (bsc#1215710).
- CVE-2023-45871: Fixed an issue in the IGB driver, where the buffer size may not be adequate for frames larger than the MTU (bsc#1216259).
- CVE-2023-5717: Fixed a heap out-of-bounds write vulnerability in the Performance Events component (bsc#1216584).
- CVE-2023-39198: Fixed a race condition leading to use-after-free in qxl_mode_dumb_create() (bsc#1216965).
- CVE-2023-25775: Fixed improper access control in the Intel Ethernet Controller RDMA driver (bsc#1216959).
- CVE-2023-46862: Fixed a NULL pointer dereference in io_uring_show_fdinfo() (bsc#1216693).
The following non-security bugs were fixed:
- ACPI: FPDT: properly handle invalid FPDT subtables (git-fixes).
- ACPI: resource: Do IRQ override on TongFang GMxXGxx (git-fixes).
- ACPI: resource: Skip IRQ override on ASUS ExpertBook B1402CVA (git-fixes).
- ACPI: sysfs: Fix create_pnp_modalias() and create_of_modalias() (git-fixes).
- ALSA: hda/realtek - Add Dell ALC295 to pin fall back table (git-fixes).
- ALSA: hda/realtek - Enable internal speaker of ASUS K6500ZC (git-fixes).
- ALSA: hda/realtek: Add quirks for HP Laptops (git-fixes).
- ALSA: hda/realtek: Enable Mute LED on HP 255 G10 (git-fixes).
- ALSA: hda/realtek: Enable Mute LED on HP 255 G8 (git-fixes).
- ALSA: hda: Disable power-save on KONTRON SinglePC (bsc#1217140).
- ALSA: hda: Fix possible null-ptr-deref when assigning a stream (git-fixes).
- ALSA: hda: cs35l41: Fix unbalanced pm_runtime_get() (git-fixes).
- ALSA: hda: cs35l41: Undo runtime PM changes at driver exit time (git-fixes).
- ALSA: hda: intel-dsp-config: Fix JSL Chromebook quirk detection (git-fixes).
- ALSA: info: Fix potential deadlock at disconnection (git-fixes).
- ARM: 9321/1: memset: cast the constant byte to unsigned char (git-fixes).
- ASoC: Intel: Skylake: Fix mem leak when parsing UUIDs fails (git-fixes).
- ASoC: ams-delta.c: use component after check (git-fixes).
- ASoC: codecs: wsa-macro: fix uninitialized stack variables with name prefix (git-fixes).
- ASoC: cs35l41: Undo runtime PM changes at driver exit time (git-fixes).
- ASoC: cs35l41: Verify PM runtime resume errors in IRQ handler (git-fixes).
- ASoC: fsl: Fix PM disable depth imbalance in fsl_easrc_probe (git-fixes).
- ASoC: fsl: mpc5200_dma.c: Fix warning of Function parameter or member not described (git-fixes).
- ASoC: hdmi-codec: register hpd callback on component probe (git-fixes).
- ASoC: rt5650: fix the wrong result of key button (git-fixes).
- ASoC: simple-card: fixup asoc_simple_probe() error handling (git-fixes).
- ASoC: ti: omap-mcbsp: Fix runtime PM underflow warnings (git-fixes).
- Bluetooth: btusb: Add 0bda:b85b for Fn-Link RTL8852BE (git-fixes).
- Bluetooth: btusb: Add RTW8852BE device 13d3:3570 to device tables (git-fixes).
- Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x0cb8:0xc559 (git-fixes).
- Bluetooth: btusb: Add date->evt_skb is NULL check (git-fixes).
- Drivers: hv: vmbus: Remove unused extern declaration vmbus_ontimer() (git-fixes).
- HID: Add quirk for Dell Pro Wireless Keyboard and Mouse KM5221W (git-fixes).
- HID: hyperv: Replace one-element array with flexible-array member (git-fixes).
- HID: hyperv: avoid struct memcpy overrun warning (git-fixes).
- HID: hyperv: remove unused struct synthhid_msg (git-fixes).
- HID: lenovo: Detect quirk-free fw on cptkbd and stop applying workaround (git-fixes).
- HID: logitech-hidpp: Do not restart IO, instead defer hid_connect() only (git-fixes).
- HID: logitech-hidpp: Move get_wireless_feature_index() check to hidpp_connect_event() (git-fixes).
- HID: logitech-hidpp: Remove HIDPP_QUIRK_NO_HIDINPUT quirk (git-fixes).
- HID: logitech-hidpp: Revert 'Do not restart communication if not necessary' (git-fixes).
- Input: synaptics-rmi4 - fix use after free in rmi_unregister_function() (git-fixes).
- Input: synaptics-rmi4 - handle reset delay when using SMBus trsnsport (git-fixes).
- Input: xpad - add VID for Turtle Beach controllers (git-fixes).
- PCI/ASPM: Fix L1 substate handling in aspm_attr_store_common() (git-fixes).
- PCI/sysfs: Protect driver's D3cold preference from user space (git-fixes).
- PCI: Disable ATS for specific Intel IPU E2000 devices (bsc#1215458).
- PCI: Extract ATS disabling to a helper function (bsc#1215458).
- PCI: Prevent xHCI driver from claiming AMD VanGogh USB3 DRD device (git-fixes).
- PCI: Use FIELD_GET() in Sapphire RX 5600 XT Pulse quirk (git-fixes).
- PCI: Use FIELD_GET() to extract Link Width (git-fixes).
- PCI: exynos: Do not discard .remove() callback (git-fixes).
- PCI: keystone: Do not discard .probe() callback (git-fixes).
- PCI: keystone: Do not discard .remove() callback (git-fixes).
- PCI: tegra194: Use FIELD_GET()/FIELD_PREP() with Link Width fields (git-fixes).
- PM / devfreq: rockchip-dfi: Make pmu regmap mandatory (git-fixes).
- PM: hibernate: Use __get_safe_page() rather than touching the list (git-fixes).
- USB: dwc2: write HCINT with INTMASK applied (bsc#1214286).
- USB: dwc3: qcom: fix ACPI platform device leak (git-fixes).
- USB: dwc3: qcom: fix resource leaks on probe deferral (git-fixes).
- USB: dwc3: qcom: fix software node leak on probe errors (git-fixes).
- USB: dwc3: qcom: fix wakeup after probe deferral (git-fixes).
- USB: serial: option: add Fibocom L7xx modules (git-fixes).
- USB: serial: option: add Luat Air72*U series products (git-fixes).
- USB: serial: option: do not claim interface 4 for ZTE MF290 (git-fixes).
- USB: serial: option: fix FM101R-GL defines (git-fixes).
- USB: usbip: fix stub_dev hub disconnect (git-fixes).
- arm/xen: fix xen_vcpu_info allocation alignment (git-fixes).
- arm64: Add Cortex-A520 CPU part definition (git-fixes)
- arm64: allow kprobes on EL0 handlers (git-fixes)
- arm64: armv8_deprecated move emulation functions (git-fixes)
- arm64: armv8_deprecated: fix unused-function error (git-fixes)
- arm64: armv8_deprecated: fold ops into insn_emulation (git-fixes)
- arm64: armv8_deprecated: move aarch32 helper earlier (git-fixes)
- arm64: armv8_deprecated: rework deprected instruction handling (git-fixes)
- arm64: consistently pass ESR_ELx to die() (git-fixes)
- arm64: die(): pass 'err' as long (git-fixes)
- arm64: factor insn read out of call_undef_hook() (git-fixes)
- arm64: factor out EL1 SSBS emulation hook (git-fixes)
- arm64: report EL1 UNDEFs better (git-fixes)
- arm64: rework BTI exception handling (git-fixes)
- arm64: rework EL0 MRS emulation (git-fixes)
- arm64: rework FPAC exception handling (git-fixes)
- arm64: split EL0/EL1 UNDEF handlers (git-fixes)
- ata: pata_isapnp: Add missing error check for devm_ioport_map() (git-fixes).
- atl1c: Work around the DMA RX overflow issue (git-fixes).
- atm: iphase: Do PCI error checks on own line (git-fixes).
- blk-mq: Do not clear driver tags own mapping (bsc#1217366).
- blk-mq: fix null pointer dereference in blk_mq_clear_rq_mapping() (bsc#1217366).
- bluetooth: Add device 0bda:887b to device tables (git-fixes).
- bluetooth: Add device 13d3:3571 to device tables (git-fixes).
- can: dev: can_put_echo_skb(): do not crash kernel if can_priv::echo_skb is accessed out of bounds (git-fixes).
- can: dev: can_restart(): do not crash kernel if carrier is OK (git-fixes).
- can: dev: can_restart(): fix race condition between controller restart and netif_carrier_on() (git-fixes).
- can: isotp: add local echo tx processing for consecutive frames (git-fixes).
- can: isotp: fix race between isotp_sendsmg() and isotp_release() (git-fixes).
- can: isotp: fix tx state handling for echo tx processing (git-fixes).
- can: isotp: handle wait_event_interruptible() return values (git-fixes).
- can: isotp: isotp_bind(): return -EINVAL on incorrect CAN ID formatting (git-fixes).
- can: isotp: isotp_sendmsg(): fix TX state detection and wait behavior (git-fixes).
- can: isotp: remove re-binding of bound socket (git-fixes).
- can: isotp: sanitize CAN ID checks in isotp_bind() (git-fixes).
- can: isotp: set max PDU size to 64 kByte (git-fixes).
- can: isotp: split tx timer into transmission and timeout (git-fixes).
- can: sja1000: Fix comment (git-fixes).
- clk: Sanitize possible_parent_show to Handle Return Value of of_clk_get_parent_name (git-fixes).
- clk: imx: Select MXC_CLK for CLK_IMX8QXP (git-fixes).
- clk: imx: imx8mq: correct error handling path (git-fixes).
- clk: imx: imx8qxp: Fix elcdif_pll clock (git-fixes).
- clk: keystone: pll: fix a couple NULL vs IS_ERR() checks (git-fixes).
- clk: mediatek: clk-mt2701: Add check for mtk_alloc_clk_data (git-fixes).
- clk: mediatek: clk-mt6765: Add check for mtk_alloc_clk_data (git-fixes).
- clk: mediatek: clk-mt6779: Add check for mtk_alloc_clk_data (git-fixes).
- clk: mediatek: clk-mt6797: Add check for mtk_alloc_clk_data (git-fixes).
- clk: mediatek: clk-mt7629-eth: Add check for mtk_alloc_clk_data (git-fixes).
- clk: mediatek: clk-mt7629: Add check for mtk_alloc_clk_data (git-fixes).
- clk: npcm7xx: Fix incorrect kfree (git-fixes).
- clk: qcom: clk-rcg2: Fix clock rate overflow for high parent frequencies (git-fixes).
- clk: qcom: config IPQ_APSS_6018 should depend on QCOM_SMEM (git-fixes).
- clk: qcom: gcc-sm8150: Fix gcc_sdcc2_apps_clk_src (git-fixes).
- clk: qcom: ipq6018: drop the CLK_SET_RATE_PARENT flag from PLL clocks (git-fixes).
- clk: qcom: mmcc-msm8998: Do not check halt bit on some branch clks (git-fixes).
- clk: qcom: mmcc-msm8998: Fix the SMMU GDSC (git-fixes).
- clk: scmi: Free scmi_clk allocated when the clocks with invalid info are skipped (git-fixes).
- clk: ti: Add ti_dt_clk_name() helper to use clock-output-names (git-fixes).
- clk: ti: Update component clocks to use ti_dt_clk_name() (git-fixes).
- clk: ti: Update pll and clockdomain clocks to use ti_dt_clk_name() (git-fixes).
- clk: ti: change ti_clk_register[_omap_hw]() API (git-fixes).
- clk: ti: fix double free in of_ti_divider_clk_setup() (git-fixes).
- crypto: caam/jr - fix Chacha20 + Poly1305 self test failure (git-fixes).
- crypto: caam/qi2 - fix Chacha20 + Poly1305 self test failure (git-fixes).
- crypto: hisilicon/hpre - Fix a erroneous check after snprintf() (git-fixes).
- dmaengine: pxa_dma: Remove an erroneous BUG_ON() in pxad_free_desc() (git-fixes).
- dmaengine: ste_dma40: Fix PM disable depth imbalance in d40_probe (git-fixes).
- dmaengine: stm32-mdma: correct desc prep when channel running (git-fixes).
- dmaengine: ti: edma: handle irq_of_parse_and_map() errors (git-fixes).
- docs: net: move the probe and open/close sections of driver.rst up (bsc#1215458).
- docs: net: reformat driver.rst from a list to sections (bsc#1215458).
- docs: net: use C syntax highlight in driver.rst (bsc#1215458).
- drm/amd/display: Avoid NULL dereference of timing generator (git-fixes).
- drm/amd/display: Change the DMCUB mailbox memory location from FB to inbox (git-fixes).
- drm/amd/display: remove useless check in should_enable_fbc() (git-fixes).
- drm/amd/display: use full update for clip size increase of large plane source (git-fixes).
- drm/amd/pm: Handle non-terminated overdrive commands (git-fixes).
- drm/amd: Fix UBSAN array-index-out-of-bounds for Polaris and Tonga (git-fixes).
- drm/amd: Fix UBSAN array-index-out-of-bounds for SMU7 (git-fixes).
- drm/amdgpu: Fix a null pointer access when the smc_rreg pointer is NULL (git-fixes).
- drm/amdgpu: Fix potential null pointer derefernce (git-fixes).
- drm/amdgpu: do not use ATRM for external devices (git-fixes).
- drm/amdgpu: fix error handling in amdgpu_bo_list_get() (git-fixes).
- drm/amdgpu: fix software pci_unplug on some chips (git-fixes).
- drm/amdkfd: Fix a race condition of vram buffer unref in svm code (git-fixes).
- drm/amdkfd: Fix shift out-of-bounds issue (git-fixes).
- drm/amdkfd: fix some race conditions in vram buffer alloc/free of svm code (git-fixes).
- drm/bridge: Fix kernel-doc typo in desc of output_bus_cfg in drm_bridge_state (git-fixes).
- drm/bridge: lt8912b: Add missing drm_bridge_attach call (git-fixes).
- drm/bridge: lt8912b: Fix bridge_detach (git-fixes).
- drm/bridge: lt8912b: Fix crash on bridge detach (git-fixes).
- drm/bridge: lt8912b: Manually disable HPD only if it was enabled (git-fixes).
- drm/bridge: lt8912b: Register and attach our DSI device at probe (git-fixes).
- drm/bridge: lt8912b: Switch to devm MIPI-DSI helpers (git-fixes).
- drm/bridge: lt9611uxc: Register and attach our DSI device at probe (git-fixes).
- drm/bridge: lt9611uxc: Switch to devm MIPI-DSI helpers (git-fixes).
- drm/bridge: lt9611uxc: fix the race in the error path (git-fixes).
- drm/bridge: tc358768: Disable non-continuous clock mode (git-fixes).
- drm/bridge: tc358768: Fix bit updates (git-fixes).
- drm/bridge: tc358768: Fix use of uninitialized variable (git-fixes).
- drm/gud: Use size_add() in call to struct_size() (git-fixes).
- drm/i915/pmu: Check if pmu is closed before stopping event (git-fixes).
- drm/i915: Fix potential spectre vulnerability (git-fixes).
- drm/komeda: drop all currently held locks if deadlock happens (git-fixes).
- drm/mediatek: Fix iommu fault by swapping FBs after updating plane state (git-fixes).
- drm/mediatek: Fix iommu fault during crtc enabling (git-fixes).
- drm/mipi-dsi: Create devm device attachment (git-fixes).
- drm/mipi-dsi: Create devm device registration (git-fixes).
- drm/msm/dp: skip validity check for DP CTS EDID checksum (git-fixes).
- drm/panel/panel-tpo-tpg110: fix a possible null pointer dereference (git-fixes).
- drm/panel: fix a possible null pointer dereference (git-fixes).
- drm/panel: simple: Fix Innolux G101ICE-L01 bus flags (git-fixes).
- drm/panel: simple: Fix Innolux G101ICE-L01 timings (git-fixes).
- drm/panel: st7703: Pick different reset sequence (git-fixes).
- drm/qxl: prevent memory leak (git-fixes).
- drm/radeon: possible buffer overflow (git-fixes).
- drm/rockchip: Fix type promotion bug in rockchip_gem_iommu_map() (git-fixes).
- drm/rockchip: cdn-dp: Fix some error handling paths in cdn_dp_probe() (git-fixes).
- drm/rockchip: vop: Fix call to crtc reset helper (git-fixes).
- drm/rockchip: vop: Fix color for RGB888/BGR888 format on VOP full (git-fixes).
- drm/rockchip: vop: Fix reset of state in duplicate state crtc funcs (git-fixes).
- drm/syncobj: fix DRM_SYNCOBJ_WAIT_FLAGS_WAIT_AVAILABLE (git-fixes).
- drm/vc4: fix typo (git-fixes).
- drm: vmwgfx_surface.c: copy user-array safely (git-fixes).
- dt-bindings: usb: hcd: add missing phy name to example (git-fixes).
- dt-bindings: usb: qcom,dwc3: fix example wakeup interrupt types (git-fixes).
- fbdev: fsl-diu-fb: mark wr_reg_wa() static (git-fixes).
- fbdev: imsttfb: Fix error path of imsttfb_probe() (git-fixes).
- fbdev: imsttfb: Release framebuffer and dealloc cmap on error path (git-fixes).
- fbdev: imsttfb: fix a resource leak in probe (git-fixes).
- fbdev: imsttfb: fix double free in probe() (git-fixes).
- fbdev: omapfb: Drop unused remove function (git-fixes).
- firewire: core: fix possible memory leak in create_units() (git-fixes).
- firmware/imx-dsp: Fix use_after_free in imx_dsp_setup_channels() (git-fixes).
- gpio: mockup: fix kerneldoc (git-fixes).
- gpio: mockup: remove unused field (git-fixes).
- hid: cp2112: Fix duplicate workqueue initialization (git-fixes).
- hv: simplify sysctl registration (git-fixes).
- hv_netvsc: Fix race of register_netdevice_notifier and VF register (git-fixes).
- hv_netvsc: Mark VF as slave before exposing it to user-mode (git-fixes).
- hv_netvsc: fix netvsc_send_completion to avoid multiple message length checks (git-fixes).
- hv_netvsc: fix race of netvsc and VF register_netdevice (git-fixes).
- hwmon: (coretemp) Fix potentially truncated sysfs attribute name (git-fixes).
- i2c: aspeed: Fix i2c bus hang in slave read (git-fixes).
- i2c: core: Run atomic i2c xfer when !preemptible (git-fixes).
- i2c: designware: Disable TX_EMPTY irq while waiting for block length byte (git-fixes).
- i2c: dev: copy userspace array safely (git-fixes).
- i2c: i801: fix potential race in i801_block_transaction_byte_by_byte (git-fixes).
- i2c: iproc: handle invalid slave state (git-fixes).
- i2c: muxes: i2c-demux-pinctrl: Use of_get_i2c_adapter_by_node() (git-fixes).
- i2c: muxes: i2c-mux-gpmux: Use of_get_i2c_adapter_by_node() (git-fixes).
- i2c: muxes: i2c-mux-pinctrl: Use of_get_i2c_adapter_by_node() (git-fixes).
- i2c: stm32f7: Fix PEC handling in case of SMBUS transfers (git-fixes).
- i2c: sun6i-p2wi: Prevent potential division by zero (git-fixes).
- i3c: Fix potential refcount leak in i3c_master_register_new_i3c_devs (git-fixes).
- i3c: master: cdns: Fix reading status register (git-fixes).
- i3c: master: mipi-i3c-hci: Fix a kernel panic for accessing DAT_data (git-fixes).
- i3c: master: svc: fix SDA keep low when polling IBIWON timeout happen (git-fixes).
- i3c: master: svc: fix check wrong status register in irq handler (git-fixes).
- i3c: master: svc: fix ibi may not return mandatory data byte (git-fixes).
- i3c: master: svc: fix race condition in ibi work thread (git-fixes).
- i3c: master: svc: fix wrong data return when IBI happen during start frame (git-fixes).
- i3c: mipi-i3c-hci: Fix out of bounds access in hci_dma_irq_handler (git-fixes).
- i915/perf: Fix NULL deref bugs with drm_dbg() calls (git-fixes).
- idpf: add RX splitq napi poll support (bsc#1215458).
- idpf: add SRIOV support and other ndo_ops (bsc#1215458).
- idpf: add TX splitq napi poll support (bsc#1215458).
- idpf: add controlq init and reset checks (bsc#1215458).
- idpf: add core init and interrupt request (bsc#1215458).
- idpf: add create vport and netdev configuration (bsc#1215458).
- idpf: add ethtool callbacks (bsc#1215458).
- idpf: add module register and probe functionality (bsc#1215458).
- idpf: add ptypes and MAC filter support (bsc#1215458).
- idpf: add singleq start_xmit and napi poll (bsc#1215458).
- idpf: add splitq start_xmit (bsc#1215458).
- idpf: cancel mailbox work in error path (bsc#1215458).
- idpf: configure resources for RX queues (bsc#1215458).
- idpf: configure resources for TX queues (bsc#1215458).
- idpf: fix potential use-after-free in idpf_tso() (bsc#1215458).
- idpf: initialize interrupts and enable vport (bsc#1215458).
- idpf: set scheduling mode for completion queue (bsc#1215458).
- iio: adc: xilinx-xadc: Correct temperature offset/scale for UltraScale (git-fixes).
- iio: adc: xilinx-xadc: Do not clobber preset voltage/temperature thresholds (git-fixes).
- iio: exynos-adc: request second interupt only when touchscreen mode is used (git-fixes).
- irqchip/stm32-exti: add missing DT IRQ flag translation (git-fixes).
- leds: pwm: Do not disable the PWM when the LED should be off (git-fixes).
- leds: trigger: ledtrig-cpu:: Fix 'output may be truncated' issue for 'cpu' (git-fixes).
- leds: turris-omnia: Do not use SMBUS calls (git-fixes).
- lsm: fix default return value for inode_getsecctx (git-fixes).
- lsm: fix default return value for vm_enough_memory (git-fixes).
- media: bttv: fix use after free error due to btv->timeout timer (git-fixes).
- media: ccs: Correctly initialise try compose rectangle (git-fixes).
- media: ccs: Fix driver quirk struct documentation (git-fixes).
- media: cedrus: Fix clock/reset sequence (git-fixes).
- media: cobalt: Use FIELD_GET() to extract Link Width (git-fixes).
- media: gspca: cpia1: shift-out-of-bounds in set_flicker (git-fixes).
- media: i2c: max9286: Fix some redundant of_node_put() calls (git-fixes).
- media: imon: fix access to invalid resource for the second interface (git-fixes).
- media: lirc: drop trailing space from scancode transmit (git-fixes).
- media: qcom: camss: Fix VFE-17x vfe_disable_output() (git-fixes).
- media: qcom: camss: Fix missing vfe_lite clocks check (git-fixes).
- media: qcom: camss: Fix pm_domain_on sequence in probe (git-fixes).
- media: qcom: camss: Fix vfe_get() error jump (git-fixes).
- media: sharp: fix sharp encoding (git-fixes).
- media: siano: Drop unnecessary error check for debugfs_create_dir/file() (git-fixes).
- media: venus: hfi: add checks to handle capabilities from firmware (git-fixes).
- media: venus: hfi: add checks to perform sanity on queue pointers (git-fixes).
- media: venus: hfi: fix the check to handle session buffer requirement (git-fixes).
- media: venus: hfi_parser: Add check to keep the number of codecs within range (git-fixes).
- media: vidtv: mux: Add check and kfree for kstrdup (git-fixes).
- media: vidtv: psi: Add check for kstrdup (git-fixes).
- media: vivid: avoid integer overflow (git-fixes).
- mfd: arizona-spi: Set pdata.hpdet_channel for ACPI enumerated devs (git-fixes).
- mfd: core: Ensure disabled devices are skipped without aborting (git-fixes).
- mfd: dln2: Fix double put in dln2_probe (git-fixes).
- misc: fastrpc: Clean buffers on remote invocation failures (git-fixes).
- misc: pci_endpoint_test: Add Device ID for R-Car S4-8 PCIe controller (git-fixes).
- mm/hmm: fault non-owner device private entries (bsc#1216844, jsc#PED-7237, git-fixes).
- mmc: block: Be sure to wait while busy in CQE error recovery (git-fixes).
- mmc: block: Do not lose cache flush during CQE error recovery (git-fixes).
- mmc: block: Retry commands in CQE error recovery (git-fixes).
- mmc: cqhci: Fix task clearing in CQE error recovery (git-fixes).
- mmc: cqhci: Increase recovery halt timeout (git-fixes).
- mmc: cqhci: Warn of halt or task clear failure (git-fixes).
- mmc: meson-gx: Remove setting of CMD_CFG_ERROR (git-fixes).
- mmc: sdhci-pci-gli: A workaround to allow GL9750 to enter ASPM L1.2 (git-fixes).
- mmc: sdhci-pci-gli: GL9750: Mask the replay timer timeout of AER (git-fixes).
- mmc: sdhci_am654: fix start loop index for TAP value parsing (git-fixes).
- mmc: vub300: fix an error code (git-fixes).
- modpost: fix tee MODULE_DEVICE_TABLE built on big-endian host (git-fixes).
- mt76: dma: use kzalloc instead of devm_kzalloc for txwi (git-fixes).
- mtd: cfi_cmdset_0001: Byte swap OTP info (git-fixes).
- mtd: rawnand: arasan: Include ECC syndrome along with in-band data while checking for ECC failure (git-fixes).
- net-memcg: Fix scope of sockmem pressure indicators (bsc#1216759).
- net: Avoid address overwrite in kernel_connect (bsc#1216861).
- net: add macro netif_subqueue_completed_wake (bsc#1215458).
- net: fix use-after-free in tw_timer_handler (bsc#1217195).
- net: ieee802154: adf7242: Fix some potential buffer overflow in adf7242_stats_show() (git-fixes).
- net: mana: Fix return type of mana_start_xmit() (git-fixes).
- net: piggy back on the memory barrier in bql when waking queues (bsc#1215458).
- net: provide macros for commonly copied lockless queue stop/wake code (bsc#1215458).
- net: usb: ax88179_178a: fix failed operations during ax88179_reset (git-fixes).
- net: usb: smsc95xx: Fix uninit-value access in smsc95xx_read_reg (git-fixes).
- nvme: update firmware version after commit (bsc#1215292).
- pcmcia: cs: fix possible hung task and memory leak pccardd() (git-fixes).
- pcmcia: ds: fix possible name leak in error path in pcmcia_device_add() (git-fixes).
- pcmcia: ds: fix refcount leak in pcmcia_device_add() (git-fixes).
- pinctrl: avoid reload of p state in list iteration (git-fixes).
- platform/x86: thinkpad_acpi: Add battery quirk for Thinkpad X120e (git-fixes).
- platform/x86: wmi: Fix opening of char device (git-fixes).
- platform/x86: wmi: Fix probe failure when failing to register WMI devices (git-fixes).
- platform/x86: wmi: remove unnecessary initializations (git-fixes).
- powerpc: Do not clobber f0/vs0 during fp|altivec register save (bsc#1217780).
- pwm: Fix double shift bug (git-fixes).
- pwm: brcmstb: Utilize appropriate clock APIs in suspend/resume (git-fixes).
- pwm: sti: Reduce number of allocations and drop usage of chip_data (git-fixes).
- r8152: Cancel hw_phy_work if we have an error in probe (git-fixes).
- r8152: Check for unplug in r8153b_ups_en() / r8153c_ups_en() (git-fixes).
- r8152: Check for unplug in rtl_phy_patch_request() (git-fixes).
- r8152: Increase USB control msg timeout to 5000ms as per spec (git-fixes).
- r8152: Release firmware if we have an error in probe (git-fixes).
- r8152: Run the unload routine if we have errors during probe (git-fixes).
- regmap: Ensure range selector registers are updated after cache sync (git-fixes).
- regmap: debugfs: Fix a erroneous check after snprintf() (git-fixes).
- regmap: prevent noinc writes from clobbering cache (git-fixes).
- s390/ap: fix AP bus crash on early config change callback invocation (git-fixes bsc#1217687).
- s390/cio: unregister device when the only path is gone (git-fixes bsc#1217609).
- s390/cmma: fix detection of DAT pages (LTC#203997 bsc#1217086).
- s390/cmma: fix handling of swapper_pg_dir and invalid_pg_dir (LTC#203997 bsc#1217086).
- s390/cmma: fix initial kernel address space page table walk (LTC#203997 bsc#1217086).
- s390/crashdump: fix TOD programmable field size (git-fixes bsc#1217205).
- s390/dasd: fix hanging device after request requeue (git-fixes LTC#203629 bsc#1215124).
- s390/dasd: protect device queue against concurrent access (git-fixes bsc#1217515).
- s390/dasd: use correct number of retries for ERP requests (git-fixes bsc#1217598).
- s390/ipl: add missing secure/has_secure file to ipl type 'unknown' (bsc#1214976 git-fixes).
- s390/mm: add missing arch_set_page_dat() call to gmap allocations (LTC#203997 bsc#1217086).
- s390/mm: add missing arch_set_page_dat() call to vmem_crst_alloc() (LTC#203997 bsc#1217086).
- s390/pkey: fix/harmonize internal keyblob headers (git-fixes bsc#1217200).
- s390/ptrace: fix PTRACE_GET_LAST_BREAK error handling (git-fixes bsc#1217599).
- sbsa_gwdt: Calculate timeout with 64-bit math (git-fixes).
- scsi: lpfc: Copyright updates for 14.2.0.16 patches (bsc#1217731).
- scsi: lpfc: Correct maximum PCI function value for RAS fw logging (bsc#1217731).
- scsi: lpfc: Eliminate unnecessary relocking in lpfc_check_nlp_post_devloss() (bsc#1217731).
- scsi: lpfc: Enhance driver logging for selected discovery events (bsc#1217731).
- scsi: lpfc: Fix list_entry null check warning in lpfc_cmpl_els_plogi() (bsc#1217731).
- scsi: lpfc: Fix possible file string name overflow when updating firmware (bsc#1217731).
- scsi: lpfc: Introduce LOG_NODE_VERBOSE messaging flag (bsc#1217124).
- scsi: lpfc: Refactor and clean up mailbox command memory free (bsc#1217731).
- scsi: lpfc: Reject received PRLIs with only initiator fcn role for NPIV ports (bsc#1217124).
- scsi: lpfc: Remove unnecessary zero return code assignment in lpfc_sli4_hba_setup (bsc#1217124).
- scsi: lpfc: Return early in lpfc_poll_eratt() when the driver is unloading (bsc#1217731).
- scsi: lpfc: Treat IOERR_SLI_DOWN I/O completion status the same as pci offline (bsc#1217124).
- scsi: lpfc: Update lpfc version to 14.2.0.15 (bsc#1217124).
- scsi: lpfc: Update lpfc version to 14.2.0.16 (bsc#1217731).
- scsi: lpfc: Validate ELS LS_ACC completion payload (bsc#1217124).
- scsi: qla2xxx: Fix double free of dsd_list during driver load (git-fixes).
- scsi: qla2xxx: Use FIELD_GET() to extract PCIe capability fields (git-fixes).
- selftests/efivarfs: create-read: fix a resource leak (git-fixes).
- selftests/pidfd: Fix ksft print formats (git-fixes).
- selftests/resctrl: Ensure the benchmark commands fits to its array (git-fixes).
- selftests/resctrl: Reduce failures due to outliers in MBA/MBM tests (git-fixes).
- selftests/resctrl: Remove duplicate feature check from CMT test (git-fixes).
- seq_buf: fix a misleading comment (git-fixes).
- serial: exar: Revert 'serial: exar: Add support for Sealevel 7xxxC serial cards' (git-fixes).
- serial: meson: Use platform_get_irq() to get the interrupt (git-fixes).
- soc: qcom: llcc: Handle a second device without data corruption (git-fixes).
- spi: nxp-fspi: use the correct ioremap function (git-fixes).
- spi: spi-zynq-qspi: add spi-mem to driver kconfig dependencies (git-fixes).
- spi: tegra: Fix missing IRQ check in tegra_slink_probe() (git-fixes).
- staging: media: ipu3: remove ftrace-like logging (git-fixes).
- string.h: add array-wrappers for (v)memdup_user() (git-fixes).
- supported.conf: marked idpf supported
- thermal: core: prevent potential string overflow (git-fixes).
- treewide: Spelling fix in comment (git-fixes).
- tty/sysrq: replace smp_processor_id() with get_cpu() (git-fixes).
- tty: 8250: Add Brainboxes Oxford Semiconductor-based quirks (git-fixes).
- tty: 8250: Add support for Brainboxes UP cards (git-fixes).
- tty: 8250: Add support for Intashield IS-100 (git-fixes).
- tty: 8250: Add support for Intashield IX cards (git-fixes).
- tty: 8250: Add support for additional Brainboxes PX cards (git-fixes).
- tty: 8250: Add support for additional Brainboxes UC cards (git-fixes).
- tty: 8250: Fix port count of PX-257 (git-fixes).
- tty: 8250: Fix up PX-803/PX-857 (git-fixes).
- tty: 8250: Remove UC-257 and UC-431 (git-fixes).
- tty: Fix uninit-value access in ppp_sync_receive() (git-fixes).
- tty: n_gsm: fix race condition in status line change on dead connections (git-fixes).
- tty: serial: meson: fix hard LOCKUP on crtscts mode (git-fixes).
- tty: tty_jobctrl: fix pid memleak in disassociate_ctty() (git-fixes).
- tty: vcc: Add check for kstrdup() in vcc_probe() (git-fixes).
- usb: cdnsp: Fix deadlock issue during using NCM gadget (git-fixes).
- usb: chipidea: Fix DMA overwrite for Tegra (git-fixes).
- usb: chipidea: Simplify Tegra DMA alignment code (git-fixes).
- usb: dwc2: fix possible NULL pointer dereference caused by driver concurrency (git-fixes).
- usb: dwc3: Fix default mode initialization (git-fixes).
- usb: dwc3: set the dma max_seg_size (git-fixes).
- usb: gadget: f_ncm: Always set current gadget in ncm_bind() (git-fixes).
- usb: raw-gadget: properly handle interrupted requests (git-fixes).
- usb: storage: set 1.50 as the lower bcdDevice for older 'Super Top' compatibility (git-fixes).
- usb: typec: tcpm: Fix NULL pointer dereference in tcpm_pd_svdm() (git-fixes).
- usb: typec: tcpm: Skip hard reset when in error recovery (git-fixes).
- virtchnl: add virtchnl version 2 ops (bsc#1215458).
- wifi: ath10k: Do not touch the CE interrupt registers after power up (git-fixes).
- wifi: ath10k: fix clang-specific fortify warning (git-fixes).
- wifi: ath11k: debugfs: fix to work with multiple PCI devices (git-fixes).
- wifi: ath11k: fix dfs radar event locking (git-fixes).
- wifi: ath11k: fix htt pktlog locking (git-fixes).
- wifi: ath11k: fix temperature event locking (git-fixes).
- wifi: ath9k: fix clang-specific fortify warnings (git-fixes).
- wifi: iwlwifi: Use FW rate for non-data frames (git-fixes).
- wifi: iwlwifi: call napi_synchronize() before freeing rx/tx queues (git-fixes).
- wifi: iwlwifi: empty overflow queue during flush (git-fixes).
- wifi: iwlwifi: honor the enable_ini value (git-fixes).
- wifi: iwlwifi: pcie: synchronize IRQs before NAPI (git-fixes).
- wifi: mac80211: do not return unset power in ieee80211_get_tx_power() (git-fixes).
- wifi: mac80211: fix # of MSDU in A-MSDU calculation (git-fixes).
- wifi: mt76: mt7603: rework/fix rx pse hang check (git-fixes).
- wifi: rtlwifi: fix EDCA limit set by BT coexistence (git-fixes).
- wifi: rtw88: debug: Fix the NULL vs IS_ERR() bug for debugfs_create_file() (git-fixes).
- x86/alternative: Add a __alt_reloc_selftest() prototype (git-fixes).
- x86/cpu: Fix AMD erratum #1485 on Zen4-based CPUs (git-fixes).
- x86/fpu: Set X86_FEATURE_OSXSAVE feature after enabling OSXSAVE in CR4 (git-fixes).
- x86/hyperv: Add HV_EXPOSE_INVARIANT_TSC define (git-fixes).
- x86/hyperv: Improve code for referencing hyperv_pcpu_input_arg (git-fixes).
- x86/hyperv: Make hv_get_nmi_reason public (git-fixes).
- x86/hyperv: fix a warning in mshyperv.h (git-fixes).
- x86/sev: Do not try to parse for the CC blob on non-AMD hardware (git-fixes).
- x86/sev: Fix calculation of end address based on number of pages (git-fixes).
- x86/sev: Use the GHCB protocol when available for SNP CPUID requests (git-fixes).
- x86: Move gds_ucode_mitigated() declaration to header (git-fixes).
- xfs: add attr state machine tracepoints (git-fixes).
- xfs: can't use kmem_zalloc() for attribute buffers (bsc#1216909).
- xfs: constify btree function parameters that are not modified (git-fixes).
- xfs: convert AGF log flags to unsigned (git-fixes).
- xfs: convert AGI log flags to unsigned (git-fixes).
- xfs: convert attr type flags to unsigned (git-fixes).
- xfs: convert bmap extent type flags to unsigned (git-fixes).
- xfs: convert bmapi flags to unsigned (git-fixes).
- xfs: convert btree buffer log flags to unsigned (git-fixes).
- xfs: convert buffer flags to unsigned (git-fixes).
- xfs: convert buffer log item flags to unsigned (git-fixes).
- xfs: convert da btree operations flags to unsigned (git-fixes).
- xfs: convert dquot flags to unsigned (git-fixes).
- xfs: convert inode lock flags to unsigned (git-fixes).
- xfs: convert log item tracepoint flags to unsigned (git-fixes).
- xfs: convert log ticket and iclog flags to unsigned (git-fixes).
- xfs: convert quota options flags to unsigned (git-fixes).
- xfs: convert scrub type flags to unsigned (git-fixes).
- xfs: disambiguate units for ftrace fields tagged 'blkno', 'block', or 'bno' (git-fixes).
- xfs: disambiguate units for ftrace fields tagged 'count' (git-fixes).
- xfs: disambiguate units for ftrace fields tagged 'len' (git-fixes).
- xfs: disambiguate units for ftrace fields tagged 'offset' (git-fixes).
- xfs: make the key parameters to all btree key comparison functions const (git-fixes).
- xfs: make the key parameters to all btree query range functions const (git-fixes).
- xfs: make the keys and records passed to btree inorder functions const (git-fixes).
- xfs: make the pointer passed to btree set_root functions const (git-fixes).
- xfs: make the start pointer passed to btree alloc_block functions const (git-fixes).
- xfs: make the start pointer passed to btree update_lastrec functions const (git-fixes).
- xfs: mark the record passed into btree init_key functions as const (git-fixes).
- xfs: mark the record passed into xchk_btree functions as const (git-fixes).
- xfs: remove xfs_btree_cur_t typedef (git-fixes).
- xfs: rename i_disk_size fields in ftrace output (git-fixes).
- xfs: resolve fork names in trace output (git-fixes).
- xfs: standardize AG block number formatting in ftrace output (git-fixes).
- xfs: standardize AG number formatting in ftrace output (git-fixes).
- xfs: standardize daddr formatting in ftrace output (git-fixes).
- xfs: standardize inode generation formatting in ftrace output (git-fixes).
- xfs: standardize inode number formatting in ftrace output (git-fixes).
- xfs: standardize remaining xfs_buf length tracepoints (git-fixes).
- xfs: standardize rmap owner number formatting in ftrace output (git-fixes).
- xhci: Enable RPM on controllers that support low-power states (git-fixes).
- xhci: Loosen RPM as default policy to cover for AMD xHC 1.1 (git-fixes).
ImportantSUSE bug 1084909SUSE bug 1210447SUSE bug 1214286SUSE bug 1214976SUSE bug 1215124SUSE bug 1215292SUSE bug 1215420SUSE bug 1215458SUSE bug 1215710SUSE bug 1216058SUSE bug 1216105SUSE bug 1216259SUSE bug 1216584SUSE bug 1216693SUSE bug 1216759SUSE bug 1216844SUSE bug 1216861SUSE bug 1216909SUSE bug 1216959SUSE bug 1216965SUSE bug 1216976SUSE bug 1217036SUSE bug 1217068SUSE bug 1217086SUSE bug 1217124SUSE bug 1217140SUSE bug 1217195SUSE bug 1217200SUSE bug 1217205SUSE bug 1217332SUSE bug 1217366SUSE bug 1217515SUSE bug 1217598SUSE bug 1217599SUSE bug 1217609SUSE bug 1217687SUSE bug 1217731SUSE bug 1217780CVE-2023-2006 at SUSECVE-2023-2006 at NVDCVE-2023-25775 at SUSECVE-2023-25775 at NVDCVE-2023-39197 at SUSECVE-2023-39197 at NVDCVE-2023-39198 at SUSECVE-2023-39198 at NVDCVE-2023-4244 at SUSECVE-2023-4244 at NVDCVE-2023-45863 at SUSECVE-2023-45863 at NVDCVE-2023-45871 at SUSECVE-2023-45871 at NVDCVE-2023-46862 at SUSECVE-2023-46862 at NVDCVE-2023-5158 at SUSECVE-2023-5158 at NVDCVE-2023-5717 at SUSECVE-2023-5717 at NVDCVE-2023-6039 at SUSECVE-2023-6039 at NVDCVE-2023-6176 at SUSECVE-2023-6176 at NVDcpe:/o:suse:sle-micro:5.4Security update for python3-cryptography (Moderate)SUSE Linux Enterprise Micro 5.4
This update for python3-cryptography fixes the following issues:
- CVE-2023-49083: Fixed a NULL pointer dereference when loading certificates from a PKCS#7 bundle (bsc#1217592).
ModerateSUSE bug 1217592CVE-2023-49083 at SUSECVE-2023-49083 at NVDcpe:/o:suse:sle-micro:5.4Security update for tiff (Important)SUSE Linux Enterprise Micro 5.4
This update for tiff fixes the following issues:
- CVE-2023-2731: Fix null pointer deference in LZWDecode() (bsc#1211478).
- CVE-2023-1916: Fix out-of-bounds read in extractImageSection() (bsc#1210231).
- CVE-2023-26965: Fix heap-based use after free in loadImage() (bsc#1212398).
- CVE-2022-40090: Fix infinite loop in TIFFReadDirectory() (bsc#1214680).
ImportantSUSE bug 1199483SUSE bug 1210231SUSE bug 1211478SUSE bug 1212398SUSE bug 1214680CVE-2022-1622 at SUSECVE-2022-1622 at NVDCVE-2022-40090 at SUSECVE-2022-40090 at NVDCVE-2023-1916 at SUSECVE-2023-1916 at NVDCVE-2023-26965 at SUSECVE-2023-26965 at NVDCVE-2023-2731 at SUSECVE-2023-2731 at NVDcpe:/o:suse:sle-micro:5.4Security update for ncurses (Moderate)SUSE Linux Enterprise Micro 5.4
This update for ncurses fixes the following issues:
- CVE-2023-50495: Fixed a segmentation fault via _nc_wrap_entry() (bsc#1218014)
- Modify reset command to avoid altering clocal if the terminal uses a modem (bsc#1201384)
ModerateSUSE bug 1201384SUSE bug 1218014CVE-2023-50495 at SUSECVE-2023-50495 at NVDcpe:/o:suse:sle-micro:5.4Security update for avahi (Moderate)SUSE Linux Enterprise Micro 5.4
This update for avahi fixes the following issues:
- CVE-2023-38472: Fixed reachable assertion in avahi_rdata_parse (bsc#1216853).
ModerateSUSE bug 1216853CVE-2023-38472 at SUSECVE-2023-38472 at NVDcpe:/o:suse:sle-micro:5.4Security update for openssh (Important)SUSE Linux Enterprise Micro 5.4
This update for openssh fixes the following issues:
- CVE-2023-48795: Fixed prefix truncation breaking ssh channel integrity (bsc#1217950).
the following non-security bug was fixed:
- Fix the 'no route to host' error when connecting via ProxyJump
ImportantSUSE bug 1214788SUSE bug 1217950CVE-2023-48795 at SUSECVE-2023-48795 at NVDcpe:/o:suse:sle-micro:5.4Security update for docker, rootlesskit (Important)SUSE Linux Enterprise Micro 5.4
This update for docker, rootlesskit fixes the following issues:
docker:
- Update to Docker 24.0.7-ce. See upstream changelong online at
https://docs.docker.com/engine/release-notes/24.0/#2407>. bsc#1217513
* Deny containers access to /sys/devices/virtual/powercap by default.
- CVE-2020-8694 bsc#1170415
- CVE-2020-8695 bsc#1170446
- CVE-2020-12912 bsc#1178760
- Update to Docker 24.0.6-ce. See upstream changelong online at
https://docs.docker.com/engine/release-notes/24.0/#2406 . bsc#1215323
- Add a docker.socket unit file, but with socket activation effectively
disabled to ensure that Docker will always run even if you start the socket
individually. Users should probably just ignore this unit file. bsc#1210141
- Update to Docker 24.0.5-ce. See upstream changelong online at
https://docs.docker.com/engine/release-notes/24.0/#2405 . bsc#1213229
This update ships docker-rootless support in the docker-rootless-extra package. (jsc#PED-6180)
rootlesskit:
- new package, for docker rootless support. (jsc#PED-6180)
ImportantSUSE bug 1170415SUSE bug 1170446SUSE bug 1178760SUSE bug 1210141SUSE bug 1213229SUSE bug 1213500SUSE bug 1215323SUSE bug 1217513CVE-2020-12912 at SUSECVE-2020-12912 at NVDCVE-2020-8694 at SUSECVE-2020-8694 at NVDCVE-2020-8695 at SUSECVE-2020-8695 at NVDcpe:/o:suse:sle-micro:5.4Security update for ppp (Moderate)SUSE Linux Enterprise Micro 5.4
This update for ppp fixes the following issues:
- CVE-2022-4603: Fixed improper validation of array index of the component pppdump (bsc#1218251).
ModerateSUSE bug 1218251CVE-2022-4603 at SUSECVE-2022-4603 at NVDcpe:/o:suse:sle-micro:5.4Security update for jbigkit (Low)SUSE Linux Enterprise Micro 5.4
This update for jbigkit fixes the following issues:
- CVE-2022-1210: Fixed denial of service in TIFF File Handler (bsc#1198146).
LowSUSE bug 1198146CVE-2022-1210 at SUSECVE-2022-1210 at NVDcpe:/o:suse:sle-micro:5.4Security update for gnutls (Moderate)SUSE Linux Enterprise Micro 5.4
This update for gnutls fixes the following issues:
- CVE-2023-5981: Fixed timing side-channel inside RSA-PSK key exchange (bsc#1217277).
ModerateSUSE bug 1217277CVE-2023-5981 at SUSECVE-2023-5981 at NVDcpe:/o:suse:sle-micro:5.4Security update for libX11 (Moderate)SUSE Linux Enterprise Micro 5.4
This update for libX11 fixes the following issues:
- Fixed a regression introduced with security update for CVE-2022-3555 (bsc#1204425, bsc#1208881)
ModerateSUSE bug 1204425SUSE bug 1208881CVE-2022-3555 at SUSECVE-2022-3555 at NVDcpe:/o:suse:sle-micro:5.4Security update for python-cryptography (Moderate)SUSE Linux Enterprise Micro 5.4
This update for python-cryptography fixes the following issues:
- CVE-2023-23931: Fixed memory corruption due to invalidly changed immutable object (bsc#1208036).
ModerateSUSE bug 1208036CVE-2023-23931 at SUSECVE-2023-23931 at NVDcpe:/o:suse:sle-micro:5.4Security update for vim (Important)SUSE Linux Enterprise Micro 5.4
This update for vim fixes the following issues:
- CVE-2023-0512: Fixed a divide By Zero (bsc#1207780).
- CVE-2023-1175: vim: an incorrect calculation of buffer size (bsc#1208957).
- CVE-2023-1170: Fixed a heap-based Buffer Overflow (bsc#1208959).
- CVE-2023-1127: Fixed divide by zero in scrolldown() (bsc#1208828).
Updated to version 9.0 with patch level 1386.
- https://github.com/vim/vim/compare/v9.0.1234...v9.0.1386
ImportantSUSE bug 1207780SUSE bug 1208828SUSE bug 1208957SUSE bug 1208959CVE-2023-0512 at SUSECVE-2023-0512 at NVDCVE-2023-1127 at SUSECVE-2023-1127 at NVDCVE-2023-1170 at SUSECVE-2023-1170 at NVDCVE-2023-1175 at SUSECVE-2023-1175 at NVDcpe:/o:suse:sle-micro:5.4Security update for docker (Moderate)SUSE Linux Enterprise Micro 5.4
This update for docker fixes the following issues:
Docker was updated to 20.10.23-ce.
See upstream changelog at https://docs.docker.com/engine/release-notes/#201023
Docker was updated to 20.10.21-ce (bsc#1206065)
See upstream changelog at https://docs.docker.com/engine/release-notes/#201021
Security issues fixed:
- CVE-2022-36109: Fixed supplementary group permissions bypass (bsc#1205375)
- Fix wrong After: in docker.service, fixes bsc#1188447
- Add apparmor-parser as a Recommends to make sure that most users will end up
with it installed even if they are primarily running SELinux.
- Allow to install container-selinux instead of apparmor-parser.
- Change to using systemd-sysusers
ModerateSUSE bug 1205375SUSE bug 1206065CVE-2022-36109 at SUSECVE-2022-36109 at NVDcpe:/o:suse:sle-micro:5.4Security update for xen (Important)SUSE Linux Enterprise Micro 5.4
This update for xen fixes the following issues:
- CVE-2022-42332: Fixed use-after-free in x86 shadow plus log-dirty mode (bsc#1209017).
- CVE-2022-42333,CVE-2022-42334: Fixed x86/HVM pinned cache attributes mis-handling (bsc#1209018).
- CVE-2022-42331: Fixed speculative vulnerability in 32bit SYSCALL path on x86 (bsc#1209019).
ImportantSUSE bug 1209017SUSE bug 1209018SUSE bug 1209019SUSE bug 1209188CVE-2022-42331 at SUSECVE-2022-42331 at NVDCVE-2022-42332 at SUSECVE-2022-42332 at NVDCVE-2022-42333 at SUSECVE-2022-42333 at NVDCVE-2022-42334 at SUSECVE-2022-42334 at NVDcpe:/o:suse:sle-micro:5.4Security update for python3 (Important)SUSE Linux Enterprise Micro 5.4
This update for python3 fixes the following issues:
- CVE-2023-24329: Fixed a blocklist bypass via the urllib.parse component when supplying a URL that starts with blank characters (bsc#1208471).
The following non-security bug was fixed:
- Eliminate unnecessary and dangerous calls to PyThread_exit_thread() (bsc#1203355).
ImportantSUSE bug 1203355SUSE bug 1208471CVE-2023-24329 at SUSECVE-2023-24329 at NVDcpe:/o:suse:sle-micro:5.4Security update for qemu (Moderate)SUSE Linux Enterprise Micro 5.4
This update for qemu fixes the following issues:
- CVE-2021-3507: Fixed heap buffer overflow in DMA read data transfers in fdc (bsc#1185000).
- CVE-2020-14394: Fixed infinite loop in xhci_ring_chain_length() (bsc#1180207).
ModerateSUSE bug 1180207SUSE bug 1185000CVE-2020-14394 at SUSECVE-2020-14394 at NVDCVE-2021-3507 at SUSECVE-2021-3507 at NVDcpe:/o:suse:sle-micro:5.4Security update for polkit (Moderate)SUSE Linux Enterprise Micro 5.4
This update for polkit fixes the following issues:
- Change permissions for rules folders (bsc#1209282)
ModerateSUSE bug 1209282cpe:/o:suse:sle-micro:5.4Security update for krb5 (Important)SUSE Linux Enterprise Micro 5.4
This update for krb5 fixes the following issues:
- CVE-2024-26458: Fixed memory leak at /krb5/src/lib/rpc/pmap_rmt.c (bsc#1220770).
- CVE-2024-26461: Fixed memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c (bsc#1220771).
ImportantSUSE bug 1220770SUSE bug 1220771CVE-2024-26458 at SUSECVE-2024-26458 at NVDCVE-2024-26461 at SUSECVE-2024-26461 at NVDcpe:/o:suse:sle-micro:5.4Security update for avahi (Moderate)SUSE Linux Enterprise Micro 5.4
This update for avahi fixes the following issues:
- CVE-2023-38471: Fixed reachable assertion in dbus_set_host_name (bsc#1216594).
- CVE-2023-38469: Fixed reachable assertions in avahi (bsc#1216598).
ModerateSUSE bug 1216594SUSE bug 1216598CVE-2023-38469 at SUSECVE-2023-38469 at NVDCVE-2023-38471 at SUSECVE-2023-38471 at NVDcpe:/o:suse:sle-micro:5.4Security update for podman (Important)SUSE Linux Enterprise Micro 5.4
This update for podman fixes the following issues:
- CVE-2024-1753: Fixed full container escape at build time (bsc#1221677).
ImportantSUSE bug 1221677CVE-2024-1753 at SUSECVE-2024-1753 at NVDcpe:/o:suse:sle-micro:5.4Security update for libvirt (Moderate)SUSE Linux Enterprise Micro 5.4
This update for libvirt fixes the following issues:
- CVE-2024-2494: Add a check for negative array lengths before allocation to prevent potential DoS. (bsc#1221815)
The following non-security bug was fixed:
- Avoid memleak in virNodeDeviceGetPCIVPDDynamicCap() (bsc#1221749).
ModerateSUSE bug 1221749SUSE bug 1221815CVE-2024-2494 at SUSECVE-2024-2494 at NVDcpe:/o:suse:sle-micro:5.4Security update for xen (Moderate)SUSE Linux Enterprise Micro 5.4
This update for xen fixes the following issues:
- CVE-2023-28746: Register File Data Sampling (bsc#1221332)
- CVE-2024-2193: Fixed GhostRace, a speculative race conditions. (bsc#1221334)
ModerateSUSE bug 1221332SUSE bug 1221334CVE-2023-28746 at SUSECVE-2023-28746 at NVDCVE-2024-2193 at SUSECVE-2024-2193 at NVDcpe:/o:suse:sle-micro:5.4Security update for expat (Important)SUSE Linux Enterprise Micro 5.4
This update for expat fixes the following issues:
- CVE-2023-52425: Fixed a DoS caused by processing large tokens. (bsc#1219559)
- CVE-2024-28757: Fixed an XML Entity Expansion. (bsc#1221289)
ImportantSUSE bug 1219559SUSE bug 1221289CVE-2023-52425 at SUSECVE-2023-52425 at NVDCVE-2024-28757 at SUSECVE-2024-28757 at NVDcpe:/o:suse:sle-micro:5.4Security update for ncurses (Moderate)SUSE Linux Enterprise Micro 5.4
This update for ncurses fixes the following issues:
- CVE-2023-45918: Fixed NULL pointer dereference via corrupted xterm-256color file (bsc#1220061).
ModerateSUSE bug 1220061CVE-2023-45918 at SUSECVE-2023-45918 at NVDcpe:/o:suse:sle-micro:5.4Security update for c-ares (Moderate)SUSE Linux Enterprise Micro 5.4
This update for c-ares fixes the following issues:
- CVE-2024-25629: Fixed out of bounds read in ares__read_line() (bsc#1220279).
ModerateSUSE bug 1220279CVE-2024-25629 at SUSECVE-2024-25629 at NVDcpe:/o:suse:sle-micro:5.4Security update for ucode-intel (Moderate)SUSE Linux Enterprise Micro 5.4
This update for ucode-intel fixes the following issues:
- Updated to Intel CPU Microcode 20240312 release. (bsc#1221323)
- CVE-2023-39368: Protection mechanism failure of bus lock regulator
for some Intel Processors may allow an unauthenticated user to
potentially enable denial of service via network access
- CVE-2023-38575: Non-transparent sharing of return predictor targets
between contexts in some Intel Processors may allow an authorized
user to potentially enable information disclosure via local access.
- CVE-2023-28746: Information exposure through microarchitectural
state after transient execution from some register files for some
Intel Atom Processors may allow an authenticated user to potentially
enable information disclosure via local access.
- CVE-2023-22655 Protection mechanism failure in some 3rd and 4th
Generation Intel Xeon Processors when using Intel SGX or Intel TDX
may allow a privileged user to potentially enable escalation of
privilege via local access.
- CVE-2023-43490: Incorrect calculation in microcode keying mechanism
for some Intel Xeon D Processors with Intel? SGX may allow a
privileged user to potentially enable information disclosure via
local access.
ModerateSUSE bug 1221323CVE-2023-22655 at SUSECVE-2023-22655 at NVDCVE-2023-28746 at SUSECVE-2023-28746 at NVDCVE-2023-38575 at SUSECVE-2023-38575 at NVDCVE-2023-39368 at SUSECVE-2023-39368 at NVDCVE-2023-43490 at SUSECVE-2023-43490 at NVDcpe:/o:suse:sle-micro:5.4Security update for buildah (Important)SUSE Linux Enterprise Micro 5.4
This update for buildah fixes the following issues:
- CVE-2024-1753: Fixed an issue to prevent a full container escape at build time. (bsc#1221677)
- Update to version 1.34.1 for compatibility with Docker 25.0
(which is not in SLES yet, but will eventually be) (bsc#1219563).
See the corresponding release notes:
* https://github.com/containers/buildah/releases/tag/v1.34.1
* https://github.com/containers/buildah/releases/tag/v1.34.0
* https://github.com/containers/buildah/releases/tag/v1.33.0
* https://github.com/containers/buildah/releases/tag/v1.32.0
* https://github.com/containers/buildah/releases/tag/v1.31.0
* https://github.com/containers/buildah/releases/tag/v1.30.0
- Require cni-plugins (bsc#1220568)
ImportantSUSE bug 1219563SUSE bug 1220568SUSE bug 1221677CVE-2024-1753 at SUSECVE-2024-1753 at NVDcpe:/o:suse:sle-micro:5.4Security update for curl (Moderate)SUSE Linux Enterprise Micro 5.4
This update for curl fixes the following issues:
- CVE-2024-2004: Fix the uUsage of disabled protocol logic. (bsc#1221665)
- CVE-2024-2398: Fix HTTP/2 push headers memory-leak. (bsc#1221667)
ModerateSUSE bug 1221665SUSE bug 1221667CVE-2024-2004 at SUSECVE-2024-2004 at NVDCVE-2024-2398 at SUSECVE-2024-2398 at NVDcpe:/o:suse:sle-micro:5.4Security update for nghttp2 (Important)SUSE Linux Enterprise Micro 5.4
This update for nghttp2 fixes the following issues:
- CVE-2024-28182: Fixed denial of service via http/2 continuation frames (bsc#1221399)
ImportantSUSE bug 1221399CVE-2024-28182 at SUSECVE-2024-28182 at NVDcpe:/o:suse:sle-micro:5.4Security update for util-linux (Important)SUSE Linux Enterprise Micro 5.4
This update for util-linux fixes the following issues:
- CVE-2024-28085: Properly neutralize escape sequences in wall. (bsc#1221831)
ImportantSUSE bug 1207987SUSE bug 1220117SUSE bug 1221831CVE-2024-28085 at SUSECVE-2024-28085 at NVDcpe:/o:suse:sle-micro:5.4Security update for less (Important)SUSE Linux Enterprise Micro 5.4
This update for less fixes the following issues:
- CVE-2022-48624: Fixed LESSCLOSE handling in less that does not quote shell metacharacters (bsc#1219901).
ImportantSUSE bug 1219901CVE-2022-48624 at SUSECVE-2022-48624 at NVDcpe:/o:suse:sle-micro:5.4Security update for xen (Moderate)SUSE Linux Enterprise Micro 5.4
This update for xen fixes the following issues:
- CVE-2023-46842: Fixed denial of service due to Xen bug check triggered by HVM hypercalls (XSA-454) in xen x86 (bsc#1221984)
- CVE-2024-31142: Fixed incorrect logic for BTC/SRSO mitigations (XSA-455) in xen x86 (bsc#1222302)
- CVE-2024-2201: Fixed memory disclosure via Native Branch History Injection (XSA-456) in xen x86 (bsc#1222453)
Other fixes:
- Update to Xen 4.16.6 (bsc#1027519)
ModerateSUSE bug 1027519SUSE bug 1221984SUSE bug 1222302SUSE bug 1222453CVE-2023-46842 at SUSECVE-2023-46842 at NVDCVE-2024-2201 at SUSECVE-2024-2201 at NVDCVE-2024-31142 at SUSECVE-2024-31142 at NVDcpe:/o:suse:sle-micro:5.4Security update for gnutls (Moderate)SUSE Linux Enterprise Micro 5.4
This update for gnutls fixes the following issues:
- CVE-2024-28834: Fixed side-channel in the deterministic ECDSA (bsc#1221746)
- CVE-2024-28835: Fixed denial of service during certificate chain verification (bsc#1221747)
Other fixes:
- jitterentropy: Release the memory of the entropy collector when
using jitterentropy with phtreads as there is also a
pre-intitization done in the main thread (bsc#1221242)
ModerateSUSE bug 1221242SUSE bug 1221746SUSE bug 1221747CVE-2024-28834 at SUSECVE-2024-28834 at NVDCVE-2024-28835 at SUSECVE-2024-28835 at NVDcpe:/o:suse:sle-micro:5.4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.4
The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2023-6531: Fixed a use-after-free flaw due to a race problem in the unix garbage collector's deletion of SKB races with unix_stream_read_generic() on the socket that the SKB is queued on (bsc#1218447).
- CVE-2023-6610: Fixed an out of bounds read in the SMB client when printing debug information (bsc#1217946).
- CVE-2023-51779: Fixed a use-after-free because of a bt_sock_ioctl race condition in bt_sock_recvmsg (bsc#1218559).
- CVE-2020-26555: Fixed an issue during BR/EDR PIN code pairing in the Bluetooth subsystem that would allow replay attacks (bsc#1179610 bsc#1215237).
- CVE-2023-6606: Fixed an out of bounds read in the SMB client when receiving a malformed length from a server (bsc#1217947).
- CVE-2023-6546: Fixed a race condition in the GSM 0710 tty multiplexor via the GSMIOC_SETCONF ioctl that could lead to local privilege escalation (bsc#1218335).
- CVE-2023-6931: Fixed a heap out-of-bounds write vulnerability in the Linux kernel's Performance Events system component that could lead to local privilege escalation. (bsc#1218258).
- CVE-2023-6932: Fixed a use-after-free vulnerability in the Linux kernel's ipv4: igmp component that could lead to local privilege escalation (bsc#1218253).
- CVE-2023-6622: Fixed a null pointer dereference vulnerability in nft_dynset_init() that could allow a local attacker with CAP_NET_ADMIN user privilege to trigger a denial of service (bsc#1217938).
- CVE-2023-6121: Fixed an information leak via dmesg when receiving a crafted packet in the NVMe-oF/TCP subsystem (bsc#1217250).
The following non-security bugs were fixed:
- Reviewed and added more information to README.SUSE (jsc#PED-5021).
- Build in the correct KOTD repository with multibuild (JSC-SLE#5501, boo#1211226, bsc#1218184) With multibuild setting repository flags is no longer supported for individual spec files - see https://github.com/openSUSE/open-build-service/issues/3574 Add ExclusiveArch conditional that depends on a macro set up by bs-upload-kernel instead. With that each package should build only in one repository - either standard or QA. Note: bs-upload-kernel does not interpret rpm conditionals, and only uses the first ExclusiveArch line to determine the architectures to enable.
- KVM: s390/mm: Properly reset no-dat (bsc#1218056).
- KVM: s390: vsie: fix wrong VIR 37 when MSO is used (bsc#1217933).
- KVM: x86: Mask LVTPC when handling a PMI (jsc#PED-7322).
- NFS: Fix O_DIRECT locking issues (bsc#1211162).
- NFS: Fix a few more clear_bit() instances that need release semantics (bsc#1211162).
- NFS: Fix a potential data corruption (bsc#1211162).
- NFS: Fix a use after free in nfs_direct_join_group() (bsc#1211162).
- NFS: Fix error handling for O_DIRECT write scheduling (bsc#1211162).
- NFS: More O_DIRECT accounting fixes for error paths (bsc#1211162).
- NFS: More fixes for nfs_direct_write_reschedule_io() (bsc#1211162).
- NFS: Use the correct commit info in nfs_join_page_group() (bsc#1211162).
- NLM: Defend against file_lock changes after vfs_test_lock() (bsc#1217692).
- Updated SPI patches for NVIDIA Grace enablement (bsc#1212584, jsc#PED-3459).
- block: fix revalidate performance regression (bsc#1216057).
- bpf: Adjust insufficient default bpf_jit_limit (bsc#1218234).
- ceph: fix incorrect revoked caps assert in ceph_fill_file_size() (bsc#1217980).
- ceph: fix type promotion bug on 32bit systems (bsc#1217982).
- clocksource: Add a Kconfig option for WATCHDOG_MAX_SKEW (bsc#1215885 bsc#1217217).
- clocksource: Enable TSC watchdog checking of HPET and PMTMR only when requested (bsc#1215885 bsc#1217217).
- clocksource: Handle negative skews in 'skew is too large' messages (bsc#1215885 bsc#1217217).
- clocksource: Improve 'skew is too large' messages (bsc#1215885 bsc#1217217).
- clocksource: Improve read-back-delay message (bsc#1215885 bsc#1217217).
- clocksource: Loosen clocksource watchdog constraints (bsc#1215885 bsc#1217217).
- clocksource: Print clocksource name when clocksource is tested unstable (bsc#1215885 bsc#1217217).
- clocksource: Verify HPET and PMTMR when TSC unverified (bsc#1215885 bsc#1217217).
- dm_blk_ioctl: implement path failover for SG_IO (bsc#1183045, bsc#1216776).
- fuse: dax: set fc->dax to NULL in fuse_dax_conn_free() (bsc#1218659).
- kabi/severities: ignore kABI for asus-wmi drivers Tolerate the kABI changes, as used only locally for asus-wmi stuff
- libceph: use kernel_connect() (bsc#1217981).
- mkspec: Add multibuild support (JSC-SLE#5501, boo#1211226, bsc#1218184) When MULTIBUILD option in config.sh is enabled generate a _multibuild file listing all spec files.
- mm: kmem: drop __GFP_NOFAIL when allocating objcg vectors (bsc#1218515).
- net/smc: Fix pos miscalculation in statistics (bsc#1218139).
- net/tg3: fix race condition in tg3_reset_task() (bsc#1217801).
- nfs: only issue commit in DIO codepath if we have uncommitted data (bsc#1211162).
- remove unnecessary WARN_ON_ONCE() (bsc#1214823 bsc#1218569).
- s390/vx: fix save/restore of fpu kernel context (bsc#1218357).
- scsi: lpfc: use unsigned type for num_sge (bsc#1214747).
- swiotlb: fix a braino in the alignment check fix (bsc#1216559).
- swiotlb: fix slot alignment checks (bsc#1216559).
- tracing: Disable preemption when using the filter buffer (bsc#1217036).
- tracing: Fix a possible race when disabling buffered events (bsc#1217036).
- tracing: Fix a warning when allocating buffered events fails (bsc#1217036).
- tracing: Fix incomplete locking when disabling buffered events (bsc#1217036).
- tracing: Fix warning in trace_buffered_event_disable() (bsc#1217036).
- tracing: Use __this_cpu_read() in trace_event_buffer_lock_reserver() (bsc#1217036).
- uapi: propagate __struct_group() attributes to the container union (jsc#SLE-18978).
- vsprintf/kallsyms: Prevent invalid data when printing symbol (bsc#1217602).
- x86/entry/ia32: Ensure s32 is sign extended to s64 (bsc#1193285).
- x86/platform/uv: Use alternate source for socket to node data (bsc#1215696 bsc#1217790).
- x86/tsc: Add option to force frequency recalibration with HW timer (bsc#1215885 bsc#1217217).
- x86/tsc: Be consistent about use_tsc_delay() (bsc#1215885 bsc#1217217).
- x86/tsc: Extend watchdog check exemption to 4-Sockets platform (bsc#1215885 bsc#1217217).
ImportantSUSE bug 1179610SUSE bug 1183045SUSE bug 1193285SUSE bug 1211162SUSE bug 1211226SUSE bug 1212584SUSE bug 1214747SUSE bug 1214823SUSE bug 1215237SUSE bug 1215696SUSE bug 1215885SUSE bug 1216057SUSE bug 1216559SUSE bug 1216776SUSE bug 1217036SUSE bug 1217217SUSE bug 1217250SUSE bug 1217602SUSE bug 1217692SUSE bug 1217790SUSE bug 1217801SUSE bug 1217933SUSE bug 1217938SUSE bug 1217946SUSE bug 1217947SUSE bug 1217980SUSE bug 1217981SUSE bug 1217982SUSE bug 1218056SUSE bug 1218139SUSE bug 1218184SUSE bug 1218234SUSE bug 1218253SUSE bug 1218258SUSE bug 1218335SUSE bug 1218357SUSE bug 1218447SUSE bug 1218515SUSE bug 1218559SUSE bug 1218569SUSE bug 1218659CVE-2020-26555 at SUSECVE-2020-26555 at NVDCVE-2023-51779 at SUSECVE-2023-51779 at NVDCVE-2023-6121 at SUSECVE-2023-6121 at NVDCVE-2023-6531 at SUSECVE-2023-6531 at NVDCVE-2023-6546 at SUSECVE-2023-6546 at NVDCVE-2023-6606 at SUSECVE-2023-6606 at NVDCVE-2023-6610 at SUSECVE-2023-6610 at NVDCVE-2023-6622 at SUSECVE-2023-6622 at NVDCVE-2023-6931 at SUSECVE-2023-6931 at NVDCVE-2023-6932 at SUSECVE-2023-6932 at NVDcpe:/o:suse:sle-micro:5.4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.4
The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2021-46925: Fixed kernel panic caused by race of smc_sock (bsc#1220466).
- CVE-2021-46926: Fixed bug when detecting controllers in ALSA/hda/intel-sdw-acpi (bsc#1220478).
- CVE-2021-46927: Fixed assertion bug in nitro_enclaves: Use get_user_pages_unlocked() (bsc#1220443).
- CVE-2021-46929: Fixed use-after-free issue in sctp_sock_dump() (bsc#1220482).
- CVE-2021-46930: Fixed usb/mtu3 list_head check warning (bsc#1220484).
- CVE-2021-46931: Fixed wrong type casting in mlx5e_tx_reporter_dump_sq() (bsc#1220486).
- CVE-2021-46933: Fixed possible underflow in ffs_data_clear() (bsc#1220487).
- CVE-2021-46936: Fixed use-after-free in tw_timer_handler() (bsc#1220439).
- CVE-2021-47082: Fixed ouble free in tun_free_netdev() (bsc#1220969).
- CVE-2021-47087: Fixed incorrect page free bug in tee/optee (bsc#1220954).
- CVE-2021-47091: Fixed locking in ieee80211_start_ap()) error path (bsc#1220959).
- CVE-2021-47093: Fixed memleak on registration failure in intel_pmc_core (bsc#1220978).
- CVE-2021-47094: Fixed possible memory leak in KVM x86/mmu (bsc#1221551).
- CVE-2021-47095: Fixed missing initialization in ipmi/ssif (bsc#1220979).
- CVE-2021-47096: Fixed uninitalized user_pversion in ALSA rawmidi (bsc#1220981).
- CVE-2021-47097: Fixed stack out of bound access in elantech_change_report_id() (bsc#1220982).
- CVE-2021-47098: Fixed integer overflow/underflow in hysteresis calculations hwmon: (lm90) (bsc#1220983).
- CVE-2021-47099: Fixed BUG_ON assertion in veth when skb entering GRO are cloned (bsc#1220955).
- CVE-2021-47100: Fixed UAF when uninstall in ipmi (bsc#1220985).
- CVE-2021-47101: Fixed uninit-value in asix_mdio_read() (bsc#1220987).
- CVE-2021-47102: Fixed incorrect structure access In line: upper = info->upper_dev in net/marvell/prestera (bsc#1221009).
- CVE-2021-47104: Fixed memory leak in qib_user_sdma_queue_pkts() (bsc#1220960).
- CVE-2021-47105: Fixed potential memory leak in ice/xsk (bsc#1220961).
- CVE-2021-47107: Fixed READDIR buffer overflow in NFSD (bsc#1220965).
- CVE-2021-47108: Fixed possible NULL pointer dereference for mtk_hdmi_conf in drm/mediatek (bsc#1220986).
- CVE-2022-48626: Fixed a potential use-after-free on remove path moxart (bsc#1220366).
- CVE-2022-48629: Fixed possible memory leak in qcom-rng (bsc#1220989).
- CVE-2022-48630: Fixed infinite loop on requests not multiple of WORD_SZ in crypto: qcom-rng (bsc#1220990).
- CVE-2023-35827: Fixed a use-after-free issue in ravb_tx_timeout_work() (bsc#1212514).
- CVE-2023-52450: Fixed NULL pointer dereference issue in upi_fill_topology() (bsc#1220237).
- CVE-2023-52454: Fixed a kernel panic when host sends an invalid H2C PDU length (bsc#1220320).
- CVE-2023-52469: Fixed a use-after-free in kv_parse_power_table (bsc#1220411).
- CVE-2023-52470: Fixed null-ptr-deref in radeon_crtc_init() (bsc#1220413).
- CVE-2023-52474: Fixed a vulnerability with non-PAGE_SIZE-end multi-iovec user SDMA requests (bsc#1220445).
- CVE-2023-52477: Fixed USB Hub accesses to uninitialized BOS descriptors (bsc#1220790).
- CVE-2023-52492: Fixed a null-pointer-dereference in channel unregistration function __dma_async_device_channel_register() (bsc#1221276).
- CVE-2023-52497: Fixed data corruption in erofs (bsc#1220879).
- CVE-2023-52501: Fixed possible memory corruption in ring-buffer (bsc#1220885).
- CVE-2023-52502: Fixed a race condition in nfc_llcp_sock_get() and nfc_llcp_sock_get_sn() (bsc#1220831).
- CVE-2023-52504: Fixed possible out-of bounds in apply_alternatives() on a 5-level paging machine (bsc#1221553).
- CVE-2023-52507: Fixed possible shift-out-of-bounds in nfc/nci (bsc#1220833).
- CVE-2023-52508: Fixed null pointer dereference in nvme_fc_io_getuuid() (bsc#1221015).
- CVE-2023-52509: Fixed a use-after-free issue in ravb_tx_timeout_work() (bsc#1220836).
- CVE-2023-52510: Fixed a potential UAF in ca8210_probe() (bsc#1220898).
- CVE-2023-52511: Fixed possible memory corruption in spi/sun6i (bsc#1221012).
- CVE-2023-52513: Fixed connection failure handling in RDMA/siw (bsc#1221022).
- CVE-2023-52515: Fixed possible use-after-free in RDMA/srp (bsc#1221048).
- CVE-2023-52517: Fixed race between DMA RX transfer completion and RX FIFO drain in spi/sun6i (bsc#1221055).
- CVE-2023-52519: Fixed possible overflow in HID/intel-ish-hid/ipc (bsc#1220920).
- CVE-2023-52520: Fixed reference leak in platform/x86/think-lmi (bsc#1220921).
- CVE-2023-52523: Fixed wrong redirects to non-TCP sockets in bpf (bsc#1220926).
- CVE-2023-52524: Fixed possible corruption in nfc/llcp (bsc#1220927).
- CVE-2023-52525: Fixed out of bounds check mwifiex_process_rx_packet() (bsc#1220840).
- CVE-2023-52528: Fixed uninit-value access in __smsc75xx_read_reg() (bsc#1220843).
- CVE-2023-52529: Fixed a potential memory leak in sony_probe() (bsc#1220929).
- CVE-2023-52532: Fixed a bug in TX CQE error handling (bsc#1220932).
- CVE-2023-52564: Reverted invalid fix for UAF in gsm_cleanup_mux() (bsc#1220938).
- CVE-2023-52566: Fixed potential use after free in nilfs_gccache_submit_read_data() (bsc#1220940).
- CVE-2023-52567: Fixed possible Oops in serial/8250_port: when using IRQ polling (irq = 0) (bsc#1220839).
- CVE-2023-52569: Fixed a bug in btrfs by remoning BUG() after failure to insert delayed dir index item (bsc#1220918).
- CVE-2023-52574: Fixed a bug by hiding new member header_ops (bsc#1220870).
- CVE-2023-52575: Fixed SBPB enablement for spec_rstack_overflow=off (bsc#1220871).
- CVE-2023-52576: Fixed potential use after free in memblock_isolate_range() (bsc#1220872).
- CVE-2023-52582: Fixed possible oops in netfs (bsc#1220878).
- CVE-2023-52583: Fixed deadlock or deadcode of misusing dget() inside ceph (bsc#1221058).
- CVE-2023-52597: Fixed a setting of fpc register in KVM (bsc#1221040).
- CVE-2023-52605: Fixed a NULL pointer dereference check (bsc#1221039)
- CVE-2023-52621: Fixed missing asserion in bpf (bsc#1222073).
- CVE-2024-25742: Fixed insufficient validation during #VC instruction emulation in x86/sev (bsc#1221725).
- CVE-2024-26600: Fixed NULL pointer dereference for SRP in phy-omap-usb2 (bsc#1220340).
The following non-security bugs were fixed:
- doc/README.SUSE: Update information about module support status (jsc#PED-5759)
- group-source-files.pl: Quote filenames (boo#1221077).
- tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc (bsc#1222619).
ImportantSUSE bug 1212514SUSE bug 1220237SUSE bug 1220320SUSE bug 1220340SUSE bug 1220366SUSE bug 1220411SUSE bug 1220413SUSE bug 1220439SUSE bug 1220443SUSE bug 1220445SUSE bug 1220466SUSE bug 1220478SUSE bug 1220482SUSE bug 1220484SUSE bug 1220486SUSE bug 1220487SUSE bug 1220790SUSE bug 1220831SUSE bug 1220833SUSE bug 1220836SUSE bug 1220839SUSE bug 1220840SUSE bug 1220843SUSE bug 1220870SUSE bug 1220871SUSE bug 1220872SUSE bug 1220878SUSE bug 1220879SUSE bug 1220885SUSE bug 1220898SUSE bug 1220918SUSE bug 1220920SUSE bug 1220921SUSE bug 1220926SUSE bug 1220927SUSE bug 1220929SUSE bug 1220932SUSE bug 1220938SUSE bug 1220940SUSE bug 1220954SUSE bug 1220955SUSE bug 1220959SUSE bug 1220960SUSE bug 1220961SUSE bug 1220965SUSE bug 1220969SUSE bug 1220978SUSE bug 1220979SUSE bug 1220981SUSE bug 1220982SUSE bug 1220983SUSE bug 1220985SUSE bug 1220986SUSE bug 1220987SUSE bug 1220989SUSE bug 1220990SUSE bug 1221009SUSE bug 1221012SUSE bug 1221015SUSE bug 1221022SUSE bug 1221039SUSE bug 1221040SUSE bug 1221048SUSE bug 1221055SUSE bug 1221058SUSE bug 1221077SUSE bug 1221276SUSE bug 1221551SUSE bug 1221553SUSE bug 1221725SUSE bug 1222073SUSE bug 1222619CVE-2021-46925 at SUSECVE-2021-46925 at NVDCVE-2021-46926 at SUSECVE-2021-46926 at NVDCVE-2021-46927 at SUSECVE-2021-46927 at NVDCVE-2021-46929 at SUSECVE-2021-46929 at NVDCVE-2021-46930 at SUSECVE-2021-46930 at NVDCVE-2021-46931 at SUSECVE-2021-46931 at NVDCVE-2021-46933 at SUSECVE-2021-46933 at NVDCVE-2021-46936 at SUSECVE-2021-46936 at NVDCVE-2021-47082 at SUSECVE-2021-47082 at NVDCVE-2021-47087 at SUSECVE-2021-47087 at NVDCVE-2021-47091 at SUSECVE-2021-47091 at NVDCVE-2021-47093 at SUSECVE-2021-47093 at NVDCVE-2021-47094 at SUSECVE-2021-47094 at NVDCVE-2021-47095 at SUSECVE-2021-47095 at NVDCVE-2021-47096 at SUSECVE-2021-47096 at NVDCVE-2021-47097 at SUSECVE-2021-47097 at NVDCVE-2021-47098 at SUSECVE-2021-47098 at NVDCVE-2021-47099 at SUSECVE-2021-47099 at NVDCVE-2021-47100 at SUSECVE-2021-47100 at NVDCVE-2021-47101 at SUSECVE-2021-47101 at NVDCVE-2021-47102 at SUSECVE-2021-47102 at NVDCVE-2021-47104 at SUSECVE-2021-47104 at NVDCVE-2021-47105 at SUSECVE-2021-47105 at NVDCVE-2021-47107 at SUSECVE-2021-47107 at NVDCVE-2021-47108 at SUSECVE-2021-47108 at NVDCVE-2022-48626 at SUSECVE-2022-48626 at NVDCVE-2022-48629 at SUSECVE-2022-48629 at NVDCVE-2022-48630 at SUSECVE-2022-48630 at NVDCVE-2023-35827 at SUSECVE-2023-35827 at NVDCVE-2023-52450 at SUSECVE-2023-52450 at NVDCVE-2023-52454 at SUSECVE-2023-52454 at NVDCVE-2023-52469 at SUSECVE-2023-52469 at NVDCVE-2023-52470 at SUSECVE-2023-52470 at NVDCVE-2023-52474 at SUSECVE-2023-52474 at NVDCVE-2023-52477 at SUSECVE-2023-52477 at NVDCVE-2023-52492 at SUSECVE-2023-52492 at NVDCVE-2023-52497 at SUSECVE-2023-52497 at NVDCVE-2023-52501 at SUSECVE-2023-52501 at NVDCVE-2023-52502 at SUSECVE-2023-52502 at NVDCVE-2023-52504 at SUSECVE-2023-52504 at NVDCVE-2023-52507 at SUSECVE-2023-52507 at NVDCVE-2023-52508 at SUSECVE-2023-52508 at NVDCVE-2023-52509 at SUSECVE-2023-52509 at NVDCVE-2023-52510 at SUSECVE-2023-52510 at NVDCVE-2023-52511 at SUSECVE-2023-52511 at NVDCVE-2023-52513 at SUSECVE-2023-52513 at NVDCVE-2023-52515 at SUSECVE-2023-52515 at NVDCVE-2023-52517 at SUSECVE-2023-52517 at NVDCVE-2023-52519 at SUSECVE-2023-52519 at NVDCVE-2023-52520 at SUSECVE-2023-52520 at NVDCVE-2023-52523 at SUSECVE-2023-52523 at NVDCVE-2023-52524 at SUSECVE-2023-52524 at NVDCVE-2023-52525 at SUSECVE-2023-52525 at NVDCVE-2023-52528 at SUSECVE-2023-52528 at NVDCVE-2023-52529 at SUSECVE-2023-52529 at NVDCVE-2023-52532 at SUSECVE-2023-52532 at NVDCVE-2023-52564 at SUSECVE-2023-52564 at NVDCVE-2023-52566 at SUSECVE-2023-52566 at NVDCVE-2023-52567 at SUSECVE-2023-52567 at NVDCVE-2023-52569 at SUSECVE-2023-52569 at NVDCVE-2023-52574 at SUSECVE-2023-52574 at NVDCVE-2023-52575 at SUSECVE-2023-52575 at NVDCVE-2023-52576 at SUSECVE-2023-52576 at NVDCVE-2023-52582 at SUSECVE-2023-52582 at NVDCVE-2023-52583 at SUSECVE-2023-52583 at NVDCVE-2023-52597 at SUSECVE-2023-52597 at NVDCVE-2023-52605 at SUSECVE-2023-52605 at NVDCVE-2023-52621 at SUSECVE-2023-52621 at NVDCVE-2024-25742 at SUSECVE-2024-25742 at NVDCVE-2024-26600 at SUSECVE-2024-26600 at NVDcpe:/o:suse:sle-micro:5.4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.4
The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2024-25742: Fixed insufficient validation during #VC instruction emulation in x86/sev (bsc#1221725).
- CVE-2023-52519: Fixed possible overflow in HID/intel-ish-hid/ipc (bsc#1220920).
- CVE-2023-52529: Fixed a potential memory leak in sony_probe() (bsc#1220929).
- CVE-2023-52474: Fixed a vulnerability with non-PAGE_SIZE-end multi-iovec user SDMA requests (bsc#1220445).
- CVE-2023-52513: Fixed connection failure handling in RDMA/siw (bsc#1221022).
- CVE-2023-52515: Fixed possible use-after-free in RDMA/srp (bsc#1221048).
- CVE-2023-52564: Reverted invalid fix for UAF in gsm_cleanup_mux() (bsc#1220938).
- CVE-2023-52447: Fixed map_fd_put_ptr() signature kABI workaround (bsc#1220251).
- CVE-2023-52510: Fixed a potential UAF in ca8210_probe() (bsc#1220898).
- CVE-2023-52524: Fixed possible corruption in nfc/llcp (bsc#1220927).
- CVE-2023-52528: Fixed uninit-value access in __smsc75xx_read_reg() (bsc#1220843).
- CVE-2023-52507: Fixed possible shift-out-of-bounds in nfc/nci (bsc#1220833).
- CVE-2023-52566: Fixed potential use after free in nilfs_gccache_submit_read_data() (bsc#1220940).
- CVE-2023-52508: Fixed null pointer dereference in nvme_fc_io_getuuid() (bsc#1221015).
- CVE-2023-6535: Fixed a NULL pointer dereference in nvmet_tcp_execute_request (bsc#1217988).
- CVE-2023-6536: Fixed a NULL pointer dereference in __nvmet_req_complete (bsc#1217989).
- CVE-2023-6356: Fixed a NULL pointer dereference in nvmet_tcp_build_pdu_iovec (bsc#1217987).
- CVE-2023-52454: Fixed a kernel panic when host sends an invalid H2C PDU length (bsc#1220320).
- CVE-2023-52520: Fixed reference leak in platform/x86/think-lmi (bsc#1220921).
- CVE-2023-35827: Fixed a use-after-free issue in ravb_tx_timeout_work() (bsc#1212514).
- CVE-2023-52509: Fixed a use-after-free issue in ravb_tx_timeout_work() (bsc#1220836).
- CVE-2023-52501: Fixed possible memory corruption in ring-buffer (bsc#1220885).
- CVE-2023-52567: Fixed possible Oops in serial/8250_port: when using IRQ polling (irq = 0) (bsc#1220839).
- CVE-2023-52517: Fixed race between DMA RX transfer completion and RX FIFO drain in spi/sun6i (bsc#1221055).
- CVE-2023-52511: Fixed possible memory corruption in spi/sun6i (bsc#1221012).
- CVE-2023-52525: Fixed out of bounds check mwifiex_process_rx_packet() (bsc#1220840).
- CVE-2023-52504: Fixed possible out-of bounds in apply_alternatives() on a 5-level paging machine (bsc#1221553).
- CVE-2023-52575: Fixed SBPB enablement for spec_rstack_overflow=off (bsc#1220871).
- CVE-2022-48626: Fixed a potential use-after-free on remove path moxart (bsc#1220366).
- CVE-2022-48629: Fixed possible memory leak in qcom-rng (bsc#1220989).
- CVE-2022-48630: Fixed infinite loop on requests not multiple of WORD_SZ in crypto: qcom-rng (bsc#1220990).
- CVE-2021-46926: Fixed bug when detecting controllers in ALSA/hda/intel-sdw-acpi (bsc#1220478).
- CVE-2021-47096: Fixed uninitalized user_pversion in ALSA rawmidi (bsc#1220981).
- CVE-2021-47104: Fixed memory leak in qib_user_sdma_queue_pkts() (bsc#1220960).
- CVE-2021-47097: Fixed stack out of bound access in elantech_change_report_id() (bsc#1220982).
- CVE-2021-47094: Fixed possible memory leak in KVM x86/mmu (bsc#1221551).
- CVE-2021-47107: Fixed READDIR buffer overflow in NFSD (bsc#1220965).
- CVE-2021-47101: Fixed uninit-value in asix_mdio_read() (bsc#1220987).
- CVE-2021-47108: Fixed possible NULL pointer dereference for mtk_hdmi_conf in drm/mediatek (bsc#1220986).
- CVE-2021-47098: Fixed integer overflow/underflow in hysteresis calculations hwmon: (lm90) (bsc#1220983).
- CVE-2021-47100: Fixed UAF when uninstall in ipmi (bsc#1220985).
- CVE-2021-47095: Fixed missing initialization in ipmi/ssif (bsc#1220979).
- CVE-2021-47091: Fixed locking in ieee80211_start_ap()) error path (bsc#1220959).
- CVE-2021-46936: Fixed use-after-free in tw_timer_handler() (bsc#1220439).
- CVE-2021-47102: Fixed incorrect structure access In line: upper = info->upper_dev in net/marvell/prestera (bsc#1221009).
- CVE-2021-46925: Fixed kernel panic caused by race of smc_sock (bsc#1220466).
- CVE-2021-46927: Fixed assertion bug in nitro_enclaves: Use get_user_pages_unlocked() (bsc#1220443).
- CVE-2021-47093: Fixed memleak on registration failure in intel_pmc_core (bsc#1220978).
- CVE-2022-20154: Fixed a use after free due to a race condition in lock_sock_nested of sock.c. This could lead to local escalation of privilege with System execution privileges needed (bsc#1200599).
- CVE-2021-46929: Fixed use-after-free issue in sctp_sock_dump() (bsc#1220482).
- CVE-2021-47087: Fixed incorrect page free bug in tee/optee (bsc#1220954).
- CVE-2022-4744: Fixed double-free that could lead to DoS or privilege escalation in TUN/TAP device driver functionality (bsc#1209635).
- CVE-2021-47082: Fixed ouble free in tun_free_netdev() (bsc#1220969).
- CVE-2021-46933: Fixed possible underflow in ffs_data_clear() (bsc#1220487).
- CVE-2021-46930: Fixed usb/mtu3 list_head check warning (bsc#1220484).
- CVE-2021-47099: Fixed BUG_ON assertion in veth when skb entering GRO are cloned (bsc#1220955).
- CVE-2023-52492: Fixed a null-pointer-dereference in channel unregistration function __dma_async_device_channel_register() (bsc#1221276).
- CVE-2023-52450: Fixed NULL pointer dereference issue in upi_fill_topology() (bsc#1220237).
- CVE-2023-28746: Fixed Register File Data Sampling (bsc#1213456).
- CVE-2023-52583: Fixed deadlock or deadcode of misusing dget() inside ceph (bsc#1221058).
- CVE-2023-52582: Fixed possible oops in netfs (bsc#1220878).
- CVE-2023-52477: Fixed USB Hub accesses to uninitialized BOS descriptors (bsc#1220790).
- CVE-2023-52470: Fixed null-ptr-deref in radeon_crtc_init() (bsc#1220413).
- CVE-2023-52469: Fixed a use-after-free in kv_parse_power_table (bsc#1220411).
- CVE-2023-52576: Fixed potential use after free in memblock_isolate_range() (bsc#1220872).
- CVE-2024-26600: Fixed NULL pointer dereference for SRP in phy-omap-usb2 (bsc#1220340).
- CVE-2023-52497: Fixed data corruption in erofs (bsc#1220879).
- CVE-2023-52605: Fixed a NULL pointer dereference check (bsc#1221039)
- CVE-2023-52569: Fixed a bug in btrfs by remoning BUG() after failure to insert delayed dir index item (bsc#1220918).
- CVE-2023-52502: Fixed a race condition in nfc_llcp_sock_get() and nfc_llcp_sock_get_sn() (bsc#1220831).
- CVE-2023-52574: Fixed a bug by hiding new member header_ops (bsc#1220870).
- CVE-2023-52597: Fixed a setting of fpc register in KVM (bsc#1221040).
- CVE-2023-52523: Fixed wrong redirects to non-TCP sockets in bpf (bsc#1220926).
- CVE-2021-47105: Fixed potential memory leak in ice/xsk (bsc#1220961).
- CVE-2023-52532: Fixed a bug in TX CQE error handling (bsc#1220932).
- CVE-2021-46931: Fixed wrong type casting in mlx5e_tx_reporter_dump_sq() (bsc#1220486).
The following non-security bugs were fixed:
- doc/README.SUSE: Update information about module support status (jsc#PED-5759)
- tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc (bsc#1222619).
ImportantSUSE bug 1200599SUSE bug 1209635SUSE bug 1212514SUSE bug 1213456SUSE bug 1217987SUSE bug 1217988SUSE bug 1217989SUSE bug 1220237SUSE bug 1220251SUSE bug 1220320SUSE bug 1220340SUSE bug 1220366SUSE bug 1220411SUSE bug 1220413SUSE bug 1220439SUSE bug 1220443SUSE bug 1220445SUSE bug 1220466SUSE bug 1220478SUSE bug 1220482SUSE bug 1220484SUSE bug 1220486SUSE bug 1220487SUSE bug 1220790SUSE bug 1220831SUSE bug 1220833SUSE bug 1220836SUSE bug 1220839SUSE bug 1220840SUSE bug 1220843SUSE bug 1220870SUSE bug 1220871SUSE bug 1220872SUSE bug 1220878SUSE bug 1220879SUSE bug 1220885SUSE bug 1220898SUSE bug 1220918SUSE bug 1220920SUSE bug 1220921SUSE bug 1220926SUSE bug 1220927SUSE bug 1220929SUSE bug 1220932SUSE bug 1220938SUSE bug 1220940SUSE bug 1220954SUSE bug 1220955SUSE bug 1220959SUSE bug 1220960SUSE bug 1220961SUSE bug 1220965SUSE bug 1220969SUSE bug 1220978SUSE bug 1220979SUSE bug 1220981SUSE bug 1220982SUSE bug 1220983SUSE bug 1220985SUSE bug 1220986SUSE bug 1220987SUSE bug 1220989SUSE bug 1220990SUSE bug 1221009SUSE bug 1221012SUSE bug 1221015SUSE bug 1221022SUSE bug 1221039SUSE bug 1221040SUSE bug 1221048SUSE bug 1221055SUSE bug 1221058SUSE bug 1221077SUSE bug 1221276SUSE bug 1221551SUSE bug 1221553SUSE bug 1221725SUSE bug 1222073SUSE bug 1222619CVE-2021-46925 at SUSECVE-2021-46925 at NVDCVE-2021-46926 at SUSECVE-2021-46926 at NVDCVE-2021-46927 at SUSECVE-2021-46927 at NVDCVE-2021-46929 at SUSECVE-2021-46929 at NVDCVE-2021-46930 at SUSECVE-2021-46930 at NVDCVE-2021-46931 at SUSECVE-2021-46931 at NVDCVE-2021-46933 at SUSECVE-2021-46933 at NVDCVE-2021-46936 at SUSECVE-2021-46936 at NVDCVE-2021-47082 at SUSECVE-2021-47082 at NVDCVE-2021-47087 at SUSECVE-2021-47087 at NVDCVE-2021-47091 at SUSECVE-2021-47091 at NVDCVE-2021-47093 at SUSECVE-2021-47093 at NVDCVE-2021-47094 at SUSECVE-2021-47094 at NVDCVE-2021-47095 at SUSECVE-2021-47095 at NVDCVE-2021-47096 at SUSECVE-2021-47096 at NVDCVE-2021-47097 at SUSECVE-2021-47097 at NVDCVE-2021-47098 at SUSECVE-2021-47098 at NVDCVE-2021-47099 at SUSECVE-2021-47099 at NVDCVE-2021-47100 at SUSECVE-2021-47100 at NVDCVE-2021-47101 at SUSECVE-2021-47101 at NVDCVE-2021-47102 at SUSECVE-2021-47102 at NVDCVE-2021-47104 at SUSECVE-2021-47104 at NVDCVE-2021-47105 at SUSECVE-2021-47105 at NVDCVE-2021-47107 at SUSECVE-2021-47107 at NVDCVE-2021-47108 at SUSECVE-2021-47108 at NVDCVE-2022-20154 at SUSECVE-2022-20154 at NVDCVE-2022-4744 at SUSECVE-2022-4744 at NVDCVE-2022-48626 at SUSECVE-2022-48626 at NVDCVE-2022-48629 at SUSECVE-2022-48629 at NVDCVE-2022-48630 at SUSECVE-2022-48630 at NVDCVE-2023-28746 at SUSECVE-2023-28746 at NVDCVE-2023-35827 at SUSECVE-2023-35827 at NVDCVE-2023-52447 at SUSECVE-2023-52447 at NVDCVE-2023-52450 at SUSECVE-2023-52450 at NVDCVE-2023-52454 at SUSECVE-2023-52454 at NVDCVE-2023-52469 at SUSECVE-2023-52469 at NVDCVE-2023-52470 at SUSECVE-2023-52470 at NVDCVE-2023-52474 at SUSECVE-2023-52474 at NVDCVE-2023-52477 at SUSECVE-2023-52477 at NVDCVE-2023-52492 at SUSECVE-2023-52492 at NVDCVE-2023-52497 at SUSECVE-2023-52497 at NVDCVE-2023-52501 at SUSECVE-2023-52501 at NVDCVE-2023-52502 at SUSECVE-2023-52502 at NVDCVE-2023-52504 at SUSECVE-2023-52504 at NVDCVE-2023-52507 at SUSECVE-2023-52507 at NVDCVE-2023-52508 at SUSECVE-2023-52508 at NVDCVE-2023-52509 at SUSECVE-2023-52509 at NVDCVE-2023-52510 at SUSECVE-2023-52510 at NVDCVE-2023-52511 at SUSECVE-2023-52511 at NVDCVE-2023-52513 at SUSECVE-2023-52513 at NVDCVE-2023-52515 at SUSECVE-2023-52515 at NVDCVE-2023-52517 at SUSECVE-2023-52517 at NVDCVE-2023-52519 at SUSECVE-2023-52519 at NVDCVE-2023-52520 at SUSECVE-2023-52520 at NVDCVE-2023-52523 at SUSECVE-2023-52523 at NVDCVE-2023-52524 at SUSECVE-2023-52524 at NVDCVE-2023-52525 at SUSECVE-2023-52525 at NVDCVE-2023-52528 at SUSECVE-2023-52528 at NVDCVE-2023-52529 at SUSECVE-2023-52529 at NVDCVE-2023-52532 at SUSECVE-2023-52532 at NVDCVE-2023-52564 at SUSECVE-2023-52564 at NVDCVE-2023-52566 at SUSECVE-2023-52566 at NVDCVE-2023-52567 at SUSECVE-2023-52567 at NVDCVE-2023-52569 at SUSECVE-2023-52569 at NVDCVE-2023-52574 at SUSECVE-2023-52574 at NVDCVE-2023-52575 at SUSECVE-2023-52575 at NVDCVE-2023-52576 at SUSECVE-2023-52576 at NVDCVE-2023-52582 at SUSECVE-2023-52582 at NVDCVE-2023-52583 at SUSECVE-2023-52583 at NVDCVE-2023-52597 at SUSECVE-2023-52597 at NVDCVE-2023-52605 at SUSECVE-2023-52605 at NVDCVE-2023-52621 at SUSECVE-2023-52621 at NVDCVE-2023-6356 at SUSECVE-2023-6356 at NVDCVE-2023-6535 at SUSECVE-2023-6535 at NVDCVE-2023-6536 at SUSECVE-2023-6536 at NVDCVE-2024-25742 at SUSECVE-2024-25742 at NVDCVE-2024-26600 at SUSECVE-2024-26600 at NVDcpe:/o:suse:sle-micro:5.4Security update for pam (Moderate)SUSE Linux Enterprise Micro 5.4
This update for pam fixes the following issues:
- CVE-2024-22365: Fixed a local denial of service during PAM login
due to a missing check during path manipulation (bsc#1218475).
- Check localtime_r() return value to fix crashing (bsc#1217000)
ModerateSUSE bug 1217000SUSE bug 1218475CVE-2024-22365 at SUSECVE-2024-22365 at NVDcpe:/o:suse:sle-micro:5.4Security update for shim (Important)SUSE Linux Enterprise Micro 5.4
This update for shim fixes the following issues:
- Update shim-install to set the TPM2 SRK algorithm (bsc#1213945)
- Limit the requirement of fde-tpm-helper-macros to the distro with
suse_version 1600 and above (bsc#1219460)
Update to version 15.8:
Security issues fixed:
- mok: fix LogError() invocation (bsc#1215099,CVE-2023-40546)
- avoid incorrectly trusting HTTP headers (bsc#1215098,CVE-2023-40547)
- Fix integer overflow on SBAT section size on 32-bit system (bsc#1215100,CVE-2023-40548)
- Authenticode: verify that the signature header is in bounds (bsc#1215101,CVE-2023-40549)
- pe: Fix an out-of-bound read in verify_buffer_sbat() (bsc#1215102,CVE-2023-40550)
- pe-relocate: Fix bounds check for MZ binaries (bsc#1215103,CVE-2023-40551)
The NX flag is disable which is same as the default value of shim-15.8, hence, not need to enable it by this patch now.
- Generate dbx during build so we don't include binary files in sources
- Don't require grub so shim can still be used with systemd-boot
- Update shim-install to fix boot failure of ext4 root file system
on RAID10 (bsc#1205855)
- Adopt the macros from fde-tpm-helper-macros to update the
signature in the sealed key after a bootloader upgrade
- Update shim-install to amend full disk encryption support
- Adopt TPM 2.0 Key File for grub2 TPM 2.0 protector
- Use the long name to specify the grub2 key protector
- cryptodisk: support TPM authorized policies
- Do not use tpm_record_pcrs unless the command is in command.lst
- Removed POST_PROCESS_PE_FLAGS=-N from the build command in shim.spec to
enable the NX compatibility flag when using post-process-pe after
discussed with grub2 experts in mail. It's useful for further development
and testing. (bsc#1205588)
ImportantSUSE bug 1198101SUSE bug 1205588SUSE bug 1205855SUSE bug 1210382SUSE bug 1213945SUSE bug 1215098SUSE bug 1215099SUSE bug 1215100SUSE bug 1215101SUSE bug 1215102SUSE bug 1215103SUSE bug 1219460CVE-2022-28737 at SUSECVE-2022-28737 at NVDCVE-2023-40546 at SUSECVE-2023-40546 at NVDCVE-2023-40547 at SUSECVE-2023-40547 at NVDCVE-2023-40548 at SUSECVE-2023-40548 at NVDCVE-2023-40549 at SUSECVE-2023-40549 at NVDCVE-2023-40550 at SUSECVE-2023-40550 at NVDCVE-2023-40551 at SUSECVE-2023-40551 at NVDcpe:/o:suse:sle-micro:5.4Security update for glibc (Important)SUSE Linux Enterprise Micro 5.4
This update for glibc fixes the following issues:
- iconv: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence (CVE-2024-2961, bsc#1222992)
ImportantSUSE bug 1222992CVE-2024-2961 at SUSECVE-2024-2961 at NVDcpe:/o:suse:sle-micro:5.4Security update for qemu (Important)SUSE Linux Enterprise Micro 5.4
This update for qemu fixes the following issues:
- CVE-2023-3019: Fixed heap use-after-free in e1000e_write_packet_to_guest() (bsc#1213269)
- CVE-2023-6683: Fixed NULL pointer dereference in qemu_clipboard_request() (bsc#1218889)
- CVE-2024-24474: Fixed integer overflow results in buffer overflow via SCSI command (bsc#1220134)
- CVE-2024-3446: Fixed DM reentrancy issue that could lead to double free vulnerability (bsc#1222843)
- CVE-2024-3447: Fixed heap buffer overflow in sdhci_write_dataport() (bsc#1222845)
ImportantSUSE bug 1213269SUSE bug 1218889SUSE bug 1220134SUSE bug 1222843SUSE bug 1222845CVE-2023-3019 at SUSECVE-2023-3019 at NVDCVE-2023-6683 at SUSECVE-2023-6683 at NVDCVE-2024-24474 at SUSECVE-2024-24474 at NVDCVE-2024-3446 at SUSECVE-2024-3446 at NVDCVE-2024-3447 at SUSECVE-2024-3447 at NVDcpe:/o:suse:sle-micro:5.4Security update for libssh (Important)SUSE Linux Enterprise Micro 5.4
This update for libssh fixes the following issues:
Security fixes:
- CVE-2023-6004: Fixed command injection using proxycommand (bsc#1218209)
- CVE-2023-48795: Fixed potential downgrade attack using strict kex (bsc#1218126)
- CVE-2023-6918: Fixed missing checks for return values of MD functions (bsc#1218186)
- CVE-2023-1667: Fixed NULL dereference during rekeying with algorithm guessing (bsc#1211188)
- CVE-2023-2283: Fixed possible authorization bypass in pki_verify_data_signature under low-memory conditions (bsc#1211190)
Other fixes:
- Update to version 0.9.8
- Allow @ in usernames when parsing from URI composes
- Update to version 0.9.7
- Fix several memory leaks in GSSAPI handling code
ImportantSUSE bug 1211188SUSE bug 1211190SUSE bug 1218126SUSE bug 1218186SUSE bug 1218209CVE-2023-1667 at SUSECVE-2023-1667 at NVDCVE-2023-2283 at SUSECVE-2023-2283 at NVDCVE-2023-48795 at SUSECVE-2023-48795 at NVDCVE-2023-6004 at SUSECVE-2023-6004 at NVDCVE-2023-6918 at SUSECVE-2023-6918 at NVDcpe:/o:suse:sle-micro:5.4Security update for opensc (Moderate)SUSE Linux Enterprise Micro 5.4
This update for opensc fixes the following issues:
- CVE-2023-5992: Fixed side-channel leaks while stripping encryption PKCS#1 padding (bsc#1219386)
ModerateSUSE bug 1219386CVE-2023-5992 at SUSECVE-2023-5992 at NVDcpe:/o:suse:sle-micro:5.4Security update for cockpit-wicked (Moderate)SUSE Linux Enterprise Micro 5.4
This update for cockpit-wicked fixes the following issues:
- CVE-2023-26364: Fixed denial of service due to improper input validation during CSS parsing (bsc#1217325)
Other fixes:
- Upgrade to version 4.5
ModerateSUSE bug 1217325CVE-2023-26364 at SUSECVE-2023-26364 at NVDcpe:/o:suse:sle-micro:5.4Security update for python-idna (Moderate)SUSE Linux Enterprise Micro 5.4
This update for python-idna fixes the following issues:
- CVE-2024-3651: Fixed potential DoS via resource consumption via specially crafted inputs to idna.encode() (bsc#1222842).
ModerateSUSE bug 1222842CVE-2024-3651 at SUSECVE-2024-3651 at NVDcpe:/o:suse:sle-micro:5.4Security update for rpm (Moderate)SUSE Linux Enterprise Micro 5.4
This update for rpm fixes the following issues:
Security fixes:
- CVE-2021-3521: Fixed missing subkey binding signature checking (bsc#1191175)
Other fixes:
- accept more signature subpackets marked as critical (bsc#1218686)
- backport limit support for the autopatch macro (bsc#1189495)
ModerateSUSE bug 1189495SUSE bug 1191175SUSE bug 1218686CVE-2021-3521 at SUSECVE-2021-3521 at NVDcpe:/o:suse:sle-micro:5.4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.4
The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2023-6531: Fixed a use-after-free flaw due to a race problem in the unix garbage collector's deletion of SKB races with unix_stream_read_generic()on the socket that the SKB is queued on (bsc#1218447).
- CVE-2023-6610: Fixed an out of bounds read in the SMB client when printing debug information (bsc#1217946).
- CVE-2023-51779: Fixed a use-after-free because of a bt_sock_ioctl race condition in bt_sock_recvmsg (bsc#1218559).
- CVE-2020-26555: Fixed an issue during BR/EDR PIN code pairing in the Bluetooth subsystem that would allow replay attacks (bsc#1179610 bsc#1215237).
- CVE-2023-6606: Fixed an out of bounds read in the SMB client when receiving a malformed length from a server (bsc#1217947).
- CVE-2023-6546: Fixed a race condition in the GSM 0710 tty multiplexor via the GSMIOC_SETCONF ioctl that could lead to local privilege escalation (bsc#1218335).
- CVE-2023-6931: Fixed an out of bounds write in the Performance Events subsystem when adding a new event (bsc#1218258).
- CVE-2023-6932: Fixed a use-after-free issue when receiving an IGMP query packet due to reference count mismanagement (bsc#1218253).
- CVE-2023-6622: Fixed a null pointer dereference vulnerability in nft_dynset_init() that could allow a local attacker with CAP_NET_ADMIN user privilege to trigger a denial of service (bsc#1217938).
- CVE-2023-6121: Fixed an information leak via dmesg when receiving a crafted packet in the NVMe-oF/TCP subsystem (bsc#1217250).
The following non-security bugs were fixed:
- Reviewed and added more information to README.SUSE (jsc#PED-5021).
- Enabled multibuild for kernel packages (JSC-SLE#5501, boo#1211226, bsc#1218184).
- Drop drm/bridge lt9611uxc patches that have been reverted on stable trees
- KVM: s390/mm: Properly reset no-dat (bsc#1218056).
- KVM: s390: vsie: fix wrong VIR 37 when MSO is used (bsc#1217933).
- KVM: x86: Mask LVTPC when handling a PMI (jsc#PED-7322).
- NFS: Fix O_DIRECT locking issues (bsc#1211162).
- NFS: Fix a few more clear_bit() instances that need release semantics (bsc#1211162).
- NFS: Fix a potential data corruption (bsc#1211162).
- NFS: Fix a use after free in nfs_direct_join_group() (bsc#1211162).
- NFS: Fix error handling for O_DIRECT write scheduling (bsc#1211162).
- NFS: More O_DIRECT accounting fixes for error paths (bsc#1211162).
- NFS: More fixes for nfs_direct_write_reschedule_io() (bsc#1211162).
- NFS: Use the correct commit info in nfs_join_page_group() (bsc#1211162).
- NLM: Defend against file_lock changes after vfs_test_lock() (bsc#1217692).
- Updated SPI patches for NVIDIA Grace enablement (bsc#1212584 jsc#PED-3459)
- block: fix revalidate performance regression (bsc#1216057).
- bpf: Adjust insufficient default bpf_jit_limit (bsc#1218234).
- ceph: fix incorrect revoked caps assert in ceph_fill_file_size() (bsc#1217980).
- ceph: fix type promotion bug on 32bit systems (bsc#1217982).
- clocksource: Add a Kconfig option for WATCHDOG_MAX_SKEW (bsc#1215885 bsc#1217217).
- clocksource: Enable TSC watchdog checking of HPET and PMTMR only when requested (bsc#1215885 bsc#1217217).
- clocksource: Handle negative skews in 'skew is too large' messages (bsc#1215885 bsc#1217217).
- clocksource: Improve 'skew is too large' messages (bsc#1215885 bsc#1217217).
- clocksource: Improve read-back-delay message (bsc#1215885 bsc#1217217).
- clocksource: Loosen clocksource watchdog constraints (bsc#1215885 bsc#1217217).
- clocksource: Print clocksource name when clocksource is tested unstable (bsc#1215885 bsc#1217217).
- clocksource: Verify HPET and PMTMR when TSC unverified (bsc#1215885 bsc#1217217).
- dm_blk_ioctl: implement path failover for SG_IO (bsc#1183045, bsc#1216776).
- fuse: dax: set fc->dax to NULL in fuse_dax_conn_free() (bsc#1218659).
- libceph: use kernel_connect() (bsc#1217981).
- mm: kmem: drop __GFP_NOFAIL when allocating objcg vectors (bsc#1218515).
- net/smc: Fix pos miscalculation in statistics (bsc#1218139).
- net/tg3: fix race condition in tg3_reset_task() (bsc#1217801).
- nfs: only issue commit in DIO codepath if we have uncommitted data (bsc#1211162).
- remove unnecessary WARN_ON_ONCE() (bsc#1214823 bsc#1218569).
- s390/vx: fix save/restore of fpu kernel context (bsc#1218357).
- scsi: lpfc: use unsigned type for num_sge (bsc#1214747).
- swiotlb: fix a braino in the alignment check fix (bsc#1216559).
- swiotlb: fix slot alignment checks (bsc#1216559).
- tracing: Disable preemption when using the filter buffer (bsc#1217036).
- tracing: Fix a possible race when disabling buffered events (bsc#1217036).
- tracing: Fix a warning when allocating buffered events fails (bsc#1217036).
- tracing: Fix incomplete locking when disabling buffered events (bsc#1217036).
- tracing: Fix warning in trace_buffered_event_disable() (bsc#1217036).
- tracing: Use __this_cpu_read() in trace_event_buffer_lock_reserver() (bsc#1217036).
- uapi: propagate __struct_group() attributes to the container union (jsc#SLE-18978).
- vsprintf/kallsyms: Prevent invalid data when printing symbol (bsc#1217602).
- x86/entry/ia32: Ensure s32 is sign extended to s64 (bsc#1193285).
- x86/platform/uv: Use alternate source for socket to node data (bsc#1215696 bsc#1217790).
- x86/tsc: Add option to force frequency recalibration with HW timer (bsc#1215885 bsc#1217217).
- x86/tsc: Be consistent about use_tsc_delay() (bsc#1215885 bsc#1217217).
- x86/tsc: Extend watchdog check exemption to 4-Sockets platform (bsc#1215885 bsc#1217217).
ImportantSUSE bug 1179610SUSE bug 1183045SUSE bug 1193285SUSE bug 1211162SUSE bug 1211226SUSE bug 1212584SUSE bug 1214747SUSE bug 1214823SUSE bug 1215237SUSE bug 1215696SUSE bug 1215885SUSE bug 1216057SUSE bug 1216559SUSE bug 1216776SUSE bug 1217036SUSE bug 1217217SUSE bug 1217250SUSE bug 1217602SUSE bug 1217692SUSE bug 1217790SUSE bug 1217801SUSE bug 1217933SUSE bug 1217938SUSE bug 1217946SUSE bug 1217947SUSE bug 1217980SUSE bug 1217981SUSE bug 1217982SUSE bug 1218056SUSE bug 1218139SUSE bug 1218184SUSE bug 1218234SUSE bug 1218253SUSE bug 1218258SUSE bug 1218335SUSE bug 1218357SUSE bug 1218447SUSE bug 1218515SUSE bug 1218559SUSE bug 1218569SUSE bug 1218659CVE-2020-26555 at SUSECVE-2020-26555 at NVDCVE-2023-51779 at SUSECVE-2023-51779 at NVDCVE-2023-6121 at SUSECVE-2023-6121 at NVDCVE-2023-6531 at SUSECVE-2023-6531 at NVDCVE-2023-6546 at SUSECVE-2023-6546 at NVDCVE-2023-6606 at SUSECVE-2023-6606 at NVDCVE-2023-6610 at SUSECVE-2023-6610 at NVDCVE-2023-6622 at SUSECVE-2023-6622 at NVDCVE-2023-6931 at SUSECVE-2023-6931 at NVDCVE-2023-6932 at SUSECVE-2023-6932 at NVDcpe:/o:suse:sle-micro:5.4Security update for sssd (Important)SUSE Linux Enterprise Micro 5.4
This update for sssd fixes the following issues:
- CVE-2023-3758: Fixed race condition during authorization that lead to GPO policies functioning inconsistently (bsc#1223100)
ImportantSUSE bug 1223100CVE-2023-3758 at SUSECVE-2023-3758 at NVDcpe:/o:suse:sle-micro:5.4Security update for less (Important)SUSE Linux Enterprise Micro 5.4
This update for less fixes the following issues:
- CVE-2024-32487: Fixed mishandling of \n character in paths when LESSOPEN is set leads to OS command execution. (bsc#1222849)
ImportantSUSE bug 1222849CVE-2024-32487 at SUSECVE-2024-32487 at NVDcpe:/o:suse:sle-micro:5.4Security update for tpm2-0-tss (Moderate)SUSE Linux Enterprise Micro 5.4
This update for tpm2-0-tss fixes the following issues:
- CVE-2024-29040: Fixed quote data validation by Fapi_VerifyQuote (bsc#1223690).
ModerateSUSE bug 1223690CVE-2024-29040 at SUSECVE-2024-29040 at NVDcpe:/o:suse:sle-micro:5.4Security update for tpm2.0-tools (Moderate)SUSE Linux Enterprise Micro 5.4
This update for tpm2.0-tools fixes the following issues:
- CVE-2024-29038: Fixed arbitrary quote data validation by tpm2_checkquote (bsc#1223687).
- CVE-2024-29039: Fixed pcr selection value to be compared with the attest (bsc#1223689).
ModerateSUSE bug 1223687SUSE bug 1223689CVE-2024-29038 at SUSECVE-2024-29038 at NVDCVE-2024-29039 at SUSECVE-2024-29039 at NVDcpe:/o:suse:sle-micro:5.4Recommended update for google-cloud SDK (Moderate)SUSE Linux Enterprise Micro 5.4
This update for google-cloud SDK fixes the following issues:
- Add python311 cloud services packages and dependencies (jsc#PED-7987, jsc#PED-6697)
- Bellow 5 binaries Obsolete the python3.6 counterpart:
python311-google-resumable-media
python311-google-api-core
python311-google-cloud-storage
python311-google-cloud-core
python311-googleapis-common-protos
- Regular python311 updates (without Obsoletes):
python-google-auth
python-grpcio
python-sqlparse
- New python311 packages:
libcrc32c
python-google-cloud-appengine-logging
python-google-cloud-artifact-registry
python-google-cloud-audit-log
python-google-cloud-build
python-google-cloud-compute
python-google-cloud-dns
python-google-cloud-domains
python-google-cloud-iam
python-google-cloud-kms-inventory
python-google-cloud-kms
python-google-cloud-logging
python-google-cloud-run
python-google-cloud-secret-manager
python-google-cloud-service-directory
python-google-cloud-spanner
python-google-cloud-vpc-access
python-google-crc32c
python-grpc-google-iam-v1
python-grpcio-status
python-proto-plus
In python-sqlparse this security issue was fixed:
CVE-2023-30608: Fixed parser that contained a regular expression that is vulnerable to ReDOS (Regular Expression Denial of Service) (bsc#1210617)
ModerateSUSE bug 1210617CVE-2023-30608 at SUSECVE-2023-30608 at NVDcpe:/o:suse:sle-micro:5.4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.4
The SUSE Linux Enterprise 15 SP4 LTSS kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2024-27389: Fixed pstore inode handling with d_invalidate() (bsc#1223705).
- CVE-2024-27043: Fixed a use-after-free in edia/dvbdev in different places (bsc#1223824).
- CVE-2024-26816: Ignore relocations in .notes section when building with CONFIG_XEN_PV=y (bsc#1222624).
- CVE-2024-26773: Fixed ext4 block allocation from corrupted group in ext4_mb_try_best_found() (bsc#1222618).
- CVE-2024-26766: Fixed SDMA off-by-one error in _pad_sdma_tx_descs() (bsc#1222726).
- CVE-2024-26764: Fixed IOCB_AIO_RW check in fs/aio before the struct aio_kiocb conversion (bsc#1222721).
- CVE-2024-26733: Fixed an overflow in arp_req_get() in arp (bsc#1222585).
- CVE-2024-26727: Fixed assertion if a newly created btrfs subvolume already gets read (bsc#1222536).
- CVE-2024-26704: Fixed a double-free of blocks due to wrong extents moved_len in ext4 (bsc#1222422).
- CVE-2024-26689: Fixed a use-after-free in encode_cap_msg() (bsc#1222503).
- CVE-2024-26687: Fixed xen/events close evtchn after mapping cleanup (bsc#1222435).
- CVE-2024-26642: Fixed the set of anonymous timeout flag in netfilter nf_tables (bsc#1221830).
- CVE-2024-26614: Fixed the initialization of accept_queue's spinlocks (bsc#1221293).
- CVE-2024-26610: Fixed memory corruption in wifi/iwlwifi (bsc#1221299).
- CVE-2024-26601: Fixed ext4 buddy bitmap corruption via fast commit replay (bsc#1220342).
- CVE-2024-25742: Fixed insufficient validation during #VC instruction emulation in x86/sev (bsc#1221725).
- CVE-2024-23850: Fixed double free of anonymous device after snapshot creation failure (bsc#1219126).
- CVE-2024-23307: Fixed Integer Overflow or Wraparound vulnerability in x86 and ARM md, raid, raid5 modules (bsc#1219169).
- CVE-2024-22099: Fixed a null-pointer-dereference in rfcomm_check_security (bsc#1219170).
- CVE-2024-0841: Fixed a null pointer dereference in the hugetlbfs_fill_super function in hugetlbfs (HugeTLB pages) functionality (bsc#1219264).
- CVE-2023-7192: Fixed a memory leak problem in ctnetlink_create_conntrack in net/netfilter/nf_conntrack_netlink.c (bsc#1218479).
- CVE-2023-7042: Fixed a null-pointer-dereference in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() (bsc#1218336).
- CVE-2023-6270: Fixed a use-after-free issue in aoecmd_cfg_pkts (bsc#1218562).
- CVE-2023-52628: Fixed 4-byte stack OOB write in nftables (bsc#1222117).
- CVE-2023-52616: Fixed unexpected pointer access in crypto/lib/mpi in mpi_ec_init (bsc#1221612).
- CVE-2023-52607: Fixed NULL pointer dereference in pgtable_cache_add kasprintf() (bsc#1221061).
- CVE-2023-52591: Fixed a possible reiserfs filesystem corruption via directory renaming (bsc#1221044).
- CVE-2023-52590: Fixed a possible ocfs2 filesystem corruption via directory renaming (bsc#1221088).
- CVE-2023-52500: Fixed information leaking when processing OPC_INB_SET_CONTROLLER_CONFIG command (bsc#1220883).
- CVE-2023-52476: Fixed possible unhandled page fault via perf sampling NMI during vsyscall (bsc#1220703).
- CVE-2023-4881: Fixed a out-of-bounds write flaw in the netfilter subsystem that could lead to potential information disclosure or a denial of service (bsc#1215221).
- CVE-2023-0160: Fixed deadlock flaw in BPF that could allow a local user to potentially crash the system (bsc#1209657).
- CVE-2022-48662: Fixed a general protection fault (GPF) in i915_perf_open_ioctl (bsc#1223505).
- CVE-2022-48651: Fixed an out-of-bound bug in ipvlan caused by unset skb->mac_header (bsc#1223513).
- CVE-2021-47202: Fixed NULL pointer dereferences in of_thermal_ functions (bsc#1222878)
- CVE-2021-47195: Fixed use-after-free inside SPI via add_lock mutex (bsc#1222832).
- CVE-2021-47189: Fixed denial of service due to memory ordering issues between normal and ordered work functions in btrfs (bsc#1222706).
- CVE-2021-47185: Fixed a softlockup issue in flush_to_ldisc in tty tty_buffer (bsc#1222669).
- CVE-2021-47183: Fixed a null pointer dereference during link down processing in scsi lpfc (bsc#1192145, bsc#1222664).
- CVE-2021-47182: Fixed scsi_mode_sense() buffer length handling (bsc#1222662).
- CVE-2021-47181: Fixed a null pointer dereference caused by calling platform_get_resource() (bsc#1222660).
The following non-security bugs were fixed:
- Call flush_delayed_fput() from nfsd main-loop (bsc#1223380).
- ibmvfc: make 'max_sectors' a module option (bsc#1216223).
- scsi: Update max_hw_sectors on rescan (bsc#1216223).
ImportantSUSE bug 1192145SUSE bug 1209657SUSE bug 1215221SUSE bug 1216223SUSE bug 1218336SUSE bug 1218479SUSE bug 1218562SUSE bug 1219104SUSE bug 1219126SUSE bug 1219169SUSE bug 1219170SUSE bug 1219264SUSE bug 1220342SUSE bug 1220703SUSE bug 1220761SUSE bug 1220883SUSE bug 1221044SUSE bug 1221061SUSE bug 1221088SUSE bug 1221293SUSE bug 1221299SUSE bug 1221612SUSE bug 1221725SUSE bug 1221830SUSE bug 1222117SUSE bug 1222422SUSE bug 1222430SUSE bug 1222435SUSE bug 1222482SUSE bug 1222503SUSE bug 1222536SUSE bug 1222559SUSE bug 1222585SUSE bug 1222618SUSE bug 1222624SUSE bug 1222660SUSE bug 1222662SUSE bug 1222664SUSE bug 1222666SUSE bug 1222669SUSE bug 1222671SUSE bug 1222703SUSE bug 1222704SUSE bug 1222706SUSE bug 1222709SUSE bug 1222721SUSE bug 1222726SUSE bug 1222773SUSE bug 1222776SUSE bug 1222785SUSE bug 1222787SUSE bug 1222790SUSE bug 1222791SUSE bug 1222792SUSE bug 1222796SUSE bug 1222824SUSE bug 1222829SUSE bug 1222832SUSE bug 1222836SUSE bug 1222838SUSE bug 1222866SUSE bug 1222867SUSE bug 1222869SUSE bug 1222876SUSE bug 1222878SUSE bug 1222879SUSE bug 1222881SUSE bug 1222883SUSE bug 1222888SUSE bug 1222894SUSE bug 1222901SUSE bug 1223016SUSE bug 1223187SUSE bug 1223380SUSE bug 1223474SUSE bug 1223475SUSE bug 1223477SUSE bug 1223479SUSE bug 1223482SUSE bug 1223484SUSE bug 1223487SUSE bug 1223503SUSE bug 1223505SUSE bug 1223509SUSE bug 1223513SUSE bug 1223516SUSE bug 1223517SUSE bug 1223518SUSE bug 1223519SUSE bug 1223522SUSE bug 1223523SUSE bug 1223705SUSE bug 1223824CVE-2021-47047 at SUSECVE-2021-47047 at NVDCVE-2021-47181 at SUSECVE-2021-47181 at NVDCVE-2021-47182 at SUSECVE-2021-47182 at NVDCVE-2021-47183 at SUSECVE-2021-47183 at NVDCVE-2021-47184 at SUSECVE-2021-47184 at NVDCVE-2021-47185 at SUSECVE-2021-47185 at NVDCVE-2021-47187 at SUSECVE-2021-47187 at NVDCVE-2021-47188 at SUSECVE-2021-47188 at NVDCVE-2021-47189 at SUSECVE-2021-47189 at NVDCVE-2021-47191 at SUSECVE-2021-47191 at NVDCVE-2021-47192 at SUSECVE-2021-47192 at NVDCVE-2021-47193 at SUSECVE-2021-47193 at NVDCVE-2021-47194 at SUSECVE-2021-47194 at NVDCVE-2021-47195 at SUSECVE-2021-47195 at NVDCVE-2021-47196 at SUSECVE-2021-47196 at NVDCVE-2021-47197 at SUSECVE-2021-47197 at NVDCVE-2021-47198 at SUSECVE-2021-47198 at NVDCVE-2021-47199 at SUSECVE-2021-47199 at NVDCVE-2021-47200 at SUSECVE-2021-47200 at NVDCVE-2021-47201 at SUSECVE-2021-47201 at NVDCVE-2021-47202 at SUSECVE-2021-47202 at NVDCVE-2021-47203 at SUSECVE-2021-47203 at NVDCVE-2021-47204 at SUSECVE-2021-47204 at NVDCVE-2021-47205 at SUSECVE-2021-47205 at NVDCVE-2021-47206 at SUSECVE-2021-47206 at NVDCVE-2021-47207 at SUSECVE-2021-47207 at NVDCVE-2021-47209 at SUSECVE-2021-47209 at NVDCVE-2021-47210 at SUSECVE-2021-47210 at NVDCVE-2021-47211 at SUSECVE-2021-47211 at NVDCVE-2021-47212 at SUSECVE-2021-47212 at NVDCVE-2021-47215 at SUSECVE-2021-47215 at NVDCVE-2021-47216 at SUSECVE-2021-47216 at NVDCVE-2021-47217 at SUSECVE-2021-47217 at NVDCVE-2021-47218 at SUSECVE-2021-47218 at NVDCVE-2021-47219 at SUSECVE-2021-47219 at NVDCVE-2022-48631 at SUSECVE-2022-48631 at NVDCVE-2022-48637 at SUSECVE-2022-48637 at NVDCVE-2022-48638 at SUSECVE-2022-48638 at NVDCVE-2022-48647 at SUSECVE-2022-48647 at NVDCVE-2022-48648 at SUSECVE-2022-48648 at NVDCVE-2022-48650 at SUSECVE-2022-48650 at NVDCVE-2022-48651 at SUSECVE-2022-48651 at NVDCVE-2022-48653 at SUSECVE-2022-48653 at NVDCVE-2022-48654 at SUSECVE-2022-48654 at NVDCVE-2022-48655 at SUSECVE-2022-48655 at NVDCVE-2022-48656 at SUSECVE-2022-48656 at NVDCVE-2022-48657 at SUSECVE-2022-48657 at NVDCVE-2022-48660 at SUSECVE-2022-48660 at NVDCVE-2022-48662 at SUSECVE-2022-48662 at NVDCVE-2022-48663 at SUSECVE-2022-48663 at NVDCVE-2022-48667 at SUSECVE-2022-48667 at NVDCVE-2022-48668 at SUSECVE-2022-48668 at NVDCVE-2023-0160 at SUSECVE-2023-0160 at NVDCVE-2023-4881 at SUSECVE-2023-4881 at NVDCVE-2023-52476 at SUSECVE-2023-52476 at NVDCVE-2023-52500 at SUSECVE-2023-52500 at NVDCVE-2023-52590 at SUSECVE-2023-52590 at NVDCVE-2023-52591 at SUSECVE-2023-52591 at NVDCVE-2023-52607 at SUSECVE-2023-52607 at NVDCVE-2023-52616 at SUSECVE-2023-52616 at NVDCVE-2023-52628 at SUSECVE-2023-52628 at NVDCVE-2023-6270 at SUSECVE-2023-6270 at NVDCVE-2023-7042 at SUSECVE-2023-7042 at NVDCVE-2023-7192 at SUSECVE-2023-7192 at NVDCVE-2024-0841 at SUSECVE-2024-0841 at NVDCVE-2024-22099 at SUSECVE-2024-22099 at NVDCVE-2024-23307 at SUSECVE-2024-23307 at NVDCVE-2024-23848 at SUSECVE-2024-23848 at NVDCVE-2024-23850 at SUSECVE-2024-23850 at NVDCVE-2024-25742 at SUSECVE-2024-25742 at NVDCVE-2024-26601 at SUSECVE-2024-26601 at NVDCVE-2024-26610 at SUSECVE-2024-26610 at NVDCVE-2024-26614 at SUSECVE-2024-26614 at NVDCVE-2024-26642 at SUSECVE-2024-26642 at NVDCVE-2024-26687 at SUSECVE-2024-26687 at NVDCVE-2024-26688 at SUSECVE-2024-26688 at NVDCVE-2024-26689 at SUSECVE-2024-26689 at NVDCVE-2024-26704 at SUSECVE-2024-26704 at NVDCVE-2024-26727 at SUSECVE-2024-26727 at NVDCVE-2024-26733 at SUSECVE-2024-26733 at NVDCVE-2024-26739 at SUSECVE-2024-26739 at NVDCVE-2024-26764 at SUSECVE-2024-26764 at NVDCVE-2024-26766 at SUSECVE-2024-26766 at NVDCVE-2024-26773 at SUSECVE-2024-26773 at NVDCVE-2024-26792 at SUSECVE-2024-26792 at NVDCVE-2024-26816 at SUSECVE-2024-26816 at NVDCVE-2024-26898 at SUSECVE-2024-26898 at NVDCVE-2024-26903 at SUSECVE-2024-26903 at NVDCVE-2024-27043 at SUSECVE-2024-27043 at NVDCVE-2024-27389 at SUSECVE-2024-27389 at NVDcpe:/o:suse:sle-micro:5.4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.4
The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2024-27389: Fixed pstore inode handling with d_invalidate() (bsc#1223705).
- CVE-2024-27043: Fixed a use-after-free in edia/dvbdev in different places (bsc#1223824).
- CVE-2024-23307: Fixed Integer Overflow or Wraparound vulnerability in x86 and ARM md, raid, raid5 modules (bsc#1219169).
- CVE-2024-23848: Fixed media/cec for possible use-after-free in cec_queue_msg_fh (bsc#1219104).
- CVE-2022-48662: Fixed a general protection fault (GPF) in i915_perf_open_ioctl (bsc#1223505).
- CVE-2022-48651: Fixed an out-of-bound bug in ipvlan caused by unset skb->mac_header (bsc#1223513).
- CVE-2023-52616: Fixed unexpected pointer access in crypto/lib/mpi in mpi_ec_init (bsc#1221612).
- CVE-2024-26816: Fixed relocations in .notes section when building with CONFIG_XEN_PV=y by ignoring them (bsc#1222624).
- CVE-2021-47207: Fixed a null pointer dereference on pointer block in gus (bsc#1222790).
- CVE-2024-26610: Fixed memory corruption in wifi/iwlwifi (bsc#1221299).
- CVE-2024-26687: Fixed xen/events close evtchn after mapping cleanup (bsc#1222435).
- CVE-2024-26601: Fixed ext4 buddy bitmap corruption via fast commit replay (bsc#1220342).
- CVE-2024-26764: Fixed IOCB_AIO_RW check in fs/aio before the struct aio_kiocb conversion (bsc#1222721).
- CVE-2024-26773: Fixed ext4 block allocation from corrupted group in ext4_mb_try_best_found() (bsc#1222618).
- CVE-2024-26766: Fixed SDMA off-by-one error in _pad_sdma_tx_descs() (bsc#1222726).
- CVE-2024-26689: Fixed a use-after-free in encode_cap_msg() (bsc#1222503).
- CVE-2024-26704: Fixed a double-free of blocks due to wrong extents moved_len in ext4 (bsc#1222422).
- CVE-2023-52500: Fixed information leaking when processing OPC_INB_SET_CONTROLLER_CONFIG command (bsc#1220883).
- CVE-2023-0160: Fixed deadlock flaw in BPF that could allow a local user to potentially crash the system (bsc#1209657).
- CVE-2024-26642: Fixed the set of anonymous timeout flag in netfilter nf_tables (bsc#1221830).
- CVE-2023-7192: Fixed a memory leak problem in ctnetlink_create_conntrack in net/netfilter/nf_conntrack_netlink.c (bsc#1218479).
- CVE-2024-26614: Fixed the initialization of accept_queue's spinlocks (bsc#1221293).
- CVE-2023-52607: Fixed NULL pointer dereference in pgtable_cache_add kasprintf() (bsc#1221061).
- CVE-2023-7042: Fixed a null-pointer-dereference in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() (bsc#1218336).
- CVE-2023-52476: Fixed possible unhandled page fault via perf sampling NMI during vsyscall (bsc#1220703).
The following non-security bugs were fixed:
- Call flush_delayed_fput() from nfsd main-loop (bsc#1223380).
- ibmvfc: make 'max_sectors' a module option (bsc#1216223).
- scsi: Update max_hw_sectors on rescan (bsc#1216223).
ImportantSUSE bug 1190576SUSE bug 1192145SUSE bug 1192354SUSE bug 1192837SUSE bug 1193629SUSE bug 1203906SUSE bug 1203935SUSE bug 1204614SUSE bug 1206881SUSE bug 1209657SUSE bug 1215221SUSE bug 1216223SUSE bug 1218336SUSE bug 1218479SUSE bug 1218562SUSE bug 1219104SUSE bug 1219126SUSE bug 1219169SUSE bug 1219170SUSE bug 1219264SUSE bug 1220342SUSE bug 1220703SUSE bug 1220761SUSE bug 1220883SUSE bug 1221044SUSE bug 1221061SUSE bug 1221088SUSE bug 1221293SUSE bug 1221299SUSE bug 1221612SUSE bug 1221830SUSE bug 1222117SUSE bug 1222422SUSE bug 1222430SUSE bug 1222435SUSE bug 1222482SUSE bug 1222503SUSE bug 1222536SUSE bug 1222559SUSE bug 1222585SUSE bug 1222618SUSE bug 1222624SUSE bug 1222660SUSE bug 1222662SUSE bug 1222664SUSE bug 1222666SUSE bug 1222671SUSE bug 1222703SUSE bug 1222704SUSE bug 1222706SUSE bug 1222709SUSE bug 1222721SUSE bug 1222726SUSE bug 1222773SUSE bug 1222776SUSE bug 1222785SUSE bug 1222787SUSE bug 1222790SUSE bug 1222791SUSE bug 1222792SUSE bug 1222796SUSE bug 1222824SUSE bug 1222829SUSE bug 1222832SUSE bug 1222836SUSE bug 1222838SUSE bug 1222866SUSE bug 1222867SUSE bug 1222869SUSE bug 1222876SUSE bug 1222878SUSE bug 1222879SUSE bug 1222881SUSE bug 1222883SUSE bug 1222888SUSE bug 1222894SUSE bug 1222901SUSE bug 1223016SUSE bug 1223187SUSE bug 1223380SUSE bug 1223474SUSE bug 1223475SUSE bug 1223477SUSE bug 1223479SUSE bug 1223482SUSE bug 1223484SUSE bug 1223487SUSE bug 1223503SUSE bug 1223505SUSE bug 1223509SUSE bug 1223513SUSE bug 1223516SUSE bug 1223517SUSE bug 1223518SUSE bug 1223519SUSE bug 1223522SUSE bug 1223523SUSE bug 1223705SUSE bug 1223824CVE-2021-47047 at SUSECVE-2021-47047 at NVDCVE-2021-47181 at SUSECVE-2021-47181 at NVDCVE-2021-47182 at SUSECVE-2021-47182 at NVDCVE-2021-47183 at SUSECVE-2021-47183 at NVDCVE-2021-47184 at SUSECVE-2021-47184 at NVDCVE-2021-47185 at SUSECVE-2021-47185 at NVDCVE-2021-47187 at SUSECVE-2021-47187 at NVDCVE-2021-47188 at SUSECVE-2021-47188 at NVDCVE-2021-47189 at SUSECVE-2021-47189 at NVDCVE-2021-47191 at SUSECVE-2021-47191 at NVDCVE-2021-47192 at SUSECVE-2021-47192 at NVDCVE-2021-47193 at SUSECVE-2021-47193 at NVDCVE-2021-47194 at SUSECVE-2021-47194 at NVDCVE-2021-47195 at SUSECVE-2021-47195 at NVDCVE-2021-47196 at SUSECVE-2021-47196 at NVDCVE-2021-47197 at SUSECVE-2021-47197 at NVDCVE-2021-47198 at SUSECVE-2021-47198 at NVDCVE-2021-47199 at SUSECVE-2021-47199 at NVDCVE-2021-47200 at SUSECVE-2021-47200 at NVDCVE-2021-47201 at SUSECVE-2021-47201 at NVDCVE-2021-47202 at SUSECVE-2021-47202 at NVDCVE-2021-47203 at SUSECVE-2021-47203 at NVDCVE-2021-47204 at SUSECVE-2021-47204 at NVDCVE-2021-47205 at SUSECVE-2021-47205 at NVDCVE-2021-47206 at SUSECVE-2021-47206 at NVDCVE-2021-47207 at SUSECVE-2021-47207 at NVDCVE-2021-47209 at SUSECVE-2021-47209 at NVDCVE-2021-47210 at SUSECVE-2021-47210 at NVDCVE-2021-47211 at SUSECVE-2021-47211 at NVDCVE-2021-47212 at SUSECVE-2021-47212 at NVDCVE-2021-47215 at SUSECVE-2021-47215 at NVDCVE-2021-47216 at SUSECVE-2021-47216 at NVDCVE-2021-47217 at SUSECVE-2021-47217 at NVDCVE-2021-47218 at SUSECVE-2021-47218 at NVDCVE-2021-47219 at SUSECVE-2021-47219 at NVDCVE-2022-48631 at SUSECVE-2022-48631 at NVDCVE-2022-48637 at SUSECVE-2022-48637 at NVDCVE-2022-48638 at SUSECVE-2022-48638 at NVDCVE-2022-48647 at SUSECVE-2022-48647 at NVDCVE-2022-48648 at SUSECVE-2022-48648 at NVDCVE-2022-48650 at SUSECVE-2022-48650 at NVDCVE-2022-48651 at SUSECVE-2022-48651 at NVDCVE-2022-48653 at SUSECVE-2022-48653 at NVDCVE-2022-48654 at SUSECVE-2022-48654 at NVDCVE-2022-48655 at SUSECVE-2022-48655 at NVDCVE-2022-48656 at SUSECVE-2022-48656 at NVDCVE-2022-48657 at SUSECVE-2022-48657 at NVDCVE-2022-48660 at SUSECVE-2022-48660 at NVDCVE-2022-48662 at SUSECVE-2022-48662 at NVDCVE-2022-48663 at SUSECVE-2022-48663 at NVDCVE-2022-48667 at SUSECVE-2022-48667 at NVDCVE-2022-48668 at SUSECVE-2022-48668 at NVDCVE-2023-0160 at SUSECVE-2023-0160 at NVDCVE-2023-52476 at SUSECVE-2023-52476 at NVDCVE-2023-52500 at SUSECVE-2023-52500 at NVDCVE-2023-52590 at SUSECVE-2023-52590 at NVDCVE-2023-52591 at SUSECVE-2023-52591 at NVDCVE-2023-52607 at SUSECVE-2023-52607 at NVDCVE-2023-52616 at SUSECVE-2023-52616 at NVDCVE-2023-52628 at SUSECVE-2023-52628 at NVDCVE-2023-7042 at SUSECVE-2023-7042 at NVDCVE-2023-7192 at SUSECVE-2023-7192 at NVDCVE-2024-0841 at SUSECVE-2024-0841 at NVDCVE-2024-22099 at SUSECVE-2024-22099 at NVDCVE-2024-23307 at SUSECVE-2024-23307 at NVDCVE-2024-23848 at SUSECVE-2024-23848 at NVDCVE-2024-23850 at SUSECVE-2024-23850 at NVDCVE-2024-26601 at SUSECVE-2024-26601 at NVDCVE-2024-26610 at SUSECVE-2024-26610 at NVDCVE-2024-26614 at SUSECVE-2024-26614 at NVDCVE-2024-26642 at SUSECVE-2024-26642 at NVDCVE-2024-26687 at SUSECVE-2024-26687 at NVDCVE-2024-26688 at SUSECVE-2024-26688 at NVDCVE-2024-26689 at SUSECVE-2024-26689 at NVDCVE-2024-26704 at SUSECVE-2024-26704 at NVDCVE-2024-26727 at SUSECVE-2024-26727 at NVDCVE-2024-26733 at SUSECVE-2024-26733 at NVDCVE-2024-26739 at SUSECVE-2024-26739 at NVDCVE-2024-26764 at SUSECVE-2024-26764 at NVDCVE-2024-26766 at SUSECVE-2024-26766 at NVDCVE-2024-26773 at SUSECVE-2024-26773 at NVDCVE-2024-26792 at SUSECVE-2024-26792 at NVDCVE-2024-26816 at SUSECVE-2024-26816 at NVDCVE-2024-26898 at SUSECVE-2024-26898 at NVDCVE-2024-26903 at SUSECVE-2024-26903 at NVDCVE-2024-27043 at SUSECVE-2024-27043 at NVDCVE-2024-27389 at SUSECVE-2024-27389 at NVDcpe:/o:suse:sle-micro:5.4Security update for cairo (Low)SUSE Linux Enterprise Micro 5.4
This update for cairo fixes the following issues:
- CVE-2019-6462: Fixed a potentially infinite loop (bsc#1122321).
LowSUSE bug 1122321CVE-2019-6462 at SUSECVE-2019-6462 at NVDcpe:/o:suse:sle-micro:5.4Security update for perl (Important)SUSE Linux Enterprise Micro 5.4
This update for perl fixes the following issues:
Security issues fixed:
- CVE-2018-6913: Fixed space calculation issues in pp_pack.c (bsc#1082216)
- CVE-2018-6798: Fixed heap buffer overflow in regexec.c (bsc#1082233)
Non-security issue fixed:
- make Net::FTP work with TLS 1.3 (bsc#1213638)
ImportantSUSE bug 1082216SUSE bug 1082233SUSE bug 1213638CVE-2018-6798 at SUSECVE-2018-6798 at NVDCVE-2018-6913 at SUSECVE-2018-6913 at NVDcpe:/o:suse:sle-micro:5.4Security update for ucode-intel (Important)SUSE Linux Enterprise Micro 5.4
This update for ucode-intel fixes the following issues:
Intel CPU Microcode was updated to the 20240514 release (bsc#1224277)
- CVE-2023-45733: Fixed a potential security vulnerability in some
Intel? Processors that may have allowed information disclosure.
- CVE-2023-46103: Fixed a potential security vulnerability in Intel?
Core™ Ultra Processors that may have allowed denial of service.
- CVE-2023-45745,CVE-2023-47855: Fixed a potential security
vulnerabilities in some Intel? Trust Domain Extensions (TDX) module
software that may have allowed escalation of privilege.
ImportantSUSE bug 1224277CVE-2023-45733 at SUSECVE-2023-45733 at NVDCVE-2023-45745 at SUSECVE-2023-45745 at NVDCVE-2023-46103 at SUSECVE-2023-46103 at NVDCVE-2023-47855 at SUSECVE-2023-47855 at NVDcpe:/o:suse:sle-micro:5.4Security update for glib2 (Low)SUSE Linux Enterprise Micro 5.4
This update for glib2 fixes the following issues:
- CVE-2024-34397: Fixed signal subscription unicast spoofing vulnerability (bsc#1224044).
LowSUSE bug 1224044CVE-2024-34397 at SUSECVE-2024-34397 at NVDcpe:/o:suse:sle-micro:5.4Security update for python-Jinja2 (Moderate)SUSE Linux Enterprise Micro 5.4
This update for python-Jinja2 fixes the following issues:
- Fixed HTML attribute injection when passing user input as keys to xmlattr filter (CVE-2024-34064, bsc#1223980, CVE-2024-22195, bsc#1218722)
ModerateSUSE bug 1218722SUSE bug 1223980CVE-2024-22195 at SUSECVE-2024-22195 at NVDCVE-2024-34064 at SUSECVE-2024-34064 at NVDcpe:/o:suse:sle-micro:5.4Security update for python-requests (Moderate)SUSE Linux Enterprise Micro 5.4
This update for python-requests fixes the following issues:
- CVE-2024-35195: Fixed cert verification regardless of changes to the value of `verify` (bsc#1224788).
ModerateSUSE bug 1224788CVE-2024-35195 at SUSECVE-2024-35195 at NVDcpe:/o:suse:sle-micro:5.4Security update for glibc (Important)SUSE Linux Enterprise Micro 5.4
This update for glibc fixes the following issues:
- CVE-2024-33599: Fixed a stack-based buffer overflow in netgroup cache in nscd (bsc#1223423)
- CVE-2024-33600: Avoid null pointer crashes after notfound response in nscd (bsc#1223424)
- CVE-2024-33600: Do not send missing not-found response in addgetnetgrentX in nscd (bsc#1223424)
- CVE-2024-33601, CVE-2024-33602: Fixed use of two buffers in addgetnetgrentX ( bsc#1223425)
- CVE-2024-33602: Use time_t for return type of addgetnetgrentX (bsc#1223425)
- Avoid creating userspace live patching prologue for _start routine (bsc#1221940)
ImportantSUSE bug 1221940SUSE bug 1223423SUSE bug 1223424SUSE bug 1223425CVE-2024-33599 at SUSECVE-2024-33599 at NVDCVE-2024-33600 at SUSECVE-2024-33600 at NVDCVE-2024-33601 at SUSECVE-2024-33601 at NVDCVE-2024-33602 at SUSECVE-2024-33602 at NVDcpe:/o:suse:sle-micro:5.4Security update for gstreamer-plugins-base (Important)SUSE Linux Enterprise Micro 5.4
This update for gstreamer-plugins-base fixes the following issues:
- CVE-2024-4453: Fixed lack of proper validation of user-supplied data when parsing EXIF metadata (bsc#1224806)
ImportantSUSE bug 1224806CVE-2024-4453 at SUSECVE-2024-4453 at NVDcpe:/o:suse:sle-micro:5.4Security update for openssl-3 (Moderate)SUSE Linux Enterprise Micro 5.4
This update for openssl-3 fixes the following issues:
- CVE-2024-2511: Fixed unconstrained session cache growth in TLSv1.3 (bsc#1222548).
- CVE-2024-4603: Fixed DSA parameter checks for excessive sizes before validating (bsc#1224388).
ModerateSUSE bug 1222548SUSE bug 1224388CVE-2024-2511 at SUSECVE-2024-2511 at NVDCVE-2024-4603 at SUSECVE-2024-4603 at NVDcpe:/o:suse:sle-micro:5.4Security update for openssl-1_1 (Moderate)SUSE Linux Enterprise Micro 5.4
This update for openssl-1_1 fixes the following issues:
- CVE-2024-2511: Fixed unconstrained session cache growth in TLSv1.3 (bsc#1222548).
ModerateSUSE bug 1222548CVE-2024-2511 at SUSECVE-2024-2511 at NVDcpe:/o:suse:sle-micro:5.4Security update for cups (Important)SUSE Linux Enterprise Micro 5.4
This update for cups fixes the following issues:
- CVE-2024-35235: Fixed a bug in cupsd that could allow an attacker to change the permissions of other files in the system. (bsc#1225365)
- Handle local 'Negotiate' authentication response for cli clients (bsc#1223179)
ImportantSUSE bug 1223179SUSE bug 1225365CVE-2024-35235 at SUSECVE-2024-35235 at NVDcpe:/o:suse:sle-micro:5.4Security update for kernel-firmware-nvidia-gspx-G06, nvidia-open-driver-G06-signed (Important)SUSE Linux Enterprise Micro 5.4
This update for kernel-firmware-nvidia-gspx-G06, nvidia-open-driver-G06-signed fixes the following issues:
Security Update 550.90.07:
- CVE-2024-0090: Fixed out of bounds write (bsc#1223356).
- CVE-2024-0092: Fixed incorrect exception handling (bsc#1223356).
- CVE-2024-0091: Fixed untrusted pointer dereference (bsc#1223356).
ImportantSUSE bug 1223356CVE-2024-0090 at SUSECVE-2024-0090 at NVDCVE-2024-0091 at SUSECVE-2024-0091 at NVDCVE-2024-0092 at SUSECVE-2024-0092 at NVDcpe:/o:suse:sle-micro:5.4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.4
The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2024-0639: Fixed a denial-of-service vulnerability due to a deadlock found in sctp_auto_asconf_init in net/sctp/socket.c (bsc#1218917).
- CVE-2024-26828: Fixed underflow in parse_server_interfaces() (bsc#1223084).
- CVE-2024-26840: Fixed a memory leak in cachefiles_add_cache() (bsc#1222976).
- CVE-2024-26852: Fixed use-after-free in ip6_route_mpath_notify() (bsc#1223057).
- CVE-2024-26862: Fixed packet annotate data-races around ignore_outgoing (bsc#1223111).
- CVE-2024-26921: Preserve kabi for sk_buff (bsc#1223138).
- CVE-2024-26925: Release mutex after nft_gc_seq_end from abort path (bsc#1223390).
- CVE-2024-26928: Fixed potential UAF in cifs_debug_files_proc_show() (bsc#1223532).
- CVE-2024-26929: Fixed double free of fcport (bsc#1223715).
- CVE-2024-26930: Fixed double free of the ha->vp_map pointer (bsc#1223626).
- CVE-2024-27398: Fixed use-after-free bugs caused by sco_sock_timeout (bsc#1224174).
- CVE-2024-27413: Fixed incorrect allocation size (bsc#1224438).
- CVE-2024-35817: Set gtt bound flag in amdgpu_ttm_gart_bind (bsc#1224736).
- CVE-2024-35863: Fixed potential UAF in is_valid_oplock_break() (bsc#1224763).
- CVE-2024-35867: Fixed potential UAF in cifs_stats_proc_show() (bsc#1224664).
- CVE-2024-35868: Fixed potential UAF in cifs_stats_proc_write() (bsc#1224678).
- CVE-2024-35904: Fixed dereference of garbage after mount failure (bsc#1224494).
- CVE-2024-35905: Fixed int overflow for stack access size (bsc#1224488).
- CVE-2024-36926: Fixed LPAR panics during boot up with a frozen PE (bsc#1222011).
The following non-security bugs were fixed:
- af_unix: annote lockless accesses to unix_tot_inflight & gc_in_progress (bsc#1223384).
- af_unix: Do not use atomic ops for unix_sk(sk)->inflight (bsc#1223384).
- af_unix: Replace BUG_ON() with WARN_ON_ONCE() (bsc#1223384).
- filemap: remove use of wait bookmarks (bsc#1224085).
- idpf: extend tx watchdog timeout (bsc#1224137).
- ipvs: Fix checksumming on GSO of SCTP packets (bsc#1221958)
- powerpc: Avoid nmi_enter/nmi_exit in real mode interrupt (bsc#1221645 ltc#205739 bsc#1223191).
- powerpc/kasan: Do not instrument non-maskable or raw interrupts (bsc#1223191).
- powerpc/powernv: Add a null pointer check in opal_event_init() (bsc#1065729).
- powerpc/powernv: Add a null pointer check to scom_debug_init_one() (bsc#1194869).
- powerpc/pseries/iommu: IOMMU table is not initialized for kdump over SR-IOV (bsc#1220492 ltc#205270).
- powerpc/pseries/vio: Do not return ENODEV if node or compatible missing (bsc#1220783).
- powerpc: Refactor verification of MSR_RI (bsc#1223191).
- supported.conf: support tcp_dctcp module (jsc#PED-8111)
ImportantSUSE bug 1065729SUSE bug 1174585SUSE bug 1190569SUSE bug 1191949SUSE bug 1192107SUSE bug 1193983SUSE bug 1194288SUSE bug 1194869SUSE bug 1196869SUSE bug 1196956SUSE bug 1197915SUSE bug 1200313SUSE bug 1201308SUSE bug 1201489SUSE bug 1208149SUSE bug 1209657SUSE bug 1209799SUSE bug 1209834SUSE bug 1211592SUSE bug 1213863SUSE bug 1216702SUSE bug 1217169SUSE bug 1217515SUSE bug 1218447SUSE bug 1218917SUSE bug 1220492SUSE bug 1220783SUSE bug 1221044SUSE bug 1221645SUSE bug 1221958SUSE bug 1222011SUSE bug 1222619SUSE bug 1222721SUSE bug 1222976SUSE bug 1223057SUSE bug 1223084SUSE bug 1223111SUSE bug 1223138SUSE bug 1223191SUSE bug 1223384SUSE bug 1223390SUSE bug 1223481SUSE bug 1223501SUSE bug 1223512SUSE bug 1223520SUSE bug 1223532SUSE bug 1223626SUSE bug 1223715SUSE bug 1223894SUSE bug 1223921SUSE bug 1223922SUSE bug 1223923SUSE bug 1223924SUSE bug 1223929SUSE bug 1223931SUSE bug 1223932SUSE bug 1223934SUSE bug 1223941SUSE bug 1223948SUSE bug 1223952SUSE bug 1223953SUSE bug 1223957SUSE bug 1223962SUSE bug 1223963SUSE bug 1223964SUSE bug 1223996SUSE bug 1224085SUSE bug 1224099SUSE bug 1224137SUSE bug 1224174SUSE bug 1224438SUSE bug 1224482SUSE bug 1224488SUSE bug 1224494SUSE bug 1224511SUSE bug 1224592SUSE bug 1224611SUSE bug 1224664SUSE bug 1224678SUSE bug 1224682SUSE bug 1224685SUSE bug 1224730SUSE bug 1224736SUSE bug 1224763SUSE bug 1224816SUSE bug 1224895SUSE bug 1224898SUSE bug 1224900SUSE bug 1224901SUSE bug 1224902SUSE bug 1224903SUSE bug 1224904SUSE bug 1224905SUSE bug 1224907SUSE bug 1224910SUSE bug 1224911SUSE bug 1224912SUSE bug 1224913SUSE bug 1224914SUSE bug 1224915SUSE bug 1224920SUSE bug 1224928SUSE bug 1224931SUSE bug 1224932SUSE bug 1224937SUSE bug 1224942SUSE bug 1224944SUSE bug 1224945SUSE bug 1224947SUSE bug 1224956SUSE bug 1224988SUSE bug 1225000SUSE bug 1225003SUSE bug 1225005SUSE bug 1225009SUSE bug 1225022SUSE bug 1225031SUSE bug 1225032SUSE bug 1225036SUSE bug 1225044SUSE bug 1225076SUSE bug 1225077SUSE bug 1225082SUSE bug 1225086SUSE bug 1225092SUSE bug 1225095SUSE bug 1225096SUSE bug 1225106SUSE bug 1225108SUSE bug 1225109SUSE bug 1225118SUSE bug 1225121SUSE bug 1225122SUSE bug 1225123SUSE bug 1225125SUSE bug 1225126SUSE bug 1225127SUSE bug 1225129SUSE bug 1225131SUSE bug 1225132SUSE bug 1225145SUSE bug 1225151SUSE bug 1225153SUSE bug 1225156SUSE bug 1225158SUSE bug 1225160SUSE bug 1225161SUSE bug 1225164SUSE bug 1225167SUSE bug 1225180SUSE bug 1225183SUSE bug 1225184SUSE bug 1225186SUSE bug 1225187SUSE bug 1225189SUSE bug 1225190SUSE bug 1225191SUSE bug 1225192SUSE bug 1225193SUSE bug 1225195SUSE bug 1225198SUSE bug 1225201SUSE bug 1225203SUSE bug 1225205SUSE bug 1225206SUSE bug 1225207SUSE bug 1225208SUSE bug 1225209SUSE bug 1225210SUSE bug 1225214SUSE bug 1225223SUSE bug 1225224SUSE bug 1225225SUSE bug 1225227SUSE bug 1225228SUSE bug 1225229SUSE bug 1225230SUSE bug 1225232SUSE bug 1225233SUSE bug 1225235SUSE bug 1225236SUSE bug 1225237SUSE bug 1225238SUSE bug 1225239SUSE bug 1225240SUSE bug 1225241SUSE bug 1225242SUSE bug 1225243SUSE bug 1225244SUSE bug 1225245SUSE bug 1225246SUSE bug 1225247SUSE bug 1225248SUSE bug 1225249SUSE bug 1225250SUSE bug 1225251SUSE bug 1225252SUSE bug 1225253SUSE bug 1225254SUSE bug 1225255SUSE bug 1225256SUSE bug 1225257SUSE bug 1225258SUSE bug 1225259SUSE bug 1225260SUSE bug 1225261SUSE bug 1225262SUSE bug 1225263SUSE bug 1225268SUSE bug 1225301SUSE bug 1225303SUSE bug 1225304SUSE bug 1225306SUSE bug 1225316SUSE bug 1225318SUSE bug 1225320SUSE bug 1225321SUSE bug 1225322SUSE bug 1225323SUSE bug 1225326SUSE bug 1225327SUSE bug 1225328SUSE bug 1225329SUSE bug 1225330SUSE bug 1225331SUSE bug 1225332SUSE bug 1225333SUSE bug 1225334SUSE bug 1225335SUSE bug 1225336SUSE bug 1225337SUSE bug 1225338SUSE bug 1225339SUSE bug 1225341SUSE bug 1225342SUSE bug 1225344SUSE bug 1225346SUSE bug 1225347SUSE bug 1225351SUSE bug 1225353SUSE bug 1225354SUSE bug 1225355SUSE bug 1225357SUSE bug 1225358SUSE bug 1225360SUSE bug 1225361SUSE bug 1225366SUSE bug 1225367SUSE bug 1225368SUSE bug 1225369SUSE bug 1225370SUSE bug 1225372SUSE bug 1225373SUSE bug 1225374SUSE bug 1225375SUSE bug 1225376SUSE bug 1225377SUSE bug 1225379SUSE bug 1225383SUSE bug 1225384SUSE bug 1225386SUSE bug 1225387SUSE bug 1225388SUSE bug 1225390SUSE bug 1225392SUSE bug 1225393SUSE bug 1225396SUSE bug 1225400SUSE bug 1225404SUSE bug 1225405SUSE bug 1225409SUSE bug 1225410SUSE bug 1225411SUSE bug 1225425SUSE bug 1225427SUSE bug 1225431SUSE bug 1225435SUSE bug 1225436SUSE bug 1225437SUSE bug 1225438SUSE bug 1225439SUSE bug 1225441SUSE bug 1225445SUSE bug 1225446SUSE bug 1225447SUSE bug 1225450SUSE bug 1225453SUSE bug 1225455SUSE bug 1225461SUSE bug 1225463SUSE bug 1225464SUSE bug 1225466SUSE bug 1225471SUSE bug 1225472SUSE bug 1225478SUSE bug 1225479SUSE bug 1225482SUSE bug 1225483SUSE bug 1225488SUSE bug 1225490SUSE bug 1225492SUSE bug 1225495SUSE bug 1225499SUSE bug 1225500SUSE bug 1225501SUSE bug 1225508SUSE bug 1225510SUSE bug 1225529SUSE bug 1225530SUSE bug 1225532SUSE bug 1225534SUSE bug 1225549SUSE bug 1225550SUSE bug 1225553SUSE bug 1225554SUSE bug 1225557SUSE bug 1225559SUSE bug 1225560SUSE bug 1225565SUSE bug 1225566SUSE bug 1225569SUSE bug 1225570SUSE bug 1225571SUSE bug 1225572SUSE bug 1225577SUSE bug 1225583SUSE bug 1225584SUSE bug 1225588SUSE bug 1225589SUSE bug 1225590SUSE bug 1225591SUSE bug 1225592SUSE bug 1225595SUSE bug 1225599CVE-2020-36788 at SUSECVE-2020-36788 at NVDCVE-2021-43527 at SUSECVE-2021-43527 at NVDCVE-2021-47358 at SUSECVE-2021-47358 at NVDCVE-2021-47359 at SUSECVE-2021-47359 at NVDCVE-2021-47360 at SUSECVE-2021-47360 at NVDCVE-2021-47361 at SUSECVE-2021-47361 at NVDCVE-2021-47362 at SUSECVE-2021-47362 at NVDCVE-2021-47363 at SUSECVE-2021-47363 at NVDCVE-2021-47364 at SUSECVE-2021-47364 at NVDCVE-2021-47365 at SUSECVE-2021-47365 at NVDCVE-2021-47366 at SUSECVE-2021-47366 at NVDCVE-2021-47367 at SUSECVE-2021-47367 at NVDCVE-2021-47368 at SUSECVE-2021-47368 at NVDCVE-2021-47369 at SUSECVE-2021-47369 at NVDCVE-2021-47370 at SUSECVE-2021-47370 at NVDCVE-2021-47371 at SUSECVE-2021-47371 at NVDCVE-2021-47372 at SUSECVE-2021-47372 at NVDCVE-2021-47373 at SUSECVE-2021-47373 at NVDCVE-2021-47374 at SUSECVE-2021-47374 at NVDCVE-2021-47375 at SUSECVE-2021-47375 at NVDCVE-2021-47376 at SUSECVE-2021-47376 at NVDCVE-2021-47378 at SUSECVE-2021-47378 at NVDCVE-2021-47379 at SUSECVE-2021-47379 at NVDCVE-2021-47380 at SUSECVE-2021-47380 at NVDCVE-2021-47381 at SUSECVE-2021-47381 at NVDCVE-2021-47382 at SUSECVE-2021-47382 at NVDCVE-2021-47383 at SUSECVE-2021-47383 at NVDCVE-2021-47384 at SUSECVE-2021-47384 at NVDCVE-2021-47385 at SUSECVE-2021-47385 at NVDCVE-2021-47386 at SUSECVE-2021-47386 at NVDCVE-2021-47387 at SUSECVE-2021-47387 at NVDCVE-2021-47388 at SUSECVE-2021-47388 at NVDCVE-2021-47389 at SUSECVE-2021-47389 at NVDCVE-2021-47390 at SUSECVE-2021-47390 at NVDCVE-2021-47391 at SUSECVE-2021-47391 at NVDCVE-2021-47392 at SUSECVE-2021-47392 at NVDCVE-2021-47393 at SUSECVE-2021-47393 at NVDCVE-2021-47394 at SUSECVE-2021-47394 at NVDCVE-2021-47395 at SUSECVE-2021-47395 at NVDCVE-2021-47396 at SUSECVE-2021-47396 at NVDCVE-2021-47397 at SUSECVE-2021-47397 at NVDCVE-2021-47398 at SUSECVE-2021-47398 at NVDCVE-2021-47399 at SUSECVE-2021-47399 at NVDCVE-2021-47400 at SUSECVE-2021-47400 at NVDCVE-2021-47401 at SUSECVE-2021-47401 at NVDCVE-2021-47402 at SUSECVE-2021-47402 at NVDCVE-2021-47403 at SUSECVE-2021-47403 at NVDCVE-2021-47404 at SUSECVE-2021-47404 at NVDCVE-2021-47405 at SUSECVE-2021-47405 at NVDCVE-2021-47406 at SUSECVE-2021-47406 at NVDCVE-2021-47407 at SUSECVE-2021-47407 at NVDCVE-2021-47408 at SUSECVE-2021-47408 at NVDCVE-2021-47409 at SUSECVE-2021-47409 at NVDCVE-2021-47410 at SUSECVE-2021-47410 at NVDCVE-2021-47412 at SUSECVE-2021-47412 at NVDCVE-2021-47413 at SUSECVE-2021-47413 at NVDCVE-2021-47414 at SUSECVE-2021-47414 at NVDCVE-2021-47415 at SUSECVE-2021-47415 at NVDCVE-2021-47416 at SUSECVE-2021-47416 at NVDCVE-2021-47417 at SUSECVE-2021-47417 at NVDCVE-2021-47418 at SUSECVE-2021-47418 at NVDCVE-2021-47419 at SUSECVE-2021-47419 at NVDCVE-2021-47420 at SUSECVE-2021-47420 at NVDCVE-2021-47421 at SUSECVE-2021-47421 at NVDCVE-2021-47422 at SUSECVE-2021-47422 at NVDCVE-2021-47423 at SUSECVE-2021-47423 at NVDCVE-2021-47424 at SUSECVE-2021-47424 at NVDCVE-2021-47425 at SUSECVE-2021-47425 at NVDCVE-2021-47426 at SUSECVE-2021-47426 at NVDCVE-2021-47427 at SUSECVE-2021-47427 at NVDCVE-2021-47428 at SUSECVE-2021-47428 at NVDCVE-2021-47429 at SUSECVE-2021-47429 at NVDCVE-2021-47430 at SUSECVE-2021-47430 at NVDCVE-2021-47431 at SUSECVE-2021-47431 at NVDCVE-2021-47433 at SUSECVE-2021-47433 at NVDCVE-2021-47434 at SUSECVE-2021-47434 at NVDCVE-2021-47435 at SUSECVE-2021-47435 at NVDCVE-2021-47436 at SUSECVE-2021-47436 at NVDCVE-2021-47437 at SUSECVE-2021-47437 at NVDCVE-2021-47438 at SUSECVE-2021-47438 at NVDCVE-2021-47439 at SUSECVE-2021-47439 at NVDCVE-2021-47440 at SUSECVE-2021-47440 at NVDCVE-2021-47441 at SUSECVE-2021-47441 at NVDCVE-2021-47442 at SUSECVE-2021-47442 at NVDCVE-2021-47443 at SUSECVE-2021-47443 at NVDCVE-2021-47444 at SUSECVE-2021-47444 at NVDCVE-2021-47445 at SUSECVE-2021-47445 at NVDCVE-2021-47446 at SUSECVE-2021-47446 at NVDCVE-2021-47447 at SUSECVE-2021-47447 at NVDCVE-2021-47448 at SUSECVE-2021-47448 at NVDCVE-2021-47449 at SUSECVE-2021-47449 at NVDCVE-2021-47450 at SUSECVE-2021-47450 at NVDCVE-2021-47451 at SUSECVE-2021-47451 at NVDCVE-2021-47452 at SUSECVE-2021-47452 at NVDCVE-2021-47453 at SUSECVE-2021-47453 at NVDCVE-2021-47454 at SUSECVE-2021-47454 at NVDCVE-2021-47455 at SUSECVE-2021-47455 at NVDCVE-2021-47456 at SUSECVE-2021-47456 at NVDCVE-2021-47457 at SUSECVE-2021-47457 at NVDCVE-2021-47458 at SUSECVE-2021-47458 at NVDCVE-2021-47459 at SUSECVE-2021-47459 at NVDCVE-2021-47460 at SUSECVE-2021-47460 at NVDCVE-2021-47461 at SUSECVE-2021-47461 at NVDCVE-2021-47462 at SUSECVE-2021-47462 at NVDCVE-2021-47463 at SUSECVE-2021-47463 at NVDCVE-2021-47464 at SUSECVE-2021-47464 at NVDCVE-2021-47465 at SUSECVE-2021-47465 at NVDCVE-2021-47466 at SUSECVE-2021-47466 at NVDCVE-2021-47467 at SUSECVE-2021-47467 at NVDCVE-2021-47468 at SUSECVE-2021-47468 at NVDCVE-2021-47469 at SUSECVE-2021-47469 at NVDCVE-2021-47470 at SUSECVE-2021-47470 at NVDCVE-2021-47471 at SUSECVE-2021-47471 at NVDCVE-2021-47472 at SUSECVE-2021-47472 at NVDCVE-2021-47473 at SUSECVE-2021-47473 at NVDCVE-2021-47474 at SUSECVE-2021-47474 at NVDCVE-2021-47475 at SUSECVE-2021-47475 at NVDCVE-2021-47476 at SUSECVE-2021-47476 at NVDCVE-2021-47477 at SUSECVE-2021-47477 at NVDCVE-2021-47478 at SUSECVE-2021-47478 at NVDCVE-2021-47479 at SUSECVE-2021-47479 at NVDCVE-2021-47480 at SUSECVE-2021-47480 at NVDCVE-2021-47481 at SUSECVE-2021-47481 at NVDCVE-2021-47482 at SUSECVE-2021-47482 at NVDCVE-2021-47483 at SUSECVE-2021-47483 at NVDCVE-2021-47484 at SUSECVE-2021-47484 at NVDCVE-2021-47485 at SUSECVE-2021-47485 at NVDCVE-2021-47486 at SUSECVE-2021-47486 at NVDCVE-2021-47488 at SUSECVE-2021-47488 at NVDCVE-2021-47489 at SUSECVE-2021-47489 at NVDCVE-2021-47490 at SUSECVE-2021-47490 at NVDCVE-2021-47491 at SUSECVE-2021-47491 at NVDCVE-2021-47492 at SUSECVE-2021-47492 at NVDCVE-2021-47493 at SUSECVE-2021-47493 at NVDCVE-2021-47494 at SUSECVE-2021-47494 at NVDCVE-2021-47495 at SUSECVE-2021-47495 at NVDCVE-2021-47496 at SUSECVE-2021-47496 at NVDCVE-2021-47497 at SUSECVE-2021-47497 at NVDCVE-2021-47498 at SUSECVE-2021-47498 at NVDCVE-2021-47499 at SUSECVE-2021-47499 at NVDCVE-2021-47500 at SUSECVE-2021-47500 at NVDCVE-2021-47501 at SUSECVE-2021-47501 at NVDCVE-2021-47502 at SUSECVE-2021-47502 at NVDCVE-2021-47503 at SUSECVE-2021-47503 at NVDCVE-2021-47505 at SUSECVE-2021-47505 at NVDCVE-2021-47506 at SUSECVE-2021-47506 at NVDCVE-2021-47507 at SUSECVE-2021-47507 at NVDCVE-2021-47509 at SUSECVE-2021-47509 at NVDCVE-2021-47510 at SUSECVE-2021-47510 at NVDCVE-2021-47511 at SUSECVE-2021-47511 at NVDCVE-2021-47513 at SUSECVE-2021-47513 at NVDCVE-2021-47514 at SUSECVE-2021-47514 at NVDCVE-2021-47516 at SUSECVE-2021-47516 at NVDCVE-2021-47518 at SUSECVE-2021-47518 at NVDCVE-2021-47520 at SUSECVE-2021-47520 at NVDCVE-2021-47521 at SUSECVE-2021-47521 at NVDCVE-2021-47522 at SUSECVE-2021-47522 at NVDCVE-2021-47523 at SUSECVE-2021-47523 at NVDCVE-2021-47524 at SUSECVE-2021-47524 at NVDCVE-2021-47525 at SUSECVE-2021-47525 at NVDCVE-2021-47526 at SUSECVE-2021-47526 at NVDCVE-2021-47528 at SUSECVE-2021-47528 at NVDCVE-2021-47529 at SUSECVE-2021-47529 at NVDCVE-2021-47533 at SUSECVE-2021-47533 at NVDCVE-2021-47534 at SUSECVE-2021-47534 at NVDCVE-2021-47535 at SUSECVE-2021-47535 at NVDCVE-2021-47536 at SUSECVE-2021-47536 at NVDCVE-2021-47537 at SUSECVE-2021-47537 at NVDCVE-2021-47540 at SUSECVE-2021-47540 at NVDCVE-2021-47541 at SUSECVE-2021-47541 at NVDCVE-2021-47542 at SUSECVE-2021-47542 at NVDCVE-2021-47544 at SUSECVE-2021-47544 at NVDCVE-2021-47549 at SUSECVE-2021-47549 at NVDCVE-2021-47550 at SUSECVE-2021-47550 at NVDCVE-2021-47551 at SUSECVE-2021-47551 at NVDCVE-2021-47553 at SUSECVE-2021-47553 at NVDCVE-2021-47554 at SUSECVE-2021-47554 at NVDCVE-2021-47556 at SUSECVE-2021-47556 at NVDCVE-2021-47558 at SUSECVE-2021-47558 at NVDCVE-2021-47559 at SUSECVE-2021-47559 at NVDCVE-2021-47560 at SUSECVE-2021-47560 at NVDCVE-2021-47562 at SUSECVE-2021-47562 at NVDCVE-2021-47563 at SUSECVE-2021-47563 at NVDCVE-2021-47564 at SUSECVE-2021-47564 at NVDCVE-2021-47565 at SUSECVE-2021-47565 at NVDCVE-2022-48632 at SUSECVE-2022-48632 at NVDCVE-2022-48634 at SUSECVE-2022-48634 at NVDCVE-2022-48636 at SUSECVE-2022-48636 at NVDCVE-2022-48652 at SUSECVE-2022-48652 at NVDCVE-2022-48671 at SUSECVE-2022-48671 at NVDCVE-2022-48672 at SUSECVE-2022-48672 at NVDCVE-2022-48673 at SUSECVE-2022-48673 at NVDCVE-2022-48675 at SUSECVE-2022-48675 at NVDCVE-2022-48686 at SUSECVE-2022-48686 at NVDCVE-2022-48687 at SUSECVE-2022-48687 at NVDCVE-2022-48688 at SUSECVE-2022-48688 at NVDCVE-2022-48692 at SUSECVE-2022-48692 at NVDCVE-2022-48693 at SUSECVE-2022-48693 at NVDCVE-2022-48694 at SUSECVE-2022-48694 at NVDCVE-2022-48695 at SUSECVE-2022-48695 at NVDCVE-2022-48697 at SUSECVE-2022-48697 at NVDCVE-2022-48699 at SUSECVE-2022-48699 at NVDCVE-2022-48700 at SUSECVE-2022-48700 at NVDCVE-2022-48701 at SUSECVE-2022-48701 at NVDCVE-2022-48702 at SUSECVE-2022-48702 at NVDCVE-2022-48703 at SUSECVE-2022-48703 at NVDCVE-2022-48704 at SUSECVE-2022-48704 at NVDCVE-2022-48708 at SUSECVE-2022-48708 at NVDCVE-2022-48709 at SUSECVE-2022-48709 at NVDCVE-2022-48710 at SUSECVE-2022-48710 at NVDCVE-2023-52654 at SUSECVE-2023-52654 at NVDCVE-2023-52655 at SUSECVE-2023-52655 at NVDCVE-2023-52676 at SUSECVE-2023-52676 at NVDCVE-2023-52686 at SUSECVE-2023-52686 at NVDCVE-2023-52690 at SUSECVE-2023-52690 at NVDCVE-2023-52702 at SUSECVE-2023-52702 at NVDCVE-2023-52703 at SUSECVE-2023-52703 at NVDCVE-2023-52707 at SUSECVE-2023-52707 at NVDCVE-2023-52708 at SUSECVE-2023-52708 at NVDCVE-2023-52730 at SUSECVE-2023-52730 at NVDCVE-2023-52733 at SUSECVE-2023-52733 at NVDCVE-2023-52736 at SUSECVE-2023-52736 at NVDCVE-2023-52738 at SUSECVE-2023-52738 at NVDCVE-2023-52739 at SUSECVE-2023-52739 at NVDCVE-2023-52740 at SUSECVE-2023-52740 at NVDCVE-2023-52741 at SUSECVE-2023-52741 at NVDCVE-2023-52742 at SUSECVE-2023-52742 at NVDCVE-2023-52743 at SUSECVE-2023-52743 at NVDCVE-2023-52744 at SUSECVE-2023-52744 at NVDCVE-2023-52745 at SUSECVE-2023-52745 at NVDCVE-2023-52747 at SUSECVE-2023-52747 at NVDCVE-2023-52753 at SUSECVE-2023-52753 at NVDCVE-2023-52754 at SUSECVE-2023-52754 at NVDCVE-2023-52756 at SUSECVE-2023-52756 at NVDCVE-2023-52759 at SUSECVE-2023-52759 at NVDCVE-2023-52763 at SUSECVE-2023-52763 at NVDCVE-2023-52764 at SUSECVE-2023-52764 at NVDCVE-2023-52766 at SUSECVE-2023-52766 at NVDCVE-2023-52774 at SUSECVE-2023-52774 at NVDCVE-2023-52781 at SUSECVE-2023-52781 at NVDCVE-2023-52788 at SUSECVE-2023-52788 at NVDCVE-2023-52789 at SUSECVE-2023-52789 at NVDCVE-2023-52791 at SUSECVE-2023-52791 at NVDCVE-2023-52798 at SUSECVE-2023-52798 at NVDCVE-2023-52799 at SUSECVE-2023-52799 at NVDCVE-2023-52800 at SUSECVE-2023-52800 at NVDCVE-2023-52804 at SUSECVE-2023-52804 at NVDCVE-2023-52805 at SUSECVE-2023-52805 at NVDCVE-2023-52806 at SUSECVE-2023-52806 at NVDCVE-2023-52810 at SUSECVE-2023-52810 at NVDCVE-2023-52811 at SUSECVE-2023-52811 at NVDCVE-2023-52814 at SUSECVE-2023-52814 at NVDCVE-2023-52816 at SUSECVE-2023-52816 at NVDCVE-2023-52817 at SUSECVE-2023-52817 at NVDCVE-2023-52818 at SUSECVE-2023-52818 at NVDCVE-2023-52819 at SUSECVE-2023-52819 at NVDCVE-2023-52821 at SUSECVE-2023-52821 at NVDCVE-2023-52825 at SUSECVE-2023-52825 at NVDCVE-2023-52826 at SUSECVE-2023-52826 at NVDCVE-2023-52832 at SUSECVE-2023-52832 at NVDCVE-2023-52833 at SUSECVE-2023-52833 at NVDCVE-2023-52834 at SUSECVE-2023-52834 at NVDCVE-2023-52838 at SUSECVE-2023-52838 at NVDCVE-2023-52840 at SUSECVE-2023-52840 at NVDCVE-2023-52841 at SUSECVE-2023-52841 at NVDCVE-2023-52844 at SUSECVE-2023-52844 at NVDCVE-2023-52847 at SUSECVE-2023-52847 at NVDCVE-2023-52853 at SUSECVE-2023-52853 at NVDCVE-2023-52854 at SUSECVE-2023-52854 at NVDCVE-2023-52855 at SUSECVE-2023-52855 at NVDCVE-2023-52856 at SUSECVE-2023-52856 at NVDCVE-2023-52858 at SUSECVE-2023-52858 at NVDCVE-2023-52864 at SUSECVE-2023-52864 at NVDCVE-2023-52865 at SUSECVE-2023-52865 at NVDCVE-2023-52867 at SUSECVE-2023-52867 at NVDCVE-2023-52868 at SUSECVE-2023-52868 at NVDCVE-2023-52870 at SUSECVE-2023-52870 at NVDCVE-2023-52871 at SUSECVE-2023-52871 at NVDCVE-2023-52872 at SUSECVE-2023-52872 at NVDCVE-2023-52873 at SUSECVE-2023-52873 at NVDCVE-2023-52875 at SUSECVE-2023-52875 at NVDCVE-2023-52876 at SUSECVE-2023-52876 at NVDCVE-2023-52877 at SUSECVE-2023-52877 at NVDCVE-2023-52878 at SUSECVE-2023-52878 at NVDCVE-2023-52880 at SUSECVE-2023-52880 at NVDCVE-2024-0639 at SUSECVE-2024-0639 at NVDCVE-2024-26828 at SUSECVE-2024-26828 at NVDCVE-2024-26840 at SUSECVE-2024-26840 at NVDCVE-2024-26852 at SUSECVE-2024-26852 at NVDCVE-2024-26862 at SUSECVE-2024-26862 at NVDCVE-2024-26921 at SUSECVE-2024-26921 at NVDCVE-2024-26925 at SUSECVE-2024-26925 at NVDCVE-2024-26928 at SUSECVE-2024-26928 at NVDCVE-2024-26929 at SUSECVE-2024-26929 at NVDCVE-2024-26930 at SUSECVE-2024-26930 at NVDCVE-2024-27398 at SUSECVE-2024-27398 at NVDCVE-2024-27413 at SUSECVE-2024-27413 at NVDCVE-2024-35811 at SUSECVE-2024-35811 at NVDCVE-2024-35815 at SUSECVE-2024-35815 at NVDCVE-2024-35817 at SUSECVE-2024-35817 at NVDCVE-2024-35863 at SUSECVE-2024-35863 at NVDCVE-2024-35867 at SUSECVE-2024-35867 at NVDCVE-2024-35868 at SUSECVE-2024-35868 at NVDCVE-2024-35895 at SUSECVE-2024-35895 at NVDCVE-2024-35904 at SUSECVE-2024-35904 at NVDCVE-2024-35905 at SUSECVE-2024-35905 at NVDCVE-2024-35914 at SUSECVE-2024-35914 at NVDCVE-2024-36926 at SUSECVE-2024-36926 at NVDcpe:/o:suse:sle-micro:5.4Security update for tiff (Moderate)SUSE Linux Enterprise Micro 5.4
This update for tiff fixes the following issues:
- CVE-2023-3164: Fixed a heap buffer overflow in tiffcrop. (bsc#1212233)
ModerateSUSE bug 1212233CVE-2023-3164 at SUSECVE-2023-3164 at NVDcpe:/o:suse:sle-micro:5.4Security update for bluez (Important)SUSE Linux Enterprise Micro 5.4
This update for bluez fixes the following issues:
- CVE-2023-50229: Fixed an out of bounds write in the primary version
counter for the Phone Book Access Profile implementation
(bsc#1218300).
- CVE-2023-50230: Fixed an out of bounds write in the secondary
version counter for the Phone Book Access Profile implementation
(bsc#1218301).
ImportantSUSE bug 1218300SUSE bug 1218301CVE-2023-50229 at SUSECVE-2023-50229 at NVDCVE-2023-50230 at SUSECVE-2023-50230 at NVDcpe:/o:suse:sle-micro:5.4Security update for gdk-pixbuf (Important)SUSE Linux Enterprise Micro 5.4
This update for gdk-pixbuf fixes the following issues:
gdk-pixbuf was updated to version 2.42.12:
- Security issues fixed:
* CVE-2022-48622: Fixed heap memory corruption on gdk-pixbuf (bsc#1219276)
- Changes in version 2.42.12:
+ ani: Reject files with multiple INA or IART chunks,
+ ani: validate chunk size,
+ Updated translations.
- Enable other image loaders such as xpm and xbm (bsc#1223903)
- Changes in version 2.42.11:
+ Disable fringe loaders by default.
+ Introspection fixes.
+ Updated translations.
- Changes in version 2.42.10:
+ Search for rst2man.py.
+ Update the memory size limit for JPEG images.
+ Updated translations.
- Fixed loading of larger images
- Avoid Bash specific syntax in baselibs postscript (bsc#1195391)
ImportantSUSE bug 1195391SUSE bug 1219276SUSE bug 1223903CVE-2022-48622 at SUSECVE-2022-48622 at NVDcpe:/o:suse:sle-micro:5.4Security update for openssl-3 (Important)SUSE Linux Enterprise Micro 5.4
This update for openssl-3 fixes the following issues:
- CVE-2024-4741: Fixed a use-after-free with SSL_free_buffers. (bsc#1225551)
ImportantSUSE bug 1225551CVE-2024-4741 at SUSECVE-2024-4741 at NVDcpe:/o:suse:sle-micro:5.4Security update for openssl-1_1 (Important)SUSE Linux Enterprise Micro 5.4
This update for openssl-1_1 fixes the following issues:
- CVE-2024-4741: Fixed a use-after-free with SSL_free_buffers. (bsc#1225551)
ImportantSUSE bug 1225551CVE-2024-4741 at SUSECVE-2024-4741 at NVDcpe:/o:suse:sle-micro:5.4Security update for podman (Important)SUSE Linux Enterprise Micro 5.4
This update for podman fixes the following issues:
- Update to version 4.9.5
- CVE-2024-3727: Fixed a flaw that allowed attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks. (bsc#1224122)
- CVE-2024-24786: Fixed an infinite loop in protojson. (bsc#1226136)
ImportantSUSE bug 1224122SUSE bug 1226136CVE-2024-24786 at SUSECVE-2024-24786 at NVDCVE-2024-3727 at SUSECVE-2024-3727 at NVDcpe:/o:suse:sle-micro:5.4Security update for containerd (Important)SUSE Linux Enterprise Micro 5.4
This update for containerd fixes the following issues:
Update to containerd v1.7.17.
- CVE-2023-45288: Fixed the limit of CONTINUATION frames read for an HTTP/2 request (bsc#1221400).
- Fixed /sys/devices/virtual/powercap accessibility by default containers to mitigate power-based side channel attacks (bsc#1224323).
ImportantSUSE bug 1221400SUSE bug 1224323CVE-2023-45288 at SUSECVE-2023-45288 at NVDcpe:/o:suse:sle-micro:5.4Security update for libarchive (Important)SUSE Linux Enterprise Micro 5.4
This update for libarchive fixes the following issues:
- CVE-2024-20696: Fixed heap based out-of-bounds write (bsc#1225971).
ImportantSUSE bug 1225971CVE-2024-20696 at SUSECVE-2024-20696 at NVDcpe:/o:suse:sle-micro:5.4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.4
The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2024-35905: Fixed int overflow for stack access size (bsc#1224488).
- CVE-2024-26828: Fix underflow in parse_server_interfaces() (bsc#1223084).
- CVE-2024-35863: Fix potential UAF in is_valid_oplock_break() (bsc#1224763).
- CVE-2024-35867: Fix potential UAF in cifs_stats_proc_show() (bsc#1224664).
- CVE-2024-35868: Fix potential UAF in cifs_stats_proc_write() (bsc#1224678).
- CVE-2024-26928: Fix potential UAF in cifs_debug_files_proc_show() (bsc#1223532).
- CVE-2024-36926: Fixed LPAR panics during boot up with a frozen PE (bsc#1222011).
- CVE-2024-26925: Release mutex after nft_gc_seq_end from abort path (bsc#1223390).
- CVE-2024-27413: Fix incorrect allocation size (bsc#1224438).
- CVE-2024-35817: Set gtt bound flag in amdgpu_ttm_gart_bind (bsc#1224736).
- CVE-2024-35904: Avoid dereference of garbage after mount failure (bsc#1224494).
- CVE-2024-26929: Fixed double free of fcport (bsc#1223715).
- CVE-2024-27398: Fixed use-after-free bugs caused by sco_sock_timeout (bsc#1224174).
- CVE-2024-26930: Fixed double free of the ha->vp_map pointer (bsc#1223626).
- CVE-2024-26840: Fixed a memory leak in cachefiles_add_cache() (bsc#1222976).
- CVE-2024-26862: Fixed packet annotate data-races around ignore_outgoing (bsc#1223111).
- CVE-2024-0639: Fixed a denial-of-service vulnerability due to a deadlock found in sctp_auto_asconf_init in net/sctp/socket.c (bsc#1218917).
- CVE-2024-26921: Preserve kabi for sk_buff (bsc#1223138).
- CVE-2024-26852: Fixed use-after-free in ip6_route_mpath_notify() (bsc#1223057).
- CVE-2023-1829: Fixed a use-after-free vulnerability in the control index filter (tcindex) (bsc#1210335).
The following non-security bugs were fixed:
- af_unix: Do not use atomic ops for unix_sk(sk)->inflight (bsc#1223384).
- af_unix: Replace BUG_ON() with WARN_ON_ONCE() (bsc#1223384).
- af_unix: annote lockless accesses to unix_tot_inflight & gc_in_progress (bsc#1223384).
- filemap: remove use of wait bookmarks (bsc#1224085).
- idpf: extend tx watchdog timeout (bsc#1224137).
- ipvs: Fix checksumming on GSO of SCTP packets (bsc#1221958)
- powerpc/kasan: Do not instrument non-maskable or raw interrupts (bsc#1223191).
- powerpc/powernv: Add a null pointer check in opal_event_init() (bsc#1065729).
- powerpc/powernv: Add a null pointer check to scom_debug_init_one() (bsc#1194869).
- powerpc/pseries/iommu: IOMMU table is not initialized for kdump over SR-IOV (bsc#1220492 ltc#205270).
- powerpc/pseries/vio: Do not return ENODEV if node or compatible missing (bsc#1220783).
- powerpc: Avoid nmi_enter/nmi_exit in real mode interrupt (bsc#1221645 ltc#205739 bsc#1223191).
- powerpc: Refactor verification of MSR_RI (bsc#1223191).
ImportantSUSE bug 1065729SUSE bug 1174585SUSE bug 1190569SUSE bug 1191949SUSE bug 1192107SUSE bug 1193983SUSE bug 1194288SUSE bug 1194869SUSE bug 1196869SUSE bug 1196956SUSE bug 1197915SUSE bug 1200313SUSE bug 1201308SUSE bug 1201489SUSE bug 1208149SUSE bug 1209657SUSE bug 1209799SUSE bug 1209834SUSE bug 1210335SUSE bug 1211592SUSE bug 1213863SUSE bug 1216702SUSE bug 1217169SUSE bug 1217515SUSE bug 1218447SUSE bug 1218917SUSE bug 1220492SUSE bug 1220783SUSE bug 1221044SUSE bug 1221645SUSE bug 1221958SUSE bug 1222011SUSE bug 1222559SUSE bug 1222619SUSE bug 1222721SUSE bug 1222976SUSE bug 1223057SUSE bug 1223084SUSE bug 1223111SUSE bug 1223138SUSE bug 1223191SUSE bug 1223384SUSE bug 1223390SUSE bug 1223481SUSE bug 1223501SUSE bug 1223505SUSE bug 1223512SUSE bug 1223520SUSE bug 1223532SUSE bug 1223626SUSE bug 1223715SUSE bug 1223894SUSE bug 1223921SUSE bug 1223922SUSE bug 1223923SUSE bug 1223924SUSE bug 1223929SUSE bug 1223931SUSE bug 1223932SUSE bug 1223934SUSE bug 1223941SUSE bug 1223948SUSE bug 1223952SUSE bug 1223953SUSE bug 1223957SUSE bug 1223962SUSE bug 1223963SUSE bug 1223964SUSE bug 1223996SUSE bug 1224085SUSE bug 1224099SUSE bug 1224137SUSE bug 1224174SUSE bug 1224438SUSE bug 1224482SUSE bug 1224488SUSE bug 1224494SUSE bug 1224511SUSE bug 1224592SUSE bug 1224611SUSE bug 1224664SUSE bug 1224678SUSE bug 1224682SUSE bug 1224685SUSE bug 1224730SUSE bug 1224736SUSE bug 1224763SUSE bug 1224816SUSE bug 1224895SUSE bug 1224898SUSE bug 1224900SUSE bug 1224901SUSE bug 1224902SUSE bug 1224903SUSE bug 1224904SUSE bug 1224905SUSE bug 1224907SUSE bug 1224909SUSE bug 1224910SUSE bug 1224911SUSE bug 1224912SUSE bug 1224913SUSE bug 1224914SUSE bug 1224915SUSE bug 1224920SUSE bug 1224928SUSE bug 1224931SUSE bug 1224932SUSE bug 1224937SUSE bug 1224942SUSE bug 1224944SUSE bug 1224945SUSE bug 1224947SUSE bug 1224956SUSE bug 1224988SUSE bug 1225000SUSE bug 1225003SUSE bug 1225005SUSE bug 1225009SUSE bug 1225022SUSE bug 1225031SUSE bug 1225032SUSE bug 1225036SUSE bug 1225044SUSE bug 1225076SUSE bug 1225077SUSE bug 1225082SUSE bug 1225086SUSE bug 1225092SUSE bug 1225095SUSE bug 1225096SUSE bug 1225106SUSE bug 1225108SUSE bug 1225109SUSE bug 1225118SUSE bug 1225121SUSE bug 1225122SUSE bug 1225123SUSE bug 1225125SUSE bug 1225126SUSE bug 1225127SUSE bug 1225129SUSE bug 1225131SUSE bug 1225132SUSE bug 1225145SUSE bug 1225151SUSE bug 1225153SUSE bug 1225156SUSE bug 1225158SUSE bug 1225160SUSE bug 1225161SUSE bug 1225164SUSE bug 1225167SUSE bug 1225180SUSE bug 1225183SUSE bug 1225184SUSE bug 1225186SUSE bug 1225187SUSE bug 1225189SUSE bug 1225190SUSE bug 1225191SUSE bug 1225192SUSE bug 1225193SUSE bug 1225195SUSE bug 1225198SUSE bug 1225201SUSE bug 1225203SUSE bug 1225205SUSE bug 1225206SUSE bug 1225207SUSE bug 1225208SUSE bug 1225209SUSE bug 1225210SUSE bug 1225214SUSE bug 1225223SUSE bug 1225224SUSE bug 1225225SUSE bug 1225227SUSE bug 1225228SUSE bug 1225229SUSE bug 1225230SUSE bug 1225232SUSE bug 1225233SUSE bug 1225235SUSE bug 1225236SUSE bug 1225237SUSE bug 1225238SUSE bug 1225239SUSE bug 1225240SUSE bug 1225241SUSE bug 1225242SUSE bug 1225243SUSE bug 1225244SUSE bug 1225245SUSE bug 1225246SUSE bug 1225247SUSE bug 1225248SUSE bug 1225249SUSE bug 1225250SUSE bug 1225251SUSE bug 1225252SUSE bug 1225253SUSE bug 1225254SUSE bug 1225255SUSE bug 1225256SUSE bug 1225257SUSE bug 1225258SUSE bug 1225259SUSE bug 1225260SUSE bug 1225261SUSE bug 1225262SUSE bug 1225263SUSE bug 1225268SUSE bug 1225301SUSE bug 1225303SUSE bug 1225304SUSE bug 1225306SUSE bug 1225316SUSE bug 1225318SUSE bug 1225320SUSE bug 1225321SUSE bug 1225322SUSE bug 1225323SUSE bug 1225326SUSE bug 1225327SUSE bug 1225328SUSE bug 1225329SUSE bug 1225330SUSE bug 1225331SUSE bug 1225332SUSE bug 1225333SUSE bug 1225334SUSE bug 1225335SUSE bug 1225336SUSE bug 1225337SUSE bug 1225338SUSE bug 1225339SUSE bug 1225341SUSE bug 1225342SUSE bug 1225344SUSE bug 1225346SUSE bug 1225347SUSE bug 1225351SUSE bug 1225353SUSE bug 1225354SUSE bug 1225355SUSE bug 1225357SUSE bug 1225358SUSE bug 1225360SUSE bug 1225361SUSE bug 1225366SUSE bug 1225367SUSE bug 1225368SUSE bug 1225369SUSE bug 1225370SUSE bug 1225372SUSE bug 1225373SUSE bug 1225374SUSE bug 1225375SUSE bug 1225376SUSE bug 1225377SUSE bug 1225379SUSE bug 1225380SUSE bug 1225383SUSE bug 1225384SUSE bug 1225386SUSE bug 1225387SUSE bug 1225388SUSE bug 1225390SUSE bug 1225392SUSE bug 1225393SUSE bug 1225396SUSE bug 1225400SUSE bug 1225404SUSE bug 1225405SUSE bug 1225409SUSE bug 1225410SUSE bug 1225411SUSE bug 1225425SUSE bug 1225427SUSE bug 1225431SUSE bug 1225435SUSE bug 1225436SUSE bug 1225437SUSE bug 1225438SUSE bug 1225439SUSE bug 1225441SUSE bug 1225445SUSE bug 1225446SUSE bug 1225447SUSE bug 1225450SUSE bug 1225453SUSE bug 1225455SUSE bug 1225461SUSE bug 1225463SUSE bug 1225464SUSE bug 1225466SUSE bug 1225471SUSE bug 1225472SUSE bug 1225478SUSE bug 1225479SUSE bug 1225482SUSE bug 1225483SUSE bug 1225486SUSE bug 1225488SUSE bug 1225490SUSE bug 1225492SUSE bug 1225495SUSE bug 1225499SUSE bug 1225500SUSE bug 1225501SUSE bug 1225508SUSE bug 1225510SUSE bug 1225529SUSE bug 1225530SUSE bug 1225532SUSE bug 1225534SUSE bug 1225549SUSE bug 1225550SUSE bug 1225553SUSE bug 1225554SUSE bug 1225557SUSE bug 1225559SUSE bug 1225560SUSE bug 1225565SUSE bug 1225566SUSE bug 1225569SUSE bug 1225570SUSE bug 1225571SUSE bug 1225572SUSE bug 1225577SUSE bug 1225583SUSE bug 1225584SUSE bug 1225588SUSE bug 1225589SUSE bug 1225590SUSE bug 1225591SUSE bug 1225592SUSE bug 1225595SUSE bug 1225599CVE-2020-36788 at SUSECVE-2020-36788 at NVDCVE-2021-39698 at SUSECVE-2021-39698 at NVDCVE-2021-4148 at SUSECVE-2021-4148 at NVDCVE-2021-43056 at SUSECVE-2021-43056 at NVDCVE-2021-43527 at SUSECVE-2021-43527 at NVDCVE-2021-47358 at SUSECVE-2021-47358 at NVDCVE-2021-47359 at SUSECVE-2021-47359 at NVDCVE-2021-47360 at SUSECVE-2021-47360 at NVDCVE-2021-47361 at SUSECVE-2021-47361 at NVDCVE-2021-47362 at SUSECVE-2021-47362 at NVDCVE-2021-47363 at SUSECVE-2021-47363 at NVDCVE-2021-47364 at SUSECVE-2021-47364 at NVDCVE-2021-47365 at SUSECVE-2021-47365 at NVDCVE-2021-47366 at SUSECVE-2021-47366 at NVDCVE-2021-47367 at SUSECVE-2021-47367 at NVDCVE-2021-47368 at SUSECVE-2021-47368 at NVDCVE-2021-47369 at SUSECVE-2021-47369 at NVDCVE-2021-47370 at SUSECVE-2021-47370 at NVDCVE-2021-47371 at SUSECVE-2021-47371 at NVDCVE-2021-47372 at SUSECVE-2021-47372 at NVDCVE-2021-47373 at SUSECVE-2021-47373 at NVDCVE-2021-47374 at SUSECVE-2021-47374 at NVDCVE-2021-47375 at SUSECVE-2021-47375 at NVDCVE-2021-47376 at SUSECVE-2021-47376 at NVDCVE-2021-47378 at SUSECVE-2021-47378 at NVDCVE-2021-47379 at SUSECVE-2021-47379 at NVDCVE-2021-47380 at SUSECVE-2021-47380 at NVDCVE-2021-47381 at SUSECVE-2021-47381 at NVDCVE-2021-47382 at SUSECVE-2021-47382 at NVDCVE-2021-47383 at SUSECVE-2021-47383 at NVDCVE-2021-47384 at SUSECVE-2021-47384 at NVDCVE-2021-47385 at SUSECVE-2021-47385 at NVDCVE-2021-47386 at SUSECVE-2021-47386 at NVDCVE-2021-47387 at SUSECVE-2021-47387 at NVDCVE-2021-47388 at SUSECVE-2021-47388 at NVDCVE-2021-47389 at SUSECVE-2021-47389 at NVDCVE-2021-47390 at SUSECVE-2021-47390 at NVDCVE-2021-47391 at SUSECVE-2021-47391 at NVDCVE-2021-47392 at SUSECVE-2021-47392 at NVDCVE-2021-47393 at SUSECVE-2021-47393 at NVDCVE-2021-47394 at SUSECVE-2021-47394 at NVDCVE-2021-47395 at SUSECVE-2021-47395 at NVDCVE-2021-47396 at SUSECVE-2021-47396 at NVDCVE-2021-47397 at SUSECVE-2021-47397 at NVDCVE-2021-47398 at SUSECVE-2021-47398 at NVDCVE-2021-47399 at SUSECVE-2021-47399 at NVDCVE-2021-47400 at SUSECVE-2021-47400 at NVDCVE-2021-47401 at SUSECVE-2021-47401 at NVDCVE-2021-47402 at SUSECVE-2021-47402 at NVDCVE-2021-47403 at SUSECVE-2021-47403 at NVDCVE-2021-47404 at SUSECVE-2021-47404 at NVDCVE-2021-47405 at SUSECVE-2021-47405 at NVDCVE-2021-47406 at SUSECVE-2021-47406 at NVDCVE-2021-47407 at SUSECVE-2021-47407 at NVDCVE-2021-47408 at SUSECVE-2021-47408 at NVDCVE-2021-47409 at SUSECVE-2021-47409 at NVDCVE-2021-47410 at SUSECVE-2021-47410 at NVDCVE-2021-47412 at SUSECVE-2021-47412 at NVDCVE-2021-47413 at SUSECVE-2021-47413 at NVDCVE-2021-47414 at SUSECVE-2021-47414 at NVDCVE-2021-47415 at SUSECVE-2021-47415 at NVDCVE-2021-47416 at SUSECVE-2021-47416 at NVDCVE-2021-47417 at SUSECVE-2021-47417 at NVDCVE-2021-47418 at SUSECVE-2021-47418 at NVDCVE-2021-47419 at SUSECVE-2021-47419 at NVDCVE-2021-47420 at SUSECVE-2021-47420 at NVDCVE-2021-47421 at SUSECVE-2021-47421 at NVDCVE-2021-47422 at SUSECVE-2021-47422 at NVDCVE-2021-47423 at SUSECVE-2021-47423 at NVDCVE-2021-47424 at SUSECVE-2021-47424 at NVDCVE-2021-47425 at SUSECVE-2021-47425 at NVDCVE-2021-47426 at SUSECVE-2021-47426 at NVDCVE-2021-47427 at SUSECVE-2021-47427 at NVDCVE-2021-47428 at SUSECVE-2021-47428 at NVDCVE-2021-47429 at SUSECVE-2021-47429 at NVDCVE-2021-47430 at SUSECVE-2021-47430 at NVDCVE-2021-47431 at SUSECVE-2021-47431 at NVDCVE-2021-47433 at SUSECVE-2021-47433 at NVDCVE-2021-47434 at SUSECVE-2021-47434 at NVDCVE-2021-47435 at SUSECVE-2021-47435 at NVDCVE-2021-47436 at SUSECVE-2021-47436 at NVDCVE-2021-47437 at SUSECVE-2021-47437 at NVDCVE-2021-47438 at SUSECVE-2021-47438 at NVDCVE-2021-47439 at SUSECVE-2021-47439 at NVDCVE-2021-47440 at SUSECVE-2021-47440 at NVDCVE-2021-47441 at SUSECVE-2021-47441 at NVDCVE-2021-47442 at SUSECVE-2021-47442 at NVDCVE-2021-47443 at SUSECVE-2021-47443 at NVDCVE-2021-47444 at SUSECVE-2021-47444 at NVDCVE-2021-47445 at SUSECVE-2021-47445 at NVDCVE-2021-47446 at SUSECVE-2021-47446 at NVDCVE-2021-47447 at SUSECVE-2021-47447 at NVDCVE-2021-47448 at SUSECVE-2021-47448 at NVDCVE-2021-47449 at SUSECVE-2021-47449 at NVDCVE-2021-47450 at SUSECVE-2021-47450 at NVDCVE-2021-47451 at SUSECVE-2021-47451 at NVDCVE-2021-47452 at SUSECVE-2021-47452 at NVDCVE-2021-47453 at SUSECVE-2021-47453 at NVDCVE-2021-47454 at SUSECVE-2021-47454 at NVDCVE-2021-47455 at SUSECVE-2021-47455 at NVDCVE-2021-47456 at SUSECVE-2021-47456 at NVDCVE-2021-47457 at SUSECVE-2021-47457 at NVDCVE-2021-47458 at SUSECVE-2021-47458 at NVDCVE-2021-47459 at SUSECVE-2021-47459 at NVDCVE-2021-47460 at SUSECVE-2021-47460 at NVDCVE-2021-47461 at SUSECVE-2021-47461 at NVDCVE-2021-47462 at SUSECVE-2021-47462 at NVDCVE-2021-47463 at SUSECVE-2021-47463 at NVDCVE-2021-47464 at SUSECVE-2021-47464 at NVDCVE-2021-47465 at SUSECVE-2021-47465 at NVDCVE-2021-47466 at SUSECVE-2021-47466 at NVDCVE-2021-47467 at SUSECVE-2021-47467 at NVDCVE-2021-47468 at SUSECVE-2021-47468 at NVDCVE-2021-47469 at SUSECVE-2021-47469 at NVDCVE-2021-47470 at SUSECVE-2021-47470 at NVDCVE-2021-47471 at SUSECVE-2021-47471 at NVDCVE-2021-47472 at SUSECVE-2021-47472 at NVDCVE-2021-47473 at SUSECVE-2021-47473 at NVDCVE-2021-47474 at SUSECVE-2021-47474 at NVDCVE-2021-47475 at SUSECVE-2021-47475 at NVDCVE-2021-47476 at SUSECVE-2021-47476 at NVDCVE-2021-47477 at SUSECVE-2021-47477 at NVDCVE-2021-47478 at SUSECVE-2021-47478 at NVDCVE-2021-47479 at SUSECVE-2021-47479 at NVDCVE-2021-47480 at SUSECVE-2021-47480 at NVDCVE-2021-47481 at SUSECVE-2021-47481 at NVDCVE-2021-47482 at SUSECVE-2021-47482 at NVDCVE-2021-47483 at SUSECVE-2021-47483 at NVDCVE-2021-47484 at SUSECVE-2021-47484 at NVDCVE-2021-47485 at SUSECVE-2021-47485 at NVDCVE-2021-47486 at SUSECVE-2021-47486 at NVDCVE-2021-47488 at SUSECVE-2021-47488 at NVDCVE-2021-47489 at SUSECVE-2021-47489 at NVDCVE-2021-47490 at SUSECVE-2021-47490 at NVDCVE-2021-47491 at SUSECVE-2021-47491 at NVDCVE-2021-47492 at SUSECVE-2021-47492 at NVDCVE-2021-47493 at SUSECVE-2021-47493 at NVDCVE-2021-47494 at SUSECVE-2021-47494 at NVDCVE-2021-47495 at SUSECVE-2021-47495 at NVDCVE-2021-47496 at SUSECVE-2021-47496 at NVDCVE-2021-47497 at SUSECVE-2021-47497 at NVDCVE-2021-47498 at SUSECVE-2021-47498 at NVDCVE-2021-47499 at SUSECVE-2021-47499 at NVDCVE-2021-47500 at SUSECVE-2021-47500 at NVDCVE-2021-47501 at SUSECVE-2021-47501 at NVDCVE-2021-47502 at SUSECVE-2021-47502 at NVDCVE-2021-47503 at SUSECVE-2021-47503 at NVDCVE-2021-47505 at SUSECVE-2021-47505 at NVDCVE-2021-47506 at SUSECVE-2021-47506 at NVDCVE-2021-47507 at SUSECVE-2021-47507 at NVDCVE-2021-47509 at SUSECVE-2021-47509 at NVDCVE-2021-47510 at SUSECVE-2021-47510 at NVDCVE-2021-47511 at SUSECVE-2021-47511 at NVDCVE-2021-47513 at SUSECVE-2021-47513 at NVDCVE-2021-47514 at SUSECVE-2021-47514 at NVDCVE-2021-47516 at SUSECVE-2021-47516 at NVDCVE-2021-47518 at SUSECVE-2021-47518 at NVDCVE-2021-47520 at SUSECVE-2021-47520 at NVDCVE-2021-47521 at SUSECVE-2021-47521 at NVDCVE-2021-47522 at SUSECVE-2021-47522 at NVDCVE-2021-47523 at SUSECVE-2021-47523 at NVDCVE-2021-47524 at SUSECVE-2021-47524 at NVDCVE-2021-47525 at SUSECVE-2021-47525 at NVDCVE-2021-47526 at SUSECVE-2021-47526 at NVDCVE-2021-47528 at SUSECVE-2021-47528 at NVDCVE-2021-47529 at SUSECVE-2021-47529 at NVDCVE-2021-47533 at SUSECVE-2021-47533 at NVDCVE-2021-47534 at SUSECVE-2021-47534 at NVDCVE-2021-47535 at SUSECVE-2021-47535 at NVDCVE-2021-47536 at SUSECVE-2021-47536 at NVDCVE-2021-47537 at SUSECVE-2021-47537 at NVDCVE-2021-47540 at SUSECVE-2021-47540 at NVDCVE-2021-47541 at SUSECVE-2021-47541 at NVDCVE-2021-47542 at SUSECVE-2021-47542 at NVDCVE-2021-47544 at SUSECVE-2021-47544 at NVDCVE-2021-47549 at SUSECVE-2021-47549 at NVDCVE-2021-47550 at SUSECVE-2021-47550 at NVDCVE-2021-47551 at SUSECVE-2021-47551 at NVDCVE-2021-47553 at SUSECVE-2021-47553 at NVDCVE-2021-47554 at SUSECVE-2021-47554 at NVDCVE-2021-47556 at SUSECVE-2021-47556 at NVDCVE-2021-47558 at SUSECVE-2021-47558 at NVDCVE-2021-47559 at SUSECVE-2021-47559 at NVDCVE-2021-47560 at SUSECVE-2021-47560 at NVDCVE-2021-47562 at SUSECVE-2021-47562 at NVDCVE-2021-47563 at SUSECVE-2021-47563 at NVDCVE-2021-47564 at SUSECVE-2021-47564 at NVDCVE-2021-47565 at SUSECVE-2021-47565 at NVDCVE-2022-48632 at SUSECVE-2022-48632 at NVDCVE-2022-48634 at SUSECVE-2022-48634 at NVDCVE-2022-48636 at SUSECVE-2022-48636 at NVDCVE-2022-48652 at SUSECVE-2022-48652 at NVDCVE-2022-48662 at SUSECVE-2022-48662 at NVDCVE-2022-48671 at SUSECVE-2022-48671 at NVDCVE-2022-48672 at SUSECVE-2022-48672 at NVDCVE-2022-48673 at SUSECVE-2022-48673 at NVDCVE-2022-48675 at SUSECVE-2022-48675 at NVDCVE-2022-48686 at SUSECVE-2022-48686 at NVDCVE-2022-48687 at SUSECVE-2022-48687 at NVDCVE-2022-48688 at SUSECVE-2022-48688 at NVDCVE-2022-48692 at SUSECVE-2022-48692 at NVDCVE-2022-48693 at SUSECVE-2022-48693 at NVDCVE-2022-48694 at SUSECVE-2022-48694 at NVDCVE-2022-48695 at SUSECVE-2022-48695 at NVDCVE-2022-48697 at SUSECVE-2022-48697 at NVDCVE-2022-48699 at SUSECVE-2022-48699 at NVDCVE-2022-48700 at SUSECVE-2022-48700 at NVDCVE-2022-48701 at SUSECVE-2022-48701 at NVDCVE-2022-48702 at SUSECVE-2022-48702 at NVDCVE-2022-48703 at SUSECVE-2022-48703 at NVDCVE-2022-48704 at SUSECVE-2022-48704 at NVDCVE-2022-48708 at SUSECVE-2022-48708 at NVDCVE-2022-48709 at SUSECVE-2022-48709 at NVDCVE-2022-48710 at SUSECVE-2022-48710 at NVDCVE-2023-0160 at SUSECVE-2023-0160 at NVDCVE-2023-1829 at SUSECVE-2023-1829 at NVDCVE-2023-2860 at SUSECVE-2023-2860 at NVDCVE-2023-47233 at SUSECVE-2023-47233 at NVDCVE-2023-52591 at SUSECVE-2023-52591 at NVDCVE-2023-52654 at SUSECVE-2023-52654 at NVDCVE-2023-52655 at SUSECVE-2023-52655 at NVDCVE-2023-52676 at SUSECVE-2023-52676 at NVDCVE-2023-52686 at SUSECVE-2023-52686 at NVDCVE-2023-52690 at SUSECVE-2023-52690 at NVDCVE-2023-52702 at SUSECVE-2023-52702 at NVDCVE-2023-52703 at SUSECVE-2023-52703 at NVDCVE-2023-52707 at SUSECVE-2023-52707 at NVDCVE-2023-52708 at SUSECVE-2023-52708 at NVDCVE-2023-52730 at SUSECVE-2023-52730 at NVDCVE-2023-52733 at SUSECVE-2023-52733 at NVDCVE-2023-52736 at SUSECVE-2023-52736 at NVDCVE-2023-52738 at SUSECVE-2023-52738 at NVDCVE-2023-52739 at SUSECVE-2023-52739 at NVDCVE-2023-52740 at SUSECVE-2023-52740 at NVDCVE-2023-52741 at SUSECVE-2023-52741 at NVDCVE-2023-52742 at SUSECVE-2023-52742 at NVDCVE-2023-52743 at SUSECVE-2023-52743 at NVDCVE-2023-52744 at SUSECVE-2023-52744 at NVDCVE-2023-52745 at SUSECVE-2023-52745 at NVDCVE-2023-52747 at SUSECVE-2023-52747 at NVDCVE-2023-52753 at SUSECVE-2023-52753 at NVDCVE-2023-52754 at SUSECVE-2023-52754 at NVDCVE-2023-52756 at SUSECVE-2023-52756 at NVDCVE-2023-52759 at SUSECVE-2023-52759 at NVDCVE-2023-52763 at SUSECVE-2023-52763 at NVDCVE-2023-52764 at SUSECVE-2023-52764 at NVDCVE-2023-52766 at SUSECVE-2023-52766 at NVDCVE-2023-52774 at SUSECVE-2023-52774 at NVDCVE-2023-52781 at SUSECVE-2023-52781 at NVDCVE-2023-52788 at SUSECVE-2023-52788 at NVDCVE-2023-52789 at SUSECVE-2023-52789 at NVDCVE-2023-52791 at SUSECVE-2023-52791 at NVDCVE-2023-52798 at SUSECVE-2023-52798 at NVDCVE-2023-52799 at SUSECVE-2023-52799 at NVDCVE-2023-52800 at SUSECVE-2023-52800 at NVDCVE-2023-52804 at SUSECVE-2023-52804 at NVDCVE-2023-52805 at SUSECVE-2023-52805 at NVDCVE-2023-52806 at SUSECVE-2023-52806 at NVDCVE-2023-52810 at SUSECVE-2023-52810 at NVDCVE-2023-52811 at SUSECVE-2023-52811 at NVDCVE-2023-52814 at SUSECVE-2023-52814 at NVDCVE-2023-52816 at SUSECVE-2023-52816 at NVDCVE-2023-52817 at SUSECVE-2023-52817 at NVDCVE-2023-52818 at SUSECVE-2023-52818 at NVDCVE-2023-52819 at SUSECVE-2023-52819 at NVDCVE-2023-52821 at SUSECVE-2023-52821 at NVDCVE-2023-52825 at SUSECVE-2023-52825 at NVDCVE-2023-52826 at SUSECVE-2023-52826 at NVDCVE-2023-52832 at SUSECVE-2023-52832 at NVDCVE-2023-52833 at SUSECVE-2023-52833 at NVDCVE-2023-52834 at SUSECVE-2023-52834 at NVDCVE-2023-52838 at SUSECVE-2023-52838 at NVDCVE-2023-52840 at SUSECVE-2023-52840 at NVDCVE-2023-52841 at SUSECVE-2023-52841 at NVDCVE-2023-52844 at SUSECVE-2023-52844 at NVDCVE-2023-52847 at SUSECVE-2023-52847 at NVDCVE-2023-52853 at SUSECVE-2023-52853 at NVDCVE-2023-52854 at SUSECVE-2023-52854 at NVDCVE-2023-52855 at SUSECVE-2023-52855 at NVDCVE-2023-52856 at SUSECVE-2023-52856 at NVDCVE-2023-52858 at SUSECVE-2023-52858 at NVDCVE-2023-52864 at SUSECVE-2023-52864 at NVDCVE-2023-52865 at SUSECVE-2023-52865 at NVDCVE-2023-52867 at SUSECVE-2023-52867 at NVDCVE-2023-52868 at SUSECVE-2023-52868 at NVDCVE-2023-52870 at SUSECVE-2023-52870 at NVDCVE-2023-52871 at SUSECVE-2023-52871 at NVDCVE-2023-52872 at SUSECVE-2023-52872 at NVDCVE-2023-52873 at SUSECVE-2023-52873 at NVDCVE-2023-52875 at SUSECVE-2023-52875 at NVDCVE-2023-52876 at SUSECVE-2023-52876 at NVDCVE-2023-52877 at SUSECVE-2023-52877 at NVDCVE-2023-52878 at SUSECVE-2023-52878 at NVDCVE-2023-52880 at SUSECVE-2023-52880 at NVDCVE-2023-6531 at SUSECVE-2023-6531 at NVDCVE-2024-0639 at SUSECVE-2024-0639 at NVDCVE-2024-26739 at SUSECVE-2024-26739 at NVDCVE-2024-26764 at SUSECVE-2024-26764 at NVDCVE-2024-26828 at SUSECVE-2024-26828 at NVDCVE-2024-26840 at SUSECVE-2024-26840 at NVDCVE-2024-26852 at SUSECVE-2024-26852 at NVDCVE-2024-26862 at SUSECVE-2024-26862 at NVDCVE-2024-26921 at SUSECVE-2024-26921 at NVDCVE-2024-26925 at SUSECVE-2024-26925 at NVDCVE-2024-26928 at SUSECVE-2024-26928 at NVDCVE-2024-26929 at SUSECVE-2024-26929 at NVDCVE-2024-26930 at SUSECVE-2024-26930 at NVDCVE-2024-27398 at SUSECVE-2024-27398 at NVDCVE-2024-27413 at SUSECVE-2024-27413 at NVDCVE-2024-35811 at SUSECVE-2024-35811 at NVDCVE-2024-35815 at SUSECVE-2024-35815 at NVDCVE-2024-35817 at SUSECVE-2024-35817 at NVDCVE-2024-35863 at SUSECVE-2024-35863 at NVDCVE-2024-35867 at SUSECVE-2024-35867 at NVDCVE-2024-35868 at SUSECVE-2024-35868 at NVDCVE-2024-35895 at SUSECVE-2024-35895 at NVDCVE-2024-35904 at SUSECVE-2024-35904 at NVDCVE-2024-35905 at SUSECVE-2024-35905 at NVDCVE-2024-35914 at SUSECVE-2024-35914 at NVDCVE-2024-36926 at SUSECVE-2024-36926 at NVDcpe:/o:suse:sle-micro:5.4Security update for podman (Moderate)SUSE Linux Enterprise Micro 5.4
This update for podman fixes the following issues:
- CVE-2024-6104: Fixed a potential leak of sensitive information on
HTTP log file (bsc#1227052).
ModerateSUSE bug 1227052CVE-2024-6104 at SUSECVE-2024-6104 at NVDcpe:/o:suse:sle-micro:5.4Security update for libxml2 (Low)SUSE Linux Enterprise Micro 5.4
This update for libxml2 fixes the following issues:
- CVE-2024-34459: Fixed buffer over-read in xmlHTMLPrintFileContext in xmllint.c (bsc#1224282).
LowSUSE bug 1224282CVE-2024-34459 at SUSECVE-2024-34459 at NVDcpe:/o:suse:sle-micro:5.4Security update for libndp (Important)SUSE Linux Enterprise Micro 5.4
This update for libndp fixes the following issues:
- CVE-2024-5564: Add a check on the route information option length field. (bsc#1225771)
ImportantSUSE bug 1225771CVE-2024-5564 at SUSECVE-2024-5564 at NVDcpe:/o:suse:sle-micro:5.4Security update for krb5 (Important)SUSE Linux Enterprise Micro 5.4
This update for krb5 fixes the following issues:
- CVE-2024-37370: Fixed confidential GSS krb5 wrap tokens with invalid fields were errouneously accepted (bsc#1227186).
- CVE-2024-37371: Fixed invalid memory read when processing message tokens with invalid length fields (bsc#1227187).
ImportantSUSE bug 1227186SUSE bug 1227187CVE-2024-37370 at SUSECVE-2024-37370 at NVDCVE-2024-37371 at SUSECVE-2024-37371 at NVDcpe:/o:suse:sle-micro:5.4Security update for cpio (Moderate)SUSE Linux Enterprise Micro 5.4
This update for cpio fixes the following issues:
- CVE-2023-7207: Fixed a path traversal issue that could lead to an
arbitrary file write during archive extraction (bsc#1218571).
ModerateSUSE bug 1218571CVE-2023-7207 at SUSECVE-2023-7207 at NVDcpe:/o:suse:sle-micro:5.4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.4
The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2021-47555: net: vlan: fix underflow for the real_dev refcnt (bsc#1225467).
- CVE-2021-47571: staging: rtl8192e: Fix use after free in _rtl92e_pci_disconnect() (bsc#1225518).
- CVE-2023-24023: Bluetooth: Add more enc key size check (bsc#1218148).
- CVE-2023-52670: rpmsg: virtio: Free driver_override when rpmsg_remove() (bsc#1224696).
- CVE-2023-52752: smb: client: fix use-after-free bug in cifs_debug_data_proc_show() (bsc#1225487).
- CVE-2023-52837: nbd: fix uaf in nbd_open (bsc#1224935).
- CVE-2023-52846: hsr: Prevent use after free in prp_create_tagged_frame() (bsc#1225098).
- CVE-2023-52881: tcp: do not accept ACK of bytes we never sent (bsc#1225611).
- CVE-2024-35789: Check fast rx for non-4addr sta VLAN changes (bsc#1224749).
- CVE-2024-35861: Fixed potential UAF in cifs_signal_cifsd_for_reconnect() (bsc#1224766).
- CVE-2024-35862: Fixed potential UAF in smb2_is_network_name_deleted() (bsc#1224764).
- CVE-2024-35864: Fixed potential UAF in smb2_is_valid_lease_break() (bsc#1224765).
- CVE-2024-35950: drm/client: Fully protect modes with dev->mode_config.mutex (bsc#1224703).
- CVE-2024-36894: usb: gadget: f_fs: Fix race between aio_cancel() and AIO request complete (bsc#1225749).
- CVE-2024-36899: gpiolib: cdev: Fix use after free in lineinfo_changed_notify (bsc#1225737).
- CVE-2024-36904: tcp: Use refcount_inc_not_zero() in tcp_twsk_unique() (bsc#1225732).
- CVE-2024-36940: pinctrl: core: delete incorrect free in pinctrl_enable() (bsc#1225840).
- CVE-2024-36964: fs/9p: only translate RWX permissions for plain 9P2000 (bsc#1225866).
- CVE-2024-36971: net: fix __dst_negative_advice() race (bsc#1226145).
- CVE-2024-38541: of: module: add buffer overflow check in of_modalias() (bsc#1226587).
- CVE-2024-38545: RDMA/hns: Fix UAF for cq async event (bsc#1226595).
- CVE-2024-38559: scsi: qedf: Ensure the copied buf is NUL terminated (bsc#1226785).
- CVE-2024-38560: scsi: bfa: Ensure the copied buf is NUL terminated (bsc#1226786).
- CVE-2024-38564: bpf: Add BPF_PROG_TYPE_CGROUP_SKB attach type enforcement in BPF_LINK_CREATE (bsc#1226789).
- CVE-2024-38578: ecryptfs: Fix buffer size for tag 66 packet (bsc#1226634).
The following non-security bugs were fixed:
- Revert 'build initrd without systemd' (bsc#1195775)
- cgroup: Add annotation for holding namespace_sem in current_cgns_cgroup_from_root() (bsc#1222254).
- cgroup: Eliminate the need for cgroup_mutex in proc_cgroup_show() (bsc#1222254).
- cgroup: Make operations on the cgroup root_list RCU safe (bsc#1222254).
- cgroup: Remove unnecessary list_empty() (bsc#1222254).
- cgroup: preserve KABI of cgroup_root (bsc#1222254).
- mkspec-dtb: add toplevel symlinks also on arm
- ocfs2: adjust enabling place for la window (bsc#1219224).
- ocfs2: fix sparse warnings (bsc#1219224).
- ocfs2: improve write IO performance when fragmentation is high (bsc#1219224).
- ocfs2: speed up chain-list searching (bsc#1219224).
- random: treat bootloader trust toggle the same way as cpu trust toggle (bsc#1226953).
- rpm/kernel-obs-build.spec.in: Add iso9660 (bsc#1226212) Some builds do not just create an iso9660 image, but also mount it during build.
- rpm/kernel-obs-build.spec.in: Add networking modules for docker (bsc#1226211) docker needs more networking modules, even legacy iptable_nat and _filter.
- rpm/kernel-obs-build.spec.in: Include algif_hash, aegis128 and xts modules afgif_hash is needed by some packages (e.g. iwd) for tests, xts is used for LUKS2 volumes by default and aegis128 is useful as AEAD cipher for LUKS2. Wrap the long line to make it readable.
- rpm/mkspec-dtb: dtbs have moved to vendor sub-directories in 6.5 By commit 724ba6751532 ('ARM: dts: Move .dts files to vendor sub-directories'). So switch to them.
- scsi: lpfc: Remove IRQF_ONESHOT flag from threaded IRQ handling (bsc#1216124).
- smb: client: ensure to try all targets when finding nested links (bsc#1224020).
- smb: client: guarantee refcounted children from parent session (bsc#1224679).
- x86/tsc: Trust initial offset in architectural TSC-adjust MSRs (bsc#1222015 bsc#1226962).
- xfs: do not include bnobt blocks when reserving free block pool (bsc#1226270).
ImportantSUSE bug 1195775SUSE bug 1216124SUSE bug 1218148SUSE bug 1219224SUSE bug 1220492SUSE bug 1222015SUSE bug 1222254SUSE bug 1222678SUSE bug 1224020SUSE bug 1224679SUSE bug 1224696SUSE bug 1224703SUSE bug 1224749SUSE bug 1224764SUSE bug 1224765SUSE bug 1224766SUSE bug 1224935SUSE bug 1225098SUSE bug 1225467SUSE bug 1225487SUSE bug 1225518SUSE bug 1225611SUSE bug 1225732SUSE bug 1225737SUSE bug 1225749SUSE bug 1225840SUSE bug 1225866SUSE bug 1226145SUSE bug 1226211SUSE bug 1226212SUSE bug 1226270SUSE bug 1226587SUSE bug 1226595SUSE bug 1226634SUSE bug 1226785SUSE bug 1226786SUSE bug 1226789SUSE bug 1226953SUSE bug 1226962CVE-2021-47555 at SUSECVE-2021-47555 at NVDCVE-2021-47571 at SUSECVE-2021-47571 at NVDCVE-2023-24023 at SUSECVE-2023-24023 at NVDCVE-2023-52670 at SUSECVE-2023-52670 at NVDCVE-2023-52752 at SUSECVE-2023-52752 at NVDCVE-2023-52837 at SUSECVE-2023-52837 at NVDCVE-2023-52846 at SUSECVE-2023-52846 at NVDCVE-2023-52881 at SUSECVE-2023-52881 at NVDCVE-2024-26745 at SUSECVE-2024-26745 at NVDCVE-2024-35789 at SUSECVE-2024-35789 at NVDCVE-2024-35861 at SUSECVE-2024-35861 at NVDCVE-2024-35862 at SUSECVE-2024-35862 at NVDCVE-2024-35864 at SUSECVE-2024-35864 at NVDCVE-2024-35869 at SUSECVE-2024-35869 at NVDCVE-2024-35950 at SUSECVE-2024-35950 at NVDCVE-2024-36894 at SUSECVE-2024-36894 at NVDCVE-2024-36899 at SUSECVE-2024-36899 at NVDCVE-2024-36904 at SUSECVE-2024-36904 at NVDCVE-2024-36940 at SUSECVE-2024-36940 at NVDCVE-2024-36964 at SUSECVE-2024-36964 at NVDCVE-2024-36971 at SUSECVE-2024-36971 at NVDCVE-2024-38541 at SUSECVE-2024-38541 at NVDCVE-2024-38545 at SUSECVE-2024-38545 at NVDCVE-2024-38559 at SUSECVE-2024-38559 at NVDCVE-2024-38560 at SUSECVE-2024-38560 at NVDCVE-2024-38564 at SUSECVE-2024-38564 at NVDCVE-2024-38578 at SUSECVE-2024-38578 at NVDcpe:/o:suse:sle-micro:5.4Security update for oniguruma (Moderate)SUSE Linux Enterprise Micro 5.4
This update for oniguruma fixes the following issues:
- CVE-2019-13225: Fixed null-pointer dereference in match_at() in regexec.c (bsc#1141157).
ModerateSUSE bug 1141157CVE-2019-13225 at SUSECVE-2019-13225 at NVDcpe:/o:suse:sle-micro:5.4Security update for python3 (Important)SUSE Linux Enterprise Micro 5.4
This update for python3 fixes the following issues:
- CVE-2023-52425: Fixed backport so it uses features sniffing, not just comparing version number (bsc#1219559).
- CVE-2024-0450: Fixed detecting the vulnerability of 'quoted-overlap' zipbomb (bsc#1221854).
- CVE-2024-4032: Rearranging definition of private v global IP. (bsc#1226448)
- CVE-2024-0397: Remove a memory race condition in ssl.SSLContext certificate store methods. (bsc#1226447)
ImportantSUSE bug 1219559SUSE bug 1220664SUSE bug 1221563SUSE bug 1221854SUSE bug 1222075SUSE bug 1226447SUSE bug 1226448CVE-2023-52425 at SUSECVE-2023-52425 at NVDCVE-2024-0397 at SUSECVE-2024-0397 at NVDCVE-2024-0450 at SUSECVE-2024-0450 at NVDCVE-2024-4032 at SUSECVE-2024-4032 at NVDcpe:/o:suse:sle-micro:5.4Security update for cockpit (Moderate)SUSE Linux Enterprise Micro 5.4
This update for cockpit fixes the following issues:
- CVE-2024-6126: Fixed Integer overflow in pam_sm_close_session() (bsc#1226040). ModerateSUSE bug 1226040CVE-2024-6126 at SUSECVE-2024-6126 at NVDcpe:/o:suse:sle-micro:5.4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.4
The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2023-52846: hsr: Prevent use after free in prp_create_tagged_frame() (bsc#1225098).
- CVE-2024-36904: tcp: Use refcount_inc_not_zero() in tcp_twsk_unique() (bsc#1225732).
- CVE-2023-52881: tcp: do not accept ACK of bytes we never sent (bsc#1225611).
- CVE-2024-35869: smb: client: guarantee refcounted children from parent session (bsc#1224679).
- CVE-2024-38564: bpf: Add BPF_PROG_TYPE_CGROUP_SKB attach type enforcement in BPF_LINK_CREATE (bsc#1226789).
- CVE-2024-38559: scsi: qedf: Ensure the copied buf is NUL terminated (bsc#1226785).
- CVE-2024-38560: scsi: bfa: Ensure the copied buf is NUL terminated (bsc#1226786).
- CVE-2024-38578: ecryptfs: Fix buffer size for tag 66 packet (bsc#1226634,).
- CVE-2024-38545: RDMA/hns: Fix UAF for cq async event (bsc#1226595)
- CVE-2023-52837: nbd: fix uaf in nbd_open (bsc#1224935).
- CVE-2024-38541: of: module: add buffer overflow check in of_modalias() (bsc#1226587).
- CVE-2024-36971: net: fix __dst_negative_advice() race (bsc#1226145).
- CVE-2024-35864: Fixed potential UAF in smb2_is_valid_lease_break() (bsc#1224765).
- CVE-2024-35862: Fixed potential UAF in smb2_is_network_name_deleted() (bsc#1224764).
- CVE-2024-38610: drivers/virt/acrn: fix PFNMAP PTE checks in acrn_vm_ram_map() (bsc#1226758).
- CVE-2024-35861: Fixed potential UAF in cifs_signal_cifsd_for_reconnect()(bsc#1224766).
- CVE-2023-52752: smb: client: fix use-after-free bug in cifs_debug_data_proc_show() (bsc#1225487).
- CVE-2024-36899: gpiolib: cdev: Fix use after free in lineinfo_changed_notify (bsc#1225737).
- CVE-2023-52670: rpmsg: virtio: Free driver_override when rpmsg_remove() (bsc#1224696).
- CVE-2024-35789: Check fast rx for non-4addr sta VLAN changes (bsc#1224749).
- CVE-2024-36964: fs/9p: only translate RWX permissions for plain 9P2000 (bsc#1225866).
- CVE-2024-36940: pinctrl: core: delete incorrect free in pinctrl_enable() (bsc#1225840).
- CVE-2021-47571: staging: rtl8192e: Fix use after free in _rtl92e_pci_disconnect() (bsc#1225518).
- CVE-2021-47555: net: vlan: fix underflow for the real_dev refcnt (bsc#1225467).
- CVE-2023-24023: Bluetooth: Add more enc key size check (bsc#1218148).
- CVE-2024-36894: usb: gadget: f_fs: Fix race between aio_cancel() and AIO request complete (bsc#1225749).
- CVE-2024-35950: drm/client: Fully protect modes with dev->mode_config.mutex (bsc#1224703).
- CVE-2024-26923: Fixed false-positive lockdep splat for spin_lock() in __unix_gc() (bsc#1223384).
The following non-security bugs were fixed:
- Revert 'build initrd without systemd' (bsc#1195775)'
- cgroup: Add annotation for holding namespace_sem in current_cgns_cgroup_from_root() (bsc#1222254).
- cgroup: Eliminate the need for cgroup_mutex in proc_cgroup_show() (bsc#1222254).
- cgroup: Make operations on the cgroup root_list RCU safe (bsc#1222254).
- cgroup: Remove unnecessary list_empty() (bsc#1222254).
- cgroup: preserve KABI of cgroup_root (bsc#1222254).
- ocfs2: adjust enabling place for la window (bsc#1219224).
- ocfs2: fix sparse warnings (bsc#1219224).
- ocfs2: improve write IO performance when fragmentation is high (bsc#1219224).
- ocfs2: speed up chain-list searching (bsc#1219224).
- random: treat bootloader trust toggle the same way as cpu trust toggle (bsc#1226953).
- rpm/kernel-obs-build.spec.in: Add iso9660 (bsc#1226212).
- rpm/kernel-obs-build.spec.in: Add networking modules for docker (bsc#1226211).
- scsi: lpfc: Remove IRQF_ONESHOT flag from threaded IRQ handling (bsc#1216124).
- smb: client: ensure to try all targets when finding nested links (bsc#1224020).
- x86/tsc: Trust initial offset in architectural TSC-adjust MSRs (bsc#1222015 bsc#1226962).
- xfs: do not include bnobt blocks when reserving free block pool (bsc#1226270).
ImportantSUSE bug 1195775SUSE bug 1216124SUSE bug 1218148SUSE bug 1219224SUSE bug 1220492SUSE bug 1222015SUSE bug 1222254SUSE bug 1222678SUSE bug 1223384SUSE bug 1224020SUSE bug 1224679SUSE bug 1224696SUSE bug 1224703SUSE bug 1224749SUSE bug 1224764SUSE bug 1224765SUSE bug 1224766SUSE bug 1224935SUSE bug 1225098SUSE bug 1225467SUSE bug 1225487SUSE bug 1225518SUSE bug 1225611SUSE bug 1225732SUSE bug 1225737SUSE bug 1225749SUSE bug 1225840SUSE bug 1225866SUSE bug 1226145SUSE bug 1226211SUSE bug 1226212SUSE bug 1226270SUSE bug 1226587SUSE bug 1226595SUSE bug 1226634SUSE bug 1226758SUSE bug 1226785SUSE bug 1226786SUSE bug 1226789SUSE bug 1226953SUSE bug 1226962CVE-2021-47555 at SUSECVE-2021-47555 at NVDCVE-2021-47571 at SUSECVE-2021-47571 at NVDCVE-2023-24023 at SUSECVE-2023-24023 at NVDCVE-2023-52670 at SUSECVE-2023-52670 at NVDCVE-2023-52752 at SUSECVE-2023-52752 at NVDCVE-2023-52837 at SUSECVE-2023-52837 at NVDCVE-2023-52846 at SUSECVE-2023-52846 at NVDCVE-2023-52881 at SUSECVE-2023-52881 at NVDCVE-2024-26745 at SUSECVE-2024-26745 at NVDCVE-2024-26923 at SUSECVE-2024-26923 at NVDCVE-2024-35789 at SUSECVE-2024-35789 at NVDCVE-2024-35861 at SUSECVE-2024-35861 at NVDCVE-2024-35862 at SUSECVE-2024-35862 at NVDCVE-2024-35864 at SUSECVE-2024-35864 at NVDCVE-2024-35869 at SUSECVE-2024-35869 at NVDCVE-2024-35950 at SUSECVE-2024-35950 at NVDCVE-2024-36894 at SUSECVE-2024-36894 at NVDCVE-2024-36899 at SUSECVE-2024-36899 at NVDCVE-2024-36904 at SUSECVE-2024-36904 at NVDCVE-2024-36940 at SUSECVE-2024-36940 at NVDCVE-2024-36964 at SUSECVE-2024-36964 at NVDCVE-2024-36971 at SUSECVE-2024-36971 at NVDCVE-2024-38541 at SUSECVE-2024-38541 at NVDCVE-2024-38545 at SUSECVE-2024-38545 at NVDCVE-2024-38559 at SUSECVE-2024-38559 at NVDCVE-2024-38560 at SUSECVE-2024-38560 at NVDCVE-2024-38564 at SUSECVE-2024-38564 at NVDCVE-2024-38578 at SUSECVE-2024-38578 at NVDcpe:/o:suse:sle-micro:5.4Security update for python-dnspython (Moderate)SUSE Linux Enterprise Micro 5.4
This update for python-dnspython fixes the following issues:
- CVE-2023-29483: Fixed an issue that allowed remote attackers to
interfere with DNS name resolution (bsc#1222693).
ModerateSUSE bug 1222693CVE-2023-29483 at SUSECVE-2023-29483 at NVDcpe:/o:suse:sle-micro:5.4Security update for shadow (Important)SUSE Linux Enterprise Micro 5.4
This update for shadow fixes the following issues:
- CVE-2013-4235: Fixed a race condition when copying and removing directory trees (bsc#916845).
ImportantSUSE bug 916845CVE-2013-4235 at SUSECVE-2013-4235 at NVDcpe:/o:suse:sle-micro:5.4Security update for gtk2 (Important)SUSE Linux Enterprise Micro 5.4
This update for gtk2 fixes the following issues:
- CVE-2024-6655: Fixed library injection from current working directory (bsc#1228120)
ImportantSUSE bug 1228120CVE-2024-6655 at SUSECVE-2024-6655 at NVDcpe:/o:suse:sle-micro:5.4Security update for gtk3 (Important)SUSE Linux Enterprise Micro 5.4
This update for gtk3 fixes the following issues:
- CVE-2024-6655: Fixed library injection from current working directory (bsc#1228120)
ImportantSUSE bug 1228120CVE-2024-6655 at SUSECVE-2024-6655 at NVDcpe:/o:suse:sle-micro:5.4Security update for python-urllib3 (Moderate)SUSE Linux Enterprise Micro 5.4
This update for python-urllib3 fixes the following issues:
- CVE-2024-37891: Fixed proxy-authorization request header is not stripped during cross-origin redirects (bsc#1226469)
ModerateSUSE bug 1226469CVE-2024-37891 at SUSECVE-2024-37891 at NVDcpe:/o:suse:sle-micro:5.4Security update for orc (Important)SUSE Linux Enterprise Micro 5.4
This update for orc fixes the following issues:
- CVE-2024-40897: Fixed stack-based buffer overflow in the orc compiler when formatting error messages for certain input files (bsc#1228184)
ImportantSUSE bug 1228184CVE-2024-40897 at SUSECVE-2024-40897 at NVDcpe:/o:suse:sle-micro:5.4Security update for xen (Moderate)SUSE Linux Enterprise Micro 5.4
This update for xen fixes the following issues:
- CVE-2023-46839: Fixed phantom functions assigned to incorrect contexts (XSA-449) (bsc#1218851)
ModerateSUSE bug 1218851CVE-2023-46839 at SUSECVE-2023-46839 at NVDcpe:/o:suse:sle-micro:5.4Recommended update for mozilla-nss (Moderate)SUSE Linux Enterprise Micro 5.4
This update for mozilla-nss fixes the following issues:
- Fixed startup crash of Firefox when using FIPS-mode (bsc#1223724).
- Added 'Provides: nss' so other RPMs that require 'nss' can
be installed (jira PED-6358).
- FIPS: added safe memsets (bsc#1222811)
- FIPS: restrict AES-GCM (bsc#1222830)
- FIPS: Updated FIPS approved cipher lists (bsc#1222813, bsc#1222814, bsc#1222821, bsc#1222822, bsc#1224118)
- FIPS: Updated FIPS self tests (bsc#1222807, bsc#1222828, bsc#1222834)
- FIPS: Updated FIPS approved cipher lists (bsc#1222804, bsc#1222826, bsc#1222833, bsc#1224113, bsc#1224115, bsc#1224116)
- Require `sed` for mozilla-nss-sysinit, as setup-nsssysinit.sh
depends on it and will create a broken, empty config, if sed is
missing (bsc#1227918)
Update to NSS 3.101.2:
* bmo#1905691 - ChaChaXor to return after the function
update to NSS 3.101.1:
* GLOBALTRUST 2020: Set Distrust After for TLS and S/MIME.
update to NSS 3.101:
* add diagnostic assertions for SFTKObject refcount.
* freeing the slot in DeleteCertAndKey if authentication failed
* fix formatting issues.
* Add Firmaprofesional CA Root-A Web to NSS.
* remove invalid acvp fuzz test vectors.
* pad short P-384 and P-521 signatures gtests.
* remove unused FreeBL ECC code.
* pad short P-384 and P-521 signatures.
* be less strict about ECDSA private key length.
* Integrate HACL* P-521.
* Integrate HACL* P-384.
* memory leak in create_objects_from_handles.
* ensure all input is consumed in a few places in mozilla::pkix
* SMIME/CMS and PKCS #12 do not integrate with modern NSS policy
* clean up escape handling
* Use lib::pkix as default validator instead of the old-one
* Need to add high level support for PQ signing.
* Certificate Compression: changing the allocation/freeing of buffer + Improving the documentation
* SMIME/CMS and PKCS #12 do not integrate with modern NSS policy
* Allow for non-full length ecdsa signature when using softoken
* Modification of .taskcluster.yml due to mozlint indent defects
* Implement support for PBMAC1 in PKCS#12
* disable VLA warnings for fuzz builds.
* remove redundant AllocItem implementation.
* add PK11_ReadDistrustAfterAttribute.
* - Clang-formatting of SEC_GetMgfTypeByOidTag update
* Set SEC_ERROR_LIBRARY_FAILURE on self-test failure
* sftk_getParameters(): Fix fallback to default variable after error with configfile.
* Switch to the mozillareleases/image_builder image
- switch from ec_field_GFp to ec_field_plain
Update to NSS 3.100:
* merge pk11_kyberSlotList into pk11_ecSlotList for faster Xyber operations.
* remove ckcapi.
* avoid a potential PK11GenericObject memory leak.
* Remove incomplete ESDH code.
* Decrypt RSA OAEP encrypted messages.
* Fix certutil CRLDP URI code.
* Don't set CKA_DERIVE for CKK_EC_EDWARDS private keys.
* Add ability to encrypt and decrypt CMS messages using ECDH.
* Correct Templates for key agreement in smime/cmsasn.c.
* Moving the decodedCert allocation to NSS.
* Allow developers to speed up repeated local execution of NSS tests that depend on certificates.
Update to NSS 3.99:
* Removing check for message len in ed25519 (bmo#1325335)
* add ed25519 to SECU_ecName2params. (bmo#1884276)
* add EdDSA wycheproof tests. (bmo#1325335)
* nss/lib layer code for EDDSA. (bmo#1325335)
* Adding EdDSA implementation. (bmo#1325335)
* Exporting Certificate Compression types (bmo#1881027)
* Updating ACVP docker to rust 1.74 (bmo#1880857)
* Updating HACL* to 0f136f28935822579c244f287e1d2a1908a7e552 (bmo#1325335)
* Add NSS_CMSRecipient_IsSupported. (bmo#1877730)
Update to NSS 3.98:
* (CVE-2023-5388) Timing attack against RSA decryption in TLS
* Certificate Compression: enabling the check that the compression was advertised
* Move Windows workers to nss-1/b-win2022-alpha
* Remove Email trust bit from OISTE WISeKey Global Root GC CA
* Replace `distutils.spawn.find_executable` with `shutil.which` within `mach` in `nss`
* Certificate Compression: Updating nss_bogo_shim to support Certificate compression
* TLS Certificate Compression (RFC 8879) Implementation
* Add valgrind annotations to freebl kyber operations for constant-time execution tests
* Set nssckbi version number to 2.66
* Add Telekom Security roots
* Add D-Trust 2022 S/MIME roots
* Remove expired Security Communication RootCA1 root
* move keys to a slot that supports concatenation in PK11_ConcatSymKeys
* remove unmaintained tls-interop tests
* bogo: add support for the -ipv6 and -shim-id shim flags
* bogo: add support for the -curves shim flag and update Kyber expectations
* bogo: adjust expectation for a key usage bit test
* mozpkix: add option to ignore invalid subject alternative names
* Fix selfserv not stripping `publicname:` from -X value
* take ownership of ecckilla shims
* add valgrind annotations to freebl/ec.c
* PR_INADDR_ANY needs PR_htonl before assignment to inet.ip
* Update zlib to 1.3.1
Update to NSS 3.97:
* make Xyber768d00 opt-in by policy
* add libssl support for xyber768d00
* add PK11_ConcatSymKeys
* add Kyber and a PKCS#11 KEM interface to softoken
* add a FreeBL API for Kyber
* part 2: vendor github.com/pq-crystals/kyber/commit/e0d1c6ff
* part 1: add a script for vendoring kyber from pq-crystals repo
* Removing the calls to RSA Blind from loader.*
* fix worker type for level3 mac tasks
* RSA Blind implementation
* Remove DSA selftests
* read KWP testvectors from JSON
* Backed out changeset dcb174139e4f
* Fix CKM_PBE_SHA1_DES2_EDE_CBC derivation
* Wrap CC shell commands in gyp expansions
Update to NSS 3.96.1:
* Use pypi dependencies for MacOS worker in ./build_gyp.sh
* p7sign: add -a hash and -u certusage (also p7verify cleanups)
* add a defensive check for large ssl_DefSend return values
* Add dependency to the taskcluster script for Darwin
* Upgrade version of the MacOS worker for the CI
Update to NSS 3.95:
* Bump builtins version number.
* Remove Email trust bit from Autoridad de Certificacion Firmaprofesional CIF A62634068 root cert.
* Remove 4 DigiCert (Symantec/Verisign) Root Certificates
* Remove 3 TrustCor Root Certificates from NSS.
* Remove Camerfirma root certificates from NSS.
* Remove old Autoridad de Certificacion Firmaprofesional Certificate.
* Add four Commscope root certificates to NSS.
* Add TrustAsia Global Root CA G3 and G4 root certificates.
* Include P-384 and P-521 Scalar Validation from HACL*
* Include P-256 Scalar Validation from HACL*.
* After the HACL 256 ECC patch, NSS incorrectly encodes 256 ECC without DER wrapping at the softoken level
* Add means to provide library parameters to C_Initialize
* add OSXSAVE and XCR0 tests to AVX2 detection.
* Typo in ssl3_AppendHandshakeNumber
* Introducing input check of ssl3_AppendHandshakeNumber
* Fix Invalid casts in instance.c
Update to NSS 3.94:
* Updated code and commit ID for HACL*
* update ACVP fuzzed test vector: refuzzed with current NSS
* Softoken C_ calls should use system FIPS setting to select NSC_ or FC_ variants
* NSS needs a database tool that can dump the low level representation of the database
* declare string literals using char in pkixnames_tests.cpp
* avoid implicit conversion for ByteString
* update rust version for acvp docker
* Moving the init function of the mpi_ints before clean-up in ec.c
* P-256 ECDH and ECDSA from HACL*
* Add ACVP test vectors to the repository
* Stop relying on std::basic_string<uint8_t>
* Transpose the PPC_ABI check from Makefile to gyp
Update to NSS 3.93:
* Update zlib in NSS to 1.3.
* softoken: iterate hashUpdate calls for long inputs.
* regenerate NameConstraints test certificates (bsc#1214980).
Update to NSS 3.92:
* Set nssckbi version number to 2.62
* Add 4 Atos TrustedRoot Root CA certificates to NSS
* Add 4 SSL.com Root CA certificates
* Add Sectigo E46 and R46 Root CA certificates
* Add LAWtrust Root CA2 (4096)
* Remove E-Tugra Certification Authority root
* Remove Camerfirma Chambers of Commerce Root.
* Remove Hongkong Post Root CA 1
* Remove E-Tugra Global Root CA ECC v3 and RSA v3
* Avoid redefining BYTE_ORDER on hppa Linux
Update to NSS 3.91:
* Implementation of the HW support check for ADX instruction
* Removing the support of Curve25519
* Fix comment about the addition of ticketSupportsEarlyData
* Adding args to enable-legacy-db build
* dbtests.sh failure in 'certutil dump keys with explicit default trust flags'
* Initialize flags in slot structures
* Improve the length check of RSA input to avoid heap overflow
* Followup Fixes
* avoid processing unexpected inputs by checking for m_exptmod base sign
* add a limit check on order_k to avoid infinite loop
* Update HACL* to commit 5f6051d2
* add SHA3 to cryptohi and softoken
* HACL SHA3
* Disabling ASM C25519 for A but X86_64
Update to NSS 3.90.3:
* GLOBALTRUST 2020: Set Distrust After for TLS and S/MIME.
* clean up escape handling.
* remove redundant AllocItem implementation.
* Disable ASM support for Curve25519.
* Disable ASM support for Curve25519 for all but X86_64.
ModerateSUSE bug 1214980SUSE bug 1222804SUSE bug 1222807SUSE bug 1222811SUSE bug 1222813SUSE bug 1222814SUSE bug 1222821SUSE bug 1222822SUSE bug 1222826SUSE bug 1222828SUSE bug 1222830SUSE bug 1222833SUSE bug 1222834SUSE bug 1223724SUSE bug 1224113SUSE bug 1224115SUSE bug 1224116SUSE bug 1224118SUSE bug 1227918CVE-2023-5388 at SUSECVE-2023-5388 at NVDcpe:/o:suse:sle-micro:5.4Security update for shadow (Moderate)SUSE Linux Enterprise Micro 5.4
This update for shadow fixes the following issues:
- Fixed not copying of skel files (bsc#1228770)
ModerateSUSE bug 1228770CVE-2013-4235 at SUSECVE-2013-4235 at NVDcpe:/o:suse:sle-micro:5.4Security update for ca-certificates-mozilla (Important)SUSE Linux Enterprise Micro 5.4
This update for ca-certificates-mozilla fixes the following issues:
- Updated to 2.68 state of Mozilla SSL root CAs (bsc#1227525)
- Added: FIRMAPROFESIONAL CA ROOT-A WEB
- Distrust: GLOBALTRUST 2020
- Updated to 2.66 state of Mozilla SSL root CAs (bsc#1220356)
Added:
- CommScope Public Trust ECC Root-01
- CommScope Public Trust ECC Root-02
- CommScope Public Trust RSA Root-01
- CommScope Public Trust RSA Root-02
- D-Trust SBR Root CA 1 2022
- D-Trust SBR Root CA 2 2022
- Telekom Security SMIME ECC Root 2021
- Telekom Security SMIME RSA Root 2023
- Telekom Security TLS ECC Root 2020
- Telekom Security TLS RSA Root 2023
- TrustAsia Global Root CA G3
- TrustAsia Global Root CA G4
Removed:
- Autoridad de Certificacion Firmaprofesional CIF A62634068
- Chambers of Commerce Root - 2008
- Global Chambersign Root - 2008
- Security Communication Root CA
- Symantec Class 1 Public Primary Certification Authority - G6
- Symantec Class 2 Public Primary Certification Authority - G6
- TrustCor ECA-1
- TrustCor RootCert CA-1
- TrustCor RootCert CA-2
- VeriSign Class 1 Public Primary Certification Authority - G3
- VeriSign Class 2 Public Primary Certification Authority - G3
ImportantSUSE bug 1220356SUSE bug 1227525cpe:/o:suse:sle-micro:5.4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.4
The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2024-39494: ima: Fix use-after-free on a dentry's dname.name (bsc#1227716).
- CVE-2024-41069: ASoC: topology: Fix route memory corruption (bsc#1228644).
- CVE-2024-40954: net: do not leave a dangling sk pointer, when socket creation fails (bsc#1227808)
- CVE-2024-42145: IB/core: Implement a limit on UMAD receive List (bsc#1228743).
- CVE-2024-40994: ptp: fix integer overflow in max_vclocks_store (bsc#1227829).
- CVE-2024-41012: filelock: Remove locks reliably when fcntl/close race is detected (bsc#1228247).
- CVE-2024-42093: net/dpaa2: Avoid explicit cpumask var allocation on stack (bsc#1228680).
- CVE-2024-40989: KVM: arm64: Disassociate vcpus from redistributor region on teardown (bsc#1227823).
- CVE-2024-41059: hfsplus: fix uninit-value in copy_name (bsc#1228561).
- CVE-2024-40956: dmaengine: idxd: Fix possible Use-After-Free in irq_process_work_list (bsc#1227810).
- CVE-2024-41090: tap: add missing verification for short frame (bsc#1228328).
- CVE-2024-41011: drm/amdkfd: do not allow mapping the MMIO HDP page with large pages (bsc#1228114).
- CVE-2024-39463: 9p: add missing locking around taking dentry fid list (bsc#1227090).
- CVE-2021-47598: sch_cake: do not call cake_destroy() from cake_init() (bsc#1226574).
- CVE-2024-40937: gve: Clear napi->skb before dev_kfree_skb_any() (bsc#1227836).
- CVE-2024-35901: net: mana: Fix Rx DMA datasize and skb_over_panic (bsc#1224495).
- CVE-2024-42230: powerpc/pseries: Fix scv instruction crash with kexec (bsc#1194869).
- CVE-2024-36974: net/sched: taprio: always validate TCA_TAPRIO_ATTR_PRIOMAP (bsc#1226519).
- CVE-2024-38555: net/mlx5: Discard command completions in internal error (bsc#1226607).
The following non-security bugs were fixed:
- NFS: Do not re-read the entire page cache to find the next cookie (bsc#1226662).
- NFS: Reduce use of uncached readdir (bsc#1226662).
- NFSv4.x: by default serialize open/close operations (bsc#1226226 bsc#1223863).
- X.509: Fix the parser of extended key usage for length (bsc#1218820).
- btrfs: sysfs: update fs features directory asynchronously (bsc#1226168).
- cgroup/cpuset: Prevent UAF in proc_cpuset_show() (bsc#1228801).
- jfs: xattr: fix buffer overflow for invalid xattr (bsc#1227383).
- kABI: rtas: Workaround false positive due to lost definition (bsc#1227487).
- kernel-binary: vdso: Own module_dir
- net/dcb: check for detached device before executing callbacks (bsc#1215587).
- ocfs2: fix DIO failure due to insufficient transaction credits (bsc#1216834).
- powerpc/rtas: Prevent Spectre v1 gadget construction in sys_rtas() (bsc#1227487).
- powerpc/rtas: clean up includes (bsc#1227487).
- workqueue: Improve scalability of workqueue watchdog touch (bsc#1193454).
- workqueue: wq_watchdog_touch is always called with valid CPU (bsc#1193454).
ImportantSUSE bug 1156395SUSE bug 1190336SUSE bug 1191958SUSE bug 1193454SUSE bug 1193554SUSE bug 1193787SUSE bug 1193883SUSE bug 1194324SUSE bug 1194826SUSE bug 1194869SUSE bug 1195065SUSE bug 1195254SUSE bug 1195341SUSE bug 1195349SUSE bug 1195357SUSE bug 1195668SUSE bug 1195927SUSE bug 1195957SUSE bug 1196018SUSE bug 1196746SUSE bug 1196823SUSE bug 1197146SUSE bug 1197246SUSE bug 1197762SUSE bug 1197915SUSE bug 1198014SUSE bug 1199295SUSE bug 1202346SUSE bug 1202686SUSE bug 1202767SUSE bug 1202780SUSE bug 1209636SUSE bug 1213123SUSE bug 1215587SUSE bug 1216834SUSE bug 1218820SUSE bug 1220185SUSE bug 1220186SUSE bug 1222728SUSE bug 1222809SUSE bug 1222810SUSE bug 1223635SUSE bug 1223863SUSE bug 1224495SUSE bug 1224671SUSE bug 1225573SUSE bug 1226168SUSE bug 1226226SUSE bug 1226519SUSE bug 1226537SUSE bug 1226539SUSE bug 1226550SUSE bug 1226553SUSE bug 1226554SUSE bug 1226556SUSE bug 1226557SUSE bug 1226558SUSE bug 1226559SUSE bug 1226561SUSE bug 1226562SUSE bug 1226563SUSE bug 1226564SUSE bug 1226567SUSE bug 1226569SUSE bug 1226572SUSE bug 1226574SUSE bug 1226575SUSE bug 1226576SUSE bug 1226577SUSE bug 1226580SUSE bug 1226583SUSE bug 1226585SUSE bug 1226587SUSE bug 1226601SUSE bug 1226602SUSE bug 1226603SUSE bug 1226607SUSE bug 1226614SUSE bug 1226617SUSE bug 1226618SUSE bug 1226619SUSE bug 1226621SUSE bug 1226624SUSE bug 1226626SUSE bug 1226628SUSE bug 1226629SUSE bug 1226643SUSE bug 1226644SUSE bug 1226645SUSE bug 1226650SUSE bug 1226653SUSE bug 1226662SUSE bug 1226669SUSE bug 1226670SUSE bug 1226672SUSE bug 1226673SUSE bug 1226674SUSE bug 1226675SUSE bug 1226679SUSE bug 1226683SUSE bug 1226685SUSE bug 1226686SUSE bug 1226690SUSE bug 1226691SUSE bug 1226692SUSE bug 1226696SUSE bug 1226697SUSE bug 1226698SUSE bug 1226699SUSE bug 1226701SUSE bug 1226702SUSE bug 1226703SUSE bug 1226705SUSE bug 1226708SUSE bug 1226709SUSE bug 1226710SUSE bug 1226711SUSE bug 1226712SUSE bug 1226713SUSE bug 1226715SUSE bug 1226716SUSE bug 1226719SUSE bug 1226720SUSE bug 1226721SUSE bug 1226732SUSE bug 1226762SUSE bug 1227090SUSE bug 1227383SUSE bug 1227487SUSE bug 1227549SUSE bug 1227716SUSE bug 1227750SUSE bug 1227764SUSE bug 1227808SUSE bug 1227810SUSE bug 1227823SUSE bug 1227829SUSE bug 1227836SUSE bug 1227917SUSE bug 1227920SUSE bug 1227921SUSE bug 1227922SUSE bug 1227923SUSE bug 1227924SUSE bug 1227925SUSE bug 1227928SUSE bug 1227931SUSE bug 1227932SUSE bug 1227933SUSE bug 1227935SUSE bug 1227938SUSE bug 1227941SUSE bug 1227942SUSE bug 1227944SUSE bug 1227945SUSE bug 1227948SUSE bug 1227949SUSE bug 1227952SUSE bug 1227953SUSE bug 1227954SUSE bug 1227956SUSE bug 1227963SUSE bug 1227964SUSE bug 1227965SUSE bug 1227968SUSE bug 1227969SUSE bug 1227970SUSE bug 1227971SUSE bug 1227972SUSE bug 1227975SUSE bug 1227976SUSE bug 1227981SUSE bug 1227982SUSE bug 1227985SUSE bug 1227986SUSE bug 1227987SUSE bug 1227988SUSE bug 1227989SUSE bug 1227990SUSE bug 1227991SUSE bug 1227993SUSE bug 1227995SUSE bug 1227996SUSE bug 1227997SUSE bug 1228000SUSE bug 1228002SUSE bug 1228004SUSE bug 1228005SUSE bug 1228006SUSE bug 1228007SUSE bug 1228008SUSE bug 1228009SUSE bug 1228010SUSE bug 1228013SUSE bug 1228014SUSE bug 1228015SUSE bug 1228019SUSE bug 1228025SUSE bug 1228028SUSE bug 1228035SUSE bug 1228037SUSE bug 1228038SUSE bug 1228039SUSE bug 1228040SUSE bug 1228045SUSE bug 1228054SUSE bug 1228055SUSE bug 1228056SUSE bug 1228060SUSE bug 1228061SUSE bug 1228062SUSE bug 1228063SUSE bug 1228064SUSE bug 1228066SUSE bug 1228114SUSE bug 1228247SUSE bug 1228328SUSE bug 1228561SUSE bug 1228644SUSE bug 1228680SUSE bug 1228743SUSE bug 1228801CVE-2021-4439 at SUSECVE-2021-4439 at NVDCVE-2021-47534 at SUSECVE-2021-47534 at NVDCVE-2021-47576 at SUSECVE-2021-47576 at NVDCVE-2021-47578 at SUSECVE-2021-47578 at NVDCVE-2021-47580 at SUSECVE-2021-47580 at NVDCVE-2021-47582 at SUSECVE-2021-47582 at NVDCVE-2021-47583 at SUSECVE-2021-47583 at NVDCVE-2021-47584 at SUSECVE-2021-47584 at NVDCVE-2021-47585 at SUSECVE-2021-47585 at NVDCVE-2021-47586 at SUSECVE-2021-47586 at NVDCVE-2021-47587 at SUSECVE-2021-47587 at NVDCVE-2021-47589 at SUSECVE-2021-47589 at NVDCVE-2021-47592 at SUSECVE-2021-47592 at NVDCVE-2021-47596 at SUSECVE-2021-47596 at NVDCVE-2021-47597 at SUSECVE-2021-47597 at NVDCVE-2021-47598 at SUSECVE-2021-47598 at NVDCVE-2021-47600 at SUSECVE-2021-47600 at NVDCVE-2021-47601 at SUSECVE-2021-47601 at NVDCVE-2021-47602 at SUSECVE-2021-47602 at NVDCVE-2021-47603 at SUSECVE-2021-47603 at NVDCVE-2021-47607 at SUSECVE-2021-47607 at NVDCVE-2021-47608 at SUSECVE-2021-47608 at NVDCVE-2021-47609 at SUSECVE-2021-47609 at NVDCVE-2021-47611 at SUSECVE-2021-47611 at NVDCVE-2021-47612 at SUSECVE-2021-47612 at NVDCVE-2021-47614 at SUSECVE-2021-47614 at NVDCVE-2021-47615 at SUSECVE-2021-47615 at NVDCVE-2021-47616 at SUSECVE-2021-47616 at NVDCVE-2021-47617 at SUSECVE-2021-47617 at NVDCVE-2021-47618 at SUSECVE-2021-47618 at NVDCVE-2021-47619 at SUSECVE-2021-47619 at NVDCVE-2021-47620 at SUSECVE-2021-47620 at NVDCVE-2021-47622 at SUSECVE-2021-47622 at NVDCVE-2021-47624 at SUSECVE-2021-47624 at NVDCVE-2022-48711 at SUSECVE-2022-48711 at NVDCVE-2022-48712 at SUSECVE-2022-48712 at NVDCVE-2022-48713 at SUSECVE-2022-48713 at NVDCVE-2022-48715 at SUSECVE-2022-48715 at NVDCVE-2022-48717 at SUSECVE-2022-48717 at NVDCVE-2022-48720 at SUSECVE-2022-48720 at NVDCVE-2022-48721 at SUSECVE-2022-48721 at NVDCVE-2022-48722 at SUSECVE-2022-48722 at NVDCVE-2022-48723 at SUSECVE-2022-48723 at NVDCVE-2022-48724 at SUSECVE-2022-48724 at NVDCVE-2022-48725 at SUSECVE-2022-48725 at NVDCVE-2022-48726 at SUSECVE-2022-48726 at NVDCVE-2022-48727 at SUSECVE-2022-48727 at NVDCVE-2022-48728 at SUSECVE-2022-48728 at NVDCVE-2022-48729 at SUSECVE-2022-48729 at NVDCVE-2022-48730 at SUSECVE-2022-48730 at NVDCVE-2022-48732 at SUSECVE-2022-48732 at NVDCVE-2022-48734 at SUSECVE-2022-48734 at NVDCVE-2022-48735 at SUSECVE-2022-48735 at NVDCVE-2022-48736 at SUSECVE-2022-48736 at NVDCVE-2022-48737 at SUSECVE-2022-48737 at NVDCVE-2022-48738 at SUSECVE-2022-48738 at NVDCVE-2022-48739 at SUSECVE-2022-48739 at NVDCVE-2022-48740 at SUSECVE-2022-48740 at NVDCVE-2022-48743 at SUSECVE-2022-48743 at NVDCVE-2022-48744 at SUSECVE-2022-48744 at NVDCVE-2022-48745 at SUSECVE-2022-48745 at NVDCVE-2022-48746 at SUSECVE-2022-48746 at NVDCVE-2022-48747 at SUSECVE-2022-48747 at NVDCVE-2022-48749 at SUSECVE-2022-48749 at NVDCVE-2022-48751 at SUSECVE-2022-48751 at NVDCVE-2022-48752 at SUSECVE-2022-48752 at NVDCVE-2022-48754 at SUSECVE-2022-48754 at NVDCVE-2022-48756 at SUSECVE-2022-48756 at NVDCVE-2022-48758 at SUSECVE-2022-48758 at NVDCVE-2022-48759 at SUSECVE-2022-48759 at NVDCVE-2022-48760 at SUSECVE-2022-48760 at NVDCVE-2022-48761 at SUSECVE-2022-48761 at NVDCVE-2022-48763 at SUSECVE-2022-48763 at NVDCVE-2022-48765 at SUSECVE-2022-48765 at NVDCVE-2022-48767 at SUSECVE-2022-48767 at NVDCVE-2022-48768 at SUSECVE-2022-48768 at NVDCVE-2022-48769 at SUSECVE-2022-48769 at NVDCVE-2022-48771 at SUSECVE-2022-48771 at NVDCVE-2022-48773 at SUSECVE-2022-48773 at NVDCVE-2022-48774 at SUSECVE-2022-48774 at NVDCVE-2022-48775 at SUSECVE-2022-48775 at NVDCVE-2022-48776 at SUSECVE-2022-48776 at NVDCVE-2022-48777 at SUSECVE-2022-48777 at NVDCVE-2022-48778 at SUSECVE-2022-48778 at NVDCVE-2022-48780 at SUSECVE-2022-48780 at NVDCVE-2022-48783 at SUSECVE-2022-48783 at NVDCVE-2022-48784 at SUSECVE-2022-48784 at NVDCVE-2022-48786 at SUSECVE-2022-48786 at NVDCVE-2022-48787 at SUSECVE-2022-48787 at NVDCVE-2022-48788 at SUSECVE-2022-48788 at NVDCVE-2022-48789 at SUSECVE-2022-48789 at NVDCVE-2022-48790 at SUSECVE-2022-48790 at NVDCVE-2022-48791 at SUSECVE-2022-48791 at NVDCVE-2022-48792 at SUSECVE-2022-48792 at NVDCVE-2022-48793 at SUSECVE-2022-48793 at NVDCVE-2022-48794 at SUSECVE-2022-48794 at NVDCVE-2022-48796 at SUSECVE-2022-48796 at NVDCVE-2022-48797 at SUSECVE-2022-48797 at NVDCVE-2022-48798 at SUSECVE-2022-48798 at NVDCVE-2022-48799 at SUSECVE-2022-48799 at NVDCVE-2022-48800 at SUSECVE-2022-48800 at NVDCVE-2022-48801 at SUSECVE-2022-48801 at NVDCVE-2022-48802 at SUSECVE-2022-48802 at NVDCVE-2022-48803 at SUSECVE-2022-48803 at NVDCVE-2022-48804 at SUSECVE-2022-48804 at NVDCVE-2022-48805 at SUSECVE-2022-48805 at NVDCVE-2022-48806 at SUSECVE-2022-48806 at NVDCVE-2022-48807 at SUSECVE-2022-48807 at NVDCVE-2022-48811 at SUSECVE-2022-48811 at NVDCVE-2022-48812 at SUSECVE-2022-48812 at NVDCVE-2022-48813 at SUSECVE-2022-48813 at NVDCVE-2022-48814 at SUSECVE-2022-48814 at NVDCVE-2022-48815 at SUSECVE-2022-48815 at NVDCVE-2022-48816 at SUSECVE-2022-48816 at NVDCVE-2022-48817 at SUSECVE-2022-48817 at NVDCVE-2022-48818 at SUSECVE-2022-48818 at NVDCVE-2022-48820 at SUSECVE-2022-48820 at NVDCVE-2022-48821 at SUSECVE-2022-48821 at NVDCVE-2022-48822 at SUSECVE-2022-48822 at NVDCVE-2022-48823 at SUSECVE-2022-48823 at NVDCVE-2022-48824 at SUSECVE-2022-48824 at NVDCVE-2022-48825 at SUSECVE-2022-48825 at NVDCVE-2022-48826 at SUSECVE-2022-48826 at NVDCVE-2022-48827 at SUSECVE-2022-48827 at NVDCVE-2022-48828 at SUSECVE-2022-48828 at NVDCVE-2022-48829 at SUSECVE-2022-48829 at NVDCVE-2022-48830 at SUSECVE-2022-48830 at NVDCVE-2022-48831 at SUSECVE-2022-48831 at NVDCVE-2022-48834 at SUSECVE-2022-48834 at NVDCVE-2022-48835 at SUSECVE-2022-48835 at NVDCVE-2022-48836 at SUSECVE-2022-48836 at NVDCVE-2022-48837 at SUSECVE-2022-48837 at NVDCVE-2022-48838 at SUSECVE-2022-48838 at NVDCVE-2022-48839 at SUSECVE-2022-48839 at NVDCVE-2022-48840 at SUSECVE-2022-48840 at NVDCVE-2022-48841 at SUSECVE-2022-48841 at NVDCVE-2022-48842 at SUSECVE-2022-48842 at NVDCVE-2022-48843 at SUSECVE-2022-48843 at NVDCVE-2022-48847 at SUSECVE-2022-48847 at NVDCVE-2022-48849 at SUSECVE-2022-48849 at NVDCVE-2022-48851 at SUSECVE-2022-48851 at NVDCVE-2022-48853 at SUSECVE-2022-48853 at NVDCVE-2022-48856 at SUSECVE-2022-48856 at NVDCVE-2022-48857 at SUSECVE-2022-48857 at NVDCVE-2022-48858 at SUSECVE-2022-48858 at NVDCVE-2022-48859 at SUSECVE-2022-48859 at NVDCVE-2022-48860 at SUSECVE-2022-48860 at NVDCVE-2022-48861 at SUSECVE-2022-48861 at NVDCVE-2022-48862 at SUSECVE-2022-48862 at NVDCVE-2022-48863 at SUSECVE-2022-48863 at NVDCVE-2022-48866 at SUSECVE-2022-48866 at NVDCVE-2023-52762 at SUSECVE-2023-52762 at NVDCVE-2023-52766 at SUSECVE-2023-52766 at NVDCVE-2023-52800 at SUSECVE-2023-52800 at NVDCVE-2023-52885 at SUSECVE-2023-52885 at NVDCVE-2023-52886 at SUSECVE-2023-52886 at NVDCVE-2024-26583 at SUSECVE-2024-26583 at NVDCVE-2024-26584 at SUSECVE-2024-26584 at NVDCVE-2024-26800 at SUSECVE-2024-26800 at NVDCVE-2024-26813 at SUSECVE-2024-26813 at NVDCVE-2024-26814 at SUSECVE-2024-26814 at NVDCVE-2024-26976 at SUSECVE-2024-26976 at NVDCVE-2024-35878 at SUSECVE-2024-35878 at NVDCVE-2024-35901 at SUSECVE-2024-35901 at NVDCVE-2024-36974 at SUSECVE-2024-36974 at NVDCVE-2024-38555 at SUSECVE-2024-38555 at NVDCVE-2024-39463 at SUSECVE-2024-39463 at NVDCVE-2024-39494 at SUSECVE-2024-39494 at NVDCVE-2024-40902 at SUSECVE-2024-40902 at NVDCVE-2024-40937 at SUSECVE-2024-40937 at NVDCVE-2024-40954 at SUSECVE-2024-40954 at NVDCVE-2024-40956 at SUSECVE-2024-40956 at NVDCVE-2024-40989 at SUSECVE-2024-40989 at NVDCVE-2024-40994 at SUSECVE-2024-40994 at NVDCVE-2024-41011 at SUSECVE-2024-41011 at NVDCVE-2024-41012 at SUSECVE-2024-41012 at NVDCVE-2024-41059 at SUSECVE-2024-41059 at NVDCVE-2024-41069 at SUSECVE-2024-41069 at NVDCVE-2024-41090 at SUSECVE-2024-41090 at NVDCVE-2024-42093 at SUSECVE-2024-42093 at NVDCVE-2024-42145 at SUSECVE-2024-42145 at NVDCVE-2024-42230 at SUSECVE-2024-42230 at NVDcpe:/o:suse:sle-micro:5.4Security update for openssl-1_1 (Moderate)SUSE Linux Enterprise Micro 5.4
This update for openssl-1_1 fixes the following issues:
- CVE-2024-5535: Fixed a buffer overread in function SSL_select_next_proto() with an empty supported client protocols buffer (bsc#1227138)
Other fixes:
- Build with no-afalgeng (bsc#1226463)
ModerateSUSE bug 1226463SUSE bug 1227138CVE-2024-5535 at SUSECVE-2024-5535 at NVDcpe:/o:suse:sle-micro:5.4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.4
The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2024-39494: ima: Fix use-after-free on a dentry's dname.name (bsc#1227716).
- CVE-2024-41069: ASoC: topology: Fix route memory corruption (bsc#1228644).
- CVE-2024-40954: net: do not leave a dangling sk pointer, when socket creation fails (bsc#1227808)
- CVE-2024-42145: IB/core: Implement a limit on UMAD receive List (bsc#1228743)
- CVE-2024-40994: ptp: fix integer overflow in max_vclocks_store (bsc#1227829).
- CVE-2024-41012: filelock: Remove locks reliably when fcntl/close race is detected (bsc#1228247).
- CVE-2024-42093: net/dpaa2: Avoid explicit cpumask var allocation on stack (bsc#1228680).
- CVE-2024-40989: KVM: arm64: Disassociate vcpus from redistributor region on teardown (bsc#1227823).
- CVE-2024-41059: hfsplus: fix uninit-value in copy_name (bsc#1228561).
- CVE-2024-40956: dmaengine: idxd: Fix possible Use-After-Free in irq_process_work_list (bsc#1227810).
- CVE-2024-41090: tap: add missing verification for short frame (bsc#1228328).
- CVE-2024-41011: drm/amdkfd: do not allow mapping the MMIO HDP page with large pages (bsc#1228114).
- CVE-2024-39463: 9p: add missing locking around taking dentry fid list (bsc#1227090).
- CVE-2021-47598: sch_cake: do not call cake_destroy() from cake_init() (bsc#1226574).
- CVE-2024-40937: gve: Clear napi->skb before dev_kfree_skb_any() (bsc#1227836).
- CVE-2024-35901: net: mana: Fix Rx DMA datasize and skb_over_panic (bsc#1224495).
- CVE-2024-42230: powerpc/pseries: Fix scv instruction crash with kexec (bsc#1194869).
- CVE-2024-26585: Fixed race between tx work scheduling and socket close (bsc#1220187).
- CVE-2024-36974: net/sched: taprio: always validate TCA_TAPRIO_ATTR_PRIOMAP (bsc#1226519).
- CVE-2024-38555: net/mlx5: Discard command completions in internal error (bsc#1226607).
The following non-security bugs were fixed:
- NFS: Do not re-read the entire page cache to find the next cookie (bsc#1226662).
- NFS: Reduce use of uncached readdir (bsc#1226662).
- NFSv4.x: by default serialize open/close operations (bsc#1226226 bsc#1223863).
- X.509: Fix the parser of extended key usage for length (bsc#1218820).
- btrfs: sysfs: update fs features directory asynchronously (bsc#1226168).
- cgroup/cpuset: Prevent UAF in proc_cpuset_show() (bsc#1228801).
- jfs: xattr: fix buffer overflow for invalid xattr (bsc#1227383).
- kABI: rtas: Workaround false positive due to lost definition (bsc#1227487).
- kernel-binary: vdso: Own module_dir
- net/dcb: check for detached device before executing callbacks (bsc#1215587).
- ocfs2: fix DIO failure due to insufficient transaction credits (bsc#1216834).
- powerpc/rtas: Prevent Spectre v1 gadget construction in sys_rtas() (bsc#1227487).
- powerpc/rtas: clean up includes (bsc#1227487).
- workqueue: Improve scalability of workqueue watchdog touch (bsc#1193454).
- workqueue: wq_watchdog_touch is always called with valid CPU (bsc#1193454).
ImportantSUSE bug 1156395SUSE bug 1190336SUSE bug 1191958SUSE bug 1193454SUSE bug 1193554SUSE bug 1193787SUSE bug 1193883SUSE bug 1194324SUSE bug 1194826SUSE bug 1194869SUSE bug 1195065SUSE bug 1195254SUSE bug 1195341SUSE bug 1195349SUSE bug 1195357SUSE bug 1195668SUSE bug 1195927SUSE bug 1195957SUSE bug 1196018SUSE bug 1196746SUSE bug 1196823SUSE bug 1197146SUSE bug 1197246SUSE bug 1197762SUSE bug 1197915SUSE bug 1198014SUSE bug 1199295SUSE bug 1202346SUSE bug 1202686SUSE bug 1202767SUSE bug 1202780SUSE bug 1209636SUSE bug 1213123SUSE bug 1215587SUSE bug 1216834SUSE bug 1218820SUSE bug 1220185SUSE bug 1220186SUSE bug 1220187SUSE bug 1221044SUSE bug 1222011SUSE bug 1222728SUSE bug 1222809SUSE bug 1222810SUSE bug 1223635SUSE bug 1223863SUSE bug 1224488SUSE bug 1224495SUSE bug 1224671SUSE bug 1225573SUSE bug 1225829SUSE bug 1226168SUSE bug 1226226SUSE bug 1226519SUSE bug 1226537SUSE bug 1226539SUSE bug 1226550SUSE bug 1226553SUSE bug 1226554SUSE bug 1226556SUSE bug 1226557SUSE bug 1226558SUSE bug 1226559SUSE bug 1226561SUSE bug 1226562SUSE bug 1226563SUSE bug 1226564SUSE bug 1226567SUSE bug 1226569SUSE bug 1226572SUSE bug 1226574SUSE bug 1226575SUSE bug 1226576SUSE bug 1226577SUSE bug 1226580SUSE bug 1226583SUSE bug 1226585SUSE bug 1226587SUSE bug 1226601SUSE bug 1226602SUSE bug 1226603SUSE bug 1226607SUSE bug 1226614SUSE bug 1226617SUSE bug 1226618SUSE bug 1226619SUSE bug 1226621SUSE bug 1226624SUSE bug 1226626SUSE bug 1226628SUSE bug 1226629SUSE bug 1226643SUSE bug 1226644SUSE bug 1226645SUSE bug 1226650SUSE bug 1226653SUSE bug 1226662SUSE bug 1226669SUSE bug 1226670SUSE bug 1226672SUSE bug 1226673SUSE bug 1226674SUSE bug 1226675SUSE bug 1226679SUSE bug 1226683SUSE bug 1226685SUSE bug 1226686SUSE bug 1226690SUSE bug 1226691SUSE bug 1226692SUSE bug 1226696SUSE bug 1226697SUSE bug 1226698SUSE bug 1226699SUSE bug 1226701SUSE bug 1226702SUSE bug 1226703SUSE bug 1226705SUSE bug 1226708SUSE bug 1226709SUSE bug 1226710SUSE bug 1226711SUSE bug 1226712SUSE bug 1226713SUSE bug 1226715SUSE bug 1226716SUSE bug 1226719SUSE bug 1226720SUSE bug 1226721SUSE bug 1226732SUSE bug 1226758SUSE bug 1226762SUSE bug 1226785SUSE bug 1227090SUSE bug 1227383SUSE bug 1227487SUSE bug 1227549SUSE bug 1227716SUSE bug 1227750SUSE bug 1227764SUSE bug 1227808SUSE bug 1227810SUSE bug 1227823SUSE bug 1227829SUSE bug 1227836SUSE bug 1227917SUSE bug 1227920SUSE bug 1227921SUSE bug 1227922SUSE bug 1227923SUSE bug 1227924SUSE bug 1227925SUSE bug 1227928SUSE bug 1227931SUSE bug 1227932SUSE bug 1227933SUSE bug 1227935SUSE bug 1227938SUSE bug 1227941SUSE bug 1227942SUSE bug 1227944SUSE bug 1227945SUSE bug 1227948SUSE bug 1227949SUSE bug 1227952SUSE bug 1227953SUSE bug 1227954SUSE bug 1227956SUSE bug 1227963SUSE bug 1227964SUSE bug 1227965SUSE bug 1227968SUSE bug 1227969SUSE bug 1227970SUSE bug 1227971SUSE bug 1227972SUSE bug 1227975SUSE bug 1227976SUSE bug 1227981SUSE bug 1227982SUSE bug 1227985SUSE bug 1227986SUSE bug 1227987SUSE bug 1227988SUSE bug 1227989SUSE bug 1227990SUSE bug 1227991SUSE bug 1227993SUSE bug 1227995SUSE bug 1227996SUSE bug 1227997SUSE bug 1228000SUSE bug 1228002SUSE bug 1228004SUSE bug 1228005SUSE bug 1228006SUSE bug 1228007SUSE bug 1228008SUSE bug 1228009SUSE bug 1228010SUSE bug 1228013SUSE bug 1228014SUSE bug 1228015SUSE bug 1228019SUSE bug 1228025SUSE bug 1228028SUSE bug 1228035SUSE bug 1228037SUSE bug 1228038SUSE bug 1228039SUSE bug 1228040SUSE bug 1228045SUSE bug 1228054SUSE bug 1228055SUSE bug 1228056SUSE bug 1228060SUSE bug 1228061SUSE bug 1228062SUSE bug 1228063SUSE bug 1228064SUSE bug 1228066SUSE bug 1228114SUSE bug 1228247SUSE bug 1228328SUSE bug 1228440SUSE bug 1228561SUSE bug 1228644SUSE bug 1228680SUSE bug 1228743SUSE bug 1228801CVE-2021-4439 at SUSECVE-2021-4439 at NVDCVE-2021-47534 at SUSECVE-2021-47534 at NVDCVE-2021-47576 at SUSECVE-2021-47576 at NVDCVE-2021-47578 at SUSECVE-2021-47578 at NVDCVE-2021-47580 at SUSECVE-2021-47580 at NVDCVE-2021-47582 at SUSECVE-2021-47582 at NVDCVE-2021-47583 at SUSECVE-2021-47583 at NVDCVE-2021-47584 at SUSECVE-2021-47584 at NVDCVE-2021-47585 at SUSECVE-2021-47585 at NVDCVE-2021-47586 at SUSECVE-2021-47586 at NVDCVE-2021-47587 at SUSECVE-2021-47587 at NVDCVE-2021-47589 at SUSECVE-2021-47589 at NVDCVE-2021-47592 at SUSECVE-2021-47592 at NVDCVE-2021-47596 at SUSECVE-2021-47596 at NVDCVE-2021-47597 at SUSECVE-2021-47597 at NVDCVE-2021-47598 at SUSECVE-2021-47598 at NVDCVE-2021-47600 at SUSECVE-2021-47600 at NVDCVE-2021-47601 at SUSECVE-2021-47601 at NVDCVE-2021-47602 at SUSECVE-2021-47602 at NVDCVE-2021-47603 at SUSECVE-2021-47603 at NVDCVE-2021-47607 at SUSECVE-2021-47607 at NVDCVE-2021-47608 at SUSECVE-2021-47608 at NVDCVE-2021-47609 at SUSECVE-2021-47609 at NVDCVE-2021-47611 at SUSECVE-2021-47611 at NVDCVE-2021-47612 at SUSECVE-2021-47612 at NVDCVE-2021-47614 at SUSECVE-2021-47614 at NVDCVE-2021-47615 at SUSECVE-2021-47615 at NVDCVE-2021-47616 at SUSECVE-2021-47616 at NVDCVE-2021-47617 at SUSECVE-2021-47617 at NVDCVE-2021-47618 at SUSECVE-2021-47618 at NVDCVE-2021-47619 at SUSECVE-2021-47619 at NVDCVE-2021-47620 at SUSECVE-2021-47620 at NVDCVE-2021-47622 at SUSECVE-2021-47622 at NVDCVE-2021-47624 at SUSECVE-2021-47624 at NVDCVE-2022-0854 at SUSECVE-2022-0854 at NVDCVE-2022-20368 at SUSECVE-2022-20368 at NVDCVE-2022-28748 at SUSECVE-2022-28748 at NVDCVE-2022-2964 at SUSECVE-2022-2964 at NVDCVE-2022-48711 at SUSECVE-2022-48711 at NVDCVE-2022-48712 at SUSECVE-2022-48712 at NVDCVE-2022-48713 at SUSECVE-2022-48713 at NVDCVE-2022-48715 at SUSECVE-2022-48715 at NVDCVE-2022-48717 at SUSECVE-2022-48717 at NVDCVE-2022-48720 at SUSECVE-2022-48720 at NVDCVE-2022-48721 at SUSECVE-2022-48721 at NVDCVE-2022-48722 at SUSECVE-2022-48722 at NVDCVE-2022-48723 at SUSECVE-2022-48723 at NVDCVE-2022-48724 at SUSECVE-2022-48724 at NVDCVE-2022-48725 at SUSECVE-2022-48725 at NVDCVE-2022-48726 at SUSECVE-2022-48726 at NVDCVE-2022-48727 at SUSECVE-2022-48727 at NVDCVE-2022-48728 at SUSECVE-2022-48728 at NVDCVE-2022-48729 at SUSECVE-2022-48729 at NVDCVE-2022-48730 at SUSECVE-2022-48730 at NVDCVE-2022-48732 at SUSECVE-2022-48732 at NVDCVE-2022-48734 at SUSECVE-2022-48734 at NVDCVE-2022-48735 at SUSECVE-2022-48735 at NVDCVE-2022-48736 at SUSECVE-2022-48736 at NVDCVE-2022-48737 at SUSECVE-2022-48737 at NVDCVE-2022-48738 at SUSECVE-2022-48738 at NVDCVE-2022-48739 at SUSECVE-2022-48739 at NVDCVE-2022-48740 at SUSECVE-2022-48740 at NVDCVE-2022-48743 at SUSECVE-2022-48743 at NVDCVE-2022-48744 at SUSECVE-2022-48744 at NVDCVE-2022-48745 at SUSECVE-2022-48745 at NVDCVE-2022-48746 at SUSECVE-2022-48746 at NVDCVE-2022-48747 at SUSECVE-2022-48747 at NVDCVE-2022-48749 at SUSECVE-2022-48749 at NVDCVE-2022-48751 at SUSECVE-2022-48751 at NVDCVE-2022-48752 at SUSECVE-2022-48752 at NVDCVE-2022-48754 at SUSECVE-2022-48754 at NVDCVE-2022-48756 at SUSECVE-2022-48756 at NVDCVE-2022-48758 at SUSECVE-2022-48758 at NVDCVE-2022-48759 at SUSECVE-2022-48759 at NVDCVE-2022-48760 at SUSECVE-2022-48760 at NVDCVE-2022-48761 at SUSECVE-2022-48761 at NVDCVE-2022-48763 at SUSECVE-2022-48763 at NVDCVE-2022-48765 at SUSECVE-2022-48765 at NVDCVE-2022-48767 at SUSECVE-2022-48767 at NVDCVE-2022-48768 at SUSECVE-2022-48768 at NVDCVE-2022-48769 at SUSECVE-2022-48769 at NVDCVE-2022-48771 at SUSECVE-2022-48771 at NVDCVE-2022-48773 at SUSECVE-2022-48773 at NVDCVE-2022-48774 at SUSECVE-2022-48774 at NVDCVE-2022-48775 at SUSECVE-2022-48775 at NVDCVE-2022-48776 at SUSECVE-2022-48776 at NVDCVE-2022-48777 at SUSECVE-2022-48777 at NVDCVE-2022-48778 at SUSECVE-2022-48778 at NVDCVE-2022-48780 at SUSECVE-2022-48780 at NVDCVE-2022-48783 at SUSECVE-2022-48783 at NVDCVE-2022-48784 at SUSECVE-2022-48784 at NVDCVE-2022-48786 at SUSECVE-2022-48786 at NVDCVE-2022-48787 at SUSECVE-2022-48787 at NVDCVE-2022-48788 at SUSECVE-2022-48788 at NVDCVE-2022-48789 at SUSECVE-2022-48789 at NVDCVE-2022-48790 at SUSECVE-2022-48790 at NVDCVE-2022-48791 at SUSECVE-2022-48791 at NVDCVE-2022-48792 at SUSECVE-2022-48792 at NVDCVE-2022-48793 at SUSECVE-2022-48793 at NVDCVE-2022-48794 at SUSECVE-2022-48794 at NVDCVE-2022-48796 at SUSECVE-2022-48796 at NVDCVE-2022-48797 at SUSECVE-2022-48797 at NVDCVE-2022-48798 at SUSECVE-2022-48798 at NVDCVE-2022-48799 at SUSECVE-2022-48799 at NVDCVE-2022-48800 at SUSECVE-2022-48800 at NVDCVE-2022-48801 at SUSECVE-2022-48801 at NVDCVE-2022-48802 at SUSECVE-2022-48802 at NVDCVE-2022-48803 at SUSECVE-2022-48803 at NVDCVE-2022-48804 at SUSECVE-2022-48804 at NVDCVE-2022-48805 at SUSECVE-2022-48805 at NVDCVE-2022-48806 at SUSECVE-2022-48806 at NVDCVE-2022-48807 at SUSECVE-2022-48807 at NVDCVE-2022-48811 at SUSECVE-2022-48811 at NVDCVE-2022-48812 at SUSECVE-2022-48812 at NVDCVE-2022-48813 at SUSECVE-2022-48813 at NVDCVE-2022-48814 at SUSECVE-2022-48814 at NVDCVE-2022-48815 at SUSECVE-2022-48815 at NVDCVE-2022-48816 at SUSECVE-2022-48816 at NVDCVE-2022-48817 at SUSECVE-2022-48817 at NVDCVE-2022-48818 at SUSECVE-2022-48818 at NVDCVE-2022-48820 at SUSECVE-2022-48820 at NVDCVE-2022-48821 at SUSECVE-2022-48821 at NVDCVE-2022-48822 at SUSECVE-2022-48822 at NVDCVE-2022-48823 at SUSECVE-2022-48823 at NVDCVE-2022-48824 at SUSECVE-2022-48824 at NVDCVE-2022-48825 at SUSECVE-2022-48825 at NVDCVE-2022-48826 at SUSECVE-2022-48826 at NVDCVE-2022-48827 at SUSECVE-2022-48827 at NVDCVE-2022-48828 at SUSECVE-2022-48828 at NVDCVE-2022-48829 at SUSECVE-2022-48829 at NVDCVE-2022-48830 at SUSECVE-2022-48830 at NVDCVE-2022-48831 at SUSECVE-2022-48831 at NVDCVE-2022-48834 at SUSECVE-2022-48834 at NVDCVE-2022-48835 at SUSECVE-2022-48835 at NVDCVE-2022-48836 at SUSECVE-2022-48836 at NVDCVE-2022-48837 at SUSECVE-2022-48837 at NVDCVE-2022-48838 at SUSECVE-2022-48838 at NVDCVE-2022-48839 at SUSECVE-2022-48839 at NVDCVE-2022-48840 at SUSECVE-2022-48840 at NVDCVE-2022-48841 at SUSECVE-2022-48841 at NVDCVE-2022-48842 at SUSECVE-2022-48842 at NVDCVE-2022-48843 at SUSECVE-2022-48843 at NVDCVE-2022-48847 at SUSECVE-2022-48847 at NVDCVE-2022-48849 at SUSECVE-2022-48849 at NVDCVE-2022-48851 at SUSECVE-2022-48851 at NVDCVE-2022-48853 at SUSECVE-2022-48853 at NVDCVE-2022-48856 at SUSECVE-2022-48856 at NVDCVE-2022-48857 at SUSECVE-2022-48857 at NVDCVE-2022-48858 at SUSECVE-2022-48858 at NVDCVE-2022-48859 at SUSECVE-2022-48859 at NVDCVE-2022-48860 at SUSECVE-2022-48860 at NVDCVE-2022-48861 at SUSECVE-2022-48861 at NVDCVE-2022-48862 at SUSECVE-2022-48862 at NVDCVE-2022-48863 at SUSECVE-2022-48863 at NVDCVE-2022-48866 at SUSECVE-2022-48866 at NVDCVE-2023-1582 at SUSECVE-2023-1582 at NVDCVE-2023-37453 at SUSECVE-2023-37453 at NVDCVE-2023-52591 at SUSECVE-2023-52591 at NVDCVE-2023-52762 at SUSECVE-2023-52762 at NVDCVE-2023-52766 at SUSECVE-2023-52766 at NVDCVE-2023-52800 at SUSECVE-2023-52800 at NVDCVE-2023-52885 at SUSECVE-2023-52885 at NVDCVE-2023-52886 at SUSECVE-2023-52886 at NVDCVE-2024-26583 at SUSECVE-2024-26583 at NVDCVE-2024-26584 at SUSECVE-2024-26584 at NVDCVE-2024-26585 at SUSECVE-2024-26585 at NVDCVE-2024-26800 at SUSECVE-2024-26800 at NVDCVE-2024-26813 at SUSECVE-2024-26813 at NVDCVE-2024-26814 at SUSECVE-2024-26814 at NVDCVE-2024-26976 at SUSECVE-2024-26976 at NVDCVE-2024-35878 at SUSECVE-2024-35878 at NVDCVE-2024-35901 at SUSECVE-2024-35901 at NVDCVE-2024-35905 at SUSECVE-2024-35905 at NVDCVE-2024-36926 at SUSECVE-2024-36926 at NVDCVE-2024-36974 at SUSECVE-2024-36974 at NVDCVE-2024-38541 at SUSECVE-2024-38541 at NVDCVE-2024-38555 at SUSECVE-2024-38555 at NVDCVE-2024-38559 at SUSECVE-2024-38559 at NVDCVE-2024-39463 at SUSECVE-2024-39463 at NVDCVE-2024-39494 at SUSECVE-2024-39494 at NVDCVE-2024-40902 at SUSECVE-2024-40902 at NVDCVE-2024-40937 at SUSECVE-2024-40937 at NVDCVE-2024-40954 at SUSECVE-2024-40954 at NVDCVE-2024-40956 at SUSECVE-2024-40956 at NVDCVE-2024-40989 at SUSECVE-2024-40989 at NVDCVE-2024-40994 at SUSECVE-2024-40994 at NVDCVE-2024-41011 at SUSECVE-2024-41011 at NVDCVE-2024-41012 at SUSECVE-2024-41012 at NVDCVE-2024-41059 at SUSECVE-2024-41059 at NVDCVE-2024-41069 at SUSECVE-2024-41069 at NVDCVE-2024-41090 at SUSECVE-2024-41090 at NVDCVE-2024-42093 at SUSECVE-2024-42093 at NVDCVE-2024-42145 at SUSECVE-2024-42145 at NVDCVE-2024-42230 at SUSECVE-2024-42230 at NVDcpe:/o:suse:sle-micro:5.4Security update for openssl-3 (Moderate)SUSE Linux Enterprise Micro 5.4
This update for openssl-3 fixes the following issues:
- CVE-2024-5535: Fixed a buffer overread in function SSL_select_next_proto() with an empty supported client protocols buffer (bsc#1227138)
Other fixes:
- Build with no-afalgeng (bsc#1226463)
ModerateSUSE bug 1226463SUSE bug 1227138CVE-2024-5535 at SUSECVE-2024-5535 at NVDcpe:/o:suse:sle-micro:5.4Security update for runc (Important)SUSE Linux Enterprise Micro 5.4
This update for runc fixes the following issues:
Update to runc v1.1.11:
- CVE-2024-21626: Fixed container breakout. (bsc#1218894)
ImportantSUSE bug 1218894CVE-2024-21626 at SUSECVE-2024-21626 at NVDcpe:/o:suse:sle-micro:5.4Security update for kernel-firmware (Important)SUSE Linux Enterprise Micro 5.4
This update for kernel-firmware fixes the following issues:
CVE-2023-31315: Fixed validation in a model specific register (MSR) that lead to modification of SMM configuration by malicious program with ring0 access (bsc#1229069)
ImportantSUSE bug 1229069CVE-2023-31315 at SUSECVE-2023-31315 at NVDcpe:/o:suse:sle-micro:5.4Security update for keepalived (Moderate)SUSE Linux Enterprise Micro 5.4
This update for keepalived fixes the following issues:
- CVE-2024-41184: Fixed integer overflow in vrrp_ipsets_handler (bsc#1228123)
ModerateSUSE bug 1228123CVE-2024-41184 at SUSECVE-2024-41184 at NVDcpe:/o:suse:sle-micro:5.4Security update for cpio (Moderate)SUSE Linux Enterprise Micro 5.4
This update for cpio fixes the following issues:
- Fixed cpio not extracting correctly when using --no-absolute-filenames option the security fix for CVE-2023-7207 (bsc#1218571, bsc#1219238)
ModerateSUSE bug 1218571SUSE bug 1219238CVE-2023-7207 at SUSECVE-2023-7207 at NVDcpe:/o:suse:sle-micro:5.4Security update for python3-setuptools (Important)SUSE Linux Enterprise Micro 5.4
This update for python3-setuptools fixes the following issues:
- CVE-2024-6345: Fixed code execution via download functions in the package_index module (bsc#1228105)
ImportantSUSE bug 1228105CVE-2024-6345 at SUSECVE-2024-6345 at NVDcpe:/o:suse:sle-micro:5.4Security update for curl (Moderate)SUSE Linux Enterprise Micro 5.4
This update for curl fixes the following issues:
- CVE-2024-7264: Fixed out-of-bounds read in ASN.1 date parser GTime2str() (bsc#1228535)
ModerateSUSE bug 1228535CVE-2024-7264 at SUSECVE-2024-7264 at NVDcpe:/o:suse:sle-micro:5.4Security update for glib2 (Low)SUSE Linux Enterprise Micro 5.4
This update for glib2 fixes the following issues:
- Fixed a possible use after free regression introduced by CVE-2024-34397 patch (bsc#1224044).
LowSUSE bug 1224044CVE-2024-34397 at SUSECVE-2024-34397 at NVDcpe:/o:suse:sle-micro:5.4Security update for ucode-intel (Important)SUSE Linux Enterprise Micro 5.4
This update for ucode-intel fixes the following issues:
- Intel CPU Microcode was updated to the 20240813 release (bsc#1229129)
- CVE-2024-24853: Security updates for [INTEL-SA-01083](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01083.html)
- CVE-2024-25939: Security updates for [INTEL-SA-01118](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01118.html)
- CVE-2024-24980: Security updates for [INTEL-SA-01100](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01100.html)
- CVE-2023-42667: Security updates for [INTEL-SA-01038](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01038.html)
- CVE-2023-49141: Security updates for [INTEL-SA-01046](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01046.html)
Other issues fixed:
- Update for functional issues. Refer to [Intel Core Ultra Processor](https://cdrdv2.intel.com/v1/dl/getContent/792254) for details.
- Update for functional issues. Refer to [3rd Generation Intel Xeon Processor Scalable Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/637780) for details.
- Update for functional issues. Refer to [3rd Generation Intel Xeon Scalable Processors Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/634897) for details.
- Update for functional issues. Refer to [2nd Generation Intel Xeon Processor Scalable Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/338848) for details
- Update for functional issues. Refer to [Intel Xeon D-2700 Processor Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/714071) for details.
- Update for functional issues. Refer to [Intel Xeon E-2300 Processor Specification Update ](https://cdrdv2.intel.com/v1/dl/getContent/709192) for details.
- Update for functional issues. Refer to [13th Generation Intel Core Processor Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/740518) for details.
- Update for functional issues. Refer to [12th Generation Intel Core Processor Family](https://cdrdv2.intel.com/v1/dl/getContent/682436) for details.
- Update for functional issues. Refer to [11th Gen Intel Core Processor Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/631123) for details.
- Update for functional issues. Refer to [10th Gen Intel Core Processor Families Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/341079) for details.
- Update for functional issues. Refer to [10th Generation Intel Core Processor Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/615213) for details.
- Update for functional issues. Refer to [8th and 9th Generation Intel Core Processor Family Spec Update](https://cdrdv2.intel.com/v1/dl/getContent/337346) for details.
- Update for functional issues. Refer to [8th Generation Intel Core Processor Families Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/338025) for details.
- Update for functional issues. Refer to [7th and 8th Generation Intel Core Processor Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/334663) for details.
- Update for functional issues. Refer to [Intel Processors and Intel Core i3 N-Series](https://cdrdv2.intel.com/v1/dl/getContent/764616) for details.
- Update for functional issues. Refer to [Intel Atom x6000E Series, and Intel Pentium and Celeron N and J Series Processors for Internet of Things (IoT) Applications](https://cdrdv2.intel.com/v1/dl/getContent/636674) for details.
Updated Platforms:
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
| AML-Y22 | H0 | 06-8e-09/10 | 000000f4 | 000000f6 | Core Gen8 Mobile
| AML-Y42 | V0 | 06-8e-0c/94 | 000000fa | 000000fc | Core Gen10 Mobile
| CFL-H | R0 | 06-9e-0d/22 | 000000fc | 00000100 | Core Gen9 Mobile
| CFL-H/S | P0 | 06-9e-0c/22 | 000000f6 | 000000f8 | Core Gen9
| CFL-H/S/E3 | U0 | 06-9e-0a/22 | 000000f6 | 000000f8 | Core Gen8 Desktop, Mobile, Xeon E
| CFL-S | B0 | 06-9e-0b/02 | 000000f4 | 000000f6 | Core Gen8
| CFL-S | P0 | 06-9e-0c/22 | 000000f6 | 000000f8 | Core Gen9 Desktop
| CFL-U43e | D0 | 06-8e-0a/c0 | 000000f4 | 000000f6 | Core Gen8 Mobile
| CLX-SP | B1 | 06-55-07/bf | 05003605 | 05003707 | Xeon Scalable Gen2
| CML-H | R1 | 06-a5-02/20 | 000000fa | 000000fc | Core Gen10 Mobile
| CML-S102 | Q0 | 06-a5-05/22 | 000000fa | 000000fc | Core Gen10
| CML-S62 | G1 | 06-a5-03/22 | 000000fa | 000000fc | Core Gen10
| CML-U42 | V0 | 06-8e-0c/94 | 000000fa | 000000fc | Core Gen10 Mobile
| CML-U62 V1 | A0 | 06-a6-00/80 | 000000fa | 000000fe | Core Gen10 Mobile
| CML-U62 V2 | K1 | 06-a6-01/80 | 000000fa | 000000fc | Core Gen10 Mobile
| CML-Y42 | V0 | 06-8e-0c/94 | 000000fa | 000000fc | Core Gen10 Mobile
| CPX-SP | A1 | 06-55-0b/bf | 07002802 | 07002904 | Xeon Scalable Gen3
| EHL | B1 | 06-96-01/01 | 00000019 | 0000001a | Pentium J6426/N6415, Celeron J6412/J6413/N6210/N6211, Atom x6000E
| ICL-D | B0 | 06-6c-01/10 | 01000290 | 010002b0 | Xeon D-17xx, D-27xx
| ICL-U/Y | D1 | 06-7e-05/80 | 000000c4 | 000000c6 | Core Gen10 Mobile
| ICX-SP | Dx/M1 | 06-6a-06/87 | 0d0003d1 | 0d0003e7 | Xeon Scalable Gen3
| KBL-R U | Y0 | 06-8e-0a/c0 | 000000f4 | 000000f6 | Core Gen8 Mobile
| KBL-U23e | J1 | 06-8e-09/c0 | 000000f4 | 000000f6 | Core Gen7 Mobile
| KBL-U/Y | H0 | 06-8e-09/c0 | 000000f4 | 000000f6 | Core Gen7 Mobile
| MTL | C-0 | 06-aa-04/e6 | 0000001c | 0000001e | Core Ultra Processor
| RKL-S | B0 | 06-a7-01/02 | 0000005e | 00000062 | Core Gen11
| TGL | B0/B1 | 06-8c-01/80 | 000000b6 | 000000b8 | Core Gen11 Mobile
| TGL-H | R0 | 06-8d-01/c2 | 00000050 | 00000052 | Core Gen11 Mobile
| TGL-R | C0 | 06-8c-02/c2 | 00000036 | 00000038 | Core Gen11 Mobile
| WHL-U | V0 | 06-8e-0c/94 | 000000fa | 000000fc | Core Gen8 Mobile
| WHL-U | W0 | 06-8e-0b/d0 | 000000f4 | 000000f6 | Core Gen8 Mobile
- update to 20240531:
* Update for functional issues. Refer to Intel Pentium Silver
and Intel Celeron Processor Specification Update
- Updated Platforms:
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
| GLK | B0 | 06-7a-01/01 | 00000040 | 00000042 | Pentium Silver N/J5xxx, Celeron N/J4xxx
ImportantSUSE bug 1229129CVE-2023-42667 at SUSECVE-2023-42667 at NVDCVE-2023-49141 at SUSECVE-2023-49141 at NVDCVE-2024-24853 at SUSECVE-2024-24853 at NVDCVE-2024-24980 at SUSECVE-2024-24980 at NVDCVE-2024-25939 at SUSECVE-2024-25939 at NVDcpe:/o:suse:sle-micro:5.4Security update for openssl-3 (Moderate)SUSE Linux Enterprise Micro 5.4
This update for openssl-3 fixes the following issues:
- CVE-2024-6119: Fixed denial of service in X.509 name checks (bsc#1229465)
ModerateSUSE bug 1229465CVE-2024-6119 at SUSECVE-2024-6119 at NVDcpe:/o:suse:sle-micro:5.4Security update for tiff (Moderate)SUSE Linux Enterprise Micro 5.4
This update for tiff fixes the following issues:
- CVE-2024-7006: Fixed null pointer dereference in tif_dirinfo.c (bsc#1228924)
ModerateSUSE bug 1228924CVE-2024-7006 at SUSECVE-2024-7006 at NVDcpe:/o:suse:sle-micro:5.4Security update for buildah, docker (Critical)SUSE Linux Enterprise Micro 5.4
This update for buildah, docker fixes the following issues:
Changes in docker:
- CVE-2024-23651: Fixed arbitrary files write due to race condition on mounts (bsc#1219267)
- CVE-2024-23652: Fixed insufficient validation of parent directory on mount (bsc#1219268)
- CVE-2024-23653: Fixed insufficient validation on entitlement on container creation via buildkit (bsc#1219438)
- CVE-2024-41110: A Authz zero length regression that could lead to authentication bypass was fixed (bsc#1228324)
Other fixes:
- Update to Docker 25.0.6-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/25.0/#2506>
- Update to Docker 25.0.5-ce (bsc#1223409)
- Fix BuildKit's symlink resolution logic to correctly handle non-lexical
symlinks. (bsc#1221916)
- Write volume options atomically so sudden system crashes won't result in
future Docker starts failing due to empty files. (bsc#1214855)
Changes in buildah:
- Update to version 1.35.4:
* [release-1.35] Bump to Buildah v1.35.4
* [release-1.35] CVE-2024-3727 updates (bsc#1224117)
* integration test: handle new labels in 'bud and test --unsetlabel'
* [release-1.35] Bump go-jose CVE-2024-28180
* [release-1.35] Bump ocicrypt and go-jose CVE-2024-28180
- Update to version 1.35.3:
* [release-1.35] Bump to Buildah v1.35.3
* [release-1.35] correctly configure /etc/hosts and resolv.conf
* [release-1.35] buildah: refactor resolv/hosts setup.
* [release-1.35] rename the hostFile var to reflect
* [release-1.35] Bump c/common to v0.58.1
* [release-1.35] Bump Buildah to v1.35.2
* [release-1.35] CVE-2024-24786 protobuf to 1.33
* [release-1.35] Bump to v1.35.2-dev
- Update to version 1.35.1:
* [release-1.35] Bump to v1.35.1
* [release-1.35] CVE-2024-1753 container escape fix (bsc#1221677)
- Buildah dropped cni support, require netavark instead (bsc#1221243)
- Remove obsolete requires libcontainers-image & libcontainers-storage
- Require passt for rootless networking (poo#156955)
Buildah moved to passt/pasta for rootless networking from slirp4netns
(https://github.com/containers/common/pull/1846)
- Update to version 1.35.0:
* Bump v1.35.0
* Bump c/common v0.58.0, c/image v5.30.0, c/storage v1.53.0
* conformance tests: don't break on trailing zeroes in layer blobs
* Add a conformance test for copying to a mounted prior stage
* fix(deps): update module github.com/stretchr/testify to v1.9.0
* cgroups: reuse version check from c/common
* Update vendor of containers/(common,image)
* fix(deps): update github.com/containers/storage digest to eadc620
* fix(deps): update github.com/containers/luksy digest to ceb12d4
* fix(deps): update github.com/containers/image/v5 digest to cdc6802
* manifest add: complain if we get artifact flags without --artifact
* Use retry logic from containers/common
* Vendor in containers/(storage,image,common)
* Update module golang.org/x/crypto to v0.20.0
* Add comment re: Total Success task name
* tests: skip_if_no_unshare(): check for --setuid
* Properly handle build --pull=false
* [skip-ci] Update tim-actions/get-pr-commits action to v1.3.1
* Update module go.etcd.io/bbolt to v1.3.9
* Revert 'Reduce official image size'
* Update module github.com/opencontainers/image-spec to v1.1.0
* Reduce official image size
* Build with CNI support on FreeBSD
* build --all-platforms: skip some base 'image' platforms
* Bump main to v1.35.0-dev
* Vendor in latest containers/(storage,image,common)
* Split up error messages for missing --sbom related flags
* `buildah manifest`: add artifact-related options
* cmd/buildah/manifest.go: lock lists before adding/annotating/pushing
* cmd/buildah/manifest.go: don't make struct declarations aliases
* Use golang.org/x/exp/slices.Contains
* Disable loong64 again
* Fix a couple of typos in one-line comments
* egrep is obsolescent; use grep -E
* Try Cirrus with a newer VM version
* Set CONTAINERS_CONF in the chroot-mount-flags integration test
* Update to match dependency API update
* Update github.com/openshift/imagebuilder and containers/common
* docs: correct default authfile path
* fix(deps): update module github.com/containerd/containerd to v1.7.13
* tests: retrofit test for heredoc summary
* build, heredoc: show heredoc summary in build output
* manifest, push: add support for --retry and --retry-delay
* fix(deps): update github.com/openshift/imagebuilder digest to b767bc3
* imagebuildah: fix crash with empty RUN
* fix(deps): update github.com/containers/luksy digest to b62d551
* fix(deps): update module github.com/opencontainers/runc to v1.1.12 [security]
* fix(deps): update module github.com/moby/buildkit to v0.12.5 [security]
* Make buildah match podman for handling of ulimits
* docs: move footnotes to where they're applicable
* Allow users to specify no-dereference
* Run codespell on code
* Fix FreeBSD version parsing
* Fix a build break on FreeBSD
* Remove a bad FROM line
* fix(deps): update module github.com/onsi/gomega to v1.31.1
* fix(deps): update module github.com/opencontainers/image-spec to v1.1.0-rc6
* docs: use reversed logo for dark theme in README
* build,commit: add --sbom to scan and produce SBOMs when committing
* commit: force omitHistory if the parent has layers but no history
* docs: fix a couple of typos
* internal/mkcw.Archive(): handle extra image content
* stage_executor,heredoc: honor interpreter in heredoc
* stage_executor,layers: burst cache if heredoc content is changed
* fix(deps): update module golang.org/x/crypto to v0.18.0
* Replace map[K]bool with map[K]struct{} where it makes sense
* fix(deps): update module golang.org/x/sync to v0.6.0
* fix(deps): update module golang.org/x/term to v0.16.0
* Bump CI VMs
* Replace strings.SplitN with strings.Cut
* fix(deps): update github.com/containers/storage digest to ef81e9b
* fix(deps): update github.com/containers/image/v5 digest to 1b221d4
* fix(deps): update module github.com/fsouza/go-dockerclient to v1.10.1
* Document use of containers-transports values in buildah
* fix(deps): update module golang.org/x/crypto to v0.17.0 [security]
* chore(deps): update dependency containers/automation_images to v20231208
* manifest: addCompression use default from containers.conf
* commit: add a --add-file flag
* mkcw: populate the rootfs using an overlay
* chore(deps): update dependency containers/automation_images to v20230517
* [skip-ci] Update actions/stale action to v9
* fix(deps): update module github.com/containernetworking/plugins to v1.4.0
* fix(deps): update github.com/containers/image/v5 digest to 7a40fee
* Bump to v1.34.1-dev
* Ignore errors if label.Relabel returns ENOSUP
CriticalSUSE bug 1214855SUSE bug 1219267SUSE bug 1219268SUSE bug 1219438SUSE bug 1221243SUSE bug 1221677SUSE bug 1221916SUSE bug 1223409SUSE bug 1224117SUSE bug 1228324CVE-2024-1753 at SUSECVE-2024-1753 at NVDCVE-2024-23651 at SUSECVE-2024-23651 at NVDCVE-2024-23652 at SUSECVE-2024-23652 at NVDCVE-2024-23653 at SUSECVE-2024-23653 at NVDCVE-2024-24786 at SUSECVE-2024-24786 at NVDCVE-2024-28180 at SUSECVE-2024-28180 at NVDCVE-2024-3727 at SUSECVE-2024-3727 at NVDCVE-2024-41110 at SUSECVE-2024-41110 at NVDcpe:/o:suse:sle-micro:5.4Security update for systemd (Moderate)SUSE Linux Enterprise Micro 5.4
This update for systemd fixes the following issues:
- CVE-2023-7008: Fixed man-in-the-middle due to unsigned name response in signed zone not refused when DNSSEC=yes (bsc#1218297)
Other fixes:
- Unit: drop ProtectClock=yes from systemd-udevd.service (bsc#1226414)
- Don't mention any rpm macros inside comments, even if escaped (bsc#1228091)
- Skip redundant dependencies specified the LSB description that references the file name of the service itself for early boot scripts (bsc#1221479).
ModerateSUSE bug 1218297SUSE bug 1221479SUSE bug 1226414SUSE bug 1228091CVE-2023-7008 at SUSECVE-2023-7008 at NVDcpe:/o:suse:sle-micro:5.4Security update for libpcap (Moderate)SUSE Linux Enterprise Micro 5.4
This update for libpcap fixes the following issues:
- CVE-2024-8006: NULL pointer dereference in function pcap_findalldevs_ex(). (bsc#1230034)
- CVE-2023-7256: double free via struct addrinfo in function sock_initaddress(). (bsc#1230020)
ModerateSUSE bug 1230020SUSE bug 1230034CVE-2023-7256 at SUSECVE-2023-7256 at NVDCVE-2024-8006 at SUSECVE-2024-8006 at NVDcpe:/o:suse:sle-micro:5.4Security update for curl (Moderate)SUSE Linux Enterprise Micro 5.4
This update for curl fixes the following issues:
- CVE-2024-8096: OCSP stapling bypass with GnuTLS. (bsc#1230093)
ModerateSUSE bug 1230093CVE-2024-8096 at SUSECVE-2024-8096 at NVDcpe:/o:suse:sle-micro:5.4Security update for expat (Moderate)SUSE Linux Enterprise Micro 5.4
This update for expat fixes the following issues:
- CVE-2024-45492: integer overflow in function nextScaffoldPart. (bsc#1229932)
- CVE-2024-45491: integer overflow in dtdCopy. (bsc#1229931)
- CVE-2024-45490: negative length for XML_ParseBuffer not rejected. (bsc#1229930)
ModerateSUSE bug 1229930SUSE bug 1229931SUSE bug 1229932CVE-2024-45490 at SUSECVE-2024-45490 at NVDCVE-2024-45491 at SUSECVE-2024-45491 at NVDCVE-2024-45492 at SUSECVE-2024-45492 at NVDcpe:/o:suse:sle-micro:5.4Security update for containerd (Important)SUSE Linux Enterprise Micro 5.4
This update for containerd fixes the following issues:
- Update to containerd v1.7.21
- CVE-2023-47108: Fixed DoS vulnerability in otelgrpc (uncontrolled resource consumption) due to unbound cardinality metrics. (bsc#1217070)
- CVE-2023-45142: Fixed DoS vulnerability in otelhttp. (bsc#1228553)
ImportantSUSE bug 1200528SUSE bug 1217070SUSE bug 1228553CVE-2022-1996 at SUSECVE-2022-1996 at NVDCVE-2023-45142 at SUSECVE-2023-45142 at NVDCVE-2023-47108 at SUSECVE-2023-47108 at NVDcpe:/o:suse:sle-micro:5.4Security update for runc (Low)SUSE Linux Enterprise Micro 5.4
This update for runc fixes the following issues:
- Update to runc v1.1.14
- CVE-2024-45310: Fixed an issue where runc can be tricked into creating empty files/directories on host. (bsc#1230092)
LowSUSE bug 1230092CVE-2024-45310 at SUSECVE-2024-45310 at NVDcpe:/o:suse:sle-micro:5.4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.4
The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2024-41062: bluetooth/l2cap: sync sock recv cb and release (bsc#1228576).
- CVE-2024-44947: Initialize beyond-EOF page contents before setting uptodate (bsc#1229454).
- CVE-2024-43883: Do not drop references before new references are gained (bsc#1229707).
- CVE-2024-43861: Fix memory leak for not ip packets (bsc#1229500).
- CVE-2023-52489: mm/sparsemem: fix race in accessing memory_section->usage (bsc#1221326).
- CVE-2024-44938: Fix shift-out-of-bounds in dbDiscardAG (bsc#1229792).
- CVE-2024-41087: Fix double free on error (CVE-2024-41087,bsc#1228466).
- CVE-2024-43882: Fixed ToCToU between perm check and set-uid/gid usage. (bsc#1229503)
- CVE-2022-48935: Fixed an unregister flowtable hooks on netns exit (bsc#1229619)
- CVE-2022-48912: Fix use-after-free in __nf_register_net_hook() (bsc#1229641)
- CVE-2024-42271: Fixed a use after free in iucv_sock_close(). (bsc#1229400)
- CVE-2024-42232: Fixed a race between delayed_work() and ceph_monc_stop(). (bsc#1228959)
- CVE-2024-40910: Fix refcount imbalance on inbound connections (bsc#1227832).
- CVE-2024-41009: bpf: Fix overrunning reservations in ringbuf (bsc#1228020).
The following non-security bugs were fixed:
- Bluetooth: L2CAP: Fix deadlock (git-fixes).
- mm, kmsan: fix infinite recursion due to RCU critical section (git-fixes).
- mm: prevent derefencing NULL ptr in pfn_section_valid() (git-fixes).
- nvme_core: scan namespaces asynchronously (bsc#1224105).
ImportantSUSE bug 1193629SUSE bug 1194111SUSE bug 1194765SUSE bug 1196261SUSE bug 1196516SUSE bug 1196894SUSE bug 1198017SUSE bug 1203360SUSE bug 1206006SUSE bug 1206258SUSE bug 1207158SUSE bug 1216834SUSE bug 1221326SUSE bug 1221645SUSE bug 1223191SUSE bug 1224105SUSE bug 1227832SUSE bug 1228020SUSE bug 1228466SUSE bug 1228516SUSE bug 1228576SUSE bug 1228718SUSE bug 1228801SUSE bug 1228959SUSE bug 1229042SUSE bug 1229292SUSE bug 1229400SUSE bug 1229454SUSE bug 1229500SUSE bug 1229503SUSE bug 1229506SUSE bug 1229507SUSE bug 1229508SUSE bug 1229509SUSE bug 1229510SUSE bug 1229512SUSE bug 1229516SUSE bug 1229522SUSE bug 1229526SUSE bug 1229528SUSE bug 1229531SUSE bug 1229533SUSE bug 1229535SUSE bug 1229536SUSE bug 1229537SUSE bug 1229540SUSE bug 1229544SUSE bug 1229554SUSE bug 1229557SUSE bug 1229565SUSE bug 1229566SUSE bug 1229568SUSE bug 1229581SUSE bug 1229598SUSE bug 1229603SUSE bug 1229604SUSE bug 1229608SUSE bug 1229611SUSE bug 1229612SUSE bug 1229613SUSE bug 1229614SUSE bug 1229617SUSE bug 1229619SUSE bug 1229620SUSE bug 1229622SUSE bug 1229623SUSE bug 1229624SUSE bug 1229625SUSE bug 1229626SUSE bug 1229628SUSE bug 1229629SUSE bug 1229630SUSE bug 1229631SUSE bug 1229635SUSE bug 1229636SUSE bug 1229637SUSE bug 1229638SUSE bug 1229639SUSE bug 1229641SUSE bug 1229642SUSE bug 1229643SUSE bug 1229645SUSE bug 1229657SUSE bug 1229664SUSE bug 1229707SUSE bug 1229792CVE-2021-4441 at SUSECVE-2021-4441 at NVDCVE-2022-48868 at SUSECVE-2022-48868 at NVDCVE-2022-48869 at SUSECVE-2022-48869 at NVDCVE-2022-48870 at SUSECVE-2022-48870 at NVDCVE-2022-48871 at SUSECVE-2022-48871 at NVDCVE-2022-48872 at SUSECVE-2022-48872 at NVDCVE-2022-48873 at SUSECVE-2022-48873 at NVDCVE-2022-48875 at SUSECVE-2022-48875 at NVDCVE-2022-48878 at SUSECVE-2022-48878 at NVDCVE-2022-48880 at SUSECVE-2022-48880 at NVDCVE-2022-48890 at SUSECVE-2022-48890 at NVDCVE-2022-48891 at SUSECVE-2022-48891 at NVDCVE-2022-48896 at SUSECVE-2022-48896 at NVDCVE-2022-48898 at SUSECVE-2022-48898 at NVDCVE-2022-48899 at SUSECVE-2022-48899 at NVDCVE-2022-48903 at SUSECVE-2022-48903 at NVDCVE-2022-48904 at SUSECVE-2022-48904 at NVDCVE-2022-48905 at SUSECVE-2022-48905 at NVDCVE-2022-48907 at SUSECVE-2022-48907 at NVDCVE-2022-48909 at SUSECVE-2022-48909 at NVDCVE-2022-48912 at SUSECVE-2022-48912 at NVDCVE-2022-48913 at SUSECVE-2022-48913 at NVDCVE-2022-48914 at SUSECVE-2022-48914 at NVDCVE-2022-48915 at SUSECVE-2022-48915 at NVDCVE-2022-48916 at SUSECVE-2022-48916 at NVDCVE-2022-48917 at SUSECVE-2022-48917 at NVDCVE-2022-48918 at SUSECVE-2022-48918 at NVDCVE-2022-48919 at SUSECVE-2022-48919 at NVDCVE-2022-48921 at SUSECVE-2022-48921 at NVDCVE-2022-48924 at SUSECVE-2022-48924 at NVDCVE-2022-48925 at SUSECVE-2022-48925 at NVDCVE-2022-48926 at SUSECVE-2022-48926 at NVDCVE-2022-48927 at SUSECVE-2022-48927 at NVDCVE-2022-48928 at SUSECVE-2022-48928 at NVDCVE-2022-48929 at SUSECVE-2022-48929 at NVDCVE-2022-48930 at SUSECVE-2022-48930 at NVDCVE-2022-48931 at SUSECVE-2022-48931 at NVDCVE-2022-48932 at SUSECVE-2022-48932 at NVDCVE-2022-48934 at SUSECVE-2022-48934 at NVDCVE-2022-48935 at SUSECVE-2022-48935 at NVDCVE-2022-48937 at SUSECVE-2022-48937 at NVDCVE-2022-48938 at SUSECVE-2022-48938 at NVDCVE-2022-48941 at SUSECVE-2022-48941 at NVDCVE-2022-48942 at SUSECVE-2022-48942 at NVDCVE-2022-48943 at SUSECVE-2022-48943 at NVDCVE-2023-52489 at SUSECVE-2023-52489 at NVDCVE-2023-52893 at SUSECVE-2023-52893 at NVDCVE-2023-52894 at SUSECVE-2023-52894 at NVDCVE-2023-52896 at SUSECVE-2023-52896 at NVDCVE-2023-52898 at SUSECVE-2023-52898 at NVDCVE-2023-52900 at SUSECVE-2023-52900 at NVDCVE-2023-52901 at SUSECVE-2023-52901 at NVDCVE-2023-52905 at SUSECVE-2023-52905 at NVDCVE-2023-52907 at SUSECVE-2023-52907 at NVDCVE-2023-52911 at SUSECVE-2023-52911 at NVDCVE-2024-40910 at SUSECVE-2024-40910 at NVDCVE-2024-41009 at SUSECVE-2024-41009 at NVDCVE-2024-41062 at SUSECVE-2024-41062 at NVDCVE-2024-41087 at SUSECVE-2024-41087 at NVDCVE-2024-42077 at SUSECVE-2024-42077 at NVDCVE-2024-42126 at SUSECVE-2024-42126 at NVDCVE-2024-42232 at SUSECVE-2024-42232 at NVDCVE-2024-42271 at SUSECVE-2024-42271 at NVDCVE-2024-43853 at SUSECVE-2024-43853 at NVDCVE-2024-43861 at SUSECVE-2024-43861 at NVDCVE-2024-43882 at SUSECVE-2024-43882 at NVDCVE-2024-43883 at SUSECVE-2024-43883 at NVDCVE-2024-44938 at SUSECVE-2024-44938 at NVDCVE-2024-44947 at SUSECVE-2024-44947 at NVDcpe:/o:suse:sle-micro:5.4Security update for python-dnspython (Moderate)SUSE Linux Enterprise Micro 5.4
This update for python-dnspython fixes the following issue:
- Fix CVE-2023-29483 (bsc#1230353).
ModerateSUSE bug 1230353CVE-2023-29483 at SUSECVE-2023-29483 at NVDcpe:/o:suse:sle-micro:5.4Security update for ucode-intel (Moderate)SUSE Linux Enterprise Micro 5.4
This update for ucode-intel fixes the following issues:
- Intel CPU Microcode was updated to the 20240910 release (bsc#1230400)
- CVE-2024-23984: Observable discrepancy in RAPL interface for some Intel Processors may allow a privileged user to potentially enable information disclosure via local access.
- CVE-2024-24968: Improper finite state machines (FSMs) in hardware logic in some Intel Processors may allow an privileged user to potentially enable a denial of service via local access.
ModerateSUSE bug 1230400CVE-2024-23984 at SUSECVE-2024-23984 at NVDCVE-2024-24968 at SUSECVE-2024-24968 at NVDcpe:/o:suse:sle-micro:5.4Security update for qemu (Important)SUSE Linux Enterprise Micro 5.4
This update for qemu fixes the following issues:
- CVE-2024-4467: Fixed denial of service and file read/write via qemu-img info command (bsc#1227322)
ImportantSUSE bug 1227322SUSE bug 1230363CVE-2024-4467 at SUSECVE-2024-4467 at NVDcpe:/o:suse:sle-micro:5.4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.4
The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2024-45003: Don't evict inode under the inode lru traversing context. (bsc#1230245)
The following non-security bugs were fixed:
- Revert 'mm, kmsan: fix infinite recursion due to RCU critical section'. (bsc#1230413)
- Revert 'mm/sparsemem: fix race in accessing memory_section->usage'. (bsc#1230413)
- Revert 'mm: prevent derefencing NULL ptr in pfn_section_valid()'. (bsc#1230413)
ImportantSUSE bug 1230245SUSE bug 1230413CVE-2024-45003 at SUSECVE-2024-45003 at NVDcpe:/o:suse:sle-micro:5.4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.4
The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2024-41062: Sync sock recv cb and release (bsc#1228576).
- CVE-2024-44947: Initialize beyond-EOF page contents before setting uptodate (bsc#1229454).
- CVE-2024-43883: Do not drop references before new references are gained (bsc#1229707).
- CVE-2024-43861: Fix memory leak for not ip packets (bsc#1229500).
- CVE-2023-52489: Fix race in accessing memory_section->usage (bsc#1221326).
- CVE-2024-44938: Fix shift-out-of-bounds in dbDiscardAG (bsc#1229792).
- CVE-2024-41087: Fix double free on error (CVE-2024-41087,bsc#1228466).
- CVE-2024-43882: Fixed ToCToU between perm check and set-uid/gid usage. (bsc#1229503)
- CVE-2022-48935: Fixed an unregister flowtable hooks on netns exit (bsc#1229619)
- CVE-2022-48912: Fix use-after-free in __nf_register_net_hook() (bsc#1229641)
- CVE-2024-42271: Fixed a use after free in iucv_sock_close(). (bsc#1229400)
- CVE-2024-42232: Fixed a race between delayed_work() and ceph_monc_stop(). (bsc#1228959)
- CVE-2024-40910: Fix refcount imbalance on inbound connections (bsc#1227832).
- CVE-2024-41009: Fix overrunning reservations in ringbuf (bsc#1228020).
- CVE-2024-45003: Don't evict inode under the inode lru traversing context (bsc#1230245).
The following non-security bugs were fixed:
- Bluetooth: L2CAP: Fix deadlock (git-fixes).
- mm, kmsan: fix infinite recursion due to RCU critical section (git-fixes).
- mm: prevent derefencing NULL ptr in pfn_section_valid() (git-fixes).
- Revert 'mm: prevent derefencing NULL ptr in pfn_section_valid()' (bsc#1230413).
- Revert 'mm, kmsan: fix infinite recursion due to RCU critical section' (bsc#1230413).
- Revert 'mm/sparsemem: fix race in accessing memory_section->usage' (bsc#1230413).
- nvme_core: scan namespaces asynchronously (bsc#1224105).
ImportantSUSE bug 1193629SUSE bug 1194111SUSE bug 1194765SUSE bug 1194869SUSE bug 1196261SUSE bug 1196516SUSE bug 1196894SUSE bug 1198017SUSE bug 1203360SUSE bug 1206006SUSE bug 1206258SUSE bug 1207158SUSE bug 1216834SUSE bug 1221326SUSE bug 1221645SUSE bug 1223191SUSE bug 1224105SUSE bug 1227832SUSE bug 1228020SUSE bug 1228114SUSE bug 1228466SUSE bug 1228489SUSE bug 1228516SUSE bug 1228576SUSE bug 1228718SUSE bug 1228801SUSE bug 1228959SUSE bug 1229042SUSE bug 1229292SUSE bug 1229400SUSE bug 1229454SUSE bug 1229500SUSE bug 1229503SUSE bug 1229506SUSE bug 1229507SUSE bug 1229508SUSE bug 1229509SUSE bug 1229510SUSE bug 1229512SUSE bug 1229516SUSE bug 1229522SUSE bug 1229526SUSE bug 1229528SUSE bug 1229531SUSE bug 1229533SUSE bug 1229535SUSE bug 1229536SUSE bug 1229537SUSE bug 1229540SUSE bug 1229544SUSE bug 1229554SUSE bug 1229557SUSE bug 1229565SUSE bug 1229566SUSE bug 1229568SUSE bug 1229581SUSE bug 1229598SUSE bug 1229603SUSE bug 1229604SUSE bug 1229608SUSE bug 1229611SUSE bug 1229612SUSE bug 1229613SUSE bug 1229614SUSE bug 1229617SUSE bug 1229619SUSE bug 1229620SUSE bug 1229622SUSE bug 1229623SUSE bug 1229624SUSE bug 1229625SUSE bug 1229626SUSE bug 1229628SUSE bug 1229629SUSE bug 1229630SUSE bug 1229631SUSE bug 1229635SUSE bug 1229636SUSE bug 1229637SUSE bug 1229638SUSE bug 1229639SUSE bug 1229641SUSE bug 1229642SUSE bug 1229643SUSE bug 1229645SUSE bug 1229657SUSE bug 1229664SUSE bug 1229707SUSE bug 1229792SUSE bug 1230245SUSE bug 1230413CVE-2021-4441 at SUSECVE-2021-4441 at NVDCVE-2022-4382 at SUSECVE-2022-4382 at NVDCVE-2022-48868 at SUSECVE-2022-48868 at NVDCVE-2022-48869 at SUSECVE-2022-48869 at NVDCVE-2022-48870 at SUSECVE-2022-48870 at NVDCVE-2022-48871 at SUSECVE-2022-48871 at NVDCVE-2022-48872 at SUSECVE-2022-48872 at NVDCVE-2022-48873 at SUSECVE-2022-48873 at NVDCVE-2022-48875 at SUSECVE-2022-48875 at NVDCVE-2022-48878 at SUSECVE-2022-48878 at NVDCVE-2022-48880 at SUSECVE-2022-48880 at NVDCVE-2022-48890 at SUSECVE-2022-48890 at NVDCVE-2022-48891 at SUSECVE-2022-48891 at NVDCVE-2022-48896 at SUSECVE-2022-48896 at NVDCVE-2022-48898 at SUSECVE-2022-48898 at NVDCVE-2022-48899 at SUSECVE-2022-48899 at NVDCVE-2022-48903 at SUSECVE-2022-48903 at NVDCVE-2022-48904 at SUSECVE-2022-48904 at NVDCVE-2022-48905 at SUSECVE-2022-48905 at NVDCVE-2022-48907 at SUSECVE-2022-48907 at NVDCVE-2022-48909 at SUSECVE-2022-48909 at NVDCVE-2022-48912 at SUSECVE-2022-48912 at NVDCVE-2022-48913 at SUSECVE-2022-48913 at NVDCVE-2022-48914 at SUSECVE-2022-48914 at NVDCVE-2022-48915 at SUSECVE-2022-48915 at NVDCVE-2022-48916 at SUSECVE-2022-48916 at NVDCVE-2022-48917 at SUSECVE-2022-48917 at NVDCVE-2022-48918 at SUSECVE-2022-48918 at NVDCVE-2022-48919 at SUSECVE-2022-48919 at NVDCVE-2022-48921 at SUSECVE-2022-48921 at NVDCVE-2022-48924 at SUSECVE-2022-48924 at NVDCVE-2022-48925 at SUSECVE-2022-48925 at NVDCVE-2022-48926 at SUSECVE-2022-48926 at NVDCVE-2022-48927 at SUSECVE-2022-48927 at NVDCVE-2022-48928 at SUSECVE-2022-48928 at NVDCVE-2022-48929 at SUSECVE-2022-48929 at NVDCVE-2022-48930 at SUSECVE-2022-48930 at NVDCVE-2022-48931 at SUSECVE-2022-48931 at NVDCVE-2022-48932 at SUSECVE-2022-48932 at NVDCVE-2022-48934 at SUSECVE-2022-48934 at NVDCVE-2022-48935 at SUSECVE-2022-48935 at NVDCVE-2022-48937 at SUSECVE-2022-48937 at NVDCVE-2022-48938 at SUSECVE-2022-48938 at NVDCVE-2022-48941 at SUSECVE-2022-48941 at NVDCVE-2022-48942 at SUSECVE-2022-48942 at NVDCVE-2022-48943 at SUSECVE-2022-48943 at NVDCVE-2023-52489 at SUSECVE-2023-52489 at NVDCVE-2023-52893 at SUSECVE-2023-52893 at NVDCVE-2023-52894 at SUSECVE-2023-52894 at NVDCVE-2023-52896 at SUSECVE-2023-52896 at NVDCVE-2023-52898 at SUSECVE-2023-52898 at NVDCVE-2023-52900 at SUSECVE-2023-52900 at NVDCVE-2023-52901 at SUSECVE-2023-52901 at NVDCVE-2023-52905 at SUSECVE-2023-52905 at NVDCVE-2023-52907 at SUSECVE-2023-52907 at NVDCVE-2023-52911 at SUSECVE-2023-52911 at NVDCVE-2024-40910 at SUSECVE-2024-40910 at NVDCVE-2024-41009 at SUSECVE-2024-41009 at NVDCVE-2024-41011 at SUSECVE-2024-41011 at NVDCVE-2024-41062 at SUSECVE-2024-41062 at NVDCVE-2024-41087 at SUSECVE-2024-41087 at NVDCVE-2024-42077 at SUSECVE-2024-42077 at NVDCVE-2024-42126 at SUSECVE-2024-42126 at NVDCVE-2024-42230 at SUSECVE-2024-42230 at NVDCVE-2024-42232 at SUSECVE-2024-42232 at NVDCVE-2024-42271 at SUSECVE-2024-42271 at NVDCVE-2024-43853 at SUSECVE-2024-43853 at NVDCVE-2024-43861 at SUSECVE-2024-43861 at NVDCVE-2024-43882 at SUSECVE-2024-43882 at NVDCVE-2024-43883 at SUSECVE-2024-43883 at NVDCVE-2024-44938 at SUSECVE-2024-44938 at NVDCVE-2024-44947 at SUSECVE-2024-44947 at NVDCVE-2024-45003 at SUSECVE-2024-45003 at NVDcpe:/o:suse:sle-micro:5.4Security update for xen (Important)SUSE Linux Enterprise Micro 5.4
This update for xen fixes the following issues:
- CVE-2024-2201: Mitigation for Native Branch History Injection (XSA-456, bsc#1222453)
- CVE-2024-31143: Fixed double unlock in x86 guest IRQ handling (XSA-458, bsc#1227355)
- CVE-2024-31145: Fixed error handling in x86 IOMMU identity mapping (XSA-460, bsc#1228574)
- CVE-2024-31146: Fixed PCI device pass-through with shared resources (XSA-461, bsc#1228575)
- CVE-2024-45817: Fixed a deadlock in vlapic_error (XSA-462, bsc#1230366)
ImportantSUSE bug 1222453SUSE bug 1227355SUSE bug 1228574SUSE bug 1228575SUSE bug 1230366CVE-2024-2201 at SUSECVE-2024-2201 at NVDCVE-2024-31143 at SUSECVE-2024-31143 at NVDCVE-2024-31145 at SUSECVE-2024-31145 at NVDCVE-2024-31146 at SUSECVE-2024-31146 at NVDCVE-2024-45817 at SUSECVE-2024-45817 at NVDcpe:/o:suse:sle-micro:5.4Security update for opensc (Low)SUSE Linux Enterprise Micro 5.4
This update for opensc fixes the following issues:
- CVE-2024-45620: Incorrect handling of the length of buffers or files in pkcs15init. (bsc#1230076)
- CVE-2024-45619: Incorrect handling length of buffers or files in libopensc. (bsc#1230075)
- CVE-2024-45618: Uninitialized values after incorrect or missing checking return values of functions in pkcs15init. (bsc#1230074)
- CVE-2024-45617: Uninitialized values after incorrect or missing checking return values of functions in libopensc. (bsc#1230073)
- CVE-2024-45616: Uninitialized values after incorrect check or usage of APDU response values in libopensc. (bsc#1230072)
- CVE-2024-45615: Usage of uninitialized values in libopensc and pkcs15init. (bsc#1230071)
- CVE-2024-8443: Heap buffer overflow in OpenPGP driver when generating key. (bsc#1230364)
LowSUSE bug 1217722SUSE bug 1230071SUSE bug 1230072SUSE bug 1230073SUSE bug 1230074SUSE bug 1230075SUSE bug 1230076SUSE bug 1230364CVE-2024-45615 at SUSECVE-2024-45615 at NVDCVE-2024-45616 at SUSECVE-2024-45616 at NVDCVE-2024-45617 at SUSECVE-2024-45617 at NVDCVE-2024-45618 at SUSECVE-2024-45618 at NVDCVE-2024-45619 at SUSECVE-2024-45619 at NVDCVE-2024-45620 at SUSECVE-2024-45620 at NVDCVE-2024-8443 at SUSECVE-2024-8443 at NVDcpe:/o:suse:sle-micro:5.4Security update for python3 (Important)SUSE Linux Enterprise Micro 5.4
This update for python3 fixes the following issues:
- CVE-2024-6923: Fixed uncontrolled CPU resource consumption when in http.cookies module (bsc#1228780).
- CVE-2024-5642: Fixed buffer overread when NPN is used and invalid values are sent to the OpenSSL API (bsc#1227233).
- CVE-2024-7592: Fixed Email header injection due to unquoted newlines (bsc#1229596).
- CVE-2024-6232: excessive backtracking when parsing tarfile headers leads to ReDoS. (bsc#1230227)
Bug fixes:
- %{profileopt} variable is set according to the variable %{do_profiling} (bsc#1227999).
- Stop using %%defattr, it seems to be breaking proper executable attributes on /usr/bin/ scripts (bsc#1227378).
- Remove %suse_update_desktop_file macro as it is not useful any more.
ImportantSUSE bug 1227233SUSE bug 1227378SUSE bug 1227999SUSE bug 1228780SUSE bug 1229596SUSE bug 1230227CVE-2024-5642 at SUSECVE-2024-5642 at NVDCVE-2024-6232 at SUSECVE-2024-6232 at NVDCVE-2024-6923 at SUSECVE-2024-6923 at NVDCVE-2024-7592 at SUSECVE-2024-7592 at NVDcpe:/o:suse:sle-micro:5.4Security update for openssl-3 (Important)SUSE Linux Enterprise Micro 5.4
This update for openssl-3 fixes the following issues:
- CVE-2024-41996: Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers to trigger expensive server-side DHE (bsc#1230698)
ImportantSUSE bug 1230698CVE-2024-41996 at SUSECVE-2024-41996 at NVDcpe:/o:suse:sle-micro:5.4Security update for Mesa (Moderate)SUSE Linux Enterprise Micro 5.4
This update for Mesa fixes the following issues:
- CVE-2023-45919: Fixed buffer over-read in glXQueryServerString() (bsc#1222041).
- CVE-2023-45913: Fixed NULL pointer dereference via dri2GetGlxDrawableFromXDrawableId() (bsc#1222040).
- CVE-2023-45922: Fixed segmentation violation in __glXGetDrawableAttribute() (bsc#CVE-2023-45922).
ModerateSUSE bug 1222040SUSE bug 1222041SUSE bug 1222042CVE-2023-45913 at SUSECVE-2023-45913 at NVDCVE-2023-45919 at SUSECVE-2023-45919 at NVDCVE-2023-45922 at SUSECVE-2023-45922 at NVDcpe:/o:suse:sle-micro:5.4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.4
The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2022-48911: kabi: add __nf_queue_get_refs() for kabi compliance. (bsc#1229633).
- CVE-2022-48923: btrfs: prevent copying too big compressed lzo segment (bsc#1229662)
- CVE-2024-41087: Fix double free on error (bsc#1228466).
- CVE-2024-42301: Fix the array out-of-bounds risk (bsc#1229407).
- CVE-2024-44946: kcm: Serialise kcm_sendmsg() for the same socket (bsc#1230015).
- CVE-2024-45021: memcg_write_event_control(): fix a user-triggerable oops (bsc#1230434).
- CVE-2024-46674: usb: dwc3: st: fix probed platform device ref count on probe error path (bsc#1230507).
The following non-security bugs were fixed:
- blk-mq: add helper for checking if one CPU is mapped to specified hctx (bsc#1223600).
- blk-mq: do not schedule block kworker on isolated CPUs (bsc#1223600).
- kabi: add __nf_queue_get_refs() for kabi compliance.
- scsi: ibmvfc: Add max_sectors module parameter (bsc#1216223).
- scsi: smartpqi: Expose SAS address for SATA drives (bsc#1223958).
- SUNRPC: avoid soft lockup when transmitting UDP to reachable server (bsc#1225272 bsc#1231016).
ImportantSUSE bug 1216223SUSE bug 1223600SUSE bug 1223958SUSE bug 1225272SUSE bug 1227487SUSE bug 1228466SUSE bug 1229407SUSE bug 1229633SUSE bug 1229662SUSE bug 1229947SUSE bug 1230015SUSE bug 1230398SUSE bug 1230434SUSE bug 1230507SUSE bug 1230767SUSE bug 1231016CVE-2022-48911 at SUSECVE-2022-48911 at NVDCVE-2022-48923 at SUSECVE-2022-48923 at NVDCVE-2022-48944 at SUSECVE-2022-48944 at NVDCVE-2022-48945 at SUSECVE-2022-48945 at NVDCVE-2024-41087 at SUSECVE-2024-41087 at NVDCVE-2024-42301 at SUSECVE-2024-42301 at NVDCVE-2024-44946 at SUSECVE-2024-44946 at NVDCVE-2024-45021 at SUSECVE-2024-45021 at NVDCVE-2024-46674 at SUSECVE-2024-46674 at NVDCVE-2024-46774 at SUSECVE-2024-46774 at NVDcpe:/o:suse:sle-micro:5.4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.4
The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2022-48911: kabi: add __nf_queue_get_refs() for kabi compliance. (bsc#1229633).
- CVE-2022-48923: btrfs: prevent copying too big compressed lzo segment (bsc#1229662)
- CVE-2024-42301: Fix the array out-of-bounds risk (bsc#1229407).
- CVE-2024-44946: kcm: Serialise kcm_sendmsg() for the same socket (bsc#1230015).
- CVE-2024-45021: memcg_write_event_control(): fix a user-triggerable oops (bsc#1230434).
- CVE-2024-46674: usb: dwc3: st: fix probed platform device ref count on probe error path (bsc#1230507).
The following non-security bugs were fixed:
- SUNRPC: avoid soft lockup when transmitting UDP to reachable server (bsc#1225272 bsc#1231016).
- blk-mq: add helper for checking if one CPU is mapped to specified hctx (bsc#1223600).
- blk-mq: do not schedule block kworker on isolated CPUs (bsc#1223600).
- kabi: add __nf_queue_get_refs() for kabi compliance.
- scsi: ibmvfc: Add max_sectors module parameter (bsc#1216223).
- scsi: smartpqi: Expose SAS address for SATA drives (bsc#1223958).
ImportantSUSE bug 1216223SUSE bug 1223600SUSE bug 1223958SUSE bug 1225272SUSE bug 1227487SUSE bug 1229407SUSE bug 1229633SUSE bug 1229662SUSE bug 1229947SUSE bug 1230015SUSE bug 1230398SUSE bug 1230434SUSE bug 1230507SUSE bug 1230767SUSE bug 1231016CVE-2022-48911 at SUSECVE-2022-48911 at NVDCVE-2022-48923 at SUSECVE-2022-48923 at NVDCVE-2022-48944 at SUSECVE-2022-48944 at NVDCVE-2022-48945 at SUSECVE-2022-48945 at NVDCVE-2024-42301 at SUSECVE-2024-42301 at NVDCVE-2024-44946 at SUSECVE-2024-44946 at NVDCVE-2024-45021 at SUSECVE-2024-45021 at NVDCVE-2024-46674 at SUSECVE-2024-46674 at NVDCVE-2024-46774 at SUSECVE-2024-46774 at NVDcpe:/o:suse:sle-micro:5.4Security update for protobuf (Important)SUSE Linux Enterprise Micro 5.4
This update for protobuf fixes the following issues:
- CVE-2024-7254: Fixed stack overflow vulnerability in Protocol Buffer (bsc#1230778)
ImportantSUSE bug 1230778CVE-2024-7254 at SUSECVE-2024-7254 at NVDcpe:/o:suse:sle-micro:5.4Security update for openssl-3 (Important)SUSE Linux Enterprise Micro 5.4
This update for openssl-3 fixes the following issues:
- CVE-2023-50782: Implicit rejection in PKCS#1 v1.5 (bsc#1220262)
- CVE-2024-41996: Avoid expensive public key validation for known safe-prime groups (DHEATATTACK) (bsc#1230698)
ImportantSUSE bug 1220262SUSE bug 1230698CVE-2023-50782 at SUSECVE-2023-50782 at NVDCVE-2024-41996 at SUSECVE-2024-41996 at NVDcpe:/o:suse:sle-micro:5.4Security update for openssl-1_1 (Moderate)SUSE Linux Enterprise Micro 5.4
This update for openssl-1_1 fixes the following issues:
- CVE-2023-50782: Implicit rejection in PKCS#1 v1.5 (bsc#1220262)
ModerateSUSE bug 1220262CVE-2023-50782 at SUSECVE-2023-50782 at NVDcpe:/o:suse:sle-micro:5.4Security update for python3 (Moderate)SUSE Linux Enterprise Micro 5.4
This update for python3 fixes the following issues:
Security fixes:
- CVE-2024-9287: properly quote path names provided when creating a virtual environment (bsc#1232241)
Other fixes:
- Drop .pyc files from docdir for reproducible builds (bsc#1230906)
ModerateSUSE bug 1230906SUSE bug 1232241CVE-2024-9287 at SUSECVE-2024-9287 at NVDcpe:/o:suse:sle-micro:5.4Security update for curl (Moderate)SUSE Linux Enterprise Micro 5.4
This update for curl fixes the following issues:
- CVE-2024-9681: Fixed HSTS subdomain overwrites parent cache entry (bsc#1232528)
ModerateSUSE bug 1232528CVE-2024-9681 at SUSECVE-2024-9681 at NVDcpe:/o:suse:sle-micro:5.4Security update for expat (Moderate)SUSE Linux Enterprise Micro 5.4
This update for expat fixes the following issues:
- CVE-2024-50602: Fixed a denial of service via XML_ResumeParser (bsc#1232579).
ModerateSUSE bug 1232579CVE-2024-50602 at SUSECVE-2024-50602 at NVDcpe:/o:suse:sle-micro:5.4Security update for ucode-intel (Important)SUSE Linux Enterprise Micro 5.4
This update for ucode-intel fixes the following issues:
- Intel CPU Microcode was updated to the 20241112 release (bsc#1233313)
- CVE-2024-21853: Faulty finite state machines (FSMs) in the hardware logic in some 4th and 5th Generation Intel Xeon Processors may allow an authorized user to potentially enable denial of service via local access.
- CVE-2024-23918: Improper conditions check in some Intel Xeon processor memory controller configurations when using Intel SGX may allow a privileged user to potentially enable escalation of privilege via local access.
- CVE-2024-21820: Incorrect default permissions in some Intel Xeon processor memory controller configurations when using Intel SGX may allow a privileged user to potentially enable escalation of privilege via local access.
- CVE-2024-24968: Improper finite state machines (FSMs) in hardware logic in some Intel Processors may allow an privileged user to potentially enable a denial of service via local access.
- CVE-2024-23984: Observable discrepancy in RAPL interface for some Intel Processors may allow a privileged user to potentially enable information disclosure via local access.
- Update for functional issues.
New Platforms:
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
Updated Platforms:
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
| ADL | C0 | 06-97-02/07 | 00000036 | 00000037 | Core Gen12
| ADL | H0 | 06-97-05/07 | 00000036 | 00000037 | Core Gen12
| ADL | L0 | 06-9a-03/80 | 00000434 | 00000435 | Core Gen12
| ADL | R0 | 06-9a-04/80 | 00000434 | 00000435 | Core Gen12
| EMR-SP | A0 | 06-cf-01/87 | 21000230 | 21000283 | Xeon Scalable Gen5
| EMR-SP | A1 | 06-cf-02/87 | 21000230 | 21000283 | Xeon Scalable Gen5
| MTL | C0 | 06-aa-04/e6 | 0000001f | 00000020 | Core™ Ultra Processor
| RPL-H/P/PX 6+8 | J0 | 06-ba-02/e0 | 00004122 | 00004123 | Core Gen13
| RPL-HX/S | C0 | 06-bf-02/07 | 00000036 | 00000037 | Core Gen13/Gen14
| RPL-S | H0 | 06-bf-05/07 | 00000036 | 00000037 | Core Gen13/Gen14
| RPL-U 2+8 | Q0 | 06-ba-03/e0 | 00004122 | 00004123 | Core Gen13
| SPR-SP | E3 | 06-8f-06/87 | 2b0005c0 | 2b000603 | Xeon Scalable Gen4
| SPR-SP | E4/S2 | 06-8f-07/87 | 2b0005c0 | 2b000603 | Xeon Scalable Gen4
| SPR-SP | E5/S3 | 06-8f-08/87 | 2b0005c0 | 2b000603 | Xeon Scalable Gen4
New Disclosures Updated in Prior Releases:
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
| ICL-D | B0 | 06-6c-01/10 | 010002b0 | N/A | Xeon D-17xx/D-18xx, D-27xx/D-28xx
| ICX-SP | Dx/M1 | 06-6a-06/87 | 0d0003e7 | N/A | Xeon Scalable Gen3
- Intel CPU Microcode was updated to the 20241029 release
Update for functional issues.
Updated Platforms:
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
| RPL-E/HX/S | B0 | 06-b7-01/32 | 00000129 | 0000012b | Core Gen13/Gen14
ImportantSUSE bug 1233313CVE-2024-21820 at SUSECVE-2024-21820 at NVDCVE-2024-21853 at SUSECVE-2024-21853 at NVDCVE-2024-23918 at SUSECVE-2024-23918 at NVDCVE-2024-23984 at SUSECVE-2024-23984 at NVDCVE-2024-24968 at SUSECVE-2024-24968 at NVDcpe:/o:suse:sle-micro:5.4Security update for glib2 (Important)SUSE Linux Enterprise Micro 5.4
This update for glib2 fixes the following issues:
- CVE-2024-52533: Fixed a single byte buffer overflow (bsc#1233282).
ImportantSUSE bug 1233282CVE-2024-52533 at SUSECVE-2024-52533 at NVDcpe:/o:suse:sle-micro:5.4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.4
The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2022-48879: efi: fix NULL-deref in init error path (bsc#1229556).
- CVE-2022-48956: ipv6: avoid use-after-free in ip6_fragment() (bsc#1231893).
- CVE-2022-48959: net: dsa: sja1105: fix memory leak in sja1105_setup_devlink_regions() (bsc#1231976).
- CVE-2022-48960: net: hisilicon: Fix potential use-after-free in hix5hd2_rx() (bsc#1231979).
- CVE-2022-48962: net: hisilicon: Fix potential use-after-free in hisi_femac_rx() (bsc#1232286).
- CVE-2022-48991: mm/khugepaged: fix collapse_pte_mapped_thp() to allow anon_vma (bsc#1232070).
- CVE-2022-49015: net: hsr: Fix potential use-after-free (bsc#1231938).
- CVE-2024-45013: nvme: move stopping keep-alive into nvme_uninit_ctrl() (bsc#1230442).
- CVE-2024-45016: netem: fix return value if duplicate enqueue fails (bsc#1230429).
- CVE-2024-45026: s390/dasd: fix error recovery leading to data corruption on ESE devices (bsc#1230454).
- CVE-2024-46716: dmaengine: altera-msgdma: properly free descriptor in msgdma_free_descriptor (bsc#1230715).
- CVE-2024-46813: drm/amd/display: Check link_index before accessing dc->links (bsc#1231191).
- CVE-2024-46814: drm/amd/display: Check msg_id before processing transcation (bsc#1231193).
- CVE-2024-46815: drm/amd/display: Check num_valid_sets before accessing reader_wm_sets (bsc#1231195).
- CVE-2024-46816: drm/amd/display: Stop amdgpu_dm initialize when link nums greater than max_links (bsc#1231197).
- CVE-2024-46817: drm/amd/display: Stop amdgpu_dm initialize when stream nums greater than 6 (bsc#1231200).
- CVE-2024-46818: drm/amd/display: Check gpio_id before used as array index (bsc#1231203).
- CVE-2024-46849: ASoC: meson: axg-card: fix 'use-after-free' (bsc#1231073).
- CVE-2024-47668: lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc() (bsc#1231502).
- CVE-2024-47674: mm: avoid leaving partial pfn mappings around in error case (bsc#1231673).
- CVE-2024-47684: tcp: check skb is non-NULL in tcp_rto_delta_us() (bsc#1231987).
- CVE-2024-47706: block, bfq: fix possible UAF for bfqq->bic with merge chain (bsc#1231942).
- CVE-2024-47747: net: seeq: Fix use after free vulnerability in ether3 Driver Due to Race Condition (bsc#1232145).
- CVE-2024-47748: vhost_vdpa: assign irq bypass producer token correctly (bsc#1232174).
- CVE-2024-49860: ACPI: sysfs: validate return type of _STR method (bsc#1231861).
- CVE-2024-49930: wifi: ath11k: fix array out-of-bound access in SoC stats (bsc#1232260).
- CVE-2024-49936: net/xen-netback: prevent UAF in xenvif_flush_hash() (bsc#1232424).
- CVE-2024-49960: ext4: fix timer use-after-free on failed mount (bsc#1232395).
- CVE-2024-49969: drm/amd/display: Fix index out of bounds in DCN30 color transformation (bsc#1232519).
- CVE-2024-49974: NFSD: Force all NFSv4.2 COPY requests to be synchronous (bsc#1232383).
- CVE-2024-49991: drm/amdkfd: amdkfd_free_gtt_mem clear the correct pointer (bsc#1232282).
- CVE-2024-49995: tipc: guard against string buffer overrun (bsc#1232432).
- CVE-2024-50047: smb: client: fix UAF in async decryption (bsc#1232418).
The following non-security bugs were fixed:
- NFSv3: only use NFS timeout for MOUNT when protocols are compatible (bsc#1231016).
- PKCS#7: Check codeSigning EKU of certificates in PKCS#7 (bsc#1226666).
- RDMA/mana_ib: use the correct page size for mapping user-mode doorbell page (bsc#1232036).
- bpf: Fix pointer-leak due to insufficient speculative store bypass mitigation (bsc#1231375).
- dn_route: set rt neigh to blackhole_netdev instead of loopback_dev in ifdown (bsc#1216813).
- ipv6: blackhole_netdev needs snmp6 counters (bsc#1216813).
- ipv6: give an IPv6 dev to blackhole_netdev (bsc#1216813).
- net: mana: Fix the extra HZ in mana_hwc_send_request (bsc#1232033).
- xfrm: set dst dev to blackhole_netdev instead of loopback_dev in ifdown (bsc#1216813).
ImportantSUSE bug 1204171SUSE bug 1205796SUSE bug 1206188SUSE bug 1206344SUSE bug 1209290SUSE bug 1210449SUSE bug 1210627SUSE bug 1213034SUSE bug 1216223SUSE bug 1216813SUSE bug 1218562SUSE bug 1223384SUSE bug 1223524SUSE bug 1223824SUSE bug 1225189SUSE bug 1225336SUSE bug 1225611SUSE bug 1226666SUSE bug 1228743SUSE bug 1229454SUSE bug 1229456SUSE bug 1229556SUSE bug 1230429SUSE bug 1230442SUSE bug 1230454SUSE bug 1230600SUSE bug 1230620SUSE bug 1230715SUSE bug 1230903SUSE bug 1231016SUSE bug 1231073SUSE bug 1231191SUSE bug 1231193SUSE bug 1231195SUSE bug 1231197SUSE bug 1231200SUSE bug 1231203SUSE bug 1231293SUSE bug 1231375SUSE bug 1231502SUSE bug 1231673SUSE bug 1231861SUSE bug 1231883SUSE bug 1231885SUSE bug 1231887SUSE bug 1231888SUSE bug 1231890SUSE bug 1231892SUSE bug 1231893SUSE bug 1231895SUSE bug 1231896SUSE bug 1231897SUSE bug 1231929SUSE bug 1231936SUSE bug 1231937SUSE bug 1231938SUSE bug 1231939SUSE bug 1231940SUSE bug 1231941SUSE bug 1231942SUSE bug 1231958SUSE bug 1231960SUSE bug 1231961SUSE bug 1231962SUSE bug 1231972SUSE bug 1231976SUSE bug 1231979SUSE bug 1231987SUSE bug 1231988SUSE bug 1231991SUSE bug 1231992SUSE bug 1231995SUSE bug 1231996SUSE bug 1231997SUSE bug 1232001SUSE bug 1232005SUSE bug 1232006SUSE bug 1232007SUSE bug 1232025SUSE bug 1232026SUSE bug 1232033SUSE bug 1232035SUSE bug 1232036SUSE bug 1232037SUSE bug 1232038SUSE bug 1232039SUSE bug 1232067SUSE bug 1232069SUSE bug 1232070SUSE bug 1232071SUSE bug 1232097SUSE bug 1232108SUSE bug 1232119SUSE bug 1232120SUSE bug 1232123SUSE bug 1232133SUSE bug 1232136SUSE bug 1232145SUSE bug 1232150SUSE bug 1232163SUSE bug 1232170SUSE bug 1232172SUSE bug 1232174SUSE bug 1232229SUSE bug 1232237SUSE bug 1232260SUSE bug 1232262SUSE bug 1232282SUSE bug 1232286SUSE bug 1232304SUSE bug 1232383SUSE bug 1232395SUSE bug 1232418SUSE bug 1232424SUSE bug 1232432SUSE bug 1232519CVE-2021-47416 at SUSECVE-2021-47416 at NVDCVE-2021-47534 at SUSECVE-2021-47534 at NVDCVE-2022-3435 at SUSECVE-2022-3435 at NVDCVE-2022-45934 at SUSECVE-2022-45934 at NVDCVE-2022-48664 at SUSECVE-2022-48664 at NVDCVE-2022-48879 at SUSECVE-2022-48879 at NVDCVE-2022-48946 at SUSECVE-2022-48946 at NVDCVE-2022-48947 at SUSECVE-2022-48947 at NVDCVE-2022-48948 at SUSECVE-2022-48948 at NVDCVE-2022-48949 at SUSECVE-2022-48949 at NVDCVE-2022-48951 at SUSECVE-2022-48951 at NVDCVE-2022-48953 at SUSECVE-2022-48953 at NVDCVE-2022-48954 at SUSECVE-2022-48954 at NVDCVE-2022-48955 at SUSECVE-2022-48955 at NVDCVE-2022-48956 at SUSECVE-2022-48956 at NVDCVE-2022-48959 at SUSECVE-2022-48959 at NVDCVE-2022-48960 at SUSECVE-2022-48960 at NVDCVE-2022-48961 at SUSECVE-2022-48961 at NVDCVE-2022-48962 at SUSECVE-2022-48962 at NVDCVE-2022-48967 at SUSECVE-2022-48967 at NVDCVE-2022-48968 at SUSECVE-2022-48968 at NVDCVE-2022-48969 at SUSECVE-2022-48969 at NVDCVE-2022-48970 at SUSECVE-2022-48970 at NVDCVE-2022-48971 at SUSECVE-2022-48971 at NVDCVE-2022-48972 at SUSECVE-2022-48972 at NVDCVE-2022-48973 at SUSECVE-2022-48973 at NVDCVE-2022-48975 at SUSECVE-2022-48975 at NVDCVE-2022-48977 at SUSECVE-2022-48977 at NVDCVE-2022-48978 at SUSECVE-2022-48978 at NVDCVE-2022-48981 at SUSECVE-2022-48981 at NVDCVE-2022-48985 at SUSECVE-2022-48985 at NVDCVE-2022-48987 at SUSECVE-2022-48987 at NVDCVE-2022-48988 at SUSECVE-2022-48988 at NVDCVE-2022-48991 at SUSECVE-2022-48991 at NVDCVE-2022-48992 at SUSECVE-2022-48992 at NVDCVE-2022-48994 at SUSECVE-2022-48994 at NVDCVE-2022-48995 at SUSECVE-2022-48995 at NVDCVE-2022-48997 at SUSECVE-2022-48997 at NVDCVE-2022-48999 at SUSECVE-2022-48999 at NVDCVE-2022-49000 at SUSECVE-2022-49000 at NVDCVE-2022-49002 at SUSECVE-2022-49002 at NVDCVE-2022-49003 at SUSECVE-2022-49003 at NVDCVE-2022-49005 at SUSECVE-2022-49005 at NVDCVE-2022-49006 at SUSECVE-2022-49006 at NVDCVE-2022-49007 at SUSECVE-2022-49007 at NVDCVE-2022-49010 at SUSECVE-2022-49010 at NVDCVE-2022-49011 at SUSECVE-2022-49011 at NVDCVE-2022-49012 at SUSECVE-2022-49012 at NVDCVE-2022-49014 at SUSECVE-2022-49014 at NVDCVE-2022-49015 at SUSECVE-2022-49015 at NVDCVE-2022-49016 at SUSECVE-2022-49016 at NVDCVE-2022-49019 at SUSECVE-2022-49019 at NVDCVE-2022-49021 at SUSECVE-2022-49021 at NVDCVE-2022-49022 at SUSECVE-2022-49022 at NVDCVE-2022-49023 at SUSECVE-2022-49023 at NVDCVE-2022-49024 at SUSECVE-2022-49024 at NVDCVE-2022-49025 at SUSECVE-2022-49025 at NVDCVE-2022-49026 at SUSECVE-2022-49026 at NVDCVE-2022-49027 at SUSECVE-2022-49027 at NVDCVE-2022-49028 at SUSECVE-2022-49028 at NVDCVE-2022-49029 at SUSECVE-2022-49029 at NVDCVE-2022-49031 at SUSECVE-2022-49031 at NVDCVE-2022-49032 at SUSECVE-2022-49032 at NVDCVE-2023-2166 at SUSECVE-2023-2166 at NVDCVE-2023-28327 at SUSECVE-2023-28327 at NVDCVE-2023-52766 at SUSECVE-2023-52766 at NVDCVE-2023-52800 at SUSECVE-2023-52800 at NVDCVE-2023-52881 at SUSECVE-2023-52881 at NVDCVE-2023-52919 at SUSECVE-2023-52919 at NVDCVE-2023-6270 at SUSECVE-2023-6270 at NVDCVE-2024-27043 at SUSECVE-2024-27043 at NVDCVE-2024-42145 at SUSECVE-2024-42145 at NVDCVE-2024-44947 at SUSECVE-2024-44947 at NVDCVE-2024-45013 at SUSECVE-2024-45013 at NVDCVE-2024-45016 at SUSECVE-2024-45016 at NVDCVE-2024-45026 at SUSECVE-2024-45026 at NVDCVE-2024-46716 at SUSECVE-2024-46716 at NVDCVE-2024-46813 at SUSECVE-2024-46813 at NVDCVE-2024-46814 at SUSECVE-2024-46814 at NVDCVE-2024-46815 at SUSECVE-2024-46815 at NVDCVE-2024-46816 at SUSECVE-2024-46816 at NVDCVE-2024-46817 at SUSECVE-2024-46817 at NVDCVE-2024-46818 at SUSECVE-2024-46818 at NVDCVE-2024-46849 at SUSECVE-2024-46849 at NVDCVE-2024-47668 at SUSECVE-2024-47668 at NVDCVE-2024-47674 at SUSECVE-2024-47674 at NVDCVE-2024-47684 at SUSECVE-2024-47684 at NVDCVE-2024-47706 at SUSECVE-2024-47706 at NVDCVE-2024-47747 at SUSECVE-2024-47747 at NVDCVE-2024-47748 at SUSECVE-2024-47748 at NVDCVE-2024-49860 at SUSECVE-2024-49860 at NVDCVE-2024-49867 at SUSECVE-2024-49867 at NVDCVE-2024-49930 at SUSECVE-2024-49930 at NVDCVE-2024-49936 at SUSECVE-2024-49936 at NVDCVE-2024-49960 at SUSECVE-2024-49960 at NVDCVE-2024-49969 at SUSECVE-2024-49969 at NVDCVE-2024-49974 at SUSECVE-2024-49974 at NVDCVE-2024-49982 at SUSECVE-2024-49982 at NVDCVE-2024-49991 at SUSECVE-2024-49991 at NVDCVE-2024-49995 at SUSECVE-2024-49995 at NVDCVE-2024-50047 at SUSECVE-2024-50047 at NVDcpe:/o:suse:sle-micro:5.4Security update for xen (Important)SUSE Linux Enterprise Micro 5.4
This update for xen fixes the following issues:
- CVE-2024-45818: Fixed deadlock in x86 HVM standard VGA handling (XSA-463) (bsc#1232622).
- CVE-2024-45819: Fixed libxl data leaks to PVH guests via ACPI tables (XSA-464) (bsc#1232624).
Bug fixes:
- Remove usage of net-tools-deprecated from supportconfig plugin (bsc#1232542).
ImportantSUSE bug 1232542SUSE bug 1232622SUSE bug 1232624CVE-2024-45818 at SUSECVE-2024-45818 at NVDCVE-2024-45819 at SUSECVE-2024-45819 at NVDcpe:/o:suse:sle-micro:5.4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.4
The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2024-43854: Initialize integrity buffer to zero before writing it to media (bsc#1229345)
- CVE-2024-49925: fbdev: efifb: Register sysfs groups through driver core (bsc#1232224)
- CVE-2024-49945: net/ncsi: Disable the ncsi work before freeing the associated structure (bsc#1232165).
- CVE-2024-50208: RDMA/bnxt_re: Fix a bug while setting up Level-2 PBL pages (bsc#1233117).
- CVE-2022-48879: efi: fix NULL-deref in init error path (bsc#1229556).
- CVE-2022-48956: ipv6: avoid use-after-free in ip6_fragment() (bsc#1231893).
- CVE-2022-48959: net: dsa: sja1105: fix memory leak in sja1105_setup_devlink_regions() (bsc#1231976).
- CVE-2022-48960: net: hisilicon: Fix potential use-after-free in hix5hd2_rx() (bsc#1231979).
- CVE-2022-48962: net: hisilicon: Fix potential use-after-free in hisi_femac_rx() (bsc#1232286).
- CVE-2022-48991: mm/khugepaged: fix collapse_pte_mapped_thp() to allow anon_vma (bsc#1232070).
- CVE-2022-49015: net: hsr: Fix potential use-after-free (bsc#1231938).
- CVE-2024-45013: nvme: move stopping keep-alive into nvme_uninit_ctrl() (bsc#1230442).
- CVE-2024-45016: netem: fix return value if duplicate enqueue fails (bsc#1230429).
- CVE-2024-45026: s390/dasd: fix error recovery leading to data corruption on ESE devices (bsc#1230454).
- CVE-2024-46716: dmaengine: altera-msgdma: properly free descriptor in msgdma_free_descriptor (bsc#1230715).
- CVE-2024-46813: drm/amd/display: Check link_index before accessing dc->links (bsc#1231191).
- CVE-2024-46814: drm/amd/display: Check msg_id before processing transcation (bsc#1231193).
- CVE-2024-46815: drm/amd/display: Check num_valid_sets before accessing reader_wm_sets (bsc#1231195).
- CVE-2024-46816: drm/amd/display: Stop amdgpu_dm initialize when link nums greater than max_links (bsc#1231197).
- CVE-2024-46817: drm/amd/display: Stop amdgpu_dm initialize when stream nums greater than 6 (bsc#1231200).
- CVE-2024-46818: drm/amd/display: Check gpio_id before used as array index (bsc#1231203).
- CVE-2024-46849: ASoC: meson: axg-card: fix 'use-after-free' (bsc#1231073).
- CVE-2024-47668: lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc() (bsc#1231502).
- CVE-2024-47674: mm: avoid leaving partial pfn mappings around in error case (bsc#1231673).
- CVE-2024-47684: tcp: check skb is non-NULL in tcp_rto_delta_us() (bsc#1231987).
- CVE-2024-47706: block, bfq: fix possible UAF for bfqq->bic with merge chain (bsc#1231942).
- CVE-2024-47747: net: seeq: Fix use after free vulnerability in ether3 Driver Due to Race Condition (bsc#1232145).
- CVE-2024-47748: vhost_vdpa: assign irq bypass producer token correctly (bsc#1232174).
- CVE-2024-49860: ACPI: sysfs: validate return type of _STR method (bsc#1231861).
- CVE-2024-49930: wifi: ath11k: fix array out-of-bound access in SoC stats (bsc#1232260).
- CVE-2024-49936: net/xen-netback: prevent UAF in xenvif_flush_hash() (bsc#1232424).
- CVE-2024-49960: ext4: fix timer use-after-free on failed mount (bsc#1232395).
- CVE-2024-49969: drm/amd/display: Fix index out of bounds in DCN30 color transformation (bsc#1232519).
- CVE-2024-49974: NFSD: Force all NFSv4.2 COPY requests to be synchronous (bsc#1232383).
- CVE-2024-49991: drm/amdkfd: amdkfd_free_gtt_mem clear the correct pointer (bsc#1232282).
- CVE-2024-49995: tipc: guard against string buffer overrun (bsc#1232432).
- CVE-2024-50047: smb: client: fix UAF in async decryption (bsc#1232418).
The following non-security bugs were fixed:
- NFSv3: only use NFS timeout for MOUNT when protocols are compatible (bsc#1231016).
- PKCS#7: Check codeSigning EKU of certificates in PKCS#7 (bsc#1226666).
- RDMA/mana_ib: use the correct page size for mapping user-mode doorbell page (bsc#1232036).
- bpf: Fix pointer-leak due to insufficient speculative store bypass mitigation (bsc#1231375).
- dn_route: set rt neigh to blackhole_netdev instead of loopback_dev in ifdown (bsc#1216813).
- initramfs: avoid filename buffer overrun (bsc#1232436).
- ipv6: blackhole_netdev needs snmp6 counters (bsc#1216813).
- ipv6: give an IPv6 dev to blackhole_netdev (bsc#1216813).
- net: mana: Fix the extra HZ in mana_hwc_send_request (bsc#1232033).
- x86/kexec: Add EFI config table identity mapping for kexec kernel (bsc#1220382).
- x86/mm/ident_map: Use gbpages only where full GB page should be mapped (bsc#1220382).
- xfrm: set dst dev to blackhole_netdev instead of loopback_dev in ifdown (bsc#1216813).
ImportantSUSE bug 1204171SUSE bug 1205796SUSE bug 1206188SUSE bug 1206344SUSE bug 1209290SUSE bug 1210449SUSE bug 1210627SUSE bug 1213034SUSE bug 1216223SUSE bug 1216813SUSE bug 1218562SUSE bug 1220382SUSE bug 1223384SUSE bug 1223524SUSE bug 1223824SUSE bug 1225189SUSE bug 1225336SUSE bug 1225611SUSE bug 1226666SUSE bug 1228743SUSE bug 1229345SUSE bug 1229452SUSE bug 1229454SUSE bug 1229456SUSE bug 1229556SUSE bug 1230429SUSE bug 1230442SUSE bug 1230454SUSE bug 1230600SUSE bug 1230620SUSE bug 1230715SUSE bug 1230903SUSE bug 1231016SUSE bug 1231073SUSE bug 1231191SUSE bug 1231193SUSE bug 1231195SUSE bug 1231197SUSE bug 1231200SUSE bug 1231203SUSE bug 1231293SUSE bug 1231375SUSE bug 1231502SUSE bug 1231673SUSE bug 1231861SUSE bug 1231883SUSE bug 1231885SUSE bug 1231887SUSE bug 1231888SUSE bug 1231890SUSE bug 1231892SUSE bug 1231893SUSE bug 1231895SUSE bug 1231896SUSE bug 1231897SUSE bug 1231929SUSE bug 1231936SUSE bug 1231937SUSE bug 1231938SUSE bug 1231939SUSE bug 1231940SUSE bug 1231941SUSE bug 1231942SUSE bug 1231958SUSE bug 1231960SUSE bug 1231961SUSE bug 1231962SUSE bug 1231972SUSE bug 1231976SUSE bug 1231979SUSE bug 1231987SUSE bug 1231988SUSE bug 1231991SUSE bug 1231992SUSE bug 1231995SUSE bug 1231996SUSE bug 1231997SUSE bug 1232001SUSE bug 1232005SUSE bug 1232006SUSE bug 1232007SUSE bug 1232025SUSE bug 1232026SUSE bug 1232033SUSE bug 1232035SUSE bug 1232036SUSE bug 1232037SUSE bug 1232038SUSE bug 1232039SUSE bug 1232067SUSE bug 1232069SUSE bug 1232070SUSE bug 1232071SUSE bug 1232097SUSE bug 1232108SUSE bug 1232119SUSE bug 1232120SUSE bug 1232123SUSE bug 1232133SUSE bug 1232136SUSE bug 1232145SUSE bug 1232150SUSE bug 1232163SUSE bug 1232165SUSE bug 1232170SUSE bug 1232172SUSE bug 1232174SUSE bug 1232224SUSE bug 1232229SUSE bug 1232237SUSE bug 1232260SUSE bug 1232262SUSE bug 1232281SUSE bug 1232282SUSE bug 1232286SUSE bug 1232304SUSE bug 1232383SUSE bug 1232395SUSE bug 1232418SUSE bug 1232424SUSE bug 1232432SUSE bug 1232436SUSE bug 1232519SUSE bug 1233117CVE-2021-47416 at SUSECVE-2021-47416 at NVDCVE-2021-47534 at SUSECVE-2021-47534 at NVDCVE-2022-3435 at SUSECVE-2022-3435 at NVDCVE-2022-45934 at SUSECVE-2022-45934 at NVDCVE-2022-48664 at SUSECVE-2022-48664 at NVDCVE-2022-48879 at SUSECVE-2022-48879 at NVDCVE-2022-48946 at SUSECVE-2022-48946 at NVDCVE-2022-48947 at SUSECVE-2022-48947 at NVDCVE-2022-48948 at SUSECVE-2022-48948 at NVDCVE-2022-48949 at SUSECVE-2022-48949 at NVDCVE-2022-48951 at SUSECVE-2022-48951 at NVDCVE-2022-48953 at SUSECVE-2022-48953 at NVDCVE-2022-48954 at SUSECVE-2022-48954 at NVDCVE-2022-48955 at SUSECVE-2022-48955 at NVDCVE-2022-48956 at SUSECVE-2022-48956 at NVDCVE-2022-48959 at SUSECVE-2022-48959 at NVDCVE-2022-48960 at SUSECVE-2022-48960 at NVDCVE-2022-48961 at SUSECVE-2022-48961 at NVDCVE-2022-48962 at SUSECVE-2022-48962 at NVDCVE-2022-48967 at SUSECVE-2022-48967 at NVDCVE-2022-48968 at SUSECVE-2022-48968 at NVDCVE-2022-48969 at SUSECVE-2022-48969 at NVDCVE-2022-48970 at SUSECVE-2022-48970 at NVDCVE-2022-48971 at SUSECVE-2022-48971 at NVDCVE-2022-48972 at SUSECVE-2022-48972 at NVDCVE-2022-48973 at SUSECVE-2022-48973 at NVDCVE-2022-48975 at SUSECVE-2022-48975 at NVDCVE-2022-48977 at SUSECVE-2022-48977 at NVDCVE-2022-48978 at SUSECVE-2022-48978 at NVDCVE-2022-48981 at SUSECVE-2022-48981 at NVDCVE-2022-48985 at SUSECVE-2022-48985 at NVDCVE-2022-48987 at SUSECVE-2022-48987 at NVDCVE-2022-48988 at SUSECVE-2022-48988 at NVDCVE-2022-48991 at SUSECVE-2022-48991 at NVDCVE-2022-48992 at SUSECVE-2022-48992 at NVDCVE-2022-48994 at SUSECVE-2022-48994 at NVDCVE-2022-48995 at SUSECVE-2022-48995 at NVDCVE-2022-48997 at SUSECVE-2022-48997 at NVDCVE-2022-48999 at SUSECVE-2022-48999 at NVDCVE-2022-49000 at SUSECVE-2022-49000 at NVDCVE-2022-49002 at SUSECVE-2022-49002 at NVDCVE-2022-49003 at SUSECVE-2022-49003 at NVDCVE-2022-49005 at SUSECVE-2022-49005 at NVDCVE-2022-49006 at SUSECVE-2022-49006 at NVDCVE-2022-49007 at SUSECVE-2022-49007 at NVDCVE-2022-49010 at SUSECVE-2022-49010 at NVDCVE-2022-49011 at SUSECVE-2022-49011 at NVDCVE-2022-49012 at SUSECVE-2022-49012 at NVDCVE-2022-49014 at SUSECVE-2022-49014 at NVDCVE-2022-49015 at SUSECVE-2022-49015 at NVDCVE-2022-49016 at SUSECVE-2022-49016 at NVDCVE-2022-49019 at SUSECVE-2022-49019 at NVDCVE-2022-49021 at SUSECVE-2022-49021 at NVDCVE-2022-49022 at SUSECVE-2022-49022 at NVDCVE-2022-49023 at SUSECVE-2022-49023 at NVDCVE-2022-49024 at SUSECVE-2022-49024 at NVDCVE-2022-49025 at SUSECVE-2022-49025 at NVDCVE-2022-49026 at SUSECVE-2022-49026 at NVDCVE-2022-49027 at SUSECVE-2022-49027 at NVDCVE-2022-49028 at SUSECVE-2022-49028 at NVDCVE-2022-49029 at SUSECVE-2022-49029 at NVDCVE-2022-49031 at SUSECVE-2022-49031 at NVDCVE-2022-49032 at SUSECVE-2022-49032 at NVDCVE-2023-2166 at SUSECVE-2023-2166 at NVDCVE-2023-28327 at SUSECVE-2023-28327 at NVDCVE-2023-52766 at SUSECVE-2023-52766 at NVDCVE-2023-52800 at SUSECVE-2023-52800 at NVDCVE-2023-52881 at SUSECVE-2023-52881 at NVDCVE-2023-52919 at SUSECVE-2023-52919 at NVDCVE-2023-6270 at SUSECVE-2023-6270 at NVDCVE-2024-27043 at SUSECVE-2024-27043 at NVDCVE-2024-42145 at SUSECVE-2024-42145 at NVDCVE-2024-43854 at SUSECVE-2024-43854 at NVDCVE-2024-44947 at SUSECVE-2024-44947 at NVDCVE-2024-45013 at SUSECVE-2024-45013 at NVDCVE-2024-45016 at SUSECVE-2024-45016 at NVDCVE-2024-45026 at SUSECVE-2024-45026 at NVDCVE-2024-46716 at SUSECVE-2024-46716 at NVDCVE-2024-46813 at SUSECVE-2024-46813 at NVDCVE-2024-46814 at SUSECVE-2024-46814 at NVDCVE-2024-46815 at SUSECVE-2024-46815 at NVDCVE-2024-46816 at SUSECVE-2024-46816 at NVDCVE-2024-46817 at SUSECVE-2024-46817 at NVDCVE-2024-46818 at SUSECVE-2024-46818 at NVDCVE-2024-46849 at SUSECVE-2024-46849 at NVDCVE-2024-47668 at SUSECVE-2024-47668 at NVDCVE-2024-47674 at SUSECVE-2024-47674 at NVDCVE-2024-47684 at SUSECVE-2024-47684 at NVDCVE-2024-47706 at SUSECVE-2024-47706 at NVDCVE-2024-47747 at SUSECVE-2024-47747 at NVDCVE-2024-47748 at SUSECVE-2024-47748 at NVDCVE-2024-49860 at SUSECVE-2024-49860 at NVDCVE-2024-49867 at SUSECVE-2024-49867 at NVDCVE-2024-49925 at SUSECVE-2024-49925 at NVDCVE-2024-49930 at SUSECVE-2024-49930 at NVDCVE-2024-49936 at SUSECVE-2024-49936 at NVDCVE-2024-49945 at SUSECVE-2024-49945 at NVDCVE-2024-49960 at SUSECVE-2024-49960 at NVDCVE-2024-49969 at SUSECVE-2024-49969 at NVDCVE-2024-49974 at SUSECVE-2024-49974 at NVDCVE-2024-49982 at SUSECVE-2024-49982 at NVDCVE-2024-49991 at SUSECVE-2024-49991 at NVDCVE-2024-49995 at SUSECVE-2024-49995 at NVDCVE-2024-50047 at SUSECVE-2024-50047 at NVDCVE-2024-50208 at SUSECVE-2024-50208 at NVDcpe:/o:suse:sle-micro:5.4Security update for python3 (Low)SUSE Linux Enterprise Micro 5.4
This update for python3 fixes the following issues:
- CVE-2024-11168: Fixed improper validation of IPv6 and IPvFuture addresses (bsc#1233307)
Other fixes:
- Remove -IVendor/ from python-config (bsc#1231795)
LowSUSE bug 1231795SUSE bug 1233307CVE-2024-11168 at SUSECVE-2024-11168 at NVDcpe:/o:suse:sle-micro:5.4Security update for socat (Moderate)SUSE Linux Enterprise Micro 5.4
This update for socat fixes the following issues:
- CVE-2024-54661: Fixed arbitrary file overwrite via predictable /tmp directory (bsc#1225462)
ModerateSUSE bug 1225462CVE-2024-54661 at SUSECVE-2024-54661 at NVDcpe:/o:suse:sle-micro:5.4Security update for qemu (Important)SUSE Linux Enterprise Micro 5.4
This update for qemu fixes the following issues:
- CVE-2024-7409: Fixed denial of service via improper synchronization in QEMU NBD Server during socket closure (bsc#1229007)
- CVE-2024-8354: Fixed assertion failure in usb_ep_get() in usb (bsc#1230834)
- CVE-2024-8612: Fixed information leak in virtio devices (bsc#1230915)
ImportantSUSE bug 1229007SUSE bug 1230834SUSE bug 1230915CVE-2024-7409 at SUSECVE-2024-7409 at NVDCVE-2024-8354 at SUSECVE-2024-8354 at NVDCVE-2024-8612 at SUSECVE-2024-8612 at NVDcpe:/o:suse:sle-micro:5.4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.4
The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2024-26782: mptcp: fix double-free on socket dismantle (bsc#1222590).
- CVE-2024-43854: Initialize integrity buffer to zero before writing it to media (bsc#1229345)
- CVE-2024-44932: idpf: fix UAFs when destroying the queues (bsc#1229808).
- CVE-2024-44964: idpf: fix memory leaks and crashes while performing a soft reset (bsc#1230220).
- CVE-2024-47757: nilfs2: fix potential oob read in nilfs_btree_check_delete() (bsc#1232187).
- CVE-2024-49925: fbdev: efifb: Register sysfs groups through driver core (bsc#1232224)
- CVE-2024-49945: net/ncsi: Disable the ncsi work before freeing the associated structure (bsc#1232165).
- CVE-2024-50089: unicode: Do not special case ignorable code points (bsc#1232860).
- CVE-2024-50115: KVM: nSVM: Ignore nCR3[4:0] when loading PDPTEs from memory (bsc#1232919).
- CVE-2024-50125: Bluetooth: SCO: Fix UAF on sco_sock_timeout (bsc#1232928).
- CVE-2024-50127: net: sched: fix use-after-free in taprio_change() (bsc#1232907).
- CVE-2024-50154: tcp/dccp: Do not use timer_pending() in reqsk_queue_unlink() (bsc#1233070).
- CVE-2024-50205: ALSA: firewire-lib: Avoid division by zero in apply_constraint_to_size() (bsc#1233293).
- CVE-2024-50208: RDMA/bnxt_re: Fix a bug while setting up Level-2 PBL pages (bsc#1233117).
- CVE-2024-50259: netdevsim: Add trailing zero to terminate the string in nsim_nexthop_bucket_activity_write() (bsc#1233214).
- CVE-2024-50264: vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans (bsc#1233453).
- CVE-2024-50267: usb: serial: io_edgeport: fix use after free in debug printk (bsc#1233456).
- CVE-2024-50274: idpf: avoid vport access in idpf_get_link_ksettings (bsc#1233463).
- CVE-2024-50279: dm cache: fix out-of-bounds access to the dirty bitset when resizing (bsc#1233468).
- CVE-2024-50290: media: cx24116: prevent overflows on SNR calculus (bsc#1233479).
- CVE-2024-50301: security/keys: fix slab-out-of-bounds in key_task_permission (bsc#1233490).
- CVE-2024-50302: HID: core: zero-initialize the report buffer (bsc#1233491).
- CVE-2024-53061: media: s5p-jpeg: prevent buffer overflows (bsc#1233555).
- CVE-2024-53063: media: dvbdev: prevent the risk of out of memory access (bsc#1233557).
- CVE-2024-53068: firmware: arm_scmi: Fix slab-use-after-free in scmi_bus_notifier() (bsc#1233561).
The following non-security bugs were fixed:
- Update config files (bsc#1218644).
- Update config files. Enabled IDPF for ARM64 (bsc#1221309)
- initramfs: avoid filename buffer overrun (bsc#1232436).
- kernel-binary: Enable livepatch package only when livepatch is enabled Otherwise the filelist may be empty failing the build (bsc#1218644).
- mm/memory: add non-anonymous page check in the copy_present_page() (bsc#1231646).
- rpm/scripts: Remove obsolete Symbols.list Symbols.list is not longer needed by the new klp-convert implementation. (bsc#1218644)
- x86/kexec: Add EFI config table identity mapping for kexec kernel (bsc#1220382).
- x86/mm/ident_map: Use gbpages only where full GB page should be mapped (bsc#1220382).
ImportantSUSE bug 1218644SUSE bug 1220382SUSE bug 1221309SUSE bug 1222590SUSE bug 1229345SUSE bug 1229808SUSE bug 1230220SUSE bug 1231646SUSE bug 1232165SUSE bug 1232187SUSE bug 1232224SUSE bug 1232312SUSE bug 1232436SUSE bug 1232860SUSE bug 1232907SUSE bug 1232919SUSE bug 1232928SUSE bug 1233070SUSE bug 1233117SUSE bug 1233214SUSE bug 1233293SUSE bug 1233453SUSE bug 1233456SUSE bug 1233463SUSE bug 1233468SUSE bug 1233479SUSE bug 1233490SUSE bug 1233491SUSE bug 1233555SUSE bug 1233557SUSE bug 1233561SUSE bug 1233977CVE-2023-52922 at SUSECVE-2023-52922 at NVDCVE-2024-26782 at SUSECVE-2024-26782 at NVDCVE-2024-43854 at SUSECVE-2024-43854 at NVDCVE-2024-44932 at SUSECVE-2024-44932 at NVDCVE-2024-44964 at SUSECVE-2024-44964 at NVDCVE-2024-47757 at SUSECVE-2024-47757 at NVDCVE-2024-49925 at SUSECVE-2024-49925 at NVDCVE-2024-49945 at SUSECVE-2024-49945 at NVDCVE-2024-50017 at SUSECVE-2024-50017 at NVDCVE-2024-50089 at SUSECVE-2024-50089 at NVDCVE-2024-50115 at SUSECVE-2024-50115 at NVDCVE-2024-50125 at SUSECVE-2024-50125 at NVDCVE-2024-50127 at SUSECVE-2024-50127 at NVDCVE-2024-50154 at SUSECVE-2024-50154 at NVDCVE-2024-50205 at SUSECVE-2024-50205 at NVDCVE-2024-50208 at SUSECVE-2024-50208 at NVDCVE-2024-50259 at SUSECVE-2024-50259 at NVDCVE-2024-50264 at SUSECVE-2024-50264 at NVDCVE-2024-50267 at SUSECVE-2024-50267 at NVDCVE-2024-50274 at SUSECVE-2024-50274 at NVDCVE-2024-50279 at SUSECVE-2024-50279 at NVDCVE-2024-50290 at SUSECVE-2024-50290 at NVDCVE-2024-50301 at SUSECVE-2024-50301 at NVDCVE-2024-50302 at SUSECVE-2024-50302 at NVDCVE-2024-53061 at SUSECVE-2024-53061 at NVDCVE-2024-53063 at SUSECVE-2024-53063 at NVDCVE-2024-53068 at SUSECVE-2024-53068 at NVDcpe:/o:suse:sle-micro:5.4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.4
The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2024-26782: mptcp: fix double-free on socket dismantle (bsc#1222590).
- CVE-2024-44932: idpf: fix UAFs when destroying the queues (bsc#1229808).
- CVE-2024-44964: idpf: fix memory leaks and crashes while performing a soft reset (bsc#1230220).
- CVE-2024-47757: nilfs2: fix potential oob read in nilfs_btree_check_delete() (bsc#1232187).
- CVE-2024-50089: unicode: Do not special case ignorable code points (bsc#1232860).
- CVE-2024-50115: KVM: nSVM: Ignore nCR3[4:0] when loading PDPTEs from memory (bsc#1232919).
- CVE-2024-50125: Bluetooth: SCO: Fix UAF on sco_sock_timeout (bsc#1232928).
- CVE-2024-50127: net: sched: fix use-after-free in taprio_change() (bsc#1232907).
- CVE-2024-50154: tcp: Fix use-after-free of nreq in reqsk_timer_handler() (bsc#1233070).
- CVE-2024-50205: ALSA: firewire-lib: Avoid division by zero in apply_constraint_to_size() (bsc#1233293).
- CVE-2024-50259: netdevsim: Add trailing zero to terminate the string in nsim_nexthop_bucket_activity_write() (bsc#1233214).
- CVE-2024-50264: vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans (bsc#1233453).
- CVE-2024-50267: USB: serial: io_edgeport: fix use after free in debug printk (bsc#1233456).
- CVE-2024-50274: idpf: avoid vport access in idpf_get_link_ksettings (bsc#1233463).
- CVE-2024-50279: dm cache: fix out-of-bounds access to the dirty bitset when resizing (bsc#1233468).
- CVE-2024-50290: media: cx24116: prevent overflows on SNR calculus (bsc#1233479).
- CVE-2024-50301: security/keys: fix slab-out-of-bounds in key_task_permission (bsc#1233490).
- CVE-2024-50302: HID: core: zero-initialize the report buffer (bsc#1233491).
- CVE-2024-53061: media: s5p-jpeg: prevent buffer overflows (bsc#1233555).
- CVE-2024-53063: media: dvbdev: prevent the risk of out of memory access (bsc#1233557).
- CVE-2024-53068: firmware: arm_scmi: Fix slab-use-after-free in scmi_bus_notifier() (bsc#1233561).
The following non-security bugs were fixed:
- Update config files (bsc#1218644).
- Update config files. Enabled IDPF for ARM64 (bsc#1221309)
- kernel-binary: Enable livepatch package only when livepatch is enabled Otherwise the filelist may be empty failing the build (bsc#1218644).
- mm/memory: add non-anonymous page check in the copy_present_page() (bsc#1231646).
- rpm/scripts: Remove obsolete Symbols.list Symbols.list is not longer needed by the new klp-convert implementation. (bsc#1218644)
ImportantSUSE bug 1218644SUSE bug 1220382SUSE bug 1221309SUSE bug 1222590SUSE bug 1229808SUSE bug 1230220SUSE bug 1231646SUSE bug 1232187SUSE bug 1232312SUSE bug 1232860SUSE bug 1232907SUSE bug 1232919SUSE bug 1232928SUSE bug 1233070SUSE bug 1233214SUSE bug 1233293SUSE bug 1233453SUSE bug 1233456SUSE bug 1233463SUSE bug 1233468SUSE bug 1233479SUSE bug 1233490SUSE bug 1233491SUSE bug 1233555SUSE bug 1233557SUSE bug 1233561SUSE bug 1233977CVE-2023-52922 at SUSECVE-2023-52922 at NVDCVE-2024-26782 at SUSECVE-2024-26782 at NVDCVE-2024-44932 at SUSECVE-2024-44932 at NVDCVE-2024-44964 at SUSECVE-2024-44964 at NVDCVE-2024-47757 at SUSECVE-2024-47757 at NVDCVE-2024-50017 at SUSECVE-2024-50017 at NVDCVE-2024-50089 at SUSECVE-2024-50089 at NVDCVE-2024-50115 at SUSECVE-2024-50115 at NVDCVE-2024-50125 at SUSECVE-2024-50125 at NVDCVE-2024-50127 at SUSECVE-2024-50127 at NVDCVE-2024-50154 at SUSECVE-2024-50154 at NVDCVE-2024-50205 at SUSECVE-2024-50205 at NVDCVE-2024-50259 at SUSECVE-2024-50259 at NVDCVE-2024-50264 at SUSECVE-2024-50264 at NVDCVE-2024-50267 at SUSECVE-2024-50267 at NVDCVE-2024-50274 at SUSECVE-2024-50274 at NVDCVE-2024-50279 at SUSECVE-2024-50279 at NVDCVE-2024-50290 at SUSECVE-2024-50290 at NVDCVE-2024-50301 at SUSECVE-2024-50301 at NVDCVE-2024-50302 at SUSECVE-2024-50302 at NVDCVE-2024-53061 at SUSECVE-2024-53061 at NVDCVE-2024-53063 at SUSECVE-2024-53063 at NVDCVE-2024-53068 at SUSECVE-2024-53068 at NVDcpe:/o:suse:sle-micro:5.4Security update for libsoup2 (Important)SUSE Linux Enterprise Micro 5.4
This update for libsoup2 fixes the following issues:
- CVE-2024-52530: Fixed HTTP request smuggling via stripping null bytes from the ends of header names (bsc#1233285)
- CVE-2024-52531: Fixed buffer overflow via UTF-8 conversion in soup_header_parse_param_list_strict (bsc#1233292)
- CVE-2024-52532: Fixed infinite loop while reading websocket data (bsc#1233287)
ImportantSUSE bug 1233285SUSE bug 1233287SUSE bug 1233292CVE-2024-52530 at SUSECVE-2024-52530 at NVDCVE-2024-52531 at SUSECVE-2024-52531 at NVDCVE-2024-52532 at SUSECVE-2024-52532 at NVDcpe:/o:suse:sle-micro:5.4Security update for installation-images (Important)SUSE Linux Enterprise Micro 5.4
This update updates installation-images and tftpboot images to contain the latest shim for secure boot.
ImportantSUSE bug 1233813cpe:/o:suse:sle-micro:5.4Security update for curl (Moderate)SUSE Linux Enterprise Micro 5.4
This update for curl fixes the following issues:
- CVE-2024-11053: Fixed password leak in curl used for the first host to the followed-to host under certain circumstances (bsc#1234068)
ModerateSUSE bug 1234068CVE-2024-11053 at SUSECVE-2024-11053 at NVDcpe:/o:suse:sle-micro:5.4Security update for docker (Important)SUSE Linux Enterprise Micro 5.4
This update for docker fixes the following issues:
- Update docker-buildx to v0.19.2. See upstream changelog online at
<https://github.com/docker/buildx/releases/tag/v0.19.2>.
Some notable changelogs from the last update:
* <https://github.com/docker/buildx/releases/tag/v0.19.0>
* <https://github.com/docker/buildx/releases/tag/v0.18.0>
- Add a new toggle file /etc/docker/suse-secrets-enable which allows users to
disable the SUSEConnect integration with Docker (which creates special mounts
in /run/secrets to allow container-suseconnect to authenticate containers
with registries on registered hosts). bsc#1231348 bsc#1232999
In order to disable these mounts, just do
echo 0 > /etc/docker/suse-secrets-enable
and restart Docker. In order to re-enable them, just do
echo 1 > /etc/docker/suse-secrets-enable
and restart Docker. Docker will output information on startup to tell you
whether the SUSE secrets feature is enabled or not.
- Disable docker-buildx builds for SLES. It turns out that build containers
with docker-buildx don't currently get the SUSE secrets mounts applied,
meaning that container-suseconnect doesn't work when building images.
bsc#1233819
- Remove DOCKER_NETWORK_OPTS from docker.service. This was removed from
sysconfig a long time ago, and apparently this causes issues with systemd in
some cases.
- Allow a parallel docker-stable RPM to exists in repositories.
- Update to docker-buildx v0.17.1 to match standalone docker-buildx package we
are replacing. See upstream changelog online at
<https://github.com/docker/buildx/releases/tag/v0.17.1>
- Allow users to disable SUSE secrets support by setting
DOCKER_SUSE_SECRETS_ENABLE=0 in /etc/sysconfig/docker. (bsc#1231348)
- Mark docker-buildx as required since classic 'docker build' has been
deprecated since Docker 23.0. (bsc#1230331)
- Import docker-buildx v0.16.2 as a subpackage. Previously this was a separate
package, but with docker-stable it will be necessary to maintain the packages
together and it makes more sense to have them live in the same OBS package.
(bsc#1230333)
- Update to Docker 26.1.5-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/26.1/#2615>
bsc#1230294
- This update includes fixes for:
* CVE-2024-41110. bsc#1228324
* CVE-2023-47108. bsc#1217070 bsc#1229806
* CVE-2023-45142. bsc#1228553 bsc#1229806
- Update to Docker 26.1.4-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/26.1/#2614>
- Update to Docker 26.1.0-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/26.1/#2610>
- Update --add-runtime to point to correct binary path. ImportantSUSE bug 1217070SUSE bug 1228324SUSE bug 1228553SUSE bug 1229806SUSE bug 1230294SUSE bug 1230331SUSE bug 1230333SUSE bug 1231348SUSE bug 1232999SUSE bug 1233819CVE-2023-45142 at SUSECVE-2023-45142 at NVDCVE-2023-47108 at SUSECVE-2023-47108 at NVDCVE-2024-41110 at SUSECVE-2024-41110 at NVDcpe:/o:suse:sle-micro:5.4Security update for avahi (Moderate)SUSE Linux Enterprise Micro 5.4
This update for avahi fixes the following issues:
- CVE-2024-52616: Fixed Avahi Wide-Area DNS Predictable Transaction IDs (bsc#1233420)
Other fixes:
- no longer supply bogus services to callbacks (bsc#1226586).
ModerateSUSE bug 1226586SUSE bug 1233420CVE-2024-52616 at SUSECVE-2024-52616 at NVDcpe:/o:suse:sle-micro:5.4Security update for suse-build-key (Important)SUSE Linux Enterprise Micro 5.4
This update for suse-build-key fixes the following issues:
This update runs a import-suse-build-key script.
The previous libzypp-post-script based installation is replaced
with a systemd timer and service (bsc#1217215 bsc#1216410 jsc#PED-2777).
- suse-build-key-import.service
- suse-build-key-import.timer
It imports the future SUSE Linux Enterprise 15 4096 bit RSA key primary and reserve keys.
After successful import the timer is disabled.
To manually import them you can also run:
# rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-3fa1d6ce-63c9481c.asc
# rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-d588dc46-63c939db.asc
Bugfix added since last update:
- run rpm commands in import script only when libzypp is not
active. bsc#1219189 bsc#1219123
ImportantSUSE bug 1219123SUSE bug 1219189cpe:/o:suse:sle-micro:5.4Security update for gcc13 (Important)SUSE Linux Enterprise Micro 5.4
This update for gcc13 fixes the following issues:
This update ship the GCC 13.2 compiler suite and its base libraries.
The compiler base libraries are provided for all SUSE Linux Enterprise 15
versions and replace the same named GCC 12 ones.
The new compilers for C, C++, and Fortran are provided for SUSE Linux
Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module.
The Go, D, Ada and Modula 2 language compiler parts are available
unsupported via the PackageHub repositories.
To use gcc13 compilers use:
- install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages.
- override your Makefile to use CC=gcc-13, CXX=g++-13 and similar overrides for the other languages.
For a full changelog with all new GCC13 features, check out
https://gcc.gnu.org/gcc-13/changes.html
Detailed changes:
* CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable
length stack allocations. (bsc#1214052)
- Work around third party app crash during C++ standard library initialization. [bsc#1216664]
- Fixed that GCC13 fails to compile some packages with error: unrecognizable insn (bsc#1215427)
- Bump included newlib to version 4.3.0.
- Update to GCC trunk head (r13-5254-g05b9868b182bb9)
- Redo floatn fixinclude pick-up to simply keep what is there.
- Turn cross compiler to s390x to a glibc cross. [bsc#1214460]
- Also handle -static-pie in the default-PIE specs
- Fixed missed optimization in Skia resulting in Firefox crashes when
building with LTO. [bsc#1212101]
- Make libstdc++6-devel packages own their directories since they
can be installed standalone. [bsc#1211427]
- Add new x86-related intrinsics (amxcomplexintrin.h).
- RISC-V: Add support for inlining subword atomic operations
- Use --enable-link-serialization rather that --enable-link-mutex,
the benefit of the former one is that the linker jobs are not
holding tokens of the make's jobserver.
- Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd
for the general state of BPF with GCC.
- Add bootstrap conditional to allow --without=bootstrap to be
specified to speed up local builds for testing.
- Bump included newlib to version 4.3.0.
- Also package libhwasan_preinit.o on aarch64.
- Configure external timezone database provided by the timezone
package. Make libstdc++6 recommend timezone to get a fully
working std::chrono. Install timezone when running the testsuite.
- Package libhwasan_preinit.o on x86_64.
- Fixed unwinding on aarch64 with pointer signing. [bsc#1206684]
- Enable PRU flavour for gcc13
- update floatn fixinclude pickup to check each header separately (bsc#1206480)
- Redo floatn fixinclude pick-up to simply keep what is there.
- Bump libgo SONAME to libgo22.
- Do not package libhwasan for biarch (32-bit architecture)
as the extension depends on 64-bit pointers.
- Adjust floatn fixincludes guard to work with SLE12 and earlier
SLE15.
- Depend on at least LLVM 13 for GCN cross compiler.
- Update embedded newlib to version 4.2.0
- Allow cross-pru-gcc12-bootstrap for armv7l architecture.
PRU architecture is used for real-time MCUs embedded into TI
armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for
armv7l in order to build both host applications and PRU firmware
during the same build.
ImportantSUSE bug 1206480SUSE bug 1206684SUSE bug 1210557SUSE bug 1211427SUSE bug 1212101SUSE bug 1213915SUSE bug 1214052SUSE bug 1214460SUSE bug 1215427SUSE bug 1216664CVE-2023-4039 at SUSECVE-2023-4039 at NVDcpe:/o:suse:sle-micro:5.4Security update for runc (Important)SUSE Linux Enterprise Micro 5.4
This update for runc fixes the following issues:
- Update to runc v1.1.12 (bsc#1218894)
The following CVE was already fixed with the previous release.
- CVE-2024-21626: Fixed container breakout.
ImportantSUSE bug 1218894CVE-2024-21626 at SUSECVE-2024-21626 at NVDcpe:/o:suse:sle-micro:5.4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.4
The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2024-0340: Fixed information disclosure in vhost/vhost.c:vhost_new_msg() (bsc#1218689).
- CVE-2024-24860: Fixed a denial of service caused by a race condition in {min,max}_key_size_set() (bsc#1219608).
- CVE-2024-1085: Fixed nf_tables use-after-free vulnerability in the nft_setelem_catchall_deactivate() function (bsc#1219429).
- CVE-2024-1086: Fixed a use-after-free vulnerability inside the nf_tables component that could have been exploited to achieve local privilege escalation (bsc#1219434).
- CVE-2023-51042: Fixed use-after-free in amdgpu_cs_wait_all_fences in drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c (bsc#1219128).
- CVE-2023-51780: Fixed a use-after-free in do_vcc_ioctl in net/atm/ioctl.c, because of a vcc_recvmsg race condition (bsc#1218730).
- CVE-2023-46838: Fixed an issue with Xen netback processing of zero-length transmit fragment (bsc#1218836).
- CVE-2021-33631: Fixed an integer overflow in ext4_write_inline_data_end() (bsc#1219412).
- CVE-2023-6535: Fixed a NULL pointer dereference in nvmet_tcp_execute_request (bsc#1217988).
- CVE-2023-6536: Fixed a NULL pointer dereference in __nvmet_req_complete (bsc#1217989).
- CVE-2023-6356: Fixed a NULL pointer dereference in nvmet_tcp_build_pdu_iovec (bsc#1217987).
- CVE-2023-47233: Fixed a use-after-free in the device unplugging (disconnect the USB by hotplug) code inside the brcm80211 component (bsc#1216702).
- CVE-2023-51043: Fixed use-after-free during a race condition between a nonblocking atomic commit and a driver unload in drivers/gpu/drm/drm_atomic.c (bsc#1219120).
- CVE-2024-0775: Fixed use-after-free in __ext4_remount in fs/ext4/super.c that could allow a local user to cause an information leak problem while freeing the old quota file names before a potential failure (bsc#1219053).
- CVE-2023-6040: Fixed an out-of-bounds access vulnerability while creating a new netfilter table, lack of a safeguard against invalid nf_tables family (pf) values within `nf_tables_newtable` function (bsc#1218752).
- CVE-2024-0641: Fixed a denial of service vulnerability in tipc_crypto_key_revoke in net/tipc/crypto.c (bsc#1218916).
- CVE-2024-0565: Fixed an out-of-bounds memory read flaw in receive_encrypted_standard in fs/smb/client/smb2ops.c (bsc#1218832).
- CVE-2023-6915: Fixed a NULL pointer dereference problem in ida_free in lib/idr.c (bsc#1218804).
- CVE-2023-51782: Fixed use-after-free in rose_ioctl in net/rose/af_rose.c because of a rose_accept race condition (bsc#1218757).
The following non-security bugs were fixed:
- Store the old kernel changelog entries in kernel-docs package (bsc#1218713).
- bcache: Fix __bch_btree_node_alloc to make the failure behavior consistent (git-fixes).
- bcache: Remove unnecessary NULL point check in node allocations (git-fixes).
- bcache: add code comments for bch_btree_node_get() and __bch_btree_node_alloc() (git-fixes).
- bcache: avoid NULL checking to c->root in run_cache_set() (git-fixes).
- bcache: avoid oversize memory allocation by small stripe_size (git-fixes).
- bcache: check return value from btree_node_alloc_replacement() (git-fixes).
- bcache: fixup btree_cache_wait list damage (git-fixes).
- bcache: fixup init dirty data errors (git-fixes).
- bcache: fixup lock c->root error (git-fixes).
- bcache: fixup multi-threaded bch_sectors_dirty_init() wake-up race (git-fixes).
- bcache: prevent potential division by zero error (git-fixes).
- bcache: remove redundant assignment to variable cur_idx (git-fixes).
- bcache: replace a mistaken IS_ERR() by IS_ERR_OR_NULL() in btree_gc_coalesce() (git-fixes).
- bcache: revert replacing IS_ERR_OR_NULL with IS_ERR (git-fixes).
- block: Fix kabi header include (bsc#1218929).
- block: free the extended dev_t minor later (bsc#1218930).
- clocksource: Skip watchdog check for large watchdog intervals (bsc#1217217).
- clocksource: disable watchdog checks on TSC when TSC is watchdog (bsc#1215885).
- dm cache policy smq: ensure IO does not prevent cleaner policy progress (git-fixes).
- dm cache: add cond_resched() to various workqueue loops (git-fixes).
- dm clone: call kmem_cache_destroy() in dm_clone_init() error path (git-fixes).
- dm crypt: add cond_resched() to dmcrypt_write() (git-fixes).
- dm crypt: avoid accessing uninitialized tasklet (git-fixes).
- dm flakey: do not corrupt the zero page (git-fixes).
- dm flakey: fix a crash with invalid table line (git-fixes).
- dm flakey: fix logic when corrupting a bio (git-fixes).
- dm init: add dm-mod.waitfor to wait for asynchronously probed block devices (git-fixes).
- dm integrity: call kmem_cache_destroy() in dm_integrity_init() error path (git-fixes).
- dm integrity: reduce vmalloc space footprint on 32-bit architectures (git-fixes).
- dm raid: clean up four equivalent goto tags in raid_ctr() (git-fixes).
- dm raid: fix missing reconfig_mutex unlock in raid_ctr() error paths (git-fixes).
- dm stats: check for and propagate alloc_percpu failure (git-fixes).
- dm thin metadata: Fix ABBA deadlock by resetting dm_bufio_client (git-fixes).
- dm thin metadata: check fail_io before using data_sm (git-fixes).
- dm thin: add cond_resched() to various workqueue loops (git-fixes).
- dm thin: fix deadlock when swapping to thin device (bsc#1177529).
- dm verity: do not perform FEC for failed readahead IO (git-fixes).
- dm verity: fix error handling for check_at_most_once on FEC (git-fixes).
- dm verity: skip redundant verity_handle_err() on I/O errors (git-fixes).
- dm zoned: free dmz->ddev array in dmz_put_zoned_devices (git-fixes).
- dm-delay: fix a race between delay_presuspend and delay_bio (git-fixes).
- dm-integrity: do not modify bio's immutable bio_vec in integrity_metadata() (git-fixes).
- dm-verity: align struct dm_verity_fec_io properly (git-fixes).
- dm: add cond_resched() to dm_wq_work() (git-fixes).
- dm: do not lock fs when the map is NULL during suspend or resume (git-fixes).
- dm: do not lock fs when the map is NULL in process of resume (git-fixes).
- dm: remove flush_scheduled_work() during local_exit() (git-fixes).
- dm: send just one event on resize, not two (git-fixes).
- doc/README.KSYMS: Add to repo.
- hv_netvsc: rndis_filter needs to select NLS (git-fixes).
- intel_idle: add Emerald Rapids Xeon support (bsc#1216016).
- kabi, vmstat: skip periodic vmstat update for isolated CPUs (bsc#1217895).
- kernel-source: Fix description typo
- loop: suppress uevents while reconfiguring the device (git-fixes).
- nbd: Fix debugfs_create_dir error checking (git-fixes).
- nbd: fix incomplete validation of ioctl arg (git-fixes).
- nbd: use the correct block_device in nbd_bdev_reset (git-fixes).
- nfsd4: add refcount for nfsd4_blocked_lock (bsc#1218968 bsc#1219349).
- nfsd: fix RELEASE_LOCKOWNER (bsc#1218968).
- null_blk: Always check queue mode setting from configfs (git-fixes).
- powerpc/pseries/iommu: enable_ddw incorrectly returns direct mapping for SR-IOV device (bsc#1212091 ltc#199106 git-fixes).
- rbd: avoid use-after-free in do_rbd_add() when rbd_dev_create() fails (git-fixes).
- rbd: decouple header read-in from updating rbd_dev->header (git-fixes).
- rbd: decouple parent info read-in from updating rbd_dev (git-fixes).
- rbd: get snapshot context after exclusive lock is ensured to be held (git-fixes).
- rbd: harden get_lock_owner_info() a bit (git-fixes).
- rbd: make get_lock_owner_info() return a single locker or NULL (git-fixes).
- rbd: move RBD_OBJ_FLAG_COPYUP_ENABLED flag setting (git-fixes).
- rbd: move rbd_dev_refresh() definition (git-fixes).
- rbd: prevent busy loop when requesting exclusive lock (git-fixes).
- rbd: retrieve and check lock owner twice before blocklisting (git-fixes).
- rbd: take header_rwsem in rbd_dev_refresh() only when updating (git-fixes).
- sched/isolation: add cpu_is_isolated() API (bsc#1217895).
- scsi: ibmvfc: Implement channel queue depth and event buffer accounting (bsc#1209834 ltc#202097).
- scsi: ibmvfc: Remove BUG_ON in the case of an empty event pool (bsc#1209834 ltc#202097).
- trace,smp: Add tracepoints around remotelly called functions (bsc#1217895).
- vmstat: skip periodic vmstat update for isolated CPUs (bsc#1217895).
ImportantSUSE bug 1108281SUSE bug 1177529SUSE bug 1209834SUSE bug 1212091SUSE bug 1215885SUSE bug 1216016SUSE bug 1216702SUSE bug 1217217SUSE bug 1217670SUSE bug 1217895SUSE bug 1217987SUSE bug 1217988SUSE bug 1217989SUSE bug 1218689SUSE bug 1218713SUSE bug 1218730SUSE bug 1218752SUSE bug 1218757SUSE bug 1218768SUSE bug 1218804SUSE bug 1218832SUSE bug 1218836SUSE bug 1218916SUSE bug 1218929SUSE bug 1218930SUSE bug 1218968SUSE bug 1219053SUSE bug 1219120SUSE bug 1219128SUSE bug 1219349SUSE bug 1219412SUSE bug 1219429SUSE bug 1219434SUSE bug 1219490SUSE bug 1219608CVE-2021-33631 at SUSECVE-2021-33631 at NVDCVE-2023-46838 at SUSECVE-2023-46838 at NVDCVE-2023-47233 at SUSECVE-2023-47233 at NVDCVE-2023-51042 at SUSECVE-2023-51042 at NVDCVE-2023-51043 at SUSECVE-2023-51043 at NVDCVE-2023-51780 at SUSECVE-2023-51780 at NVDCVE-2023-51782 at SUSECVE-2023-51782 at NVDCVE-2023-6040 at SUSECVE-2023-6040 at NVDCVE-2023-6356 at SUSECVE-2023-6356 at NVDCVE-2023-6535 at SUSECVE-2023-6535 at NVDCVE-2023-6536 at SUSECVE-2023-6536 at NVDCVE-2023-6915 at SUSECVE-2023-6915 at NVDCVE-2024-0340 at SUSECVE-2024-0340 at NVDCVE-2024-0565 at SUSECVE-2024-0565 at NVDCVE-2024-0641 at SUSECVE-2024-0641 at NVDCVE-2024-0775 at SUSECVE-2024-0775 at NVDCVE-2024-1085 at SUSECVE-2024-1085 at NVDCVE-2024-1086 at SUSECVE-2024-1086 at NVDCVE-2024-24860 at SUSECVE-2024-24860 at NVDcpe:/o:suse:sle-micro:5.4Security update for salt (Important)SUSE Linux Enterprise Micro 5.4
This update for salt fixes the following issues:
Security issues fixed:
- CVE-2024-22231: Prevent directory traversal when creating syndic cache directory
on the master (bsc#1219430)
- CVE-2024-22232: Prevent directory traversal attacks in the master's serve_file
method (bsc#1219431)
Bugs fixed:
- Ensure that pillar refresh loads beacons from pillar without restart
- Fix the aptpkg.py unit test failure
- Prefer unittest.mock to python-mock in test suite
- Enable 'KeepAlive' probes for Salt SSH executions (bsc#1211649)
- Revert changes to set Salt configured user early in the stack (bsc#1216284)
- Align behavior of some modules when using salt-call via symlink (bsc#1215963)
- Fix gitfs '__env__' and improve cache cleaning (bsc#1193948)
- Remove python-boto dependency for the python3-salt-testsuite package for Tumbleweed
ImportantSUSE bug 1193948SUSE bug 1211649SUSE bug 1215963SUSE bug 1216284SUSE bug 1219430SUSE bug 1219431CVE-2024-22231 at SUSECVE-2024-22231 at NVDCVE-2024-22232 at SUSECVE-2024-22232 at NVDcpe:/o:suse:sle-micro:5.4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.4
The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2024-1085: Fixed nf_tables use-after-free vulnerability in the nft_setelem_catchall_deactivate() function (bsc#1219429).
- CVE-2024-1086: Fixed a use-after-free vulnerability inside the nf_tables component that could have been exploited to achieve local privilege escalation (bsc#1219434).
- CVE-2023-51042: Fixed use-after-free in amdgpu_cs_wait_all_fences in drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c (bsc#1219128).
- CVE-2023-51780: Fixed a use-after-free in do_vcc_ioctl in net/atm/ioctl.c, because of a vcc_recvmsg race condition (bsc#1218730).
- CVE-2023-46838: Fixed an issue with Xen netback processing of zero-length transmit fragment (bsc#1218836).
- CVE-2021-33631: Fixed an integer overflow in ext4_write_inline_data_end() (bsc#1219412).
- CVE-2023-6535: Fixed a NULL pointer dereference in nvmet_tcp_execute_request (bsc#1217988).
- CVE-2023-6536: Fixed a NULL pointer dereference in __nvmet_req_complete (bsc#1217989).
- CVE-2023-6356: Fixed a NULL pointer dereference in nvmet_tcp_build_pdu_iovec (bsc#1217987).
- CVE-2023-47233: Fixed a use-after-free in the device unplugging (disconnect the USB by hotplug) code inside the brcm80211 component (bsc#1216702).
- CVE-2023-4921: Fixed a use-after-free vulnerability in the QFQ network scheduler which could be exploited to achieve local privilege escalation (bsc#1215275).
- CVE-2023-51043: Fixed use-after-free during a race condition between a nonblocking atomic commit and a driver unload in drivers/gpu/drm/drm_atomic.c (bsc#1219120).
- CVE-2024-0775: Fixed use-after-free in __ext4_remount in fs/ext4/super.c that could allow a local user to cause an information leak problem while freeing the old quota file names before a potential failure (bsc#1219053).
- CVE-2023-6040: Fixed an out-of-bounds access vulnerability while creating a new netfilter table, lack of a safeguard against invalid nf_tables family (pf) values within `nf_tables_newtable` function (bsc#1218752).
- CVE-2024-0641: Fixed a denial of service vulnerability in tipc_crypto_key_revoke in net/tipc/crypto.c (bsc#1218916).
- CVE-2024-0565: Fixed an out-of-bounds memory read flaw in receive_encrypted_standard in fs/smb/client/smb2ops.c (bsc#1218832).
- CVE-2023-6915: Fixed a NULL pointer dereference problem in ida_free in lib/idr.c (bsc#1218804).
- CVE-2023-51782: Fixed use-after-free in rose_ioctl in net/rose/af_rose.c because of a rose_accept race condition (bsc#1218757).
- CVE-2024-0340: Fixed information disclosure in vhost/vhost.c:vhost_new_msg() (bsc#1218689).
- CVE-2024-24860: Fixed a denial of service caused by a race condition in {min,max}_key_size_set() (bsc#1219608).
The following non-security bugs were fixed:
- Store the old kernel changelog entries in kernel-docs package (bsc#1218713).
- bcache: Fix __bch_btree_node_alloc to make the failure behavior consistent (git-fixes).
- bcache: Remove unnecessary NULL point check in node allocations (git-fixes).
- bcache: add code comments for bch_btree_node_get() and __bch_btree_node_alloc() (git-fixes).
- bcache: avoid NULL checking to c->root in run_cache_set() (git-fixes).
- bcache: avoid oversize memory allocation by small stripe_size (git-fixes).
- bcache: check return value from btree_node_alloc_replacement() (git-fixes).
- bcache: fixup btree_cache_wait list damage (git-fixes).
- bcache: fixup init dirty data errors (git-fixes).
- bcache: fixup lock c->root error (git-fixes).
- bcache: fixup multi-threaded bch_sectors_dirty_init() wake-up race (git-fixes).
- bcache: prevent potential division by zero error (git-fixes).
- bcache: remove redundant assignment to variable cur_idx (git-fixes).
- bcache: replace a mistaken IS_ERR() by IS_ERR_OR_NULL() in btree_gc_coalesce() (git-fixes).
- bcache: revert replacing IS_ERR_OR_NULL with IS_ERR (git-fixes).
- block: Fix kabi header include (bsc#1218929).
- block: free the extended dev_t minor later (bsc#1218930).
- clocksource: Skip watchdog check for large watchdog intervals (bsc#1217217).
- clocksource: disable watchdog checks on TSC when TSC is watchdog (bsc#1215885).
- dm cache policy smq: ensure IO does not prevent cleaner policy progress (git-fixes).
- dm cache: add cond_resched() to various workqueue loops (git-fixes).
- dm clone: call kmem_cache_destroy() in dm_clone_init() error path (git-fixes).
- dm crypt: add cond_resched() to dmcrypt_write() (git-fixes).
- dm crypt: avoid accessing uninitialized tasklet (git-fixes).
- dm flakey: do not corrupt the zero page (git-fixes).
- dm flakey: fix a crash with invalid table line (git-fixes).
- dm flakey: fix logic when corrupting a bio (git-fixes).
- dm init: add dm-mod.waitfor to wait for asynchronously probed block devices (git-fixes).
- dm integrity: call kmem_cache_destroy() in dm_integrity_init() error path (git-fixes).
- dm integrity: reduce vmalloc space footprint on 32-bit architectures (git-fixes).
- dm raid: clean up four equivalent goto tags in raid_ctr() (git-fixes).
- dm raid: fix missing reconfig_mutex unlock in raid_ctr() error paths (git-fixes).
- dm stats: check for and propagate alloc_percpu failure (git-fixes).
- dm thin metadata: Fix ABBA deadlock by resetting dm_bufio_client (git-fixes).
- dm thin metadata: check fail_io before using data_sm (git-fixes).
- dm thin: add cond_resched() to various workqueue loops (git-fixes).
- dm thin: fix deadlock when swapping to thin device (bsc#1177529).
- dm verity: do not perform FEC for failed readahead IO (git-fixes).
- dm verity: fix error handling for check_at_most_once on FEC (git-fixes).
- dm verity: skip redundant verity_handle_err() on I/O errors (git-fixes).
- dm zoned: free dmz->ddev array in dmz_put_zoned_devices (git-fixes).
- dm-delay: fix a race between delay_presuspend and delay_bio (git-fixes).
- dm-integrity: do not modify bio's immutable bio_vec in integrity_metadata() (git-fixes).
- dm-verity: align struct dm_verity_fec_io properly (git-fixes).
- dm: add cond_resched() to dm_wq_work() (git-fixes).
- dm: do not lock fs when the map is NULL during suspend or resume (git-fixes).
- dm: do not lock fs when the map is NULL in process of resume (git-fixes).
- dm: remove flush_scheduled_work() during local_exit() (git-fixes).
- dm: send just one event on resize, not two (git-fixes).
- doc/README.KSYMS: Add to repo.
- hv_netvsc: rndis_filter needs to select NLS (git-fixes).
- intel_idle: add Emerald Rapids Xeon support (bsc#1216016).
- kabi, vmstat: skip periodic vmstat update for isolated CPUs (bsc#1217895).
- loop: suppress uevents while reconfiguring the device (git-fixes).
- nbd: Fix debugfs_create_dir error checking (git-fixes).
- nbd: fix incomplete validation of ioctl arg (git-fixes).
- nbd: use the correct block_device in nbd_bdev_reset (git-fixes).
- nfsd: fix RELEASE_LOCKOWNER (bsc#1218968).
- nfsd4: add refcount for nfsd4_blocked_lock (bsc#1218968 bsc#1219349).
- null_blk: Always check queue mode setting from configfs (git-fixes).
- powerpc/pseries/iommu: enable_ddw incorrectly returns direct mapping for SR-IOV device (bsc#1212091 ltc#199106 git-fixes).
- rbd: avoid use-after-free in do_rbd_add() when rbd_dev_create() fails (git-fixes).
- rbd: decouple header read-in from updating rbd_dev->header (git-fixes).
- rbd: decouple parent info read-in from updating rbd_dev (git-fixes).
- rbd: get snapshot context after exclusive lock is ensured to be held (git-fixes).
- rbd: harden get_lock_owner_info() a bit (git-fixes).
- rbd: make get_lock_owner_info() return a single locker or NULL (git-fixes).
- rbd: move RBD_OBJ_FLAG_COPYUP_ENABLED flag setting (git-fixes).
- rbd: move rbd_dev_refresh() definition (git-fixes).
- rbd: prevent busy loop when requesting exclusive lock (git-fixes).
- rbd: retrieve and check lock owner twice before blocklisting (git-fixes).
- rbd: take header_rwsem in rbd_dev_refresh() only when updating (git-fixes).
- sched/isolation: add cpu_is_isolated() API (bsc#1217895).
- scsi: ibmvfc: Implement channel queue depth and event buffer accounting (bsc#1209834 ltc#202097).
- scsi: ibmvfc: Remove BUG_ON in the case of an empty event pool (bsc#1209834 ltc#202097).
- trace,smp: Add tracepoints around remotelly called functions (bsc#1217895).
- vmstat: skip periodic vmstat update for isolated CPUs (bsc#1217895).
ImportantSUSE bug 1108281SUSE bug 1177529SUSE bug 1209834SUSE bug 1212091SUSE bug 1215275SUSE bug 1215885SUSE bug 1216016SUSE bug 1216702SUSE bug 1217217SUSE bug 1217670SUSE bug 1217895SUSE bug 1217987SUSE bug 1217988SUSE bug 1217989SUSE bug 1218689SUSE bug 1218713SUSE bug 1218730SUSE bug 1218752SUSE bug 1218757SUSE bug 1218768SUSE bug 1218804SUSE bug 1218832SUSE bug 1218836SUSE bug 1218916SUSE bug 1218929SUSE bug 1218930SUSE bug 1218968SUSE bug 1219053SUSE bug 1219120SUSE bug 1219128SUSE bug 1219349SUSE bug 1219412SUSE bug 1219429SUSE bug 1219434SUSE bug 1219490SUSE bug 1219608CVE-2021-33631 at SUSECVE-2021-33631 at NVDCVE-2023-46838 at SUSECVE-2023-46838 at NVDCVE-2023-47233 at SUSECVE-2023-47233 at NVDCVE-2023-4921 at SUSECVE-2023-4921 at NVDCVE-2023-51042 at SUSECVE-2023-51042 at NVDCVE-2023-51043 at SUSECVE-2023-51043 at NVDCVE-2023-51780 at SUSECVE-2023-51780 at NVDCVE-2023-51782 at SUSECVE-2023-51782 at NVDCVE-2023-6040 at SUSECVE-2023-6040 at NVDCVE-2023-6356 at SUSECVE-2023-6356 at NVDCVE-2023-6535 at SUSECVE-2023-6535 at NVDCVE-2023-6536 at SUSECVE-2023-6536 at NVDCVE-2023-6915 at SUSECVE-2023-6915 at NVDCVE-2024-0340 at SUSECVE-2024-0340 at NVDCVE-2024-0565 at SUSECVE-2024-0565 at NVDCVE-2024-0641 at SUSECVE-2024-0641 at NVDCVE-2024-0775 at SUSECVE-2024-0775 at NVDCVE-2024-1085 at SUSECVE-2024-1085 at NVDCVE-2024-1086 at SUSECVE-2024-1086 at NVDCVE-2024-24860 at SUSECVE-2024-24860 at NVDcpe:/o:suse:sle-micro:5.4Security update for openssl-3 (Moderate)SUSE Linux Enterprise Micro 5.4
This update for openssl-3 fixes the following issues:
- CVE-2023-6129: Fixed vector register clobbering on PowerPC. (bsc#1218690)
- CVE-2023-6237: Fixed excessive time spent checking invalid RSA public keys. (bsc#1218810)
- CVE-2024-0727: Denial of service when processing a maliciously formatted PKCS12 file (bsc#1219243).
ModerateSUSE bug 1218690SUSE bug 1218810SUSE bug 1219243CVE-2023-6129 at SUSECVE-2023-6129 at NVDCVE-2023-6237 at SUSECVE-2023-6237 at NVDCVE-2024-0727 at SUSECVE-2024-0727 at NVDcpe:/o:suse:sle-micro:5.4Security update for libssh2_org (Important)SUSE Linux Enterprise Micro 5.4
This update for libssh2_org fixes the following issues:
- Always add the KEX pseudo-methods 'ext-info-c' and 'kex-strict-c-v00@openssh.com'
when configuring custom method list. [bsc#1218971, CVE-2023-48795]
* The strict-kex extension is announced in the list of available
KEX methods. However, when the default KEX method list is modified
or replaced, the extension is not added back automatically.
ImportantSUSE bug 1218971CVE-2023-48795 at SUSECVE-2023-48795 at NVDcpe:/o:suse:sle-micro:5.4Security update for abseil-cpp, grpc, opencensus-proto, protobuf, python-abseil, python-grpcio, re2 (Moderate)SUSE Linux Enterprise Micro 5.4
This update for abseil-cpp, grpc, opencensus-proto, protobuf, python-abseil, python-grpcio, re2 fixes the following issues:
abseil-cpp was updated to:
Update to 20230802.1:
* Add StdcppWaiter to the end of the list of waiter implementations
Update to 20230802.0
What's New:
* Added the nullability library for designating the expected
nullability of pointers. Currently these serve as annotations
only, but it is expected that compilers will one day be able
to use these annotations for diagnostic purposes.
* Added the prefetch library as a portable layer for moving data
into caches before it is read.
* Abseil's hash tables now detect many more programming errors
in debug and sanitizer builds.
* Abseil's synchronization objects now differentiate absolute
waits (when passed an absl::Time) from relative waits (when
passed an absl::Duration) when the underlying platform supports
differentiating these cases. This only makes a difference when
system clocks are adjusted.
* Abseil's flag parsing library includes additional methods that
make it easier to use when another library also expects to be
able to parse flags.
* absl::string_view is now available as a smaller target,
@com_google_absl//absl/strings:string_view, so that users may
use this library without depending on the much larger
@com_google_absl//absl/strings target.
Update to 20230125.3
Details can be found on:
https://github.com/abseil/abseil-cpp/releases/tag/20230125.3
Update to 20230125.2
What's New:
The Abseil logging library has been released. This library
provides facilities for writing short text messages about the
status of a program to stderr, disk files, or other sinks
(via an extension API). See the logging library documentation
for more information.
An extension point, AbslStringify(), allows user-defined types
to seamlessly work with Abseil's string formatting functions
like absl::StrCat() and absl::StrFormat().
A library for computing CRC32C checksums has been added.
Floating-point parsing now uses the Eisel-Lemire algorithm,
which provides a significant speed improvement.
The flags library now provides suggestions for the closest
flag(s) in the case of misspelled flags.
Using CMake to install Abseil now makes the installed artifacts
(in particular absl/base/options.h) reflect the compiled ABI.
Breaking Changes:
Abseil now requires at least C++14 and follows Google's Foundational
C++ Support Policy. See this table for a list of currently supported
versions compilers, platforms, and build tools.
The legacy spellings of the thread annotation macros/functions
(e.g. GUARDED_BY()) have been removed by default in favor of the
ABSL_ prefixed versions (e.g. ABSL_GUARDED_BY()) due to clashes with
other libraries. The compatibility macro ABSL_LEGACY_THREAD_ANNOTATIONS
can be defined on the compile command-line to temporarily restore these
spellings, but this compatibility macro will be removed in the future.
Known Issues
The Abseil logging library in this release is not a feature-complete
replacement for glog yet. VLOG and DFATAL are examples of features
that have not yet been released.
Update to version 20220623.0
What's New:
* Added absl::AnyInvocable, a move-only function type.
* Added absl::CordBuffer, a type for buffering data for eventual inclusion an
absl::Cord, which is useful for writing zero-copy code.
* Added support for command-line flags of type absl::optional<T>.
Breaking Changes:
* CMake builds now use the flag ABSL_BUILD_TESTING (default: OFF) to control
whether or not unit tests are built.
* The ABSL_DEPRECATED macro now works with the GCC compiler. GCC users that
are experiencing new warnings can use -Wno-deprecated-declatations silence
the warnings or use -Wno-error=deprecated-declarations to see warnings but
not fail the build.
* ABSL_CONST_INIT uses the C++20 keyword constinit when available. Some
compilers are more strict about where this keyword must appear compared to
the pre-C++20 implementation.
* Bazel builds now depend on the bazelbuild/bazel-skylib repository.
See Abseil's WORKSPACE file for an example of how to add this dependency.
Other:
* This will be the last release to support C++11. Future releases will require at least C++14.
grpc was updated to 1.60:
Update to release 1.60
* Implemented dualstack IPv4 and IPv6 backend support, as per
draft gRFC A61. xDS support currently guarded by
GRPC_EXPERIMENTAL_XDS_DUALSTACK_ENDPOINTS env var.
* Support for setting proxy for addresses.
* Add v1 reflection.
update to 1.59.3:
* Security - Revocation: Crl backport to 1.59. (#34926)
Update to release 1.59.2
* Fixes for CVE-2023-44487
Update to version 1.59.1:
* C++: Fix MakeCordFromSlice memory bug (gh#grpc/grpc#34552).
Update to version 1.59.0:
* xds ssa: Remove environment variable protection for stateful
affinity (gh#grpc/grpc#34435).
* c-ares: fix spin loop bug when c-ares gives up on a socket
that still has data left in its read buffer
(gh#grpc/grpc#34185).
* Deps: Adding upb as a submodule (gh#grpc/grpc#34199).
* EventEngine: Update Cancel contract on closure deletion
timeline (gh#grpc/grpc#34167).
* csharp codegen: Handle empty base_namespace option value to
fix gh#grpc/grpc#34113 (gh#grpc/grpc#34137).
* Ruby:
- replace strdup with gpr_strdup (gh#grpc/grpc#34177).
- drop ruby 2.6 support (gh#grpc/grpc#34198).
Update to release 1.58.1
* Reintroduced c-ares 1.14 or later support
Update to release 1.58
* ruby extension: remove unnecessary background thread startup
wait logic that interferes with forking
Update to release 1.57 (CVE-2023-4785, bsc#1215334, CVE-2023-33953, bsc#1214148)
* EventEngine: Change GetDNSResolver to return
absl::StatusOr<std::unique_ptr<DNSResolver>>.
* Improve server handling of file descriptor exhaustion.
* Add a channel argument to set DSCP on streams.
Update to release 1.56.2
* Improve server handling of file descriptor exhaustion
Update to release 1.56.0 (CVE-2023-32731, bsc#1212180)
* core: Add support for vsock transport.
* EventEngine: Change TXT lookup result type to
std::vector<std::string>.
* C++/Authz: support customizable audit functionality for
authorization policy.
Update to release 1.54.1
* Bring declarations and definitions to be in sync
Update to release 1.54 (CVE-2023-32732, bsc#1212182)
* XDS: enable XDS federation by default
* TlsCreds: Support revocation of intermediate in chain
Update to release 1.51.1
* Only a macOS/aarch64-related change
Update to release 1.51
* c-ares DNS resolver: fix logical race between resolution
timeout/cancellation and fd readability.
* Remove support for pthread TLS
Update to release 1.50.0
* Core
- Derive EventEngine from std::enable_shared_from_this. (#31060)
- Revert 'Revert '[chttp2] fix stream leak with queued flow control
update and absence of writes (#30907)' (#30991)'. (#30992)
- [chttp2] fix stream leak with queued flow control update and absence of writes. (#30907)
- Remove gpr_codegen. (#30899)
- client_channel: allow LB policy to communicate update errors to resolver. (#30809)
- FaultInjection: Fix random number generation. (#30623)
* C++
- OpenCensus Plugin: Add measure and views for started RPCs. (#31034)
* C#
- Grpc.Tools: Parse warnings from libprotobuf (fix #27502). (#30371)
- Grpc.Tools add support for env variable GRPC_PROTOC_PLUGIN (fix #27099). (#30411)
- Grpc.Tools document AdditionalImportDirs. (#30405)
- Fix OutputOptions and GrpcOutputOptions (issue #25950). (#30410)
Update to release 1.49.1
* All
- Update protobuf to v21.6 on 1.49.x. (#31028)
* Ruby
- Backport 'Fix ruby windows ucrt build #31051' to 1.49.x. (#31053)
Update to release 1.49.0
* Core
- Backport: 'stabilize the C2P resolver URI scheme' to v1.49.x. (#30654)
- Bump core version. (#30588)
- Update OpenCensus to HEAD. (#30567)
- Update protobuf submodule to 3.21.5. (#30548)
- Update third_party/protobuf to 3.21.4. (#30377)
- [core] Remove GRPC_INITIAL_METADATA_CORKED flag. (#30443)
- HTTP2: Fix keepalive time throttling. (#30164)
- Use AnyInvocable in EventEngine APIs. (#30220)
* Python
- Add type stub generation support to grpcio-tools. (#30498)
Update to release 1.48.1
* Backport EventEngine Forkables
Update to release 1.48.0
* C++14 is now required
* xDS: Workaround to get gRPC clients working with istio
Update to release 1.46.3
* backport: xds: use federation env var to guard new-style
resource name parsing (#29725) #29727
Update to release 1.46
* Added HTTP/1.1 support in httpcli
* HTTP2: Add graceful goaway
Update to release 1.45.2
* Various fixes related to XDS
* HTTP2: Should not run cancelling logic on servers when
receiving GOAWAY
Update to release 1.45.1
* Switched to epoll1 as a default polling engine for Linux
Update to version 1.45.0:
* Core:
- Backport 'Include ADS stream error in XDS error updates
(#29014)' to 1.45.x [gh#grpc/grpc#29121].
- Bump core version to 23.0.0 for upcoming release
[gh#grpc/grpc#29026].
- Fix memory leak in HTTP request security handshake
cancellation [gh#grpc/grpc#28971].
- CompositeChannelCredentials: Comparator implementation
[gh#grpc/grpc#28902].
- Delete custom iomgr [gh#grpc/grpc#28816].
- Implement transparent retries [gh#grpc/grpc#28548].
- Uniquify channel args keys [gh#grpc/grpc#28799].
- Set trailing_metadata_available for recv_initial_metadata
ops when generating a fake status [gh#grpc/grpc#28827].
- Eliminate gRPC insecure build [gh#grpc/grpc#25586].
- Fix for a racy WorkSerializer shutdown [gh#grpc/grpc#28769].
- InsecureCredentials: singleton object [gh#grpc/grpc#28777].
- Add http cancel api [gh#grpc/grpc#28354].
- Memory leak fix on windows in grpc_tcp_create()
[gh#grpc/grpc#27457].
- xDS: Rbac filter updates [gh#grpc/grpc#28568].
* C++
- Bump the minimum gcc to 5 [gh#grpc/grpc#28786].
- Add experimental API for CRL checking support to gRPC C++
TlsCredentials [gh#grpc/grpc#28407].
Update to release 1.44.0
* Add a trace to list which filters are contained in a
channel stack.
* Remove grpc_httpcli_context.
* xDS: Add support for RBAC HTTP filter.
* API to cancel grpc_resolve_address.
Update to version 1.43.2:
* Fix google-c2p-experimental issue (gh#grpc/grpc#28692).
Changes from version 1.43.0:
* Core:
- Remove redundant work serializer usage in c-ares windows
code (gh#grpc/grpc#28016).
- Support RDS updates on the server (gh#grpc/grpc#27851).
- Use WorkSerializer in XdsClient to propagate updates in a
synchronized manner (gh#grpc/grpc#27975).
- Support Custom Post-handshake Verification in TlsCredentials
(gh#grpc/grpc#25631).
- Reintroduce the EventEngine default factory
(gh#grpc/grpc#27920).
- Assert Android API >= v21 (gh#grpc/grpc#27943).
- Add support for abstract unix domain sockets
(gh#grpc/grpc#27906).
* C++:
- OpenCensus: Move metadata storage to arena
(gh#grpc/grpc#27948).
* [C#] Add nullable type attributes to Grpc.Core.Api
(gh#grpc/grpc#27887).
- Update package name libgrpc++1 to libgrpc++1_43 in keeping with
updated so number.
Update to release 1.41.0
* xDS: Remove environmental variable guard for security.
* xDS Security: Use new way to fetch certificate provider
plugin instance config.
* xDS server serving status: Use a struct to allow more fields
to be added in the future.
Update to release 1.39.1
* Fix C# protoc plugin argument parsing on 1.39.x
Update to version 1.39.0:
* Core
- Initialize tcp_posix for CFStream when needed
(gh#grpc/grpc#26530).
- Update boringssl submodule (gh#grpc/grpc#26520).
- Fix backup poller races (gh#grpc/grpc#26446).
- Use default port 443 in HTTP CONNECT request
(gh#grpc/grpc#26331).
* C++
- New iomgr implementation backed by the EventEngine API
(gh#grpc/grpc#26026).
- async_unary_call: add a Destroy method, called by
std::default_delete (gh#grpc/grpc#26389).
- De-experimentalize C++ callback API (gh#grpc/grpc#25728).
* PHP: stop reading composer.json file just to read the version
string (gh#grpc/grpc#26156).
* Ruby: Set XDS user agent in ruby via macros
(gh#grpc/grpc#26268).
Update to release 1.38.0
* Invalidate ExecCtx now before computing timeouts in all
repeating timer events using a WorkSerializer or combiner.
* Fix use-after-unref bug in fault_injection_filter
* New gRPC EventEngine Interface
* Allow the AWS_DEFAULT_REGION environment variable
* s/OnServingStatusChange/OnServingStatusUpdate/
Update to release 1.37.1
* Use URI form of address for channelz listen node
* Implementation CSDS (xDS Config Dump)
* xDS status notifier
* Remove CAS loops in global subchannel pool and simplify
subchannel refcounting
Update to release 1.36.4
* A fix for DNS SRV lookups on Windows
Update to 1.36.1:
* Core:
* Remove unnecessary internal pollset set in c-ares DNS resolver
* Support Default Root Certs in Tls Credentials
* back-port: add env var protection for google-c2p resolver
* C++:
* Move third party identity C++ api out of experimental namespace
* refactor!: change error_details functions to templates
* Support ServerContext for callback API
* PHP:
* support for PSM security
* fixed segfault on reused call object
* fixed phpunit 8 warnings
* Python:
* Implement Python Client and Server xDS Creds
Update to version 1.34.1:
* Backport 'Lazily import grpc_tools when using runtime
stub/message generation' to 1.34.x (gh#grpc/grpc#25011).
* Backport 'do not use <PublicSign>true</PublicSign> on
non-windows' to 1.34.x (gh#grpc/grpc#24995).
Update to version 1.34.0:
* Core:
- Protect xds security code with the environment variable
'GRPC_XDS_EXPERIMENTAL_SECURITY_SUPPORT'
(gh#grpc/grpc#24782).
- Add support for 'unix-abstract:' URIs to support abstract
unix domain sockets (gh#grpc/grpc#24500).
- Increment Index when parsing not plumbed SAN fields
(gh#grpc/grpc#24601).
- Revert 'Revert 'Deprecate
GRPC_ARG_HTTP2_MIN_SENT_PING_INTERVAL_WITHOUT_DATA_MS''
(gh#grpc/grpc#24518).
- xds: Set status code to INVALID_ARGUMENT when NACKing
(gh#grpc/grpc#24516).
- Include stddef.h in address_sorting.h (gh#grpc/grpc#24514).
- xds: Add support for case_sensitive option in RouteMatch
(gh#grpc/grpc#24381).
* C++:
- Fix --define=grpc_no_xds=true builds (gh#grpc/grpc#24503).
- Experimental support and tests for
CreateCustomInsecureChannelWithInterceptorsFromFd
(gh#grpc/grpc#24362).
Update to release 1.33.2
* Deprecate GRPC_ARG_HTTP2_MIN_SENT_PING_INTERVAL_WITHOUT_DATA_MS.
* Expose Cronet error message to the application layer.
* Remove grpc_channel_ping from surface API.
* Do not send BDP pings if there is no receive side activity.
Update to version 1.33.1
* Core
- Deprecate
GRPC_ARG_HTTP2_MIN_SENT_PING_INTERVAL_WITHOUT_DATA_MS
(gh#grpc/grpc#24063).
- Expose Cronet error message to the application layer
(gh#grpc/grpc#24083).
- Remove grpc_channel_ping from surface API
(gh#grpc/grpc#23894).
- Do not send BDP pings if there is no receive side activity
(gh#grpc/grpc#22997).
* C++
- Makefile: only support building deps from submodule
(gh#grpc/grpc#23957).
- Add new subpackages - libupb and upb-devel. Currently, grpc
sources include also upb sources. Before this change, libupb and
upb-devel used to be included in a separate package - upb.
Update to version 1.32.0:
* Core
- Remove stream from stalled lists on remove_stream
(gh#grpc/grpc#23984).
- Do not cancel RPC if send metadata size if larger than
peer's limit (gh#grpc/grpc#23806).
- Don't consider receiving non-OK status as an error for HTTP2
(gh#grpc/grpc#19545).
- Keepalive throttling (gh#grpc/grpc#23313).
- Include the target_uri in 'target uri is not valid' error
messages (gh#grpc/grpc#23782).
- Fix 'cannot send compressed message large than 1024B' in
cronet_transport (gh#grpc/grpc#23219).
- Receive SETTINGS frame on clients before declaring
subchannel READY (gh#grpc/grpc#23636).
- Enabled GPR_ABSEIL_SYNC (gh#grpc/grpc#23372).
- Experimental xDS v3 support (gh#grpc/grpc#23281).
* C++
- Upgrade bazel used for all tests to 2.2.0
(gh#grpc/grpc#23902).
- Remove test targets and test helper libraries from Makefile
(gh#grpc/grpc#23813).
- Fix repeated builds broken by re2's cmake
(gh#grpc/grpc#23587).
- Log the peer address of grpc_cli CallMethod RPCs to stderr
(gh#grpc/grpc#23557).
opencensus-proto was updated to 0.3.0+git.20200721:
- Update to version 0.3.0+git.20200721:
* Bump version to 0.3.0
* Generate Go types using protocolbuffers/protobuf-go (#218)
* Load proto_library() rule. (#216)
- Update to version 0.2.1+git.20190826:
* Remove grpc_java dependency and java_proto rules. (#214)
* Add C++ targets, especially for gRPC services. (#212)
* Upgrade bazel and dependencies to latest. (#211)
* Bring back bazel cache to make CI faster. (#210)
* Travis: don't require sudo for bazel installation. (#209)
- Update to version 0.2.1:
* Add grpc-gateway for metrics service. (#205)
* Pin bazel version in travis builds (#207)
* Update gen-go files (#199)
* Add Web JS as a LibraryInfo.Language option (#198)
* Set up Python packaging for PyPI release. (#197)
* Add tracestate to links. (#191)
* Python proto file generator and generated proto files (#196)
* Ruby proto file generator and generated proto files (#192)
* Add py_proto_library() rules for envoy/api. (#194)
* Gradle: Upgrade dependency versions. (#193)
* Update release versions for readme. (#189)
* Start 0.3.0 development cycle
* Update gen-go files. (#187)
* Revert 'Start 0.3.0 development cycle (#167)' (#183)
* Revert optimization for metric descriptor and bucket options for now. (#184)
* Constant sampler: add option to always follow the parent's decision. (#182)
* Document that all maximum values must be specified. (#181)
* Fix typo in bucket bounds. (#178)
* Restrict people who can approve reviews. This is to ensure code quality. (#177)
* Use bazel cache to make CI faster. (#176)
* Add grpc generated files to the idea plugin. (#175)
* Add Resource to Span (#174)
* time is required (#170)
* Upgrade protobuf dependency to v3.6.1.3. (#173)
* assume Ok Status when not set (#171)
* Minor comments fixes (#160)
* Start 0.3.0 development cycle (#167)
* Update gen-go files. (#162)
* Update releasing instruction. (#163)
* Fix Travis build. (#165)
* Add OpenApi doc for trace agent grpc-gateway (#157)
* Add command to generate OpenApi/Swagger doc for grpc-gateway (#156)
* Update gen-go files (#155)
* Add trace export grpc-gateway config (#77)
* Fix bazel build after bazel upgrade (#154)
* README: Add gitter, javadoc and godoc badge. (#151)
* Update release versions for README. (#150)
* Start 0.2.0 development cycle
* Add resource and metrics_service proto to mkgogen. Re-generate gen-go files. (#147)
* Add resource to protocol (#137)
* Fix generating the javadoc. (#144)
* Metrics/TimeSeries: start time should not be included while end time should. (#142)
* README: Add instructions on using opencensus_proto with Bazel. (#140)
* agent/README: update package info. (#138)
* Agent: Add metrics service. (#136)
* Tracing: Add default limits to TraceConfig. (#133)
* Remove a stale TODO. (#134)
* README: Add a note about go_proto_library rules. (#135)
* add golang bazel build support (#132)
* Remove exporter protos from mkgogen. (#128)
* Update README and RELEASING. (#130)
* Change histogram buckets definition to be OpenMetrics compatible. (#121)
* Remove exporter/v1 protos. (#124)
* Clean up the README for Agent proto. (#126)
* Change Quantiles to ValuesAtPercentile. (#122)
* Extend the TraceService service to support export/config for multiple Applications. (#119)
* Add specifications on Agent implementation details. (#112)
* Update gitignore (#118)
* Remove maven support. Not used. (#116)
* Add gauge distribution. (#117)
* Add support for Summary type and value. (#110)
* Add Maven status and instructions on adding dependencies. (#115)
* Bump version to 0.0.3-SNAPSHOT
* Bump version to 0.0.2
* Update gen-go files. (#114)
* Gradle: Add missing source and javadoc rules. (#113)
* Add support for float attributes. (#98)
* Change from mean to sum in distribution. (#109)
* Bump version to v0.0.2-SNAPSHOT
* Bump version to v0.0.1
* Add releasing instructions in RELEASING.md. (#106)
* Add Gradle build rules for generating gRPC service and releasing to Maven. (#102)
* Re-organize proto directory structure. (#103)
* Update gen-go files. (#101)
* Add a note about interceptors of other libraries. (#94)
* agent/common/v1: use exporter_version, core_library_version in LibraryInfo (#100)
* opencensus/proto: add default Agent port to README (#97)
* Update the message names for Config RPC. (#93)
* Add details about agent protocol in the README. (#88)
* Update gen-go files. (#92)
* agent/trace/v1: fix signature for Config and comments too (#91)
* Update gen-go files. (#86)
* Make tracestate a list instead of a map to preserve ordering. (#84)
* Allow MetricDescriptor to be sent only the first time. (#78)
* Update mkgogen.sh. (#85)
* Add agent trace service proto definitions. (#79)
* Update proto and gen-go package names. (#83)
* Add agent/common proto and BUILD. (#81)
* Add trace_config.proto. (#80)
* Build exporters with maven. (#76)
* Make clear that cumulative int/float can go only up. (#75)
* Add tracestate field to the Span proto. (#74)
* gradle wrapper --gradle-version 4.9 (#72)
* Change from multiple types of timeseries to have one. (#71)
* Move exemplars in the Bucket. (#70)
* Update gen-go files. (#69)
* Move metrics in the top level directory. (#68)
* Remove Range from Distribution. No backend supports this. (#67)
* Remove unused MetricSet message. (#66)
* Metrics: Add Exemplar to DistributionValue. (#62)
* Gauge vs Cumulative. (#65)
* Clarifying comment about bucket boundaries. (#64)
* Make MetricDescriptor.Type capture the type of the value as well. (#63)
* Regenerate the Go artifacts (#61)
* Add export service proto (#60)
- Initial version 20180523
protobuf was updated to 25.1:
update to 25.1:
* Raise warnings for deprecated python syntax usages
* Add support for extensions in CRuby, JRuby, and FFI Ruby
* Add support for options in CRuby, JRuby and FFI (#14594)
update to 25.0:
* Implement proto2/proto3 with editions
* Defines Protobuf compiler version strings as macros and
separates out suffix string definition.
* Add utf8_validation feature back to the global feature set.
* Setting up version updater to prepare for poison pills and
embedding version info into C++, Python and Java gencode.
* Merge the protobuf and upb Bazel repos
* Editions: Introduce functionality to protoc for generating
edition feature set defaults.
* Editions: Migrate edition strings to enum in C++ code.
* Create a reflection helper for ExtensionIdentifier.
* Editions: Provide an API for C++ generators to specify their
features.
* Editions: Refactor feature resolution to use an intermediate
message.
* Publish extension declarations with declaration
verifications.
* Editions: Stop propagating partially resolved feature sets to
plugins.
* Editions: Migrate string_field_validation to a C++ feature
* Editions: Include defaults for any features in the generated
pool.
* Protoc: parser rejects explicit use of map_entry option
* Protoc: validate that reserved range start is before end
* Protoc: support identifiers as reserved names in addition to
string literals (only in editions)
* Drop support for Bazel 5.
* Allow code generators to specify whether or not they support
editions.
C++:
* Set `PROTOBUF_EXPORT` on
`InternalOutOfLineDeleteMessageLite()`
* Update stale checked-in files
* Apply PROTOBUF_NOINLINE to declarations of some functions
that want it.
* Implement proto2/proto3 with editions
* Make JSON UTF-8 boundary check inclusive of the largest
possible UTF-8 character.
* Reduce `Map::size_type` to 32-bits. Protobuf containers can't
have more than that
* Defines Protobuf compiler version strings as macros and
separates out suffix string definition.
* Add `ABSL_ATTRIBUTE_LIFETIME_BOUND` attribute on generated
oneof accessors.
* Fix bug in reflection based Swap of map fields.
* Add utf8_validation feature back to the global feature set.
* Setting up version updater to prepare for poison pills and
embedding version info into C++, Python and Java gencode.
* Add prefetching to arena allocations.
* Add `ABSL_ATTRIBUTE_LIFETIME_BOUND` attribute on generated
repeated and map field accessors.
* Editions: Migrate edition strings to enum in C++ code.
* Create a reflection helper for ExtensionIdentifier.
* Editions: Provide an API for C++ generators to specify their
features.
* Add `ABSL_ATTRIBUTE_LIFETIME_BOUND` attribute on generated
string field accessors.
* Editions: Refactor feature resolution to use an intermediate
message.
* Fixes for 32-bit MSVC.
* Publish extension declarations with declaration
verifications.
* Export the constants in protobuf's any.h to support DLL
builds.
* Implement AbslStringify for the Descriptor family of types.
* Add `ABSL_ATTRIBUTE_LIFETIME_BOUND` attribute on generated
message field accessors.
* Editions: Stop propagating partially resolved feature sets to
plugins.
* Editions: Migrate string_field_validation to a C++ feature
* Editions: Include defaults for any features in the generated
pool.
* Introduce C++ feature for UTF8 validation.
* Protoc: validate that reserved range start is before end
* Remove option to disable the table-driven parser in protoc.
* Lock down ctype=CORD in proto file.
* Support split repeated fields.
* In OSS mode omit some extern template specializations.
* Allow code generators to specify whether or not they support
editions.
Java:
* Implement proto2/proto3 with editions
* Remove synthetic oneofs from Java gencode field accessor
tables.
* Timestamps.parse: Add error handling for invalid
hours/minutes in the timezone offset.
* Defines Protobuf compiler version strings as macros and
separates out suffix string definition.
* Add `ABSL_ATTRIBUTE_LIFETIME_BOUND` attribute on generated
oneof accessors.
* Add missing debugging version info to Protobuf Java gencode
when multiple files are generated.
* Fix a bad cast in putBuilderIfAbsent when already present due
to using the result of put() directly (which is null if it
currently has no value)
* Setting up version updater to prepare for poison pills and
embedding version info into C++, Python and Java gencode.
* Fix a NPE in putBuilderIfAbsent due to using the result of
put() directly (which is null if it currently has no value)
* Update Kotlin compiler to escape package names
* Add MapFieldBuilder and change codegen to generate it and the
put{field}BuilderIfAbsent method.
* Introduce recursion limit in Java text format parsing
* Consider the protobuf.Any invalid if typeUrl.split('/')
returns an empty array.
* Mark `FieldDescriptor.hasOptionalKeyword()` as deprecated.
* Fixed Python memory leak in map lookup.
* Loosen upb for json name conflict check in proto2 between
json name and field
* Defines Protobuf compiler version strings as macros and
separates out suffix string definition.
* Add `ABSL_ATTRIBUTE_LIFETIME_BOUND` attribute on generated
oneof accessors.
* Ensure Timestamp.ToDatetime(tz) has correct offset
* Do not check required field for upb python MergeFrom
* Setting up version updater to prepare for poison pills and
embedding version info into C++, Python and Java gencode.
* Merge the protobuf and upb Bazel repos
* Comparing a proto message with an object of unknown returns
NotImplemented
* Emit __slots__ in pyi output as a tuple rather than a list
for --pyi_out.
* Fix a bug that strips options from descriptor.proto in
Python.
* Raise warings for message.UnknownFields() usages and navigate
to the new add
* Add protobuf python keyword support in path for stub
generator.
* Add tuple support to set Struct
* ### Python C-Extension (Default)
* Comparing a proto message with an object of unknown returns
NotImplemented
* Check that ffi-compiler loads before using it to define
tasks.
UPB (Python/PHP/Ruby C-Extension):
* Include .inc files directly instead of through a filegroup
* Loosen upb for json name conflict check in proto2 between
json name and field
* Add utf8_validation feature back to the global feature set.
* Do not check required field for upb python MergeFrom
* Merge the protobuf and upb Bazel repos
* Added malloc_trim() calls to Python allocator so RSS will
decrease when memory is freed
* Upb: fix a Python memory leak in ByteSize()
* Support ASAN detection on clang
* Upb: bugfix for importing a proto3 enum from within a proto2
file
* Expose methods needed by Ruby FFI using UPB_API
* Fix `PyUpb_Message_MergeInternal` segfault
- Build with source and target levels 8
* fixes build with JDK21
- Install the pom file with the new %%mvn_install_pom macro
- Do not install the pom-only artifacts, since the %%mvn_install_pom
macro resolves the variables at the install time
update to 23.4:
* Add dllexport_decl for generated default instance.
* Deps: Update Guava to 32.0.1
update to 23.3:
C++:
* Regenerate stale files
* Use the same ABI for static and shared libraries on non-
Windows platforms
* Add a workaround for GCC constexpr bug
Objective-C:
* Regenerate stale files
UPB (Python/PHP/Ruby C-Extension)
* Fixed a bug in `upb_Map_Delete()` that caused crashes in
map.delete(k) for Ruby when string-keyed maps were in use.
Compiler:
* Add missing header to Objective-c generator
* Add a workaround for GCC constexpr bug
Java:
* Rollback of: Simplify protobuf Java message builder by
removing methods that calls the super class only.
Csharp:
* [C#] Replace regex that validates descriptor names
update to 22.5:
C++:
* Add missing cstdint header
* Fix: missing -DPROTOBUF_USE_DLLS in pkg-config (#12700)
* Avoid using string(JOIN..., which requires cmake 3.12
* Explicitly include GTest package in examples
* Bump Abseil submodule to 20230125.3 (#12660)
update to 22.4:
C++:
* Fix libprotoc: export useful symbols from .so
Python:
* Fix bug in _internal_copy_files where the rule would fail in
downstream repositories.
Other:
* Bump utf8_range to version with working pkg-config (#12584)
* Fix declared dependencies for pkg-config
* Update abseil dependency and reorder dependencies to ensure
we use the version specified in protobuf_deps.
* Turn off clang::musttail on i386
update to v22.3
UPB (Python/PHP/Ruby C-Extension):
* Remove src prefix from proto import
* Fix .gitmodules to use the correct absl branch
* Remove erroneous dependency on googletest
update to 22.2:
Java:
* Add version to intra proto dependencies and add kotlin stdlib
dependency
* Add $ back for osgi header
* Remove $ in pom files
update to 22.1:
* Add visibility of plugin.proto to python directory
* Strip 'src' from file name of plugin.proto
* Add OSGi headers to pom files.
* Remove errorprone dependency from kotlin protos.
* Version protoc according to the compiler version number.
- update to 22.0:
* This version includes breaking changes to: Cpp.
Please refer to the migration guide for information:
https://protobuf.dev/support/migration/#compiler-22
* [Cpp] Migrate to Abseil's logging library.
* [Cpp] `proto2::Map::value_type` changes to `std::pair`.
* [Cpp] Mark final ZeroCopyInputStream, ZeroCopyOutputStream,
and DefaultFieldComparator classes.
* [Cpp] Add a dependency on Abseil (#10416)
* [Cpp] Remove all autotools usage (#10132)
* [Cpp] Add C++20 reserved keywords
* [Cpp] Dropped C++11 Support
* [Cpp] Delete Arena::Init
* [Cpp] Replace JSON parser with new implementation
* [Cpp] Make RepeatedField::GetArena non-const in order to
support split RepeatedFields.
* long list of bindings specific fixes see
https://github.com/protocolbuffers/protobuf/releases/tag/v22.0
update to v21.12:
* Python:
* Fix broken enum ranges (#11171)
* Stop requiring extension fields to have a sythetic oneof (#11091)
* Python runtime 4.21.10 not works generated code can not load valid
proto.
update to 21.11:
* Python:
* Add license file to pypi wheels (#10936)
* Fix round-trip bug (#10158)
update to 21.10::
* Java:
* Use bit-field int values in buildPartial to skip work on unset groups of
fields. (#10960)
* Mark nested builder as clean after clear is called (#10984)
update to 21.9:
* Ruby:
* Replace libc strdup usage with internal impl to restore musl compat (#10818)
* Auto capitalize enums name in Ruby (#10454) (#10763)
* Other:
* Fix for grpc.tools #17995 & protobuf #7474 (handle UTF-8 paths in argumentfile) (#10721)
* C++:
* 21.x No longer define no_threadlocal on OpenBSD (#10743)
* Java:
* Mark default instance as immutable first to avoid race during static initialization of default instances (#10771)
* Refactoring java full runtime to reuse sub-message builders and prepare to
migrate parsing logic from parse constructor to builder.
* Move proto wireformat parsing functionality from the private 'parsing
constructor' to the Builder class.
* Change the Lite runtime to prefer merging from the wireformat into mutable
messages rather than building up a new immutable object before merging. This
way results in fewer allocations and copy operations.
* Make message-type extensions merge from wire-format instead of building up
instances and merging afterwards. This has much better performance.
* Fix TextFormat parser to build up recurring (but supposedly not repeated)
sub-messages directly from text rather than building a new sub-message and
merging the fully formed message into the existing field.
update to 21.6:
C++:
* Reduce memory consumption of MessageSet parsing
update to 21.5:
PHP:
* Added getContainingOneof and getRealContainingOneof to descriptor.
* fix PHP readonly legacy files for nested messages
Python:
* Fixed comparison of maps in Python.
- update to 21.4:
* Reduce the required alignment of ArenaString from 8 to 4
- update to 21.3:
* C++:
* Add header search paths to Protobuf-C++.podspec (#10024)
* Fixed Visual Studio constinit errors (#10232)
* Fix #9947: make the ABI compatible between debug and non-debug builds (#10271)
* UPB:
* Allow empty package names (fixes behavior regression in 4.21.0)
* Fix a SEGV bug when comparing a non-materialized sub-message (#10208)
* Fix several bugs in descriptor mapping containers (eg. descriptor.services_by_name)
* for x in mapping now yields keys rather than values, to match Python
conventions and the behavior of the old library.
* Lookup operations now correctly reject unhashable types as map keys.
* We implement repr() to use the same format as dict.
* Fix maps to use the ScalarMapContainer class when appropriate
* Fix bug when parsing an unknown value in a proto2 enum extension (protocolbuffers/upb#717)
* PHP:
* Add 'readonly' as a keyword for PHP and add previous classnames to descriptor pool (#10041)
* Python:
* Make //:protobuf_python and //:well_known_types_py_pb2 public (#10118)
* Bazel:
* Add back a filegroup for :well_known_protos (#10061)
Update to 21.2:
- C++:
- cmake: Call get_filename_component() with DIRECTORY mode instead of PATH mode (#9614)
- Escape GetObject macro inside protoc-generated code (#9739)
- Update CMake configuration to add a dependency on Abseil (#9793)
- Fix cmake install targets (#9822)
- Use __constinit only in GCC 12.2 and up (#9936)
- Java:
- Update protobuf_version.bzl to separate protoc and per-language java … (#9900)
- Python:
- Increment python major version to 4 in version.json for python upb (#9926)
- The C extension module for Python has been rewritten to use the upb library.
- This is expected to deliver significant performance benefits, especially when
parsing large payloads. There are some minor breaking changes, but these
should not impact most users. For more information see:
https://developers.google.com/protocol-buffers/docs/news/2022-05-06#python-updates
- PHP:
- [PHP] fix PHP build system (#9571)
- Fix building packaged PHP extension (#9727)
- fix: reserve 'ReadOnly' keyword for PHP 8.1 and add compatibility (#9633)
- fix: phpdoc syntax for repeatedfield parameters (#9784)
- fix: phpdoc for repeatedfield (#9783)
- Change enum string name for reserved words (#9780)
- chore: [PHP] fix phpdoc for MapField keys (#9536)
- Fixed PHP SEGV by not writing to shared memory for zend_class_entry. (#9996)
- Ruby:
- Allow pre-compiled binaries for ruby 3.1.0 (#9566)
- Implement respond_to? in RubyMessage (#9677)
- [Ruby] Fix RepeatedField#last, #first inconsistencies (#9722)
- Do not use range based UTF-8 validation in truffleruby (#9769)
- Improve range handling logic of RepeatedField (#9799)
- Other:
- Fix invalid dependency manifest when using descriptor_set_out (#9647)
- Remove duplicate java generated code (#9909)
- Update to 3.20.1:
- PHP:
- Fix building packaged PHP extension (#9727)
- Fixed composer.json to only advertise compatibility with
PHP 7.0+. (#9819)
- Ruby:
- Disable the aarch64 build on macOS until it can be fixed. (#9816)
- Other:
- Fix versioning issues in 3.20.0
- Update to 3.20.1:
- Ruby:
- Dropped Ruby 2.3 and 2.4 support for CI and releases.
(#9311)
- Added Ruby 3.1 support for CI and releases (#9566).
- Message.decode/encode: Add recursion_limit option
(#9218/#9486)
- Allocate with xrealloc()/xfree() so message allocation is
visible to the
- Ruby GC. In certain tests this leads to much lower memory
usage due to more
- frequent GC runs (#9586).
- Fix conversion of singleton classes in Ruby (#9342)
- Suppress warning for intentional circular require (#9556)
- JSON will now output shorter strings for double and float
fields when possible
- without losing precision.
- Encoding and decoding of binary format will now work
properly on big-endian
- systems.
- UTF-8 verification was fixed to properly reject surrogate
code points.
- Unknown enums for proto2 protos now properly implement
proto2's behavior of
- putting such values in unknown fields.
- Java:
- Revert 'Standardize on Array copyOf' (#9400)
- Resolve more java field accessor name conflicts (#8198)
- Fix parseFrom to only throw InvalidProtocolBufferException
- InvalidProtocolBufferException now allows arbitrary wrapped
Exception types.
- Fix bug in FieldSet.Builder.mergeFrom
- Flush CodedOutputStream also flushes underlying
OutputStream
- When oneof case is the same and the field type is Message,
merge the
- subfield. (previously it was replaced.)’
- Add @CheckReturnValue to some protobuf types
- Report original exceptions when parsing JSON
- Add more info to @deprecated javadoc for set/get/has
methods
- Fix initialization bug in doc comment line numbers
- Fix comments for message set wire format.
- Kotlin:
- Add test scope to kotlin-test for protobuf-kotlin-lite
(#9518)
- Add orNull extensions for optional message fields.
- Add orNull extensions to all proto3 message fields.
- Python:
- Dropped support for Python < 3.7 (#9480)
- Protoc is now able to generate python stubs (.pyi) with
--pyi_out
- Pin multibuild scripts to get manylinux1 wheels back
(#9216)
- Fix type annotations of some Duration and Timestamp
methods.
- Repeated field containers are now generic in field types
and could be used in type annotations.
- Protobuf python generated codes are simplified. Descriptors
and message classes' definitions are now dynamic created in
internal/builder.py.
- Insertion Points for messages classes are discarded.
- has_presence is added for FieldDescriptor in python
- Loosen indexing type requirements to allow valid index()
implementations rather than only PyLongObjects.
- Fix the deepcopy bug caused by not copying
message_listener.
- Added python JSON parse recursion limit (default 100)
- Path info is added for python JSON parse errors
- Pure python repeated scalar fields will not able to pickle.
Convert to list first.
- Timestamp.ToDatetime() now accepts an optional tzinfo
parameter. If specified, the function returns
a timezone-aware datetime in the given time zone. If
omitted or None, the function returns a timezone-naive UTC
datetime (as previously).
- Adds client_streaming and server_streaming fields to
MethodDescriptor.
- Add 'ensure_ascii' parameter to json_format.MessageToJson.
This allows smaller JSON serializations with UTF-8 or other
non-ASCII encodings.
- Added experimental support for directly assigning numpy
scalars and array.
- Improve the calculation of public_dependencies in
DescriptorPool.
- [Breaking Change] Disallow setting fields to numpy
singleton arrays or repeated fields to numpy
multi-dimensional arrays. Numpy arrays should be indexed or
flattened explicitly before assignment.
- Compiler:
- Migrate IsDefault(const std::string*) and
UnsafeSetDefault(const std::string*)
- Implement strong qualified tags for TaggedPtr
- Rework allocations to power-of-two byte sizes.
- Migrate IsDefault(const std::string*) and
UnsafeSetDefault(const std::string*)
- Implement strong qualified tags for TaggedPtr
- Make TaggedPtr Set...() calls explicitly spell out the
content type.
- Check for parsing error before verifying UTF8.
- Enforce a maximum message nesting limit of 32 in the
descriptor builder to
- guard against stack overflows
- Fixed bugs in operators for RepeatedPtrIterator
- Assert a maximum map alignment for allocated values
- Fix proto1 group extension protodb parsing error
- Do not log/report the same descriptor symbol multiple
times if it contains
- more than one invalid character.
- Add UnknownFieldSet::SerializeToString and
SerializeToCodedStream.
- Remove explicit default pointers and deprecated API from
protocol compiler
- Arenas:
- Change Repeated*Field to reuse memory when using arenas.
- Implements pbarenaz for profiling proto arenas
- Introduce CreateString() and CreateArenaString() for
cleaner semantics
- Fix unreferenced parameter for MSVC builds
- Add UnsafeSetAllocated to be used for one-of string
fields.
- Make Arena::AllocateAligned() a public function.
- Determine if ArenaDtor related code generation is
necessary in one place.
- Implement on demand register ArenaDtor for
InlinedStringField
- C++:
- Enable testing via CTest (#8737)
- Add option to use external GTest in CMake (#8736)
- CMake: Set correct sonames for libprotobuf-lite.so and
libprotoc.so (#8635) (#9529)
- Add cmake option protobuf_INSTALL to not install files
(#7123)
- CMake: Allow custom plugin options e.g. to generate mocks
(#9105)
- CMake: Use linker version scripts (#9545)
- Manually *struct Cord fields to work better with arenas.
- Manually destruct map fields.
- Generate narrower code
- Fix #9378 by removing
- shadowed cached_size field
- Remove GetPointer() and explicit nullptr defaults.
- Add proto_h flag for speeding up large builds
- Add missing overload for reference wrapped fields.
- Add MergedDescriptorDatabase::FindAllFileNames()
- RepeatedField now defines an iterator type instead of
using a pointer.
- Remove obsolete macros GOOGLE_PROTOBUF_HAS_ONEOF and
GOOGLE_PROTOBUF_HAS_ARENAS.
- PHP:
- Fix: add missing reserved classnames (#9458)
- PHP 8.1 compatibility (#9370)
- C#:
- Fix trim warnings (#9182)
- Fixes NullReferenceException when accessing
FieldDescriptor.IsPacked (#9430)
- Add ToProto() method to all descriptor classes (#9426)
- Add an option to preserve proto names in JsonFormatter
(#6307)
- Objective-C:
- Add prefix_to_proto_package_mappings_path option. (#9498)
- Rename proto_package_to_prefix_mappings_path to
package_to_prefix_mappings_path. (#9552)
- Add a generation option to control use of forward
declarations in headers. (#9568)
- update to 3.19.4:
Python:
* Make libprotobuf symbols local on OSX to fix issue #9395 (#9435)
Ruby:
* Fixed a data loss bug that could occur when the number of optional fields
in a message is an exact multiple of 32
PHP:
* Fixed a data loss bug that could occur when the number of optional fields
in a message is an exact multiple of 32.
- Update to 3.19.3:
C++:
* Make proto2::Message::DiscardUnknownFields() non-virtual
* Separate RepeatedPtrField into its own header file
* For default floating point values of 0, consider all bits significant
* Fix shadowing warnings
* Fix for issue #8484, constant initialization doesn't compile in msvc clang-cl environment
Java:
* Improve performance characteristics of UnknownFieldSet parsing
* For default floating point values of 0, consider all bits significant
* Annotate //java/com/google/protobuf/util/... with nullness annotations
* Use ArrayList copy constructor
Bazel:
* Ensure that release archives contain everything needed for Bazel
* Align dependency handling with Bazel best practices
Javascript:
* Fix ReferenceError: window is not defined when getting the global object
Ruby:
* Fix memory leak in MessageClass.encode
* Override Map.clone to use Map's dup method
* Ruby: build extensions for arm64-darwin
* Add class method Timestamp.from_time to ruby well known types
* Adopt pure ruby DSL implementation for JRuby
* Add size to Map class
* Fix for descriptor_pb.rb: google/protobuf should be required first
Python:
* Proto2 DecodeError now includes message name in error message
* Make MessageToDict convert map keys to strings
* Add python-requires in setup.py
* Add python 3.10
- Update to 3.17.3:
C++
* Introduce FieldAccessListener.
* Stop emitting boilerplate {Copy/Merge}From in each ProtoBuf class
* Provide stable versions of SortAndUnique().
* Make sure to cache proto3 optional message fields when they are cleared.
* Expose UnsafeArena methods to Reflection.
* Use std::string::empty() rather than std::string::size() > 0.
* [Protoc] C++ Resolved an issue where NO_DESTROY and CONSTINIT are in incorrect order (#8296)
* Fix PROTOBUF_CONSTINIT macro redefinition (#8323)
* Delete StringPiecePod (#8353)
* Create a CMake option to control whether or not RTTI is enabled (#8347)
* Make util::Status more similar to absl::Status (#8405)
* The ::pb namespace is no longer exposed due to conflicts.
* Allow MessageDifferencer::TreatAsSet() (and friends) to override previous
calls instead of crashing.
* Reduce the size of generated proto headers for protos with string or
bytes fields.
* Move arena() operation on uncommon path to out-of-line routine
* For iterator-pair function parameter types, take both iterators by value.
* Code-space savings and perhaps some modest performance improvements in
* RepeatedPtrField.
* Eliminate nullptr check from every tag parse.
* Remove unused _$name$cached_byte_size fields.
* Serialize extension ranges together when not broken by a proto field in the
middle.
* Do out-of-line allocation and deallocation of string object in ArenaString.
* Streamline ParseContext::ParseMessage to avoid code bloat and improve
performance.
* New member functions RepeatedField::Assign, RepeatedPtrField::{Add, Assign}.
on an error path.
* util::DefaultFieldComparator will be final in a future version of protobuf.
* Subclasses should inherit from SimpleFieldComparator instead.
Kotlin
* Introduce support for Kotlin protos (#8272)
* Restrict extension setter and getter operators to non-nullable T.
Java
* Fixed parser to check that we are at a proper limit when a sub-message has
finished parsing.
* updating GSON and Guava to more recent versions (#8524)
* Reduce the time spent evaluating isExtensionNumber by storing the extension
ranges in a TreeMap for faster queries. This is particularly relevant for
protos which define a large number of extension ranges, for example when
each tag is defined as an extension.
* Fix java bytecode estimation logic for optional fields.
* Optimize Descriptor.isExtensionNumber.
* deps: update JUnit and Truth (#8319)
* Detect invalid overflow of byteLimit and return InvalidProtocolBufferException as documented.
* Exceptions thrown while reading from an InputStream in parseFrom are now
included as causes.
* Support potentially more efficient proto parsing from RopeByteStrings.
* Clarify runtime of ByteString.Output.toStringBuffer().
* Added UnsafeByteOperations to protobuf-lite (#8426)
Python:
* Add MethodDescriptor.CopyToProto() (#8327)
* Remove unused python_protobuf.{cc,h} (#8513)
* Start publishing python aarch64 manylinux wheels normally (#8530)
* Fix constness issue detected by MSVC standard conforming mode (#8568)
* Make JSON parsing match C++ and Java when multiple fields from the same
oneof are present and all but one is null.
* Fix some constness / char literal issues being found by MSVC standard conforming mode (#8344)
* Switch on 'new' buffer API (#8339)
* Enable crosscompiling aarch64 python wheels under dockcross manylinux docker image (#8280)
* Fixed a bug in text format where a trailing colon was printed for repeated field.
* When TextFormat encounters a duplicate message map key, replace the current
one instead of merging.
Ruby:
* Add support for proto3 json_name in compiler and field definitions (#8356)
* Fixed memory leak of Ruby arena objects. (#8461)
* Fix source gem compilation (#8471)
* Fix various exceptions in Ruby on 64-bit Windows (#8563)
* Fix crash when calculating Message hash values on 64-bit Windows (#8565)
General:
* Support M1 (#8557)
Update to 3.15.8:
- Fixed memory leak of Ruby arena objects (#8461)
Update to 3.15.7:
C++:
* Remove the ::pb namespace (alias) (#8423)
Ruby:
* Fix unbounded memory growth for Ruby <2.7 (#8429)
* Fixed message equality in cases where the message type is different (#8434)
update to 3.15.6:
Ruby:
* Fixed bug in string comparison logic (#8386)
* Fixed quadratic memory use in array append (#8379)
* Fixed SEGV when users pass nil messages (#8363)
* Fixed quadratic memory usage when appending to arrays (#8364)
* Ruby <2.7 now uses WeakMap too, which prevents memory leaks. (#8341)
* Fix for FieldDescriptor.get(msg) (#8330)
* Bugfix for Message.[] for repeated or map fields (#8313)
PHP:
* read_property() handler is not supposed to return NULL (#8362)
Protocol Compiler
* Optional fields for proto3 are enabled by default, and no longer require
the --experimental_allow_proto3_optional flag.
C++:
* Do not disable RTTI by default in the CMake build (#8377)
* Create a CMake option to control whether or not RTTI is enabled (#8361)
* Fix PROTOBUF_CONSTINIT macro redefinition (#8323)
* MessageDifferencer: fixed bug when using custom ignore with multiple
unknown fields
* Use init_seg in MSVC to push initialization to an earlier phase.
* Runtime no longer triggers -Wsign-compare warnings.
* Fixed -Wtautological-constant-out-of-range-compare warning.
* DynamicCastToGenerated works for nullptr input for even if RTTI is disabled
* Arena is refactored and optimized.
* Clarified/specified that the exact value of Arena::SpaceAllocated() is an
implementation detail users must not rely on. It should not be used in
unit tests.
* Change the signature of Any::PackFrom() to return false on error.
* Add fast reflection getter API for strings.
* Constant initialize the global message instances
* Avoid potential for missed wakeup in UnknownFieldSet
* Now Proto3 Oneof fields have 'has' methods for checking their presence in
C++.
* Bugfix for NVCC
* Return early in _InternalSerialize for empty maps.
* Adding functionality for outputting map key values in proto path logging
output (does not affect comparison logic) and stop printing 'value' in the
path. The modified print functionality is in the
MessageDifferencer::StreamReporter.
* Fixed https://github.com/protocolbuffers/protobuf/issues/8129
* Ensure that null char symbol, package and file names do not result in a
crash.
* Constant initialize the global message instances
* Pretty print 'max' instead of numeric values in reserved ranges.
* Removed remaining instances of std::is_pod, which is deprecated in C++20.
* Changes to reduce code size for unknown field handling by making uncommon
cases out of line.
* Fix std::is_pod deprecated in C++20 (#7180)
* Fix some -Wunused-parameter warnings (#8053)
* Fix detecting file as directory on zOS issue #8051 (#8052)
* Don't include sys/param.h for _BYTE_ORDER (#8106)
* remove CMAKE_THREAD_LIBS_INIT from pkgconfig CFLAGS (#8154)
* Fix TextFormatMapTest.DynamicMessage issue#5136 (#8159)
* Fix for compiler warning issue#8145 (#8160)
* fix: support deprecated enums for GCC < 6 (#8164)
* Fix some warning when compiling with Visual Studio 2019 on x64 target (#8125)
Python:
* Provided an override for the reverse() method that will reverse the internal
collection directly instead of using the other methods of the BaseContainer.
* MessageFactory.CreateProtoype can be overridden to customize class creation.
* Fix PyUnknownFields memory leak (#7928)
* Add macOS big sur compatibility (#8126)
JavaScript
* Generate `getDescriptor` methods with `*` as their `this` type.
* Enforce `let/const` for generated messages.
* js/binary/utils.js: Fix jspb.utils.joinUnsignedDecimalString to work with
negative bitsLow and low but non-zero bitsHigh parameter. (#8170)
PHP:
* Added support for PHP 8. (#8105)
* unregister INI entries and fix invalid read on shutdown (#8042)
* Fix PhpDoc comments for message accessors to include '|null'. (#8136)
* fix: convert native PHP floats to single precision (#8187)
* Fixed PHP to support field numbers >=2**28. (#8235)
* feat: add support for deprecated fields to PHP compiler (#8223)
* Protect against stack overflow if the user derives from Message. (#8248)
* Fixed clone for Message, RepeatedField, and MapField. (#8245)
* Updated upb to allow nonzero offset minutes in JSON timestamps. (#8258)
Ruby:
* Added support for Ruby 3. (#8184)
* Rewrote the data storage layer to be based on upb_msg objects from the
upb library. This should lead to much better parsing performance,
particularly for large messages. (#8184).
* Fill out JRuby support (#7923)
* [Ruby] Fix: (SIGSEGV) gRPC-Ruby issue on Windows. memory alloc infinite
recursion/run out of memory (#8195)
* Fix jruby support to handle messages nested more than 1 level deep (#8194)
Java:
* Avoid possible UnsupportedOperationException when using CodedInputSteam
with a direct ByteBuffer.
* Make Durations.comparator() and Timestamps.comparator() Serializable.
* Add more detailed error information for dynamic message field type
validation failure
* Removed declarations of functions declared in java_names.h from
java_helpers.h.
* Now Proto3 Oneof fields have 'has' methods for checking their presence in
Java.
* Annotates Java proto generated *_FIELD_NUMBER constants.
* Add -assumevalues to remove JvmMemoryAccessor on Android.
C#:
* Fix parsing negative Int32Value that crosses segment boundary (#8035)
* Change ByteString to use memory and support unsafe create without copy (#7645)
* Optimize MapField serialization by removing MessageAdapter (#8143)
* Allow FileDescriptors to be parsed with extension registries (#8220)
* Optimize writing small strings (#8149)
- Updated URL to https://github.com/protocolbuffers/protobuf
Update to v3.14.0
Protocol Compiler:
* The proto compiler no longer requires a .proto filename when it is not
generating code.
* Added flag `--deterministic_output` to `protoc --encode=...`.
* Fixed deadlock when using google.protobuf.Any embedded in aggregate options.
C++:
* Arenas are now unconditionally enabled. cc_enable_arenas no longer has
any effect.
* Removed inlined string support, which is incompatible with arenas.
* Fix a memory corruption bug in reflection when mixing optional and
non-optional fields.
* Make SpaceUsed() calculation more thorough for map fields.
* Add stack overflow protection for text format with unknown field values.
* FieldPath::FollowAll() now returns a bool to signal if an out-of-bounds
error was encountered.
* Performance improvements for Map.
* Minor formatting fix when dumping a descriptor to .proto format with
DebugString.
* UBSAN fix in RepeatedField
* When running under ASAN, skip a test that makes huge allocations.
* Fixed a crash that could happen when creating more than 256 extensions in
a single message.
* Fix a crash in BuildFile when passing in invalid descriptor proto.
* Parser security fix when operating with CodedInputStream.
* Warn against the use of AllowUnknownExtension.
* Migrated to C++11 for-range loops instead of index-based loops where
possible. This fixes a lot of warnings when compiling with -Wsign-compare.
* Fix segment fault for proto3 optional
* Adds a CMake option to build `libprotoc` separately
Java
* Bugfix in mergeFrom() when a oneof has multiple message fields.
* Fix RopeByteString.RopeInputStream.read() returning -1 when told to read
0 bytes when not at EOF.
* Redefine remove(Object) on primitive repeated field Lists to avoid
autoboxing.
* Support '\u' escapes in textformat string literals.
* Trailing empty spaces are no longer ignored for FieldMask.
* Fix FieldMaskUtil.subtract to recursively remove mask.
* Mark enums with `@java.lang.Deprecated` if the proto enum has option
`deprecated = true;`.
* Adding forgotten duration.proto to the lite library
Python:
* Print google.protobuf.NullValue as null instead of 'NULL_VALUE' when it is
used outside WKT Value/Struct.
* Fix bug occurring when attempting to deep copy an enum type in python 3.
* Add a setuptools extension for generating Python protobufs
* Remove uses of pkg_resources in non-namespace packages
* [bazel/py] Omit google/__init__.py from the Protobuf runtime
* Removed the unnecessary setuptools package dependency for Python package
* Fix PyUnknownFields memory leak
PHP:
* Added support for '==' to the PHP C extension
* Added `==` operators for Map and Array
* Native C well-known types
* Optimized away hex2bin() call in generated code
* New version of upb, and a new hash function wyhash in third_party
* add missing hasOneof method to check presence of oneof fields
Go:
* Update go_package options to reference google.golang.org/protobuf module.
C#:
* annotate ByteString.CopyFrom(ReadOnlySpan<byte>) as SecuritySafeCritical
* Fix C# optional field reflection when there are regular fields too
* Fix parsing negative Int32Value that crosses segment boundary
Javascript:
* JS: parse (un)packed fields conditionally
Update to version 3.13.0
PHP:
* The C extension is completely rewritten. The new C extension has significantly
better parsing performance and fixes a handful of conformance issues. It will
also make it easier to add support for more features like proto2 and proto3 presence.
* The new C extension does not support PHP 5.x. PHP 5.x users can still use pure-PHP.
C++:
* Removed deprecated unsafe arena string accessors
* Enabled heterogeneous lookup for std::string keys in maps.
* Removed implicit conversion from StringPiece to std::string
* Fix use-after-destroy bug when the Map is allocated in the arena.
* Improved the randomness of map ordering
* Added stack overflow protection for text format with unknown fields
* Use std::hash for proto maps to help with portability.
* Added more Windows macros to proto whitelist.
* Arena constructors for map entry messages are now marked 'explicit'
(for regular messages they were already explicit).
* Fix subtle aliasing bug in RepeatedField::Add
* Fix mismatch between MapEntry ByteSize and Serialize with respect to unset
fields.
Python:
* JSON format conformance fixes:
* Reject lowercase t for Timestamp json format.
* Print full_name directly for extensions (no camelCase).
* Reject boolean values for integer fields.
* Reject NaN, Infinity, -Infinity that is not quoted.
* Base64 fixes for bytes fields: accept URL-safe base64 and missing padding.
* Bugfix for fields/files named 'async' or 'await'.
* Improved the error message when AttributeError is returned from __getattr__
in EnumTypeWrapper.
Java:
* Fixed a bug where setting optional proto3 enums with setFooValue() would
not mark the value as present.
* Add Subtract function to FieldMaskUtil.
C#:
* Dropped support for netstandard1.0 (replaced by support for netstandard1.1).
This was required to modernize the parsing stack to use the `Span<byte>`
type internally
* Add `ParseFrom(ReadOnlySequence<byte>)` method to enable GC friendly
parsing with reduced allocations and buffer copies
* Add support for serialization directly to a `IBufferWriter<byte>` or
to a `Span<byte>` to enable GC friendly serialization.
The new API is available as extension methods on the `IMessage` type
* Add `GOOGLE_PROTOBUF_REFSTRUCT_COMPATIBILITY_MODE` define to make
generated code compatible with old C# compilers (pre-roslyn compilers
from .NET framework and old versions of mono) that do not support
ref structs. Users that are still on a legacy stack that does
not support C# 7.2 compiler might need to use the new define
in their projects to be able to build the newly generated code
* Due to the major overhaul of parsing and serialization internals,
it is recommended to regenerate your generated code to achieve the best
performance (the legacy generated code will still work, but might incur
a slight performance penalty).
Update to version 3.12.3; notable changes since 3.11.4:
Protocol Compiler:
* [experimental] Singular, non-message typed fields in proto3 now support
presence tracking. This is enabled by adding the 'optional' field label and
passing the --experimental_allow_proto3_optional flag to protoc.
* For usage info, see docs/field_presence.md.
* During this experimental phase, code generators should update to support
proto3 presence, see docs/implementing_proto3_presence.md for instructions.
* Allow duplicate symbol names when multiple descriptor sets are passed on
the command-line, to match the behavior when multiple .proto files are passed.
* Deterministic `protoc --descriptor_set_out` (#7175)
Objective-C:
* Tweak the union used for Extensions to support old generated code. #7573
* Fix for the :protobuf_objc target in the Bazel BUILD file. (#7538)
* [experimental] ObjC Proto3 optional support (#7421)
* Block subclassing of generated classes (#7124)
* Use references to Obj C classes instead of names in descriptors. (#7026)
* Revisit how the WKTs are bundled with ObjC. (#7173)
C++:
* Simplified the template export macros to fix the build for mingw32. (#7539)
* [experimental] Added proto3 presence support.
* New descriptor APIs to support proto3 presence.
* Enable Arenas by default on all .proto files.
* Documented that users are not allowed to subclass Message or MessageLite.
* Mark generated classes as final; inheriting from protos is strongly discouraged.
* Add stack overflow protection for text format with unknown fields.
* Add accessors for map key and value FieldDescriptors.
* Add FieldMaskUtil::FromFieldNumbers().
* MessageDifferencer: use ParsePartial() on Any fields so the diff does not
fail when there are missing required fields.
* ReflectionOps::Merge(): lookup messages in the right factory, if it can.
* Added Descriptor::WellKnownTypes enum and Descriptor::well_known_type()
accessor as an easier way of determining if a message is a Well-Known Type.
* Optimized RepeatedField::Add() when it is used in a loop.
* Made proto move/swap more efficient.
* De-virtualize the GetArena() method in MessageLite.
* Improves performance of json_stream_parser.cc by factor 1000 (#7230)
* bug: #7076 undefine Windows OUT and OPTIONAL macros (#7087)
* Fixed a bug in FieldDescriptor::DebugString() that would erroneously print
an 'optional' label for a field in a oneof.
* Fix bug in parsing bool extensions that assumed they are always 1 byte.
* Fix off-by-one error in FieldOptions::ByteSize() when extensions are present.
* Clarified the comments to show an example of the difference between
Descriptor::extension and DescriptorPool::FindAllExtensions.
* Add a compiler option 'code_size' to force optimize_for=code_size on all
protos where this is possible.
Ruby:
* Re-add binary gems for Ruby 2.3 and 2.4. These are EOL upstream, however
many people still use them and dropping support will require more
coordination.
* [experimental] Implemented proto3 presence for Ruby. (#7406)
* Stop building binary gems for ruby <2.5 (#7453)
* Fix for wrappers with a zero value (#7195)
* Fix for JSON serialization of 0/empty-valued wrapper types (#7198)
* Call 'Class#new' over rb_class_new_instance in decoding (#7352)
* Build extensions for Ruby 2.7 (#7027)
* assigning 'nil' to submessage should clear the field. (#7397)
Java:
* [experimental] Added proto3 presence support.
* Mark java enum _VALUE constants as @Deprecated if the enum field is deprecated
* reduce <clinit> size for enums with allow_alias set to true.
* Sort map fields alphabetically by the field's key when printing textproto.
* Fixed a bug in map sorting that appeared in -rc1 and -rc2 (#7508).
* TextFormat.merge() handles Any as top level type.
* Throw a descriptive IllegalArgumentException when calling
getValueDescriptor() on enum special value UNRECOGNIZED instead of
ArrayIndexOutOfBoundsException.
* Fixed an issue with JsonFormat.printer() where setting printingEnumsAsInts()
would override the configuration passed into includingDefaultValueFields().
* Implement overrides of indexOf() and contains() on primitive lists returned
for repeated fields to avoid autoboxing the list contents.
* Add overload to FieldMaskUtil.fromStringList that accepts a descriptor.
* [bazel] Move Java runtime/toolchains into //java (#7190)
Python:
* [experimental] Added proto3 presence support.
* [experimental] fast import protobuf module, only works with cpp generated code linked in.
* Truncate 'float' fields to 4 bytes of precision in setters for pure-Python
implementation (C++ extension was already doing this).
* Fixed a memory leak in C++ bindings.
* Added a deprecation warning when code tries to create Descriptor objects
directly.
* Fix unintended comparison between bytes and string in descriptor.py.
* Avoid printing excess digits for float fields in TextFormat.
* Remove Python 2.5 syntax compatibility from the proto compiler generated _pb2.py module code.
* Drop 3.3, 3.4 and use single version docker images for all python tests (#7396)
JavaScript:
* Fix js message pivot selection (#6813)
PHP:
* Persistent Descriptor Pool (#6899)
* Implement lazy loading of php class for proto messages (#6911)
* Correct @return in Any.unpack docblock (#7089)
* Ignore unknown enum value when ignore_unknown specified (#7455)
C#:
* [experimental] Add support for proto3 presence fields in C# (#7382)
* Mark GetOption API as obsolete and expose the 'GetOptions()' method on descriptors instead (#7491)
* Remove Has/Clear members for C# message fields in proto2 (#7429)
* Enforce recursion depth checking for unknown fields (#7132)
* Fix conformance test failures for Google.Protobuf (#6910)
* Cleanup various bits of Google.Protobuf (#6674)
* Fix latest ArgumentException for C# extensions (#6938)
* Remove unnecessary branch from ReadTag (#7289)
Other:
* Add a proto_lang_toolchain for javalite (#6882)
* [bazel] Update gtest and deprecate //external:{gtest,gtest_main} (#7237)
* Add application note for explicit presence tracking. (#7390)
* Howto doc for implementing proto3 presence in a code generator. (#7407)
Update to version 3.11.4; notable changes since 3.9.2:
* C++: Make serialization method naming consistent
* C++: Moved ShutdownProtobufLibrary() to message_lite.h. For
backward compatibility a declaration is still available
in stubs/common.h, but users should prefer message_lite.h
* C++: Removed non-namespace macro EXPECT_OK()
* C++: Removed mathlimits.h from stubs in favor of using
std::numeric_limits from C++11
* C++: Support direct pickling of nested messages
* C++: Disable extension code gen for C#
* C++: Switch the proto parser to the faster MOMI parser
* C++: Unused imports of files defining descriptor extensions
will now be reported
* C++: Add proto2::util::RemoveSubranges to remove multiple
subranges in linear time
* C++: Support 32 bit values for ProtoStreamObjectWriter to Struct
* C++: Removed the internal-only header coded_stream_inl.h and
the internal-only methods defined there
* C++: Enforced no SWIG wrapping of descriptor_database.h
(other headers already had this restriction)
* C++: Implementation of the equivalent of the MOMI parser for
serialization. This removes one of the two serialization
routines, by making the fast array serialization routine
completely general. SerializeToCodedStream can now be
implemented in terms of the much much faster array
serialization. The array serialization regresses slightly,
but when array serialization is not possible this wins big
* C++: Add move constructor for Reflection's SetString
* Java: Remove the usage of MethodHandle, so that Android users
prior to API version 26 can use protobuf-java
* Java: Publish ProGuard config for javalite
* Java: Include unknown fields when merging proto3 messages in
Java lite builders
* Java: Have oneof enums implement a separate interface (other
than EnumLite) for clarity
* Java: Opensource Android Memory Accessors
* Java: Change ProtobufArrayList to use Object[] instead of
ArrayList for 5-10% faster parsing
* Java: Make a copy of JsonFormat.TypeRegistry at the protobuf
top level package. This will eventually replace
JsonFormat.TypeRegistry
* Java: Add Automatic-Module-Name entries to the Manifest
* Python: Add float_precision option in json format printer
* Python: Optionally print bytes fields as messages in unknown
fields, if possible
* Python: Experimental code gen (fast import protobuf module)
which only work with cpp generated code linked in
* Python: Add descriptor methods in descriptor_pool are deprecated
* Python: Added delitem for Python extension dict
* JavaScript: Remove guard for Symbol iterator for jspb.Map
* JavaScript: Remove deprecated boolean option to getResultBase64String()
* JavaScript: Change the parameter types of binaryReaderFn in
ExtensionFieldBinaryInfo to (number, ?, ?)
* JavaScript: Create dates.ts and time_of_days.ts to mirror Java
versions. This is a near-identical conversion of
c.g.type.util.{Dates,TimeOfDays} respectively
* JavaScript: Migrate moneys to TypeScript
* PHP: Increase php7.4 compatibility
* PHP: Implement lazy loading of php class for proto messages
* Ruby: Support hashes for struct initializers
* C#: Experimental proto2 support is now officially available
* C#: Change _Extensions property to normal body rather than expression
* Objective C: Remove OSReadLittle* due to alignment requirements
* Other: Override CocoaPods module to lowercase
* further bugfixes and optimisations
- Install LICENSE
- Drop protobuf-libs as it is just workaround for rpmlint issue
* python bindings now require recent python-google-apputils
* Released memory allocated by InitializeDefaultRepeatedFields()
and GetEmptyString(). Some memory sanitizers reported them
* Updated DynamicMessage.setField() to handle repeated enum
* Fixed a bug that caused NullPointerException to be thrown when
converting manually constructed FileDescriptorProto to
* Added oneofs(unions) feature. Fields in the same oneof will
* Files, services, enums, messages, methods and enum values
* Added Support for list values, including lists of mesaages,
* Added SwapFields() in reflection API to swap a subset of
* Repeated primitive extensions are now packable. The
it is possible to switch a repeated extension field to
* writeTo() method in ByteString can now write a substring to
* java_generate_equals_and_hash can now be used with the
* A new C++-backed extension module (aka 'cpp api v2') that
replaces the old ('cpp api v1') one. Much faster than the
pure Python code. This one resolves many bugs and is
mosh reqires it
python-abseil was udpated:
version update to 1.4.0
New:
(testing) Added @flagsaver.as_parsed: this allows saving/restoring flags
using string values as if parsed from the command line and will also reflect
other flag states after command line parsing, e.g. .present is set.
Changed:
(logging) If no log dir is specified logging.find_log_dir() now falls back
to tempfile.gettempdir() instead of /tmp/.
Fixed:
(flags) Additional kwargs (e.g. short_name=) to DEFINE_multi_enum_class
are now correctly passed to the underlying Flag object.
version update to 1.2.0
* Fixed a crash in Python 3.11 when `TempFileCleanup.SUCCESS` is used.
* `Flag` instances now raise an error if used in a bool context. This prevents
the occasional mistake of testing an instance for truthiness rather than
testing `flag.value`.
* `absl-py` no longer depends on `six`.
Update to version 1.0.0
* absl-py no longer supports Python 2.7, 3.4, 3.5. All versions
have reached end-of-life for more than a year now.
* New releases will be tagged as vX.Y.Z instead of pypi-vX.Y.Z in
the git repo going forward.
- Release notes for 0.15.0
* (testing) #128: When running bazel with its --test_filter=
flag, it now treats the filters as unittest's -k flag in Python
3.7+.
- Release notes for 0.14.1
* Top-level LICENSE file is now exported in bazel.
- Release notes for 0.14.0
* #171: Creating argparse_flags.ArgumentParser with
argument_default= no longer raises an exception when other
absl.flags flags are defined.
* #173: absltest now correctly sets up test filtering and fail
fast flags when an explicit argv= parameter is passed to
absltest.main.
- Release notes for 0.13.0
* (app) Type annotations for public app interfaces.
* (testing) Added new decorator @absltest.skipThisClass to
indicate a class contains shared functionality to be used as a
base class for other TestCases, and therefore should be
skipped.
* (app) Annotated the flag_parser paramteter of run as
keyword-only. This keyword-only constraint will be enforced at
runtime in a future release.
* (app, flags) Flag validations now include all errors from
disjoint flag sets, instead of fail fast upon first error from
all validators. Multiple validators on the same flag still
fails fast.
- Release notes for 0.12.0
* (flags) Made EnumClassSerializer and EnumClassListSerializer
public.
* (flags) Added a required: Optional[bool] = False parameter to
DEFINE_* functions.
* (testing) flagsaver overrides can now be specified in terms of
FlagHolder.
* (testing) parameterized.product: Allows testing a method over
cartesian product of parameters values, specified as a
sequences of values for each parameter or as kwargs-like dicts
of parameter values.
* (testing) Added public flag holders for --test_srcdir and
--test_tmpdir. Users should use absltest.TEST_SRCDIR.value and
absltest.TEST_TMPDIR.value instead of FLAGS.test_srcdir and
FLAGS.test_tmpdir.
* (flags) Made CsvListSerializer respect its delimiter argument.
- Add Provides python-absl-py
python-grpcuio was updated:
- Update to version 1.60.0:
* No python specfic changes.
- Update to version 1.59.2:
* No python specific changes.
- Update to version 1.59.0:
* [Python 3.12] Support Python 3.12 (gh#grpc/grpc#34398).
* [Python 3.12] Deprecate distutil (gh#grpc/grpc#34186).
- Update to version 1.58.0:
* [Bazel] Enable grpcio-reflection to be used via Bazel
(gh#grpc/grpc#31013).
* [packaging] Publish xds-protos as part of the standard package
pipeline (gh#grpc/grpc#33797).
- Update to version 1.57.0: (CVE-2023-4785, bsc#1215334, CVE-2023-33953, bsc#1214148)
* [posix] Enable systemd sockets for libsystemd>=233
(gh#grpc/grpc#32671).
* [python O11Y] Initial Implementation (gh#grpc/grpc#32974).
- Build with LTO (don't set _lto_cflags to %nil).
- No need to pass '-std=c++17' to build CFLAGS.
- Update to version 1.56.2:
* [WRR] backport (gh#grpc/grpc#33694) to 1.56
(gh#grpc/grpc#33698)
* [backport][iomgr][EventEngine] Improve server handling of
file descriptor exhaustion (gh#grpc/grpc#33667)
- Switch build to pip/wheel.
- Use system abseil with '-std=c++17' to prevent undefined symbol
eg. with python-grpcio-tools (_ZN3re23RE213GlobalReplaceEPNSt7__
cxx1112basic_stringIcSt11char_traitsIcESaIcEEERKS0_N4absl12lts_
2023012511string_viewE)
- Upstream only supports python >= 3.7, so adjust BuildRequires
accordingly.
- Add %{?sle15_python_module_pythons}
- Update to version 1.56.0: (CVE-2023-32731, bsc#1212180)
* [aio types] Fix some grpc.aio python types
(gh#grpc/grpc#32475).
- Update to version 1.55.0:
* [EventEngine] Disable EventEngine polling in gRPC Python
(gh#grpc/grpc#33279) (gh#grpc/grpc#33320).
* [Bazel Python3.11] Update Bazel dependencies for Python 3.11
(gh#grpc/grpc#33318) (gh#grpc/grpc#33319).
- Drop Requires: python-six; not required any more.
- Switch Suggests to Recommends.
- Update to version 1.54.0: (CVE-2023-32732, bsc#1212182)
* Fix DeprecationWarning when calling asyncio.get_event_loop()
(gh#grpc/grpc#32533).
* Remove references to deprecated syntax field
(gh#grpc/grpc#32497).
- Update to version 1.51.1:
* No Linux specific changes.
- Changes from version 1.51.0:
* Fix lack of cooldown between poll attempts
(gh#grpc/grpc#31550).
* Remove enum and future (gh#grpc/grpc#31381).
* [Remove Six] Remove dependency on six (gh#grpc/grpc#31340).
* Update xds-protos package to pull in protobuf 4.X
(gh#grpc/grpc#31113).
- Update to version 1.50.0:
* Support Python 3.11. [gh#grpc/grpc#30818].
- Update to version 1.49.1
* Support Python 3.11. (#30818)
* Add type stub generation support to grpcio-tools. (#30498)
- Update to version 1.48.0:
* [Aio] Ensure Core channel closes when deallocated
[gh#grpc/grpc#29797].
* [Aio] Fix the wait_for_termination return value
[gh#grpc/grpc#29795].
- update to 1.46.3:
* backport: xds: use federation env var to guard new-style resource name parsing
* This release contains refinements, improvements, and bug fixes.
- Update to version 1.46.0:
* Add Python GCF Distribtest [gh#grpc/grpc#29303].
* Add Python Reflection Client [gh#grpc/grpc#29085].
* Revert 'Fix prefork handler register's default behavior'
[gh#grpc/grpc#29229].
* Fix prefork handler register's default behavior
[gh#grpc/grpc#29103].
* Fix fetching CXX variable in setup.py [gh#grpc/grpc#28873].
- Update to version 1.45.0:
* Reimplement Gevent Integration [gh#grpc/grpc#28276].
* Support musllinux binary wheels on x64 and x86
[gh#grpc/grpc#28092].
* Increase the Python protobuf requirement to >=3.12.0
[gh#grpc/grpc#28604].
- Build with system re2; add BuildRequires: pkgconfig(re2).
- Update to version 1.44.0:
* Add python async example for hellostreamingworld using
generator (gh#grpc/grpc#27343).
* Disable __wrap_memcpy hack for Python builds
(gh#grpc/grpc#28410).
* Bump Bazel Python Cython dependency to 0.29.26
(gh#grpc/grpc#28398).
* Fix libatomic linking on Raspberry Pi OS Bullseye
(gh#grpc/grpc#28041).
* Allow generated proto sources in remote repositories for
py_proto_library (gh#grpc/grpc#28103).
- Update to version 1.43.0:
* [Aio] Validate the input type for set_trailing_metadata and
abort (gh#grpc/grpc#27958).
- update to 1.41.1:
* This is release 1.41.0 (goat) of gRPC Core.
- Update to version 1.41.0:
* Add Python 3.10 support and drop 3.5 (gh#grpc/grpc#26074).
* [Aio] Remove custom IO manager support (gh#grpc/grpc#27090).
- Update to version 1.39.0:
* Python AIO: Match continuation typing on Interceptors
(gh#grpc/grpc#26500).
* Workaround #26279 by publishing manylinux_2_24 wheels instead
of manylinux2014 on aarch64 (gh#grpc/grpc#26430).
* Fix zlib unistd.h import problem (gh#grpc/grpc#26374).
* Handle gevent exception in gevent poller (gh#grpc/grpc#26058).
- Update to version 1.38.1:
* Backport gh#grpc/grpc#26430 and gh#grpc/grpc#26435 to v1.38.x
(gh#grpc/grpc#26436).
- Update to version 1.38.0:
* Add grpcio-admin Python package (gh#grpc/grpc#26166).
* Add CSDS API to Python (gh#grpc/grpc#26114).
* Expose code and details from context on the server side
(gh#grpc/grpc#25457).
* Explicitly import importlib.abc; required on Python 3.10.
Fixes #26062 (gh#grpc/grpc#26083).
* Fix potential deadlock on the GIL in AuthMetdataPlugin
(gh#grpc/grpc#26009).
* Introduce new Python package 'xds_protos'
(gh#grpc/grpc#25975).
* Remove async mark for set_trailing_metadata interface
(gh#grpc/grpc#25814).
- Update to version 1.37.1:
* No user visible changes.
- Changes from version 1.37.0:
* Clarify Guarantees about grpc.Future Interface
(gh#grpc/grpc#25383).
* [Aio] Add time_remaining method to ServicerContext
(gh#grpc/grpc#25719).
* Standardize all environment variable boolean configuration in
python's setup.py (gh#grpc/grpc#25444).
* Fix Signal Safety Issue (gh#grpc/grpc#25394).
- Update to version 1.36.1:
* Core: back-port: add env var protection for google-c2p
resolver (gh#grpc/grpc#25569).
- Update to version 1.35.0:
* Implement Python Client and Server xDS Creds.
(gh#grpc/grpc#25365)
* Add %define _lto_cflags %{nil} (bsc#1182659) (rh#1893533)
* Link roots.pem to ca-bundle.pem from ca-certificates package
- Update to version 1.34.1:
* Backport 'Lazily import grpc_tools when using runtime
stub/message generation' to 1.34.x (gh#grpc/grpc#25011).
- Update to version 1.34.0:
* Incur setuptools as an dependency for grpcio_tools
(gh#grpc/grpc#24752).
* Stop the spamming log generated by ctrl-c for AsyncIO server
(gh#grpc/grpc#24718).
* [gRPC Easy] Make Well-Known Types Available to Runtime Protos
(gh#grpc/grpc#24478).
* Bump MACOSX_DEPLOYMENT_TARGET to 10.10 for Python
(gh#grpc/grpc#24480).
* Make Python 2 an optional dependency for Bazel build
(gh#grpc/grpc#24407).
* [Linux] [macOS] Support pre-compiled Python 3.9 wheels
(gh#grpc/grpc#24356).
- Update to version 1.33.2:
* [Backport] Implement grpc.Future interface in
SingleThreadedRendezvous (gh#grpc/grpc#24574).
- Update to version 1.33.1:
* [Backport] Make Python 2 an optional dependency for Bazel
build (gh#grpc/grpc#24452).
* Allow asyncio API to be imported as grpc.aio.
(gh#grpc/grpc#24289).
* [gRPC Easy] Fix import errors on Windows (gh#grpc/grpc#24124).
* Make version check for importlib.abc in grpcio-tools more
stringent (gh#grpc/grpc#24098).
Added re2 package in version 2024-02-01.
ModerateSUSE bug 1133277SUSE bug 1182659SUSE bug 1203378SUSE bug 1208794SUSE bug 1212180SUSE bug 1212182SUSE bug 1214148SUSE bug 1215334CVE-2023-32731 at SUSECVE-2023-32731 at NVDCVE-2023-32732 at SUSECVE-2023-32732 at NVDCVE-2023-33953 at SUSECVE-2023-33953 at NVDCVE-2023-44487 at SUSECVE-2023-44487 at NVDCVE-2023-4785 at SUSECVE-2023-4785 at NVDcpe:/o:suse:sle-micro:5.4Security update for python3 (Moderate)SUSE Linux Enterprise Micro 5.4
This update for python3 fixes the following issues:
- CVE-2023-27043: Fixed incorrectly parses e-mail addresses which contain a special character (bsc#1210638).
ModerateSUSE bug 1210638CVE-2023-27043 at SUSECVE-2023-27043 at NVDcpe:/o:suse:sle-micro:5.4Security update for docker (Important)SUSE Linux Enterprise Micro 5.4
This update for docker fixes the following issues:
Vendor latest buildkit v0.11 including bugfixes for the following:
* CVE-2024-23653: BuildKit API doesn't validate entitlement on container creation (bsc#1219438).
* CVE-2024-23652: Fixed arbitrary deletion of files (bsc#1219268).
* CVE-2024-23651: Fixed race condition in mount (bsc#1219267).
ImportantSUSE bug 1219267SUSE bug 1219268SUSE bug 1219438CVE-2024-23651 at SUSECVE-2024-23651 at NVDCVE-2024-23652 at SUSECVE-2024-23652 at NVDCVE-2024-23653 at SUSECVE-2024-23653 at NVDcpe:/o:suse:sle-micro:5.4Security update for tiff (Moderate)SUSE Linux Enterprise Micro 5.4
This update for tiff fixes the following issues:
- CVE-2023-52356: Fixed segfault in TIFFReadRGBATileExt() (bsc#1219213).
ModerateSUSE bug 1219213CVE-2023-52356 at SUSECVE-2023-52356 at NVDcpe:/o:suse:sle-micro:5.4Security update for openssh (Important)SUSE Linux Enterprise Micro 5.4
This update for openssh fixes the following issues:
- CVE-2023-51385: Limit the use of shell metacharacters in host- and
user names to avoid command injection. (bsc#1218215)
ImportantSUSE bug 1218215CVE-2023-51385 at SUSECVE-2023-51385 at NVDcpe:/o:suse:sle-micro:5.4Security update for mozilla-nss (Important)SUSE Linux Enterprise Micro 5.4
This update for mozilla-nss fixes the following issues:
Update to NSS 3.90.2:
- CVE-2023-5388: Fixed timing attack against RSA decryption in TLS (bsc#1216198)
ImportantSUSE bug 1216198CVE-2023-5388 at SUSECVE-2023-5388 at NVDcpe:/o:suse:sle-micro:5.4Security update for libssh2_org (Moderate)SUSE Linux Enterprise Micro 5.4
This update for libssh2_org fixes the following issues:
- CVE-2023-48795: Fixed prefix truncation breaking ssh channel integrity (Terrapin Attack) (bsc#1218127).
ModerateSUSE bug 1218127CVE-2023-48795 at SUSECVE-2023-48795 at NVDcpe:/o:suse:sle-micro:5.4Security update for libxml2 (Important)SUSE Linux Enterprise Micro 5.4
This update for libxml2 fixes the following issues:
- CVE-2024-25062: Fixed use-after-free in XMLReader (bsc#1219576).
ImportantSUSE bug 1219576CVE-2024-25062 at SUSECVE-2024-25062 at NVDcpe:/o:suse:sle-micro:5.4Security update for gnutls (Moderate)SUSE Linux Enterprise Micro 5.4
This update for gnutls fixes the following issues:
- CVE-2024-0567: Fixed an incorrect rejection of certificate chains
with distributed trust (bsc#1218862).
- CVE-2024-0553: Fixed a timing attack against the RSA-PSK key
exchange, which could lead to the leakage of sensitive data
(bsc#1218865).
ModerateSUSE bug 1218862SUSE bug 1218865CVE-2024-0553 at SUSECVE-2024-0553 at NVDCVE-2024-0567 at SUSECVE-2024-0567 at NVDcpe:/o:suse:sle-micro:5.4Security update for tar (Low)SUSE Linux Enterprise Micro 5.4
This update for tar fixes the following issues:
- CVE-2023-39804: Fixed extension attributes in PAX archives incorrect hanling (bsc#1217969).
LowSUSE bug 1217969CVE-2023-39804 at SUSECVE-2023-39804 at NVDcpe:/o:suse:sle-micro:5.4Security update for kernel-firmware-nvidia-gspx-G06, nvidia-open-driver-G06-signed (Important)SUSE Linux Enterprise Micro 5.4
This update for kernel-firmware-nvidia-gspx-G06, nvidia-open-driver-G06-signed fixes the following issues:
Update to 550.54.14
* Added vGPU Host and vGPU Guest support. For vGPU Host, please
refer to the README.vgpu packaged in the vGPU Host Package for
more details.
Security issues fixed:
* CVE-2024-0074: A user could trigger a NULL ptr dereference.
* CVE-2024-0075: A user could overwrite the end of a buffer, leading to crashes or code execution.
* CVE-2022-42265: A unprivileged user could trigger an integer overflow which could lead to crashes or code execution.
- create /run/udev/static_node-tags/uaccess/nvidia${devid} symlinks
also during modprobing the nvidia module; this changes the issue
of not having access to /dev/nvidia${devid}, when gfxcard has
been replaced by a different gfx card after installing the driver
- provide nvidia-open-driver-G06-kmp (jsc#PED-7117)
* this makes it easy to replace the package from nVidia's
CUDA repository with this presigned package
ImportantSUSE bug 1220552CVE-2022-42265 at SUSECVE-2022-42265 at NVDCVE-2024-0074 at SUSECVE-2024-0074 at NVDCVE-2024-0075 at SUSECVE-2024-0075 at NVDcpe:/o:suse:sle-micro:5.4Security update for wpa_supplicant (Important)SUSE Linux Enterprise Micro 5.4
This update for wpa_supplicant fixes the following issues:
- CVE-2023-52160: Bypassing WiFi Authentication (bsc#1219975).
ImportantSUSE bug 1219975CVE-2023-52160 at SUSECVE-2023-52160 at NVDcpe:/o:suse:sle-micro:5.4Security update for openssl-1_1 (Moderate)SUSE Linux Enterprise Micro 5.4
This update for openssl-1_1 fixes the following issues:
- CVE-2024-0727: Denial of service when processing a maliciously formatted PKCS12 file (bsc#1219243).
ModerateSUSE bug 1219243CVE-2024-0727 at SUSECVE-2024-0727 at NVDcpe:/o:suse:sle-micro:5.4Security update for glibc (Moderate)SUSE Linux Enterprise Micro 5.4
This update for glibc fixes the following issues:
Security issues fixed:
- qsort: harden handling of degenerated / non transient compare function (bsc#1218866)
Other issues fixed:
- getaddrinfo: translate ENOMEM to EAI_MEMORY (bsc#1217589, BZ #31163)
- aarch64: correct CFI in rawmemchr (bsc#1217445, BZ #31113)
ModerateSUSE bug 1217445SUSE bug 1217589SUSE bug 1218866cpe:/o:suse:sle-micro:5.4Security update for vim (Important)SUSE Linux Enterprise Micro 5.4
This update for vim fixes the following issues:
- CVE-2023-48231: Fixed Use-After-Free in win_close() (bsc#1217316).
- CVE-2023-48232: Fixed Floating point Exception in adjust_plines_for_skipcol() (bsc#1217320).
- CVE-2023-48233: Fixed overflow with count for :s command (bsc#1217321).
- CVE-2023-48234: Fixed overflow in nv_z_get_count (bsc#1217324).
- CVE-2023-48235: Fixed overflow in ex address parsing (bsc#1217326).
- CVE-2023-48236: Fixed overflow in get_number (bsc#1217329).
- CVE-2023-48237: Fixed overflow in shift_line (bsc#1217330).
- CVE-2023-48706: Fixed heap-use-after-free in ex_substitute (bsc#1217432).
- CVE-2024-22667: Fixed stack-based buffer overflow in did_set_langmap function in map.c (bsc#1219581).
- CVE-2023-4750: Fixed heap use-after-free in function bt_quickfix (bsc#1215005).
Updated to version 9.1 with patch level 0111:
https://github.com/vim/vim/compare/v9.0.2103...v9.1.0111
ImportantSUSE bug 1215005SUSE bug 1217316SUSE bug 1217320SUSE bug 1217321SUSE bug 1217324SUSE bug 1217326SUSE bug 1217329SUSE bug 1217330SUSE bug 1217432SUSE bug 1219581CVE-2023-4750 at SUSECVE-2023-4750 at NVDCVE-2023-48231 at SUSECVE-2023-48231 at NVDCVE-2023-48232 at SUSECVE-2023-48232 at NVDCVE-2023-48233 at SUSECVE-2023-48233 at NVDCVE-2023-48234 at SUSECVE-2023-48234 at NVDCVE-2023-48235 at SUSECVE-2023-48235 at NVDCVE-2023-48236 at SUSECVE-2023-48236 at NVDCVE-2023-48237 at SUSECVE-2023-48237 at NVDCVE-2023-48706 at SUSECVE-2023-48706 at NVDCVE-2024-22667 at SUSECVE-2024-22667 at NVDcpe:/o:suse:sle-micro:5.4Security update for sudo (Important)SUSE Linux Enterprise Micro 5.4
This update for sudo fixes the following issues:
- CVE-2023-42465: Fixed issues introduced by first patches (bsc#1221151, bsc#1221134).
ImportantSUSE bug 1221134SUSE bug 1221151CVE-2023-42465 at SUSECVE-2023-42465 at NVDcpe:/o:suse:sle-micro:5.4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.4
The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2023-6270: Fixed a use-after-free issue in aoecmd_cfg_pkts (bsc#1218562).
- CVE-2023-52463: Fixed null pointer dereference in efivarfs (bsc#1220328).
- CVE-2023-52559: Fixed a bug by avoiding memory allocation in iommu_suspend (bsc#1220933).
- CVE-2023-28746: Fixed Register File Data Sampling (bsc#1213456).
- CVE-2023-52530: Fixed a potential key use-after-free in wifi mac80211 (bsc#1220930).
- CVE-2024-26607: Fixed a probing race issue in sii902x: (bsc#1220736).
- CVE-2023-52467: Fixed a null pointer dereference in of_syscon_register (bsc#1220433).
- CVE-2024-26591: Fixed re-attachment branch in bpf_tracing_prog_attach (bsc#1220254).
- CVE-2024-26589: Fixed out of bounds read due to variable offset alu on PTR_TO_FLOW_KEYS (bsc#1220255).
- CVE-2023-52484: Fixed a soft lockup triggered by arm_smmu_mm_invalidate_range (bsc#1220797).
- CVE-2024-26585: Fixed race between tx work scheduling and socket close (bsc#1220187).
- CVE-2023-52340: Fixed ICMPv6 “Packet Too Big” packets force a DoS of the Linux kernel by forcing 100% CPU (bsc#1219295).
- CVE-2024-0607: Fixed 64-bit load issue in nft_byteorder_eval() (bsc#1218915).
- CVE-2023-6817: Fixed use-after-free in nft_pipapo_walk (bsc#1218195).
- CVE-2024-26622: Fixed UAF write bug in tomoyo_write_control() (bsc#1220825).
- CVE-2024-23850: Fixed double free of anonymous device after snapshot creation failure (bsc#1219126).
- CVE-2023-52452: Fixed Fix accesses to uninit stack slots (bsc#1220257).
- CVE-2023-52457: Fixed skipped resource freeing if pm_runtime_resume_and_get() failed (bsc#1220350).
- CVE-2023-52456: Fixed tx statemachine deadlock (bsc#1220364).
- CVE-2023-52451: Fixed access beyond end of drmem array (bsc#1220250).
- CVE-2023-52449: Fixed gluebi NULL pointer dereference caused by ftl notifier (bsc#1220238).
- CVE-2021-46923: Fixed reference leakage in fs/mount_setattr (bsc#1220457).
- CVE-2023-52447: Fixed map_fd_put_ptr() signature kABI workaround (bsc#1220251).
- CVE-2024-26598: Fixed potential UAF in LPI translation cache (bsc#1220326).
- CVE-2024-26603: Fixed infinite loop via #PF handling (bsc#1220335).
- CVE-2023-52445: Fixed use after free on context disconnection (bsc#1220241).
- CVE-2023-52439: Fixed use-after-free in uio_open (bsc#1220140).
- CVE-2023-52443: Fixed crash when parsed profile name is empty (bsc#1220240).
- CVE-2024-26602: Fixed overall slowdowns with sys_membarrier (bsc1220398).
- CVE-2024-26593: Fixed block process call transactions (bsc#1220009).
- CVE-2024-26586: Fixed stack corruption (bsc#1220243).
- CVE-2024-26595: Fixed NULL pointer dereference in error path (bsc#1220344).
- CVE-2023-52464: Fixed possible out-of-bounds string access (bsc#1220330)
- CVE-2023-52448: Fixed kernel NULL pointer dereference in gfs2_rgrp_dump (bsc#1220253).
- CVE-2024-1151: Fixed unlimited number of recursions from action sets (bsc#1219835).
- CVE-2023-5197: Fixed se-after-free due to addition and removal of rules from chain bindings within the same transaction (bsc#1218216).
- CVE-2024-23849: Fixed array-index-out-of-bounds in rds_cmsg_recv (bsc#1219127).
- CVE-2023-52429: Fixed potential DoS in dm_table_create in drivers/md/dm-table.c (bsc#1219827).
- CVE-2024-23851: Fixed crash in copy_params in drivers/md/dm-ioctl.c (bsc#1219146).
The following non-security bugs were fixed:
- bpf: Fix verification of indirect var-off stack access (git-fixes).
- bpf: Guard stack limits against 32bit overflow (git-fixes).
- KVM: VMX: Move VERW closer to VMentry for MDS mitigation (git-fixes).
- KVM: VMX: Use BT+JNC, i.e. EFLAGS.CF to select VMRESUME vs. VMLAUNCH (git-fixes).
- NFS: avoid infinite loop in pnfs_update_layout (bsc#1219633).
- nvme: move nvme_stop_keep_alive() back to original position (bsc#1211515).
- nvme: remove nvme_alloc_request and nvme_alloc_request_qid (bsc#1214064).
- nvme: start keep-alive after admin queue setup (bsc#1211515).
- x86/asm: Add _ASM_RIP() macro for x86-64 (%rip) suffix (git-fixes).
- x86/bugs: Add asm helpers for executing VERW (git-fixes).
- x86/bugs: Use ALTERNATIVE() instead of mds_user_clear static key (git-fixes).
- x86/entry_32: Add VERW just before userspace transition (git-fixes).
- x86/entry_64: Add VERW just before userspace transition (git-fixes).
ImportantSUSE bug 1211515SUSE bug 1213456SUSE bug 1214064SUSE bug 1218195SUSE bug 1218216SUSE bug 1218562SUSE bug 1218915SUSE bug 1219073SUSE bug 1219126SUSE bug 1219127SUSE bug 1219146SUSE bug 1219295SUSE bug 1219633SUSE bug 1219653SUSE bug 1219827SUSE bug 1219835SUSE bug 1220009SUSE bug 1220140SUSE bug 1220187SUSE bug 1220238SUSE bug 1220240SUSE bug 1220241SUSE bug 1220243SUSE bug 1220250SUSE bug 1220251SUSE bug 1220253SUSE bug 1220254SUSE bug 1220255SUSE bug 1220257SUSE bug 1220326SUSE bug 1220328SUSE bug 1220330SUSE bug 1220335SUSE bug 1220344SUSE bug 1220350SUSE bug 1220364SUSE bug 1220398SUSE bug 1220409SUSE bug 1220433SUSE bug 1220444SUSE bug 1220457SUSE bug 1220459SUSE bug 1220469SUSE bug 1220649SUSE bug 1220735SUSE bug 1220736SUSE bug 1220796SUSE bug 1220797SUSE bug 1220825SUSE bug 1220845SUSE bug 1220917SUSE bug 1220930SUSE bug 1220931SUSE bug 1220933CVE-2019-25162 at SUSECVE-2019-25162 at NVDCVE-2021-46923 at SUSECVE-2021-46923 at NVDCVE-2021-46924 at SUSECVE-2021-46924 at NVDCVE-2021-46932 at SUSECVE-2021-46932 at NVDCVE-2021-46934 at SUSECVE-2021-46934 at NVDCVE-2021-47083 at SUSECVE-2021-47083 at NVDCVE-2022-48627 at SUSECVE-2022-48627 at NVDCVE-2023-28746 at SUSECVE-2023-28746 at NVDCVE-2023-5197 at SUSECVE-2023-5197 at NVDCVE-2023-52340 at SUSECVE-2023-52340 at NVDCVE-2023-52429 at SUSECVE-2023-52429 at NVDCVE-2023-52439 at SUSECVE-2023-52439 at NVDCVE-2023-52443 at SUSECVE-2023-52443 at NVDCVE-2023-52445 at SUSECVE-2023-52445 at NVDCVE-2023-52447 at SUSECVE-2023-52447 at NVDCVE-2023-52448 at SUSECVE-2023-52448 at NVDCVE-2023-52449 at SUSECVE-2023-52449 at NVDCVE-2023-52451 at SUSECVE-2023-52451 at NVDCVE-2023-52452 at SUSECVE-2023-52452 at NVDCVE-2023-52456 at SUSECVE-2023-52456 at NVDCVE-2023-52457 at SUSECVE-2023-52457 at NVDCVE-2023-52463 at SUSECVE-2023-52463 at NVDCVE-2023-52464 at SUSECVE-2023-52464 at NVDCVE-2023-52467 at SUSECVE-2023-52467 at NVDCVE-2023-52475 at SUSECVE-2023-52475 at NVDCVE-2023-52478 at SUSECVE-2023-52478 at NVDCVE-2023-52482 at SUSECVE-2023-52482 at NVDCVE-2023-52484 at SUSECVE-2023-52484 at NVDCVE-2023-52530 at SUSECVE-2023-52530 at NVDCVE-2023-52531 at SUSECVE-2023-52531 at NVDCVE-2023-52559 at SUSECVE-2023-52559 at NVDCVE-2023-6270 at SUSECVE-2023-6270 at NVDCVE-2023-6817 at SUSECVE-2023-6817 at NVDCVE-2024-0607 at SUSECVE-2024-0607 at NVDCVE-2024-1151 at SUSECVE-2024-1151 at NVDCVE-2024-23849 at SUSECVE-2024-23849 at NVDCVE-2024-23850 at SUSECVE-2024-23850 at NVDCVE-2024-23851 at SUSECVE-2024-23851 at NVDCVE-2024-26585 at SUSECVE-2024-26585 at NVDCVE-2024-26586 at SUSECVE-2024-26586 at NVDCVE-2024-26589 at SUSECVE-2024-26589 at NVDCVE-2024-26591 at SUSECVE-2024-26591 at NVDCVE-2024-26593 at SUSECVE-2024-26593 at NVDCVE-2024-26595 at SUSECVE-2024-26595 at NVDCVE-2024-26598 at SUSECVE-2024-26598 at NVDCVE-2024-26602 at SUSECVE-2024-26602 at NVDCVE-2024-26603 at SUSECVE-2024-26603 at NVDCVE-2024-26607 at SUSECVE-2024-26607 at NVDCVE-2024-26622 at SUSECVE-2024-26622 at NVDcpe:/o:suse:sle-micro:5.4Security update for python3 (Important)SUSE Linux Enterprise Micro 5.4
This update for python3 fixes the following issues:
- CVE-2023-6597: Fixed symlink bug in cleanup of tempfile.TemporaryDirectory (bsc#1219666).
- CVE-2022-48566: Make compare_digest more constant-time (bsc#1214691).
ImportantSUSE bug 1214691SUSE bug 1219666CVE-2022-48566 at SUSECVE-2022-48566 at NVDCVE-2023-6597 at SUSECVE-2023-6597 at NVDcpe:/o:suse:sle-micro:5.4Security update for xen (Moderate)SUSE Linux Enterprise Micro 5.4
This update for xen fixes the following issues:
- CVE-2023-46841: Fixed shadow stack vs exceptions from emulation stubs (XSA-451) (bsc#1219885).
ModerateSUSE bug 1219885CVE-2023-46841 at SUSECVE-2023-46841 at NVDcpe:/o:suse:sle-micro:5.4Security update for shadow (Moderate)SUSE Linux Enterprise Micro 5.4
This update for shadow fixes the following issues:
- CVE-2023-29383: Fixed apparent /etc/shadow manipulation via chfn (bsc#1210507).
The following non-security bugs were fixed:
- bsc#1176006: Fix chage date miscalculation
- bsc#1188307: Fix passwd segfault
- bsc#1203823: Remove pam_keyinit from PAM config files
- bsc#1213189: Change lock mechanism to file locking to prevent
lock files after power interruptions
- bsc#1206627: Add --prefix support to passwd, chpasswd and chage
- bsc#1205502: useradd audit event user id field cannot be interpretedd
ModerateSUSE bug 1144060SUSE bug 1176006SUSE bug 1188307SUSE bug 1203823SUSE bug 1205502SUSE bug 1206627SUSE bug 1210507SUSE bug 1213189CVE-2023-29383 at SUSECVE-2023-29383 at NVDcpe:/o:suse:sle-micro:5.4Security update for tiff (Moderate)SUSE Linux Enterprise Micro 5.4
This update for tiff fixes the following issues:
- CVE-2023-41175: Fixed potential integer overflow in raw2tiff.c (bsc#1214686).
- CVE-2023-38288: Fixed potential integer overflow in raw2tiff.c (bsc#1213590).
- CVE-2023-40745: Fixed integer overflow in tiffcp.c (bsc#1214687).
ModerateSUSE bug 1213590SUSE bug 1214686SUSE bug 1214687SUSE bug 1221187CVE-2023-38288 at SUSECVE-2023-38288 at NVDCVE-2023-40745 at SUSECVE-2023-40745 at NVDCVE-2023-41175 at SUSECVE-2023-41175 at NVDcpe:/o:suse:sle-micro:5.4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.4
The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2019-25162: Fixed a potential use after free (bsc#1220409).
- CVE-2021-46923: Fixed reference leakage in fs/mount_setattr (bsc#1220457).
- CVE-2021-46924: Fixed fix memory leak in device probe and remove (bsc#1220459)
- CVE-2021-46932: Fixed missing work initialization before device registration (bsc#1220444)
- CVE-2021-46934: Fixed a bug by validating user data in compat ioctl (bsc#1220469).
- CVE-2021-47083: Fixed a global-out-of-bounds issue in mediatek: (bsc#1220917).
- CVE-2022-48627: Fixed a memory overlapping when deleting chars in the buffer (bsc#1220845).
- CVE-2023-28746: Fixed Register File Data Sampling (bsc#1213456).
- CVE-2023-5197: Fixed se-after-free due to addition and removal of rules from chain bindings within the same transaction (bsc#1218216).
- CVE-2023-52340: Fixed ICMPv6 “Packet Too Big” packets force a DoS of the Linux kernel by forcing 100% CPU (bsc#1219295).
- CVE-2023-52429: Fixed potential DoS in dm_table_create in drivers/md/dm-table.c (bsc#1219827).
- CVE-2023-52439: Fixed use-after-free in uio_open (bsc#1220140).
- CVE-2023-52443: Fixed crash when parsed profile name is empty (bsc#1220240).
- CVE-2023-52445: Fixed use after free on context disconnection (bsc#1220241).
- CVE-2023-52447: Fixed map_fd_put_ptr() signature kABI workaround (bsc#1220251).
- CVE-2023-52448: Fixed kernel NULL pointer dereference in gfs2_rgrp_dump (bsc#1220253).
- CVE-2023-52449: Fixed gluebi NULL pointer dereference caused by ftl notifier (bsc#1220238).
- CVE-2023-52451: Fixed access beyond end of drmem array (bsc#1220250).
- CVE-2023-52452: Fixed Fix accesses to uninit stack slots (bsc#1220257).
- CVE-2023-52456: Fixed tx statemachine deadlock (bsc#1220364).
- CVE-2023-52457: Fixed skipped resource freeing if pm_runtime_resume_and_get() failed (bsc#1220350).
- CVE-2023-52463: Fixed null pointer dereference in efivarfs (bsc#1220328).
- CVE-2023-52464: Fixed possible out-of-bounds string access (bsc#1220330)
- CVE-2023-52467: Fixed a null pointer dereference in of_syscon_register (bsc#1220433).
- CVE-2023-52475: Fixed use-after-free in powermate_config_complete (bsc#1220649)
- CVE-2023-52478: Fixed kernel crash on receiver USB disconnect (bsc#1220796)
- CVE-2023-52482: Fixed a bug by adding SRSO mitigation for Hygon processors (bsc#1220735).
- CVE-2023-52484: Fixed a soft lockup triggered by arm_smmu_mm_invalidate_range (bsc#1220797).
- CVE-2023-52530: Fixed a potential key use-after-free in wifi mac80211 (bsc#1220930).
- CVE-2023-52531: Fixed a memory corruption issue in iwlwifi (bsc#1220931).
- CVE-2023-52559: Fixed a bug by avoiding memory allocation in iommu_suspend (bsc#1220933).
- CVE-2023-6270: Fixed a use-after-free issue in aoecmd_cfg_pkts (bsc#1218562).
- CVE-2023-6817: Fixed use-after-free in nft_pipapo_walk (bsc#1218195).
- CVE-2024-0607: Fixed 64-bit load issue in nft_byteorder_eval() (bsc#1218915).
- CVE-2024-1151: Fixed unlimited number of recursions from action sets (bsc#1219835).
- CVE-2024-23849: Fixed array-index-out-of-bounds in rds_cmsg_recv (bsc#1219127).
- CVE-2024-23850: Fixed double free of anonymous device after snapshot creation failure (bsc#1219126).
- CVE-2024-23851: Fixed crash in copy_params in drivers/md/dm-ioctl.c (bsc#1219146).
- CVE-2024-26585: Fixed race between tx work scheduling and socket close (bsc#1220187).
- CVE-2024-26586: Fixed stack corruption (bsc#1220243).
- CVE-2024-26589: Fixed out of bounds read due to variable offset alu on PTR_TO_FLOW_KEYS (bsc#1220255).
- CVE-2024-26591: Fixed re-attachment branch in bpf_tracing_prog_attach (bsc#1220254).
- CVE-2024-26593: Fixed block process call transactions (bsc#1220009).
- CVE-2024-26595: Fixed NULL pointer dereference in error path (bsc#1220344).
- CVE-2024-26598: Fixed potential UAF in LPI translation cache (bsc#1220326).
- CVE-2024-26602: Fixed overall slowdowns with sys_membarrier (bsc1220398).
- CVE-2024-26603: Fixed infinite loop via #PF handling (bsc#1220335).
- CVE-2024-26607: Fixed a probing race issue in sii902x: (bsc#1220736).
- CVE-2024-26622: Fixed UAF write bug in tomoyo_write_control() (bsc#1220825).
The following non-security bugs were fixed:
- bpf: fix verification of indirect var-off stack access (git-fixes).
- bpf: guard stack limits against 32bit overflow (git-fixes).
- drop 2 git-fixes patches which are suspicious to introduce regression reported in bsc#1219073
- fix unresolved hunks in readme.branch
- kvm: vmx: move verw closer to vmentry for mds mitigation (git-fixes).
- kvm: vmx: use bt+jnc, i.e. eflags.cf to select vmresume vs. vmlaunch (git-fixes).
- nfs: avoid infinite loop in pnfs_update_layout (bsc#1219633).
- nvme: move nvme_stop_keep_alive() back to original position (bsc#1211515).
- nvme: remove nvme_alloc_request and nvme_alloc_request_qid (bsc#1214064).
- nvme: start keep-alive after admin queue setup (bsc#1211515).
- readme.branch: use correct mail for roy
- rpm/kernel-binary.spec.in: install scripts/gdb when enabled in config (bsc#1219653) they are put into -devel subpackage. and a proper link to /usr/share/gdb/auto-load/ is created.
- x86/asm: add _asm_rip() macro for x86-64 (%rip) suffix (git-fixes).
- x86/bugs: add asm helpers for executing verw (git-fixes).
- x86/bugs: use alternative() instead of mds_user_clear static key (git-fixes). also add the removed mds_user_clear symbol to kabi severities as it is exposed just for kvm module and is generally a core kernel component so removing it is low risk.
- x86/entry_32: add verw just before userspace transition (git-fixes).
- x86/entry_64: Add VERW just before userspace transition (git-fixes).
ImportantSUSE bug 1211515SUSE bug 1213456SUSE bug 1214064SUSE bug 1218195SUSE bug 1218216SUSE bug 1218562SUSE bug 1218915SUSE bug 1219073SUSE bug 1219126SUSE bug 1219127SUSE bug 1219146SUSE bug 1219295SUSE bug 1219633SUSE bug 1219653SUSE bug 1219827SUSE bug 1219835SUSE bug 1220009SUSE bug 1220140SUSE bug 1220187SUSE bug 1220238SUSE bug 1220240SUSE bug 1220241SUSE bug 1220243SUSE bug 1220250SUSE bug 1220251SUSE bug 1220253SUSE bug 1220254SUSE bug 1220255SUSE bug 1220257SUSE bug 1220326SUSE bug 1220328SUSE bug 1220330SUSE bug 1220335SUSE bug 1220344SUSE bug 1220350SUSE bug 1220364SUSE bug 1220398SUSE bug 1220409SUSE bug 1220433SUSE bug 1220444SUSE bug 1220457SUSE bug 1220459SUSE bug 1220469SUSE bug 1220649SUSE bug 1220735SUSE bug 1220736SUSE bug 1220796SUSE bug 1220797SUSE bug 1220825SUSE bug 1220845SUSE bug 1220917SUSE bug 1220930SUSE bug 1220931SUSE bug 1220933CVE-2019-25162 at SUSECVE-2019-25162 at NVDCVE-2021-46923 at SUSECVE-2021-46923 at NVDCVE-2021-46924 at SUSECVE-2021-46924 at NVDCVE-2021-46932 at SUSECVE-2021-46932 at NVDCVE-2021-46934 at SUSECVE-2021-46934 at NVDCVE-2021-47083 at SUSECVE-2021-47083 at NVDCVE-2022-48627 at SUSECVE-2022-48627 at NVDCVE-2023-28746 at SUSECVE-2023-28746 at NVDCVE-2023-5197 at SUSECVE-2023-5197 at NVDCVE-2023-52340 at SUSECVE-2023-52340 at NVDCVE-2023-52429 at SUSECVE-2023-52429 at NVDCVE-2023-52439 at SUSECVE-2023-52439 at NVDCVE-2023-52443 at SUSECVE-2023-52443 at NVDCVE-2023-52445 at SUSECVE-2023-52445 at NVDCVE-2023-52447 at SUSECVE-2023-52447 at NVDCVE-2023-52448 at SUSECVE-2023-52448 at NVDCVE-2023-52449 at SUSECVE-2023-52449 at NVDCVE-2023-52451 at SUSECVE-2023-52451 at NVDCVE-2023-52452 at SUSECVE-2023-52452 at NVDCVE-2023-52456 at SUSECVE-2023-52456 at NVDCVE-2023-52457 at SUSECVE-2023-52457 at NVDCVE-2023-52463 at SUSECVE-2023-52463 at NVDCVE-2023-52464 at SUSECVE-2023-52464 at NVDCVE-2023-52467 at SUSECVE-2023-52467 at NVDCVE-2023-52475 at SUSECVE-2023-52475 at NVDCVE-2023-52478 at SUSECVE-2023-52478 at NVDCVE-2023-52482 at SUSECVE-2023-52482 at NVDCVE-2023-52484 at SUSECVE-2023-52484 at NVDCVE-2023-52530 at SUSECVE-2023-52530 at NVDCVE-2023-52531 at SUSECVE-2023-52531 at NVDCVE-2023-52559 at SUSECVE-2023-52559 at NVDCVE-2023-6270 at SUSECVE-2023-6270 at NVDCVE-2023-6817 at SUSECVE-2023-6817 at NVDCVE-2024-0607 at SUSECVE-2024-0607 at NVDCVE-2024-1151 at SUSECVE-2024-1151 at NVDCVE-2024-23849 at SUSECVE-2024-23849 at NVDCVE-2024-23850 at SUSECVE-2024-23850 at NVDCVE-2024-23851 at SUSECVE-2024-23851 at NVDCVE-2024-26585 at SUSECVE-2024-26585 at NVDCVE-2024-26586 at SUSECVE-2024-26586 at NVDCVE-2024-26589 at SUSECVE-2024-26589 at NVDCVE-2024-26591 at SUSECVE-2024-26591 at NVDCVE-2024-26593 at SUSECVE-2024-26593 at NVDCVE-2024-26595 at SUSECVE-2024-26595 at NVDCVE-2024-26598 at SUSECVE-2024-26598 at NVDCVE-2024-26602 at SUSECVE-2024-26602 at NVDCVE-2024-26603 at SUSECVE-2024-26603 at NVDCVE-2024-26607 at SUSECVE-2024-26607 at NVDCVE-2024-26622 at SUSECVE-2024-26622 at NVDcpe:/o:suse:sle-micro:5.4Security update for python-Jinja2 (Moderate)SUSE Linux Enterprise Micro 5.4
This update for python-Jinja2 fixes the following issues:
- CVE-2025-27516: Fixed sandbox breakout through attr filter selecting format method (bsc#1238879)
ModerateSUSE bug 1238879CVE-2025-27516 at SUSECVE-2025-27516 at NVDcpe:/o:suse:sle-micro:5.4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.4
The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2024-2201: Fixed information leak in x86/BHI (bsc#1217339).
- CVE-2024-41092: drm/i915/gt: Fix potential UAF by revoke of fence registers (bsc#1228483).
- CVE-2024-42098: crypto: ecdh - explicitly zeroize private_key (bsc#1228779).
- CVE-2024-42229: crypto: aead,cipher - zeroize key buffer after use (bsc#1228708).
- CVE-2024-57996: net_sched: sch_sfq: do not allow 1 packet limit (bsc#1239076).
- CVE-2024-58014: wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy() (bsc#1239109).
- CVE-2025-21718: net: rose: fix timer races against user threads (bsc#1239073).
- CVE-2025-21780: drm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table() (bsc#1239115).
The following non-security bugs were fixed:
- initcall_blacklist: Does not allow kernel_lockdown be blacklisted (bsc#1237521).
- x86/bhi: Avoid warning in #DB handler due to BHI mitigation (git-fixes).
- x86/bugs: Cache the value of MSR_IA32_ARCH_CAPABILITIES (git-fixes).
- x86/bugs: Fix BHI documentation (git-fixes).
- x86/bugs: Fix BHI handling of RRSBA (git-fixes).
- x86/bugs: Fix BHI retpoline check (git-fixes).
- x86/bugs: Fix return type of spectre_bhi_state() (git-fixes).
- x86/bugs: Remove CONFIG_BHI_MITIGATION_AUTO and spectre_bhi=auto (git-fixes).
ImportantSUSE bug 1065729SUSE bug 1180814SUSE bug 1183682SUSE bug 1190336SUSE bug 1190768SUSE bug 1190786SUSE bug 1193629SUSE bug 1194869SUSE bug 1194904SUSE bug 1195823SUSE bug 1196444SUSE bug 1197158SUSE bug 1197174SUSE bug 1197246SUSE bug 1197302SUSE bug 1197331SUSE bug 1197472SUSE bug 1197661SUSE bug 1197926SUSE bug 1198019SUSE bug 1198021SUSE bug 1198240SUSE bug 1198577SUSE bug 1198660SUSE bug 1199657SUSE bug 1200045SUSE bug 1200571SUSE bug 1200807SUSE bug 1200809SUSE bug 1200810SUSE bug 1200824SUSE bug 1200825SUSE bug 1200871SUSE bug 1200872SUSE bug 1201193SUSE bug 1201218SUSE bug 1201323SUSE bug 1201381SUSE bug 1201610SUSE bug 1202672SUSE bug 1202711SUSE bug 1202712SUSE bug 1202771SUSE bug 1202774SUSE bug 1202778SUSE bug 1202781SUSE bug 1203699SUSE bug 1203769SUSE bug 1204171SUSE bug 1206048SUSE bug 1206049SUSE bug 1207593SUSE bug 1207640SUSE bug 1210050SUSE bug 1211263SUSE bug 1217339SUSE bug 1228483SUSE bug 1228708SUSE bug 1228779SUSE bug 1228966SUSE bug 1237521SUSE bug 1237718SUSE bug 1237721SUSE bug 1237722SUSE bug 1237723SUSE bug 1237724SUSE bug 1237725SUSE bug 1237726SUSE bug 1237727SUSE bug 1237728SUSE bug 1237729SUSE bug 1237734SUSE bug 1237735SUSE bug 1237736SUSE bug 1237737SUSE bug 1237738SUSE bug 1237739SUSE bug 1237740SUSE bug 1237742SUSE bug 1237743SUSE bug 1237745SUSE bug 1237746SUSE bug 1237748SUSE bug 1237751SUSE bug 1237752SUSE bug 1237753SUSE bug 1237755SUSE bug 1237759SUSE bug 1237761SUSE bug 1237763SUSE bug 1237766SUSE bug 1237767SUSE bug 1237768SUSE bug 1237774SUSE bug 1237775SUSE bug 1237778SUSE bug 1237779SUSE bug 1237780SUSE bug 1237782SUSE bug 1237783SUSE bug 1237784SUSE bug 1237785SUSE bug 1237786SUSE bug 1237787SUSE bug 1237788SUSE bug 1237789SUSE bug 1237795SUSE bug 1237797SUSE bug 1237798SUSE bug 1237807SUSE bug 1237808SUSE bug 1237810SUSE bug 1237812SUSE bug 1237813SUSE bug 1237814SUSE bug 1237815SUSE bug 1237817SUSE bug 1237818SUSE bug 1237821SUSE bug 1237823SUSE bug 1237824SUSE bug 1237826SUSE bug 1237827SUSE bug 1237829SUSE bug 1237831SUSE bug 1237835SUSE bug 1237836SUSE bug 1237837SUSE bug 1237839SUSE bug 1237840SUSE bug 1237845SUSE bug 1237846SUSE bug 1237868SUSE bug 1237872SUSE bug 1237892SUSE bug 1237903SUSE bug 1237904SUSE bug 1237916SUSE bug 1237922SUSE bug 1237925SUSE bug 1237926SUSE bug 1237929SUSE bug 1237931SUSE bug 1237932SUSE bug 1237933SUSE bug 1237937SUSE bug 1237939SUSE bug 1237940SUSE bug 1237941SUSE bug 1237942SUSE bug 1237946SUSE bug 1237951SUSE bug 1237952SUSE bug 1237954SUSE bug 1237955SUSE bug 1237957SUSE bug 1237958SUSE bug 1237959SUSE bug 1237960SUSE bug 1237961SUSE bug 1237963SUSE bug 1237965SUSE bug 1237966SUSE bug 1237967SUSE bug 1237968SUSE bug 1237969SUSE bug 1237970SUSE bug 1237971SUSE bug 1237973SUSE bug 1237975SUSE bug 1237976SUSE bug 1237978SUSE bug 1237979SUSE bug 1237983SUSE bug 1237984SUSE bug 1237986SUSE bug 1237987SUSE bug 1237990SUSE bug 1237996SUSE bug 1237997SUSE bug 1237998SUSE bug 1237999SUSE bug 1238000SUSE bug 1238003SUSE bug 1238006SUSE bug 1238007SUSE bug 1238010SUSE bug 1238011SUSE bug 1238012SUSE bug 1238013SUSE bug 1238014SUSE bug 1238016SUSE bug 1238017SUSE bug 1238018SUSE bug 1238019SUSE bug 1238021SUSE bug 1238022SUSE bug 1238024SUSE bug 1238030SUSE bug 1238036SUSE bug 1238037SUSE bug 1238041SUSE bug 1238046SUSE bug 1238047SUSE bug 1238071SUSE bug 1238077SUSE bug 1238079SUSE bug 1238080SUSE bug 1238089SUSE bug 1238090SUSE bug 1238091SUSE bug 1238092SUSE bug 1238096SUSE bug 1238097SUSE bug 1238099SUSE bug 1238103SUSE bug 1238105SUSE bug 1238106SUSE bug 1238108SUSE bug 1238110SUSE bug 1238111SUSE bug 1238112SUSE bug 1238113SUSE bug 1238115SUSE bug 1238116SUSE bug 1238120SUSE bug 1238123SUSE bug 1238125SUSE bug 1238126SUSE bug 1238127SUSE bug 1238131SUSE bug 1238134SUSE bug 1238135SUSE bug 1238138SUSE bug 1238139SUSE bug 1238140SUSE bug 1238142SUSE bug 1238144SUSE bug 1238146SUSE bug 1238147SUSE bug 1238149SUSE bug 1238150SUSE bug 1238155SUSE bug 1238156SUSE bug 1238157SUSE bug 1238158SUSE bug 1238162SUSE bug 1238166SUSE bug 1238167SUSE bug 1238168SUSE bug 1238169SUSE bug 1238170SUSE bug 1238171SUSE bug 1238172SUSE bug 1238175SUSE bug 1238176SUSE bug 1238177SUSE bug 1238180SUSE bug 1238181SUSE bug 1238183SUSE bug 1238184SUSE bug 1238228SUSE bug 1238229SUSE bug 1238231SUSE bug 1238234SUSE bug 1238235SUSE bug 1238236SUSE bug 1238238SUSE bug 1238239SUSE bug 1238241SUSE bug 1238242SUSE bug 1238243SUSE bug 1238244SUSE bug 1238246SUSE bug 1238247SUSE bug 1238248SUSE bug 1238249SUSE bug 1238253SUSE bug 1238255SUSE bug 1238256SUSE bug 1238257SUSE bug 1238260SUSE bug 1238262SUSE bug 1238263SUSE bug 1238264SUSE bug 1238266SUSE bug 1238267SUSE bug 1238268SUSE bug 1238269SUSE bug 1238270SUSE bug 1238271SUSE bug 1238272SUSE bug 1238274SUSE bug 1238275SUSE bug 1238276SUSE bug 1238277SUSE bug 1238278SUSE bug 1238279SUSE bug 1238281SUSE bug 1238282SUSE bug 1238283SUSE bug 1238284SUSE bug 1238286SUSE bug 1238287SUSE bug 1238288SUSE bug 1238289SUSE bug 1238292SUSE bug 1238293SUSE bug 1238295SUSE bug 1238298SUSE bug 1238301SUSE bug 1238302SUSE bug 1238306SUSE bug 1238307SUSE bug 1238308SUSE bug 1238309SUSE bug 1238311SUSE bug 1238313SUSE bug 1238326SUSE bug 1238327SUSE bug 1238328SUSE bug 1238331SUSE bug 1238333SUSE bug 1238334SUSE bug 1238336SUSE bug 1238337SUSE bug 1238338SUSE bug 1238339SUSE bug 1238343SUSE bug 1238345SUSE bug 1238372SUSE bug 1238373SUSE bug 1238374SUSE bug 1238376SUSE bug 1238377SUSE bug 1238381SUSE bug 1238382SUSE bug 1238383SUSE bug 1238386SUSE bug 1238387SUSE bug 1238388SUSE bug 1238389SUSE bug 1238390SUSE bug 1238391SUSE bug 1238392SUSE bug 1238393SUSE bug 1238394SUSE bug 1238395SUSE bug 1238396SUSE bug 1238397SUSE bug 1238400SUSE bug 1238410SUSE bug 1238411SUSE bug 1238413SUSE bug 1238415SUSE bug 1238416SUSE bug 1238417SUSE bug 1238418SUSE bug 1238419SUSE bug 1238420SUSE bug 1238423SUSE bug 1238428SUSE bug 1238429SUSE bug 1238430SUSE bug 1238431SUSE bug 1238432SUSE bug 1238433SUSE bug 1238434SUSE bug 1238435SUSE bug 1238436SUSE bug 1238437SUSE bug 1238440SUSE bug 1238441SUSE bug 1238442SUSE bug 1238443SUSE bug 1238444SUSE bug 1238445SUSE bug 1238446SUSE bug 1238447SUSE bug 1238453SUSE bug 1238454SUSE bug 1238458SUSE bug 1238459SUSE bug 1238462SUSE bug 1238463SUSE bug 1238465SUSE bug 1238467SUSE bug 1238469SUSE bug 1238533SUSE bug 1238536SUSE bug 1238538SUSE bug 1238539SUSE bug 1238540SUSE bug 1238543SUSE bug 1238545SUSE bug 1238546SUSE bug 1238556SUSE bug 1238557SUSE bug 1238599SUSE bug 1238600SUSE bug 1238601SUSE bug 1238602SUSE bug 1238605SUSE bug 1238612SUSE bug 1238615SUSE bug 1238617SUSE bug 1238618SUSE bug 1238619SUSE bug 1238621SUSE bug 1238623SUSE bug 1238625SUSE bug 1238626SUSE bug 1238630SUSE bug 1238631SUSE bug 1238632SUSE bug 1238633SUSE bug 1238635SUSE bug 1238636SUSE bug 1238638SUSE bug 1238639SUSE bug 1238640SUSE bug 1238641SUSE bug 1238642SUSE bug 1238643SUSE bug 1238645SUSE bug 1238646SUSE bug 1238647SUSE bug 1238650SUSE bug 1238653SUSE bug 1238654SUSE bug 1238655SUSE bug 1238662SUSE bug 1238663SUSE bug 1238664SUSE bug 1238666SUSE bug 1238668SUSE bug 1238705SUSE bug 1238707SUSE bug 1238710SUSE bug 1238712SUSE bug 1238718SUSE bug 1238719SUSE bug 1238721SUSE bug 1238722SUSE bug 1238727SUSE bug 1238729SUSE bug 1238750SUSE bug 1238787SUSE bug 1238789SUSE bug 1238792SUSE bug 1238799SUSE bug 1238804SUSE bug 1238805SUSE bug 1238808SUSE bug 1238809SUSE bug 1238811SUSE bug 1238814SUSE bug 1238815SUSE bug 1238816SUSE bug 1238817SUSE bug 1238818SUSE bug 1238819SUSE bug 1238821SUSE bug 1238823SUSE bug 1238825SUSE bug 1238830SUSE bug 1238834SUSE bug 1238835SUSE bug 1238836SUSE bug 1238838SUSE bug 1238867SUSE bug 1238868SUSE bug 1238869SUSE bug 1238870SUSE bug 1238871SUSE bug 1238878SUSE bug 1238889SUSE bug 1238892SUSE bug 1238893SUSE bug 1238897SUSE bug 1238898SUSE bug 1238899SUSE bug 1238902SUSE bug 1238916SUSE bug 1238925SUSE bug 1238930SUSE bug 1238933SUSE bug 1238936SUSE bug 1238937SUSE bug 1238938SUSE bug 1238939SUSE bug 1238943SUSE bug 1238945SUSE bug 1238948SUSE bug 1238949SUSE bug 1238950SUSE bug 1238951SUSE bug 1238952SUSE bug 1238954SUSE bug 1238956SUSE bug 1238957SUSE bug 1239001SUSE bug 1239004SUSE bug 1239035SUSE bug 1239040SUSE bug 1239041SUSE bug 1239051SUSE bug 1239060SUSE bug 1239070SUSE bug 1239071SUSE bug 1239073SUSE bug 1239076SUSE bug 1239109SUSE bug 1239115CVE-2021-4453 at SUSECVE-2021-4453 at NVDCVE-2021-47631 at SUSECVE-2021-47631 at NVDCVE-2021-47632 at SUSECVE-2021-47632 at NVDCVE-2021-47633 at SUSECVE-2021-47633 at NVDCVE-2021-47635 at SUSECVE-2021-47635 at NVDCVE-2021-47636 at SUSECVE-2021-47636 at NVDCVE-2021-47637 at SUSECVE-2021-47637 at NVDCVE-2021-47638 at SUSECVE-2021-47638 at NVDCVE-2021-47639 at SUSECVE-2021-47639 at NVDCVE-2021-47641 at SUSECVE-2021-47641 at NVDCVE-2021-47642 at SUSECVE-2021-47642 at NVDCVE-2021-47643 at SUSECVE-2021-47643 at NVDCVE-2021-47644 at SUSECVE-2021-47644 at NVDCVE-2021-47645 at SUSECVE-2021-47645 at NVDCVE-2021-47646 at SUSECVE-2021-47646 at NVDCVE-2021-47647 at SUSECVE-2021-47647 at NVDCVE-2021-47648 at SUSECVE-2021-47648 at NVDCVE-2021-47649 at SUSECVE-2021-47649 at NVDCVE-2021-47650 at SUSECVE-2021-47650 at NVDCVE-2021-47651 at SUSECVE-2021-47651 at NVDCVE-2021-47652 at SUSECVE-2021-47652 at NVDCVE-2021-47653 at SUSECVE-2021-47653 at NVDCVE-2021-47654 at SUSECVE-2021-47654 at NVDCVE-2021-47656 at SUSECVE-2021-47656 at NVDCVE-2021-47657 at SUSECVE-2021-47657 at NVDCVE-2021-47659 at SUSECVE-2021-47659 at NVDCVE-2022-0168 at SUSECVE-2022-0168 at NVDCVE-2022-0995 at SUSECVE-2022-0995 at NVDCVE-2022-1048 at SUSECVE-2022-1048 at NVDCVE-2022-1184 at SUSECVE-2022-1184 at NVDCVE-2022-2977 at SUSECVE-2022-2977 at NVDCVE-2022-29900 at SUSECVE-2022-29900 at NVDCVE-2022-29901 at SUSECVE-2022-29901 at NVDCVE-2022-3303 at SUSECVE-2022-3303 at NVDCVE-2022-3435 at SUSECVE-2022-3435 at NVDCVE-2022-49044 at SUSECVE-2022-49044 at NVDCVE-2022-49050 at SUSECVE-2022-49050 at NVDCVE-2022-49051 at SUSECVE-2022-49051 at NVDCVE-2022-49054 at SUSECVE-2022-49054 at NVDCVE-2022-49055 at SUSECVE-2022-49055 at NVDCVE-2022-49058 at SUSECVE-2022-49058 at NVDCVE-2022-49059 at SUSECVE-2022-49059 at NVDCVE-2022-49060 at SUSECVE-2022-49060 at NVDCVE-2022-49061 at SUSECVE-2022-49061 at NVDCVE-2022-49063 at SUSECVE-2022-49063 at NVDCVE-2022-49065 at SUSECVE-2022-49065 at NVDCVE-2022-49066 at SUSECVE-2022-49066 at NVDCVE-2022-49073 at SUSECVE-2022-49073 at NVDCVE-2022-49074 at SUSECVE-2022-49074 at NVDCVE-2022-49076 at SUSECVE-2022-49076 at NVDCVE-2022-49078 at SUSECVE-2022-49078 at NVDCVE-2022-49082 at SUSECVE-2022-49082 at NVDCVE-2022-49083 at SUSECVE-2022-49083 at NVDCVE-2022-49084 at SUSECVE-2022-49084 at NVDCVE-2022-49085 at SUSECVE-2022-49085 at NVDCVE-2022-49086 at SUSECVE-2022-49086 at NVDCVE-2022-49088 at SUSECVE-2022-49088 at NVDCVE-2022-49089 at SUSECVE-2022-49089 at NVDCVE-2022-49090 at SUSECVE-2022-49090 at NVDCVE-2022-49091 at SUSECVE-2022-49091 at NVDCVE-2022-49092 at SUSECVE-2022-49092 at NVDCVE-2022-49093 at SUSECVE-2022-49093 at NVDCVE-2022-49095 at SUSECVE-2022-49095 at NVDCVE-2022-49096 at SUSECVE-2022-49096 at NVDCVE-2022-49097 at SUSECVE-2022-49097 at NVDCVE-2022-49098 at SUSECVE-2022-49098 at NVDCVE-2022-49099 at SUSECVE-2022-49099 at NVDCVE-2022-49100 at SUSECVE-2022-49100 at NVDCVE-2022-49102 at SUSECVE-2022-49102 at NVDCVE-2022-49103 at SUSECVE-2022-49103 at NVDCVE-2022-49104 at SUSECVE-2022-49104 at NVDCVE-2022-49105 at SUSECVE-2022-49105 at NVDCVE-2022-49106 at SUSECVE-2022-49106 at NVDCVE-2022-49107 at SUSECVE-2022-49107 at NVDCVE-2022-49109 at SUSECVE-2022-49109 at NVDCVE-2022-49111 at SUSECVE-2022-49111 at NVDCVE-2022-49112 at SUSECVE-2022-49112 at NVDCVE-2022-49113 at SUSECVE-2022-49113 at NVDCVE-2022-49114 at SUSECVE-2022-49114 at NVDCVE-2022-49115 at SUSECVE-2022-49115 at NVDCVE-2022-49116 at SUSECVE-2022-49116 at NVDCVE-2022-49118 at SUSECVE-2022-49118 at NVDCVE-2022-49119 at SUSECVE-2022-49119 at NVDCVE-2022-49120 at SUSECVE-2022-49120 at NVDCVE-2022-49121 at SUSECVE-2022-49121 at NVDCVE-2022-49122 at SUSECVE-2022-49122 at NVDCVE-2022-49126 at SUSECVE-2022-49126 at NVDCVE-2022-49128 at SUSECVE-2022-49128 at NVDCVE-2022-49129 at SUSECVE-2022-49129 at NVDCVE-2022-49130 at SUSECVE-2022-49130 at NVDCVE-2022-49131 at SUSECVE-2022-49131 at NVDCVE-2022-49132 at SUSECVE-2022-49132 at NVDCVE-2022-49135 at SUSECVE-2022-49135 at NVDCVE-2022-49137 at SUSECVE-2022-49137 at NVDCVE-2022-49145 at SUSECVE-2022-49145 at NVDCVE-2022-49147 at SUSECVE-2022-49147 at NVDCVE-2022-49148 at SUSECVE-2022-49148 at NVDCVE-2022-49151 at SUSECVE-2022-49151 at NVDCVE-2022-49153 at SUSECVE-2022-49153 at NVDCVE-2022-49154 at SUSECVE-2022-49154 at NVDCVE-2022-49155 at SUSECVE-2022-49155 at NVDCVE-2022-49156 at SUSECVE-2022-49156 at NVDCVE-2022-49157 at SUSECVE-2022-49157 at NVDCVE-2022-49158 at SUSECVE-2022-49158 at NVDCVE-2022-49159 at SUSECVE-2022-49159 at NVDCVE-2022-49160 at SUSECVE-2022-49160 at NVDCVE-2022-49162 at SUSECVE-2022-49162 at NVDCVE-2022-49163 at SUSECVE-2022-49163 at NVDCVE-2022-49164 at SUSECVE-2022-49164 at NVDCVE-2022-49165 at SUSECVE-2022-49165 at NVDCVE-2022-49174 at SUSECVE-2022-49174 at NVDCVE-2022-49175 at SUSECVE-2022-49175 at NVDCVE-2022-49176 at SUSECVE-2022-49176 at NVDCVE-2022-49177 at SUSECVE-2022-49177 at NVDCVE-2022-49179 at SUSECVE-2022-49179 at NVDCVE-2022-49180 at SUSECVE-2022-49180 at NVDCVE-2022-49182 at SUSECVE-2022-49182 at NVDCVE-2022-49185 at SUSECVE-2022-49185 at NVDCVE-2022-49187 at SUSECVE-2022-49187 at NVDCVE-2022-49188 at SUSECVE-2022-49188 at NVDCVE-2022-49189 at SUSECVE-2022-49189 at NVDCVE-2022-49193 at SUSECVE-2022-49193 at NVDCVE-2022-49194 at SUSECVE-2022-49194 at NVDCVE-2022-49196 at SUSECVE-2022-49196 at NVDCVE-2022-49199 at SUSECVE-2022-49199 at NVDCVE-2022-49200 at SUSECVE-2022-49200 at NVDCVE-2022-49201 at SUSECVE-2022-49201 at NVDCVE-2022-49206 at SUSECVE-2022-49206 at NVDCVE-2022-49208 at SUSECVE-2022-49208 at NVDCVE-2022-49212 at SUSECVE-2022-49212 at NVDCVE-2022-49213 at SUSECVE-2022-49213 at NVDCVE-2022-49214 at SUSECVE-2022-49214 at NVDCVE-2022-49216 at SUSECVE-2022-49216 at NVDCVE-2022-49217 at SUSECVE-2022-49217 at NVDCVE-2022-49218 at SUSECVE-2022-49218 at NVDCVE-2022-49221 at SUSECVE-2022-49221 at NVDCVE-2022-49222 at SUSECVE-2022-49222 at NVDCVE-2022-49224 at SUSECVE-2022-49224 at NVDCVE-2022-49226 at SUSECVE-2022-49226 at NVDCVE-2022-49227 at SUSECVE-2022-49227 at NVDCVE-2022-49232 at SUSECVE-2022-49232 at NVDCVE-2022-49235 at SUSECVE-2022-49235 at NVDCVE-2022-49236 at SUSECVE-2022-49236 at NVDCVE-2022-49239 at SUSECVE-2022-49239 at NVDCVE-2022-49241 at SUSECVE-2022-49241 at NVDCVE-2022-49242 at SUSECVE-2022-49242 at NVDCVE-2022-49243 at SUSECVE-2022-49243 at NVDCVE-2022-49244 at SUSECVE-2022-49244 at NVDCVE-2022-49246 at SUSECVE-2022-49246 at NVDCVE-2022-49247 at SUSECVE-2022-49247 at NVDCVE-2022-49248 at SUSECVE-2022-49248 at NVDCVE-2022-49249 at SUSECVE-2022-49249 at NVDCVE-2022-49250 at SUSECVE-2022-49250 at NVDCVE-2022-49251 at SUSECVE-2022-49251 at NVDCVE-2022-49252 at SUSECVE-2022-49252 at NVDCVE-2022-49253 at SUSECVE-2022-49253 at NVDCVE-2022-49254 at SUSECVE-2022-49254 at NVDCVE-2022-49256 at SUSECVE-2022-49256 at NVDCVE-2022-49257 at SUSECVE-2022-49257 at NVDCVE-2022-49258 at SUSECVE-2022-49258 at NVDCVE-2022-49259 at SUSECVE-2022-49259 at NVDCVE-2022-49260 at SUSECVE-2022-49260 at NVDCVE-2022-49261 at SUSECVE-2022-49261 at NVDCVE-2022-49262 at SUSECVE-2022-49262 at NVDCVE-2022-49263 at SUSECVE-2022-49263 at NVDCVE-2022-49264 at SUSECVE-2022-49264 at NVDCVE-2022-49265 at SUSECVE-2022-49265 at NVDCVE-2022-49266 at SUSECVE-2022-49266 at NVDCVE-2022-49268 at SUSECVE-2022-49268 at NVDCVE-2022-49269 at SUSECVE-2022-49269 at NVDCVE-2022-49270 at SUSECVE-2022-49270 at NVDCVE-2022-49271 at SUSECVE-2022-49271 at NVDCVE-2022-49272 at SUSECVE-2022-49272 at NVDCVE-2022-49273 at SUSECVE-2022-49273 at NVDCVE-2022-49274 at SUSECVE-2022-49274 at NVDCVE-2022-49275 at SUSECVE-2022-49275 at NVDCVE-2022-49276 at SUSECVE-2022-49276 at NVDCVE-2022-49277 at SUSECVE-2022-49277 at NVDCVE-2022-49278 at SUSECVE-2022-49278 at NVDCVE-2022-49279 at SUSECVE-2022-49279 at NVDCVE-2022-49280 at SUSECVE-2022-49280 at NVDCVE-2022-49281 at SUSECVE-2022-49281 at NVDCVE-2022-49283 at SUSECVE-2022-49283 at NVDCVE-2022-49285 at SUSECVE-2022-49285 at NVDCVE-2022-49286 at SUSECVE-2022-49286 at NVDCVE-2022-49287 at SUSECVE-2022-49287 at NVDCVE-2022-49288 at SUSECVE-2022-49288 at NVDCVE-2022-49290 at SUSECVE-2022-49290 at NVDCVE-2022-49291 at SUSECVE-2022-49291 at NVDCVE-2022-49292 at SUSECVE-2022-49292 at NVDCVE-2022-49294 at SUSECVE-2022-49294 at NVDCVE-2022-49295 at SUSECVE-2022-49295 at NVDCVE-2022-49297 at SUSECVE-2022-49297 at NVDCVE-2022-49298 at SUSECVE-2022-49298 at NVDCVE-2022-49299 at SUSECVE-2022-49299 at NVDCVE-2022-49300 at SUSECVE-2022-49300 at NVDCVE-2022-49301 at SUSECVE-2022-49301 at NVDCVE-2022-49302 at SUSECVE-2022-49302 at NVDCVE-2022-49304 at SUSECVE-2022-49304 at NVDCVE-2022-49305 at SUSECVE-2022-49305 at NVDCVE-2022-49307 at SUSECVE-2022-49307 at NVDCVE-2022-49308 at SUSECVE-2022-49308 at NVDCVE-2022-49309 at SUSECVE-2022-49309 at NVDCVE-2022-49310 at SUSECVE-2022-49310 at NVDCVE-2022-49311 at SUSECVE-2022-49311 at NVDCVE-2022-49312 at SUSECVE-2022-49312 at NVDCVE-2022-49313 at SUSECVE-2022-49313 at NVDCVE-2022-49314 at SUSECVE-2022-49314 at NVDCVE-2022-49315 at SUSECVE-2022-49315 at NVDCVE-2022-49316 at SUSECVE-2022-49316 at NVDCVE-2022-49319 at SUSECVE-2022-49319 at NVDCVE-2022-49320 at SUSECVE-2022-49320 at NVDCVE-2022-49321 at SUSECVE-2022-49321 at NVDCVE-2022-49322 at SUSECVE-2022-49322 at NVDCVE-2022-49323 at SUSECVE-2022-49323 at NVDCVE-2022-49326 at SUSECVE-2022-49326 at NVDCVE-2022-49327 at SUSECVE-2022-49327 at NVDCVE-2022-49328 at SUSECVE-2022-49328 at NVDCVE-2022-49331 at SUSECVE-2022-49331 at NVDCVE-2022-49332 at SUSECVE-2022-49332 at NVDCVE-2022-49335 at SUSECVE-2022-49335 at NVDCVE-2022-49336 at SUSECVE-2022-49336 at NVDCVE-2022-49337 at SUSECVE-2022-49337 at NVDCVE-2022-49339 at SUSECVE-2022-49339 at NVDCVE-2022-49341 at SUSECVE-2022-49341 at NVDCVE-2022-49342 at SUSECVE-2022-49342 at NVDCVE-2022-49343 at SUSECVE-2022-49343 at NVDCVE-2022-49345 at SUSECVE-2022-49345 at NVDCVE-2022-49346 at SUSECVE-2022-49346 at NVDCVE-2022-49347 at SUSECVE-2022-49347 at NVDCVE-2022-49348 at SUSECVE-2022-49348 at NVDCVE-2022-49349 at SUSECVE-2022-49349 at NVDCVE-2022-49350 at SUSECVE-2022-49350 at NVDCVE-2022-49351 at SUSECVE-2022-49351 at NVDCVE-2022-49352 at SUSECVE-2022-49352 at NVDCVE-2022-49354 at SUSECVE-2022-49354 at NVDCVE-2022-49356 at SUSECVE-2022-49356 at NVDCVE-2022-49357 at SUSECVE-2022-49357 at NVDCVE-2022-49367 at SUSECVE-2022-49367 at NVDCVE-2022-49368 at SUSECVE-2022-49368 at NVDCVE-2022-49370 at SUSECVE-2022-49370 at NVDCVE-2022-49371 at SUSECVE-2022-49371 at NVDCVE-2022-49373 at SUSECVE-2022-49373 at NVDCVE-2022-49375 at SUSECVE-2022-49375 at NVDCVE-2022-49376 at SUSECVE-2022-49376 at NVDCVE-2022-49377 at SUSECVE-2022-49377 at NVDCVE-2022-49378 at SUSECVE-2022-49378 at NVDCVE-2022-49379 at SUSECVE-2022-49379 at NVDCVE-2022-49381 at SUSECVE-2022-49381 at NVDCVE-2022-49382 at SUSECVE-2022-49382 at NVDCVE-2022-49384 at SUSECVE-2022-49384 at NVDCVE-2022-49385 at SUSECVE-2022-49385 at NVDCVE-2022-49386 at SUSECVE-2022-49386 at NVDCVE-2022-49389 at SUSECVE-2022-49389 at NVDCVE-2022-49392 at SUSECVE-2022-49392 at NVDCVE-2022-49394 at SUSECVE-2022-49394 at NVDCVE-2022-49396 at SUSECVE-2022-49396 at NVDCVE-2022-49397 at SUSECVE-2022-49397 at NVDCVE-2022-49398 at SUSECVE-2022-49398 at NVDCVE-2022-49399 at SUSECVE-2022-49399 at NVDCVE-2022-49400 at SUSECVE-2022-49400 at NVDCVE-2022-49402 at SUSECVE-2022-49402 at NVDCVE-2022-49404 at SUSECVE-2022-49404 at NVDCVE-2022-49407 at SUSECVE-2022-49407 at NVDCVE-2022-49409 at SUSECVE-2022-49409 at NVDCVE-2022-49410 at SUSECVE-2022-49410 at NVDCVE-2022-49411 at SUSECVE-2022-49411 at NVDCVE-2022-49412 at SUSECVE-2022-49412 at NVDCVE-2022-49413 at SUSECVE-2022-49413 at NVDCVE-2022-49414 at SUSECVE-2022-49414 at NVDCVE-2022-49416 at SUSECVE-2022-49416 at NVDCVE-2022-49418 at SUSECVE-2022-49418 at NVDCVE-2022-49421 at SUSECVE-2022-49421 at NVDCVE-2022-49422 at SUSECVE-2022-49422 at NVDCVE-2022-49424 at SUSECVE-2022-49424 at NVDCVE-2022-49426 at SUSECVE-2022-49426 at NVDCVE-2022-49427 at SUSECVE-2022-49427 at NVDCVE-2022-49429 at SUSECVE-2022-49429 at NVDCVE-2022-49430 at SUSECVE-2022-49430 at NVDCVE-2022-49431 at SUSECVE-2022-49431 at NVDCVE-2022-49432 at SUSECVE-2022-49432 at NVDCVE-2022-49433 at SUSECVE-2022-49433 at NVDCVE-2022-49434 at SUSECVE-2022-49434 at NVDCVE-2022-49435 at SUSECVE-2022-49435 at NVDCVE-2022-49437 at SUSECVE-2022-49437 at NVDCVE-2022-49438 at SUSECVE-2022-49438 at NVDCVE-2022-49440 at SUSECVE-2022-49440 at NVDCVE-2022-49441 at SUSECVE-2022-49441 at NVDCVE-2022-49442 at SUSECVE-2022-49442 at NVDCVE-2022-49443 at SUSECVE-2022-49443 at NVDCVE-2022-49444 at SUSECVE-2022-49444 at NVDCVE-2022-49445 at SUSECVE-2022-49445 at NVDCVE-2022-49447 at SUSECVE-2022-49447 at NVDCVE-2022-49448 at SUSECVE-2022-49448 at NVDCVE-2022-49449 at SUSECVE-2022-49449 at NVDCVE-2022-49451 at SUSECVE-2022-49451 at NVDCVE-2022-49453 at SUSECVE-2022-49453 at NVDCVE-2022-49455 at SUSECVE-2022-49455 at NVDCVE-2022-49459 at SUSECVE-2022-49459 at NVDCVE-2022-49460 at SUSECVE-2022-49460 at NVDCVE-2022-49462 at SUSECVE-2022-49462 at NVDCVE-2022-49463 at SUSECVE-2022-49463 at NVDCVE-2022-49466 at SUSECVE-2022-49466 at NVDCVE-2022-49467 at SUSECVE-2022-49467 at NVDCVE-2022-49468 at SUSECVE-2022-49468 at NVDCVE-2022-49472 at SUSECVE-2022-49472 at NVDCVE-2022-49473 at SUSECVE-2022-49473 at NVDCVE-2022-49474 at SUSECVE-2022-49474 at NVDCVE-2022-49475 at SUSECVE-2022-49475 at NVDCVE-2022-49477 at SUSECVE-2022-49477 at NVDCVE-2022-49478 at SUSECVE-2022-49478 at NVDCVE-2022-49480 at SUSECVE-2022-49480 at NVDCVE-2022-49481 at SUSECVE-2022-49481 at NVDCVE-2022-49482 at SUSECVE-2022-49482 at NVDCVE-2022-49486 at SUSECVE-2022-49486 at NVDCVE-2022-49487 at SUSECVE-2022-49487 at NVDCVE-2022-49488 at SUSECVE-2022-49488 at NVDCVE-2022-49489 at SUSECVE-2022-49489 at NVDCVE-2022-49490 at SUSECVE-2022-49490 at NVDCVE-2022-49491 at SUSECVE-2022-49491 at NVDCVE-2022-49492 at SUSECVE-2022-49492 at NVDCVE-2022-49493 at SUSECVE-2022-49493 at NVDCVE-2022-49494 at SUSECVE-2022-49494 at NVDCVE-2022-49495 at SUSECVE-2022-49495 at NVDCVE-2022-49498 at SUSECVE-2022-49498 at NVDCVE-2022-49501 at SUSECVE-2022-49501 at NVDCVE-2022-49502 at SUSECVE-2022-49502 at NVDCVE-2022-49503 at SUSECVE-2022-49503 at NVDCVE-2022-49504 at SUSECVE-2022-49504 at NVDCVE-2022-49505 at SUSECVE-2022-49505 at NVDCVE-2022-49506 at SUSECVE-2022-49506 at NVDCVE-2022-49507 at SUSECVE-2022-49507 at NVDCVE-2022-49508 at SUSECVE-2022-49508 at NVDCVE-2022-49509 at SUSECVE-2022-49509 at NVDCVE-2022-49512 at SUSECVE-2022-49512 at NVDCVE-2022-49514 at SUSECVE-2022-49514 at NVDCVE-2022-49515 at SUSECVE-2022-49515 at NVDCVE-2022-49517 at SUSECVE-2022-49517 at NVDCVE-2022-49519 at SUSECVE-2022-49519 at NVDCVE-2022-49520 at SUSECVE-2022-49520 at NVDCVE-2022-49521 at SUSECVE-2022-49521 at NVDCVE-2022-49522 at SUSECVE-2022-49522 at NVDCVE-2022-49523 at SUSECVE-2022-49523 at NVDCVE-2022-49524 at SUSECVE-2022-49524 at NVDCVE-2022-49525 at SUSECVE-2022-49525 at NVDCVE-2022-49526 at SUSECVE-2022-49526 at NVDCVE-2022-49527 at SUSECVE-2022-49527 at NVDCVE-2022-49532 at SUSECVE-2022-49532 at NVDCVE-2022-49534 at SUSECVE-2022-49534 at NVDCVE-2022-49535 at SUSECVE-2022-49535 at NVDCVE-2022-49536 at SUSECVE-2022-49536 at NVDCVE-2022-49537 at SUSECVE-2022-49537 at NVDCVE-2022-49541 at SUSECVE-2022-49541 at NVDCVE-2022-49542 at SUSECVE-2022-49542 at NVDCVE-2022-49544 at SUSECVE-2022-49544 at NVDCVE-2022-49545 at SUSECVE-2022-49545 at NVDCVE-2022-49546 at SUSECVE-2022-49546 at NVDCVE-2022-49549 at SUSECVE-2022-49549 at NVDCVE-2022-49551 at SUSECVE-2022-49551 at NVDCVE-2022-49555 at SUSECVE-2022-49555 at NVDCVE-2022-49556 at SUSECVE-2022-49556 at NVDCVE-2022-49559 at SUSECVE-2022-49559 at NVDCVE-2022-49562 at SUSECVE-2022-49562 at NVDCVE-2022-49563 at SUSECVE-2022-49563 at NVDCVE-2022-49564 at SUSECVE-2022-49564 at NVDCVE-2022-49566 at SUSECVE-2022-49566 at NVDCVE-2022-49568 at SUSECVE-2022-49568 at NVDCVE-2022-49569 at SUSECVE-2022-49569 at NVDCVE-2022-49570 at SUSECVE-2022-49570 at NVDCVE-2022-49579 at SUSECVE-2022-49579 at NVDCVE-2022-49581 at SUSECVE-2022-49581 at NVDCVE-2022-49583 at SUSECVE-2022-49583 at NVDCVE-2022-49584 at SUSECVE-2022-49584 at NVDCVE-2022-49591 at SUSECVE-2022-49591 at NVDCVE-2022-49592 at SUSECVE-2022-49592 at NVDCVE-2022-49603 at SUSECVE-2022-49603 at NVDCVE-2022-49605 at SUSECVE-2022-49605 at NVDCVE-2022-49606 at SUSECVE-2022-49606 at NVDCVE-2022-49607 at SUSECVE-2022-49607 at NVDCVE-2022-49609 at SUSECVE-2022-49609 at NVDCVE-2022-49610 at SUSECVE-2022-49610 at NVDCVE-2022-49611 at SUSECVE-2022-49611 at NVDCVE-2022-49613 at SUSECVE-2022-49613 at NVDCVE-2022-49615 at SUSECVE-2022-49615 at NVDCVE-2022-49616 at SUSECVE-2022-49616 at NVDCVE-2022-49617 at SUSECVE-2022-49617 at NVDCVE-2022-49618 at SUSECVE-2022-49618 at NVDCVE-2022-49621 at SUSECVE-2022-49621 at NVDCVE-2022-49623 at SUSECVE-2022-49623 at NVDCVE-2022-49625 at SUSECVE-2022-49625 at NVDCVE-2022-49626 at SUSECVE-2022-49626 at NVDCVE-2022-49627 at SUSECVE-2022-49627 at NVDCVE-2022-49628 at SUSECVE-2022-49628 at NVDCVE-2022-49631 at SUSECVE-2022-49631 at NVDCVE-2022-49634 at SUSECVE-2022-49634 at NVDCVE-2022-49640 at SUSECVE-2022-49640 at NVDCVE-2022-49641 at SUSECVE-2022-49641 at NVDCVE-2022-49642 at SUSECVE-2022-49642 at NVDCVE-2022-49643 at SUSECVE-2022-49643 at NVDCVE-2022-49644 at SUSECVE-2022-49644 at NVDCVE-2022-49645 at SUSECVE-2022-49645 at NVDCVE-2022-49646 at SUSECVE-2022-49646 at NVDCVE-2022-49647 at SUSECVE-2022-49647 at NVDCVE-2022-49648 at SUSECVE-2022-49648 at NVDCVE-2022-49649 at SUSECVE-2022-49649 at NVDCVE-2022-49652 at SUSECVE-2022-49652 at NVDCVE-2022-49653 at SUSECVE-2022-49653 at NVDCVE-2022-49656 at SUSECVE-2022-49656 at NVDCVE-2022-49657 at SUSECVE-2022-49657 at NVDCVE-2022-49661 at SUSECVE-2022-49661 at NVDCVE-2022-49663 at SUSECVE-2022-49663 at NVDCVE-2022-49665 at SUSECVE-2022-49665 at NVDCVE-2022-49667 at SUSECVE-2022-49667 at NVDCVE-2022-49668 at SUSECVE-2022-49668 at NVDCVE-2022-49670 at SUSECVE-2022-49670 at NVDCVE-2022-49671 at SUSECVE-2022-49671 at NVDCVE-2022-49672 at SUSECVE-2022-49672 at NVDCVE-2022-49673 at SUSECVE-2022-49673 at NVDCVE-2022-49674 at SUSECVE-2022-49674 at NVDCVE-2022-49675 at SUSECVE-2022-49675 at NVDCVE-2022-49676 at SUSECVE-2022-49676 at NVDCVE-2022-49677 at SUSECVE-2022-49677 at NVDCVE-2022-49678 at SUSECVE-2022-49678 at NVDCVE-2022-49679 at SUSECVE-2022-49679 at NVDCVE-2022-49680 at SUSECVE-2022-49680 at NVDCVE-2022-49683 at SUSECVE-2022-49683 at NVDCVE-2022-49685 at SUSECVE-2022-49685 at NVDCVE-2022-49687 at SUSECVE-2022-49687 at NVDCVE-2022-49688 at SUSECVE-2022-49688 at NVDCVE-2022-49693 at SUSECVE-2022-49693 at NVDCVE-2022-49695 at SUSECVE-2022-49695 at NVDCVE-2022-49699 at SUSECVE-2022-49699 at NVDCVE-2022-49700 at SUSECVE-2022-49700 at NVDCVE-2022-49701 at SUSECVE-2022-49701 at NVDCVE-2022-49703 at SUSECVE-2022-49703 at NVDCVE-2022-49704 at SUSECVE-2022-49704 at NVDCVE-2022-49705 at SUSECVE-2022-49705 at NVDCVE-2022-49707 at SUSECVE-2022-49707 at NVDCVE-2022-49708 at SUSECVE-2022-49708 at NVDCVE-2022-49710 at SUSECVE-2022-49710 at NVDCVE-2022-49711 at SUSECVE-2022-49711 at NVDCVE-2022-49712 at SUSECVE-2022-49712 at NVDCVE-2022-49713 at SUSECVE-2022-49713 at NVDCVE-2022-49714 at SUSECVE-2022-49714 at NVDCVE-2022-49715 at SUSECVE-2022-49715 at NVDCVE-2022-49716 at SUSECVE-2022-49716 at NVDCVE-2022-49719 at SUSECVE-2022-49719 at NVDCVE-2022-49720 at SUSECVE-2022-49720 at NVDCVE-2022-49721 at SUSECVE-2022-49721 at NVDCVE-2022-49722 at SUSECVE-2022-49722 at NVDCVE-2022-49723 at SUSECVE-2022-49723 at NVDCVE-2022-49724 at SUSECVE-2022-49724 at NVDCVE-2022-49725 at SUSECVE-2022-49725 at NVDCVE-2022-49726 at SUSECVE-2022-49726 at NVDCVE-2022-49729 at SUSECVE-2022-49729 at NVDCVE-2022-49730 at SUSECVE-2022-49730 at NVDCVE-2022-49731 at SUSECVE-2022-49731 at NVDCVE-2022-49733 at SUSECVE-2022-49733 at NVDCVE-2023-28410 at SUSECVE-2023-28410 at NVDCVE-2024-2201 at SUSECVE-2024-2201 at NVDCVE-2024-41092 at SUSECVE-2024-41092 at NVDCVE-2024-42098 at SUSECVE-2024-42098 at NVDCVE-2024-42229 at SUSECVE-2024-42229 at NVDCVE-2024-42240 at SUSECVE-2024-42240 at NVDCVE-2024-57996 at SUSECVE-2024-57996 at NVDCVE-2024-58014 at SUSECVE-2024-58014 at NVDCVE-2025-21718 at SUSECVE-2025-21718 at NVDCVE-2025-21780 at SUSECVE-2025-21780 at NVDcpe:/o:suse:sle-micro:5.4Security update for podman (Important)SUSE Linux Enterprise Micro 5.4
This update for podman fixes the following issues:
- CVE-2025-22869: Fixed Denial of Service in the Key Exchange of golang.org/x/crypto/ssh (bsc#1239330).
ImportantSUSE bug 1239330CVE-2024-6104 at SUSECVE-2024-6104 at NVDCVE-2025-22869 at SUSECVE-2025-22869 at NVDCVE-2025-27144 at SUSECVE-2025-27144 at NVDcpe:/o:suse:sle-micro:5.4Security update for python3 (Low)SUSE Linux Enterprise Micro 5.4
This update for python3 fixes the following issues:
- CVE-2024-11168: Fixed improper validation of IPv6 and IPvFuture addresses (bsc#1233307).
LowSUSE bug 1233307CVE-2024-11168 at SUSECVE-2024-11168 at NVDcpe:/o:suse:sle-micro:5.4Security update for docker, docker-stable (Important)SUSE Linux Enterprise Micro 5.4
This update for docker, docker-stable fixes the following issues:
- CVE-2025-22868: Fixed unexpected memory consumption during token parsing in golang.org/x/oauth2 (bsc#1239185).
- CVE-2025-22869: Fixed Denial of Service in the Key Exchange of golang.org/x/crypto/ssh (bsc#1239322).
Other fixes:
- Make container-selinux requirement conditional on selinux-policy (bsc#1237367)
ImportantSUSE bug 1237367SUSE bug 1239185SUSE bug 1239322CVE-2024-23650 at SUSECVE-2024-23650 at NVDCVE-2024-29018 at SUSECVE-2024-29018 at NVDCVE-2024-41110 at SUSECVE-2024-41110 at NVDCVE-2025-22868 at SUSECVE-2025-22868 at NVDCVE-2025-22869 at SUSECVE-2025-22869 at NVDcpe:/o:suse:sle-micro:5.4Security update for libxslt (Important)SUSE Linux Enterprise Micro 5.4
This update for libxslt fixes the following issues:
- CVE-2023-40403: Fixed sensitive information disclosure during processing web content (bsc#1238591)
- CVE-2024-55549: Fixed use-after-free in xsltGetInheritedNsList (bsc#1239637)
- CVE-2025-24855: Fixed use-after-free in numbers.c (bsc#1239625)
ImportantSUSE bug 1238591SUSE bug 1239625SUSE bug 1239637CVE-2023-40403 at SUSECVE-2023-40403 at NVDCVE-2024-55549 at SUSECVE-2024-55549 at NVDCVE-2025-24855 at SUSECVE-2025-24855 at NVDcpe:/o:suse:sle-micro:5.4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.4
The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2022-49053: scsi: target: tcmu: Fix possible page UAF (bsc#1237918).
- CVE-2022-49465: blk-throttle: Set BIO_THROTTLED when bio has been throttled (bsc#1238919).
- CVE-2022-49739: gfs2: Always check inode size of inline inodes (bsc#1240207).
- CVE-2023-52935: mm/khugepaged: fix ->anon_vma race (bsc#1240276).
- CVE-2024-2201: Fixed information leak in x86/BHI (bsc#1217339).
- CVE-2024-41092: drm/i915/gt: Fix potential UAF by revoke of fence registers (bsc#1228483).
- CVE-2024-42098: crypto: ecdh - explicitly zeroize private_key (bsc#1228779).
- CVE-2024-42229: crypto: aead,cipher - zeroize key buffer after use (bsc#1228708).
- CVE-2024-53064: idpf: fix idpf_vc_core_init error path (bsc#1233558 bsc#1234464).
- CVE-2024-56651: can: hi311x: hi3110_can_ist(): fix potential use-after-free (bsc#1235528).
- CVE-2024-57996: net_sched: sch_sfq: do not allow 1 packet limit (bsc#1239076).
- CVE-2024-58014: wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy() (bsc#1239109).
- CVE-2024-58083: KVM: Explicitly verify target vCPU is online in kvm_get_vcpu() (bsc#1239036).
- CVE-2025-21693: mm: zswap: properly synchronize freeing resources during CPU hotunplug (bsc#1237029).
- CVE-2025-21714: RDMA/mlx5: Fix implicit ODP use after free (bsc#1237890).
- CVE-2025-21718: net: rose: fix timer races against user threads (bsc#1239073).
- CVE-2025-21732: RDMA/mlx5: Fix a race for an ODP MR which leads to CQE with error (bsc#1237877).
- CVE-2025-21753: btrfs: fix use-after-free when attempting to join an aborted transaction (bsc#1237875).
- CVE-2025-21772: partitions: mac: fix handling of bogus partition table (bsc#1238911).
- CVE-2025-21780: drm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table() (bsc#1239115).
- CVE-2025-21839: kABI: Fix kABI after backport od CVE-2025-21839 (bsc#1239061).
The following non-security bugs were fixed:
- ACPI: processor: idle: Return an error if both P_LVL{2,3} idle states are invalid (bsc#1237530).
- RDMA/mana_ib: Prefer struct_size over open coded arithmetic (bsc#1239016).
- RDMA/mana_ib: Use v2 version of cfg_rx_steer_req to enable RX coalescing (bsc#1239016).
- RDMA/mlx5: Fix implicit ODP hang on parent deregistration (git-fixes)
- btrfs: defrag: do not use merged extent map for their generation check (bsc#1239968).
- btrfs: fix defrag not merging contiguous extents due to merged extent maps (bsc#1239968).
- btrfs: fix extent map merging not happening for adjacent extents (bsc#1239968).
- btrfs: send: allow cloning non-aligned extent if it ends at i_size (bsc#1239969).
- btrfs: send: fix invalid clone operation for file that got its size decreased (bsc#1239969).
- gfs2: Fix inode height consistency check (git-fixes).
- mm/mmu_notifier.c: fix race in mmu_interval_notifier_remove() (bsc#1239126).
- mm: zswap: move allocations during CPU init outside the lock (git-fixes).
- net: mana: Add flex array to struct mana_cfg_rx_steer_req_v2 (bsc#1239016).
- net: mana: Allow variable size indirection table (bsc#1239016).
- net: mana: Avoid open coded arithmetic (bsc#1239016).
- net: mana: Fix error handling in mana_create_txq/rxq's NAPI cleanup (bsc#1240195).
- net: mana: Support holes in device list reply msg (bsc#1240133).
- x86/bhi: Avoid warning in #DB handler due to BHI mitigation (git-fixes).
- x86/bugs: Cache the value of MSR_IA32_ARCH_CAPABILITIES (git-fixes).
- x86/bugs: Fix BHI documentation (git-fixes).
- x86/bugs: Fix BHI handling of RRSBA (git-fixes).
- x86/bugs: Fix BHI retpoline check (git-fixes).
- x86/bugs: Fix return type of spectre_bhi_state() (git-fixes).
- x86/bugs: Remove CONFIG_BHI_MITIGATION_AUTO and spectre_bhi=auto (git-fixes).
ImportantSUSE bug 1065729SUSE bug 1180814SUSE bug 1183682SUSE bug 1190336SUSE bug 1190768SUSE bug 1190786SUSE bug 1193629SUSE bug 1194869SUSE bug 1194904SUSE bug 1195823SUSE bug 1196444SUSE bug 1197158SUSE bug 1197174SUSE bug 1197227SUSE bug 1197246SUSE bug 1197302SUSE bug 1197331SUSE bug 1197472SUSE bug 1197661SUSE bug 1197926SUSE bug 1198019SUSE bug 1198021SUSE bug 1198240SUSE bug 1198577SUSE bug 1198660SUSE bug 1199657SUSE bug 1200045SUSE bug 1200571SUSE bug 1200807SUSE bug 1200809SUSE bug 1200810SUSE bug 1200824SUSE bug 1200825SUSE bug 1200871SUSE bug 1200872SUSE bug 1201193SUSE bug 1201218SUSE bug 1201323SUSE bug 1201381SUSE bug 1201610SUSE bug 1202672SUSE bug 1202711SUSE bug 1202712SUSE bug 1202771SUSE bug 1202774SUSE bug 1202778SUSE bug 1202781SUSE bug 1203699SUSE bug 1203769SUSE bug 1204171SUSE bug 1206048SUSE bug 1206049SUSE bug 1207034SUSE bug 1207186SUSE bug 1207593SUSE bug 1207640SUSE bug 1207878SUSE bug 1209262SUSE bug 1209547SUSE bug 1209788SUSE bug 1210050SUSE bug 1210647SUSE bug 1211263SUSE bug 1213167SUSE bug 1217339SUSE bug 1225742SUSE bug 1228483SUSE bug 1228708SUSE bug 1228779SUSE bug 1228966SUSE bug 1231375SUSE bug 1233479SUSE bug 1233557SUSE bug 1233558SUSE bug 1234464SUSE bug 1235528SUSE bug 1237029SUSE bug 1237521SUSE bug 1237530SUSE bug 1237718SUSE bug 1237721SUSE bug 1237722SUSE bug 1237723SUSE bug 1237724SUSE bug 1237725SUSE bug 1237726SUSE bug 1237727SUSE bug 1237728SUSE bug 1237729SUSE bug 1237734SUSE bug 1237735SUSE bug 1237736SUSE bug 1237737SUSE bug 1237738SUSE bug 1237739SUSE bug 1237740SUSE bug 1237742SUSE bug 1237743SUSE bug 1237745SUSE bug 1237746SUSE bug 1237748SUSE bug 1237751SUSE bug 1237752SUSE bug 1237753SUSE bug 1237755SUSE bug 1237759SUSE bug 1237761SUSE bug 1237763SUSE bug 1237766SUSE bug 1237767SUSE bug 1237768SUSE bug 1237774SUSE bug 1237775SUSE bug 1237778SUSE bug 1237779SUSE bug 1237780SUSE bug 1237782SUSE bug 1237783SUSE bug 1237784SUSE bug 1237785SUSE bug 1237786SUSE bug 1237787SUSE bug 1237788SUSE bug 1237789SUSE bug 1237795SUSE bug 1237797SUSE bug 1237798SUSE bug 1237807SUSE bug 1237808SUSE bug 1237810SUSE bug 1237812SUSE bug 1237813SUSE bug 1237814SUSE bug 1237815SUSE bug 1237817SUSE bug 1237818SUSE bug 1237821SUSE bug 1237823SUSE bug 1237824SUSE bug 1237826SUSE bug 1237827SUSE bug 1237829SUSE bug 1237831SUSE bug 1237835SUSE bug 1237836SUSE bug 1237837SUSE bug 1237839SUSE bug 1237840SUSE bug 1237845SUSE bug 1237846SUSE bug 1237868SUSE bug 1237872SUSE bug 1237875SUSE bug 1237877SUSE bug 1237890SUSE bug 1237892SUSE bug 1237903SUSE bug 1237904SUSE bug 1237916SUSE bug 1237918SUSE bug 1237922SUSE bug 1237925SUSE bug 1237926SUSE bug 1237929SUSE bug 1237931SUSE bug 1237932SUSE bug 1237933SUSE bug 1237937SUSE bug 1237939SUSE bug 1237940SUSE bug 1237941SUSE bug 1237942SUSE bug 1237946SUSE bug 1237951SUSE bug 1237952SUSE bug 1237954SUSE bug 1237955SUSE bug 1237957SUSE bug 1237958SUSE bug 1237959SUSE bug 1237960SUSE bug 1237961SUSE bug 1237963SUSE bug 1237965SUSE bug 1237966SUSE bug 1237967SUSE bug 1237968SUSE bug 1237969SUSE bug 1237970SUSE bug 1237971SUSE bug 1237973SUSE bug 1237975SUSE bug 1237976SUSE bug 1237978SUSE bug 1237979SUSE bug 1237983SUSE bug 1237984SUSE bug 1237986SUSE bug 1237987SUSE bug 1237990SUSE bug 1237996SUSE bug 1237997SUSE bug 1237998SUSE bug 1237999SUSE bug 1238000SUSE bug 1238003SUSE bug 1238006SUSE bug 1238007SUSE bug 1238010SUSE bug 1238011SUSE bug 1238012SUSE bug 1238013SUSE bug 1238014SUSE bug 1238016SUSE bug 1238017SUSE bug 1238018SUSE bug 1238019SUSE bug 1238021SUSE bug 1238022SUSE bug 1238024SUSE bug 1238030SUSE bug 1238036SUSE bug 1238037SUSE bug 1238041SUSE bug 1238046SUSE bug 1238047SUSE bug 1238071SUSE bug 1238077SUSE bug 1238079SUSE bug 1238080SUSE bug 1238089SUSE bug 1238090SUSE bug 1238091SUSE bug 1238092SUSE bug 1238096SUSE bug 1238097SUSE bug 1238099SUSE bug 1238103SUSE bug 1238105SUSE bug 1238106SUSE bug 1238108SUSE bug 1238110SUSE bug 1238111SUSE bug 1238112SUSE bug 1238113SUSE bug 1238115SUSE bug 1238116SUSE bug 1238120SUSE bug 1238123SUSE bug 1238125SUSE bug 1238126SUSE bug 1238127SUSE bug 1238131SUSE bug 1238134SUSE bug 1238135SUSE bug 1238138SUSE bug 1238139SUSE bug 1238140SUSE bug 1238142SUSE bug 1238144SUSE bug 1238146SUSE bug 1238147SUSE bug 1238149SUSE bug 1238150SUSE bug 1238155SUSE bug 1238156SUSE bug 1238157SUSE bug 1238158SUSE bug 1238162SUSE bug 1238166SUSE bug 1238167SUSE bug 1238168SUSE bug 1238169SUSE bug 1238170SUSE bug 1238171SUSE bug 1238172SUSE bug 1238175SUSE bug 1238176SUSE bug 1238177SUSE bug 1238180SUSE bug 1238181SUSE bug 1238183SUSE bug 1238184SUSE bug 1238228SUSE bug 1238229SUSE bug 1238231SUSE bug 1238234SUSE bug 1238235SUSE bug 1238236SUSE bug 1238238SUSE bug 1238239SUSE bug 1238241SUSE bug 1238242SUSE bug 1238243SUSE bug 1238244SUSE bug 1238246SUSE bug 1238247SUSE bug 1238248SUSE bug 1238249SUSE bug 1238253SUSE bug 1238255SUSE bug 1238256SUSE bug 1238257SUSE bug 1238260SUSE bug 1238262SUSE bug 1238263SUSE bug 1238264SUSE bug 1238266SUSE bug 1238267SUSE bug 1238268SUSE bug 1238269SUSE bug 1238270SUSE bug 1238271SUSE bug 1238272SUSE bug 1238274SUSE bug 1238275SUSE bug 1238276SUSE bug 1238277SUSE bug 1238278SUSE bug 1238279SUSE bug 1238281SUSE bug 1238282SUSE bug 1238283SUSE bug 1238284SUSE bug 1238286SUSE bug 1238287SUSE bug 1238288SUSE bug 1238289SUSE bug 1238292SUSE bug 1238293SUSE bug 1238295SUSE bug 1238298SUSE bug 1238301SUSE bug 1238302SUSE bug 1238306SUSE bug 1238307SUSE bug 1238308SUSE bug 1238309SUSE bug 1238311SUSE bug 1238313SUSE bug 1238326SUSE bug 1238327SUSE bug 1238328SUSE bug 1238331SUSE bug 1238333SUSE bug 1238334SUSE bug 1238336SUSE bug 1238337SUSE bug 1238338SUSE bug 1238339SUSE bug 1238343SUSE bug 1238345SUSE bug 1238372SUSE bug 1238373SUSE bug 1238374SUSE bug 1238376SUSE bug 1238377SUSE bug 1238381SUSE bug 1238382SUSE bug 1238383SUSE bug 1238386SUSE bug 1238387SUSE bug 1238388SUSE bug 1238389SUSE bug 1238390SUSE bug 1238391SUSE bug 1238392SUSE bug 1238393SUSE bug 1238394SUSE bug 1238395SUSE bug 1238396SUSE bug 1238397SUSE bug 1238400SUSE bug 1238410SUSE bug 1238411SUSE bug 1238413SUSE bug 1238415SUSE bug 1238416SUSE bug 1238417SUSE bug 1238418SUSE bug 1238419SUSE bug 1238420SUSE bug 1238423SUSE bug 1238428SUSE bug 1238429SUSE bug 1238430SUSE bug 1238431SUSE bug 1238432SUSE bug 1238433SUSE bug 1238434SUSE bug 1238435SUSE bug 1238436SUSE bug 1238437SUSE bug 1238440SUSE bug 1238441SUSE bug 1238442SUSE bug 1238443SUSE bug 1238444SUSE bug 1238445SUSE bug 1238446SUSE bug 1238447SUSE bug 1238453SUSE bug 1238454SUSE bug 1238458SUSE bug 1238459SUSE bug 1238462SUSE bug 1238463SUSE bug 1238465SUSE bug 1238467SUSE bug 1238469SUSE bug 1238533SUSE bug 1238536SUSE bug 1238538SUSE bug 1238539SUSE bug 1238540SUSE bug 1238543SUSE bug 1238545SUSE bug 1238546SUSE bug 1238556SUSE bug 1238557SUSE bug 1238599SUSE bug 1238600SUSE bug 1238601SUSE bug 1238602SUSE bug 1238605SUSE bug 1238612SUSE bug 1238615SUSE bug 1238617SUSE bug 1238618SUSE bug 1238619SUSE bug 1238621SUSE bug 1238623SUSE bug 1238625SUSE bug 1238626SUSE bug 1238630SUSE bug 1238631SUSE bug 1238632SUSE bug 1238633SUSE bug 1238635SUSE bug 1238636SUSE bug 1238638SUSE bug 1238639SUSE bug 1238640SUSE bug 1238641SUSE bug 1238642SUSE bug 1238643SUSE bug 1238645SUSE bug 1238646SUSE bug 1238647SUSE bug 1238650SUSE bug 1238653SUSE bug 1238654SUSE bug 1238655SUSE bug 1238662SUSE bug 1238663SUSE bug 1238664SUSE bug 1238666SUSE bug 1238668SUSE bug 1238705SUSE bug 1238707SUSE bug 1238710SUSE bug 1238712SUSE bug 1238718SUSE bug 1238719SUSE bug 1238721SUSE bug 1238722SUSE bug 1238727SUSE bug 1238729SUSE bug 1238750SUSE bug 1238787SUSE bug 1238789SUSE bug 1238792SUSE bug 1238799SUSE bug 1238804SUSE bug 1238805SUSE bug 1238808SUSE bug 1238809SUSE bug 1238811SUSE bug 1238814SUSE bug 1238815SUSE bug 1238816SUSE bug 1238817SUSE bug 1238818SUSE bug 1238819SUSE bug 1238821SUSE bug 1238823SUSE bug 1238825SUSE bug 1238830SUSE bug 1238834SUSE bug 1238835SUSE bug 1238836SUSE bug 1238838SUSE bug 1238867SUSE bug 1238868SUSE bug 1238869SUSE bug 1238870SUSE bug 1238871SUSE bug 1238878SUSE bug 1238889SUSE bug 1238892SUSE bug 1238893SUSE bug 1238897SUSE bug 1238898SUSE bug 1238899SUSE bug 1238902SUSE bug 1238911SUSE bug 1238916SUSE bug 1238919SUSE bug 1238925SUSE bug 1238930SUSE bug 1238933SUSE bug 1238936SUSE bug 1238937SUSE bug 1238938SUSE bug 1238939SUSE bug 1238943SUSE bug 1238945SUSE bug 1238948SUSE bug 1238949SUSE bug 1238950SUSE bug 1238951SUSE bug 1238952SUSE bug 1238954SUSE bug 1238956SUSE bug 1238957SUSE bug 1239001SUSE bug 1239004SUSE bug 1239016SUSE bug 1239035SUSE bug 1239036SUSE bug 1239040SUSE bug 1239041SUSE bug 1239051SUSE bug 1239060SUSE bug 1239061SUSE bug 1239070SUSE bug 1239071SUSE bug 1239073SUSE bug 1239076SUSE bug 1239109SUSE bug 1239115SUSE bug 1239126SUSE bug 1239452SUSE bug 1239454SUSE bug 1239968SUSE bug 1239969SUSE bug 1240133SUSE bug 1240195SUSE bug 1240205SUSE bug 1240207SUSE bug 1240208SUSE bug 1240210SUSE bug 1240212SUSE bug 1240213SUSE bug 1240218SUSE bug 1240220SUSE bug 1240227SUSE bug 1240229SUSE bug 1240231SUSE bug 1240242SUSE bug 1240245SUSE bug 1240247SUSE bug 1240250SUSE bug 1240254SUSE bug 1240256SUSE bug 1240264SUSE bug 1240266SUSE bug 1240272SUSE bug 1240275SUSE bug 1240276SUSE bug 1240278SUSE bug 1240279SUSE bug 1240280SUSE bug 1240281SUSE bug 1240282SUSE bug 1240283SUSE bug 1240284SUSE bug 1240286SUSE bug 1240288SUSE bug 1240290SUSE bug 1240292SUSE bug 1240293SUSE bug 1240297SUSE bug 1240304SUSE bug 1240308SUSE bug 1240309SUSE bug 1240317SUSE bug 1240318SUSE bug 1240322CVE-2017-5753 at SUSECVE-2017-5753 at NVDCVE-2021-4453 at SUSECVE-2021-4453 at NVDCVE-2021-4454 at SUSECVE-2021-4454 at NVDCVE-2021-47631 at SUSECVE-2021-47631 at NVDCVE-2021-47632 at SUSECVE-2021-47632 at NVDCVE-2021-47633 at SUSECVE-2021-47633 at NVDCVE-2021-47635 at SUSECVE-2021-47635 at NVDCVE-2021-47636 at SUSECVE-2021-47636 at NVDCVE-2021-47637 at SUSECVE-2021-47637 at NVDCVE-2021-47638 at SUSECVE-2021-47638 at NVDCVE-2021-47639 at SUSECVE-2021-47639 at NVDCVE-2021-47641 at SUSECVE-2021-47641 at NVDCVE-2021-47642 at SUSECVE-2021-47642 at NVDCVE-2021-47643 at SUSECVE-2021-47643 at NVDCVE-2021-47644 at SUSECVE-2021-47644 at NVDCVE-2021-47645 at SUSECVE-2021-47645 at NVDCVE-2021-47646 at SUSECVE-2021-47646 at NVDCVE-2021-47647 at SUSECVE-2021-47647 at NVDCVE-2021-47648 at SUSECVE-2021-47648 at NVDCVE-2021-47649 at SUSECVE-2021-47649 at NVDCVE-2021-47650 at SUSECVE-2021-47650 at NVDCVE-2021-47651 at SUSECVE-2021-47651 at NVDCVE-2021-47652 at SUSECVE-2021-47652 at NVDCVE-2021-47653 at SUSECVE-2021-47653 at NVDCVE-2021-47654 at SUSECVE-2021-47654 at NVDCVE-2021-47656 at SUSECVE-2021-47656 at NVDCVE-2021-47657 at SUSECVE-2021-47657 at NVDCVE-2021-47659 at SUSECVE-2021-47659 at NVDCVE-2022-0168 at SUSECVE-2022-0168 at NVDCVE-2022-0995 at SUSECVE-2022-0995 at NVDCVE-2022-1016 at SUSECVE-2022-1016 at NVDCVE-2022-1048 at SUSECVE-2022-1048 at NVDCVE-2022-1184 at SUSECVE-2022-1184 at NVDCVE-2022-2977 at SUSECVE-2022-2977 at NVDCVE-2022-29900 at SUSECVE-2022-29900 at NVDCVE-2022-29901 at SUSECVE-2022-29901 at NVDCVE-2022-3303 at SUSECVE-2022-3303 at NVDCVE-2022-3435 at SUSECVE-2022-3435 at NVDCVE-2022-49044 at SUSECVE-2022-49044 at NVDCVE-2022-49050 at SUSECVE-2022-49050 at NVDCVE-2022-49051 at SUSECVE-2022-49051 at NVDCVE-2022-49053 at SUSECVE-2022-49053 at NVDCVE-2022-49054 at SUSECVE-2022-49054 at NVDCVE-2022-49055 at SUSECVE-2022-49055 at NVDCVE-2022-49058 at SUSECVE-2022-49058 at NVDCVE-2022-49059 at SUSECVE-2022-49059 at NVDCVE-2022-49060 at SUSECVE-2022-49060 at NVDCVE-2022-49061 at SUSECVE-2022-49061 at NVDCVE-2022-49063 at SUSECVE-2022-49063 at NVDCVE-2022-49065 at SUSECVE-2022-49065 at NVDCVE-2022-49066 at SUSECVE-2022-49066 at NVDCVE-2022-49073 at SUSECVE-2022-49073 at NVDCVE-2022-49074 at SUSECVE-2022-49074 at NVDCVE-2022-49076 at SUSECVE-2022-49076 at NVDCVE-2022-49078 at SUSECVE-2022-49078 at NVDCVE-2022-49082 at SUSECVE-2022-49082 at NVDCVE-2022-49083 at SUSECVE-2022-49083 at NVDCVE-2022-49084 at SUSECVE-2022-49084 at NVDCVE-2022-49085 at SUSECVE-2022-49085 at NVDCVE-2022-49086 at SUSECVE-2022-49086 at NVDCVE-2022-49088 at SUSECVE-2022-49088 at NVDCVE-2022-49089 at SUSECVE-2022-49089 at NVDCVE-2022-49090 at SUSECVE-2022-49090 at NVDCVE-2022-49091 at SUSECVE-2022-49091 at NVDCVE-2022-49092 at SUSECVE-2022-49092 at NVDCVE-2022-49093 at SUSECVE-2022-49093 at NVDCVE-2022-49095 at SUSECVE-2022-49095 at NVDCVE-2022-49096 at SUSECVE-2022-49096 at NVDCVE-2022-49097 at SUSECVE-2022-49097 at NVDCVE-2022-49098 at SUSECVE-2022-49098 at NVDCVE-2022-49099 at SUSECVE-2022-49099 at NVDCVE-2022-49100 at SUSECVE-2022-49100 at NVDCVE-2022-49102 at SUSECVE-2022-49102 at NVDCVE-2022-49103 at SUSECVE-2022-49103 at NVDCVE-2022-49104 at SUSECVE-2022-49104 at NVDCVE-2022-49105 at SUSECVE-2022-49105 at NVDCVE-2022-49106 at SUSECVE-2022-49106 at NVDCVE-2022-49107 at SUSECVE-2022-49107 at NVDCVE-2022-49109 at SUSECVE-2022-49109 at NVDCVE-2022-49111 at SUSECVE-2022-49111 at NVDCVE-2022-49112 at SUSECVE-2022-49112 at NVDCVE-2022-49113 at SUSECVE-2022-49113 at NVDCVE-2022-49114 at SUSECVE-2022-49114 at NVDCVE-2022-49115 at SUSECVE-2022-49115 at NVDCVE-2022-49116 at SUSECVE-2022-49116 at NVDCVE-2022-49118 at SUSECVE-2022-49118 at NVDCVE-2022-49119 at SUSECVE-2022-49119 at NVDCVE-2022-49120 at SUSECVE-2022-49120 at NVDCVE-2022-49121 at SUSECVE-2022-49121 at NVDCVE-2022-49122 at SUSECVE-2022-49122 at NVDCVE-2022-49126 at SUSECVE-2022-49126 at NVDCVE-2022-49128 at SUSECVE-2022-49128 at NVDCVE-2022-49129 at SUSECVE-2022-49129 at NVDCVE-2022-49130 at SUSECVE-2022-49130 at NVDCVE-2022-49131 at SUSECVE-2022-49131 at NVDCVE-2022-49132 at SUSECVE-2022-49132 at NVDCVE-2022-49135 at SUSECVE-2022-49135 at NVDCVE-2022-49137 at SUSECVE-2022-49137 at NVDCVE-2022-49145 at SUSECVE-2022-49145 at NVDCVE-2022-49147 at SUSECVE-2022-49147 at NVDCVE-2022-49148 at SUSECVE-2022-49148 at NVDCVE-2022-49151 at SUSECVE-2022-49151 at NVDCVE-2022-49153 at SUSECVE-2022-49153 at NVDCVE-2022-49154 at SUSECVE-2022-49154 at NVDCVE-2022-49155 at SUSECVE-2022-49155 at NVDCVE-2022-49156 at SUSECVE-2022-49156 at NVDCVE-2022-49157 at SUSECVE-2022-49157 at NVDCVE-2022-49158 at SUSECVE-2022-49158 at NVDCVE-2022-49159 at SUSECVE-2022-49159 at NVDCVE-2022-49160 at SUSECVE-2022-49160 at NVDCVE-2022-49162 at SUSECVE-2022-49162 at NVDCVE-2022-49163 at SUSECVE-2022-49163 at NVDCVE-2022-49164 at SUSECVE-2022-49164 at NVDCVE-2022-49165 at SUSECVE-2022-49165 at NVDCVE-2022-49174 at SUSECVE-2022-49174 at NVDCVE-2022-49175 at SUSECVE-2022-49175 at NVDCVE-2022-49176 at SUSECVE-2022-49176 at NVDCVE-2022-49177 at SUSECVE-2022-49177 at NVDCVE-2022-49179 at SUSECVE-2022-49179 at NVDCVE-2022-49180 at SUSECVE-2022-49180 at NVDCVE-2022-49182 at SUSECVE-2022-49182 at NVDCVE-2022-49185 at SUSECVE-2022-49185 at NVDCVE-2022-49187 at SUSECVE-2022-49187 at NVDCVE-2022-49188 at SUSECVE-2022-49188 at NVDCVE-2022-49189 at SUSECVE-2022-49189 at NVDCVE-2022-49193 at SUSECVE-2022-49193 at NVDCVE-2022-49194 at SUSECVE-2022-49194 at NVDCVE-2022-49196 at SUSECVE-2022-49196 at NVDCVE-2022-49199 at SUSECVE-2022-49199 at NVDCVE-2022-49200 at SUSECVE-2022-49200 at NVDCVE-2022-49201 at SUSECVE-2022-49201 at NVDCVE-2022-49206 at SUSECVE-2022-49206 at NVDCVE-2022-49208 at SUSECVE-2022-49208 at NVDCVE-2022-49212 at SUSECVE-2022-49212 at NVDCVE-2022-49213 at SUSECVE-2022-49213 at NVDCVE-2022-49214 at SUSECVE-2022-49214 at NVDCVE-2022-49216 at SUSECVE-2022-49216 at NVDCVE-2022-49217 at SUSECVE-2022-49217 at NVDCVE-2022-49218 at SUSECVE-2022-49218 at NVDCVE-2022-49221 at SUSECVE-2022-49221 at NVDCVE-2022-49222 at SUSECVE-2022-49222 at NVDCVE-2022-49224 at SUSECVE-2022-49224 at NVDCVE-2022-49226 at SUSECVE-2022-49226 at NVDCVE-2022-49227 at SUSECVE-2022-49227 at NVDCVE-2022-49232 at SUSECVE-2022-49232 at NVDCVE-2022-49235 at SUSECVE-2022-49235 at NVDCVE-2022-49236 at SUSECVE-2022-49236 at NVDCVE-2022-49239 at SUSECVE-2022-49239 at NVDCVE-2022-49241 at SUSECVE-2022-49241 at NVDCVE-2022-49242 at SUSECVE-2022-49242 at NVDCVE-2022-49243 at SUSECVE-2022-49243 at NVDCVE-2022-49244 at SUSECVE-2022-49244 at NVDCVE-2022-49246 at SUSECVE-2022-49246 at NVDCVE-2022-49247 at SUSECVE-2022-49247 at NVDCVE-2022-49248 at SUSECVE-2022-49248 at NVDCVE-2022-49249 at SUSECVE-2022-49249 at NVDCVE-2022-49250 at SUSECVE-2022-49250 at NVDCVE-2022-49251 at SUSECVE-2022-49251 at NVDCVE-2022-49252 at SUSECVE-2022-49252 at NVDCVE-2022-49253 at SUSECVE-2022-49253 at NVDCVE-2022-49254 at SUSECVE-2022-49254 at NVDCVE-2022-49256 at SUSECVE-2022-49256 at NVDCVE-2022-49257 at SUSECVE-2022-49257 at NVDCVE-2022-49258 at SUSECVE-2022-49258 at NVDCVE-2022-49259 at SUSECVE-2022-49259 at NVDCVE-2022-49260 at SUSECVE-2022-49260 at NVDCVE-2022-49261 at SUSECVE-2022-49261 at NVDCVE-2022-49262 at SUSECVE-2022-49262 at NVDCVE-2022-49263 at SUSECVE-2022-49263 at NVDCVE-2022-49264 at SUSECVE-2022-49264 at NVDCVE-2022-49265 at SUSECVE-2022-49265 at NVDCVE-2022-49266 at SUSECVE-2022-49266 at NVDCVE-2022-49268 at SUSECVE-2022-49268 at NVDCVE-2022-49269 at SUSECVE-2022-49269 at NVDCVE-2022-49270 at SUSECVE-2022-49270 at NVDCVE-2022-49271 at SUSECVE-2022-49271 at NVDCVE-2022-49272 at SUSECVE-2022-49272 at NVDCVE-2022-49273 at SUSECVE-2022-49273 at NVDCVE-2022-49274 at SUSECVE-2022-49274 at NVDCVE-2022-49275 at SUSECVE-2022-49275 at NVDCVE-2022-49276 at SUSECVE-2022-49276 at NVDCVE-2022-49277 at SUSECVE-2022-49277 at NVDCVE-2022-49278 at SUSECVE-2022-49278 at NVDCVE-2022-49279 at SUSECVE-2022-49279 at NVDCVE-2022-49280 at SUSECVE-2022-49280 at NVDCVE-2022-49281 at SUSECVE-2022-49281 at NVDCVE-2022-49283 at SUSECVE-2022-49283 at NVDCVE-2022-49285 at SUSECVE-2022-49285 at NVDCVE-2022-49286 at SUSECVE-2022-49286 at NVDCVE-2022-49287 at SUSECVE-2022-49287 at NVDCVE-2022-49288 at SUSECVE-2022-49288 at NVDCVE-2022-49290 at SUSECVE-2022-49290 at NVDCVE-2022-49291 at SUSECVE-2022-49291 at NVDCVE-2022-49292 at SUSECVE-2022-49292 at NVDCVE-2022-49293 at SUSECVE-2022-49293 at NVDCVE-2022-49294 at SUSECVE-2022-49294 at NVDCVE-2022-49295 at SUSECVE-2022-49295 at NVDCVE-2022-49297 at SUSECVE-2022-49297 at NVDCVE-2022-49298 at SUSECVE-2022-49298 at NVDCVE-2022-49299 at SUSECVE-2022-49299 at NVDCVE-2022-49300 at SUSECVE-2022-49300 at NVDCVE-2022-49301 at SUSECVE-2022-49301 at NVDCVE-2022-49302 at SUSECVE-2022-49302 at NVDCVE-2022-49304 at SUSECVE-2022-49304 at NVDCVE-2022-49305 at SUSECVE-2022-49305 at NVDCVE-2022-49307 at SUSECVE-2022-49307 at NVDCVE-2022-49308 at SUSECVE-2022-49308 at NVDCVE-2022-49309 at SUSECVE-2022-49309 at NVDCVE-2022-49310 at SUSECVE-2022-49310 at NVDCVE-2022-49311 at SUSECVE-2022-49311 at NVDCVE-2022-49312 at SUSECVE-2022-49312 at NVDCVE-2022-49313 at SUSECVE-2022-49313 at NVDCVE-2022-49314 at SUSECVE-2022-49314 at NVDCVE-2022-49315 at SUSECVE-2022-49315 at NVDCVE-2022-49316 at SUSECVE-2022-49316 at NVDCVE-2022-49319 at SUSECVE-2022-49319 at NVDCVE-2022-49320 at SUSECVE-2022-49320 at NVDCVE-2022-49321 at SUSECVE-2022-49321 at NVDCVE-2022-49322 at SUSECVE-2022-49322 at NVDCVE-2022-49323 at SUSECVE-2022-49323 at NVDCVE-2022-49326 at SUSECVE-2022-49326 at NVDCVE-2022-49327 at SUSECVE-2022-49327 at NVDCVE-2022-49328 at SUSECVE-2022-49328 at NVDCVE-2022-49331 at SUSECVE-2022-49331 at NVDCVE-2022-49332 at SUSECVE-2022-49332 at NVDCVE-2022-49335 at SUSECVE-2022-49335 at NVDCVE-2022-49336 at SUSECVE-2022-49336 at NVDCVE-2022-49337 at SUSECVE-2022-49337 at NVDCVE-2022-49339 at SUSECVE-2022-49339 at NVDCVE-2022-49341 at SUSECVE-2022-49341 at NVDCVE-2022-49342 at SUSECVE-2022-49342 at NVDCVE-2022-49343 at SUSECVE-2022-49343 at NVDCVE-2022-49345 at SUSECVE-2022-49345 at NVDCVE-2022-49346 at SUSECVE-2022-49346 at NVDCVE-2022-49347 at SUSECVE-2022-49347 at NVDCVE-2022-49348 at SUSECVE-2022-49348 at NVDCVE-2022-49349 at SUSECVE-2022-49349 at NVDCVE-2022-49350 at SUSECVE-2022-49350 at NVDCVE-2022-49351 at SUSECVE-2022-49351 at NVDCVE-2022-49352 at SUSECVE-2022-49352 at NVDCVE-2022-49354 at SUSECVE-2022-49354 at NVDCVE-2022-49356 at SUSECVE-2022-49356 at NVDCVE-2022-49357 at SUSECVE-2022-49357 at NVDCVE-2022-49367 at SUSECVE-2022-49367 at NVDCVE-2022-49368 at SUSECVE-2022-49368 at NVDCVE-2022-49370 at SUSECVE-2022-49370 at NVDCVE-2022-49371 at SUSECVE-2022-49371 at NVDCVE-2022-49373 at SUSECVE-2022-49373 at NVDCVE-2022-49375 at SUSECVE-2022-49375 at NVDCVE-2022-49376 at SUSECVE-2022-49376 at NVDCVE-2022-49377 at SUSECVE-2022-49377 at NVDCVE-2022-49378 at SUSECVE-2022-49378 at NVDCVE-2022-49379 at SUSECVE-2022-49379 at NVDCVE-2022-49381 at SUSECVE-2022-49381 at NVDCVE-2022-49382 at SUSECVE-2022-49382 at NVDCVE-2022-49384 at SUSECVE-2022-49384 at NVDCVE-2022-49385 at SUSECVE-2022-49385 at NVDCVE-2022-49386 at SUSECVE-2022-49386 at NVDCVE-2022-49389 at SUSECVE-2022-49389 at NVDCVE-2022-49392 at SUSECVE-2022-49392 at NVDCVE-2022-49394 at SUSECVE-2022-49394 at NVDCVE-2022-49396 at SUSECVE-2022-49396 at NVDCVE-2022-49397 at SUSECVE-2022-49397 at NVDCVE-2022-49398 at SUSECVE-2022-49398 at NVDCVE-2022-49399 at SUSECVE-2022-49399 at NVDCVE-2022-49400 at SUSECVE-2022-49400 at NVDCVE-2022-49402 at SUSECVE-2022-49402 at NVDCVE-2022-49404 at SUSECVE-2022-49404 at NVDCVE-2022-49407 at SUSECVE-2022-49407 at NVDCVE-2022-49409 at SUSECVE-2022-49409 at NVDCVE-2022-49410 at SUSECVE-2022-49410 at NVDCVE-2022-49411 at SUSECVE-2022-49411 at NVDCVE-2022-49412 at SUSECVE-2022-49412 at NVDCVE-2022-49413 at SUSECVE-2022-49413 at NVDCVE-2022-49414 at SUSECVE-2022-49414 at NVDCVE-2022-49416 at SUSECVE-2022-49416 at NVDCVE-2022-49418 at SUSECVE-2022-49418 at NVDCVE-2022-49421 at SUSECVE-2022-49421 at NVDCVE-2022-49422 at SUSECVE-2022-49422 at NVDCVE-2022-49424 at SUSECVE-2022-49424 at NVDCVE-2022-49426 at SUSECVE-2022-49426 at NVDCVE-2022-49427 at SUSECVE-2022-49427 at NVDCVE-2022-49429 at SUSECVE-2022-49429 at NVDCVE-2022-49430 at SUSECVE-2022-49430 at NVDCVE-2022-49431 at SUSECVE-2022-49431 at NVDCVE-2022-49432 at SUSECVE-2022-49432 at NVDCVE-2022-49433 at SUSECVE-2022-49433 at NVDCVE-2022-49434 at SUSECVE-2022-49434 at NVDCVE-2022-49435 at SUSECVE-2022-49435 at NVDCVE-2022-49437 at SUSECVE-2022-49437 at NVDCVE-2022-49438 at SUSECVE-2022-49438 at NVDCVE-2022-49440 at SUSECVE-2022-49440 at NVDCVE-2022-49441 at SUSECVE-2022-49441 at NVDCVE-2022-49442 at SUSECVE-2022-49442 at NVDCVE-2022-49443 at SUSECVE-2022-49443 at NVDCVE-2022-49444 at SUSECVE-2022-49444 at NVDCVE-2022-49445 at SUSECVE-2022-49445 at NVDCVE-2022-49447 at SUSECVE-2022-49447 at NVDCVE-2022-49448 at SUSECVE-2022-49448 at NVDCVE-2022-49449 at SUSECVE-2022-49449 at NVDCVE-2022-49451 at SUSECVE-2022-49451 at NVDCVE-2022-49453 at SUSECVE-2022-49453 at NVDCVE-2022-49455 at SUSECVE-2022-49455 at NVDCVE-2022-49459 at SUSECVE-2022-49459 at NVDCVE-2022-49460 at SUSECVE-2022-49460 at NVDCVE-2022-49462 at SUSECVE-2022-49462 at NVDCVE-2022-49463 at SUSECVE-2022-49463 at NVDCVE-2022-49465 at SUSECVE-2022-49465 at NVDCVE-2022-49466 at SUSECVE-2022-49466 at NVDCVE-2022-49467 at SUSECVE-2022-49467 at NVDCVE-2022-49468 at SUSECVE-2022-49468 at NVDCVE-2022-49472 at SUSECVE-2022-49472 at NVDCVE-2022-49473 at SUSECVE-2022-49473 at NVDCVE-2022-49474 at SUSECVE-2022-49474 at NVDCVE-2022-49475 at SUSECVE-2022-49475 at NVDCVE-2022-49477 at SUSECVE-2022-49477 at NVDCVE-2022-49478 at SUSECVE-2022-49478 at NVDCVE-2022-49480 at SUSECVE-2022-49480 at NVDCVE-2022-49481 at SUSECVE-2022-49481 at NVDCVE-2022-49482 at SUSECVE-2022-49482 at NVDCVE-2022-49486 at SUSECVE-2022-49486 at NVDCVE-2022-49487 at SUSECVE-2022-49487 at NVDCVE-2022-49488 at SUSECVE-2022-49488 at NVDCVE-2022-49489 at SUSECVE-2022-49489 at NVDCVE-2022-49490 at SUSECVE-2022-49490 at NVDCVE-2022-49491 at SUSECVE-2022-49491 at NVDCVE-2022-49492 at SUSECVE-2022-49492 at NVDCVE-2022-49493 at SUSECVE-2022-49493 at NVDCVE-2022-49494 at SUSECVE-2022-49494 at NVDCVE-2022-49495 at SUSECVE-2022-49495 at NVDCVE-2022-49498 at SUSECVE-2022-49498 at NVDCVE-2022-49501 at SUSECVE-2022-49501 at NVDCVE-2022-49502 at SUSECVE-2022-49502 at NVDCVE-2022-49503 at SUSECVE-2022-49503 at NVDCVE-2022-49504 at SUSECVE-2022-49504 at NVDCVE-2022-49505 at SUSECVE-2022-49505 at NVDCVE-2022-49506 at SUSECVE-2022-49506 at NVDCVE-2022-49507 at SUSECVE-2022-49507 at NVDCVE-2022-49508 at SUSECVE-2022-49508 at NVDCVE-2022-49509 at SUSECVE-2022-49509 at NVDCVE-2022-49512 at SUSECVE-2022-49512 at NVDCVE-2022-49514 at SUSECVE-2022-49514 at NVDCVE-2022-49515 at SUSECVE-2022-49515 at NVDCVE-2022-49517 at SUSECVE-2022-49517 at NVDCVE-2022-49519 at SUSECVE-2022-49519 at NVDCVE-2022-49520 at SUSECVE-2022-49520 at NVDCVE-2022-49521 at SUSECVE-2022-49521 at NVDCVE-2022-49522 at SUSECVE-2022-49522 at NVDCVE-2022-49523 at SUSECVE-2022-49523 at NVDCVE-2022-49524 at SUSECVE-2022-49524 at NVDCVE-2022-49525 at SUSECVE-2022-49525 at NVDCVE-2022-49526 at SUSECVE-2022-49526 at NVDCVE-2022-49527 at SUSECVE-2022-49527 at NVDCVE-2022-49532 at SUSECVE-2022-49532 at NVDCVE-2022-49534 at SUSECVE-2022-49534 at NVDCVE-2022-49535 at SUSECVE-2022-49535 at NVDCVE-2022-49536 at SUSECVE-2022-49536 at NVDCVE-2022-49537 at SUSECVE-2022-49537 at NVDCVE-2022-49541 at SUSECVE-2022-49541 at NVDCVE-2022-49542 at SUSECVE-2022-49542 at NVDCVE-2022-49544 at SUSECVE-2022-49544 at NVDCVE-2022-49545 at SUSECVE-2022-49545 at NVDCVE-2022-49546 at SUSECVE-2022-49546 at NVDCVE-2022-49549 at SUSECVE-2022-49549 at NVDCVE-2022-49551 at SUSECVE-2022-49551 at NVDCVE-2022-49555 at SUSECVE-2022-49555 at NVDCVE-2022-49556 at SUSECVE-2022-49556 at NVDCVE-2022-49559 at SUSECVE-2022-49559 at NVDCVE-2022-49562 at SUSECVE-2022-49562 at NVDCVE-2022-49563 at SUSECVE-2022-49563 at NVDCVE-2022-49564 at SUSECVE-2022-49564 at NVDCVE-2022-49566 at SUSECVE-2022-49566 at NVDCVE-2022-49568 at SUSECVE-2022-49568 at NVDCVE-2022-49569 at SUSECVE-2022-49569 at NVDCVE-2022-49570 at SUSECVE-2022-49570 at NVDCVE-2022-49579 at SUSECVE-2022-49579 at NVDCVE-2022-49581 at SUSECVE-2022-49581 at NVDCVE-2022-49583 at SUSECVE-2022-49583 at NVDCVE-2022-49584 at SUSECVE-2022-49584 at NVDCVE-2022-49591 at SUSECVE-2022-49591 at NVDCVE-2022-49592 at SUSECVE-2022-49592 at NVDCVE-2022-49603 at SUSECVE-2022-49603 at NVDCVE-2022-49605 at SUSECVE-2022-49605 at NVDCVE-2022-49606 at SUSECVE-2022-49606 at NVDCVE-2022-49607 at SUSECVE-2022-49607 at NVDCVE-2022-49609 at SUSECVE-2022-49609 at NVDCVE-2022-49610 at SUSECVE-2022-49610 at NVDCVE-2022-49611 at SUSECVE-2022-49611 at NVDCVE-2022-49613 at SUSECVE-2022-49613 at NVDCVE-2022-49615 at SUSECVE-2022-49615 at NVDCVE-2022-49616 at SUSECVE-2022-49616 at NVDCVE-2022-49617 at SUSECVE-2022-49617 at NVDCVE-2022-49618 at SUSECVE-2022-49618 at NVDCVE-2022-49621 at SUSECVE-2022-49621 at NVDCVE-2022-49623 at SUSECVE-2022-49623 at NVDCVE-2022-49625 at SUSECVE-2022-49625 at NVDCVE-2022-49626 at SUSECVE-2022-49626 at NVDCVE-2022-49627 at SUSECVE-2022-49627 at NVDCVE-2022-49628 at SUSECVE-2022-49628 at NVDCVE-2022-49631 at SUSECVE-2022-49631 at NVDCVE-2022-49634 at SUSECVE-2022-49634 at NVDCVE-2022-49640 at SUSECVE-2022-49640 at NVDCVE-2022-49641 at SUSECVE-2022-49641 at NVDCVE-2022-49642 at SUSECVE-2022-49642 at NVDCVE-2022-49643 at SUSECVE-2022-49643 at NVDCVE-2022-49644 at SUSECVE-2022-49644 at NVDCVE-2022-49645 at SUSECVE-2022-49645 at NVDCVE-2022-49646 at SUSECVE-2022-49646 at NVDCVE-2022-49647 at SUSECVE-2022-49647 at NVDCVE-2022-49648 at SUSECVE-2022-49648 at NVDCVE-2022-49649 at SUSECVE-2022-49649 at NVDCVE-2022-49650 at SUSECVE-2022-49650 at NVDCVE-2022-49652 at SUSECVE-2022-49652 at NVDCVE-2022-49653 at SUSECVE-2022-49653 at NVDCVE-2022-49656 at SUSECVE-2022-49656 at NVDCVE-2022-49657 at SUSECVE-2022-49657 at NVDCVE-2022-49661 at SUSECVE-2022-49661 at NVDCVE-2022-49663 at SUSECVE-2022-49663 at NVDCVE-2022-49665 at SUSECVE-2022-49665 at NVDCVE-2022-49667 at SUSECVE-2022-49667 at NVDCVE-2022-49668 at SUSECVE-2022-49668 at NVDCVE-2022-49670 at SUSECVE-2022-49670 at NVDCVE-2022-49671 at SUSECVE-2022-49671 at NVDCVE-2022-49672 at SUSECVE-2022-49672 at NVDCVE-2022-49673 at SUSECVE-2022-49673 at NVDCVE-2022-49674 at SUSECVE-2022-49674 at NVDCVE-2022-49675 at SUSECVE-2022-49675 at NVDCVE-2022-49676 at SUSECVE-2022-49676 at NVDCVE-2022-49677 at SUSECVE-2022-49677 at NVDCVE-2022-49678 at SUSECVE-2022-49678 at NVDCVE-2022-49679 at SUSECVE-2022-49679 at NVDCVE-2022-49680 at SUSECVE-2022-49680 at NVDCVE-2022-49683 at SUSECVE-2022-49683 at NVDCVE-2022-49685 at SUSECVE-2022-49685 at NVDCVE-2022-49687 at SUSECVE-2022-49687 at NVDCVE-2022-49688 at SUSECVE-2022-49688 at NVDCVE-2022-49693 at SUSECVE-2022-49693 at NVDCVE-2022-49695 at SUSECVE-2022-49695 at NVDCVE-2022-49699 at SUSECVE-2022-49699 at NVDCVE-2022-49700 at SUSECVE-2022-49700 at NVDCVE-2022-49701 at SUSECVE-2022-49701 at NVDCVE-2022-49703 at SUSECVE-2022-49703 at NVDCVE-2022-49704 at SUSECVE-2022-49704 at NVDCVE-2022-49705 at SUSECVE-2022-49705 at NVDCVE-2022-49707 at SUSECVE-2022-49707 at NVDCVE-2022-49708 at SUSECVE-2022-49708 at NVDCVE-2022-49710 at SUSECVE-2022-49710 at NVDCVE-2022-49711 at SUSECVE-2022-49711 at NVDCVE-2022-49712 at SUSECVE-2022-49712 at NVDCVE-2022-49713 at SUSECVE-2022-49713 at NVDCVE-2022-49714 at SUSECVE-2022-49714 at NVDCVE-2022-49715 at SUSECVE-2022-49715 at NVDCVE-2022-49716 at SUSECVE-2022-49716 at NVDCVE-2022-49719 at SUSECVE-2022-49719 at NVDCVE-2022-49720 at SUSECVE-2022-49720 at NVDCVE-2022-49721 at SUSECVE-2022-49721 at NVDCVE-2022-49722 at SUSECVE-2022-49722 at NVDCVE-2022-49723 at SUSECVE-2022-49723 at NVDCVE-2022-49724 at SUSECVE-2022-49724 at NVDCVE-2022-49725 at SUSECVE-2022-49725 at NVDCVE-2022-49726 at SUSECVE-2022-49726 at NVDCVE-2022-49729 at SUSECVE-2022-49729 at NVDCVE-2022-49730 at SUSECVE-2022-49730 at NVDCVE-2022-49731 at SUSECVE-2022-49731 at NVDCVE-2022-49733 at SUSECVE-2022-49733 at NVDCVE-2022-49739 at SUSECVE-2022-49739 at NVDCVE-2022-49746 at SUSECVE-2022-49746 at NVDCVE-2022-49748 at SUSECVE-2022-49748 at NVDCVE-2022-49751 at SUSECVE-2022-49751 at NVDCVE-2022-49753 at SUSECVE-2022-49753 at NVDCVE-2022-49755 at SUSECVE-2022-49755 at NVDCVE-2022-49759 at SUSECVE-2022-49759 at NVDCVE-2023-0179 at SUSECVE-2023-0179 at NVDCVE-2023-1652 at SUSECVE-2023-1652 at NVDCVE-2023-2162 at SUSECVE-2023-2162 at NVDCVE-2023-28410 at SUSECVE-2023-28410 at NVDCVE-2023-3567 at SUSECVE-2023-3567 at NVDCVE-2023-52930 at SUSECVE-2023-52930 at NVDCVE-2023-52933 at SUSECVE-2023-52933 at NVDCVE-2023-52935 at SUSECVE-2023-52935 at NVDCVE-2023-52939 at SUSECVE-2023-52939 at NVDCVE-2023-52941 at SUSECVE-2023-52941 at NVDCVE-2023-52973 at SUSECVE-2023-52973 at NVDCVE-2023-52974 at SUSECVE-2023-52974 at NVDCVE-2023-52975 at SUSECVE-2023-52975 at NVDCVE-2023-52976 at SUSECVE-2023-52976 at NVDCVE-2023-52979 at SUSECVE-2023-52979 at NVDCVE-2023-52983 at SUSECVE-2023-52983 at NVDCVE-2023-52984 at SUSECVE-2023-52984 at NVDCVE-2023-52988 at SUSECVE-2023-52988 at NVDCVE-2023-52989 at SUSECVE-2023-52989 at NVDCVE-2023-52992 at SUSECVE-2023-52992 at NVDCVE-2023-52993 at SUSECVE-2023-52993 at NVDCVE-2023-53000 at SUSECVE-2023-53000 at NVDCVE-2023-53005 at SUSECVE-2023-53005 at NVDCVE-2023-53006 at SUSECVE-2023-53006 at NVDCVE-2023-53007 at SUSECVE-2023-53007 at NVDCVE-2023-53008 at SUSECVE-2023-53008 at NVDCVE-2023-53010 at SUSECVE-2023-53010 at NVDCVE-2023-53015 at SUSECVE-2023-53015 at NVDCVE-2023-53016 at SUSECVE-2023-53016 at NVDCVE-2023-53019 at SUSECVE-2023-53019 at NVDCVE-2023-53023 at SUSECVE-2023-53023 at NVDCVE-2023-53024 at SUSECVE-2023-53024 at NVDCVE-2023-53025 at SUSECVE-2023-53025 at NVDCVE-2023-53026 at SUSECVE-2023-53026 at NVDCVE-2023-53028 at SUSECVE-2023-53028 at NVDCVE-2023-53029 at SUSECVE-2023-53029 at NVDCVE-2023-53030 at SUSECVE-2023-53030 at NVDCVE-2023-53033 at SUSECVE-2023-53033 at NVDCVE-2024-2201 at SUSECVE-2024-2201 at NVDCVE-2024-41092 at SUSECVE-2024-41092 at NVDCVE-2024-42098 at SUSECVE-2024-42098 at NVDCVE-2024-42229 at SUSECVE-2024-42229 at NVDCVE-2024-42240 at SUSECVE-2024-42240 at NVDCVE-2024-50290 at SUSECVE-2024-50290 at NVDCVE-2024-53063 at SUSECVE-2024-53063 at NVDCVE-2024-53064 at SUSECVE-2024-53064 at NVDCVE-2024-56651 at SUSECVE-2024-56651 at NVDCVE-2024-57996 at SUSECVE-2024-57996 at NVDCVE-2024-58014 at SUSECVE-2024-58014 at NVDCVE-2024-58083 at SUSECVE-2024-58083 at NVDCVE-2025-21693 at SUSECVE-2025-21693 at NVDCVE-2025-21714 at SUSECVE-2025-21714 at NVDCVE-2025-21718 at SUSECVE-2025-21718 at NVDCVE-2025-21732 at SUSECVE-2025-21732 at NVDCVE-2025-21753 at SUSECVE-2025-21753 at NVDCVE-2025-21772 at SUSECVE-2025-21772 at NVDCVE-2025-21780 at SUSECVE-2025-21780 at NVDCVE-2025-21839 at SUSECVE-2025-21839 at NVDcpe:/o:suse:sle-micro:5.4Security update for apparmor (Moderate)SUSE Linux Enterprise Micro 5.4
This update for apparmor fixes the following issue:
- Allow dovecot-auth to execute unix check password from /sbin, not only from /usr/bin (bsc#1234452).
ModerateSUSE bug 1234452cpe:/o:suse:sle-micro:5.4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.4
The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2022-49053: scsi: target: tcmu: Fix possible page UAF (bsc#1237918).
- CVE-2022-49465: blk-throttle: Set BIO_THROTTLED when bio has been throttled (bsc#1238919).
- CVE-2022-49739: gfs2: Always check inode size of inline inodes (bsc#1240207).
- CVE-2023-52935: mm/khugepaged: fix ->anon_vma race (bsc#1240276).
- CVE-2024-53064: idpf: fix idpf_vc_core_init error path (bsc#1233558 bsc#1234464).
- CVE-2024-56651: can: hi311x: hi3110_can_ist(): fix potential use-after-free (bsc#1235528).
- CVE-2024-58083: KVM: Explicitly verify target vCPU is online in kvm_get_vcpu() (bsc#1239036).
- CVE-2025-21693: mm: zswap: properly synchronize freeing resources during CPU hotunplug (bsc#1237029).
- CVE-2025-21714: RDMA/mlx5: Fix implicit ODP use after free (bsc#1237890).
- CVE-2025-21732: RDMA/mlx5: Fix a race for an ODP MR which leads to CQE with error (bsc#1237877).
- CVE-2025-21753: btrfs: fix use-after-free when attempting to join an aborted transaction (bsc#1237875).
- CVE-2025-21772: partitions: mac: fix handling of bogus partition table (bsc#1238911).
The following non-security bugs were fixed:
- ACPI: processor: idle: Return an error if both P_LVL{2,3} idle states are invalid (bsc#1237530).
- RDMA/mana_ib: Prefer struct_size over open coded arithmetic (bsc#1239016).
- RDMA/mana_ib: Use v2 version of cfg_rx_steer_req to enable RX coalescing (bsc#1239016).
- RDMA/mlx5: Fix implicit ODP hang on parent deregistration (git-fixes)
- btrfs: defrag: do not use merged extent map for their generation check (bsc#1239968).
- btrfs: fix defrag not merging contiguous extents due to merged extent maps (bsc#1239968).
- btrfs: fix extent map merging not happening for adjacent extents (bsc#1239968).
- btrfs: send: allow cloning non-aligned extent if it ends at i_size (bsc#1239969).
- btrfs: send: fix invalid clone operation for file that got its size decreased (bsc#1239969).
- gfs2: Fix inode height consistency check (git-fixes).
- mm/mmu_notifier.c: fix race in mmu_interval_notifier_remove() (bsc#1239126).
- mm: zswap: move allocations during CPU init outside the lock (git-fixes).
- net: mana: Add flex array to struct mana_cfg_rx_steer_req_v2 (bsc#1239016).
- net: mana: Allow variable size indirection table (bsc#1239016).
- net: mana: Avoid open coded arithmetic (bsc#1239016).
- net: mana: Fix error handling in mana_create_txq/rxq's NAPI cleanup (bsc#1240195).
- net: mana: Support holes in device list reply msg (bsc#1240133).
ImportantSUSE bug 1193629SUSE bug 1197227SUSE bug 1207034SUSE bug 1207186SUSE bug 1207878SUSE bug 1209262SUSE bug 1209547SUSE bug 1209788SUSE bug 1210647SUSE bug 1213167SUSE bug 1225742SUSE bug 1231375SUSE bug 1233479SUSE bug 1233557SUSE bug 1233558SUSE bug 1234464SUSE bug 1235528SUSE bug 1237029SUSE bug 1237530SUSE bug 1237875SUSE bug 1237877SUSE bug 1237890SUSE bug 1237918SUSE bug 1238911SUSE bug 1238919SUSE bug 1239016SUSE bug 1239036SUSE bug 1239061SUSE bug 1239126SUSE bug 1239452SUSE bug 1239454SUSE bug 1239968SUSE bug 1239969SUSE bug 1240133SUSE bug 1240195SUSE bug 1240205SUSE bug 1240207SUSE bug 1240208SUSE bug 1240210SUSE bug 1240212SUSE bug 1240213SUSE bug 1240218SUSE bug 1240220SUSE bug 1240227SUSE bug 1240229SUSE bug 1240231SUSE bug 1240242SUSE bug 1240245SUSE bug 1240247SUSE bug 1240250SUSE bug 1240254SUSE bug 1240256SUSE bug 1240264SUSE bug 1240266SUSE bug 1240272SUSE bug 1240275SUSE bug 1240276SUSE bug 1240278SUSE bug 1240279SUSE bug 1240280SUSE bug 1240281SUSE bug 1240282SUSE bug 1240283SUSE bug 1240284SUSE bug 1240286SUSE bug 1240288SUSE bug 1240290SUSE bug 1240292SUSE bug 1240293SUSE bug 1240297SUSE bug 1240304SUSE bug 1240308SUSE bug 1240309SUSE bug 1240317SUSE bug 1240318SUSE bug 1240322CVE-2017-5753 at SUSECVE-2017-5753 at NVDCVE-2021-4454 at SUSECVE-2021-4454 at NVDCVE-2022-1016 at SUSECVE-2022-1016 at NVDCVE-2022-49053 at SUSECVE-2022-49053 at NVDCVE-2022-49293 at SUSECVE-2022-49293 at NVDCVE-2022-49465 at SUSECVE-2022-49465 at NVDCVE-2022-49650 at SUSECVE-2022-49650 at NVDCVE-2022-49739 at SUSECVE-2022-49739 at NVDCVE-2022-49746 at SUSECVE-2022-49746 at NVDCVE-2022-49748 at SUSECVE-2022-49748 at NVDCVE-2022-49751 at SUSECVE-2022-49751 at NVDCVE-2022-49753 at SUSECVE-2022-49753 at NVDCVE-2022-49755 at SUSECVE-2022-49755 at NVDCVE-2022-49759 at SUSECVE-2022-49759 at NVDCVE-2023-0179 at SUSECVE-2023-0179 at NVDCVE-2023-1652 at SUSECVE-2023-1652 at NVDCVE-2023-2162 at SUSECVE-2023-2162 at NVDCVE-2023-3567 at SUSECVE-2023-3567 at NVDCVE-2023-52930 at SUSECVE-2023-52930 at NVDCVE-2023-52933 at SUSECVE-2023-52933 at NVDCVE-2023-52935 at SUSECVE-2023-52935 at NVDCVE-2023-52939 at SUSECVE-2023-52939 at NVDCVE-2023-52941 at SUSECVE-2023-52941 at NVDCVE-2023-52973 at SUSECVE-2023-52973 at NVDCVE-2023-52974 at SUSECVE-2023-52974 at NVDCVE-2023-52975 at SUSECVE-2023-52975 at NVDCVE-2023-52976 at SUSECVE-2023-52976 at NVDCVE-2023-52979 at SUSECVE-2023-52979 at NVDCVE-2023-52983 at SUSECVE-2023-52983 at NVDCVE-2023-52984 at SUSECVE-2023-52984 at NVDCVE-2023-52988 at SUSECVE-2023-52988 at NVDCVE-2023-52989 at SUSECVE-2023-52989 at NVDCVE-2023-52992 at SUSECVE-2023-52992 at NVDCVE-2023-52993 at SUSECVE-2023-52993 at NVDCVE-2023-53000 at SUSECVE-2023-53000 at NVDCVE-2023-53005 at SUSECVE-2023-53005 at NVDCVE-2023-53006 at SUSECVE-2023-53006 at NVDCVE-2023-53007 at SUSECVE-2023-53007 at NVDCVE-2023-53008 at SUSECVE-2023-53008 at NVDCVE-2023-53010 at SUSECVE-2023-53010 at NVDCVE-2023-53015 at SUSECVE-2023-53015 at NVDCVE-2023-53016 at SUSECVE-2023-53016 at NVDCVE-2023-53019 at SUSECVE-2023-53019 at NVDCVE-2023-53023 at SUSECVE-2023-53023 at NVDCVE-2023-53024 at SUSECVE-2023-53024 at NVDCVE-2023-53025 at SUSECVE-2023-53025 at NVDCVE-2023-53026 at SUSECVE-2023-53026 at NVDCVE-2023-53028 at SUSECVE-2023-53028 at NVDCVE-2023-53029 at SUSECVE-2023-53029 at NVDCVE-2023-53030 at SUSECVE-2023-53030 at NVDCVE-2023-53033 at SUSECVE-2023-53033 at NVDCVE-2024-50290 at SUSECVE-2024-50290 at NVDCVE-2024-53063 at SUSECVE-2024-53063 at NVDCVE-2024-53064 at SUSECVE-2024-53064 at NVDCVE-2024-56651 at SUSECVE-2024-56651 at NVDCVE-2024-58083 at SUSECVE-2024-58083 at NVDCVE-2025-21693 at SUSECVE-2025-21693 at NVDCVE-2025-21714 at SUSECVE-2025-21714 at NVDCVE-2025-21732 at SUSECVE-2025-21732 at NVDCVE-2025-21753 at SUSECVE-2025-21753 at NVDCVE-2025-21772 at SUSECVE-2025-21772 at NVDCVE-2025-21839 at SUSECVE-2025-21839 at NVDcpe:/o:suse:sle-micro:5.4Security update for expat (Important)SUSE Linux Enterprise Micro 5.4
This update for expat fixes the following issues:
- CVE-2024-8176: Fixed denial of service from chaining a large number of entities caused
by stack overflow by resolving use of recursion (bsc#1239618)
Other fixes:
- version update to 2.7.1 (jsc#PED-12500)
Bug fixes:
#980 #989 Restore event pointer behavior from Expat 2.6.4
(that the fix to CVE-2024-8176 changed in 2.7.0);
affected API functions are:
- XML_GetCurrentByteCount
- XML_GetCurrentByteIndex
- XML_GetCurrentColumnNumber
- XML_GetCurrentLineNumber
- XML_GetInputContext
Other changes:
#976 #977 Autotools: Integrate files 'fuzz/xml_lpm_fuzzer.{cpp,proto}'
with Automake that were missing from 2.7.0 release tarballs
#983 #984 Fix printf format specifiers for 32bit Emscripten
#992 docs: Promote OpenSSF Best Practices self-certification
#978 tests/benchmark: Resolve mistaken double close
#986 Address compiler warnings
#990 #993 Version info bumped from 11:1:10 (libexpat*.so.1.10.1)
to 11:2:10 (libexpat*.so.1.10.2); see https://verbump.de/
for what these numbers do
Infrastructure:
#982 CI: Start running Perl XML::Parser integration tests
#987 CI: Enforce Clang Static Analyzer clean code
#991 CI: Re-enable warning clang-analyzer-valist.Uninitialized
for clang-tidy
#981 CI: Cover compilation with musl
#983 #984 CI: Cover compilation with 32bit Emscripten
#976 #977 CI: Protect against fuzzer files missing from future
release archives
- version update to 2.7.0
#935 #937 Autotools: Make generated CMake files look for
libexpat.@SO_MAJOR@.dylib on macOS
#925 Autotools: Sync CMake templates with CMake 3.29
#945 #962 #966 CMake: Drop support for CMake <3.13
#942 CMake: Small fuzzing related improvements
#921 docs: Add missing documentation of error code
XML_ERROR_NOT_STARTED that was introduced with 2.6.4
#941 docs: Document need for C++11 compiler for use from C++
#959 tests/benchmark: Fix a (harmless) TOCTTOU
#944 Windows: Fix installer target location of file xmlwf.xml
for CMake
#953 Windows: Address warning -Wunknown-warning-option
about -Wno-pedantic-ms-format from LLVM MinGW
#971 Address Cppcheck warnings
#969 #970 Mass-migrate links from http:// to https://
#947 #958 ..
#974 #975 Document changes since the previous release
#974 #975 Version info bumped from 11:0:10 (libexpat*.so.1.10.0)
to 11:1:10 (libexpat*.so.1.10.1); see https://verbump.de/
for what these numbers do
ImportantSUSE bug 1239618CVE-2024-8176 at SUSECVE-2024-8176 at NVDcpe:/o:suse:sle-micro:5.4Security update for pam (Moderate)SUSE Linux Enterprise Micro 5.4
This update for pam fixes the following issues:
- CVE-2024-10041: sensitive data exposure while performing authentications. (bsc#1232234)
ModerateSUSE bug 1232234CVE-2024-10041 at SUSECVE-2024-10041 at NVDcpe:/o:suse:sle-micro:5.4Security update for haproxy (Moderate)SUSE Linux Enterprise Micro 5.4
This update for haproxy fixes the following issues:
- CVE-2025-32464: Fixed heap-based buffer overflow in sample_conv_regsub. (bsc#1240971)
ModerateSUSE bug 1240971CVE-2025-32464 at SUSECVE-2025-32464 at NVDcpe:/o:suse:sle-micro:5.4Security update for containerd (Moderate)SUSE Linux Enterprise Micro 5.4
This update for containerd fixes the following issues:
- CVE-2024-40635: Fixed integer overflow in User ID handling (bsc#1239749)
Other fixes:
- Update to containerd v1.7.27.
ModerateSUSE bug 1239749CVE-2024-40635 at SUSECVE-2024-40635 at NVDcpe:/o:suse:sle-micro:5.4Security update for mozjs60 (Moderate)SUSE Linux Enterprise Micro 5.4
This update for mozjs60 fixes the following issues:
- CVE-2024-56431: Fixed a negative shift in huffdec.c (bsc#1234837).
ModerateSUSE bug 1234837CVE-2024-56431 at SUSECVE-2024-56431 at NVDcpe:/o:suse:sle-micro:5.4Security update for cifs-utils (Moderate)SUSE Linux Enterprise Micro 5.4
This update for cifs-utils fixes the following issues:
- CVE-2025-2312: Fixed cifs.upcall making an upcall to the wrong
namespace in containerized environments while trying to get Kerberos
credentials (bsc#1239680)
ModerateSUSE bug 1239680CVE-2025-2312 at SUSECVE-2025-2312 at NVDcpe:/o:suse:sle-micro:5.4Security update for augeas (Low)SUSE Linux Enterprise Micro 5.4
This update for augeas fixes the following issues:
- CVE-2025-2588: Check for NULL pointers when calling re_case_expand in function fa_expand_nocase. (bsc#1239909)
LowSUSE bug 1239909CVE-2025-2588 at SUSECVE-2025-2588 at NVDcpe:/o:suse:sle-micro:5.4Security update for libxml2 (Moderate)SUSE Linux Enterprise Micro 5.4
This update for libxml2 fixes the following issues:
- CVE-2025-32414: Fixed an out-of-bounds read when parsing text via the Python API. (bsc#1241551)
- CVE-2025-32415: Fixed a crafted XML document may lead to a heap-based buffer under-read. (bsc#1241453)
ModerateSUSE bug 1241453SUSE bug 1241551CVE-2025-32414 at SUSECVE-2025-32414 at NVDCVE-2025-32415 at SUSECVE-2025-32415 at NVDcpe:/o:suse:sle-micro:5.4Security update for sqlite3 (Moderate)SUSE Linux Enterprise Micro 5.4
This update for sqlite3 fixes the following issues:
- CVE-2025-29087,CVE-2025-3277: Fixed integer overflow in sqlite concat function (bsc#1241020)
- CVE-2025-29088: Fixed integer overflow through the SQLITE_DBCONFIG_LOOKASIDE component (bsc#1241078)
Other fixes:
- Updated to version 3.49.1 from Factory (jsc#SLE-16032)
ModerateSUSE bug 1241020SUSE bug 1241078SUSE bug 1241189CVE-2025-29087 at SUSECVE-2025-29087 at NVDCVE-2025-29088 at SUSECVE-2025-29088 at NVDCVE-2025-3277 at SUSECVE-2025-3277 at NVDcpe:/o:suse:sle-micro:5.4Security update for libsoup2 (Important)SUSE Linux Enterprise Micro 5.4
This update for libsoup2 fixes the following issues:
- CVE-2025-2784: Fixed heap buffer over-read in `skip_insignificant_space` when sniffing conten (bsc#1240750)
- CVE-2025-32050: Fixed integer overflow in append_param_quoted (bsc#1240752)
- CVE-2025-32052: Fixed heap buffer overflow in sniff_unknown() (bsc#1240756)
- CVE-2025-32053: Fixed heap buffer overflows in sniff_feed_or_html() and skip_insignificant_space() (bsc#1240757)
- CVE-2025-32907: Fixed excessive memory consumption in server when client requests a large amount of overlapping ranges in a single HTTP request (bsc#1241222)
- CVE-2025-32914: Fixed out of bounds read in `soup_multipart_new_from_message()` (bsc#1241164)
- CVE-2025-46420: Fixed memory leak on soup_header_parse_quality_list() via soup-headers.c (bsc#1241686)
- CVE-2025-46421: Fixed HTTP Authorization Header leak via an HTTP redirect (bsc#1241688)
ImportantSUSE bug 1240750SUSE bug 1240752SUSE bug 1240756SUSE bug 1240757SUSE bug 1241164SUSE bug 1241222SUSE bug 1241686SUSE bug 1241688CVE-2025-2784 at SUSECVE-2025-2784 at NVDCVE-2025-32050 at SUSECVE-2025-32050 at NVDCVE-2025-32052 at SUSECVE-2025-32052 at NVDCVE-2025-32053 at SUSECVE-2025-32053 at NVDCVE-2025-32907 at SUSECVE-2025-32907 at NVDCVE-2025-32914 at SUSECVE-2025-32914 at NVDCVE-2025-46420 at SUSECVE-2025-46420 at NVDCVE-2025-46421 at SUSECVE-2025-46421 at NVDcpe:/o:suse:sle-micro:5.4Security update for apparmor (Moderate)SUSE Linux Enterprise Micro 5.4
This update for apparmor fixes the following issues:
- Add dac_read_search capability for unix_chkpwd to allow it to read the shadow
file even if it has 000 permissions. This is needed after the CVE-2024-10041
fix in PAM. (bsc#1241678)
ModerateSUSE bug 1241678CVE-2024-10041 at SUSECVE-2024-10041 at NVDcpe:/o:suse:sle-micro:5.4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.4
The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2025-21726: padata: avoid UAF for reorder_work (bsc#1238865).
- CVE-2025-21785: arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array (bsc#1238747).
- CVE-2025-21791: vrf: use RCU protection in l3mdev_l3_out() (bsc#1238512).
- CVE-2025-21812: ax25: rcu protect dev->ax25_ptr (bsc#1238471).
- CVE-2025-22004: net: atm: fix use after free in lec_send() (bsc#1240835).
- CVE-2025-22020: memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove (bsc#1241280).
- CVE-2025-22029: exec: fix the racy usage of fs_struct->in_exec (bsc#1241378).
- CVE-2025-22045: x86/mm: Fix flush_tlb_range() when used for zapping normal PMDs (bsc#1241433).
- CVE-2025-22055: net: fix geneve_opt length integer overflow (bsc#1241371).
- CVE-2025-22097: drm/vkms: Fix use after free and double free on init error (bsc#1241541).
The following non-security bugs were fixed:
- scsi: smartpqi: Add ctrl ready timeout module parameter (jsc#PED-1557, bsc#1201855, bsc#1240553).
ImportantSUSE bug 1201855SUSE bug 1230771SUSE bug 1238471SUSE bug 1238512SUSE bug 1238747SUSE bug 1238865SUSE bug 1239968SUSE bug 1240188SUSE bug 1240195SUSE bug 1240553SUSE bug 1240747SUSE bug 1240835SUSE bug 1241280SUSE bug 1241371SUSE bug 1241378SUSE bug 1241421SUSE bug 1241433SUSE bug 1241541CVE-2021-47671 at SUSECVE-2021-47671 at NVDCVE-2022-49741 at SUSECVE-2022-49741 at NVDCVE-2024-46784 at SUSECVE-2024-46784 at NVDCVE-2025-21726 at SUSECVE-2025-21726 at NVDCVE-2025-21785 at SUSECVE-2025-21785 at NVDCVE-2025-21791 at SUSECVE-2025-21791 at NVDCVE-2025-21812 at SUSECVE-2025-21812 at NVDCVE-2025-21886 at SUSECVE-2025-21886 at NVDCVE-2025-22004 at SUSECVE-2025-22004 at NVDCVE-2025-22020 at SUSECVE-2025-22020 at NVDCVE-2025-22029 at SUSECVE-2025-22029 at NVDCVE-2025-22045 at SUSECVE-2025-22045 at NVDCVE-2025-22055 at SUSECVE-2025-22055 at NVDCVE-2025-22097 at SUSECVE-2025-22097 at NVDcpe:/o:suse:sle-micro:5.4Security update for openssh (Moderate)SUSE Linux Enterprise Micro 5.4
This update for openssh fixes the following issues:
- Security issues fixed:
* CVE-2025-32728: Fixed a logic error in DisableForwarding option (bsc#1241012)
- Other bugs fixed:
* Allow KEX hashes greater than 256 bits (bsc#1241045)
* Fixed hostname being left out of the audit output (bsc#1228634)
* Fixed failures with very large MOTDs (bsc#1232533)
ModerateSUSE bug 1228634SUSE bug 1232533SUSE bug 1241012SUSE bug 1241045CVE-2025-32728 at SUSECVE-2025-32728 at NVDcpe:/o:suse:sle-micro:5.4Security update for brltty (Moderate)SUSE Linux Enterprise Micro 5.4
This update for brltty fixes the following issues:
- Avoid having brlapi.key temporarily world-readable during creation (bsc#1235438).
ModerateSUSE bug 1235438cpe:/o:suse:sle-micro:5.4Security update for glib2 (Moderate)SUSE Linux Enterprise Micro 5.4
This update for glib2 fixes the following issues:
- CVE-2025-3360: Fixed integer overflow and buffer underread when parsing a very long
and invalid ISO 8601 timestamp with g_date_time_new_from_iso8601() (bsc#1240897)
ModerateSUSE bug 1240897CVE-2025-3360 at SUSECVE-2025-3360 at NVDcpe:/o:suse:sle-micro:5.4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.4
The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2025-21726: padata: avoid UAF for reorder_work (bsc#1238865).
- CVE-2025-21785: arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array (bsc#1238747).
- CVE-2025-21791: vrf: use RCU protection in l3mdev_l3_out() (bsc#1238512).
- CVE-2025-21812: ax25: rcu protect dev->ax25_ptr (bsc#1238471).
- CVE-2025-22004: net: atm: fix use after free in lec_send() (bsc#1240835).
- CVE-2025-22020: memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove (bsc#1241280).
- CVE-2025-22045: x86/mm: Fix flush_tlb_range() when used for zapping normal PMDs (bsc#1241433).
- CVE-2025-22055: net: fix geneve_opt length integer overflow (bsc#1241371).
- CVE-2025-22097: drm/vkms: Fix use after free and double free on init error (bsc#1241541).
The following non-security bugs were fixed:
- scsi: smartpqi: Add ctrl ready timeout module parameter (jsc#PED-1557, bsc#1201855, bsc#1240553).
ImportantSUSE bug 1201855SUSE bug 1230771SUSE bug 1238471SUSE bug 1238512SUSE bug 1238747SUSE bug 1238865SUSE bug 1239968SUSE bug 1240188SUSE bug 1240195SUSE bug 1240553SUSE bug 1240747SUSE bug 1240835SUSE bug 1241280SUSE bug 1241371SUSE bug 1241421SUSE bug 1241433SUSE bug 1241541CVE-2021-47671 at SUSECVE-2021-47671 at NVDCVE-2022-49741 at SUSECVE-2022-49741 at NVDCVE-2024-46784 at SUSECVE-2024-46784 at NVDCVE-2025-21726 at SUSECVE-2025-21726 at NVDCVE-2025-21785 at SUSECVE-2025-21785 at NVDCVE-2025-21791 at SUSECVE-2025-21791 at NVDCVE-2025-21812 at SUSECVE-2025-21812 at NVDCVE-2025-21886 at SUSECVE-2025-21886 at NVDCVE-2025-22004 at SUSECVE-2025-22004 at NVDCVE-2025-22020 at SUSECVE-2025-22020 at NVDCVE-2025-22045 at SUSECVE-2025-22045 at NVDCVE-2025-22055 at SUSECVE-2025-22055 at NVDCVE-2025-22097 at SUSECVE-2025-22097 at NVDcpe:/o:suse:sle-micro:5.4Security update for s390-tools (Moderate)SUSE Linux Enterprise Micro 5.4
This update for s390-tools rebuilds the existing package with the new 4k RSA secure boot key.
Security issues fixed:
- CVE-2025-3416: Fixed Use-After-Free in Md::fetch and Cipher::fetch in rust-openssl crate. (bsc#1242622)
Other issues:
- Added the new IBM z17 (9175) processor type
ModerateSUSE bug 1242622CVE-2025-3416 at SUSECVE-2025-3416 at NVDcpe:/o:suse:sle-micro:5.4Security update for rsync (Important)SUSE Linux Enterprise Micro 5.4
This update for rsync fixes the following issues:
- CVE-2024-12085: leak of uninitialized stack data on the server leading to possible ASLR bypass. (bsc#1234101)
- CVE-2024-12086: leak of a client machine's file contents through the processing of checksum data. (bsc#1234102)
- CVE-2024-12087: arbitrary file overwrite possible on clients when symlink syncing is enabled. (bsc#1234103)
- CVE-2024-12088: bypass of the --safe-links flag may allow the placement of unsafe symlinks in a client. (bsc#1234104)
- CVE-2024-12747: Fixed a race condition in rsync handling symbolic links. (bsc#1235475)
ImportantSUSE bug 1234101SUSE bug 1234102SUSE bug 1234103SUSE bug 1234104SUSE bug 1235475SUSE bug 1235895CVE-2024-12085 at SUSECVE-2024-12085 at NVDCVE-2024-12086 at SUSECVE-2024-12086 at NVDCVE-2024-12087 at SUSECVE-2024-12087 at NVDCVE-2024-12088 at SUSECVE-2024-12088 at NVDCVE-2024-12747 at SUSECVE-2024-12747 at NVDcpe:/o:suse:sle-micro:5.4Security update for ucode-intel (Moderate)SUSE Linux Enterprise Micro 5.4
This update for ucode-intel fixes the following issues:
Intel CPU Microcode was updated to the 20250512 release (bsc#1243123)
- CVE-2024-28956: Exposure of Sensitive Information in Shared Microarchitectural Structures during Transient Execution for some Intel Processors may allow an authenticated user to potentially enable information disclosure via local access.
- CVE-2025-20103: Insufficient resource pool in the core management mechanism for some Intel Processors may allow an authenticated user to potentially enable denial of service via local access.
- CVE-2025-20054: Uncaught exception in the core management mechanism for some Intel Processors may allow an authenticated user to potentially enable denial of service via local access.
- CVE-2024-43420: Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution for some Intel Atom processors may allow an authenticated user to potentially enable information disclosure via local access.
- CVE-2025-20623: Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution for some Intel Core processors (10th Generation) may allow an authenticated user to potentially enable information disclosure via local access.
- CVE-2024-45332: Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution in the indirect branch predictors for some Intel Processors may allow an authenticated user to potentially enable information disclosure via local access.
- CVE-2025-24495: Incorrect initialization of resource in the branch prediction unit for some Intel Core Ultra Processors may allow an authenticated user to potentially enable information disclosure via local access.
- CVE-2025-20012: Incorrect behavior order for some Intel Core Ultra Processors may allow an unauthenticated user to potentially enable information disclosure via physical access.
- Updates for functional issues.
- New Platforms
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
| ARL-U | A1 | 06-b5-00/80 | | 0000000a | Core Ultra Processor (Series2)
| ARL-S/HX (8P) | B0 | 06-c6-02/82 | | 00000118 | Core Ultra Processor (Series2)
| ARL-H | A1 | 06-c5-02/82 | | 00000118 | Core Ultra Processor (Series2)
| GNR-AP/SP | B0 | 06-ad-01/95 | | 010003a2 | Xeon Scalable Gen6
| GNR-AP/SP | H0 | 06-ad-01/20 | | 0a0000d1 | Xeon Scalable Gen6
| LNL | B0 | 06-bd-01/80 | | 0000011f | Core Ultra 200 V Series Processor
- Updated Platforms
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
| ADL | C0 | 06-97-02/07 | 00000038 | 0000003a | Core Gen12
| ADL | H0 | 06-97-05/07 | 00000038 | 0000003a | Core Gen12
| ADL | L0 | 06-9a-03/80 | 00000436 | 00000437 | Core Gen12
| ADL | R0 | 06-9a-04/80 | 00000436 | 00000437 | Core Gen12
| ADL-N | N0 | 06-be-00/19 | 0000001c | 0000001d | Core i3-N305/N300, N50/N97/N100/N200, Atom x7211E/x7213E/x7425E
| AML-Y42 | V0 | 06-8e-0c/94 | 000000fc | 00000100 | Core Gen10 Mobile
| AZB | A0/R0 | 06-9a-04/40 | 00000009 | 0000000a | Intel(R) Atom(R) C1100
| CFL-H | R0 | 06-9e-0d/22 | 00000102 | 00000104 | Core Gen9 Mobile
| CLX-SP | B1 | 06-55-07/bf | 05003707 | 05003901 | Xeon Scalable Gen2
| CML-H | R1 | 06-a5-02/20 | 000000fc | 00000100 | Core Gen10 Mobile
| CML-S102 | Q0 | 06-a5-05/22 | 000000fc | 00000100 | Core Gen10
| CML-S62 | G1 | 06-a5-03/22 | 000000fc | 00000100 | Core Gen10
| CML-U42 | V0 | 06-8e-0c/94 | 000000fc | 00000100 | Core Gen10 Mobile
| CML-U62 V1 | A0 | 06-a6-00/80 | 000000fe | 00000102 | Core Gen10 Mobile
| CML-U62 V2 | K1 | 06-a6-01/80 | 000000fc | 00000100 | Core Gen10 Mobile
| CML-Y42 | V0 | 06-8e-0c/94 | 000000fc | 00000100 | Core Gen10 Mobile
| CPX-SP | A1 | 06-55-0b/bf | 07002904 | 07002b01 | Xeon Scalable Gen3
| EMR-SP | A1 | 06-cf-02/87 | 21000291 | 210002a9 | Xeon Scalable Gen5
| GLK-R | R0 | 06-7a-08/01 | 00000024 | 00000026 | Pentium J5040/N5030, Celeron J4125/J4025/N4020/N4120
| ICL-D | B0 | 06-6c-01/10 | 010002c0 | 010002d0 | Xeon D-17xx, D-27xx
| ICL-U/Y | D1 | 06-7e-05/80 | 000000c6 | 000000ca | Core Gen10 Mobile
| ICX-SP | Dx/M1 | 06-6a-06/87 | 0d0003f5 | 0d000404 | Xeon Scalable Gen3
| MTL | C0 | 06-aa-04/e6 | 00000020 | 00000024 | Core Ultra Processor
| RKL-S | B0 | 06-a7-01/02 | 00000063 | 00000064 | Core Gen11
| RPL-E/HX/S | B0 | 06-b7-01/32 | 0000012c | 0000012f | Core Gen13/Gen14
| RPL-H/P/PX 6+8 | J0 | 06-ba-02/e0 | 00004124 | 00004128 | Core Gen13
| RPL-HX/S | C0 | 06-bf-02/07 | 00000038 | 0000003a | Core Gen13/Gen14
| RPL-S | H0 | 06-bf-05/07 | 00000038 | 0000003a | Core Gen13/Gen14
| RPL-U 2+8 | Q0 | 06-ba-03/e0 | 00004124 | 00004128 | Core Gen13
| SPR-HBM | Bx | 06-8f-08/10 | 2c0003e0 | 2c0003f7 | Xeon Max
| SPR-SP | E4/S2 | 06-8f-07/87 | 2b000620 | 2b000639 | Xeon Scalable Gen4
| SPR-SP | E5/S3 | 06-8f-08/87 | 2b000620 | 2b000639 | Xeon Scalable Gen4
| SRF-SP | C0 | 06-af-03/01 | 03000330 | 03000341 | Xeon 6700-Series Processors with E-Cores
| TGL | B0/B1 | 06-8c-01/80 | 000000b8 | 000000bc | Core Gen11 Mobile
| TGL-H | R0 | 06-8d-01/c2 | 00000052 | 00000056 | Core Gen11 Mobile
| TGL-R | C0 | 06-8c-02/c2 | 00000038 | 0000003c | Core Gen11 Mobile
| TWL | N0 | 06-be-00/19 | 0000001c | 0000001d | Core i3-N305/N300, N50/N97/N100/N200, Atom x7211E/x7213E/x7425E
| WHL-U | V0 | 06-8e-0c/94 | 000000fc | 00000100 | Core Gen8 Mobile
ModerateSUSE bug 1243123CVE-2024-28956 at SUSECVE-2024-28956 at NVDCVE-2024-43420 at SUSECVE-2024-43420 at NVDCVE-2024-45332 at SUSECVE-2024-45332 at NVDCVE-2025-20012 at SUSECVE-2025-20012 at NVDCVE-2025-20054 at SUSECVE-2025-20054 at NVDCVE-2025-20103 at SUSECVE-2025-20103 at NVDCVE-2025-20623 at SUSECVE-2025-20623 at NVDCVE-2025-24495 at SUSECVE-2025-24495 at NVDcpe:/o:suse:sle-micro:5.4Security update for open-vm-tools (Moderate)SUSE Linux Enterprise Micro 5.4
This update for open-vm-tools fixes the following issues:
Update to 12.5.2:
Security fixes:
- CVE-2025-22247: Fixed Insecure file handling (bsc#1243106)
Other fixes:
- Fixed GCC 15 compile time error (bsc#1241938)
- Fixed building with containerd 1.7.25+ (bsc#1237147)
- Ensure vmtoolsd.service and vgauthd.service are set to enabled by default (bsc#1237180)
Full changelog:
https://github.com/vmware/open-vm-tools/blob/stable-12.5.2/ReleaseNotes.md
https://github.com/vmware/open-vm-tools/blob/stable-12.5.2/open-vm-tools/ChangeLog
ModerateSUSE bug 1237147SUSE bug 1237180SUSE bug 1241938SUSE bug 1243106CVE-2025-22247 at SUSECVE-2025-22247 at NVDcpe:/o:suse:sle-micro:5.4Security update for python-tornado (Important)SUSE Linux Enterprise Micro 5.4
This update for python-tornado fixes the following issues:
- CVE-2025-47287: excessive logging when parsing malformed `multipart/form-data` can lead to a denial-of-service
(bsc#1243268).
ImportantSUSE bug 1243268CVE-2025-47287 at SUSECVE-2025-47287 at NVDcpe:/o:suse:sle-micro:5.4Security update for iputils (Moderate)SUSE Linux Enterprise Micro 5.4
This update for iputils fixes the following issues:
Security fixes:
- CVE-2025-47268: Fixed integer overflow in RTT calculation can lead to undefined behavior (bsc#1242300).
Other bug fixes:
- Fixed incorrect IPV4 TTL value when using SOCK_DGRAM on big endian systems (bsc#1243284).
ModerateSUSE bug 1242300SUSE bug 1243284CVE-2025-47268 at SUSECVE-2025-47268 at NVDcpe:/o:suse:sle-micro:5.4Security update for glibc (Important)SUSE Linux Enterprise Micro 5.4
This update for glibc fixes the following issues:
Security issues fixed:
- CVE-2025-4802: possible execution of attacker controlled code when statically linked setuid binaries using dlopen
search for libraries to load in LD_LIBRARY_PATH (bsc#1243317).
Other issues fixed:
- Multi-threaded application hang due to deadlock when `pthread_cond_signal` fails to wake up `pthread_cond_wait`
as a consequence of a bug related to stealing of signals (bsc#1234128).
ImportantSUSE bug 1234128SUSE bug 1243317CVE-2025-4802 at SUSECVE-2025-4802 at NVDcpe:/o:suse:sle-micro:5.4Security update for python3-setuptools (Important)SUSE Linux Enterprise Micro 5.4
This update for python3-setuptools fixes the following issues:
- CVE-2025-47273: path traversal in PackageIndex.download may lead to an arbitrary file write (bsc#1243313).
ImportantSUSE bug 1243313CVE-2025-47273 at SUSECVE-2025-47273 at NVDcpe:/o:suse:sle-micro:5.4Security update for libsoup2 (Important)SUSE Linux Enterprise Micro 5.4
This update for libsoup2 fixes the following issues:
- CVE-2025-4948: Fixed integer underflow in soup_multipart_new_from_message() leading to denial of service (bsc#1243332)
- CVE-2025-4969: Fixed off-by-one out-of-bounds read may lead to infoleak (bsc#1243423)
- CVE-2025-32906: Fixed out of bounds reads in soup_headers_parse_request() (bsc#1241263)
- CVE-2025-32909: Fixed NULL pointer dereference in the sniff_mp4 function in soup-content-sniffer.c (bsc#1241226)
- CVE-2025-32910: Fixed null pointer deference on client when server omits the realm parameter in an Unauthorized response with Digest authentication (bsc#1241252)
- CVE-2025-32911: Fixed double free on soup_message_headers_get_content_disposition() via 'params'. (bsc#1241238)
- CVE-2025-32912: Fixed NULL pointer dereference in SoupAuthDigest (bsc#1241214)
- CVE-2025-32913: Fixed NULL pointer dereference in soup_message_headers_get_content_disposition (bsc#1241162)
ImportantSUSE bug 1241162SUSE bug 1241214SUSE bug 1241226SUSE bug 1241238SUSE bug 1241252SUSE bug 1241263SUSE bug 1243332SUSE bug 1243423CVE-2025-32906 at SUSECVE-2025-32906 at NVDCVE-2025-32909 at SUSECVE-2025-32909 at NVDCVE-2025-32910 at SUSECVE-2025-32910 at NVDCVE-2025-32911 at SUSECVE-2025-32911 at NVDCVE-2025-32912 at SUSECVE-2025-32912 at NVDCVE-2025-32913 at SUSECVE-2025-32913 at NVDCVE-2025-4948 at SUSECVE-2025-4948 at NVDCVE-2025-4969 at SUSECVE-2025-4969 at NVDcpe:/o:suse:sle-micro:5.4Security update for sysstat (Moderate)SUSE Linux Enterprise Micro 5.4
This update for sysstat fixes the following issues:
- CVE-2023-33204: Fixed a multiplication integer overflow in check_overflow in common.c (bsc#1211507)
- CVE-2022-39377: Fixed arithmetic overflow in allocate_structures() (bsc#1205224)
ModerateSUSE bug 1202473SUSE bug 1205224SUSE bug 1211507CVE-2022-39377 at SUSECVE-2022-39377 at NVDCVE-2023-33204 at SUSECVE-2023-33204 at NVDcpe:/o:suse:sle-micro:5.4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.4
The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2022-49110: netfilter: conntrack: revisit gc autotuning (bsc#1237981).
- CVE-2022-49139: Bluetooth: fix null ptr deref on hci_sync_conn_complete_evt (bsc#1238032).
- CVE-2022-49767: 9p/trans_fd: always use O_NONBLOCK read/write (bsc#1242493).
- CVE-2022-49775: tcp: cdg: allow tcp_cdg_release() to be called multiple times (bsc#1242245).
- CVE-2024-53168: net: make sock_inuse_add() available (bsc#1234887).
- CVE-2024-56558: nfsd: make sure exp active before svc_export_show (bsc#1235100).
- CVE-2025-21888: RDMA/mlx5: Fix a WARN during dereg_mr for DM type (bsc#1240177).
- CVE-2025-21999: proc: fix UAF in proc_get_inode() (bsc#1240802).
- CVE-2025-22056: netfilter: nft_tunnel: fix geneve_opt type confusion addition (bsc#1241525).
- CVE-2025-22060: net: mvpp2: Prevent parser TCAM memory corruption (bsc#1241526).
- CVE-2025-23138: watch_queue: fix pipe accounting mismatch (bsc#1241648).
- CVE-2025-23145: mptcp: fix NULL pointer in can_accept_new_subflow (bsc#1242596).
- CVE-2025-37785: ext4: fix OOB read when checking dotdot dir (bsc#1241640).
- CVE-2025-37789: net: openvswitch: fix nested key length validation in the set() action (bsc#1242762).
The following non-security bugs were fixed:
- Drivers: hv: Allow vmbus_sendpacket_mpb_desc() to create multiple ranges (bsc#1243737).
- Refresh fixes for cBPF issue (bsc#1242778)
- Remove debug flavor (bsc#1243919)
- arm64: bpf: Add BHB mitigation to the epilogue for cBPF programs (bsc#1242778).
- arm64: bpf: Only mitigate cBPF programs loaded by unprivileged users (bsc#1242778).
- arm64: insn: Add support for encoding DSB (bsc#1242778).
- arm64: proton-pack: Add new CPUs 'k' values for branch mitigation (bsc#1242778).
- arm64: proton-pack: Expose whether the branchy loop k value (bsc#1242778).
- arm64: proton-pack: Expose whether the platform is mitigated by firmware (bsc#1242778).
- hv_netvsc: Preserve contiguous PFN grouping in the page buffer array (bsc#1243737).
- hv_netvsc: Remove rmsg_pgcnt (bsc#1243737).
- hv_netvsc: Use vmbus_sendpacket_mpb_desc() to send VMBus messages (bsc#1243737).
- mtd: phram: Add the kernel lock down check (bsc#1232649).
- ocfs2: fix the issue with discontiguous allocation in the global_bitmap (git-fixes).
- powerpc/pseries/iommu: IOMMU incorrectly marks MMIO range in DDW (bsc#1218470 ltc#204531).
- scsi: core: Fix unremoved procfs host directory regression (git-fixes).
- scsi: storvsc: Set correct data length for sending SCSI command without payload (git-fixes).
- x86/bhi: Do not set BHI_DIS_S in 32-bit mode (bsc#1242778).
- x86/bpf: Add IBHF call at end of classic BPF (bsc#1242778).
- x86/bpf: Call branch history clearing sequence on exit (bsc#1242778).
ImportantSUSE bug 1184350SUSE bug 1193629SUSE bug 1204569SUSE bug 1204619SUSE bug 1204705SUSE bug 1205282SUSE bug 1206051SUSE bug 1206073SUSE bug 1206649SUSE bug 1206886SUSE bug 1206887SUSE bug 1208542SUSE bug 1209292SUSE bug 1209556SUSE bug 1209684SUSE bug 1210337SUSE bug 1210763SUSE bug 1210767SUSE bug 1211465SUSE bug 1213012SUSE bug 1213013SUSE bug 1213094SUSE bug 1213096SUSE bug 1213946SUSE bug 1214991SUSE bug 1218470SUSE bug 1232649SUSE bug 1234887SUSE bug 1235100SUSE bug 1237981SUSE bug 1238032SUSE bug 1240177SUSE bug 1240802SUSE bug 1241525SUSE bug 1241526SUSE bug 1241640SUSE bug 1241648SUSE bug 1242147SUSE bug 1242150SUSE bug 1242151SUSE bug 1242154SUSE bug 1242157SUSE bug 1242158SUSE bug 1242164SUSE bug 1242165SUSE bug 1242169SUSE bug 1242215SUSE bug 1242218SUSE bug 1242219SUSE bug 1242222SUSE bug 1242226SUSE bug 1242227SUSE bug 1242228SUSE bug 1242229SUSE bug 1242230SUSE bug 1242231SUSE bug 1242232SUSE bug 1242237SUSE bug 1242239SUSE bug 1242241SUSE bug 1242244SUSE bug 1242245SUSE bug 1242248SUSE bug 1242261SUSE bug 1242264SUSE bug 1242265SUSE bug 1242270SUSE bug 1242276SUSE bug 1242279SUSE bug 1242280SUSE bug 1242281SUSE bug 1242282SUSE bug 1242284SUSE bug 1242285SUSE bug 1242289SUSE bug 1242294SUSE bug 1242305SUSE bug 1242312SUSE bug 1242320SUSE bug 1242338SUSE bug 1242352SUSE bug 1242353SUSE bug 1242355SUSE bug 1242357SUSE bug 1242358SUSE bug 1242361SUSE bug 1242365SUSE bug 1242366SUSE bug 1242369SUSE bug 1242370SUSE bug 1242371SUSE bug 1242372SUSE bug 1242377SUSE bug 1242378SUSE bug 1242380SUSE bug 1242382SUSE bug 1242385SUSE bug 1242387SUSE bug 1242389SUSE bug 1242391SUSE bug 1242392SUSE bug 1242394SUSE bug 1242398SUSE bug 1242399SUSE bug 1242402SUSE bug 1242403SUSE bug 1242409SUSE bug 1242411SUSE bug 1242415SUSE bug 1242416SUSE bug 1242421SUSE bug 1242422SUSE bug 1242426SUSE bug 1242428SUSE bug 1242440SUSE bug 1242443SUSE bug 1242449SUSE bug 1242452SUSE bug 1242453SUSE bug 1242454SUSE bug 1242455SUSE bug 1242456SUSE bug 1242458SUSE bug 1242464SUSE bug 1242467SUSE bug 1242469SUSE bug 1242473SUSE bug 1242478SUSE bug 1242481SUSE bug 1242484SUSE bug 1242489SUSE bug 1242493SUSE bug 1242497SUSE bug 1242527SUSE bug 1242542SUSE bug 1242544SUSE bug 1242545SUSE bug 1242547SUSE bug 1242548SUSE bug 1242549SUSE bug 1242550SUSE bug 1242551SUSE bug 1242558SUSE bug 1242570SUSE bug 1242580SUSE bug 1242586SUSE bug 1242589SUSE bug 1242596SUSE bug 1242597SUSE bug 1242685SUSE bug 1242686SUSE bug 1242688SUSE bug 1242689SUSE bug 1242695SUSE bug 1242716SUSE bug 1242733SUSE bug 1242734SUSE bug 1242735SUSE bug 1242736SUSE bug 1242739SUSE bug 1242743SUSE bug 1242744SUSE bug 1242745SUSE bug 1242746SUSE bug 1242747SUSE bug 1242749SUSE bug 1242752SUSE bug 1242753SUSE bug 1242756SUSE bug 1242759SUSE bug 1242762SUSE bug 1242765SUSE bug 1242767SUSE bug 1242778SUSE bug 1242779SUSE bug 1242790SUSE bug 1242791SUSE bug 1243047SUSE bug 1243133SUSE bug 1243649SUSE bug 1243660SUSE bug 1243737SUSE bug 1243919CVE-2022-3564 at SUSECVE-2022-3564 at NVDCVE-2022-3619 at SUSECVE-2022-3619 at NVDCVE-2022-3640 at SUSECVE-2022-3640 at NVDCVE-2022-49110 at SUSECVE-2022-49110 at NVDCVE-2022-49139 at SUSECVE-2022-49139 at NVDCVE-2022-49767 at SUSECVE-2022-49767 at NVDCVE-2022-49769 at SUSECVE-2022-49769 at NVDCVE-2022-49770 at SUSECVE-2022-49770 at NVDCVE-2022-49771 at SUSECVE-2022-49771 at NVDCVE-2022-49772 at SUSECVE-2022-49772 at NVDCVE-2022-49775 at SUSECVE-2022-49775 at NVDCVE-2022-49776 at SUSECVE-2022-49776 at NVDCVE-2022-49777 at SUSECVE-2022-49777 at NVDCVE-2022-49779 at SUSECVE-2022-49779 at NVDCVE-2022-49783 at SUSECVE-2022-49783 at NVDCVE-2022-49787 at SUSECVE-2022-49787 at NVDCVE-2022-49788 at SUSECVE-2022-49788 at NVDCVE-2022-49789 at SUSECVE-2022-49789 at NVDCVE-2022-49790 at SUSECVE-2022-49790 at NVDCVE-2022-49792 at SUSECVE-2022-49792 at NVDCVE-2022-49793 at SUSECVE-2022-49793 at NVDCVE-2022-49794 at SUSECVE-2022-49794 at NVDCVE-2022-49796 at SUSECVE-2022-49796 at NVDCVE-2022-49797 at SUSECVE-2022-49797 at NVDCVE-2022-49799 at SUSECVE-2022-49799 at NVDCVE-2022-49800 at SUSECVE-2022-49800 at NVDCVE-2022-49801 at SUSECVE-2022-49801 at NVDCVE-2022-49802 at SUSECVE-2022-49802 at NVDCVE-2022-49807 at SUSECVE-2022-49807 at NVDCVE-2022-49809 at SUSECVE-2022-49809 at NVDCVE-2022-49810 at SUSECVE-2022-49810 at NVDCVE-2022-49812 at SUSECVE-2022-49812 at NVDCVE-2022-49813 at SUSECVE-2022-49813 at NVDCVE-2022-49818 at SUSECVE-2022-49818 at NVDCVE-2022-49821 at SUSECVE-2022-49821 at NVDCVE-2022-49822 at SUSECVE-2022-49822 at NVDCVE-2022-49823 at SUSECVE-2022-49823 at NVDCVE-2022-49824 at SUSECVE-2022-49824 at NVDCVE-2022-49825 at SUSECVE-2022-49825 at NVDCVE-2022-49826 at SUSECVE-2022-49826 at NVDCVE-2022-49827 at SUSECVE-2022-49827 at NVDCVE-2022-49830 at SUSECVE-2022-49830 at NVDCVE-2022-49832 at SUSECVE-2022-49832 at NVDCVE-2022-49834 at SUSECVE-2022-49834 at NVDCVE-2022-49835 at SUSECVE-2022-49835 at NVDCVE-2022-49836 at SUSECVE-2022-49836 at NVDCVE-2022-49839 at SUSECVE-2022-49839 at NVDCVE-2022-49841 at SUSECVE-2022-49841 at NVDCVE-2022-49842 at SUSECVE-2022-49842 at NVDCVE-2022-49845 at SUSECVE-2022-49845 at NVDCVE-2022-49846 at SUSECVE-2022-49846 at NVDCVE-2022-49850 at SUSECVE-2022-49850 at NVDCVE-2022-49853 at SUSECVE-2022-49853 at NVDCVE-2022-49858 at SUSECVE-2022-49858 at NVDCVE-2022-49860 at SUSECVE-2022-49860 at NVDCVE-2022-49861 at SUSECVE-2022-49861 at NVDCVE-2022-49863 at SUSECVE-2022-49863 at NVDCVE-2022-49864 at SUSECVE-2022-49864 at NVDCVE-2022-49865 at SUSECVE-2022-49865 at NVDCVE-2022-49868 at SUSECVE-2022-49868 at NVDCVE-2022-49869 at SUSECVE-2022-49869 at NVDCVE-2022-49870 at SUSECVE-2022-49870 at NVDCVE-2022-49871 at SUSECVE-2022-49871 at NVDCVE-2022-49874 at SUSECVE-2022-49874 at NVDCVE-2022-49879 at SUSECVE-2022-49879 at NVDCVE-2022-49880 at SUSECVE-2022-49880 at NVDCVE-2022-49881 at SUSECVE-2022-49881 at NVDCVE-2022-49885 at SUSECVE-2022-49885 at NVDCVE-2022-49887 at SUSECVE-2022-49887 at NVDCVE-2022-49888 at SUSECVE-2022-49888 at NVDCVE-2022-49889 at SUSECVE-2022-49889 at NVDCVE-2022-49890 at SUSECVE-2022-49890 at NVDCVE-2022-49891 at SUSECVE-2022-49891 at NVDCVE-2022-49892 at SUSECVE-2022-49892 at NVDCVE-2022-49900 at SUSECVE-2022-49900 at NVDCVE-2022-49905 at SUSECVE-2022-49905 at NVDCVE-2022-49906 at SUSECVE-2022-49906 at NVDCVE-2022-49908 at SUSECVE-2022-49908 at NVDCVE-2022-49909 at SUSECVE-2022-49909 at NVDCVE-2022-49910 at SUSECVE-2022-49910 at NVDCVE-2022-49915 at SUSECVE-2022-49915 at NVDCVE-2022-49916 at SUSECVE-2022-49916 at NVDCVE-2022-49922 at SUSECVE-2022-49922 at NVDCVE-2022-49923 at SUSECVE-2022-49923 at NVDCVE-2022-49924 at SUSECVE-2022-49924 at NVDCVE-2022-49925 at SUSECVE-2022-49925 at NVDCVE-2022-49927 at SUSECVE-2022-49927 at NVDCVE-2022-49928 at SUSECVE-2022-49928 at NVDCVE-2022-49931 at SUSECVE-2022-49931 at NVDCVE-2023-1990 at SUSECVE-2023-1990 at NVDCVE-2023-53035 at SUSECVE-2023-53035 at NVDCVE-2023-53038 at SUSECVE-2023-53038 at NVDCVE-2023-53039 at SUSECVE-2023-53039 at NVDCVE-2023-53040 at SUSECVE-2023-53040 at NVDCVE-2023-53041 at SUSECVE-2023-53041 at NVDCVE-2023-53044 at SUSECVE-2023-53044 at NVDCVE-2023-53045 at SUSECVE-2023-53045 at NVDCVE-2023-53049 at SUSECVE-2023-53049 at NVDCVE-2023-53051 at SUSECVE-2023-53051 at NVDCVE-2023-53052 at SUSECVE-2023-53052 at NVDCVE-2023-53054 at SUSECVE-2023-53054 at NVDCVE-2023-53056 at SUSECVE-2023-53056 at NVDCVE-2023-53058 at SUSECVE-2023-53058 at NVDCVE-2023-53059 at SUSECVE-2023-53059 at NVDCVE-2023-53060 at SUSECVE-2023-53060 at NVDCVE-2023-53062 at SUSECVE-2023-53062 at NVDCVE-2023-53064 at SUSECVE-2023-53064 at NVDCVE-2023-53065 at SUSECVE-2023-53065 at NVDCVE-2023-53066 at SUSECVE-2023-53066 at NVDCVE-2023-53068 at SUSECVE-2023-53068 at NVDCVE-2023-53075 at SUSECVE-2023-53075 at NVDCVE-2023-53077 at SUSECVE-2023-53077 at NVDCVE-2023-53078 at SUSECVE-2023-53078 at NVDCVE-2023-53079 at SUSECVE-2023-53079 at NVDCVE-2023-53081 at SUSECVE-2023-53081 at NVDCVE-2023-53084 at SUSECVE-2023-53084 at NVDCVE-2023-53087 at SUSECVE-2023-53087 at NVDCVE-2023-53089 at SUSECVE-2023-53089 at NVDCVE-2023-53090 at SUSECVE-2023-53090 at NVDCVE-2023-53091 at SUSECVE-2023-53091 at NVDCVE-2023-53092 at SUSECVE-2023-53092 at NVDCVE-2023-53093 at SUSECVE-2023-53093 at NVDCVE-2023-53096 at SUSECVE-2023-53096 at NVDCVE-2023-53098 at SUSECVE-2023-53098 at NVDCVE-2023-53099 at SUSECVE-2023-53099 at NVDCVE-2023-53100 at SUSECVE-2023-53100 at NVDCVE-2023-53101 at SUSECVE-2023-53101 at NVDCVE-2023-53106 at SUSECVE-2023-53106 at NVDCVE-2023-53108 at SUSECVE-2023-53108 at NVDCVE-2023-53111 at SUSECVE-2023-53111 at NVDCVE-2023-53114 at SUSECVE-2023-53114 at NVDCVE-2023-53116 at SUSECVE-2023-53116 at NVDCVE-2023-53118 at SUSECVE-2023-53118 at NVDCVE-2023-53119 at SUSECVE-2023-53119 at NVDCVE-2023-53123 at SUSECVE-2023-53123 at NVDCVE-2023-53124 at SUSECVE-2023-53124 at NVDCVE-2023-53125 at SUSECVE-2023-53125 at NVDCVE-2023-53131 at SUSECVE-2023-53131 at NVDCVE-2023-53134 at SUSECVE-2023-53134 at NVDCVE-2023-53137 at SUSECVE-2023-53137 at NVDCVE-2023-53139 at SUSECVE-2023-53139 at NVDCVE-2023-53140 at SUSECVE-2023-53140 at NVDCVE-2023-53142 at SUSECVE-2023-53142 at NVDCVE-2023-53143 at SUSECVE-2023-53143 at NVDCVE-2023-53145 at SUSECVE-2023-53145 at NVDCVE-2024-53168 at SUSECVE-2024-53168 at NVDCVE-2024-56558 at SUSECVE-2024-56558 at NVDCVE-2025-21888 at SUSECVE-2025-21888 at NVDCVE-2025-21999 at SUSECVE-2025-21999 at NVDCVE-2025-22056 at SUSECVE-2025-22056 at NVDCVE-2025-22060 at SUSECVE-2025-22060 at NVDCVE-2025-23138 at SUSECVE-2025-23138 at NVDCVE-2025-23145 at SUSECVE-2025-23145 at NVDCVE-2025-37785 at SUSECVE-2025-37785 at NVDCVE-2025-37789 at SUSECVE-2025-37789 at NVDCVE-2025-37948 at SUSECVE-2025-37948 at NVDCVE-2025-37963 at SUSECVE-2025-37963 at NVDcpe:/o:suse:sle-micro:5.4Security update for python-requests (Moderate)SUSE Linux Enterprise Micro 5.4
This update for python-requests fixes the following issues:
- CVE-2024-47081: fixed netrc credential leak (bsc#1244039).
ModerateSUSE bug 1244039CVE-2024-47081 at SUSECVE-2024-47081 at NVDcpe:/o:suse:sle-micro:5.4Security update for pam_u2f (Important)SUSE Linux Enterprise Micro 5.4
This update for pam_u2f fixes the following issues:
- CVE-2025-23013: Fixed problematic PAM_IGNORE return values in `pam_sm_authenticate()` (bsc#1233517)
ImportantSUSE bug 1233517SUSE bug 1235961CVE-2025-23013 at SUSECVE-2025-23013 at NVDcpe:/o:suse:sle-micro:5.4Security update for pam (Important)SUSE Linux Enterprise Micro 5.4
This update for pam fixes the following issues:
- CVE-2025-6018: pam_env: Change the default to not read the user .pam_environment file (bsc#1243226).
- CVE-2025-6020: pam_namespace: convert functions that may operate on a user-controlled path to operate on file descriptors instead of absolute path (bsc#1244509).
ImportantSUSE bug 1243226SUSE bug 1244509CVE-2025-6018 at SUSECVE-2025-6018 at NVDCVE-2025-6020 at SUSECVE-2025-6020 at NVDcpe:/o:suse:sle-micro:5.4Security update for screen (Moderate)SUSE Linux Enterprise Micro 5.4
This update for screen fixes the following issues:
Security issues fixed:
- CVE-2025-46802: temporary `chmod` of a user's TTY to mode 0666 when attempting to attach to a multi-user session
allows for TTY hijacking (bsc#1242269).
Other issues fixed:
- Use TTY file descriptor passing after a suspend (`MSG_CONT`).
- Fix resume after suspend in multi-user mode.
ModerateSUSE bug 1242269CVE-2025-46802 at SUSECVE-2025-46802 at NVDcpe:/o:suse:sle-micro:5.4Security update for perl (Moderate)SUSE Linux Enterprise Micro 5.4
This update for perl fixes the following issues:
- CVE-2025-40909: Do not change the current directory when cloning an open directory handle (bsc#1244079).
ModerateSUSE bug 1244079CVE-2025-40909 at SUSECVE-2025-40909 at NVDcpe:/o:suse:sle-micro:5.4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.4
The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2024-41087: Fix double free on error (bsc#1228466).
- CVE-2024-53095: smb: client: Fix use-after-free of network namespace (bsc#1233642).
- CVE-2024-53146: NFSD: Prevent a potential integer overflow (bsc#1234853).
- CVE-2024-53156: wifi: ath9k: add range check for conn_rsp_epid in htc_connect_service() (bsc#1234846).
- CVE-2024-53173: NFSv4.0: Fix a use-after-free problem in the asynchronous open() (bsc#1234891).
- CVE-2024-53179: smb: client: fix use-after-free of signing key (bsc#1234921).
- CVE-2024-53214: vfio/pci: Properly hide first-in-list PCIe extended capability (bsc#1235004).
- CVE-2024-53239: ALSA: 6fire: Release resources at card release (bsc#1235054).
- CVE-2024-53240: xen/netfront: fix crash when removing device (bsc#1234281).
- CVE-2024-53241: x86/xen: use new hypercall functions instead of hypercall page (XSA-466 bsc#1234282).
- CVE-2024-56539: wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_config_scan() (bsc#1234963).
- CVE-2024-56548: hfsplus: do not query the device logical block size multiple times (bsc#1235073).
- CVE-2024-56570: ovl: Filter invalid inodes with missing lookup function (bsc#1235035).
- CVE-2024-56598: jfs: array-index-out-of-bounds fix in dtReadFirst (bsc#1235220).
- CVE-2024-56604: Bluetooth: RFCOMM: avoid leaving dangling sk pointer in rfcomm_sock_alloc() (bsc#1235056).
- CVE-2024-56605: Bluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create() (bsc#1235061).
- CVE-2024-56619: nilfs2: fix potential out-of-bounds memory access in nilfs_find_entry() (bsc#1235224).
- CVE-2024-8805: Bluetooth: hci_event: Align BR/EDR JUST_WORKS paring with LE (bsc#1230697).
The following non-security bugs were fixed:
- Drop a couple of block layer git-fixes (bsc#1170891 bsc#1173139)
- KVM: x86: fix sending PV IPI (git-fixes).
- fixup 'rpm: support gz and zst compression methods' once more (bsc#1190428, bsc#1190358)
- idpf: add support for SW triggered interrupts (bsc#1235507).
- idpf: enable WB_ON_ITR (bsc#1235507).
- idpf: trigger SW interrupt when exiting wb_on_itr mode (bsc#1235507).
- kernel-binary: do not BuildIgnore m4. It is actually needed for regenerating zconf when it is not up-to-date due to merge.
- net: mana: Increase the DEF_RX_BUFFERS_PER_QUEUE to 1024 (bsc#1235246).
- rpm/kernel-binary.spec.in: Fix build regression The previous fix forgot to take over grep -c option that broke the conditional expression
- scsi: storvsc: Do not flag MAINTENANCE_IN return of SRB_STATUS_DATA_OVERRUN as an error (git-fixes).
- smb: client: fix TCP timers deadlock after rmmod (git-fixes) [hcarvalho: this fixes issue discussed in bsc#1233642].
- supported.conf: add bsc1185010 dependency
- supported.conf: hyperv_drm (jsc#sle-19733)
- usb: roles: Call try_module_get() from usb_role_switch_find_by_fwnode() (git-fixes).
- usb: typec: tps6598x: Fix return value check in tps6598x_probe() (git-fixes).
- x86/bug: Merge annotate_reachable() into _BUG_FLAGS() asm (git-fixes).
- x86/fpu/xsave: Handle compacted offsets correctly with supervisor states (git-fixes).
- x86/fpu/xstate: Fix the ARCH_REQ_XCOMP_PERM implementation (git-fixes).
- x86/fpu: Remove unused supervisor only offsets (git-fixes).
- x86/kvm: Do not use pv tlb/ipi/sched_yield if on 1 vCPU (git-fixes).
- x86/mce/inject: Avoid out-of-bounds write when setting flags (git-fixes).
- x86/mce: Allow instrumentation during task work queueing (git-fixes).
- x86/mce: Mark mce_end() noinstr (git-fixes).
- x86/mce: Mark mce_panic() noinstr (git-fixes).
- x86/mce: Mark mce_read_aux() noinstr (git-fixes).
- x86/mm: Flush global TLB when switching to trampoline page-table (git-fixes).
- x86/sgx: Free backing memory after faulting the enclave page (git-fixes).
- x86/sgx: Silence softlockup detection when releasing large enclaves (git-fixes).
- x86/uaccess: Move variable into switch case statement (git-fixes).
- x86: Annotate call_on_stack() (git-fixes).
ImportantSUSE bug 1170891SUSE bug 1173139SUSE bug 1185010SUSE bug 1190358SUSE bug 1190428SUSE bug 1209798SUSE bug 1215304SUSE bug 1222878SUSE bug 1228466SUSE bug 1230697SUSE bug 1232436SUSE bug 1233070SUSE bug 1233642SUSE bug 1234281SUSE bug 1234282SUSE bug 1234846SUSE bug 1234853SUSE bug 1234891SUSE bug 1234921SUSE bug 1234960SUSE bug 1234963SUSE bug 1235004SUSE bug 1235035SUSE bug 1235054SUSE bug 1235056SUSE bug 1235061SUSE bug 1235073SUSE bug 1235220SUSE bug 1235224SUSE bug 1235246SUSE bug 1235507CVE-2021-47202 at SUSECVE-2021-47202 at NVDCVE-2022-49035 at SUSECVE-2022-49035 at NVDCVE-2024-41087 at SUSECVE-2024-41087 at NVDCVE-2024-50154 at SUSECVE-2024-50154 at NVDCVE-2024-53095 at SUSECVE-2024-53095 at NVDCVE-2024-53142 at SUSECVE-2024-53142 at NVDCVE-2024-53146 at SUSECVE-2024-53146 at NVDCVE-2024-53156 at SUSECVE-2024-53156 at NVDCVE-2024-53173 at SUSECVE-2024-53173 at NVDCVE-2024-53179 at SUSECVE-2024-53179 at NVDCVE-2024-53206 at SUSECVE-2024-53206 at NVDCVE-2024-53214 at SUSECVE-2024-53214 at NVDCVE-2024-53239 at SUSECVE-2024-53239 at NVDCVE-2024-53240 at SUSECVE-2024-53240 at NVDCVE-2024-53241 at SUSECVE-2024-53241 at NVDCVE-2024-56539 at SUSECVE-2024-56539 at NVDCVE-2024-56548 at SUSECVE-2024-56548 at NVDCVE-2024-56570 at SUSECVE-2024-56570 at NVDCVE-2024-56598 at SUSECVE-2024-56598 at NVDCVE-2024-56604 at SUSECVE-2024-56604 at NVDCVE-2024-56605 at SUSECVE-2024-56605 at NVDCVE-2024-56619 at SUSECVE-2024-56619 at NVDCVE-2024-8805 at SUSECVE-2024-8805 at NVDcpe:/o:suse:sle-micro:5.4Security update for pam_pkcs11 (Important)SUSE Linux Enterprise Micro 5.4
This update for pam_pkcs11 fixes the following issues:
- CVE-2025-6018: Removes pam_env from auth stack for security reason (bsc#1243226).
ImportantSUSE bug 1243226CVE-2025-6018 at SUSECVE-2025-6018 at NVDcpe:/o:suse:sle-micro:5.4Security update for ignition (Important)SUSE Linux Enterprise Micro 5.4
This update for ignition fixes the following issues:
- CVE-2025-22868: golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2 (bsc#1239192).
ImportantSUSE bug 1239192CVE-2025-22868 at SUSECVE-2025-22868 at NVDcpe:/o:suse:sle-micro:5.4Security update for libblockdev (Important)SUSE Linux Enterprise Micro 5.4
This update for libblockdev fixes the following issues:
- CVE-2025-6019: Suppress privilege escalation during xfs fs resize (bsc#1243285).
ImportantSUSE bug 1243285CVE-2025-6019 at SUSECVE-2025-6019 at NVDcpe:/o:suse:sle-micro:5.4Security update for icu (Important)SUSE Linux Enterprise Micro 5.4
This update for icu fixes the following issues:
- CVE-2025-5222: Stack buffer overflow in the SRBRoot:addTag function (bsc#1243721).
ImportantSUSE bug 1161007SUSE bug 1167603SUSE bug 1193951SUSE bug 1243721CVE-2020-21913 at SUSECVE-2020-21913 at NVDCVE-2025-5222 at SUSECVE-2025-5222 at NVDcpe:/o:suse:sle-micro:5.4Security update for pam-config (Important)SUSE Linux Enterprise Micro 5.4
This update for pam-config fixes the following issues:
- CVE-2025-6018: Stop adding pam_env in AUTH stack, and be sure to put this module at the really end of the SESSION stack (bsc#1243226).
ImportantSUSE bug 1243226CVE-2025-6018 at SUSECVE-2025-6018 at NVDcpe:/o:suse:sle-micro:5.4Recommended update for podman (Moderate)SUSE Linux Enterprise Micro 5.4
This update for podman fixes the following issues:
- Added patch to remove using rw as a default mount option (bsc#1239776)
ModerateSUSE bug 1239776CVE-2024-6104 at SUSECVE-2024-6104 at NVDCVE-2025-22869 at SUSECVE-2025-22869 at NVDCVE-2025-27144 at SUSECVE-2025-27144 at NVDcpe:/o:suse:sle-micro:5.4Security update for sudo (Important)SUSE Linux Enterprise Micro 5.4
This update for sudo fixes the following issues:
- CVE-2025-32462: Fixed a possible local privilege escalation via the --host option (bsc#1245274).
ImportantSUSE bug 1245274CVE-2025-32462 at SUSECVE-2025-32462 at NVDcpe:/o:suse:sle-micro:5.4Security update for runc (Low)SUSE Linux Enterprise Micro 5.4
This update for runc fixes the following issues:
- CVE-2024-45310: Fixed unintentional creation of empty files/directories on host (bsc#1230092)
Other fixes:
- Update to runc v1.2.6.
LowSUSE bug 1230092CVE-2024-45310 at SUSECVE-2024-45310 at NVDcpe:/o:suse:sle-micro:5.4Security update for vim (Moderate)SUSE Linux Enterprise Micro 5.4
This update for vim fixes the following issues:
- CVE-2024-41965: Fixed improper neutralization of argument delimiters in zip.vim that could have led to data loss (bsc#1228776).
- CVE-2025-29768: Fixed double-free in dialog_changed() (bsc#1239602).
ModerateSUSE bug 1228776SUSE bug 1239602CVE-2024-41965 at SUSECVE-2024-41965 at NVDCVE-2025-29768 at SUSECVE-2025-29768 at NVDcpe:/o:suse:sle-micro:5.4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.4
The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2022-49110: netfilter: conntrack: revisit gc autotuning (bsc#1237981).
- CVE-2022-49139: Bluetooth: fix null ptr deref on hci_sync_conn_complete_evt (bsc#1238032).
- CVE-2022-49767: 9p/trans_fd: always use O_NONBLOCK read/write (bsc#1242493).
- CVE-2022-49775: tcp: cdg: allow tcp_cdg_release() to be called multiple times (bsc#1242245).
- CVE-2022-49858: octeontx2-pf: Fix SQE threshold checking (bsc#1242589).
- CVE-2023-53058: net/mlx5: E-Switch, Fix an Oops in error handling code (bsc#1242237).
- CVE-2023-53060: igb: revert rtnl_lock() that causes deadlock (bsc#1242241).
- CVE-2023-53064: iavf: Fix hang on reboot with ice (bsc#1242222).
- CVE-2023-53066: qed/qed_sriov: guard against NULL derefs from qed_iov_get_vf_info (bsc#1242227).
- CVE-2023-53079: net/mlx5: Fix steering rules cleanup (bsc#1242765).
- CVE-2023-53114: i40e: Fix kernel crash during reboot when adapter is in recovery mode (bsc#1242398).
- CVE-2023-53134: bnxt_en: Avoid order-5 memory allocation for TPA data (bsc#1242380)
- CVE-2024-53168: net: make sock_inuse_add() available (bsc#1234887).
- CVE-2024-56558: nfsd: make sure exp active before svc_export_show (bsc#1235100).
- CVE-2025-21888: RDMA/mlx5: Fix a WARN during dereg_mr for DM type (bsc#1240177).
- CVE-2025-21999: proc: fix UAF in proc_get_inode() (bsc#1240802).
- CVE-2025-22056: netfilter: nft_tunnel: fix geneve_opt type confusion addition (bsc#1241525).
- CVE-2025-22060: net: mvpp2: Prevent parser TCAM memory corruption (bsc#1241526).
- CVE-2025-23138: watch_queue: fix pipe accounting mismatch (bsc#1241648).
- CVE-2025-23145: mptcp: fix NULL pointer in can_accept_new_subflow (bsc#1242596).
- CVE-2025-37785: ext4: fix OOB read when checking dotdot dir (bsc#1241640).
- CVE-2025-37789: net: openvswitch: fix nested key length validation in the set() action (bsc#1242762).
The following non-security bugs were fixed:
- Refresh fixes for cBPF issue (bsc#1242778)
- Remove debug flavor (bsc#1243919).
- Update metadata and put them into the sorted part of the series
- arm64: bpf: Add BHB mitigation to the epilogue for cBPF programs (bsc#1242778).
- arm64: bpf: Only mitigate cBPF programs loaded by unprivileged users (bsc#1242778).
- arm64: insn: Add support for encoding DSB (bsc#1242778).
- arm64: proton-pack: Add new CPUs 'k' values for branch mitigation (bsc#1242778).
- arm64: proton-pack: Expose whether the branchy loop k value (bsc#1242778).
- arm64: proton-pack: Expose whether the platform is mitigated by firmware (bsc#1242778).
- hv: Allow vmbus_sendpacket_mpb_desc() to create multiple ranges (bsc#1243737).
- hv_netvsc: Preserve contiguous PFN grouping in the page buffer array (bsc#1243737).
- hv_netvsc: Remove rmsg_pgcnt (bsc#1243737).
- hv_netvsc: Use vmbus_sendpacket_mpb_desc() to send VMBus messages (bsc#1243737).
- mtd: phram: Add the kernel lock down check (bsc#1232649).
- ocfs2: fix the issue with discontiguous allocation in the global_bitmap (git-fixes).
- powerpc/pseries/iommu: IOMMU incorrectly marks MMIO range in DDW (bsc#1218470 ltc#204531).
- scsi: core: Fix unremoved procfs host directory regression (git-fixes).
- scsi: storvsc: Set correct data length for sending SCSI command without payload (git-fixes).
- x86/bhi: Do not set BHI_DIS_S in 32-bit mode (bsc#1242778).
- x86/bpf: Add IBHF call at end of classic BPF (bsc#1242778).
- x86/bpf: Call branch history clearing sequence on exit (bsc#1242778).
ImportantSUSE bug 1184350SUSE bug 1193629SUSE bug 1204569SUSE bug 1204619SUSE bug 1204705SUSE bug 1205282SUSE bug 1206051SUSE bug 1206073SUSE bug 1206649SUSE bug 1206886SUSE bug 1206887SUSE bug 1208542SUSE bug 1209292SUSE bug 1209556SUSE bug 1209684SUSE bug 1210337SUSE bug 1210763SUSE bug 1210767SUSE bug 1211465SUSE bug 1213012SUSE bug 1213013SUSE bug 1213094SUSE bug 1213096SUSE bug 1213946SUSE bug 1214991SUSE bug 1218470SUSE bug 1232649SUSE bug 1234887SUSE bug 1235100SUSE bug 1237981SUSE bug 1238032SUSE bug 1240177SUSE bug 1240802SUSE bug 1241525SUSE bug 1241526SUSE bug 1241640SUSE bug 1241648SUSE bug 1242147SUSE bug 1242150SUSE bug 1242151SUSE bug 1242154SUSE bug 1242157SUSE bug 1242158SUSE bug 1242164SUSE bug 1242165SUSE bug 1242169SUSE bug 1242215SUSE bug 1242218SUSE bug 1242219SUSE bug 1242222SUSE bug 1242226SUSE bug 1242227SUSE bug 1242228SUSE bug 1242229SUSE bug 1242230SUSE bug 1242231SUSE bug 1242232SUSE bug 1242237SUSE bug 1242239SUSE bug 1242241SUSE bug 1242244SUSE bug 1242245SUSE bug 1242248SUSE bug 1242261SUSE bug 1242264SUSE bug 1242265SUSE bug 1242270SUSE bug 1242276SUSE bug 1242279SUSE bug 1242280SUSE bug 1242281SUSE bug 1242282SUSE bug 1242284SUSE bug 1242285SUSE bug 1242289SUSE bug 1242294SUSE bug 1242305SUSE bug 1242312SUSE bug 1242320SUSE bug 1242338SUSE bug 1242352SUSE bug 1242353SUSE bug 1242355SUSE bug 1242357SUSE bug 1242358SUSE bug 1242361SUSE bug 1242365SUSE bug 1242366SUSE bug 1242369SUSE bug 1242370SUSE bug 1242371SUSE bug 1242372SUSE bug 1242377SUSE bug 1242378SUSE bug 1242380SUSE bug 1242382SUSE bug 1242385SUSE bug 1242387SUSE bug 1242389SUSE bug 1242391SUSE bug 1242392SUSE bug 1242394SUSE bug 1242398SUSE bug 1242399SUSE bug 1242402SUSE bug 1242403SUSE bug 1242409SUSE bug 1242411SUSE bug 1242415SUSE bug 1242416SUSE bug 1242421SUSE bug 1242422SUSE bug 1242426SUSE bug 1242428SUSE bug 1242440SUSE bug 1242443SUSE bug 1242449SUSE bug 1242452SUSE bug 1242453SUSE bug 1242454SUSE bug 1242455SUSE bug 1242456SUSE bug 1242458SUSE bug 1242464SUSE bug 1242467SUSE bug 1242469SUSE bug 1242473SUSE bug 1242478SUSE bug 1242481SUSE bug 1242484SUSE bug 1242489SUSE bug 1242493SUSE bug 1242497SUSE bug 1242527SUSE bug 1242542SUSE bug 1242544SUSE bug 1242545SUSE bug 1242547SUSE bug 1242548SUSE bug 1242549SUSE bug 1242550SUSE bug 1242551SUSE bug 1242558SUSE bug 1242570SUSE bug 1242580SUSE bug 1242586SUSE bug 1242589SUSE bug 1242596SUSE bug 1242597SUSE bug 1242685SUSE bug 1242686SUSE bug 1242688SUSE bug 1242689SUSE bug 1242695SUSE bug 1242716SUSE bug 1242733SUSE bug 1242734SUSE bug 1242735SUSE bug 1242736SUSE bug 1242739SUSE bug 1242743SUSE bug 1242744SUSE bug 1242745SUSE bug 1242746SUSE bug 1242747SUSE bug 1242749SUSE bug 1242752SUSE bug 1242753SUSE bug 1242756SUSE bug 1242759SUSE bug 1242762SUSE bug 1242765SUSE bug 1242767SUSE bug 1242778SUSE bug 1242779SUSE bug 1242790SUSE bug 1242791SUSE bug 1243047SUSE bug 1243133SUSE bug 1243649SUSE bug 1243660SUSE bug 1243737SUSE bug 1243919CVE-2022-3564 at SUSECVE-2022-3564 at NVDCVE-2022-3619 at SUSECVE-2022-3619 at NVDCVE-2022-3640 at SUSECVE-2022-3640 at NVDCVE-2022-49110 at SUSECVE-2022-49110 at NVDCVE-2022-49139 at SUSECVE-2022-49139 at NVDCVE-2022-49767 at SUSECVE-2022-49767 at NVDCVE-2022-49769 at SUSECVE-2022-49769 at NVDCVE-2022-49770 at SUSECVE-2022-49770 at NVDCVE-2022-49771 at SUSECVE-2022-49771 at NVDCVE-2022-49772 at SUSECVE-2022-49772 at NVDCVE-2022-49775 at SUSECVE-2022-49775 at NVDCVE-2022-49776 at SUSECVE-2022-49776 at NVDCVE-2022-49777 at SUSECVE-2022-49777 at NVDCVE-2022-49779 at SUSECVE-2022-49779 at NVDCVE-2022-49783 at SUSECVE-2022-49783 at NVDCVE-2022-49787 at SUSECVE-2022-49787 at NVDCVE-2022-49788 at SUSECVE-2022-49788 at NVDCVE-2022-49789 at SUSECVE-2022-49789 at NVDCVE-2022-49790 at SUSECVE-2022-49790 at NVDCVE-2022-49792 at SUSECVE-2022-49792 at NVDCVE-2022-49793 at SUSECVE-2022-49793 at NVDCVE-2022-49794 at SUSECVE-2022-49794 at NVDCVE-2022-49796 at SUSECVE-2022-49796 at NVDCVE-2022-49797 at SUSECVE-2022-49797 at NVDCVE-2022-49799 at SUSECVE-2022-49799 at NVDCVE-2022-49800 at SUSECVE-2022-49800 at NVDCVE-2022-49801 at SUSECVE-2022-49801 at NVDCVE-2022-49802 at SUSECVE-2022-49802 at NVDCVE-2022-49807 at SUSECVE-2022-49807 at NVDCVE-2022-49809 at SUSECVE-2022-49809 at NVDCVE-2022-49810 at SUSECVE-2022-49810 at NVDCVE-2022-49812 at SUSECVE-2022-49812 at NVDCVE-2022-49813 at SUSECVE-2022-49813 at NVDCVE-2022-49818 at SUSECVE-2022-49818 at NVDCVE-2022-49821 at SUSECVE-2022-49821 at NVDCVE-2022-49822 at SUSECVE-2022-49822 at NVDCVE-2022-49823 at SUSECVE-2022-49823 at NVDCVE-2022-49824 at SUSECVE-2022-49824 at NVDCVE-2022-49825 at SUSECVE-2022-49825 at NVDCVE-2022-49826 at SUSECVE-2022-49826 at NVDCVE-2022-49827 at SUSECVE-2022-49827 at NVDCVE-2022-49830 at SUSECVE-2022-49830 at NVDCVE-2022-49832 at SUSECVE-2022-49832 at NVDCVE-2022-49834 at SUSECVE-2022-49834 at NVDCVE-2022-49835 at SUSECVE-2022-49835 at NVDCVE-2022-49836 at SUSECVE-2022-49836 at NVDCVE-2022-49839 at SUSECVE-2022-49839 at NVDCVE-2022-49841 at SUSECVE-2022-49841 at NVDCVE-2022-49842 at SUSECVE-2022-49842 at NVDCVE-2022-49845 at SUSECVE-2022-49845 at NVDCVE-2022-49846 at SUSECVE-2022-49846 at NVDCVE-2022-49850 at SUSECVE-2022-49850 at NVDCVE-2022-49853 at SUSECVE-2022-49853 at NVDCVE-2022-49858 at SUSECVE-2022-49858 at NVDCVE-2022-49860 at SUSECVE-2022-49860 at NVDCVE-2022-49861 at SUSECVE-2022-49861 at NVDCVE-2022-49863 at SUSECVE-2022-49863 at NVDCVE-2022-49864 at SUSECVE-2022-49864 at NVDCVE-2022-49865 at SUSECVE-2022-49865 at NVDCVE-2022-49868 at SUSECVE-2022-49868 at NVDCVE-2022-49869 at SUSECVE-2022-49869 at NVDCVE-2022-49870 at SUSECVE-2022-49870 at NVDCVE-2022-49871 at SUSECVE-2022-49871 at NVDCVE-2022-49874 at SUSECVE-2022-49874 at NVDCVE-2022-49879 at SUSECVE-2022-49879 at NVDCVE-2022-49880 at SUSECVE-2022-49880 at NVDCVE-2022-49881 at SUSECVE-2022-49881 at NVDCVE-2022-49885 at SUSECVE-2022-49885 at NVDCVE-2022-49887 at SUSECVE-2022-49887 at NVDCVE-2022-49888 at SUSECVE-2022-49888 at NVDCVE-2022-49889 at SUSECVE-2022-49889 at NVDCVE-2022-49890 at SUSECVE-2022-49890 at NVDCVE-2022-49891 at SUSECVE-2022-49891 at NVDCVE-2022-49892 at SUSECVE-2022-49892 at NVDCVE-2022-49900 at SUSECVE-2022-49900 at NVDCVE-2022-49905 at SUSECVE-2022-49905 at NVDCVE-2022-49906 at SUSECVE-2022-49906 at NVDCVE-2022-49908 at SUSECVE-2022-49908 at NVDCVE-2022-49909 at SUSECVE-2022-49909 at NVDCVE-2022-49910 at SUSECVE-2022-49910 at NVDCVE-2022-49915 at SUSECVE-2022-49915 at NVDCVE-2022-49916 at SUSECVE-2022-49916 at NVDCVE-2022-49922 at SUSECVE-2022-49922 at NVDCVE-2022-49923 at SUSECVE-2022-49923 at NVDCVE-2022-49924 at SUSECVE-2022-49924 at NVDCVE-2022-49925 at SUSECVE-2022-49925 at NVDCVE-2022-49927 at SUSECVE-2022-49927 at NVDCVE-2022-49928 at SUSECVE-2022-49928 at NVDCVE-2022-49931 at SUSECVE-2022-49931 at NVDCVE-2023-1990 at SUSECVE-2023-1990 at NVDCVE-2023-53035 at SUSECVE-2023-53035 at NVDCVE-2023-53038 at SUSECVE-2023-53038 at NVDCVE-2023-53039 at SUSECVE-2023-53039 at NVDCVE-2023-53040 at SUSECVE-2023-53040 at NVDCVE-2023-53041 at SUSECVE-2023-53041 at NVDCVE-2023-53044 at SUSECVE-2023-53044 at NVDCVE-2023-53045 at SUSECVE-2023-53045 at NVDCVE-2023-53049 at SUSECVE-2023-53049 at NVDCVE-2023-53051 at SUSECVE-2023-53051 at NVDCVE-2023-53052 at SUSECVE-2023-53052 at NVDCVE-2023-53054 at SUSECVE-2023-53054 at NVDCVE-2023-53056 at SUSECVE-2023-53056 at NVDCVE-2023-53058 at SUSECVE-2023-53058 at NVDCVE-2023-53059 at SUSECVE-2023-53059 at NVDCVE-2023-53060 at SUSECVE-2023-53060 at NVDCVE-2023-53062 at SUSECVE-2023-53062 at NVDCVE-2023-53064 at SUSECVE-2023-53064 at NVDCVE-2023-53065 at SUSECVE-2023-53065 at NVDCVE-2023-53066 at SUSECVE-2023-53066 at NVDCVE-2023-53068 at SUSECVE-2023-53068 at NVDCVE-2023-53075 at SUSECVE-2023-53075 at NVDCVE-2023-53077 at SUSECVE-2023-53077 at NVDCVE-2023-53078 at SUSECVE-2023-53078 at NVDCVE-2023-53079 at SUSECVE-2023-53079 at NVDCVE-2023-53081 at SUSECVE-2023-53081 at NVDCVE-2023-53084 at SUSECVE-2023-53084 at NVDCVE-2023-53087 at SUSECVE-2023-53087 at NVDCVE-2023-53089 at SUSECVE-2023-53089 at NVDCVE-2023-53090 at SUSECVE-2023-53090 at NVDCVE-2023-53091 at SUSECVE-2023-53091 at NVDCVE-2023-53092 at SUSECVE-2023-53092 at NVDCVE-2023-53093 at SUSECVE-2023-53093 at NVDCVE-2023-53096 at SUSECVE-2023-53096 at NVDCVE-2023-53098 at SUSECVE-2023-53098 at NVDCVE-2023-53099 at SUSECVE-2023-53099 at NVDCVE-2023-53100 at SUSECVE-2023-53100 at NVDCVE-2023-53101 at SUSECVE-2023-53101 at NVDCVE-2023-53106 at SUSECVE-2023-53106 at NVDCVE-2023-53108 at SUSECVE-2023-53108 at NVDCVE-2023-53111 at SUSECVE-2023-53111 at NVDCVE-2023-53114 at SUSECVE-2023-53114 at NVDCVE-2023-53116 at SUSECVE-2023-53116 at NVDCVE-2023-53118 at SUSECVE-2023-53118 at NVDCVE-2023-53119 at SUSECVE-2023-53119 at NVDCVE-2023-53123 at SUSECVE-2023-53123 at NVDCVE-2023-53124 at SUSECVE-2023-53124 at NVDCVE-2023-53125 at SUSECVE-2023-53125 at NVDCVE-2023-53131 at SUSECVE-2023-53131 at NVDCVE-2023-53134 at SUSECVE-2023-53134 at NVDCVE-2023-53137 at SUSECVE-2023-53137 at NVDCVE-2023-53139 at SUSECVE-2023-53139 at NVDCVE-2023-53140 at SUSECVE-2023-53140 at NVDCVE-2023-53142 at SUSECVE-2023-53142 at NVDCVE-2023-53143 at SUSECVE-2023-53143 at NVDCVE-2023-53145 at SUSECVE-2023-53145 at NVDCVE-2024-53168 at SUSECVE-2024-53168 at NVDCVE-2024-56558 at SUSECVE-2024-56558 at NVDCVE-2025-21888 at SUSECVE-2025-21888 at NVDCVE-2025-21999 at SUSECVE-2025-21999 at NVDCVE-2025-22056 at SUSECVE-2025-22056 at NVDCVE-2025-22060 at SUSECVE-2025-22060 at NVDCVE-2025-23138 at SUSECVE-2025-23138 at NVDCVE-2025-23145 at SUSECVE-2025-23145 at NVDCVE-2025-37785 at SUSECVE-2025-37785 at NVDCVE-2025-37789 at SUSECVE-2025-37789 at NVDCVE-2025-37948 at SUSECVE-2025-37948 at NVDCVE-2025-37963 at SUSECVE-2025-37963 at NVDcpe:/o:suse:sle-micro:5.4Security update for libssh (Important)SUSE Linux Enterprise Micro 5.4
This update for libssh fixes the following issues:
- CVE-2025-4877: Fixed write beyond bounds in binary to base64 conversion functions (bsc#1245309).
- CVE-2025-4878: Fixed use of uninitialized variable in privatekey_from_file() (bsc#1245310).
- CVE-2025-5318: Fixed likely read beyond bounds in sftp server handle management (bsc#1245311).
- CVE-2025-5372: Fixed ssh_kdf() returns a success code on certain failures (bsc#1245314).
ImportantSUSE bug 1245309SUSE bug 1245310SUSE bug 1245311SUSE bug 1245314CVE-2025-4877 at SUSECVE-2025-4877 at NVDCVE-2025-4878 at SUSECVE-2025-4878 at NVDCVE-2025-5318 at SUSECVE-2025-5318 at NVDCVE-2025-5372 at SUSECVE-2025-5372 at NVDcpe:/o:suse:sle-micro:5.4Security update for docker (Moderate)SUSE Linux Enterprise Micro 5.4
This update for docker fixes the following issues:
Update to Docker 28.2.2-ce (bsc#1243833, bsc#1242114):
- CVE-2025-0495: Fixed credential leakage to telemetry endpoints when credentials
allowed to be set as attribute values in cache-to/cache-from configuration.(bsc#1239765)
- CVE-2025-22872: golang.org/x/net/html: incorrectly interpreted tags can cause content to be placed wrong scope during DOM construction (bsc#1241830).
Other fixes:
- Update to docker-buildx v0.22.0.
- Always clear SUSEConnect suse_* secrets when starting containers (bsc#1244035).
- Disable transparent SUSEConnect support for SLE-16. (jsc#PED-12534)
- Now that the only blocker for docker-buildx support was removed for SLE-16,
enable docker-buildx for SLE-16 as well. (jsc#PED-8905)
- SUSEConnect secrets fails in SLES rootless docker containers (bsc#1240150).
ModerateSUSE bug 1239765SUSE bug 1240150SUSE bug 1241830SUSE bug 1242114SUSE bug 1243833SUSE bug 1244035CVE-2025-0495 at SUSECVE-2025-0495 at NVDCVE-2025-22872 at SUSECVE-2025-22872 at NVDcpe:/o:suse:sle-micro:5.4Security update for protobuf (Moderate)SUSE Linux Enterprise Micro 5.4
This update for protobuf fixes the following issues:
- CVE-2025-4565: Fix parsing of untrusted Protocol Buffers data containing an arbitrary number of recursive groups or messages that can lead to crash due to RecursionError (bsc#1244663).
ModerateSUSE bug 1244663CVE-2025-4565 at SUSECVE-2025-4565 at NVDcpe:/o:suse:sle-micro:5.4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.4
The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2024-53095: smb: client: Fix use-after-free of network namespace (bsc#1233642).
- CVE-2024-53146: NFSD: Prevent a potential integer overflow (bsc#1234853).
- CVE-2024-53156: wifi: ath9k: add range check for conn_rsp_epid in htc_connect_service() (bsc#1234846).
- CVE-2024-53173: NFSv4.0: Fix a use-after-free problem in the asynchronous open() (bsc#1234891).
- CVE-2024-53179: smb: client: fix use-after-free of signing key (bsc#1234921).
- CVE-2024-53214: vfio/pci: Properly hide first-in-list PCIe extended capability (bsc#1235004).
- CVE-2024-53239: ALSA: 6fire: Release resources at card release (bsc#1235054).
- CVE-2024-53240: xen/netfront: fix crash when removing device (bsc#1234281).
- CVE-2024-53241: x86/xen: use new hypercall functions instead of hypercall page (XSA-466 bsc#1234282).
- CVE-2024-56539: wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_config_scan() (bsc#1234963).
- CVE-2024-56548: hfsplus: do not query the device logical block size multiple times (bsc#1235073).
- CVE-2024-56570: ovl: Filter invalid inodes with missing lookup function (bsc#1235035).
- CVE-2024-56598: jfs: array-index-out-of-bounds fix in dtReadFirst (bsc#1235220).
- CVE-2024-56604: Bluetooth: RFCOMM: avoid leaving dangling sk pointer in rfcomm_sock_alloc() (bsc#1235056).
- CVE-2024-56605: Bluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create() (bsc#1235061).
- CVE-2024-56619: nilfs2: fix potential out-of-bounds memory access in nilfs_find_entry() (bsc#1235224).
- CVE-2024-8805: Bluetooth: hci_event: Align BR/EDR JUST_WORKS paring with LE (bsc#1230697).
The following non-security bugs were fixed:
- KVM: x86: fix sending PV IPI (git-fixes).
- idpf: add support for SW triggered interrupts (bsc#1235507).
- idpf: enable WB_ON_ITR (bsc#1235507).
- idpf: trigger SW interrupt when exiting wb_on_itr mode (bsc#1235507).
- kernel-binary: do not BuildIgnore m4. It is actually needed for regenerating zconf when it is not up-to-date due to merge.
- kernel/fork: beware of __put_task_struct() calling context (bsc#1189998 (PREEMPT_RT prerequisite backports)).
- net: mana: Increase the DEF_RX_BUFFERS_PER_QUEUE to 1024 (bsc#1235246).
- rpm/kernel-binary.spec.in: Fix build regression The previous fix forgot to take over grep -c option that broke the conditional expression
- scsi: storvsc: Do not flag MAINTENANCE_IN return of SRB_STATUS_DATA_OVERRUN as an error (git-fixes).
- smb: client: fix TCP timers deadlock after rmmod (git-fixes) [hcarvalho: this fixes issue discussed in bsc#1233642].
- usb: roles: Call try_module_get() from usb_role_switch_find_by_fwnode() (git-fixes).
- usb: typec: tps6598x: Fix return value check in tps6598x_probe() (git-fixes).
- x86/bug: Merge annotate_reachable() into _BUG_FLAGS() asm (git-fixes).
- x86/fpu/xsave: Handle compacted offsets correctly with supervisor states (git-fixes).
- x86/fpu/xstate: Fix the ARCH_REQ_XCOMP_PERM implementation (git-fixes).
- x86/fpu: Remove unused supervisor only offsets (git-fixes).
- x86/kvm: Do not use pv tlb/ipi/sched_yield if on 1 vCPU (git-fixes).
- x86/mce/inject: Avoid out-of-bounds write when setting flags (git-fixes).
- x86/mce: Allow instrumentation during task work queueing (git-fixes).
- x86/mce: Mark mce_end() noinstr (git-fixes).
- x86/mce: Mark mce_panic() noinstr (git-fixes).
- x86/mce: Mark mce_read_aux() noinstr (git-fixes).
- x86/mm: Flush global TLB when switching to trampoline page-table (git-fixes).
- x86/sgx: Free backing memory after faulting the enclave page (git-fixes).
- x86/sgx: Silence softlockup detection when releasing large enclaves (git-fixes).
- x86/uaccess: Move variable into switch case statement (git-fixes).
- x86: Annotate call_on_stack() (git-fixes).
ImportantSUSE bug 1170891SUSE bug 1173139SUSE bug 1185010SUSE bug 1189998SUSE bug 1190358SUSE bug 1190428SUSE bug 1191949SUSE bug 1193983SUSE bug 1196869SUSE bug 1200313SUSE bug 1201308SUSE bug 1201489SUSE bug 1209657SUSE bug 1209798SUSE bug 1211592SUSE bug 1215304SUSE bug 1216702SUSE bug 1217169SUSE bug 1218447SUSE bug 1221044SUSE bug 1222721SUSE bug 1222878SUSE bug 1223481SUSE bug 1223501SUSE bug 1223512SUSE bug 1223520SUSE bug 1223894SUSE bug 1223921SUSE bug 1223922SUSE bug 1223923SUSE bug 1223924SUSE bug 1223929SUSE bug 1223931SUSE bug 1223932SUSE bug 1223934SUSE bug 1223941SUSE bug 1223948SUSE bug 1223952SUSE bug 1223953SUSE bug 1223957SUSE bug 1223962SUSE bug 1223963SUSE bug 1223964SUSE bug 1223996SUSE bug 1224099SUSE bug 1224482SUSE bug 1224511SUSE bug 1224592SUSE bug 1224685SUSE bug 1224730SUSE bug 1224816SUSE bug 1224895SUSE bug 1224898SUSE bug 1224900SUSE bug 1224901SUSE bug 1230697SUSE bug 1232436SUSE bug 1233070SUSE bug 1233642SUSE bug 1234281SUSE bug 1234282SUSE bug 1234846SUSE bug 1234853SUSE bug 1234891SUSE bug 1234921SUSE bug 1234960SUSE bug 1234963SUSE bug 1235004SUSE bug 1235035SUSE bug 1235054SUSE bug 1235056SUSE bug 1235061SUSE bug 1235073SUSE bug 1235220SUSE bug 1235224SUSE bug 1235246SUSE bug 1235507CVE-2020-36788 at SUSECVE-2020-36788 at NVDCVE-2021-4148 at SUSECVE-2021-4148 at NVDCVE-2021-42327 at SUSECVE-2021-42327 at NVDCVE-2021-47202 at SUSECVE-2021-47202 at NVDCVE-2021-47365 at SUSECVE-2021-47365 at NVDCVE-2021-47489 at SUSECVE-2021-47489 at NVDCVE-2021-47491 at SUSECVE-2021-47491 at NVDCVE-2021-47492 at SUSECVE-2021-47492 at NVDCVE-2022-48632 at SUSECVE-2022-48632 at NVDCVE-2022-48634 at SUSECVE-2022-48634 at NVDCVE-2022-48636 at SUSECVE-2022-48636 at NVDCVE-2022-48652 at SUSECVE-2022-48652 at NVDCVE-2022-48671 at SUSECVE-2022-48671 at NVDCVE-2022-48672 at SUSECVE-2022-48672 at NVDCVE-2022-48673 at SUSECVE-2022-48673 at NVDCVE-2022-48675 at SUSECVE-2022-48675 at NVDCVE-2022-48686 at SUSECVE-2022-48686 at NVDCVE-2022-48687 at SUSECVE-2022-48687 at NVDCVE-2022-48688 at SUSECVE-2022-48688 at NVDCVE-2022-48692 at SUSECVE-2022-48692 at NVDCVE-2022-48693 at SUSECVE-2022-48693 at NVDCVE-2022-48694 at SUSECVE-2022-48694 at NVDCVE-2022-48695 at SUSECVE-2022-48695 at NVDCVE-2022-48697 at SUSECVE-2022-48697 at NVDCVE-2022-48699 at SUSECVE-2022-48699 at NVDCVE-2022-48700 at SUSECVE-2022-48700 at NVDCVE-2022-48701 at SUSECVE-2022-48701 at NVDCVE-2022-48702 at SUSECVE-2022-48702 at NVDCVE-2022-48703 at SUSECVE-2022-48703 at NVDCVE-2022-48704 at SUSECVE-2022-48704 at NVDCVE-2022-49035 at SUSECVE-2022-49035 at NVDCVE-2023-0160 at SUSECVE-2023-0160 at NVDCVE-2023-2860 at SUSECVE-2023-2860 at NVDCVE-2023-47233 at SUSECVE-2023-47233 at NVDCVE-2023-52591 at SUSECVE-2023-52591 at NVDCVE-2023-52654 at SUSECVE-2023-52654 at NVDCVE-2023-52655 at SUSECVE-2023-52655 at NVDCVE-2023-52676 at SUSECVE-2023-52676 at NVDCVE-2023-6531 at SUSECVE-2023-6531 at NVDCVE-2024-26764 at SUSECVE-2024-26764 at NVDCVE-2024-35811 at SUSECVE-2024-35811 at NVDCVE-2024-35815 at SUSECVE-2024-35815 at NVDCVE-2024-35895 at SUSECVE-2024-35895 at NVDCVE-2024-35914 at SUSECVE-2024-35914 at NVDCVE-2024-50154 at SUSECVE-2024-50154 at NVDCVE-2024-53095 at SUSECVE-2024-53095 at NVDCVE-2024-53142 at SUSECVE-2024-53142 at NVDCVE-2024-53146 at SUSECVE-2024-53146 at NVDCVE-2024-53156 at SUSECVE-2024-53156 at NVDCVE-2024-53173 at SUSECVE-2024-53173 at NVDCVE-2024-53179 at SUSECVE-2024-53179 at NVDCVE-2024-53206 at SUSECVE-2024-53206 at NVDCVE-2024-53214 at SUSECVE-2024-53214 at NVDCVE-2024-53239 at SUSECVE-2024-53239 at NVDCVE-2024-53240 at SUSECVE-2024-53240 at NVDCVE-2024-53241 at SUSECVE-2024-53241 at NVDCVE-2024-56539 at SUSECVE-2024-56539 at NVDCVE-2024-56548 at SUSECVE-2024-56548 at NVDCVE-2024-56570 at SUSECVE-2024-56570 at NVDCVE-2024-56598 at SUSECVE-2024-56598 at NVDCVE-2024-56604 at SUSECVE-2024-56604 at NVDCVE-2024-56605 at SUSECVE-2024-56605 at NVDCVE-2024-56619 at SUSECVE-2024-56619 at NVDCVE-2024-8805 at SUSECVE-2024-8805 at NVDcpe:/o:suse:sle-micro:5.4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.4
The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2021-47557: net/sched: sch_ets: do not peek at classes beyond 'nbands' (bsc#1207361 bsc#1225468).
- CVE-2021-47595: net/sched: sch_ets: do not remove idle classes from the round-robin list (bsc#1207361 bsc#1226552).
- CVE-2023-52924: netfilter: nf_tables: do not skip expired elements during walk (bsc#1236821).
- CVE-2023-52925: netfilter: nf_tables: do not fail inserts if duplicate has expired (bsc#1236822).
- CVE-2024-26808: netfilter: nft_chain_filter: handle NETDEV_UNREGISTER for inet/ingress basechain (bsc#1222634).
- CVE-2024-26924: scsi: lpfc: Release hbalock before calling lpfc_worker_wake_up() (bsc#1225820).
- CVE-2024-27397: kabi: place tstamp needed for nftables set in a hole (bsc#1224095).
- CVE-2024-36978: net: sched: sch_multiq: fix possible OOB write in multiq_tune() (bsc#1226514).
- CVE-2024-46800: sch/netem: fix use after free in netem_dequeue (bsc#1230827).
- CVE-2024-53057: net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT (bsc#1233551).
- CVE-2024-53125: bpf: sync_linked_regs() must preserve subreg_def (bsc#1234156).
- CVE-2024-53141: netfilter: ipset: add missing range check in bitmap_ip_uadt (bsc#1234381).
- CVE-2024-56770: sch/netem: fix use after free in netem_dequeue (bsc#1235637).
- CVE-2024-57947: netfilter: nf_set_pipapo: fix initial map fill (bsc#1236333).
- CVE-2025-21700: net: sched: Disallow replacing of child qdisc from one parent to another (bsc#1237159).
- CVE-2025-21702: pfifo_tail_enqueue: Drop new packet when sch->limit == 0 (bsc#1237312).
- CVE-2025-21703: netem: Update sch->q.qlen before qdisc_tree_reduce_backlog() (bsc#1237313).
- CVE-2025-21756: vsock: Orphan socket after transport release (bsc#1238876).
- CVE-2025-23141: KVM: x86: Acquire SRCU in KVM_GET_MP_STATE to protect guest memory accesses (bsc#1242782).
- CVE-2025-37752: net_sched: sch_sfq: move the limit validation (bsc#1242504).
- CVE-2025-37797: net_sched: hfsc: Fix a UAF vulnerability in class handling (bsc#1242417).
- CVE-2025-37823: net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too (bsc#1242924).
- CVE-2025-37890: net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc (bsc#1243330).
- CVE-2025-37997: netfilter: ipset: fix region locking in hash types (bsc#1243832).
- CVE-2025-38000: sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue() (bsc#1244277).
- CVE-2025-38001: net_sched: hfsc: Address reentrant enqueue adding class to eltree twice (bsc#1244234).
- CVE-2025-38014: dmaengine: idxd: Refactor remove call with idxd_cleanup() helper (bsc#1244732).
- CVE-2025-38083: net_sched: prio: fix a race in prio_tune() (bsc#1245183).
The following non-security bugs were fixed:
- Fix conditional for selecting gcc-13 Fixes: 51dacec21eb1 ('Use gcc-13 for build on SLE16 (jsc#PED-10028).')
- Fix reference in 'net_sched: sch_sfq: use a temporary work area for validating configuration' (bsc#1242504)
- MyBS: Correctly generate build flags for non-multibuild package limit (bsc# 1244241) Fixes: 0999112774fc ('MyBS: Use buildflags to set which package to build')
- MyBS: Do not build kernel-obs-qa with limit_packages Fixes: 58e3f8c34b2b ('bs-upload-kernel: Pass limit_packages also on multibuild')
- MyBS: Simplify qa_expr generation Start with a 0 which makes the expression valid even if there are no QA repositories (currently does not happen). Then separator is always needed.
- Require zstd in kernel-default-devel when module compression is zstd To use ksym-provides tool modules need to be uncompressed. Without zstd at least kernel-default-base does not have provides. Link: https://github.com/openSUSE/rpm-config-SUSE/pull/82
- Test the correct macro to detect RT kernel build Fixes: 470cd1a41502 ('kernel-binary: Support livepatch_rt with merged RT branch')
- Use gcc-13 for build on SLE16 (jsc#PED-10028).
- add nf_tables for iptables non-legacy network handling This is needed for example by docker on the Alpine Linux distribution, but can also be used on openSUSE.
- bs-upload-kernel: Pass limit_packages also on multibuild Fixes: 0999112774fc ('MyBS: Use buildflags to set which package to build') Fixes: 747f601d4156 ('bs-upload-kernel, MyBS, Buildresults: Support multibuild (JSC-SLE#5501, boo#1211226, bsc#1218184)')
- check-for-config-changes: Fix flag name typo
- doc/README.SUSE: Point to the updated version of LKMPG
- hugetlb: unshare some PMDs when splitting VMAs (bsc#1245431).
- kernel-binary: Support livepatch_rt with merged RT branch
- kernel-obs-qa: Use srchash for dependency as well
- kernel-source: Also replace bin/env
- kernel-source: Also update the search to match bin/env Fixes: dc2037cd8f94 ('kernel-source: Also replace bin/env'
- kernel-source: Do not use multiple -r in sed parameters
- kernel-source: Remove log.sh from sources
- mkspec: Exclude rt flavor from kernel-syms dependencies (bsc#1244337).
- mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race (bsc#1245431).
- mm/hugetlb: unshare page tables during VMA split, not before (bsc#1245431).
- net_sched: sch_fifo: implement lockless __fifo_dump() (bsc#1237312)
- net_sched: sch_sfq: use a temporary work area for validating configuration (bsc#1232504)
- packaging: Patch Makefile to pre-select gcc version (jsc#PED-12251).
- packaging: Turn gcc version into config.sh variable Fixes: 51dacec21eb1 ('Use gcc-13 for build on SLE16 (jsc#PED-10028).')
- powerpc/powernv/memtrace: Fix out of bounds issue in memtrace mmap (bsc#1244309 ltc#213790).
- powerpc/vas: Return -EINVAL if the offset is non-zero in mmap() (bsc#1244309 ltc#213790).
- rpm/check-for-config-changes: Add GCC_ASM_FLAG_OUTPUT_BROKEN
- rpm/check-for-config-changes: Add GCC_ASM_FLAG_OUTPUT_BROKEN Both spellings are actually used
- rpm/check-for-config-changes: add LD_CAN_ to IGNORED_CONFIGS_RE
- rpm/check-for-config-changes: add more to IGNORED_CONFIGS_RE Useful when someone tries (needs) to build the kernel with clang.
- rpm/check-for-config-changes: ignore DRM_MSM_VALIDATE_XML This option is dynamically enabled to build-test different configurations. This makes run_oldconfig.sh complain sporadically for arm64.
- rpm/kernel-binary.spec.in: Also order against update-bootloader (boo#1228659, boo#1240785, boo#1241038).
- rpm/kernel-binary.spec.in: Fix missing 20-kernel-default-extra.conf (bsc#1239986) sle_version was obsoleted for SLE16. It has to be combined with suse_version check.
- rpm/kernel-binary.spec.in: Use OrderWithRequires (boo#1228659 boo#1241038). OrderWithRequires was introduced in rpm 4.9 (ie. SLE12+) to allow a package to inform the order of installation of other package without hard requiring that package. This means our kernel-binary packages no longer need to hard require perl-Bootloader or dracut, resolving the long-commented issue there. This is also needed for udev & systemd-boot to ensure those packages are installed before being called by dracut (boo#1228659)
- rpm/kernel-binary.spec.in: fix KMPs build on 6.13+ (bsc#1234454)
- rpm/kernel-docs.spec.in: Workaround for reproducible builds (bsc#1238303)
- rpm/package-descriptions: Add rt and rt_debug descriptions
- rpm/release-projects: Update the ALP projects again (bsc#1231293).
- rpm/split-modules: Fix optional splitting with usrmerge (bsc#1238570)
- rpm: Stop using is_kotd_qa macro This macro is set by bs-upload-kernel, and a conditional in each spec file is used to determine when to build the spec file. This logic should not really be in the spec file. Previously this was done with package links and package meta for the individula links. However, the use of package links is rejected for packages in git based release projects (nothing to do with git actually, new policy). An alternative to package links is multibuild. However, for multibuild packages package meta cannot be used to set which spec file gets built. Use prjcon buildflags instead, and remove this conditional. Depends on bs-upload-kernel adding the build flag.
- scsi: storvsc: Do not report the host packet status as the hv status (git-fixes).
- scsi: storvsc: Increase the timeouts to storvsc_timeout (bsc#1245455).
- wifi: cfg80211: Add my certificate (bsc#1243001).
- wifi: cfg80211: fix certs build to not depend on file order (bsc#1243001).
ImportantSUSE bug 1065729SUSE bug 1156395SUSE bug 1193629SUSE bug 1194869SUSE bug 1198410SUSE bug 1199356SUSE bug 1199487SUSE bug 1201160SUSE bug 1201956SUSE bug 1202094SUSE bug 1202095SUSE bug 1202564SUSE bug 1202716SUSE bug 1202823SUSE bug 1202860SUSE bug 1203197SUSE bug 1203361SUSE bug 1205220SUSE bug 1205514SUSE bug 1206664SUSE bug 1206878SUSE bug 1206880SUSE bug 1207361SUSE bug 1207638SUSE bug 1211226SUSE bug 1212051SUSE bug 1213090SUSE bug 1218184SUSE bug 1218234SUSE bug 1218470SUSE bug 1222634SUSE bug 1223675SUSE bug 1224095SUSE bug 1224597SUSE bug 1225468SUSE bug 1225820SUSE bug 1226514SUSE bug 1226552SUSE bug 1228659SUSE bug 1230827SUSE bug 1231293SUSE bug 1232504SUSE bug 1233551SUSE bug 1234156SUSE bug 1234381SUSE bug 1234454SUSE bug 1235637SUSE bug 1236333SUSE bug 1236821SUSE bug 1236822SUSE bug 1237159SUSE bug 1237312SUSE bug 1237313SUSE bug 1238303SUSE bug 1238526SUSE bug 1238570SUSE bug 1238876SUSE bug 1239986SUSE bug 1240785SUSE bug 1241038SUSE bug 1242221SUSE bug 1242414SUSE bug 1242417SUSE bug 1242504SUSE bug 1242596SUSE bug 1242782SUSE bug 1242924SUSE bug 1243001SUSE bug 1243330SUSE bug 1243543SUSE bug 1243627SUSE bug 1243832SUSE bug 1244114SUSE bug 1244179SUSE bug 1244234SUSE bug 1244241SUSE bug 1244277SUSE bug 1244309SUSE bug 1244337SUSE bug 1244732SUSE bug 1244764SUSE bug 1244765SUSE bug 1244767SUSE bug 1244770SUSE bug 1244771SUSE bug 1244773SUSE bug 1244774SUSE bug 1244776SUSE bug 1244779SUSE bug 1244780SUSE bug 1244781SUSE bug 1244782SUSE bug 1244783SUSE bug 1244784SUSE bug 1244786SUSE bug 1244787SUSE bug 1244788SUSE bug 1244790SUSE bug 1244793SUSE bug 1244794SUSE bug 1244796SUSE bug 1244797SUSE bug 1244798SUSE bug 1244800SUSE bug 1244802SUSE bug 1244804SUSE bug 1244807SUSE bug 1244808SUSE bug 1244811SUSE bug 1244813SUSE bug 1244814SUSE bug 1244815SUSE bug 1244816SUSE bug 1244819SUSE bug 1244820SUSE bug 1244823SUSE bug 1244824SUSE bug 1244825SUSE bug 1244830SUSE bug 1244831SUSE bug 1244832SUSE bug 1244834SUSE bug 1244836SUSE bug 1244838SUSE bug 1244839SUSE bug 1244840SUSE bug 1244841SUSE bug 1244842SUSE bug 1244843SUSE bug 1244845SUSE bug 1244846SUSE bug 1244848SUSE bug 1244849SUSE bug 1244851SUSE bug 1244853SUSE bug 1244854SUSE bug 1244856SUSE bug 1244860SUSE bug 1244861SUSE bug 1244866SUSE bug 1244867SUSE bug 1244868SUSE bug 1244869SUSE bug 1244870SUSE bug 1244871SUSE bug 1244872SUSE bug 1244873SUSE bug 1244875SUSE bug 1244876SUSE bug 1244878SUSE bug 1244879SUSE bug 1244881SUSE bug 1244883SUSE bug 1244884SUSE bug 1244886SUSE bug 1244887SUSE bug 1244890SUSE bug 1244895SUSE bug 1244899SUSE bug 1244900SUSE bug 1244901SUSE bug 1244902SUSE bug 1244903SUSE bug 1244908SUSE bug 1244911SUSE bug 1244915SUSE bug 1244936SUSE bug 1244941SUSE bug 1244942SUSE bug 1244943SUSE bug 1244944SUSE bug 1244945SUSE bug 1244948SUSE bug 1244949SUSE bug 1244950SUSE bug 1244956SUSE bug 1244958SUSE bug 1244959SUSE bug 1244965SUSE bug 1244966SUSE bug 1244967SUSE bug 1244968SUSE bug 1244969SUSE bug 1244970SUSE bug 1244974SUSE bug 1244976SUSE bug 1244977SUSE bug 1244978SUSE bug 1244979SUSE bug 1244983SUSE bug 1244984SUSE bug 1244985SUSE bug 1244986SUSE bug 1244991SUSE bug 1244992SUSE bug 1244993SUSE bug 1245006SUSE bug 1245007SUSE bug 1245009SUSE bug 1245011SUSE bug 1245012SUSE bug 1245018SUSE bug 1245019SUSE bug 1245024SUSE bug 1245028SUSE bug 1245031SUSE bug 1245032SUSE bug 1245033SUSE bug 1245038SUSE bug 1245039SUSE bug 1245041SUSE bug 1245047SUSE bug 1245051SUSE bug 1245057SUSE bug 1245058SUSE bug 1245060SUSE bug 1245062SUSE bug 1245064SUSE bug 1245069SUSE bug 1245072SUSE bug 1245073SUSE bug 1245088SUSE bug 1245089SUSE bug 1245092SUSE bug 1245093SUSE bug 1245098SUSE bug 1245103SUSE bug 1245117SUSE bug 1245118SUSE bug 1245119SUSE bug 1245121SUSE bug 1245122SUSE bug 1245125SUSE bug 1245129SUSE bug 1245131SUSE bug 1245133SUSE bug 1245134SUSE bug 1245135SUSE bug 1245136SUSE bug 1245138SUSE bug 1245139SUSE bug 1245140SUSE bug 1245142SUSE bug 1245146SUSE bug 1245147SUSE bug 1245149SUSE bug 1245152SUSE bug 1245154SUSE bug 1245180SUSE bug 1245183SUSE bug 1245189SUSE bug 1245191SUSE bug 1245195SUSE bug 1245197SUSE bug 1245265SUSE bug 1245348SUSE bug 1245431SUSE bug 1245455CVE-2021-47557 at SUSECVE-2021-47557 at NVDCVE-2021-47595 at SUSECVE-2021-47595 at NVDCVE-2022-1679 at SUSECVE-2022-1679 at NVDCVE-2022-2585 at SUSECVE-2022-2585 at NVDCVE-2022-2586 at SUSECVE-2022-2586 at NVDCVE-2022-2905 at SUSECVE-2022-2905 at NVDCVE-2022-3903 at SUSECVE-2022-3903 at NVDCVE-2022-4095 at SUSECVE-2022-4095 at NVDCVE-2022-4662 at SUSECVE-2022-4662 at NVDCVE-2022-49934 at SUSECVE-2022-49934 at NVDCVE-2022-49936 at SUSECVE-2022-49936 at NVDCVE-2022-49937 at SUSECVE-2022-49937 at NVDCVE-2022-49938 at SUSECVE-2022-49938 at NVDCVE-2022-49940 at SUSECVE-2022-49940 at NVDCVE-2022-49942 at SUSECVE-2022-49942 at NVDCVE-2022-49945 at SUSECVE-2022-49945 at NVDCVE-2022-49946 at SUSECVE-2022-49946 at NVDCVE-2022-49948 at SUSECVE-2022-49948 at NVDCVE-2022-49950 at SUSECVE-2022-49950 at NVDCVE-2022-49952 at SUSECVE-2022-49952 at NVDCVE-2022-49954 at SUSECVE-2022-49954 at NVDCVE-2022-49956 at SUSECVE-2022-49956 at NVDCVE-2022-49957 at SUSECVE-2022-49957 at NVDCVE-2022-49958 at SUSECVE-2022-49958 at NVDCVE-2022-49960 at SUSECVE-2022-49960 at NVDCVE-2022-49964 at SUSECVE-2022-49964 at NVDCVE-2022-49966 at SUSECVE-2022-49966 at NVDCVE-2022-49968 at SUSECVE-2022-49968 at NVDCVE-2022-49969 at SUSECVE-2022-49969 at NVDCVE-2022-49977 at SUSECVE-2022-49977 at NVDCVE-2022-49978 at SUSECVE-2022-49978 at NVDCVE-2022-49981 at SUSECVE-2022-49981 at NVDCVE-2022-49982 at SUSECVE-2022-49982 at NVDCVE-2022-49983 at SUSECVE-2022-49983 at NVDCVE-2022-49984 at SUSECVE-2022-49984 at NVDCVE-2022-49985 at SUSECVE-2022-49985 at NVDCVE-2022-49986 at SUSECVE-2022-49986 at NVDCVE-2022-49987 at SUSECVE-2022-49987 at NVDCVE-2022-49989 at SUSECVE-2022-49989 at NVDCVE-2022-49990 at SUSECVE-2022-49990 at NVDCVE-2022-49993 at SUSECVE-2022-49993 at NVDCVE-2022-49995 at SUSECVE-2022-49995 at NVDCVE-2022-49999 at SUSECVE-2022-49999 at NVDCVE-2022-50005 at SUSECVE-2022-50005 at NVDCVE-2022-50006 at SUSECVE-2022-50006 at NVDCVE-2022-50008 at SUSECVE-2022-50008 at NVDCVE-2022-50010 at SUSECVE-2022-50010 at NVDCVE-2022-50011 at SUSECVE-2022-50011 at NVDCVE-2022-50012 at SUSECVE-2022-50012 at NVDCVE-2022-50019 at SUSECVE-2022-50019 at NVDCVE-2022-50020 at SUSECVE-2022-50020 at NVDCVE-2022-50021 at SUSECVE-2022-50021 at NVDCVE-2022-50022 at SUSECVE-2022-50022 at NVDCVE-2022-50023 at SUSECVE-2022-50023 at NVDCVE-2022-50024 at SUSECVE-2022-50024 at NVDCVE-2022-50026 at SUSECVE-2022-50026 at NVDCVE-2022-50027 at SUSECVE-2022-50027 at NVDCVE-2022-50028 at SUSECVE-2022-50028 at NVDCVE-2022-50029 at SUSECVE-2022-50029 at NVDCVE-2022-50030 at SUSECVE-2022-50030 at NVDCVE-2022-50031 at SUSECVE-2022-50031 at NVDCVE-2022-50032 at SUSECVE-2022-50032 at NVDCVE-2022-50033 at SUSECVE-2022-50033 at NVDCVE-2022-50034 at SUSECVE-2022-50034 at NVDCVE-2022-50036 at SUSECVE-2022-50036 at NVDCVE-2022-50038 at SUSECVE-2022-50038 at NVDCVE-2022-50039 at SUSECVE-2022-50039 at NVDCVE-2022-50040 at SUSECVE-2022-50040 at NVDCVE-2022-50045 at SUSECVE-2022-50045 at NVDCVE-2022-50046 at SUSECVE-2022-50046 at NVDCVE-2022-50047 at SUSECVE-2022-50047 at NVDCVE-2022-50051 at SUSECVE-2022-50051 at NVDCVE-2022-50053 at SUSECVE-2022-50053 at NVDCVE-2022-50055 at SUSECVE-2022-50055 at NVDCVE-2022-50059 at SUSECVE-2022-50059 at NVDCVE-2022-50060 at SUSECVE-2022-50060 at NVDCVE-2022-50061 at SUSECVE-2022-50061 at NVDCVE-2022-50062 at SUSECVE-2022-50062 at NVDCVE-2022-50065 at SUSECVE-2022-50065 at NVDCVE-2022-50066 at SUSECVE-2022-50066 at NVDCVE-2022-50067 at SUSECVE-2022-50067 at NVDCVE-2022-50068 at SUSECVE-2022-50068 at NVDCVE-2022-50072 at SUSECVE-2022-50072 at NVDCVE-2022-50073 at SUSECVE-2022-50073 at NVDCVE-2022-50074 at SUSECVE-2022-50074 at NVDCVE-2022-50076 at SUSECVE-2022-50076 at NVDCVE-2022-50077 at SUSECVE-2022-50077 at NVDCVE-2022-50079 at SUSECVE-2022-50079 at NVDCVE-2022-50083 at SUSECVE-2022-50083 at NVDCVE-2022-50084 at SUSECVE-2022-50084 at NVDCVE-2022-50085 at SUSECVE-2022-50085 at NVDCVE-2022-50087 at SUSECVE-2022-50087 at NVDCVE-2022-50092 at SUSECVE-2022-50092 at NVDCVE-2022-50093 at SUSECVE-2022-50093 at NVDCVE-2022-50094 at SUSECVE-2022-50094 at NVDCVE-2022-50095 at SUSECVE-2022-50095 at NVDCVE-2022-50097 at SUSECVE-2022-50097 at NVDCVE-2022-50098 at SUSECVE-2022-50098 at NVDCVE-2022-50099 at SUSECVE-2022-50099 at NVDCVE-2022-50100 at SUSECVE-2022-50100 at NVDCVE-2022-50101 at SUSECVE-2022-50101 at NVDCVE-2022-50102 at SUSECVE-2022-50102 at NVDCVE-2022-50103 at SUSECVE-2022-50103 at NVDCVE-2022-50104 at SUSECVE-2022-50104 at NVDCVE-2022-50108 at SUSECVE-2022-50108 at NVDCVE-2022-50109 at SUSECVE-2022-50109 at NVDCVE-2022-50110 at SUSECVE-2022-50110 at NVDCVE-2022-50111 at SUSECVE-2022-50111 at NVDCVE-2022-50112 at SUSECVE-2022-50112 at NVDCVE-2022-50116 at SUSECVE-2022-50116 at NVDCVE-2022-50118 at SUSECVE-2022-50118 at NVDCVE-2022-50120 at SUSECVE-2022-50120 at NVDCVE-2022-50121 at SUSECVE-2022-50121 at NVDCVE-2022-50124 at SUSECVE-2022-50124 at NVDCVE-2022-50125 at SUSECVE-2022-50125 at NVDCVE-2022-50126 at SUSECVE-2022-50126 at NVDCVE-2022-50127 at SUSECVE-2022-50127 at NVDCVE-2022-50129 at SUSECVE-2022-50129 at NVDCVE-2022-50131 at SUSECVE-2022-50131 at NVDCVE-2022-50132 at SUSECVE-2022-50132 at NVDCVE-2022-50134 at SUSECVE-2022-50134 at NVDCVE-2022-50136 at SUSECVE-2022-50136 at NVDCVE-2022-50137 at SUSECVE-2022-50137 at NVDCVE-2022-50138 at SUSECVE-2022-50138 at NVDCVE-2022-50139 at SUSECVE-2022-50139 at NVDCVE-2022-50140 at SUSECVE-2022-50140 at NVDCVE-2022-50141 at SUSECVE-2022-50141 at NVDCVE-2022-50142 at SUSECVE-2022-50142 at NVDCVE-2022-50143 at SUSECVE-2022-50143 at NVDCVE-2022-50145 at SUSECVE-2022-50145 at NVDCVE-2022-50146 at SUSECVE-2022-50146 at NVDCVE-2022-50149 at SUSECVE-2022-50149 at NVDCVE-2022-50151 at SUSECVE-2022-50151 at NVDCVE-2022-50152 at SUSECVE-2022-50152 at NVDCVE-2022-50153 at SUSECVE-2022-50153 at NVDCVE-2022-50154 at SUSECVE-2022-50154 at NVDCVE-2022-50155 at SUSECVE-2022-50155 at NVDCVE-2022-50156 at SUSECVE-2022-50156 at NVDCVE-2022-50157 at SUSECVE-2022-50157 at NVDCVE-2022-50158 at SUSECVE-2022-50158 at NVDCVE-2022-50160 at SUSECVE-2022-50160 at NVDCVE-2022-50161 at SUSECVE-2022-50161 at NVDCVE-2022-50162 at SUSECVE-2022-50162 at NVDCVE-2022-50164 at SUSECVE-2022-50164 at NVDCVE-2022-50165 at SUSECVE-2022-50165 at NVDCVE-2022-50169 at SUSECVE-2022-50169 at NVDCVE-2022-50171 at SUSECVE-2022-50171 at NVDCVE-2022-50172 at SUSECVE-2022-50172 at NVDCVE-2022-50173 at SUSECVE-2022-50173 at NVDCVE-2022-50175 at SUSECVE-2022-50175 at NVDCVE-2022-50176 at SUSECVE-2022-50176 at NVDCVE-2022-50178 at SUSECVE-2022-50178 at NVDCVE-2022-50179 at SUSECVE-2022-50179 at NVDCVE-2022-50181 at SUSECVE-2022-50181 at NVDCVE-2022-50185 at SUSECVE-2022-50185 at NVDCVE-2022-50187 at SUSECVE-2022-50187 at NVDCVE-2022-50190 at SUSECVE-2022-50190 at NVDCVE-2022-50191 at SUSECVE-2022-50191 at NVDCVE-2022-50192 at SUSECVE-2022-50192 at NVDCVE-2022-50194 at SUSECVE-2022-50194 at NVDCVE-2022-50196 at SUSECVE-2022-50196 at NVDCVE-2022-50197 at SUSECVE-2022-50197 at NVDCVE-2022-50198 at SUSECVE-2022-50198 at NVDCVE-2022-50199 at SUSECVE-2022-50199 at NVDCVE-2022-50200 at SUSECVE-2022-50200 at NVDCVE-2022-50201 at SUSECVE-2022-50201 at NVDCVE-2022-50202 at SUSECVE-2022-50202 at NVDCVE-2022-50203 at SUSECVE-2022-50203 at NVDCVE-2022-50204 at SUSECVE-2022-50204 at NVDCVE-2022-50206 at SUSECVE-2022-50206 at NVDCVE-2022-50207 at SUSECVE-2022-50207 at NVDCVE-2022-50208 at SUSECVE-2022-50208 at NVDCVE-2022-50209 at SUSECVE-2022-50209 at NVDCVE-2022-50211 at SUSECVE-2022-50211 at NVDCVE-2022-50212 at SUSECVE-2022-50212 at NVDCVE-2022-50213 at SUSECVE-2022-50213 at NVDCVE-2022-50215 at SUSECVE-2022-50215 at NVDCVE-2022-50218 at SUSECVE-2022-50218 at NVDCVE-2022-50220 at SUSECVE-2022-50220 at NVDCVE-2022-50222 at SUSECVE-2022-50222 at NVDCVE-2022-50226 at SUSECVE-2022-50226 at NVDCVE-2022-50228 at SUSECVE-2022-50228 at NVDCVE-2022-50229 at SUSECVE-2022-50229 at NVDCVE-2022-50231 at SUSECVE-2022-50231 at NVDCVE-2023-3111 at SUSECVE-2023-3111 at NVDCVE-2023-52924 at SUSECVE-2023-52924 at NVDCVE-2023-52925 at SUSECVE-2023-52925 at NVDCVE-2023-53048 at SUSECVE-2023-53048 at NVDCVE-2023-53076 at SUSECVE-2023-53076 at NVDCVE-2023-53097 at SUSECVE-2023-53097 at NVDCVE-2024-26808 at SUSECVE-2024-26808 at NVDCVE-2024-26924 at SUSECVE-2024-26924 at NVDCVE-2024-26935 at SUSECVE-2024-26935 at NVDCVE-2024-27397 at SUSECVE-2024-27397 at NVDCVE-2024-35840 at SUSECVE-2024-35840 at NVDCVE-2024-36978 at SUSECVE-2024-36978 at NVDCVE-2024-46800 at SUSECVE-2024-46800 at NVDCVE-2024-53057 at SUSECVE-2024-53057 at NVDCVE-2024-53125 at SUSECVE-2024-53125 at NVDCVE-2024-53141 at SUSECVE-2024-53141 at NVDCVE-2024-56770 at SUSECVE-2024-56770 at NVDCVE-2024-57947 at SUSECVE-2024-57947 at NVDCVE-2024-57999 at SUSECVE-2024-57999 at NVDCVE-2025-21700 at SUSECVE-2025-21700 at NVDCVE-2025-21702 at SUSECVE-2025-21702 at NVDCVE-2025-21703 at SUSECVE-2025-21703 at NVDCVE-2025-21756 at SUSECVE-2025-21756 at NVDCVE-2025-23141 at SUSECVE-2025-23141 at NVDCVE-2025-23145 at SUSECVE-2025-23145 at NVDCVE-2025-37752 at SUSECVE-2025-37752 at NVDCVE-2025-37797 at SUSECVE-2025-37797 at NVDCVE-2025-37798 at SUSECVE-2025-37798 at NVDCVE-2025-37823 at SUSECVE-2025-37823 at NVDCVE-2025-37890 at SUSECVE-2025-37890 at NVDCVE-2025-37932 at SUSECVE-2025-37932 at NVDCVE-2025-37953 at SUSECVE-2025-37953 at NVDCVE-2025-37997 at SUSECVE-2025-37997 at NVDCVE-2025-38000 at SUSECVE-2025-38000 at NVDCVE-2025-38001 at SUSECVE-2025-38001 at NVDCVE-2025-38014 at SUSECVE-2025-38014 at NVDCVE-2025-38083 at SUSECVE-2025-38083 at NVDcpe:/o:suse:sle-micro:5.4Security update for xen (Important)SUSE Linux Enterprise Micro 5.4
This update for xen fixes the following issues:
Security fixes:
- CVE-2024-28956: Fixed Intel CPU: Indirect Target Selection (ITS) (XSA-469) (bsc#1243117)
- CVE-2024-53241: Fixed Xen hypercall page unsafe against speculative attacks (XSA-466) (bsc#1234282)
- CVE-2025-1713: Fixed deadlock potential with VT-d and legacy PCI device pass-through (XSA-467) (bsc#1238043)
- CVE-2024-36350, CVE-2024-36357: More AMD transient execution attacks (bsc#1246112, XSA-471)
- CVE-2025-27465: Incorrect stubs exception handling for flags recovery (bsc#1244644, XSA-470)
Other fixes:
- Upstream bug fixes (bsc#1027519)
ImportantSUSE bug 1027519SUSE bug 1234282SUSE bug 1238043SUSE bug 1238896SUSE bug 1243117SUSE bug 1244644SUSE bug 1246112CVE-2024-28956 at SUSECVE-2024-28956 at NVDCVE-2024-36350 at SUSECVE-2024-36350 at NVDCVE-2024-36357 at SUSECVE-2024-36357 at NVDCVE-2024-53241 at SUSECVE-2024-53241 at NVDCVE-2025-1713 at SUSECVE-2025-1713 at NVDCVE-2025-27465 at SUSECVE-2025-27465 at NVDcpe:/o:suse:sle-micro:5.4Security update for libxml2 (Important)SUSE Linux Enterprise Micro 5.4
This update for libxml2 fixes the following issues:
- CVE-2025-49794: Fixed a heap use after free which could lead to denial of service. (bsc#1244554)
- CVE-2025-49796: Fixed type confusion which could lead to denial of service. (bsc#1244557)
- CVE-2025-6170: Fixed a stack buffer overflow which could lead to a crash. (bsc#1244700)
- CVE-2025-6021: Fixed an integer overflow in xmlBuildQName() which could lead to stack buffer overflow. (bsc#1244590)
ImportantSUSE bug 1244554SUSE bug 1244557SUSE bug 1244590SUSE bug 1244700CVE-2025-49794 at SUSECVE-2025-49794 at NVDCVE-2025-49796 at SUSECVE-2025-49796 at NVDCVE-2025-6021 at SUSECVE-2025-6021 at NVDCVE-2025-6170 at SUSECVE-2025-6170 at NVDcpe:/o:suse:sle-micro:5.4Security update for coreutils (Moderate)SUSE Linux Enterprise Micro 5.4
This update for coreutils fixes the following issues:
- CVE-2025-5278: Fixed heap buffer under-read may lead to a crash or leak sensitive data (bsc#1243767)
ModerateSUSE bug 1243767CVE-2025-5278 at SUSECVE-2025-5278 at NVDcpe:/o:suse:sle-micro:5.4Security update for glib2 (Moderate)SUSE Linux Enterprise Micro 5.4
This update for glib2 fixes the following issues:
- CVE-2025-4373: integer overflow in the `g_string_insert_unichar()` function can lead to buffer underwrite and memory
corruption (bsc#1242844).
ModerateSUSE bug 1242844CVE-2025-4373 at SUSECVE-2025-4373 at NVDcpe:/o:suse:sle-micro:5.4Security update for jq (Moderate)SUSE Linux Enterprise Micro 5.4
This update for jq fixes the following issues:
- CVE-2024-23337: Fixed signed integer overflow in jv.c:jvp_array_write (bsc#1243450).
ModerateSUSE bug 1243450CVE-2024-23337 at SUSECVE-2024-23337 at NVDcpe:/o:suse:sle-micro:5.4Security update for iputils (Moderate)SUSE Linux Enterprise Micro 5.4
This update for iputils fixes the following issues:
- CVE-2025-48964: Fixed integer overflow in ping statistics via zero timestamp (bsc#1243772).
ModerateSUSE bug 1243772CVE-2025-48964 at SUSECVE-2025-48964 at NVDcpe:/o:suse:sle-micro:5.4Security update for libgcrypt (Moderate)SUSE Linux Enterprise Micro 5.4
This update for libgcrypt fixes the following issues:
- CVE-2024-2236: timing-based side-channel flaw in RSA implementation can lead to decryption of RSA ciphertexts (bsc#1221107).
ModerateSUSE bug 1221107CVE-2024-2236 at SUSECVE-2024-2236 at NVDcpe:/o:suse:sle-micro:5.4Security update for gstreamer-plugins-base (Moderate)SUSE Linux Enterprise Micro 5.4
This update for gstreamer-plugins-base fixes the following issues:
- CVE-2025-47808: Fixed NULL-pointer dereference in TMPlayer subtitle parser (bsc#1244404).
- CVE-2025-47807: Fixed NULL-pointer dereference in SubRip subtitle parser (bsc#1244403).
- CVE-2025-47806: Fixed stack buffer overflow in SubRip subtitle parser (bsc#1244407).
ModerateSUSE bug 1244403SUSE bug 1244404SUSE bug 1244407CVE-2025-47806 at SUSECVE-2025-47806 at NVDCVE-2025-47807 at SUSECVE-2025-47807 at NVDCVE-2025-47808 at SUSECVE-2025-47808 at NVDcpe:/o:suse:sle-micro:5.4Security update for salt (Important)SUSE Linux Enterprise Micro 5.4
This update for salt fixes the following issues:
- Security issues fixed:
- CVE-2024-38822: Fixed Minion token validation (bsc#1244561)
- CVE-2024-38823: Fixed server vulnerability to replay attacks when not using a TLS encrypted transport (bsc#1244564)
- CVE-2024-38824: Fixed directory traversal vulnerability in recv_file method (bsc#1244565)
- CVE-2024-38825: Fixed salt.auth.pki module authentication issue (bsc#1244566)
- CVE-2025-22240: Fixed arbitrary directory creation or file deletion with GitFS (bsc#1244567)
- CVE-2025-22236: Fixed Minion event bus authorization bypass (bsc#1244568)
- CVE-2025-22241: Fixed the use of un-validated input in the VirtKey class (bsc#1244570)
- CVE-2025-22237: Fixed exploitation of the 'on demand' pillar functionality (bsc#1244571)
- CVE-2025-22238: Fixed the master's default cache vulnerability to a directory traversal attack (bsc#1244572)
- CVE-2025-22239: Fixed the arbitrary event injection on the Salt Master (bsc#1244574)
- CVE-2025-22242: Fixed a Denial of Service vulnerability through file read operation (bsc#1244575)
- CVE-2025-47287: Fixed a Denial of Service vulnerability in Tornado logging behavior (bsc#1243268)
- Other bugs fixed:
- Added subsystem filter to udev.exportdb (bsc#1236621)
- Fixed Ubuntu 24.04 test failures
- Fixed refresh of osrelease and related grains on Python 3.10+
- Fixed issue requiring proper Python flavor for dependencies
ImportantSUSE bug 1236621SUSE bug 1243268SUSE bug 1244561SUSE bug 1244564SUSE bug 1244565SUSE bug 1244566SUSE bug 1244567SUSE bug 1244568SUSE bug 1244570SUSE bug 1244571SUSE bug 1244572SUSE bug 1244574SUSE bug 1244575CVE-2024-38822 at SUSECVE-2024-38822 at NVDCVE-2024-38823 at SUSECVE-2024-38823 at NVDCVE-2024-38824 at SUSECVE-2024-38824 at NVDCVE-2024-38825 at SUSECVE-2024-38825 at NVDCVE-2025-22236 at SUSECVE-2025-22236 at NVDCVE-2025-22237 at SUSECVE-2025-22237 at NVDCVE-2025-22238 at SUSECVE-2025-22238 at NVDCVE-2025-22239 at SUSECVE-2025-22239 at NVDCVE-2025-22240 at SUSECVE-2025-22240 at NVDCVE-2025-22241 at SUSECVE-2025-22241 at NVDCVE-2025-22242 at SUSECVE-2025-22242 at NVDCVE-2025-47287 at SUSECVE-2025-47287 at NVDcpe:/o:suse:sle-micro:5.4Security update for polkit (Important)SUSE Linux Enterprise Micro 5.4
This update for polkit fixes the following issues:
- CVE-2025-7519: Fixed a XML policy file with a large number of nested elements that may lead to out-of-bounds write. (bsc#1246472)
ImportantSUSE bug 1246472CVE-2025-7519 at SUSECVE-2025-7519 at NVDcpe:/o:suse:sle-micro:5.4Security update for boost (Important)SUSE Linux Enterprise Micro 5.4
This update for boost fixes the following issues:
- CVE-2016-9840: Fixed out-of-bounds pointer arithmetic in zlib in beast (bsc#1245936)
ImportantSUSE bug 1245936CVE-2016-9840 at SUSECVE-2016-9840 at NVDcpe:/o:suse:sle-micro:5.4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.4
The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2021-47557: net/sched: sch_ets: do not peek at classes beyond 'nbands' (bsc#1207361 bsc#1225468).
- CVE-2021-47595: net/sched: sch_ets: do not remove idle classes from the round-robin list (bsc#1207361 bsc#1226552).
- CVE-2023-52924: netfilter: nf_tables: do not skip expired elements during walk (bsc#1236821).
- CVE-2023-52925: netfilter: nf_tables: do not fail inserts if duplicate has expired (bsc#1236822).
- CVE-2024-26808: netfilter: nft_chain_filter: handle NETDEV_UNREGISTER for inet/ingress basechain (bsc#1222634).
- CVE-2024-26924: scsi: lpfc: Release hbalock before calling lpfc_worker_wake_up() (bsc#1225820).
- CVE-2024-27397: kabi: place tstamp needed for nftables set in a hole (bsc#1224095).
- CVE-2024-36978: net: sched: sch_multiq: fix possible OOB write in multiq_tune() (bsc#1226514).
- CVE-2024-46800: sch/netem: fix use after free in netem_dequeue (bsc#1230827).
- CVE-2024-53057: net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT (bsc#1233551).
- CVE-2024-53125: bpf: sync_linked_regs() must preserve subreg_def (bsc#1234156).
- CVE-2024-53141: netfilter: ipset: add missing range check in bitmap_ip_uadt (bsc#1234381).
- CVE-2024-56770: sch/netem: fix use after free in netem_dequeue (bsc#1235637).
- CVE-2024-57947: netfilter: nf_set_pipapo: fix initial map fill (bsc#1236333).
- CVE-2025-21700: net: sched: Disallow replacing of child qdisc from one parent to another (bsc#1237159).
- CVE-2025-21702: pfifo_tail_enqueue: Drop new packet when sch->limit == 0 (bsc#1237312).
- CVE-2025-21703: netem: Update sch->q.qlen before qdisc_tree_reduce_backlog() (bsc#1237313).
- CVE-2025-21756: vsock: Orphan socket after transport release (bsc#1238876).
- CVE-2025-23141: KVM: x86: Acquire SRCU in KVM_GET_MP_STATE to protect guest memory accesses (bsc#1242782).
- CVE-2025-37752: net_sched: sch_sfq: move the limit validation (bsc#1242504).
- CVE-2025-37797: net_sched: hfsc: Fix a UAF vulnerability in class handling (bsc#1242417).
- CVE-2025-37823: net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too (bsc#1242924).
- CVE-2025-37890: net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc (bsc#1243330).
- CVE-2025-37997: netfilter: ipset: fix region locking in hash types (bsc#1243832).
- CVE-2025-38000: sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue() (bsc#1244277).
- CVE-2025-38001: net_sched: hfsc: Address reentrant enqueue adding class to eltree twice (bsc#1244234).
- CVE-2025-38014: dmaengine: idxd: Refactor remove call with idxd_cleanup() helper (bsc#1244732).
- CVE-2025-38083: net_sched: prio: fix a race in prio_tune() (bsc#1245183).
The following non-security bugs were fixed:
- Fix conditional for selecting gcc-13 Fixes: 51dacec21eb1 ('Use gcc-13 for build on SLE16 (jsc#PED-10028).')
- Fix reference in 'net_sched: sch_sfq: use a temporary work area for validating configuration' (bsc#1242504)
- MyBS: Correctly generate build flags for non-multibuild package limit (bsc# 1244241) Fixes: 0999112774fc ('MyBS: Use buildflags to set which package to build')
- MyBS: Do not build kernel-obs-qa with limit_packages Fixes: 58e3f8c34b2b ('bs-upload-kernel: Pass limit_packages also on multibuild')
- MyBS: Simplify qa_expr generation Start with a 0 which makes the expression valid even if there are no QA repositories (currently does not happen). Then separator is always needed.
- Require zstd in kernel-default-devel when module compression is zstd To use ksym-provides tool modules need to be uncompressed. Without zstd at least kernel-default-base does not have provides. Link: https://github.com/openSUSE/rpm-config-SUSE/pull/82
- Use gcc-13 for build on SLE16 (jsc#PED-10028).
- add nf_tables for iptables non-legacy network handling This is needed for example by docker on the Alpine Linux distribution, but can also be used on openSUSE.
- bs-upload-kernel: Pass limit_packages also on multibuild Fixes: 0999112774fc ('MyBS: Use buildflags to set which package to build') Fixes: 747f601d4156 ('bs-upload-kernel, MyBS, Buildresults: Support multibuild (JSC-SLE#5501, boo#1211226, bsc#1218184)')
- check-for-config-changes: Fix flag name typo
- doc/README.SUSE: Point to the updated version of LKMPG
- hugetlb: unshare some PMDs when splitting VMAs (bsc#1245431).
- kernel-binary: Support livepatch_rt with merged RT branch
- kernel-obs-qa: Use srchash for dependency as well
- kernel-source: Also replace bin/env
- kernel-source: Also update the search to match bin/env Fixes: dc2037cd8f94 ('kernel-source: Also replace bin/env'
- kernel-source: Remove log.sh from sources
- mkspec: Exclude rt flavor from kernel-syms dependencies (bsc#1244337).
- mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race (bsc#1245431).
- mm/hugetlb: unshare page tables during VMA split, not before (bsc#1245431).
- net_sched: sch_fifo: implement lockless __fifo_dump() (bsc#1237312)
- net_sched: sch_sfq: use a temporary work area for validating configuration (bsc#1232504)
- packaging: Patch Makefile to pre-select gcc version (jsc#PED-12251).
- packaging: Turn gcc version into config.sh variable Fixes: 51dacec21eb1 ('Use gcc-13 for build on SLE16 (jsc#PED-10028).')
- powerpc/powernv/memtrace: Fix out of bounds issue in memtrace mmap (bsc#1244309 ltc#213790).
- powerpc/vas: Return -EINVAL if the offset is non-zero in mmap() (bsc#1244309 ltc#213790).
- rpm/check-for-config-changes: Add GCC_ASM_FLAG_OUTPUT_BROKEN
- rpm/check-for-config-changes: Add GCC_ASM_FLAG_OUTPUT_BROKEN Both spellings are actually used
- rpm/check-for-config-changes: add LD_CAN_ to IGNORED_CONFIGS_RE
- rpm/check-for-config-changes: add more to IGNORED_CONFIGS_RE Useful when someone tries (needs) to build the kernel with clang.
- rpm/check-for-config-changes: ignore DRM_MSM_VALIDATE_XML This option is dynamically enabled to build-test different configurations. This makes run_oldconfig.sh complain sporadically for arm64.
- rpm/kernel-binary.spec.in: Also order against update-bootloader (boo#1228659, boo#1240785, boo#1241038).
- rpm/kernel-binary.spec.in: Fix missing 20-kernel-default-extra.conf (bsc#1239986) sle_version was obsoleted for SLE16. It has to be combined with suse_version check.
- rpm/kernel-binary.spec.in: Use OrderWithRequires (boo#1228659 boo#1241038).
- rpm/kernel-binary.spec.in: fix KMPs build on 6.13+ (bsc#1234454)
- rpm/kernel-docs.spec.in: Workaround for reproducible builds (bsc#1238303)
- rpm/package-descriptions: Add rt and rt_debug descriptions
- rpm/release-projects: Update the ALP projects again (bsc#1231293).
- rpm/split-modules: Fix optional splitting with usrmerge (bsc#1238570)
- rpm: Stop using is_kotd_qa macro
- scsi: storvsc: Do not report the host packet status as the hv status (git-fixes).
- scsi: storvsc: Increase the timeouts to storvsc_timeout (bsc#1245455).
- wifi: cfg80211: Add my certificate (bsc#1243001).
- wifi: cfg80211: fix certs build to not depend on file order (bsc#1243001).
ImportantSUSE bug 1065729SUSE bug 1156395SUSE bug 1193629SUSE bug 1194869SUSE bug 1198410SUSE bug 1199356SUSE bug 1199487SUSE bug 1201160SUSE bug 1201956SUSE bug 1202094SUSE bug 1202095SUSE bug 1202564SUSE bug 1202716SUSE bug 1202823SUSE bug 1202860SUSE bug 1203197SUSE bug 1203361SUSE bug 1205220SUSE bug 1205514SUSE bug 1206664SUSE bug 1206878SUSE bug 1206880SUSE bug 1207361SUSE bug 1207638SUSE bug 1211226SUSE bug 1212051SUSE bug 1213090SUSE bug 1218184SUSE bug 1218234SUSE bug 1218470SUSE bug 1222634SUSE bug 1223675SUSE bug 1224095SUSE bug 1224597SUSE bug 1225468SUSE bug 1225820SUSE bug 1226514SUSE bug 1226552SUSE bug 1228659SUSE bug 1230827SUSE bug 1231293SUSE bug 1232504SUSE bug 1233551SUSE bug 1234156SUSE bug 1234381SUSE bug 1234454SUSE bug 1235637SUSE bug 1236333SUSE bug 1236821SUSE bug 1236822SUSE bug 1237159SUSE bug 1237312SUSE bug 1237313SUSE bug 1238303SUSE bug 1238526SUSE bug 1238570SUSE bug 1238876SUSE bug 1239986SUSE bug 1240785SUSE bug 1241038SUSE bug 1242221SUSE bug 1242414SUSE bug 1242417SUSE bug 1242504SUSE bug 1242596SUSE bug 1242782SUSE bug 1242924SUSE bug 1243001SUSE bug 1243330SUSE bug 1243543SUSE bug 1243627SUSE bug 1243832SUSE bug 1244114SUSE bug 1244179SUSE bug 1244234SUSE bug 1244241SUSE bug 1244277SUSE bug 1244309SUSE bug 1244337SUSE bug 1244732SUSE bug 1244764SUSE bug 1244765SUSE bug 1244767SUSE bug 1244770SUSE bug 1244771SUSE bug 1244773SUSE bug 1244774SUSE bug 1244776SUSE bug 1244779SUSE bug 1244780SUSE bug 1244781SUSE bug 1244782SUSE bug 1244783SUSE bug 1244784SUSE bug 1244786SUSE bug 1244787SUSE bug 1244788SUSE bug 1244790SUSE bug 1244793SUSE bug 1244794SUSE bug 1244796SUSE bug 1244797SUSE bug 1244798SUSE bug 1244800SUSE bug 1244802SUSE bug 1244804SUSE bug 1244807SUSE bug 1244808SUSE bug 1244811SUSE bug 1244813SUSE bug 1244814SUSE bug 1244815SUSE bug 1244816SUSE bug 1244819SUSE bug 1244820SUSE bug 1244823SUSE bug 1244824SUSE bug 1244825SUSE bug 1244830SUSE bug 1244831SUSE bug 1244832SUSE bug 1244834SUSE bug 1244836SUSE bug 1244838SUSE bug 1244839SUSE bug 1244840SUSE bug 1244841SUSE bug 1244842SUSE bug 1244843SUSE bug 1244845SUSE bug 1244846SUSE bug 1244848SUSE bug 1244849SUSE bug 1244851SUSE bug 1244853SUSE bug 1244854SUSE bug 1244856SUSE bug 1244860SUSE bug 1244861SUSE bug 1244866SUSE bug 1244867SUSE bug 1244868SUSE bug 1244869SUSE bug 1244870SUSE bug 1244871SUSE bug 1244872SUSE bug 1244873SUSE bug 1244875SUSE bug 1244876SUSE bug 1244878SUSE bug 1244879SUSE bug 1244881SUSE bug 1244883SUSE bug 1244884SUSE bug 1244886SUSE bug 1244887SUSE bug 1244890SUSE bug 1244895SUSE bug 1244899SUSE bug 1244900SUSE bug 1244901SUSE bug 1244902SUSE bug 1244903SUSE bug 1244908SUSE bug 1244911SUSE bug 1244915SUSE bug 1244936SUSE bug 1244941SUSE bug 1244942SUSE bug 1244943SUSE bug 1244944SUSE bug 1244945SUSE bug 1244948SUSE bug 1244949SUSE bug 1244950SUSE bug 1244956SUSE bug 1244958SUSE bug 1244959SUSE bug 1244965SUSE bug 1244966SUSE bug 1244967SUSE bug 1244968SUSE bug 1244969SUSE bug 1244970SUSE bug 1244974SUSE bug 1244976SUSE bug 1244977SUSE bug 1244978SUSE bug 1244979SUSE bug 1244983SUSE bug 1244984SUSE bug 1244985SUSE bug 1244986SUSE bug 1244991SUSE bug 1244992SUSE bug 1244993SUSE bug 1245006SUSE bug 1245007SUSE bug 1245009SUSE bug 1245011SUSE bug 1245012SUSE bug 1245018SUSE bug 1245019SUSE bug 1245024SUSE bug 1245028SUSE bug 1245031SUSE bug 1245032SUSE bug 1245033SUSE bug 1245038SUSE bug 1245039SUSE bug 1245041SUSE bug 1245047SUSE bug 1245051SUSE bug 1245057SUSE bug 1245058SUSE bug 1245060SUSE bug 1245062SUSE bug 1245064SUSE bug 1245069SUSE bug 1245072SUSE bug 1245073SUSE bug 1245088SUSE bug 1245089SUSE bug 1245092SUSE bug 1245093SUSE bug 1245098SUSE bug 1245103SUSE bug 1245117SUSE bug 1245118SUSE bug 1245119SUSE bug 1245121SUSE bug 1245122SUSE bug 1245125SUSE bug 1245129SUSE bug 1245131SUSE bug 1245133SUSE bug 1245134SUSE bug 1245135SUSE bug 1245136SUSE bug 1245138SUSE bug 1245139SUSE bug 1245140SUSE bug 1245142SUSE bug 1245146SUSE bug 1245147SUSE bug 1245149SUSE bug 1245152SUSE bug 1245154SUSE bug 1245180SUSE bug 1245183SUSE bug 1245189SUSE bug 1245191SUSE bug 1245195SUSE bug 1245197SUSE bug 1245265SUSE bug 1245348SUSE bug 1245431SUSE bug 1245455CVE-2021-47557 at SUSECVE-2021-47557 at NVDCVE-2021-47595 at SUSECVE-2021-47595 at NVDCVE-2022-1679 at SUSECVE-2022-1679 at NVDCVE-2022-2585 at SUSECVE-2022-2585 at NVDCVE-2022-2586 at SUSECVE-2022-2586 at NVDCVE-2022-2905 at SUSECVE-2022-2905 at NVDCVE-2022-3903 at SUSECVE-2022-3903 at NVDCVE-2022-4095 at SUSECVE-2022-4095 at NVDCVE-2022-4662 at SUSECVE-2022-4662 at NVDCVE-2022-49934 at SUSECVE-2022-49934 at NVDCVE-2022-49936 at SUSECVE-2022-49936 at NVDCVE-2022-49937 at SUSECVE-2022-49937 at NVDCVE-2022-49938 at SUSECVE-2022-49938 at NVDCVE-2022-49940 at SUSECVE-2022-49940 at NVDCVE-2022-49942 at SUSECVE-2022-49942 at NVDCVE-2022-49945 at SUSECVE-2022-49945 at NVDCVE-2022-49946 at SUSECVE-2022-49946 at NVDCVE-2022-49948 at SUSECVE-2022-49948 at NVDCVE-2022-49950 at SUSECVE-2022-49950 at NVDCVE-2022-49952 at SUSECVE-2022-49952 at NVDCVE-2022-49954 at SUSECVE-2022-49954 at NVDCVE-2022-49956 at SUSECVE-2022-49956 at NVDCVE-2022-49957 at SUSECVE-2022-49957 at NVDCVE-2022-49958 at SUSECVE-2022-49958 at NVDCVE-2022-49960 at SUSECVE-2022-49960 at NVDCVE-2022-49964 at SUSECVE-2022-49964 at NVDCVE-2022-49966 at SUSECVE-2022-49966 at NVDCVE-2022-49968 at SUSECVE-2022-49968 at NVDCVE-2022-49969 at SUSECVE-2022-49969 at NVDCVE-2022-49977 at SUSECVE-2022-49977 at NVDCVE-2022-49978 at SUSECVE-2022-49978 at NVDCVE-2022-49981 at SUSECVE-2022-49981 at NVDCVE-2022-49982 at SUSECVE-2022-49982 at NVDCVE-2022-49983 at SUSECVE-2022-49983 at NVDCVE-2022-49984 at SUSECVE-2022-49984 at NVDCVE-2022-49985 at SUSECVE-2022-49985 at NVDCVE-2022-49986 at SUSECVE-2022-49986 at NVDCVE-2022-49987 at SUSECVE-2022-49987 at NVDCVE-2022-49989 at SUSECVE-2022-49989 at NVDCVE-2022-49990 at SUSECVE-2022-49990 at NVDCVE-2022-49993 at SUSECVE-2022-49993 at NVDCVE-2022-49995 at SUSECVE-2022-49995 at NVDCVE-2022-49999 at SUSECVE-2022-49999 at NVDCVE-2022-50005 at SUSECVE-2022-50005 at NVDCVE-2022-50006 at SUSECVE-2022-50006 at NVDCVE-2022-50008 at SUSECVE-2022-50008 at NVDCVE-2022-50010 at SUSECVE-2022-50010 at NVDCVE-2022-50011 at SUSECVE-2022-50011 at NVDCVE-2022-50012 at SUSECVE-2022-50012 at NVDCVE-2022-50019 at SUSECVE-2022-50019 at NVDCVE-2022-50020 at SUSECVE-2022-50020 at NVDCVE-2022-50021 at SUSECVE-2022-50021 at NVDCVE-2022-50022 at SUSECVE-2022-50022 at NVDCVE-2022-50023 at SUSECVE-2022-50023 at NVDCVE-2022-50024 at SUSECVE-2022-50024 at NVDCVE-2022-50026 at SUSECVE-2022-50026 at NVDCVE-2022-50027 at SUSECVE-2022-50027 at NVDCVE-2022-50028 at SUSECVE-2022-50028 at NVDCVE-2022-50029 at SUSECVE-2022-50029 at NVDCVE-2022-50030 at SUSECVE-2022-50030 at NVDCVE-2022-50031 at SUSECVE-2022-50031 at NVDCVE-2022-50032 at SUSECVE-2022-50032 at NVDCVE-2022-50033 at SUSECVE-2022-50033 at NVDCVE-2022-50034 at SUSECVE-2022-50034 at NVDCVE-2022-50036 at SUSECVE-2022-50036 at NVDCVE-2022-50038 at SUSECVE-2022-50038 at NVDCVE-2022-50039 at SUSECVE-2022-50039 at NVDCVE-2022-50040 at SUSECVE-2022-50040 at NVDCVE-2022-50045 at SUSECVE-2022-50045 at NVDCVE-2022-50046 at SUSECVE-2022-50046 at NVDCVE-2022-50047 at SUSECVE-2022-50047 at NVDCVE-2022-50051 at SUSECVE-2022-50051 at NVDCVE-2022-50053 at SUSECVE-2022-50053 at NVDCVE-2022-50055 at SUSECVE-2022-50055 at NVDCVE-2022-50059 at SUSECVE-2022-50059 at NVDCVE-2022-50060 at SUSECVE-2022-50060 at NVDCVE-2022-50061 at SUSECVE-2022-50061 at NVDCVE-2022-50062 at SUSECVE-2022-50062 at NVDCVE-2022-50065 at SUSECVE-2022-50065 at NVDCVE-2022-50066 at SUSECVE-2022-50066 at NVDCVE-2022-50067 at SUSECVE-2022-50067 at NVDCVE-2022-50068 at SUSECVE-2022-50068 at NVDCVE-2022-50072 at SUSECVE-2022-50072 at NVDCVE-2022-50073 at SUSECVE-2022-50073 at NVDCVE-2022-50074 at SUSECVE-2022-50074 at NVDCVE-2022-50076 at SUSECVE-2022-50076 at NVDCVE-2022-50077 at SUSECVE-2022-50077 at NVDCVE-2022-50079 at SUSECVE-2022-50079 at NVDCVE-2022-50083 at SUSECVE-2022-50083 at NVDCVE-2022-50084 at SUSECVE-2022-50084 at NVDCVE-2022-50085 at SUSECVE-2022-50085 at NVDCVE-2022-50087 at SUSECVE-2022-50087 at NVDCVE-2022-50092 at SUSECVE-2022-50092 at NVDCVE-2022-50093 at SUSECVE-2022-50093 at NVDCVE-2022-50094 at SUSECVE-2022-50094 at NVDCVE-2022-50095 at SUSECVE-2022-50095 at NVDCVE-2022-50097 at SUSECVE-2022-50097 at NVDCVE-2022-50098 at SUSECVE-2022-50098 at NVDCVE-2022-50099 at SUSECVE-2022-50099 at NVDCVE-2022-50100 at SUSECVE-2022-50100 at NVDCVE-2022-50101 at SUSECVE-2022-50101 at NVDCVE-2022-50102 at SUSECVE-2022-50102 at NVDCVE-2022-50103 at SUSECVE-2022-50103 at NVDCVE-2022-50104 at SUSECVE-2022-50104 at NVDCVE-2022-50108 at SUSECVE-2022-50108 at NVDCVE-2022-50109 at SUSECVE-2022-50109 at NVDCVE-2022-50110 at SUSECVE-2022-50110 at NVDCVE-2022-50111 at SUSECVE-2022-50111 at NVDCVE-2022-50112 at SUSECVE-2022-50112 at NVDCVE-2022-50116 at SUSECVE-2022-50116 at NVDCVE-2022-50118 at SUSECVE-2022-50118 at NVDCVE-2022-50120 at SUSECVE-2022-50120 at NVDCVE-2022-50121 at SUSECVE-2022-50121 at NVDCVE-2022-50124 at SUSECVE-2022-50124 at NVDCVE-2022-50125 at SUSECVE-2022-50125 at NVDCVE-2022-50126 at SUSECVE-2022-50126 at NVDCVE-2022-50127 at SUSECVE-2022-50127 at NVDCVE-2022-50129 at SUSECVE-2022-50129 at NVDCVE-2022-50131 at SUSECVE-2022-50131 at NVDCVE-2022-50132 at SUSECVE-2022-50132 at NVDCVE-2022-50134 at SUSECVE-2022-50134 at NVDCVE-2022-50136 at SUSECVE-2022-50136 at NVDCVE-2022-50137 at SUSECVE-2022-50137 at NVDCVE-2022-50138 at SUSECVE-2022-50138 at NVDCVE-2022-50139 at SUSECVE-2022-50139 at NVDCVE-2022-50140 at SUSECVE-2022-50140 at NVDCVE-2022-50141 at SUSECVE-2022-50141 at NVDCVE-2022-50142 at SUSECVE-2022-50142 at NVDCVE-2022-50143 at SUSECVE-2022-50143 at NVDCVE-2022-50145 at SUSECVE-2022-50145 at NVDCVE-2022-50146 at SUSECVE-2022-50146 at NVDCVE-2022-50149 at SUSECVE-2022-50149 at NVDCVE-2022-50151 at SUSECVE-2022-50151 at NVDCVE-2022-50152 at SUSECVE-2022-50152 at NVDCVE-2022-50153 at SUSECVE-2022-50153 at NVDCVE-2022-50154 at SUSECVE-2022-50154 at NVDCVE-2022-50155 at SUSECVE-2022-50155 at NVDCVE-2022-50156 at SUSECVE-2022-50156 at NVDCVE-2022-50157 at SUSECVE-2022-50157 at NVDCVE-2022-50158 at SUSECVE-2022-50158 at NVDCVE-2022-50160 at SUSECVE-2022-50160 at NVDCVE-2022-50161 at SUSECVE-2022-50161 at NVDCVE-2022-50162 at SUSECVE-2022-50162 at NVDCVE-2022-50164 at SUSECVE-2022-50164 at NVDCVE-2022-50165 at SUSECVE-2022-50165 at NVDCVE-2022-50169 at SUSECVE-2022-50169 at NVDCVE-2022-50171 at SUSECVE-2022-50171 at NVDCVE-2022-50172 at SUSECVE-2022-50172 at NVDCVE-2022-50173 at SUSECVE-2022-50173 at NVDCVE-2022-50175 at SUSECVE-2022-50175 at NVDCVE-2022-50176 at SUSECVE-2022-50176 at NVDCVE-2022-50178 at SUSECVE-2022-50178 at NVDCVE-2022-50179 at SUSECVE-2022-50179 at NVDCVE-2022-50181 at SUSECVE-2022-50181 at NVDCVE-2022-50185 at SUSECVE-2022-50185 at NVDCVE-2022-50187 at SUSECVE-2022-50187 at NVDCVE-2022-50190 at SUSECVE-2022-50190 at NVDCVE-2022-50191 at SUSECVE-2022-50191 at NVDCVE-2022-50192 at SUSECVE-2022-50192 at NVDCVE-2022-50194 at SUSECVE-2022-50194 at NVDCVE-2022-50196 at SUSECVE-2022-50196 at NVDCVE-2022-50197 at SUSECVE-2022-50197 at NVDCVE-2022-50198 at SUSECVE-2022-50198 at NVDCVE-2022-50199 at SUSECVE-2022-50199 at NVDCVE-2022-50200 at SUSECVE-2022-50200 at NVDCVE-2022-50201 at SUSECVE-2022-50201 at NVDCVE-2022-50202 at SUSECVE-2022-50202 at NVDCVE-2022-50203 at SUSECVE-2022-50203 at NVDCVE-2022-50204 at SUSECVE-2022-50204 at NVDCVE-2022-50206 at SUSECVE-2022-50206 at NVDCVE-2022-50207 at SUSECVE-2022-50207 at NVDCVE-2022-50208 at SUSECVE-2022-50208 at NVDCVE-2022-50209 at SUSECVE-2022-50209 at NVDCVE-2022-50211 at SUSECVE-2022-50211 at NVDCVE-2022-50212 at SUSECVE-2022-50212 at NVDCVE-2022-50213 at SUSECVE-2022-50213 at NVDCVE-2022-50215 at SUSECVE-2022-50215 at NVDCVE-2022-50218 at SUSECVE-2022-50218 at NVDCVE-2022-50220 at SUSECVE-2022-50220 at NVDCVE-2022-50222 at SUSECVE-2022-50222 at NVDCVE-2022-50226 at SUSECVE-2022-50226 at NVDCVE-2022-50228 at SUSECVE-2022-50228 at NVDCVE-2022-50229 at SUSECVE-2022-50229 at NVDCVE-2022-50231 at SUSECVE-2022-50231 at NVDCVE-2023-3111 at SUSECVE-2023-3111 at NVDCVE-2023-52924 at SUSECVE-2023-52924 at NVDCVE-2023-52925 at SUSECVE-2023-52925 at NVDCVE-2023-53048 at SUSECVE-2023-53048 at NVDCVE-2023-53076 at SUSECVE-2023-53076 at NVDCVE-2023-53097 at SUSECVE-2023-53097 at NVDCVE-2024-26808 at SUSECVE-2024-26808 at NVDCVE-2024-26924 at SUSECVE-2024-26924 at NVDCVE-2024-26935 at SUSECVE-2024-26935 at NVDCVE-2024-27397 at SUSECVE-2024-27397 at NVDCVE-2024-35840 at SUSECVE-2024-35840 at NVDCVE-2024-36978 at SUSECVE-2024-36978 at NVDCVE-2024-46800 at SUSECVE-2024-46800 at NVDCVE-2024-53057 at SUSECVE-2024-53057 at NVDCVE-2024-53125 at SUSECVE-2024-53125 at NVDCVE-2024-53141 at SUSECVE-2024-53141 at NVDCVE-2024-56770 at SUSECVE-2024-56770 at NVDCVE-2024-57947 at SUSECVE-2024-57947 at NVDCVE-2024-57999 at SUSECVE-2024-57999 at NVDCVE-2025-21700 at SUSECVE-2025-21700 at NVDCVE-2025-21702 at SUSECVE-2025-21702 at NVDCVE-2025-21703 at SUSECVE-2025-21703 at NVDCVE-2025-21756 at SUSECVE-2025-21756 at NVDCVE-2025-23141 at SUSECVE-2025-23141 at NVDCVE-2025-23145 at SUSECVE-2025-23145 at NVDCVE-2025-37752 at SUSECVE-2025-37752 at NVDCVE-2025-37797 at SUSECVE-2025-37797 at NVDCVE-2025-37798 at SUSECVE-2025-37798 at NVDCVE-2025-37823 at SUSECVE-2025-37823 at NVDCVE-2025-37890 at SUSECVE-2025-37890 at NVDCVE-2025-37932 at SUSECVE-2025-37932 at NVDCVE-2025-37953 at SUSECVE-2025-37953 at NVDCVE-2025-37997 at SUSECVE-2025-37997 at NVDCVE-2025-38000 at SUSECVE-2025-38000 at NVDCVE-2025-38001 at SUSECVE-2025-38001 at NVDCVE-2025-38014 at SUSECVE-2025-38014 at NVDCVE-2025-38083 at SUSECVE-2025-38083 at NVDcpe:/o:suse:sle-micro:5.4Security update for gnutls (Important)SUSE Linux Enterprise Micro 5.4
This update for gnutls fixes the following issues:
- CVE-2025-6395: Fix NULL pointer dereference when 2nd Client Hello omits PSK (bsc#1246299)
- CVE-2025-32988: Fix double-free due to incorrect ownership handling in the export logic of SAN entries containing an otherName (bsc#1246232)
- CVE-2025-32989: Fix heap buffer overread when handling the CT SCT extension during X.509 certificate parsing (bsc#1246233)
- CVE-2025-32990: Fix 1-byte heap buffer overflow when parsing templates with certtool (bsc#1246267)
ImportantSUSE bug 1246232SUSE bug 1246233SUSE bug 1246267SUSE bug 1246299CVE-2025-32988 at SUSECVE-2025-32988 at NVDCVE-2025-32989 at SUSECVE-2025-32989 at NVDCVE-2025-32990 at SUSECVE-2025-32990 at NVDCVE-2025-6395 at SUSECVE-2025-6395 at NVDcpe:/o:suse:sle-micro:5.4Security update for nvidia-open-driver-G06-signed (Important)SUSE Linux Enterprise Micro 5.4
This update for nvidia-open-driver-G06-signed fixes the following issues:
- Update to 550.144.03 (bsc#1235461, bsc#1235871)
* fixes CVE-2024-0131, CVE-2024-0147, CVE-2024-0149,
CVE-2024-0150, CVE-2024-53869
ImportantSUSE bug 1234675SUSE bug 1235461SUSE bug 1235871CVE-2024-0131 at SUSECVE-2024-0131 at NVDCVE-2024-0147 at SUSECVE-2024-0147 at NVDCVE-2024-0149 at SUSECVE-2024-0149 at NVDCVE-2024-0150 at SUSECVE-2024-0150 at NVDCVE-2024-53869 at SUSECVE-2024-53869 at NVDcpe:/o:suse:sle-micro:5.4Security update for libxml2 (Important)SUSE Linux Enterprise Micro 5.4
This update for libxml2 fixes the following issues:
- CVE-2025-7425: Fixed heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr (bsc#1246296)
ImportantSUSE bug 1246296CVE-2025-7425 at SUSECVE-2025-7425 at NVDcpe:/o:suse:sle-micro:5.4Security update for podman (Important)SUSE Linux Enterprise Micro 5.4
This update for podman fixes the following issues:
- CVE-2024-9676: github.com/containers/storage: Fixed symlink traversal vulnerability in the containers/storage library can cause Denial of Service (DoS) (bsc#1231698)
- Load ip_tables and ip6_tables kernel module (bsc#1214612)
* Required for rootless mode as a regular user has no permission
to load kernel modules
- CVE-2024-9675: Fixed cache arbitrary directory mount in buildah (bsc#1231499)
- CVE-2024-9407: Fixed Improper Input Validation in bind-propagation Option of Dockerfile RUN --mount Instruction in buildah (bsc#1231208)
- CVE-2024-9341: cri-o: FIPS Crypto-Policy Directory Mounting Issue in containers/common Go Library (bsc#1231230)
- CVE-2024-1753: Fixed full container escape at build time in buildah (bsc#1221677)
- CVE-2024-11218: Fixed a container breakout by using --jobs=2 and a race condition when building a malicious Containerfile. (bsc#1236270)
- Refactor network backend dependencies:
* podman requires either netavark or cni-plugins. On ALP, require
netavark, otherwise prefer netavark but don't force it.
* This fixes missing cni-plugins in some scenarios
* Default to netavark everywhere where it's available
ImportantSUSE bug 1214612SUSE bug 1215807SUSE bug 1215926SUSE bug 1217828SUSE bug 1221677SUSE bug 1231208SUSE bug 1231230SUSE bug 1231499SUSE bug 1231698SUSE bug 1236270CVE-2024-11218 at SUSECVE-2024-11218 at NVDCVE-2024-1753 at SUSECVE-2024-1753 at NVDCVE-2024-9341 at SUSECVE-2024-9341 at NVDCVE-2024-9407 at SUSECVE-2024-9407 at NVDCVE-2024-9675 at SUSECVE-2024-9675 at NVDCVE-2024-9676 at SUSECVE-2024-9676 at NVDcpe:/o:suse:sle-micro:5.4Security update for sqlite3 (Important)SUSE Linux Enterprise Micro 5.4
This update for sqlite3 fixes the following issues:
- Update to version 3.50.2
- CVE-2025-6965: Fixed an integer truncation to avoid assertion faults. (bsc#1246597)
ImportantSUSE bug 1246597CVE-2025-6965 at SUSECVE-2025-6965 at NVDcpe:/o:suse:sle-micro:5.4Security update for systemd (Moderate)SUSE Linux Enterprise Micro 5.4
This update for systemd fixes the following issues:
- CVE-2025-4598: Fixed race condition that allows a local attacker to crash a SUID program and gain read access to the resulting core dump (bsc#1243935).
ModerateSUSE bug 1243935CVE-2025-4598 at SUSECVE-2025-4598 at NVDcpe:/o:suse:sle-micro:5.4Security update for cairo (Low)SUSE Linux Enterprise Micro 5.4
This update for cairo fixes the following issues:
- CVE-2019-6461: avoid assert when drawing arcs with NaN angles (bsc#1122338).
LowSUSE bug 1122338CVE-2019-6461 at SUSECVE-2019-6461 at NVDcpe:/o:suse:sle-micro:5.4Security update for libarchive (Moderate)SUSE Linux Enterprise Micro 5.4
This update for libarchive fixes the following issues:
- CVE-2025-5914: Fixed double free due to an integer overflow in the archive_read_format_rar_seek_data() function (bsc#1244272)
- CVE-2025-5915: Fixed heap buffer over read in copy_from_lzss_window() at archive_read_support_format_rar.c (bsc#1244273)
- CVE-2025-5916: Fixed integer overflow while reading warc files at archive_read_support_format_warc.c (bsc#1244270)
- CVE-2025-5917: Fixed off by one error in build_ustar_entry_name() at archive_write_set_format_pax.c (bsc#1244336)
- CVE-2025-5918: Fixed reading past EOF may be triggered for piped file streams (bsc#1244279)
ModerateSUSE bug 1244270SUSE bug 1244272SUSE bug 1244273SUSE bug 1244279SUSE bug 1244336CVE-2025-5914 at SUSECVE-2025-5914 at NVDCVE-2025-5915 at SUSECVE-2025-5915 at NVDCVE-2025-5916 at SUSECVE-2025-5916 at NVDCVE-2025-5917 at SUSECVE-2025-5917 at NVDCVE-2025-5918 at SUSECVE-2025-5918 at NVDcpe:/o:suse:sle-micro:5.4Security update for grub2 (Moderate)SUSE Linux Enterprise Micro 5.4
This update for grub2 fixes the following issues:
- CVE-2024-56738: Fixed side-channel attack due to not constant-time algorithm in grub_crypto_memcmp (bsc#1234959)
ModerateSUSE bug 1234959CVE-2024-56738 at SUSECVE-2024-56738 at NVDcpe:/o:suse:sle-micro:5.4Security update for dpkg (Moderate)SUSE Linux Enterprise Micro 5.4
This update for dpkg fixes the following issues:
- CVE-2025-6297: Fixed an improper sanitization of directory permissions that could lead to DoS. (bsc#1245573)
ModerateSUSE bug 1245573CVE-2025-6297 at SUSECVE-2025-6297 at NVDcpe:/o:suse:sle-micro:5.4Security update for python3 (Important)SUSE Linux Enterprise Micro 5.4
This update for python3 fixes the following issues:
- CVE-2025-4516: use-after-free in the unicode-escape decoder when using the error handler (bsc#1243273).
- CVE-2024-12718: Fixed extraction filter bypass that allowed file metadata modification outside extraction directory (bsc#1244056)
- CVE-2025-4138: Fixed issue that might allow symlink targets to point outside the destination directory, and the modification of some file metadata (bsc#1244059)
- CVE-2025-4330: Fixed extraction filter bypass that allowed linking outside extraction directory (bsc#1244060)
- CVE-2025-4435: Fixed Tarfile extracts filtered members when errorlevel=0 (bsc#1244061)
- CVE-2025-4517: Fixed arbitrary filesystem writes outside the extraction directory during extraction with filter='data' (bsc#1244032)
- CVE-2025-6069: Fixed worst case quadratic complexity when processing certain crafted malformed inputs with HTMLParser (bsc#1244705)
- CVE-2025-8194: Fixed denial of service caused by tar archives with negative offsets (bsc#1247249)
Other fixes:
- Limit buffer size for IPv6 address parsing (bsc#1244401).
ImportantSUSE bug 1233012SUSE bug 1243273SUSE bug 1244032SUSE bug 1244056SUSE bug 1244059SUSE bug 1244060SUSE bug 1244061SUSE bug 1244401SUSE bug 1244705SUSE bug 1247249SUSE bug 831629CVE-2024-12718 at SUSECVE-2024-12718 at NVDCVE-2025-4138 at SUSECVE-2025-4138 at NVDCVE-2025-4330 at SUSECVE-2025-4330 at NVDCVE-2025-4435 at SUSECVE-2025-4435 at NVDCVE-2025-4516 at SUSECVE-2025-4516 at NVDCVE-2025-4517 at SUSECVE-2025-4517 at NVDCVE-2025-6069 at SUSECVE-2025-6069 at NVDCVE-2025-8194 at SUSECVE-2025-8194 at NVDcpe:/o:suse:sle-micro:5.4Security update for podman (Important)SUSE Linux Enterprise Micro 5.4
This update for podman fixes the following issues:
- CVE-2025-6032: Fixed machine init command failing to verify TLS certificate (bsc#1245320)
ImportantSUSE bug 1245320CVE-2025-6032 at SUSECVE-2025-6032 at NVDcpe:/o:suse:sle-micro:5.4Security update for rust-keylime (Important)SUSE Linux Enterprise Micro 5.4
This update for rust-keylime fixes the following issues:
- Update to version 0.2.7+141:
* CVE-2025-58266: shlex: Fixed command injection (bsc#1247193)
- Update to version 0.2.7+117:
* CVE-2023-26964: rust-keylime: hyper,h2: stream stacking when H2 processing HTTP2 RST_STREAM frames (bsc#1210344).
* CVE-2024-12224: rust-keylime: idna: idna accepts Punycode labels that do not produce any non-ASCII when decoded (bsc#1243861).
* CVE-2024-32650: rust-keylime: rust-rustls: Infinite loop in rustls::conn::ConnectionCommon:complete_io() with proper client input (bsc#1223234).
* CVE-2024-43806: rust-keylime: rustix: rustix::fs::Dir iterator with the linux_raw backend can cause memory explosion (bsc#1229952).
* CVE-2025-3416: rust-keylime: openssl: Use-After-Free in Md::fetch and Cipher::fetch in rust-openssl crate (bsc#1242623).
* rust-shlex: Multiple issues involving quote API ( RUSTSEC-2024-0006, GHSA-r7qv-8r2h-pg27, bsc#1230029)
ImportantSUSE bug 1210344SUSE bug 1223234SUSE bug 1229952SUSE bug 1230029SUSE bug 1242623SUSE bug 1243861SUSE bug 1247193CVE-2023-26964 at SUSECVE-2023-26964 at NVDCVE-2024-12224 at SUSECVE-2024-12224 at NVDCVE-2024-32650 at SUSECVE-2024-32650 at NVDCVE-2024-43806 at SUSECVE-2024-43806 at NVDCVE-2025-3416 at SUSECVE-2025-3416 at NVDCVE-2025-58266 at SUSECVE-2025-58266 at NVDcpe:/o:suse:sle-micro:5.4Security update for tiff (Important)SUSE Linux Enterprise Micro 5.4
This update for tiff fixes the following issues:
- CVE-2025-8176: Fixed heap use-after-free in tools/tiffmedian.c (bsc#1247108)
- CVE-2025-8177: Fixed possible buffer overflow in tools/thumbnail.c:setrow()
when processing malformed TIFF files (bsc#1247106)
ImportantSUSE bug 1247106SUSE bug 1247108CVE-2025-8176 at SUSECVE-2025-8176 at NVDCVE-2025-8177 at SUSECVE-2025-8177 at NVDcpe:/o:suse:sle-micro:5.4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.4
The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2022-49138: Bluetooth: hci_event: Fix checking conn for le_conn_complete_evt (bsc#1238160).
- CVE-2023-52923: netfilter: nf_tables: split async and sync catchall in two functions (bsc#1236104).
- CVE-2023-52927: netfilter: allow exp not to be removed in nf_ct_find_expectation (bsc#1239644).
- CVE-2023-53117: fs: prevent out-of-bounds array speculation when closing a file descriptor (bsc#1242780).
- CVE-2024-26643: Fixed mark set as dead when unbinding anonymous set with timeout (bsc#1221829).
- CVE-2024-42265: protect the fetch of ->fd[fd] in do_dup2() from mispredictions (bsc#1229334).
- CVE-2024-53164: net: sched: fix ordering of qlen adjustment (bsc#1234863).
- CVE-2025-21881: uprobes: Reject the shared zeropage in uprobe_write_opcode() (bsc#1240185).
- CVE-2025-21971: net_sched: Prevent creation of classes with TC_H_ROOT (bsc#1240799).
- CVE-2025-38079: crypto: algif_hash - fix double free in hash_accept (bsc#1245217).
- CVE-2025-38181: calipso: Fix null-ptr-deref in calipso_req_{set,del}attr() (bsc#1246000).
- CVE-2025-38200: i40e: fix MMIO write access to an invalid page in i40e_clear_hw (bsc#1246045).
- CVE-2025-38206: exfat: fix double free in delayed_free (bsc#1246073).
- CVE-2025-38212: ipc: fix to protect IPCS lookups using RCU (bsc#1246029).
- CVE-2025-38213: vgacon: Add check for vc_origin address range in vgacon_scroll() (bsc#1246037).
- CVE-2025-38257: s390/pkey: Prevent overflow in size calculation for memdup_user() (bsc#1246186).
- CVE-2025-38350: net/sched: Always pass notifications when child class becomes empty (bsc#1246781).
- CVE-2025-38468: net/sched: Return NULL when htb_lookup_leaf encounters an empty rbtree (bsc#1247437).
- CVE-2025-38477: net/sched: sch_qfq: Avoid triggering might_sleep in atomic context in qfq_delete_class (bsc#1247314).
- CVE-2025-38494: HID: core: do not bypass hid_hw_raw_request (bsc#1247349).
- CVE-2025-38495: HID: core: ensure the allocated report buffer can contain the reserved report ID (bsc#1247348).
- CVE-2025-38497: usb: gadget: configfs: Fix OOB read on empty string write (bsc#1247347).
The following non-security bugs were fixed:
- Revert 'hugetlb: unshare some PMDs when splitting VMAs (bsc#1245431).'
- Revert 'mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race'
- Revert 'mm/hugetlb: unshare page tables during VMA split, not before'
ImportantSUSE bug 1206051SUSE bug 1221829SUSE bug 1229334SUSE bug 1234863SUSE bug 1236104SUSE bug 1236333SUSE bug 1238160SUSE bug 1239644SUSE bug 1240185SUSE bug 1240799SUSE bug 1242414SUSE bug 1242780SUSE bug 1244309SUSE bug 1245217SUSE bug 1245431SUSE bug 1245506SUSE bug 1245711SUSE bug 1245986SUSE bug 1246000SUSE bug 1246029SUSE bug 1246037SUSE bug 1246045SUSE bug 1246073SUSE bug 1246186SUSE bug 1246781SUSE bug 1247314SUSE bug 1247347SUSE bug 1247348SUSE bug 1247349SUSE bug 1247437CVE-2022-49138 at SUSECVE-2022-49138 at NVDCVE-2022-49770 at SUSECVE-2022-49770 at NVDCVE-2023-52923 at SUSECVE-2023-52923 at NVDCVE-2023-52927 at SUSECVE-2023-52927 at NVDCVE-2023-53117 at SUSECVE-2023-53117 at NVDCVE-2024-26643 at SUSECVE-2024-26643 at NVDCVE-2024-42265 at SUSECVE-2024-42265 at NVDCVE-2024-53164 at SUSECVE-2024-53164 at NVDCVE-2024-57947 at SUSECVE-2024-57947 at NVDCVE-2025-21881 at SUSECVE-2025-21881 at NVDCVE-2025-21971 at SUSECVE-2025-21971 at NVDCVE-2025-37798 at SUSECVE-2025-37798 at NVDCVE-2025-38079 at SUSECVE-2025-38079 at NVDCVE-2025-38088 at SUSECVE-2025-38088 at NVDCVE-2025-38120 at SUSECVE-2025-38120 at NVDCVE-2025-38177 at SUSECVE-2025-38177 at NVDCVE-2025-38181 at SUSECVE-2025-38181 at NVDCVE-2025-38200 at SUSECVE-2025-38200 at NVDCVE-2025-38206 at SUSECVE-2025-38206 at NVDCVE-2025-38212 at SUSECVE-2025-38212 at NVDCVE-2025-38213 at SUSECVE-2025-38213 at NVDCVE-2025-38257 at SUSECVE-2025-38257 at NVDCVE-2025-38350 at SUSECVE-2025-38350 at NVDCVE-2025-38468 at SUSECVE-2025-38468 at NVDCVE-2025-38477 at SUSECVE-2025-38477 at NVDCVE-2025-38494 at SUSECVE-2025-38494 at NVDCVE-2025-38495 at SUSECVE-2025-38495 at NVDCVE-2025-38497 at SUSECVE-2025-38497 at NVDcpe:/o:suse:sle-micro:5.4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.4
The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2022-49138: Bluetooth: hci_event: Fix checking conn for le_conn_complete_evt (bsc#1238160).
- CVE-2023-52923: netfilter: nf_tables: split async and sync catchall in two functions (bsc#1236104).
- CVE-2023-52927: netfilter: allow exp not to be removed in nf_ct_find_expectation (bsc#1239644).
- CVE-2023-53117: fs: prevent out-of-bounds array speculation when closing a file descriptor (bsc#1242780).
- CVE-2024-26643: Fixed mark set as dead when unbinding anonymous set with timeout (bsc#1221829).
- CVE-2024-42265: protect the fetch of ->fd[fd] in do_dup2() from mispredictions (bsc#1229334).
- CVE-2024-53164: net: sched: fix ordering of qlen adjustment (bsc#1234863).
- CVE-2025-21881: uprobes: Reject the shared zeropage in uprobe_write_opcode() (bsc#1240185).
- CVE-2025-21971: net_sched: Prevent creation of classes with TC_H_ROOT (bsc#1240799).
- CVE-2025-38079: crypto: algif_hash - fix double free in hash_accept (bsc#1245217).
- CVE-2025-38181: calipso: Fix null-ptr-deref in calipso_req_{set,del}attr() (bsc#1246000).
- CVE-2025-38200: i40e: fix MMIO write access to an invalid page in i40e_clear_hw (bsc#1246045).
- CVE-2025-38206: exfat: fix double free in delayed_free (bsc#1246073).
- CVE-2025-38212: ipc: fix to protect IPCS lookups using RCU (bsc#1246029).
- CVE-2025-38213: vgacon: Add check for vc_origin address range in vgacon_scroll() (bsc#1246037).
- CVE-2025-38257: s390/pkey: Prevent overflow in size calculation for memdup_user() (bsc#1246186).
- CVE-2025-38350: net/sched: Always pass notifications when child class becomes empty (bsc#1246781).
- CVE-2025-38468: net/sched: Return NULL when htb_lookup_leaf encounters an empty rbtree (bsc#1247437).
- CVE-2025-38477: net/sched: sch_qfq: Avoid triggering might_sleep in atomic context in qfq_delete_class (bsc#1247314).
- CVE-2025-38494: HID: core: do not bypass hid_hw_raw_request (bsc#1247349).
- CVE-2025-38495: HID: core: ensure the allocated report buffer can contain the reserved report ID (bsc#1247348).
- CVE-2025-38497: usb: gadget: configfs: Fix OOB read on empty string write (bsc#1247347).
The following non-security bugs were fixed:
- Revert 'hugetlb: unshare some PMDs when splitting VMAs (bsc#1245431).'
- Revert 'mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race'
- Revert 'mm/hugetlb: unshare page tables during VMA split, not before'
ImportantSUSE bug 1206051SUSE bug 1221829SUSE bug 1229334SUSE bug 1234863SUSE bug 1236104SUSE bug 1236333SUSE bug 1238160SUSE bug 1239644SUSE bug 1240185SUSE bug 1240799SUSE bug 1242414SUSE bug 1242780SUSE bug 1244309SUSE bug 1245217SUSE bug 1245431SUSE bug 1245506SUSE bug 1245711SUSE bug 1245986SUSE bug 1246000SUSE bug 1246029SUSE bug 1246037SUSE bug 1246045SUSE bug 1246073SUSE bug 1246186SUSE bug 1246781SUSE bug 1247314SUSE bug 1247347SUSE bug 1247348SUSE bug 1247349SUSE bug 1247437CVE-2022-49138 at SUSECVE-2022-49138 at NVDCVE-2022-49770 at SUSECVE-2022-49770 at NVDCVE-2023-52923 at SUSECVE-2023-52923 at NVDCVE-2023-52927 at SUSECVE-2023-52927 at NVDCVE-2023-53117 at SUSECVE-2023-53117 at NVDCVE-2024-26643 at SUSECVE-2024-26643 at NVDCVE-2024-42265 at SUSECVE-2024-42265 at NVDCVE-2024-53164 at SUSECVE-2024-53164 at NVDCVE-2024-57947 at SUSECVE-2024-57947 at NVDCVE-2025-21881 at SUSECVE-2025-21881 at NVDCVE-2025-21971 at SUSECVE-2025-21971 at NVDCVE-2025-37798 at SUSECVE-2025-37798 at NVDCVE-2025-38079 at SUSECVE-2025-38079 at NVDCVE-2025-38088 at SUSECVE-2025-38088 at NVDCVE-2025-38120 at SUSECVE-2025-38120 at NVDCVE-2025-38177 at SUSECVE-2025-38177 at NVDCVE-2025-38181 at SUSECVE-2025-38181 at NVDCVE-2025-38200 at SUSECVE-2025-38200 at NVDCVE-2025-38206 at SUSECVE-2025-38206 at NVDCVE-2025-38212 at SUSECVE-2025-38212 at NVDCVE-2025-38213 at SUSECVE-2025-38213 at NVDCVE-2025-38257 at SUSECVE-2025-38257 at NVDCVE-2025-38350 at SUSECVE-2025-38350 at NVDCVE-2025-38468 at SUSECVE-2025-38468 at NVDCVE-2025-38477 at SUSECVE-2025-38477 at NVDCVE-2025-38494 at SUSECVE-2025-38494 at NVDCVE-2025-38495 at SUSECVE-2025-38495 at NVDCVE-2025-38497 at SUSECVE-2025-38497 at NVDcpe:/o:suse:sle-micro:5.4Security update for python-Jinja2 (Important)SUSE Linux Enterprise Micro 5.4
This update for python-Jinja2 fixes the following issues:
- CVE-2024-56326: Fixed sandbox breakout through indirect reference to format method (bsc#1234809)
ImportantSUSE bug 1234809CVE-2024-56326 at SUSECVE-2024-56326 at NVDcpe:/o:suse:sle-micro:5.4Security update for docker (Moderate)SUSE Linux Enterprise Micro 5.4
This update for docker fixes the following issues:
- Update to Docker 28.3.3-ce.
- CVE-2025-54388: Fixed a bug where firewalld when reloaded can make published container ports accessible from remote hosts. (bsc#1247367)
ModerateSUSE bug 1246556SUSE bug 1247367CVE-2025-54388 at SUSECVE-2025-54388 at NVDcpe:/o:suse:sle-micro:5.4Security update for jq (Moderate)SUSE Linux Enterprise Micro 5.4
This update for jq fixes the following issues:
- CVE-2025-48060: Fixed stack-buffer-overflow in jq_fuzz_execute (bsc#1244116)
ModerateSUSE bug 1244116CVE-2025-48060 at SUSECVE-2025-48060 at NVDcpe:/o:suse:sle-micro:5.4Security update for rust-keylime (Moderate)SUSE Linux Enterprise Micro 5.4
This update for rust-keylime fixes the following issues:
- Update slab to version 0.4.11:
* CVE-2025-55159: Fixed incorrect bounds check in get_disjoint_mut function (bsc#1248006)
- Update to version 0.2.8+12:
* build(deps): bump actions/checkout from 4 to 5
* build(deps): bump cfg-if from 1.0.0 to 1.0.1
* build(deps): bump openssl from 0.10.72 to 0.10.73
* build(deps): bump clap from 4.5.39 to 4.5.45
* build(deps): bump pest from 2.8.0 to 2.8.1
* Fix clippy warnings
* Use verifier-provided interval for continuous attestation timing
* Add meta object with seconds_to_next_attestation to evidence response
* Fix boot time retrieval
* Fix IMA log format (it must be ['text/plain']) (#1073)
* Remove unnecessary configuration fields
* cargo: Bump retry-policies to version 0.4.0
ModerateSUSE bug 1248006CVE-2025-55159 at SUSECVE-2025-55159 at NVDcpe:/o:suse:sle-micro:5.4Security update for gdk-pixbuf (Important)SUSE Linux Enterprise Micro 5.4
This update for gdk-pixbuf fixes the following issues:
- CVE-2025-6199: Fixed uninitialized memory leading to arbitrary memory contents leak (bsc#1245227)
- CVE-2025-7345: Fixed heap buffer overflow within the gdk_pixbuf__jpeg_image_load_increment function (bsc#1246114)
ImportantSUSE bug 1245227SUSE bug 1246114CVE-2025-6199 at SUSECVE-2025-6199 at NVDCVE-2025-7345 at SUSECVE-2025-7345 at NVDcpe:/o:suse:sle-micro:5.4Security update for pam (Moderate)SUSE Linux Enterprise Micro 5.4
This update for pam fixes the following issues:
- Improve previous CVE-2024-10041 fix which led to CPU performance issues (bsc#1232234)
ModerateSUSE bug 1232234SUSE bug 1246221CVE-2024-10041 at SUSECVE-2024-10041 at NVDcpe:/o:suse:sle-micro:5.4Security update for python-urllib3 (Moderate)SUSE Linux Enterprise Micro 5.4
This update for python-urllib3 fixes the following issues:
- CVE-2025-50181: Pool managers now properly control redirects when retries is passed. (bsc#1244925)
ModerateSUSE bug 1244925CVE-2025-50181 at SUSECVE-2025-50181 at NVDcpe:/o:suse:sle-micro:5.4Security update for udisks2 (Important)SUSE Linux Enterprise Micro 5.4
This update for udisks2 fixes the following issues:
- CVE-2025-8067: Fixed missing bounds check can lead to out-of-bounds read in udisks daemon (bsc#1248502)
ImportantSUSE bug 1248502CVE-2025-8067 at SUSECVE-2025-8067 at NVDcpe:/o:suse:sle-micro:5.4Security update for python-future (Important)SUSE Linux Enterprise Micro 5.4
This update for python-future fixes the following issues:
- CVE-2025-50817: Fixed arbitrary code execution via the automatic import of file test.py (bsc#1248124)
ImportantSUSE bug 1248124CVE-2025-50817 at SUSECVE-2025-50817 at NVDcpe:/o:suse:sle-micro:5.4Security update for ucode-intel (Important)SUSE Linux Enterprise Micro 5.4
This update for ucode-intel fixes the following issues:
- Intel CPU Microcode was updated to the 20250812 release (bsc#1248438)
- CVE-2025-20109: Improper Isolation or Compartmentalization in the stream cache mechanism for some Intel Processors may allow an authenticated user to potentially enable escalation of privilege via local access.
- CVE-2025-22840: Sequence of processor instructions leads to unexpected behavior for some Intel Xeon 6 Scalable processors may allow an authenticated user to potentially enable escalation of privilege via local access
- CVE-2025-22839: Insufficient granularity of access control in the OOB-MSM for some Intel Xeon 6 Scalable processors may allow a privileged user to potentially enable escalation of privilege via adjacent access.
- CVE-2025-22889: Improper handling of overlap between protected memory ranges for some Intel Xeon 6 processor with Intel TDX may allow a privileged user to potentially enable escalation of privilege via local access.
- CVE-2025-20053: Improper buffer restrictions for some Intel Xeon Processor firmware with SGX enabled may allow a privileged user to potentially enable escalation of privilege via local access.
- CVE-2025-26403: Out-of-bounds write in the memory subsystem for some Intel Xeon 6 processors when using Intel SGX or Intel TDX may allow a privileged user to potentially enable escalation of privilege via local access.
- CVE-2025-32086: Improperly implemented security check for standard in the DDRIO configuration for some Intel Xeon 6 Processors when using Intel SGX or Intel TDX may allow a privileged user to potentially enable escalation of privilege via local access.
- Update for functional issues.
- Updated Platforms:
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
| ARL-H | A1 | 06-c5-02/82 | 00000118 | 00000119 | Core Ultra Processor (Series 2)
| ARL-S/HX (8P) | B0 | 06-c6-02/82 | 00000118 | 00000119 | Core Ultra Processor (Series 2)
| EMR-SP | A1 | 06-cf-02/87 | 210002a9 | 210002b3 | Xeon Scalable Gen5
| GNR-AP/SP | B0 | 06-ad-01/95 | 010003a2 | 010003d0 | Xeon Scalable Gen6
| GNR-AP/SP | H0 | 06-ad-01/20 | 0a0000d1 | 0a000100 | Xeon Scalable Gen6
| ICL-D | B0 | 06-6c-01/10 | 010002d0 | 010002e0 | Xeon D-17xx, D-27xx
| ICX-SP | Dx/M1 | 06-6a-06/87 | 0d000404 | 0d000410 | Xeon Scalable Gen3
| LNL | B0 | 06-bd-01/80 | 0000011f | 00000123 | Core Ultra 200 V Series Processor
| MTL | C0 | 06-aa-04/e6 | 00000024 | 00000025 | Core™ Ultra Processor
| RPL-H/P/PX 6+8 | J0 | 06-ba-02/e0 | 00004128 | 00004129 | Core Gen13
| RPL-U 2+8 | Q0 | 06-ba-03/e0 | 00004128 | 00004129 | Core Gen13
| SPR-HBM | Bx | 06-8f-08/10 | 2c0003f7 | 2c000401 | Xeon Max
| SPR-SP | E4/S2 | 06-8f-07/87 | 2b000639 | 2b000643 | Xeon Scalable Gen4
| SPR-SP | E5/S3 | 06-8f-08/87 | 2b000639 | 2b000643 | Xeon Scalable Gen4
| SRF-SP | C0 | 06-af-03/01 | 03000341 | 03000362 | Xeon 6700-Series Processors with E-Cores
New Disclosures Updated in Prior Releases:
All ADL, RPL, SPR, EMR, MTL, ARL Microcode patches previously released in May 2025.
ImportantSUSE bug 1248438CVE-2025-20053 at SUSECVE-2025-20053 at NVDCVE-2025-20109 at SUSECVE-2025-20109 at NVDCVE-2025-22839 at SUSECVE-2025-22839 at NVDCVE-2025-22840 at SUSECVE-2025-22840 at NVDCVE-2025-22889 at SUSECVE-2025-22889 at NVDCVE-2025-26403 at SUSECVE-2025-26403 at NVDCVE-2025-32086 at SUSECVE-2025-32086 at NVDcpe:/o:suse:sle-micro:5.4Security update for libsoup2 (Low)SUSE Linux Enterprise Micro 5.4
This update for libsoup2 fixes the following issues:
- CVE-2025-4945: Fixed Integer Overflow in Cookie Expiration Date Handling in libsoup (bsc#1243314).
LowSUSE bug 1243314CVE-2025-4945 at SUSECVE-2025-4945 at NVDcpe:/o:suse:sle-micro:5.4Security update for regionServiceClientConfigAzure (Critical)SUSE Linux Enterprise Micro 5.4
This update for regionServiceClientConfigAzure contains the following fixes:
- Update to version 3.0.0.(bsc#1246995)
+ SLE 16 python-requests requires SSL v3 certificates. Update 2
region server certs to support SLE 16 when it gets released.
- Update dependency name for metadata package, name change in
SLE 16. (bsc#1243419)
+ Replacing certificate for rgnsrv-azure-southeastasia to get
rid of weird chain cert
CriticalSUSE bug 1243419SUSE bug 1246995cpe:/o:suse:sle-micro:5.4Security update for regionServiceClientConfigEC2 (Critical)SUSE Linux Enterprise Micro 5.4
This update for regionServiceClientConfigEC2 contains the following fixes:
- Update to version 5.0.0. (bsc#1246995)
+ SLE 16 python-requests requires SSL v3 certificates. Update 2
region server certs to support SLE 16 when it gets released.
- Update dependency to accomodate metadata binary package name change
in SLE 16. (bsc#1243419)
+ New 4096 certificate for rgnsrv-ec2-us-east1
CriticalSUSE bug 1243419SUSE bug 1246995cpe:/o:suse:sle-micro:5.4Security update for regionServiceClientConfigGCE (Critical)SUSE Linux Enterprise Micro 5.4
This update for regionServiceClientConfigGCE contains the following fixes:
- Update to version 5.0.0 (bsc#1246995)
+ SLE 16 python-requests requires SSL v3 certificates. Update 2
region server certs to support SLE 16 when it gets released.
- Update conditional to handle name change of metadata package
in SLE 16. (bsc#1242063)
+ Add noipv6 patch
CriticalSUSE bug 1242063SUSE bug 1246995cpe:/o:suse:sle-micro:5.4Security update for ignition (Moderate)SUSE Linux Enterprise Micro 5.4
This update for ignition fixes the following issues:
CVE-2023-45288: Fixed unclosed connections when receiving too many headers in golang.org/x/net/http2 (bsc#1236518)
ModerateSUSE bug 1236518CVE-2023-45288 at SUSECVE-2023-45288 at NVDcpe:/o:suse:sle-micro:5.4Security update for vim (Moderate)SUSE Linux Enterprise Micro 5.4
This update for vim fixes the following issues:
Update to version 9.1.1629.
- CVE-2025-53905: Fixed a path traversal issue in tar.vim plugin that may allow for file overwriting when opening
specially crafted tar files (bsc#1246604).
- CVE-2025-53906: Fixed a path traversal issue in zip.vim plugin that may allow for file overwriting when opening
specially crafted zip files (bsc#1246602).
- CVE-2025-55157: Fixed use-after-free in internal tuple reference management (bsc#1247938).
- CVE-2025-55158: Fixed double-free in internal typed value (typval_T) management (bsc#1247939).
ModerateSUSE bug 1246602SUSE bug 1246604SUSE bug 1247938SUSE bug 1247939CVE-2025-53905 at SUSECVE-2025-53905 at NVDCVE-2025-53906 at SUSECVE-2025-53906 at NVDCVE-2025-55157 at SUSECVE-2025-55157 at NVDCVE-2025-55158 at SUSECVE-2025-55158 at NVDcpe:/o:suse:sle-micro:5.4Security update for net-tools (Moderate)SUSE Linux Enterprise Micro 5.4
This update for net-tools fixes the following issues:
Security issues fixed:
- CVE-2025-46836: missing bounds check in `get_name` may lead to a stack buffer overflow (bsc#1243581).
- Avoid unsafe use of `memcpy` in `ifconfig` (bsc#1248687).
- Prevent overflow in `ax25` and `netrom` (bsc#1248687).
- Fix stack buffer overflow in `parse_hex` (bsc#1248687).
- Fix stack buffer overflow in `proc_gen_fmt` (bsc#1248687).
Other issues fixed:
- Allow use of long interface names after CVE-2025-46836 fix, even if they are not accepted by the kernel (bsc#1248410).
- Fix netrom support.
ModerateSUSE bug 1243581SUSE bug 1246608SUSE bug 1248410SUSE bug 1248687SUSE bug 142461CVE-2025-46836 at SUSECVE-2025-46836 at NVDcpe:/o:suse:sle-micro:5.4Security update for cups (Important)SUSE Linux Enterprise Micro 5.4
This update for cups fixes the following issues:
- CVE-2024-47175: no validation of IPP attributes in `ppdCreatePPDFromIPP2` when writing to a temporary PPD file allows
for the injection of attacker-controlled data to the resulting PPD (bsc#1230932).
- CVE-2025-58060: no password check when `AuthType` is set to anything but `Basic` and a request is made with an
`Authorization: Basic` header (bsc#1249049).
- CVE-2025-58364: unsafe deserialization and validation of printer attributes leads to NULL pointer dereference
(bsc#1249128).
ImportantSUSE bug 1230932SUSE bug 1246533SUSE bug 1249049SUSE bug 1249128CVE-2024-47175 at SUSECVE-2024-47175 at NVDCVE-2025-58060 at SUSECVE-2025-58060 at NVDCVE-2025-58364 at SUSECVE-2025-58364 at NVDcpe:/o:suse:sle-micro:5.4Security update for curl (Important)SUSE Linux Enterprise Micro 5.4
This update for curl fixes the following issues:
Security issues fixed:
- CVE-2025-9086: bug in patch comparison logic when processing cookies can lead to out-of-bounds read in heap buffer
(bsc#1249191).
- CVE-2025-10148: predictable websocket mask can lead to proxy cache poisoning by malicious server (bsc#1249348).
Other issues fixed:
- Fix the --ftp-pasv option in curl v8.14.1 (bsc#1246197).
* tool_getparam: fix --ftp-pasv [5f805ee]
- Update to version 8.14.1 (jsc#PED-13055, jsc#PED-13056).
* TLS: add CURLOPT_SSL_SIGNATURE_ALGORITHMS and --sigalgs.
* websocket: add option to disable auto-pong reply.
* huge number of bugfixes.
Please see https://curl.se/ch/ for full changelogs.
ImportantSUSE bug 1246197SUSE bug 1249191SUSE bug 1249348SUSE bug 1249367CVE-2025-10148 at SUSECVE-2025-10148 at NVDCVE-2025-9086 at SUSECVE-2025-9086 at NVDcpe:/o:suse:sle-micro:5.4Security update for curl (Important)SUSE Linux Enterprise Micro 5.4
This update for curl fixes the following issues:
Security issues fixed:
- CVE-2025-9086: bug in patch comparison logic when processing cookies can lead to out-of-bounds read in heap buffer
(bsc#1249191).
- CVE-2025-10148: predictable websocket mask can lead to proxy cache poisoning by malicious server (bsc#1249348).
Other issues fixed:
- Fix the --ftp-pasv option in curl v8.14.1 (bsc#1246197).
* tool_getparam: fix --ftp-pasv [5f805ee]
- Update to version 8.14.1 (jsc#PED-13055, jsc#PED-13056).
* TLS: add CURLOPT_SSL_SIGNATURE_ALGORITHMS and --sigalgs.
* websocket: add option to disable auto-pong reply.
* huge number of bugfixes.
Please see https://curl.se/ch/ for full changelogs.
ImportantSUSE bug 1246197SUSE bug 1249191SUSE bug 1249348SUSE bug 1249367CVE-2025-10148 at SUSECVE-2025-10148 at NVDCVE-2025-9086 at SUSECVE-2025-9086 at NVDcpe:/o:suse:sle-micro:5.4Security update for bluez (Moderate)SUSE Linux Enterprise Micro 5.4
This update for bluez fixes the following issues:
- CVE-2023-45866: keystroke injection and arbitrary command execution via HID device connections (bsc#1217877).
ModerateSUSE bug 1217877CVE-2023-45866 at SUSECVE-2023-45866 at NVDcpe:/o:suse:sle-micro:5.4Security update for cairo (Low)SUSE Linux Enterprise Micro 5.4
This update for cairo fixes the following issues:
- CVE-2025-50422: NULL pointer access in `active_edges_to_traps()` can lead to crash in Poppler (bsc#1247589).
LowSUSE bug 1247589CVE-2025-50422 at SUSECVE-2025-50422 at NVDcpe:/o:suse:sle-micro:5.4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.4
The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2022-50116: kernel: tty: n_gsm: fix deadlock and link starvation in outgoing data path (bsc#1244824).
- CVE-2024-53177: smb: prevent use-after-free due to open_cached_dir error paths (bsc#1234896).
- CVE-2024-58239: tls: stop recv() if initial process_rx_list gave us non-DATA (bsc#1248614).
- CVE-2025-38180: net: atm: fix /proc/net/atm/lec handling (bsc#1245970).
- CVE-2025-38323: net: atm: add lec_mutex (bsc#1246473).
- CVE-2025-38352: posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() (bsc#1246911).
- CVE-2025-38460: atm: clip: Fix potential null-ptr-deref in to_atmarpd() (bsc#1247143).
- CVE-2025-38498: do_change_type(): refuse to operate on unmounted/not ours mounts (bsc#1247374).
- CVE-2025-38499: clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns (bsc#1247976).
- CVE-2025-38546: atm: clip: Fix memory leak of struct clip_vcc (bsc#1248223).
- CVE-2025-38555: usb: gadget : fix use-after-free in composite_dev_cleanup() (bsc#1248297).
- CVE-2025-38560: x86/sev: Evict cache lines during SNP memory validation (bsc#1248312).
- CVE-2025-38563: perf/core: Prevent VMA split of buffer mappings (bsc#1248306).
- CVE-2025-38608: bpf, ktls: Fix data corruption when using bpf_msg_pop_data() in ktls (bsc#1248338).
- CVE-2025-38617: net/packet: fix a race in packet_set_ring() and packet_notifier() (bsc#1248621).
- CVE-2025-38618: vsock: Do not allow binding to VMADDR_PORT_ANY (bsc#1248511).
- CVE-2025-38644: wifi: mac80211: reject TDLS operations when station is not associated (bsc#1248748).
The following non-security bugs were fixed:
- NFSv4.1: fix backchannel max_resp_sz verification check (bsc#1247518).
- Disable N_GSM (jsc#PED-8240).
ImportantSUSE bug 1234896SUSE bug 1244824SUSE bug 1245970SUSE bug 1246473SUSE bug 1246911SUSE bug 1247143SUSE bug 1247374SUSE bug 1247518SUSE bug 1247976SUSE bug 1248223SUSE bug 1248297SUSE bug 1248306SUSE bug 1248312SUSE bug 1248338SUSE bug 1248511SUSE bug 1248614SUSE bug 1248621SUSE bug 1248748CVE-2022-50116 at SUSECVE-2022-50116 at NVDCVE-2024-53177 at SUSECVE-2024-53177 at NVDCVE-2024-58239 at SUSECVE-2024-58239 at NVDCVE-2025-38180 at SUSECVE-2025-38180 at NVDCVE-2025-38323 at SUSECVE-2025-38323 at NVDCVE-2025-38352 at SUSECVE-2025-38352 at NVDCVE-2025-38460 at SUSECVE-2025-38460 at NVDCVE-2025-38498 at SUSECVE-2025-38498 at NVDCVE-2025-38499 at SUSECVE-2025-38499 at NVDCVE-2025-38546 at SUSECVE-2025-38546 at NVDCVE-2025-38555 at SUSECVE-2025-38555 at NVDCVE-2025-38560 at SUSECVE-2025-38560 at NVDCVE-2025-38563 at SUSECVE-2025-38563 at NVDCVE-2025-38608 at SUSECVE-2025-38608 at NVDCVE-2025-38617 at SUSECVE-2025-38617 at NVDCVE-2025-38618 at SUSECVE-2025-38618 at NVDCVE-2025-38644 at SUSECVE-2025-38644 at NVDcpe:/o:suse:sle-micro:5.4Security update for avahi (Moderate)SUSE Linux Enterprise Micro 5.4
This update for avahi fixes the following issues:
- CVE-2024-52615: wide-area DNS uses constant source port for queries and can expose the Avahi-daemon to DNS spoofing
attacks (bsc#1233421).
ModerateSUSE bug 1233421CVE-2024-52615 at SUSECVE-2024-52615 at NVDcpe:/o:suse:sle-micro:5.4Security update for tiff (Low)SUSE Linux Enterprise Micro 5.4
This update for tiff fixes the following issues:
- CVE-2025-9165: local execution manipulation leading to memory leak (bsc#1248330).
- CVE-2025-8534: null pointer dereference in function PS_Lvl2page (bsc#1247582).
- CVE-2025-8961: segmentation fault via main function of tiffcrop utility (bsc#1248117).
LowSUSE bug 1247582SUSE bug 1248117SUSE bug 1248330CVE-2025-8534 at SUSECVE-2025-8534 at NVDCVE-2025-8961 at SUSECVE-2025-8961 at NVDCVE-2025-9165 at SUSECVE-2025-9165 at NVDcpe:/o:suse:sle-micro:5.4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.4
The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2022-50116: kernel: tty: n_gsm: fix deadlock and link starvation in outgoing data path (bsc#1244824).
- CVE-2024-53177: smb: prevent use-after-free due to open_cached_dir error paths (bsc#1234896).
- CVE-2024-58239: tls: stop recv() if initial process_rx_list gave us non-DATA (bsc#1248614).
- CVE-2025-38180: net: atm: fix /proc/net/atm/lec handling (bsc#1245970).
- CVE-2025-38323: net: atm: add lec_mutex (bsc#1246473).
- CVE-2025-38352: posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() (bsc#1246911).
- CVE-2025-38460: atm: clip: Fix potential null-ptr-deref in to_atmarpd() (bsc#1247143).
- CVE-2025-38498: do_change_type(): refuse to operate on unmounted/not ours mounts (bsc#1247374).
- CVE-2025-38499: clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns (bsc#1247976).
- CVE-2025-38546: atm: clip: Fix memory leak of struct clip_vcc (bsc#1248223).
- CVE-2025-38555: usb: gadget : fix use-after-free in composite_dev_cleanup() (bsc#1248297).
- CVE-2025-38560: x86/sev: Evict cache lines during SNP memory validation (bsc#1248312).
- CVE-2025-38563: perf/core: Prevent VMA split of buffer mappings (bsc#1248306).
- CVE-2025-38608: bpf, ktls: Fix data corruption when using bpf_msg_pop_data() in ktls (bsc#1248338).
- CVE-2025-38617: net/packet: fix a race in packet_set_ring() and packet_notifier() (bsc#1248621).
- CVE-2025-38618: vsock: Do not allow binding to VMADDR_PORT_ANY (bsc#1248511).
- CVE-2025-38644: wifi: mac80211: reject TDLS operations when station is not associated (bsc#1248748).
The following non-security bugs were fixed:
- NFSv4.1: fix backchannel max_resp_sz verification check (bsc#1247518).
- Disable N_GSM (bsc#1244824 jsc#PED-8240).
ImportantSUSE bug 1234896SUSE bug 1244824SUSE bug 1245970SUSE bug 1246473SUSE bug 1246911SUSE bug 1247143SUSE bug 1247374SUSE bug 1247518SUSE bug 1247976SUSE bug 1248223SUSE bug 1248297SUSE bug 1248306SUSE bug 1248312SUSE bug 1248338SUSE bug 1248511SUSE bug 1248614SUSE bug 1248621SUSE bug 1248748CVE-2022-50116 at SUSECVE-2022-50116 at NVDCVE-2024-53177 at SUSECVE-2024-53177 at NVDCVE-2024-58239 at SUSECVE-2024-58239 at NVDCVE-2025-38180 at SUSECVE-2025-38180 at NVDCVE-2025-38323 at SUSECVE-2025-38323 at NVDCVE-2025-38352 at SUSECVE-2025-38352 at NVDCVE-2025-38460 at SUSECVE-2025-38460 at NVDCVE-2025-38498 at SUSECVE-2025-38498 at NVDCVE-2025-38499 at SUSECVE-2025-38499 at NVDCVE-2025-38546 at SUSECVE-2025-38546 at NVDCVE-2025-38555 at SUSECVE-2025-38555 at NVDCVE-2025-38560 at SUSECVE-2025-38560 at NVDCVE-2025-38563 at SUSECVE-2025-38563 at NVDCVE-2025-38608 at SUSECVE-2025-38608 at NVDCVE-2025-38617 at SUSECVE-2025-38617 at NVDCVE-2025-38618 at SUSECVE-2025-38618 at NVDCVE-2025-38644 at SUSECVE-2025-38644 at NVDcpe:/o:suse:sle-micro:5.4Security update for rsync (Moderate)SUSE Linux Enterprise Micro 5.4
This update for rsync fixes the following issues:
- Bump rsync protocol version to 32 to show server is patched against recent vulnerabilities.
ModerateSUSE bug 1233760cpe:/o:suse:sle-micro:5.4Security update for libxml2 (Important)SUSE Linux Enterprise Micro 5.4
This update for libxml2 fixes the following issues:
- CVE-2022-49043: Fixed a use-after-free in xmlXIncludeAddNode. (bsc#1236460)
ImportantSUSE bug 1236460CVE-2022-49043 at SUSECVE-2022-49043 at NVDcpe:/o:suse:sle-micro:5.4Security update for nvidia-open-driver-G06-signed (Important)SUSE Linux Enterprise Micro 5.4
This update for nvidia-open-driver-G06-signed fixes the following issues:
Updated CUDA variant to 580.82.07:
- CVE-2025-23277: Fixed access memory outside bounds permitted under normal
use cases in NVIDIA Display Driver (bsc#1247528).
- CVE-2025-23278: Fixed improper index validation by issuing a call with
crafted parameters in NVIDIA Display Driver (bsc#1247529).
- CVE-2025-23286: Fixed invalid memory read in NVIDIA GPU Display Driver (bsc#1247530).
- CVE-2025-23283: Fixed stack buffer overflow triggerable by a malicious guest
in Virtual GPU Manager in NVIDIA vGPU software (bsc#1247531).
- CVE-2025-23279: Fixed race condition that lead to privileges escalations
in NVIDIA .run Installer (bsc#1247532).
Update non-CUDA variant to 580.82.07 (bsc#1249235).
Other fixes:
- Added Requires to be provided by special versions of nvidia-modprobe and
nvidia-persitenced built against SP4 (bsc#1237208, jsc#PED-13295).
- Get rid of rule of older KMPs not to load nvidia_drm module, which
are still installed in parallel and therefore still active (bsc#1247923).
ImportantSUSE bug 1236658SUSE bug 1236746SUSE bug 1237208SUSE bug 1237308SUSE bug 1237585SUSE bug 1239139SUSE bug 1239653SUSE bug 1241231SUSE bug 1242054SUSE bug 1243192SUSE bug 1244614SUSE bug 1246010SUSE bug 1246327SUSE bug 1247528SUSE bug 1247529SUSE bug 1247530SUSE bug 1247531SUSE bug 1247532SUSE bug 1247907SUSE bug 1247923SUSE bug 1249235CVE-2025-23277 at SUSECVE-2025-23277 at NVDCVE-2025-23278 at SUSECVE-2025-23278 at NVDCVE-2025-23279 at SUSECVE-2025-23279 at NVDCVE-2025-23283 at SUSECVE-2025-23283 at NVDCVE-2025-23286 at SUSECVE-2025-23286 at NVDcpe:/o:suse:sle-micro:5.4Security update for krb5 (Moderate)SUSE Linux Enterprise Micro 5.4
This update for krb5 fixes the following issues:
- CVE-2025-24528: Fixed out-of-bounds write caused by overflow when calculating ulog block size can lead to process crash (bsc#1236619).
ModerateSUSE bug 1236619CVE-2025-24528 at SUSECVE-2025-24528 at NVDcpe:/o:suse:sle-micro:5.4Security update for open-vm-tools (Important)SUSE Linux Enterprise Micro 5.4
This update for open-vm-tools fixes the following issues:
- CVE-2025-41244: local privilege escalation via the Service Discovery Plugin (bsc#1250373).
ImportantSUSE bug 1250373CVE-2025-41244 at SUSECVE-2025-41244 at NVDcpe:/o:suse:sle-micro:5.4Security update for openssl-1_1 (Important)SUSE Linux Enterprise Micro 5.4
This update for openssl-1_1 fixes the following issues:
- CVE-2025-9230: incorrect check of key size can lead to out-of-bounds read and write in RFC 3211 KEK unwrap
(bsc#1250232).
ImportantSUSE bug 1250232CVE-2025-9230 at SUSECVE-2025-9230 at NVDcpe:/o:suse:sle-micro:5.4Security update for openssl-3 (Important)SUSE Linux Enterprise Micro 5.4
This update for openssl-3 fixes the following issues:
- CVE-2025-9230: incorrect check of key size can lead to out-of-bounds read and write in RFC 3211 KEK unwrap
(bsc#1250232).
ImportantSUSE bug 1250232CVE-2025-9230 at SUSECVE-2025-9230 at NVDcpe:/o:suse:sle-micro:5.4Security update for orc (Important)SUSE Linux Enterprise Micro 5.4
This update for orc fixes the following issues:
- CVE-2024-40897: Fixed stack-based buffer overflow in the Orc compiler when
formatting error messages for certain input files (bsc#1228184)
ImportantSUSE bug 1228184CVE-2024-40897 at SUSECVE-2024-40897 at NVDcpe:/o:suse:sle-micro:5.4Security update for openssl-1_1 (Moderate)SUSE Linux Enterprise Micro 5.4
This update for openssl-1_1 fixes the following issues:
- CVE-2024-13176: Fixed timing side-channel in the ECDSA signature computation (bsc#1236136)
ModerateSUSE bug 1236136CVE-2024-13176 at SUSECVE-2024-13176 at NVDcpe:/o:suse:sle-micro:5.4Security update for podman (Important)SUSE Linux Enterprise Micro 5.4
This update for podman fixes the following issues:
- CVE-2025-9566: fixed an issue in kube play command that could cause overwriting host files (bsc#1249154)
ImportantSUSE bug 1249154CVE-2025-9566 at SUSECVE-2025-9566 at NVDcpe:/o:suse:sle-micro:5.4Security update for haproxy (Moderate)SUSE Linux Enterprise Micro 5.4
This update for haproxy fixes the following issues:
- CVE-2025-11230: Fixed issue in the mjson JSON decoder, that could have let to excessive
resource consumption when processing numbers with large exponents (bsc#1250983).
ModerateSUSE bug 1250983CVE-2025-11230 at SUSECVE-2025-11230 at NVDcpe:/o:suse:sle-micro:5.4Security update for samba (Critical)SUSE Linux Enterprise Micro 5.4
This update for samba fixes the following issues:
- CVE-2025-9640: Fixed uninitialized memory disclosure via vfs_streams_xattr (bsc#1251279).
- CVE-2025-10230: Fixed command Injection in WINS server hook script (bsc#1251280).
CriticalSUSE bug 1251279SUSE bug 1251280CVE-2025-10230 at SUSECVE-2025-10230 at NVDCVE-2025-9640 at SUSECVE-2025-9640 at NVDcpe:/o:suse:sle-micro:5.4Security update for expat (Important)SUSE Linux Enterprise Micro 5.4
This update for expat fixes the following issues:
- CVE-2025-59375: memory amplification vulnerability allows attackers to trigger excessive dynamic memory allocations
by submitting crafted XML input (bsc#1249584).
ImportantSUSE bug 1249584CVE-2025-59375 at SUSECVE-2025-59375 at NVDcpe:/o:suse:sle-micro:5.4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.4
The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2022-49138: Bluetooth: hci_event: Fix checking conn for le_conn_complete_evt (bsc#1238160).
- CVE-2022-49980: USB: gadget: fix use-after-free read in usb_udc_uevent() (bsc#1245110).
- CVE-2022-50233: Bluetooth: eir: Fix using strlen with hdev->{dev_name,short_name} (bsc#1246968).
- CVE-2022-50252: igb: Do not free q_vector unless new one was allocated (bsc#1249846).
- CVE-2022-50409: net: If sock is dead do not access sock's sk_wq in sk_stream_wait_memory (bsc#1250392).
- CVE-2023-53178: mm: fix zswap writeback race condition (bsc#1249827).
- CVE-2023-53321: wifi: mac80211_hwsim: drop short frames (bsc#1250313).
- CVE-2023-53438: x86/MCE: Always save CS register on AMD Zen IF Poison errors (bsc#1250180).
- CVE-2025-23155: net: stmmac: Fix accessing freed irq affinity_hint (bsc#1242573).
- CVE-2025-37738: ext4: ignore xattrs past end (bsc#1242846).
- CVE-2025-37885: KVM: x86: Reset IRTE to host control if *new* route isn't postable (bsc#1242960).
- CVE-2025-37958: mm/huge_memory: fix dereferencing invalid pmd migration entry (bsc#1243539).
- CVE-2025-38014: dmaengine: idxd: Refactor remove call with idxd_cleanup() helper (bsc#1244732).
- CVE-2025-38084: mm/hugetlb: unshare page tables during VMA split, not before (bsc#1245498).
- CVE-2025-38085: mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race (bsc#1245499).
- CVE-2025-38111: net/mdiobus: Fix potential out-of-bounds read/write access (bsc#1245666).
- CVE-2025-38184: tipc: fix null-ptr-deref when acquiring remote ip of ethernet bearer (bsc#1245956).
- CVE-2025-38380: i2c/designware: Fix an initialization issue (bsc#1247028).
- CVE-2025-38470: net: vlan: fix VLAN 0 refcount imbalance of toggling filtering during runtime (bsc#1247288).
- CVE-2025-38476: rpl: Fix use-after-free in rpl_do_srh_inline() (bsc#1247317).
- CVE-2025-38488: smb: client: fix use-after-free in crypt_message when using async crypto (bsc#1247239).
- CVE-2025-38553: net/sched: Restrict conditions for adding duplicating netems to qdisc tree (bsc#1248255).
- CVE-2025-38572: ipv6: reject malicious packets in ipv6_gso_segment() (bsc#1248399).
- CVE-2025-38659: gfs2: No more self recovery (bsc#1248639).
- CVE-2025-38664: ice: Fix a null pointer dereference in ice_copy_and_init_pkg() (bsc#1248628).
- CVE-2025-38678: netfilter: nf_tables: reject duplicate device on updates (bsc#1249126).
- CVE-2025-38685: fbdev: Fix vmalloc out-of-bounds write in fast_imageblit (bsc#1249220).
- CVE-2025-38706: ASoC: core: Check for rtd == NULL in snd_soc_remove_pcm_runtime() (bsc#1249195).
- CVE-2025-38713: hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc() (bsc#1249200).
- CVE-2025-38734: net/smc: fix UAF on smcsk after smc_listen_out() (bsc#1249324).
- CVE-2025-39691: fs/buffer: fix use-after-free when call bh_read() helper (bsc#1249374).
- CVE-2025-39703: net, hsr: reject HSR frame if skb can't hold tag (bsc#1249315).
- CVE-2025-39726: s390/ism: fix concurrency management in ism_cmd() (bsc#1249266).
- CVE-2025-39746: wifi: ath10k: shutdown driver when hardware is unreliable (bsc#1249516).
- CVE-2025-39751: ALSA: hda/ca0132: Fix buffer overflow in add_tuning_control (bsc#1249538).
- CVE-2025-39790: bus: mhi: host: Detect events pointing to unexpected TREs (bsc#1249548).
- CVE-2025-39797: xfrm: xfrm_alloc_spi shouldn't use 0 as SPI (bsc#1249608).
- CVE-2025-39823: KVM: x86: use array_index_nospec with indices that come from guest (bsc#1250002).
- CVE-2025-39824: HID: asus: fix UAF via HID_CLAIMED_INPUT validation (bsc#1250007).
- CVE-2025-39860: Bluetooth: Fix use-after-free in l2cap_sock_cleanup_listen() (bsc#1250247).
- CVE-2025-39869: dmaengine: ti: edma: Fix memory allocation size for queue_priority_map (bsc#1250406).
The following non-security bugs were fixed:
- Limit patch filenames to 100 characters (bsc#1249604).
- Move pesign-obs-integration requirement from kernel-syms to kernel devel subpackage (bsc#1248108).
- README.BRANCH: Add Lidong Zhong as a SLE15-SP4-LTSS co-maintainer.
- Revert backported patches for bsc#1238160 because the CVSS less than 7.0
- Update config files. (bsc#1249186) Enable where we define KABI refs + rely on Kconfig deps.
- btrfs: avoid NULL pointer dereference if no valid extent tree (bsc#1249158).
- build_bug.h: Add KABI assert (bsc#1249186).
- kabi/severities: ignore kABI for atheros helper modules The symbols are used only internally by atheros drivers.
- kernel-binary: Another installation ordering fix (bsc#1241353).
- kernel-source: Do not list mkspec and its inputs as sources (bsc#1250522).
- kernel-subpackage-build: Decompress ghost file when compressed version exists (bsc#1249346)
- kernel-syms.spec: Drop old rpm release number hack (bsc#1247172).
- net/sched: ets: use old 'nbands' while purging unused classes (git-fixes).
- netfilter: nft_objref: validate objref and objrefmap expressions (bsc#1250237).
- rpm/kernel-subpackage-spec: Skip brp-strip-debug to avoid file truncation (bsc#1246879).
- rpm/mkspec: Fix missing kernel-syms-rt creation (bsc#1244337).
- rpm: Configure KABI checkingness macro (bsc#1249186).
- rpm: Drop support for kabi/arch/ignore-flavor (bsc#1249186).
- rpm: Link arch-symbols script from scripts directory.
- rpm: Link guards script from scripts directory.
- use uniform permission checks for all mount propagation changes (git-fixes).
ImportantSUSE bug 1065729SUSE bug 1164051SUSE bug 1193629SUSE bug 1194869SUSE bug 1202700SUSE bug 1203063SUSE bug 1203332SUSE bug 1204228SUSE bug 1205128SUSE bug 1206456SUSE bug 1206468SUSE bug 1206883SUSE bug 1206884SUSE bug 1207158SUSE bug 1207621SUSE bug 1207624SUSE bug 1207625SUSE bug 1207628SUSE bug 1207629SUSE bug 1207631SUSE bug 1207645SUSE bug 1207651SUSE bug 1208607SUSE bug 1209287SUSE bug 1209291SUSE bug 1210584SUSE bug 1211960SUSE bug 1212603SUSE bug 1213015SUSE bug 1213016SUSE bug 1213040SUSE bug 1213041SUSE bug 1213061SUSE bug 1213099SUSE bug 1213104SUSE bug 1213666SUSE bug 1213747SUSE bug 1214953SUSE bug 1214967SUSE bug 1215150SUSE bug 1215696SUSE bug 1215911SUSE bug 1216976SUSE bug 1217790SUSE bug 1220185SUSE bug 1220186SUSE bug 1236104SUSE bug 1238160SUSE bug 1241353SUSE bug 1242573SUSE bug 1242846SUSE bug 1242960SUSE bug 1243539SUSE bug 1244337SUSE bug 1244732SUSE bug 1245110SUSE bug 1245498SUSE bug 1245499SUSE bug 1245666SUSE bug 1245956SUSE bug 1246879SUSE bug 1246968SUSE bug 1247028SUSE bug 1247172SUSE bug 1247239SUSE bug 1247288SUSE bug 1247317SUSE bug 1248108SUSE bug 1248255SUSE bug 1248399SUSE bug 1248628SUSE bug 1248639SUSE bug 1248847SUSE bug 1249126SUSE bug 1249158SUSE bug 1249186SUSE bug 1249195SUSE bug 1249200SUSE bug 1249220SUSE bug 1249266SUSE bug 1249315SUSE bug 1249324SUSE bug 1249346SUSE bug 1249374SUSE bug 1249516SUSE bug 1249538SUSE bug 1249548SUSE bug 1249604SUSE bug 1249608SUSE bug 1249638SUSE bug 1249639SUSE bug 1249641SUSE bug 1249642SUSE bug 1249650SUSE bug 1249651SUSE bug 1249658SUSE bug 1249661SUSE bug 1249664SUSE bug 1249667SUSE bug 1249669SUSE bug 1249677SUSE bug 1249681SUSE bug 1249683SUSE bug 1249685SUSE bug 1249687SUSE bug 1249691SUSE bug 1249695SUSE bug 1249699SUSE bug 1249700SUSE bug 1249701SUSE bug 1249705SUSE bug 1249706SUSE bug 1249707SUSE bug 1249709SUSE bug 1249712SUSE bug 1249713SUSE bug 1249715SUSE bug 1249716SUSE bug 1249718SUSE bug 1249722SUSE bug 1249727SUSE bug 1249730SUSE bug 1249733SUSE bug 1249734SUSE bug 1249739SUSE bug 1249740SUSE bug 1249741SUSE bug 1249742SUSE bug 1249743SUSE bug 1249745SUSE bug 1249746SUSE bug 1249747SUSE bug 1249749SUSE bug 1249750SUSE bug 1249751SUSE bug 1249753SUSE bug 1249758SUSE bug 1249762SUSE bug 1249767SUSE bug 1249777SUSE bug 1249781SUSE bug 1249784SUSE bug 1249791SUSE bug 1249799SUSE bug 1249808SUSE bug 1249810SUSE bug 1249820SUSE bug 1249825SUSE bug 1249827SUSE bug 1249836SUSE bug 1249840SUSE bug 1249844SUSE bug 1249846SUSE bug 1249853SUSE bug 1249858SUSE bug 1249860SUSE bug 1249864SUSE bug 1249865SUSE bug 1249866SUSE bug 1249867SUSE bug 1249868SUSE bug 1249872SUSE bug 1249877SUSE bug 1249880SUSE bug 1249882SUSE bug 1249885SUSE bug 1249890SUSE bug 1249892SUSE bug 1249908SUSE bug 1249910SUSE bug 1249911SUSE bug 1249914SUSE bug 1249917SUSE bug 1249918SUSE bug 1249920SUSE bug 1249923SUSE bug 1249924SUSE bug 1249925SUSE bug 1249927SUSE bug 1249928SUSE bug 1249930SUSE bug 1249933SUSE bug 1249934SUSE bug 1249936SUSE bug 1249938SUSE bug 1249939SUSE bug 1249944SUSE bug 1249947SUSE bug 1249949SUSE bug 1249950SUSE bug 1249954SUSE bug 1249958SUSE bug 1249979SUSE bug 1249981SUSE bug 1249991SUSE bug 1249997SUSE bug 1250002SUSE bug 1250006SUSE bug 1250007SUSE bug 1250009SUSE bug 1250010SUSE bug 1250011SUSE bug 1250014SUSE bug 1250015SUSE bug 1250023SUSE bug 1250024SUSE bug 1250026SUSE bug 1250039SUSE bug 1250041SUSE bug 1250043SUSE bug 1250044SUSE bug 1250047SUSE bug 1250049SUSE bug 1250052SUSE bug 1250055SUSE bug 1250058SUSE bug 1250060SUSE bug 1250062SUSE bug 1250065SUSE bug 1250066SUSE bug 1250070SUSE bug 1250071SUSE bug 1250072SUSE bug 1250077SUSE bug 1250080SUSE bug 1250081SUSE bug 1250083SUSE bug 1250105SUSE bug 1250106SUSE bug 1250107SUSE bug 1250108SUSE bug 1250114SUSE bug 1250118SUSE bug 1250121SUSE bug 1250127SUSE bug 1250128SUSE bug 1250131SUSE bug 1250132SUSE bug 1250137SUSE bug 1250138SUSE bug 1250140SUSE bug 1250145SUSE bug 1250151SUSE bug 1250153SUSE bug 1250156SUSE bug 1250159SUSE bug 1250161SUSE bug 1250168SUSE bug 1250178SUSE bug 1250180SUSE bug 1250181SUSE bug 1250182SUSE bug 1250183SUSE bug 1250184SUSE bug 1250187SUSE bug 1250191SUSE bug 1250197SUSE bug 1250198SUSE bug 1250200SUSE bug 1250209SUSE bug 1250211SUSE bug 1250237SUSE bug 1250245SUSE bug 1250247SUSE bug 1250250SUSE bug 1250257SUSE bug 1250264SUSE bug 1250269SUSE bug 1250277SUSE bug 1250287SUSE bug 1250293SUSE bug 1250301SUSE bug 1250303SUSE bug 1250309SUSE bug 1250311SUSE bug 1250313SUSE bug 1250315SUSE bug 1250316SUSE bug 1250322SUSE bug 1250323SUSE bug 1250324SUSE bug 1250325SUSE bug 1250328SUSE bug 1250331SUSE bug 1250358SUSE bug 1250362SUSE bug 1250363SUSE bug 1250370SUSE bug 1250374SUSE bug 1250391SUSE bug 1250392SUSE bug 1250393SUSE bug 1250394SUSE bug 1250395SUSE bug 1250406SUSE bug 1250412SUSE bug 1250418SUSE bug 1250425SUSE bug 1250428SUSE bug 1250453SUSE bug 1250454SUSE bug 1250457SUSE bug 1250459SUSE bug 1250522SUSE bug 1250759SUSE bug 1250761SUSE bug 1250762SUSE bug 1250763SUSE bug 1250767SUSE bug 1250768SUSE bug 1250774SUSE bug 1250781SUSE bug 1250784SUSE bug 1250786SUSE bug 1250787SUSE bug 1250790SUSE bug 1250791SUSE bug 1250792SUSE bug 1250797SUSE bug 1250799SUSE bug 1250807SUSE bug 1250810SUSE bug 1250811SUSE bug 1250818SUSE bug 1250819SUSE bug 1250822SUSE bug 1250823SUSE bug 1250824SUSE bug 1250825SUSE bug 1250830SUSE bug 1250831SUSE bug 1250839SUSE bug 1250841SUSE bug 1250842SUSE bug 1250843SUSE bug 1250846SUSE bug 1250847SUSE bug 1250848SUSE bug 1250850SUSE bug 1250851SUSE bug 1250853SUSE bug 1250856SUSE bug 1250863SUSE bug 1250864SUSE bug 1250866SUSE bug 1250867SUSE bug 1250868SUSE bug 1250872SUSE bug 1250874SUSE bug 1250875SUSE bug 1250877SUSE bug 1250879SUSE bug 1250883SUSE bug 1250887SUSE bug 1250888SUSE bug 1250889SUSE bug 1250890SUSE bug 1250891SUSE bug 1250905SUSE bug 1250915SUSE bug 1250917SUSE bug 1250923SUSE bug 1250927SUSE bug 1250928SUSE bug 1250948SUSE bug 1250949SUSE bug 1250953SUSE bug 1250955SUSE bug 1250963SUSE bug 1250964SUSE bug 1250965CVE-2022-2602 at SUSECVE-2022-2602 at NVDCVE-2022-2978 at SUSECVE-2022-2978 at NVDCVE-2022-36280 at SUSECVE-2022-36280 at NVDCVE-2022-43945 at SUSECVE-2022-43945 at NVDCVE-2022-49138 at SUSECVE-2022-49138 at NVDCVE-2022-49980 at SUSECVE-2022-49980 at NVDCVE-2022-50233 at SUSECVE-2022-50233 at NVDCVE-2022-50234 at SUSECVE-2022-50234 at NVDCVE-2022-50235 at SUSECVE-2022-50235 at NVDCVE-2022-50239 at SUSECVE-2022-50239 at NVDCVE-2022-50241 at SUSECVE-2022-50241 at NVDCVE-2022-50246 at SUSECVE-2022-50246 at NVDCVE-2022-50247 at SUSECVE-2022-50247 at NVDCVE-2022-50248 at SUSECVE-2022-50248 at NVDCVE-2022-50249 at SUSECVE-2022-50249 at NVDCVE-2022-50250 at SUSECVE-2022-50250 at NVDCVE-2022-50251 at SUSECVE-2022-50251 at NVDCVE-2022-50252 at SUSECVE-2022-50252 at NVDCVE-2022-50255 at SUSECVE-2022-50255 at NVDCVE-2022-50257 at SUSECVE-2022-50257 at NVDCVE-2022-50258 at SUSECVE-2022-50258 at NVDCVE-2022-50260 at SUSECVE-2022-50260 at NVDCVE-2022-50261 at SUSECVE-2022-50261 at NVDCVE-2022-50264 at SUSECVE-2022-50264 at NVDCVE-2022-50266 at SUSECVE-2022-50266 at NVDCVE-2022-50267 at SUSECVE-2022-50267 at NVDCVE-2022-50268 at SUSECVE-2022-50268 at NVDCVE-2022-50269 at SUSECVE-2022-50269 at NVDCVE-2022-50271 at SUSECVE-2022-50271 at NVDCVE-2022-50272 at SUSECVE-2022-50272 at NVDCVE-2022-50275 at SUSECVE-2022-50275 at NVDCVE-2022-50276 at SUSECVE-2022-50276 at NVDCVE-2022-50277 at SUSECVE-2022-50277 at NVDCVE-2022-50278 at SUSECVE-2022-50278 at NVDCVE-2022-50279 at SUSECVE-2022-50279 at NVDCVE-2022-50282 at SUSECVE-2022-50282 at NVDCVE-2022-50286 at SUSECVE-2022-50286 at NVDCVE-2022-50289 at SUSECVE-2022-50289 at NVDCVE-2022-50294 at SUSECVE-2022-50294 at NVDCVE-2022-50297 at SUSECVE-2022-50297 at NVDCVE-2022-50298 at SUSECVE-2022-50298 at NVDCVE-2022-50299 at SUSECVE-2022-50299 at NVDCVE-2022-50301 at SUSECVE-2022-50301 at NVDCVE-2022-50308 at SUSECVE-2022-50308 at NVDCVE-2022-50309 at SUSECVE-2022-50309 at NVDCVE-2022-50312 at SUSECVE-2022-50312 at NVDCVE-2022-50317 at SUSECVE-2022-50317 at NVDCVE-2022-50318 at SUSECVE-2022-50318 at NVDCVE-2022-50320 at SUSECVE-2022-50320 at NVDCVE-2022-50321 at SUSECVE-2022-50321 at NVDCVE-2022-50324 at SUSECVE-2022-50324 at NVDCVE-2022-50328 at SUSECVE-2022-50328 at NVDCVE-2022-50329 at SUSECVE-2022-50329 at NVDCVE-2022-50330 at SUSECVE-2022-50330 at NVDCVE-2022-50331 at SUSECVE-2022-50331 at NVDCVE-2022-50333 at SUSECVE-2022-50333 at NVDCVE-2022-50340 at SUSECVE-2022-50340 at NVDCVE-2022-50342 at SUSECVE-2022-50342 at NVDCVE-2022-50344 at SUSECVE-2022-50344 at NVDCVE-2022-50346 at SUSECVE-2022-50346 at NVDCVE-2022-50347 at SUSECVE-2022-50347 at NVDCVE-2022-50348 at SUSECVE-2022-50348 at NVDCVE-2022-50349 at SUSECVE-2022-50349 at NVDCVE-2022-50351 at SUSECVE-2022-50351 at NVDCVE-2022-50353 at SUSECVE-2022-50353 at NVDCVE-2022-50355 at SUSECVE-2022-50355 at NVDCVE-2022-50358 at SUSECVE-2022-50358 at NVDCVE-2022-50359 at SUSECVE-2022-50359 at NVDCVE-2022-50362 at SUSECVE-2022-50362 at NVDCVE-2022-50364 at SUSECVE-2022-50364 at NVDCVE-2022-50367 at SUSECVE-2022-50367 at NVDCVE-2022-50368 at SUSECVE-2022-50368 at NVDCVE-2022-50369 at SUSECVE-2022-50369 at NVDCVE-2022-50370 at SUSECVE-2022-50370 at NVDCVE-2022-50372 at SUSECVE-2022-50372 at NVDCVE-2022-50373 at SUSECVE-2022-50373 at NVDCVE-2022-50374 at SUSECVE-2022-50374 at NVDCVE-2022-50375 at SUSECVE-2022-50375 at NVDCVE-2022-50376 at SUSECVE-2022-50376 at NVDCVE-2022-50379 at SUSECVE-2022-50379 at NVDCVE-2022-50381 at SUSECVE-2022-50381 at NVDCVE-2022-50385 at SUSECVE-2022-50385 at NVDCVE-2022-50386 at SUSECVE-2022-50386 at NVDCVE-2022-50388 at SUSECVE-2022-50388 at NVDCVE-2022-50389 at SUSECVE-2022-50389 at NVDCVE-2022-50391 at SUSECVE-2022-50391 at NVDCVE-2022-50392 at SUSECVE-2022-50392 at NVDCVE-2022-50394 at SUSECVE-2022-50394 at NVDCVE-2022-50395 at SUSECVE-2022-50395 at NVDCVE-2022-50399 at SUSECVE-2022-50399 at NVDCVE-2022-50401 at SUSECVE-2022-50401 at NVDCVE-2022-50402 at SUSECVE-2022-50402 at NVDCVE-2022-50404 at SUSECVE-2022-50404 at NVDCVE-2022-50408 at SUSECVE-2022-50408 at NVDCVE-2022-50409 at SUSECVE-2022-50409 at NVDCVE-2022-50410 at SUSECVE-2022-50410 at NVDCVE-2022-50411 at SUSECVE-2022-50411 at NVDCVE-2022-50414 at SUSECVE-2022-50414 at NVDCVE-2022-50417 at SUSECVE-2022-50417 at NVDCVE-2022-50419 at SUSECVE-2022-50419 at NVDCVE-2022-50422 at SUSECVE-2022-50422 at NVDCVE-2022-50423 at SUSECVE-2022-50423 at NVDCVE-2022-50425 at SUSECVE-2022-50425 at NVDCVE-2022-50427 at SUSECVE-2022-50427 at NVDCVE-2022-50428 at SUSECVE-2022-50428 at NVDCVE-2022-50429 at SUSECVE-2022-50429 at NVDCVE-2022-50430 at SUSECVE-2022-50430 at NVDCVE-2022-50431 at SUSECVE-2022-50431 at NVDCVE-2022-50432 at SUSECVE-2022-50432 at NVDCVE-2022-50434 at SUSECVE-2022-50434 at NVDCVE-2022-50435 at SUSECVE-2022-50435 at NVDCVE-2022-50436 at SUSECVE-2022-50436 at NVDCVE-2022-50437 at SUSECVE-2022-50437 at NVDCVE-2022-50439 at SUSECVE-2022-50439 at NVDCVE-2022-50440 at SUSECVE-2022-50440 at NVDCVE-2022-50443 at SUSECVE-2022-50443 at NVDCVE-2022-50444 at SUSECVE-2022-50444 at NVDCVE-2022-50449 at SUSECVE-2022-50449 at NVDCVE-2022-50453 at SUSECVE-2022-50453 at NVDCVE-2022-50454 at SUSECVE-2022-50454 at NVDCVE-2022-50456 at SUSECVE-2022-50456 at NVDCVE-2022-50458 at SUSECVE-2022-50458 at NVDCVE-2022-50459 at SUSECVE-2022-50459 at NVDCVE-2022-50460 at SUSECVE-2022-50460 at NVDCVE-2022-50465 at SUSECVE-2022-50465 at NVDCVE-2022-50466 at SUSECVE-2022-50466 at NVDCVE-2022-50467 at SUSECVE-2022-50467 at NVDCVE-2022-50468 at SUSECVE-2022-50468 at NVDCVE-2022-50469 at SUSECVE-2022-50469 at NVDCVE-2023-1380 at SUSECVE-2023-1380 at NVDCVE-2023-28328 at SUSECVE-2023-28328 at NVDCVE-2023-31248 at SUSECVE-2023-31248 at NVDCVE-2023-3772 at SUSECVE-2023-3772 at NVDCVE-2023-39197 at SUSECVE-2023-39197 at NVDCVE-2023-42753 at SUSECVE-2023-42753 at NVDCVE-2023-52923 at SUSECVE-2023-52923 at NVDCVE-2023-53147 at SUSECVE-2023-53147 at NVDCVE-2023-53149 at SUSECVE-2023-53149 at NVDCVE-2023-53150 at SUSECVE-2023-53150 at NVDCVE-2023-53151 at SUSECVE-2023-53151 at NVDCVE-2023-53153 at SUSECVE-2023-53153 at NVDCVE-2023-53165 at SUSECVE-2023-53165 at NVDCVE-2023-53167 at SUSECVE-2023-53167 at NVDCVE-2023-53171 at SUSECVE-2023-53171 at NVDCVE-2023-53174 at SUSECVE-2023-53174 at NVDCVE-2023-53176 at SUSECVE-2023-53176 at NVDCVE-2023-53178 at SUSECVE-2023-53178 at NVDCVE-2023-53179 at SUSECVE-2023-53179 at NVDCVE-2023-53182 at SUSECVE-2023-53182 at NVDCVE-2023-53185 at SUSECVE-2023-53185 at NVDCVE-2023-53196 at SUSECVE-2023-53196 at NVDCVE-2023-53197 at SUSECVE-2023-53197 at NVDCVE-2023-53199 at SUSECVE-2023-53199 at NVDCVE-2023-53201 at SUSECVE-2023-53201 at NVDCVE-2023-53205 at SUSECVE-2023-53205 at NVDCVE-2023-53213 at SUSECVE-2023-53213 at NVDCVE-2023-53216 at SUSECVE-2023-53216 at NVDCVE-2023-53219 at SUSECVE-2023-53219 at NVDCVE-2023-53222 at SUSECVE-2023-53222 at NVDCVE-2023-53223 at SUSECVE-2023-53223 at NVDCVE-2023-53226 at SUSECVE-2023-53226 at NVDCVE-2023-53229 at SUSECVE-2023-53229 at NVDCVE-2023-53230 at SUSECVE-2023-53230 at NVDCVE-2023-53234 at SUSECVE-2023-53234 at NVDCVE-2023-53238 at SUSECVE-2023-53238 at NVDCVE-2023-53239 at SUSECVE-2023-53239 at NVDCVE-2023-53241 at SUSECVE-2023-53241 at NVDCVE-2023-53242 at SUSECVE-2023-53242 at NVDCVE-2023-53244 at SUSECVE-2023-53244 at NVDCVE-2023-53245 at SUSECVE-2023-53245 at NVDCVE-2023-53246 at SUSECVE-2023-53246 at NVDCVE-2023-53249 at SUSECVE-2023-53249 at NVDCVE-2023-53250 at SUSECVE-2023-53250 at NVDCVE-2023-53251 at SUSECVE-2023-53251 at NVDCVE-2023-53255 at SUSECVE-2023-53255 at NVDCVE-2023-53259 at SUSECVE-2023-53259 at NVDCVE-2023-53265 at SUSECVE-2023-53265 at NVDCVE-2023-53268 at SUSECVE-2023-53268 at NVDCVE-2023-53270 at SUSECVE-2023-53270 at NVDCVE-2023-53272 at SUSECVE-2023-53272 at NVDCVE-2023-53273 at SUSECVE-2023-53273 at NVDCVE-2023-53275 at SUSECVE-2023-53275 at NVDCVE-2023-53276 at SUSECVE-2023-53276 at NVDCVE-2023-53277 at SUSECVE-2023-53277 at NVDCVE-2023-53280 at SUSECVE-2023-53280 at NVDCVE-2023-53281 at SUSECVE-2023-53281 at NVDCVE-2023-53282 at SUSECVE-2023-53282 at NVDCVE-2023-53286 at SUSECVE-2023-53286 at NVDCVE-2023-53288 at SUSECVE-2023-53288 at NVDCVE-2023-53295 at SUSECVE-2023-53295 at NVDCVE-2023-53297 at SUSECVE-2023-53297 at NVDCVE-2023-53298 at SUSECVE-2023-53298 at NVDCVE-2023-53299 at SUSECVE-2023-53299 at NVDCVE-2023-53302 at SUSECVE-2023-53302 at NVDCVE-2023-53304 at SUSECVE-2023-53304 at NVDCVE-2023-53305 at SUSECVE-2023-53305 at NVDCVE-2023-53307 at SUSECVE-2023-53307 at NVDCVE-2023-53309 at SUSECVE-2023-53309 at NVDCVE-2023-53311 at SUSECVE-2023-53311 at NVDCVE-2023-53313 at SUSECVE-2023-53313 at NVDCVE-2023-53314 at SUSECVE-2023-53314 at NVDCVE-2023-53315 at SUSECVE-2023-53315 at NVDCVE-2023-53316 at SUSECVE-2023-53316 at NVDCVE-2023-53317 at SUSECVE-2023-53317 at NVDCVE-2023-53321 at SUSECVE-2023-53321 at NVDCVE-2023-53322 at SUSECVE-2023-53322 at NVDCVE-2023-53324 at SUSECVE-2023-53324 at NVDCVE-2023-53326 at SUSECVE-2023-53326 at NVDCVE-2023-53330 at SUSECVE-2023-53330 at NVDCVE-2023-53331 at SUSECVE-2023-53331 at NVDCVE-2023-53333 at SUSECVE-2023-53333 at NVDCVE-2023-53334 at SUSECVE-2023-53334 at NVDCVE-2023-53335 at SUSECVE-2023-53335 at NVDCVE-2023-53337 at SUSECVE-2023-53337 at NVDCVE-2023-53344 at SUSECVE-2023-53344 at NVDCVE-2023-53349 at SUSECVE-2023-53349 at NVDCVE-2023-53352 at SUSECVE-2023-53352 at NVDCVE-2023-53356 at SUSECVE-2023-53356 at NVDCVE-2023-53359 at SUSECVE-2023-53359 at NVDCVE-2023-53368 at SUSECVE-2023-53368 at NVDCVE-2023-53373 at SUSECVE-2023-53373 at NVDCVE-2023-53375 at SUSECVE-2023-53375 at NVDCVE-2023-53377 at SUSECVE-2023-53377 at NVDCVE-2023-53379 at SUSECVE-2023-53379 at NVDCVE-2023-53380 at SUSECVE-2023-53380 at NVDCVE-2023-53381 at SUSECVE-2023-53381 at NVDCVE-2023-53384 at SUSECVE-2023-53384 at NVDCVE-2023-53386 at SUSECVE-2023-53386 at NVDCVE-2023-53388 at SUSECVE-2023-53388 at NVDCVE-2023-53390 at SUSECVE-2023-53390 at NVDCVE-2023-53393 at SUSECVE-2023-53393 at NVDCVE-2023-53395 at SUSECVE-2023-53395 at NVDCVE-2023-53396 at SUSECVE-2023-53396 at NVDCVE-2023-53400 at SUSECVE-2023-53400 at NVDCVE-2023-53404 at SUSECVE-2023-53404 at NVDCVE-2023-53405 at SUSECVE-2023-53405 at NVDCVE-2023-53406 at SUSECVE-2023-53406 at NVDCVE-2023-53409 at SUSECVE-2023-53409 at NVDCVE-2023-53413 at SUSECVE-2023-53413 at NVDCVE-2023-53414 at SUSECVE-2023-53414 at NVDCVE-2023-53415 at SUSECVE-2023-53415 at NVDCVE-2023-53416 at SUSECVE-2023-53416 at NVDCVE-2023-53422 at SUSECVE-2023-53422 at NVDCVE-2023-53427 at SUSECVE-2023-53427 at NVDCVE-2023-53431 at SUSECVE-2023-53431 at NVDCVE-2023-53435 at SUSECVE-2023-53435 at NVDCVE-2023-53436 at SUSECVE-2023-53436 at NVDCVE-2023-53437 at SUSECVE-2023-53437 at NVDCVE-2023-53438 at SUSECVE-2023-53438 at NVDCVE-2023-53440 at SUSECVE-2023-53440 at NVDCVE-2023-53443 at SUSECVE-2023-53443 at NVDCVE-2023-53446 at SUSECVE-2023-53446 at NVDCVE-2023-53449 at SUSECVE-2023-53449 at NVDCVE-2023-53451 at SUSECVE-2023-53451 at NVDCVE-2023-53452 at SUSECVE-2023-53452 at NVDCVE-2023-53453 at SUSECVE-2023-53453 at NVDCVE-2023-53454 at SUSECVE-2023-53454 at NVDCVE-2023-53457 at SUSECVE-2023-53457 at NVDCVE-2023-53458 at SUSECVE-2023-53458 at NVDCVE-2023-53463 at SUSECVE-2023-53463 at NVDCVE-2023-53464 at SUSECVE-2023-53464 at NVDCVE-2023-53465 at SUSECVE-2023-53465 at NVDCVE-2023-53468 at SUSECVE-2023-53468 at NVDCVE-2023-53471 at SUSECVE-2023-53471 at NVDCVE-2023-53472 at SUSECVE-2023-53472 at NVDCVE-2023-53473 at SUSECVE-2023-53473 at NVDCVE-2023-53474 at SUSECVE-2023-53474 at NVDCVE-2023-53475 at SUSECVE-2023-53475 at NVDCVE-2023-53476 at SUSECVE-2023-53476 at NVDCVE-2023-53485 at SUSECVE-2023-53485 at NVDCVE-2023-53487 at SUSECVE-2023-53487 at NVDCVE-2023-53488 at SUSECVE-2023-53488 at NVDCVE-2023-53492 at SUSECVE-2023-53492 at NVDCVE-2023-53494 at SUSECVE-2023-53494 at NVDCVE-2023-53496 at SUSECVE-2023-53496 at NVDCVE-2023-53498 at SUSECVE-2023-53498 at NVDCVE-2023-53499 at SUSECVE-2023-53499 at NVDCVE-2023-53505 at SUSECVE-2023-53505 at NVDCVE-2023-53506 at SUSECVE-2023-53506 at NVDCVE-2023-53509 at SUSECVE-2023-53509 at NVDCVE-2023-53512 at SUSECVE-2023-53512 at NVDCVE-2023-53513 at SUSECVE-2023-53513 at NVDCVE-2023-53515 at SUSECVE-2023-53515 at NVDCVE-2023-53518 at SUSECVE-2023-53518 at NVDCVE-2023-53519 at SUSECVE-2023-53519 at NVDCVE-2023-53521 at SUSECVE-2023-53521 at NVDCVE-2023-53524 at SUSECVE-2023-53524 at NVDCVE-2023-53525 at SUSECVE-2023-53525 at NVDCVE-2023-53526 at SUSECVE-2023-53526 at NVDCVE-2023-53530 at SUSECVE-2023-53530 at NVDCVE-2024-26583 at SUSECVE-2024-26583 at NVDCVE-2024-26584 at SUSECVE-2024-26584 at NVDCVE-2024-58240 at SUSECVE-2024-58240 at NVDCVE-2025-23155 at SUSECVE-2025-23155 at NVDCVE-2025-37738 at SUSECVE-2025-37738 at NVDCVE-2025-37885 at SUSECVE-2025-37885 at NVDCVE-2025-37958 at SUSECVE-2025-37958 at NVDCVE-2025-38014 at SUSECVE-2025-38014 at NVDCVE-2025-38084 at SUSECVE-2025-38084 at NVDCVE-2025-38085 at SUSECVE-2025-38085 at NVDCVE-2025-38111 at SUSECVE-2025-38111 at NVDCVE-2025-38184 at SUSECVE-2025-38184 at NVDCVE-2025-38380 at SUSECVE-2025-38380 at NVDCVE-2025-38470 at SUSECVE-2025-38470 at NVDCVE-2025-38476 at SUSECVE-2025-38476 at NVDCVE-2025-38488 at SUSECVE-2025-38488 at NVDCVE-2025-38553 at SUSECVE-2025-38553 at NVDCVE-2025-38572 at SUSECVE-2025-38572 at NVDCVE-2025-38659 at SUSECVE-2025-38659 at NVDCVE-2025-38664 at SUSECVE-2025-38664 at NVDCVE-2025-38678 at SUSECVE-2025-38678 at NVDCVE-2025-38685 at SUSECVE-2025-38685 at NVDCVE-2025-38706 at SUSECVE-2025-38706 at NVDCVE-2025-38713 at SUSECVE-2025-38713 at NVDCVE-2025-38734 at SUSECVE-2025-38734 at NVDCVE-2025-39691 at SUSECVE-2025-39691 at NVDCVE-2025-39703 at SUSECVE-2025-39703 at NVDCVE-2025-39726 at SUSECVE-2025-39726 at NVDCVE-2025-39746 at SUSECVE-2025-39746 at NVDCVE-2025-39751 at SUSECVE-2025-39751 at NVDCVE-2025-39790 at SUSECVE-2025-39790 at NVDCVE-2025-39797 at SUSECVE-2025-39797 at NVDCVE-2025-39823 at SUSECVE-2025-39823 at NVDCVE-2025-39824 at SUSECVE-2025-39824 at NVDCVE-2025-39860 at SUSECVE-2025-39860 at NVDCVE-2025-39869 at SUSECVE-2025-39869 at NVDcpe:/o:suse:sle-micro:5.4Security update for curl (Moderate)SUSE Linux Enterprise Micro 5.4
This update for curl fixes the following issues:
- CVE-2025-0725: Fixed gzip integer overflow (bsc#1236590)
- CVE-2025-0167: Fixed netrc and default credential leak (bsc#1236588)
ModerateSUSE bug 1236588SUSE bug 1236590CVE-2025-0167 at SUSECVE-2025-0167 at NVDCVE-2025-0725 at SUSECVE-2025-0725 at NVDcpe:/o:suse:sle-micro:5.4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.4
The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2022-49980: USB: gadget: fix use-after-free read in usb_udc_uevent() (bsc#1245110).
- CVE-2022-50233: Bluetooth: eir: Fix using strlen with hdev->{dev_name,short_name} (bsc#1246968).
- CVE-2022-50252: igb: Do not free q_vector unless new one was allocated (bsc#1249846).
- CVE-2022-50409: net: If sock is dead do not access sock's sk_wq in sk_stream_wait_memory (bsc#1250392).
- CVE-2023-53178: mm: fix zswap writeback race condition (bsc#1249827).
- CVE-2023-53321: wifi: mac80211_hwsim: drop short frames (bsc#1250313).
- CVE-2023-53438: x86/MCE: Always save CS register on AMD Zen IF Poison errors (bsc#1250180).
- CVE-2025-23155: net: stmmac: Fix accessing freed irq affinity_hint (bsc#1242573).
- CVE-2025-37738: ext4: ignore xattrs past end (bsc#1242846).
- CVE-2025-37885: KVM: x86: Reset IRTE to host control if *new* route isn't postable (bsc#1242960).
- CVE-2025-37958: mm/huge_memory: fix dereferencing invalid pmd migration entry (bsc#1243539).
- CVE-2025-38084: mm/hugetlb: unshare page tables during VMA split, not before (bsc#1245498).
- CVE-2025-38085: mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race (bsc#1245499).
- CVE-2025-38111: net/mdiobus: Fix potential out-of-bounds read/write access (bsc#1245666).
- CVE-2025-38184: tipc: fix null-ptr-deref when acquiring remote ip of ethernet bearer (bsc#1245956).
- CVE-2025-38380: i2c/designware: Fix an initialization issue (bsc#1247028).
- CVE-2025-38470: net: vlan: fix VLAN 0 refcount imbalance of toggling filtering during runtime (bsc#1247288).
- CVE-2025-38476: rpl: Fix use-after-free in rpl_do_srh_inline() (bsc#1247317).
- CVE-2025-38488: smb: client: fix use-after-free in crypt_message when using async crypto (bsc#1247239).
- CVE-2025-38553: net/sched: Restrict conditions for adding duplicating netems to qdisc tree (bsc#1248255).
- CVE-2025-38572: ipv6: reject malicious packets in ipv6_gso_segment() (bsc#1248399).
- CVE-2025-38659: gfs2: No more self recovery (bsc#1248639).
- CVE-2025-38664: ice: Fix a null pointer dereference in ice_copy_and_init_pkg() (bsc#1248628).
- CVE-2025-38678: netfilter: nf_tables: reject duplicate device on updates (bsc#1249126).
- CVE-2025-38685: fbdev: Fix vmalloc out-of-bounds write in fast_imageblit (bsc#1249220).
- CVE-2025-38706: ASoC: core: Check for rtd == NULL in snd_soc_remove_pcm_runtime() (bsc#1249195).
- CVE-2025-38713: hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc() (bsc#1249200).
- CVE-2025-38734: net/smc: fix UAF on smcsk after smc_listen_out() (bsc#1249324).
- CVE-2025-39691: fs/buffer: fix use-after-free when call bh_read() helper (bsc#1249374).
- CVE-2025-39703: net, hsr: reject HSR frame if skb can't hold tag (bsc#1249315).
- CVE-2025-39726: s390/ism: fix concurrency management in ism_cmd() (bsc#1249266).
- CVE-2025-39746: wifi: ath10k: shutdown driver when hardware is unreliable (bsc#1249516).
- CVE-2025-39751: ALSA: hda/ca0132: Fix buffer overflow in add_tuning_control (bsc#1249538).
- CVE-2025-39790: bus: mhi: host: Detect events pointing to unexpected TREs (bsc#1249548).
- CVE-2025-39797: xfrm: xfrm_alloc_spi shouldn't use 0 as SPI (bsc#1249608).
- CVE-2025-39823: KVM: x86: use array_index_nospec with indices that come from guest (bsc#1250002).
- CVE-2025-39824: HID: asus: fix UAF via HID_CLAIMED_INPUT validation (bsc#1250007).
- CVE-2025-39860: Bluetooth: Fix use-after-free in l2cap_sock_cleanup_listen() (bsc#1250247).
- CVE-2025-39869: dmaengine: ti: edma: Fix memory allocation size for queue_priority_map (bsc#1250406).
The following non-security bugs were fixed:
- Kconfig.suse: Add KABI checkiness macro (config) (bsc#1249186).
- Limit patch filenames to 100 characters (bsc#1249604).
- Move pesign-obs-integration requirement from kernel-syms to kernel devel subpackage (bsc#1248108).
- Revert backported patches for bsc#1238160.
- btrfs: avoid NULL pointer dereference if no valid extent tree (bsc#1249158).
- build_bug.h: Add KABI assert (bsc#1249186).
- kernel-binary: Another installation ordering fix (bsc#1241353).
- kernel-source: Do not list mkspec and its inputs as sources (bsc#1250522).
- kernel-subpackage-build: Decompress ghost file when compressed version exists (bsc#1249346)
- kernel-syms.spec: Drop old rpm release number hack (bsc#1247172).
- net/sched: ets: use old 'nbands' while purging unused classes (git-fixes).
- netfilter: nft_objref: validate objref and objrefmap expressions (bsc#1250237).
- rpm/kernel-subpackage-spec: Skip brp-strip-debug to avoid file truncation (bsc#1246879).
- rpm/mkspec: Fix missing kernel-syms-rt creation (bsc#1244337)
- rpm: Configure KABI checkingness macro (bsc#1249186).
- rpm: Drop support for kabi/arch/ignore-flavor (bsc#1249186).
- rpm: Link arch-symbols script from scripts directory.
- rpm: Link guards script from scripts directory.
- use uniform permission checks for all mount propagation changes (git-fixes).
ImportantSUSE bug 1065729SUSE bug 1164051SUSE bug 1193629SUSE bug 1194869SUSE bug 1202700SUSE bug 1203063SUSE bug 1203332SUSE bug 1204228SUSE bug 1205128SUSE bug 1206456SUSE bug 1206468SUSE bug 1206883SUSE bug 1206884SUSE bug 1207158SUSE bug 1207621SUSE bug 1207624SUSE bug 1207625SUSE bug 1207628SUSE bug 1207629SUSE bug 1207631SUSE bug 1207645SUSE bug 1207651SUSE bug 1208607SUSE bug 1209287SUSE bug 1209291SUSE bug 1210584SUSE bug 1211960SUSE bug 1212603SUSE bug 1213015SUSE bug 1213016SUSE bug 1213040SUSE bug 1213041SUSE bug 1213061SUSE bug 1213099SUSE bug 1213104SUSE bug 1213666SUSE bug 1213747SUSE bug 1214953SUSE bug 1214967SUSE bug 1215150SUSE bug 1215696SUSE bug 1215911SUSE bug 1216976SUSE bug 1217790SUSE bug 1220185SUSE bug 1220186SUSE bug 1236104SUSE bug 1238160SUSE bug 1241353SUSE bug 1242573SUSE bug 1242846SUSE bug 1242960SUSE bug 1243539SUSE bug 1244337SUSE bug 1245110SUSE bug 1245498SUSE bug 1245499SUSE bug 1245666SUSE bug 1245956SUSE bug 1246879SUSE bug 1246968SUSE bug 1247028SUSE bug 1247172SUSE bug 1247239SUSE bug 1247288SUSE bug 1247317SUSE bug 1248108SUSE bug 1248255SUSE bug 1248399SUSE bug 1248628SUSE bug 1248639SUSE bug 1248847SUSE bug 1249126SUSE bug 1249158SUSE bug 1249186SUSE bug 1249195SUSE bug 1249200SUSE bug 1249220SUSE bug 1249266SUSE bug 1249315SUSE bug 1249324SUSE bug 1249346SUSE bug 1249374SUSE bug 1249516SUSE bug 1249538SUSE bug 1249548SUSE bug 1249604SUSE bug 1249608SUSE bug 1249638SUSE bug 1249639SUSE bug 1249641SUSE bug 1249642SUSE bug 1249650SUSE bug 1249651SUSE bug 1249658SUSE bug 1249661SUSE bug 1249664SUSE bug 1249667SUSE bug 1249669SUSE bug 1249677SUSE bug 1249681SUSE bug 1249683SUSE bug 1249685SUSE bug 1249687SUSE bug 1249695SUSE bug 1249699SUSE bug 1249700SUSE bug 1249701SUSE bug 1249705SUSE bug 1249706SUSE bug 1249707SUSE bug 1249709SUSE bug 1249712SUSE bug 1249713SUSE bug 1249715SUSE bug 1249716SUSE bug 1249718SUSE bug 1249722SUSE bug 1249727SUSE bug 1249730SUSE bug 1249733SUSE bug 1249734SUSE bug 1249739SUSE bug 1249740SUSE bug 1249741SUSE bug 1249742SUSE bug 1249743SUSE bug 1249745SUSE bug 1249746SUSE bug 1249747SUSE bug 1249749SUSE bug 1249750SUSE bug 1249751SUSE bug 1249753SUSE bug 1249758SUSE bug 1249762SUSE bug 1249767SUSE bug 1249777SUSE bug 1249781SUSE bug 1249784SUSE bug 1249791SUSE bug 1249799SUSE bug 1249808SUSE bug 1249810SUSE bug 1249820SUSE bug 1249825SUSE bug 1249827SUSE bug 1249836SUSE bug 1249840SUSE bug 1249844SUSE bug 1249846SUSE bug 1249853SUSE bug 1249858SUSE bug 1249860SUSE bug 1249864SUSE bug 1249865SUSE bug 1249866SUSE bug 1249867SUSE bug 1249868SUSE bug 1249872SUSE bug 1249877SUSE bug 1249880SUSE bug 1249882SUSE bug 1249885SUSE bug 1249890SUSE bug 1249892SUSE bug 1249908SUSE bug 1249910SUSE bug 1249911SUSE bug 1249914SUSE bug 1249917SUSE bug 1249918SUSE bug 1249920SUSE bug 1249923SUSE bug 1249924SUSE bug 1249925SUSE bug 1249927SUSE bug 1249928SUSE bug 1249930SUSE bug 1249933SUSE bug 1249934SUSE bug 1249936SUSE bug 1249938SUSE bug 1249939SUSE bug 1249944SUSE bug 1249947SUSE bug 1249949SUSE bug 1249950SUSE bug 1249954SUSE bug 1249958SUSE bug 1249979SUSE bug 1249981SUSE bug 1249991SUSE bug 1249997SUSE bug 1250002SUSE bug 1250006SUSE bug 1250007SUSE bug 1250009SUSE bug 1250010SUSE bug 1250011SUSE bug 1250014SUSE bug 1250015SUSE bug 1250023SUSE bug 1250024SUSE bug 1250026SUSE bug 1250039SUSE bug 1250041SUSE bug 1250043SUSE bug 1250044SUSE bug 1250047SUSE bug 1250049SUSE bug 1250052SUSE bug 1250055SUSE bug 1250058SUSE bug 1250060SUSE bug 1250062SUSE bug 1250065SUSE bug 1250066SUSE bug 1250070SUSE bug 1250071SUSE bug 1250072SUSE bug 1250077SUSE bug 1250080SUSE bug 1250081SUSE bug 1250083SUSE bug 1250105SUSE bug 1250106SUSE bug 1250107SUSE bug 1250108SUSE bug 1250114SUSE bug 1250118SUSE bug 1250121SUSE bug 1250127SUSE bug 1250128SUSE bug 1250131SUSE bug 1250132SUSE bug 1250137SUSE bug 1250138SUSE bug 1250140SUSE bug 1250145SUSE bug 1250151SUSE bug 1250153SUSE bug 1250156SUSE bug 1250159SUSE bug 1250161SUSE bug 1250168SUSE bug 1250178SUSE bug 1250180SUSE bug 1250181SUSE bug 1250182SUSE bug 1250183SUSE bug 1250184SUSE bug 1250187SUSE bug 1250191SUSE bug 1250197SUSE bug 1250198SUSE bug 1250200SUSE bug 1250209SUSE bug 1250211SUSE bug 1250237SUSE bug 1250245SUSE bug 1250247SUSE bug 1250250SUSE bug 1250257SUSE bug 1250264SUSE bug 1250269SUSE bug 1250277SUSE bug 1250287SUSE bug 1250293SUSE bug 1250301SUSE bug 1250303SUSE bug 1250309SUSE bug 1250311SUSE bug 1250313SUSE bug 1250315SUSE bug 1250316SUSE bug 1250322SUSE bug 1250323SUSE bug 1250324SUSE bug 1250325SUSE bug 1250328SUSE bug 1250331SUSE bug 1250358SUSE bug 1250362SUSE bug 1250363SUSE bug 1250370SUSE bug 1250374SUSE bug 1250391SUSE bug 1250392SUSE bug 1250393SUSE bug 1250394SUSE bug 1250395SUSE bug 1250406SUSE bug 1250412SUSE bug 1250418SUSE bug 1250425SUSE bug 1250428SUSE bug 1250453SUSE bug 1250454SUSE bug 1250457SUSE bug 1250459SUSE bug 1250522SUSE bug 1250759SUSE bug 1250761SUSE bug 1250762SUSE bug 1250763SUSE bug 1250767SUSE bug 1250768SUSE bug 1250774SUSE bug 1250781SUSE bug 1250784SUSE bug 1250786SUSE bug 1250787SUSE bug 1250790SUSE bug 1250791SUSE bug 1250792SUSE bug 1250797SUSE bug 1250799SUSE bug 1250807SUSE bug 1250810SUSE bug 1250811SUSE bug 1250818SUSE bug 1250819SUSE bug 1250822SUSE bug 1250823SUSE bug 1250824SUSE bug 1250825SUSE bug 1250830SUSE bug 1250831SUSE bug 1250839SUSE bug 1250841SUSE bug 1250842SUSE bug 1250843SUSE bug 1250846SUSE bug 1250847SUSE bug 1250848SUSE bug 1250850SUSE bug 1250851SUSE bug 1250853SUSE bug 1250856SUSE bug 1250863SUSE bug 1250864SUSE bug 1250866SUSE bug 1250867SUSE bug 1250868SUSE bug 1250872SUSE bug 1250874SUSE bug 1250875SUSE bug 1250877SUSE bug 1250879SUSE bug 1250883SUSE bug 1250887SUSE bug 1250888SUSE bug 1250889SUSE bug 1250890SUSE bug 1250891SUSE bug 1250905SUSE bug 1250915SUSE bug 1250917SUSE bug 1250923SUSE bug 1250927SUSE bug 1250928SUSE bug 1250948SUSE bug 1250949SUSE bug 1250953SUSE bug 1250955SUSE bug 1250963SUSE bug 1250964SUSE bug 1250965CVE-2022-2602 at SUSECVE-2022-2602 at NVDCVE-2022-2978 at SUSECVE-2022-2978 at NVDCVE-2022-36280 at SUSECVE-2022-36280 at NVDCVE-2022-43945 at SUSECVE-2022-43945 at NVDCVE-2022-49980 at SUSECVE-2022-49980 at NVDCVE-2022-50233 at SUSECVE-2022-50233 at NVDCVE-2022-50234 at SUSECVE-2022-50234 at NVDCVE-2022-50235 at SUSECVE-2022-50235 at NVDCVE-2022-50239 at SUSECVE-2022-50239 at NVDCVE-2022-50241 at SUSECVE-2022-50241 at NVDCVE-2022-50246 at SUSECVE-2022-50246 at NVDCVE-2022-50247 at SUSECVE-2022-50247 at NVDCVE-2022-50248 at SUSECVE-2022-50248 at NVDCVE-2022-50249 at SUSECVE-2022-50249 at NVDCVE-2022-50250 at SUSECVE-2022-50250 at NVDCVE-2022-50251 at SUSECVE-2022-50251 at NVDCVE-2022-50252 at SUSECVE-2022-50252 at NVDCVE-2022-50255 at SUSECVE-2022-50255 at NVDCVE-2022-50257 at SUSECVE-2022-50257 at NVDCVE-2022-50258 at SUSECVE-2022-50258 at NVDCVE-2022-50260 at SUSECVE-2022-50260 at NVDCVE-2022-50261 at SUSECVE-2022-50261 at NVDCVE-2022-50264 at SUSECVE-2022-50264 at NVDCVE-2022-50266 at SUSECVE-2022-50266 at NVDCVE-2022-50267 at SUSECVE-2022-50267 at NVDCVE-2022-50268 at SUSECVE-2022-50268 at NVDCVE-2022-50269 at SUSECVE-2022-50269 at NVDCVE-2022-50271 at SUSECVE-2022-50271 at NVDCVE-2022-50272 at SUSECVE-2022-50272 at NVDCVE-2022-50275 at SUSECVE-2022-50275 at NVDCVE-2022-50276 at SUSECVE-2022-50276 at NVDCVE-2022-50277 at SUSECVE-2022-50277 at NVDCVE-2022-50278 at SUSECVE-2022-50278 at NVDCVE-2022-50279 at SUSECVE-2022-50279 at NVDCVE-2022-50282 at SUSECVE-2022-50282 at NVDCVE-2022-50286 at SUSECVE-2022-50286 at NVDCVE-2022-50289 at SUSECVE-2022-50289 at NVDCVE-2022-50294 at SUSECVE-2022-50294 at NVDCVE-2022-50297 at SUSECVE-2022-50297 at NVDCVE-2022-50298 at SUSECVE-2022-50298 at NVDCVE-2022-50299 at SUSECVE-2022-50299 at NVDCVE-2022-50301 at SUSECVE-2022-50301 at NVDCVE-2022-50308 at SUSECVE-2022-50308 at NVDCVE-2022-50309 at SUSECVE-2022-50309 at NVDCVE-2022-50312 at SUSECVE-2022-50312 at NVDCVE-2022-50317 at SUSECVE-2022-50317 at NVDCVE-2022-50318 at SUSECVE-2022-50318 at NVDCVE-2022-50320 at SUSECVE-2022-50320 at NVDCVE-2022-50321 at SUSECVE-2022-50321 at NVDCVE-2022-50324 at SUSECVE-2022-50324 at NVDCVE-2022-50328 at SUSECVE-2022-50328 at NVDCVE-2022-50329 at SUSECVE-2022-50329 at NVDCVE-2022-50330 at SUSECVE-2022-50330 at NVDCVE-2022-50331 at SUSECVE-2022-50331 at NVDCVE-2022-50333 at SUSECVE-2022-50333 at NVDCVE-2022-50340 at SUSECVE-2022-50340 at NVDCVE-2022-50342 at SUSECVE-2022-50342 at NVDCVE-2022-50344 at SUSECVE-2022-50344 at NVDCVE-2022-50346 at SUSECVE-2022-50346 at NVDCVE-2022-50347 at SUSECVE-2022-50347 at NVDCVE-2022-50348 at SUSECVE-2022-50348 at NVDCVE-2022-50349 at SUSECVE-2022-50349 at NVDCVE-2022-50351 at SUSECVE-2022-50351 at NVDCVE-2022-50353 at SUSECVE-2022-50353 at NVDCVE-2022-50355 at SUSECVE-2022-50355 at NVDCVE-2022-50358 at SUSECVE-2022-50358 at NVDCVE-2022-50359 at SUSECVE-2022-50359 at NVDCVE-2022-50362 at SUSECVE-2022-50362 at NVDCVE-2022-50364 at SUSECVE-2022-50364 at NVDCVE-2022-50367 at SUSECVE-2022-50367 at NVDCVE-2022-50368 at SUSECVE-2022-50368 at NVDCVE-2022-50369 at SUSECVE-2022-50369 at NVDCVE-2022-50370 at SUSECVE-2022-50370 at NVDCVE-2022-50372 at SUSECVE-2022-50372 at NVDCVE-2022-50373 at SUSECVE-2022-50373 at NVDCVE-2022-50374 at SUSECVE-2022-50374 at NVDCVE-2022-50375 at SUSECVE-2022-50375 at NVDCVE-2022-50376 at SUSECVE-2022-50376 at NVDCVE-2022-50379 at SUSECVE-2022-50379 at NVDCVE-2022-50381 at SUSECVE-2022-50381 at NVDCVE-2022-50385 at SUSECVE-2022-50385 at NVDCVE-2022-50386 at SUSECVE-2022-50386 at NVDCVE-2022-50388 at SUSECVE-2022-50388 at NVDCVE-2022-50389 at SUSECVE-2022-50389 at NVDCVE-2022-50391 at SUSECVE-2022-50391 at NVDCVE-2022-50392 at SUSECVE-2022-50392 at NVDCVE-2022-50394 at SUSECVE-2022-50394 at NVDCVE-2022-50395 at SUSECVE-2022-50395 at NVDCVE-2022-50399 at SUSECVE-2022-50399 at NVDCVE-2022-50401 at SUSECVE-2022-50401 at NVDCVE-2022-50402 at SUSECVE-2022-50402 at NVDCVE-2022-50404 at SUSECVE-2022-50404 at NVDCVE-2022-50408 at SUSECVE-2022-50408 at NVDCVE-2022-50409 at SUSECVE-2022-50409 at NVDCVE-2022-50410 at SUSECVE-2022-50410 at NVDCVE-2022-50411 at SUSECVE-2022-50411 at NVDCVE-2022-50414 at SUSECVE-2022-50414 at NVDCVE-2022-50417 at SUSECVE-2022-50417 at NVDCVE-2022-50419 at SUSECVE-2022-50419 at NVDCVE-2022-50422 at SUSECVE-2022-50422 at NVDCVE-2022-50423 at SUSECVE-2022-50423 at NVDCVE-2022-50425 at SUSECVE-2022-50425 at NVDCVE-2022-50427 at SUSECVE-2022-50427 at NVDCVE-2022-50428 at SUSECVE-2022-50428 at NVDCVE-2022-50429 at SUSECVE-2022-50429 at NVDCVE-2022-50430 at SUSECVE-2022-50430 at NVDCVE-2022-50431 at SUSECVE-2022-50431 at NVDCVE-2022-50432 at SUSECVE-2022-50432 at NVDCVE-2022-50434 at SUSECVE-2022-50434 at NVDCVE-2022-50435 at SUSECVE-2022-50435 at NVDCVE-2022-50436 at SUSECVE-2022-50436 at NVDCVE-2022-50437 at SUSECVE-2022-50437 at NVDCVE-2022-50439 at SUSECVE-2022-50439 at NVDCVE-2022-50440 at SUSECVE-2022-50440 at NVDCVE-2022-50443 at SUSECVE-2022-50443 at NVDCVE-2022-50444 at SUSECVE-2022-50444 at NVDCVE-2022-50449 at SUSECVE-2022-50449 at NVDCVE-2022-50453 at SUSECVE-2022-50453 at NVDCVE-2022-50454 at SUSECVE-2022-50454 at NVDCVE-2022-50456 at SUSECVE-2022-50456 at NVDCVE-2022-50458 at SUSECVE-2022-50458 at NVDCVE-2022-50459 at SUSECVE-2022-50459 at NVDCVE-2022-50460 at SUSECVE-2022-50460 at NVDCVE-2022-50465 at SUSECVE-2022-50465 at NVDCVE-2022-50466 at SUSECVE-2022-50466 at NVDCVE-2022-50467 at SUSECVE-2022-50467 at NVDCVE-2022-50468 at SUSECVE-2022-50468 at NVDCVE-2022-50469 at SUSECVE-2022-50469 at NVDCVE-2023-1380 at SUSECVE-2023-1380 at NVDCVE-2023-28328 at SUSECVE-2023-28328 at NVDCVE-2023-31248 at SUSECVE-2023-31248 at NVDCVE-2023-3772 at SUSECVE-2023-3772 at NVDCVE-2023-39197 at SUSECVE-2023-39197 at NVDCVE-2023-42753 at SUSECVE-2023-42753 at NVDCVE-2023-52923 at SUSECVE-2023-52923 at NVDCVE-2023-53147 at SUSECVE-2023-53147 at NVDCVE-2023-53149 at SUSECVE-2023-53149 at NVDCVE-2023-53150 at SUSECVE-2023-53150 at NVDCVE-2023-53151 at SUSECVE-2023-53151 at NVDCVE-2023-53153 at SUSECVE-2023-53153 at NVDCVE-2023-53165 at SUSECVE-2023-53165 at NVDCVE-2023-53167 at SUSECVE-2023-53167 at NVDCVE-2023-53171 at SUSECVE-2023-53171 at NVDCVE-2023-53174 at SUSECVE-2023-53174 at NVDCVE-2023-53176 at SUSECVE-2023-53176 at NVDCVE-2023-53178 at SUSECVE-2023-53178 at NVDCVE-2023-53179 at SUSECVE-2023-53179 at NVDCVE-2023-53182 at SUSECVE-2023-53182 at NVDCVE-2023-53185 at SUSECVE-2023-53185 at NVDCVE-2023-53196 at SUSECVE-2023-53196 at NVDCVE-2023-53197 at SUSECVE-2023-53197 at NVDCVE-2023-53199 at SUSECVE-2023-53199 at NVDCVE-2023-53201 at SUSECVE-2023-53201 at NVDCVE-2023-53205 at SUSECVE-2023-53205 at NVDCVE-2023-53213 at SUSECVE-2023-53213 at NVDCVE-2023-53216 at SUSECVE-2023-53216 at NVDCVE-2023-53219 at SUSECVE-2023-53219 at NVDCVE-2023-53222 at SUSECVE-2023-53222 at NVDCVE-2023-53223 at SUSECVE-2023-53223 at NVDCVE-2023-53226 at SUSECVE-2023-53226 at NVDCVE-2023-53229 at SUSECVE-2023-53229 at NVDCVE-2023-53230 at SUSECVE-2023-53230 at NVDCVE-2023-53234 at SUSECVE-2023-53234 at NVDCVE-2023-53238 at SUSECVE-2023-53238 at NVDCVE-2023-53239 at SUSECVE-2023-53239 at NVDCVE-2023-53241 at SUSECVE-2023-53241 at NVDCVE-2023-53242 at SUSECVE-2023-53242 at NVDCVE-2023-53244 at SUSECVE-2023-53244 at NVDCVE-2023-53245 at SUSECVE-2023-53245 at NVDCVE-2023-53246 at SUSECVE-2023-53246 at NVDCVE-2023-53249 at SUSECVE-2023-53249 at NVDCVE-2023-53250 at SUSECVE-2023-53250 at NVDCVE-2023-53251 at SUSECVE-2023-53251 at NVDCVE-2023-53255 at SUSECVE-2023-53255 at NVDCVE-2023-53259 at SUSECVE-2023-53259 at NVDCVE-2023-53265 at SUSECVE-2023-53265 at NVDCVE-2023-53268 at SUSECVE-2023-53268 at NVDCVE-2023-53270 at SUSECVE-2023-53270 at NVDCVE-2023-53272 at SUSECVE-2023-53272 at NVDCVE-2023-53273 at SUSECVE-2023-53273 at NVDCVE-2023-53275 at SUSECVE-2023-53275 at NVDCVE-2023-53276 at SUSECVE-2023-53276 at NVDCVE-2023-53277 at SUSECVE-2023-53277 at NVDCVE-2023-53280 at SUSECVE-2023-53280 at NVDCVE-2023-53281 at SUSECVE-2023-53281 at NVDCVE-2023-53282 at SUSECVE-2023-53282 at NVDCVE-2023-53286 at SUSECVE-2023-53286 at NVDCVE-2023-53288 at SUSECVE-2023-53288 at NVDCVE-2023-53295 at SUSECVE-2023-53295 at NVDCVE-2023-53297 at SUSECVE-2023-53297 at NVDCVE-2023-53298 at SUSECVE-2023-53298 at NVDCVE-2023-53299 at SUSECVE-2023-53299 at NVDCVE-2023-53302 at SUSECVE-2023-53302 at NVDCVE-2023-53304 at SUSECVE-2023-53304 at NVDCVE-2023-53305 at SUSECVE-2023-53305 at NVDCVE-2023-53307 at SUSECVE-2023-53307 at NVDCVE-2023-53309 at SUSECVE-2023-53309 at NVDCVE-2023-53311 at SUSECVE-2023-53311 at NVDCVE-2023-53313 at SUSECVE-2023-53313 at NVDCVE-2023-53314 at SUSECVE-2023-53314 at NVDCVE-2023-53315 at SUSECVE-2023-53315 at NVDCVE-2023-53316 at SUSECVE-2023-53316 at NVDCVE-2023-53317 at SUSECVE-2023-53317 at NVDCVE-2023-53321 at SUSECVE-2023-53321 at NVDCVE-2023-53322 at SUSECVE-2023-53322 at NVDCVE-2023-53324 at SUSECVE-2023-53324 at NVDCVE-2023-53326 at SUSECVE-2023-53326 at NVDCVE-2023-53330 at SUSECVE-2023-53330 at NVDCVE-2023-53331 at SUSECVE-2023-53331 at NVDCVE-2023-53333 at SUSECVE-2023-53333 at NVDCVE-2023-53334 at SUSECVE-2023-53334 at NVDCVE-2023-53335 at SUSECVE-2023-53335 at NVDCVE-2023-53337 at SUSECVE-2023-53337 at NVDCVE-2023-53344 at SUSECVE-2023-53344 at NVDCVE-2023-53349 at SUSECVE-2023-53349 at NVDCVE-2023-53352 at SUSECVE-2023-53352 at NVDCVE-2023-53356 at SUSECVE-2023-53356 at NVDCVE-2023-53359 at SUSECVE-2023-53359 at NVDCVE-2023-53368 at SUSECVE-2023-53368 at NVDCVE-2023-53373 at SUSECVE-2023-53373 at NVDCVE-2023-53375 at SUSECVE-2023-53375 at NVDCVE-2023-53377 at SUSECVE-2023-53377 at NVDCVE-2023-53379 at SUSECVE-2023-53379 at NVDCVE-2023-53380 at SUSECVE-2023-53380 at NVDCVE-2023-53381 at SUSECVE-2023-53381 at NVDCVE-2023-53384 at SUSECVE-2023-53384 at NVDCVE-2023-53386 at SUSECVE-2023-53386 at NVDCVE-2023-53388 at SUSECVE-2023-53388 at NVDCVE-2023-53390 at SUSECVE-2023-53390 at NVDCVE-2023-53393 at SUSECVE-2023-53393 at NVDCVE-2023-53395 at SUSECVE-2023-53395 at NVDCVE-2023-53396 at SUSECVE-2023-53396 at NVDCVE-2023-53400 at SUSECVE-2023-53400 at NVDCVE-2023-53404 at SUSECVE-2023-53404 at NVDCVE-2023-53405 at SUSECVE-2023-53405 at NVDCVE-2023-53406 at SUSECVE-2023-53406 at NVDCVE-2023-53409 at SUSECVE-2023-53409 at NVDCVE-2023-53413 at SUSECVE-2023-53413 at NVDCVE-2023-53414 at SUSECVE-2023-53414 at NVDCVE-2023-53415 at SUSECVE-2023-53415 at NVDCVE-2023-53416 at SUSECVE-2023-53416 at NVDCVE-2023-53422 at SUSECVE-2023-53422 at NVDCVE-2023-53427 at SUSECVE-2023-53427 at NVDCVE-2023-53431 at SUSECVE-2023-53431 at NVDCVE-2023-53435 at SUSECVE-2023-53435 at NVDCVE-2023-53436 at SUSECVE-2023-53436 at NVDCVE-2023-53437 at SUSECVE-2023-53437 at NVDCVE-2023-53438 at SUSECVE-2023-53438 at NVDCVE-2023-53440 at SUSECVE-2023-53440 at NVDCVE-2023-53443 at SUSECVE-2023-53443 at NVDCVE-2023-53446 at SUSECVE-2023-53446 at NVDCVE-2023-53449 at SUSECVE-2023-53449 at NVDCVE-2023-53451 at SUSECVE-2023-53451 at NVDCVE-2023-53452 at SUSECVE-2023-53452 at NVDCVE-2023-53453 at SUSECVE-2023-53453 at NVDCVE-2023-53454 at SUSECVE-2023-53454 at NVDCVE-2023-53457 at SUSECVE-2023-53457 at NVDCVE-2023-53458 at SUSECVE-2023-53458 at NVDCVE-2023-53463 at SUSECVE-2023-53463 at NVDCVE-2023-53464 at SUSECVE-2023-53464 at NVDCVE-2023-53465 at SUSECVE-2023-53465 at NVDCVE-2023-53468 at SUSECVE-2023-53468 at NVDCVE-2023-53471 at SUSECVE-2023-53471 at NVDCVE-2023-53472 at SUSECVE-2023-53472 at NVDCVE-2023-53473 at SUSECVE-2023-53473 at NVDCVE-2023-53474 at SUSECVE-2023-53474 at NVDCVE-2023-53475 at SUSECVE-2023-53475 at NVDCVE-2023-53476 at SUSECVE-2023-53476 at NVDCVE-2023-53485 at SUSECVE-2023-53485 at NVDCVE-2023-53487 at SUSECVE-2023-53487 at NVDCVE-2023-53488 at SUSECVE-2023-53488 at NVDCVE-2023-53492 at SUSECVE-2023-53492 at NVDCVE-2023-53494 at SUSECVE-2023-53494 at NVDCVE-2023-53496 at SUSECVE-2023-53496 at NVDCVE-2023-53498 at SUSECVE-2023-53498 at NVDCVE-2023-53499 at SUSECVE-2023-53499 at NVDCVE-2023-53505 at SUSECVE-2023-53505 at NVDCVE-2023-53506 at SUSECVE-2023-53506 at NVDCVE-2023-53509 at SUSECVE-2023-53509 at NVDCVE-2023-53512 at SUSECVE-2023-53512 at NVDCVE-2023-53513 at SUSECVE-2023-53513 at NVDCVE-2023-53515 at SUSECVE-2023-53515 at NVDCVE-2023-53518 at SUSECVE-2023-53518 at NVDCVE-2023-53519 at SUSECVE-2023-53519 at NVDCVE-2023-53521 at SUSECVE-2023-53521 at NVDCVE-2023-53524 at SUSECVE-2023-53524 at NVDCVE-2023-53525 at SUSECVE-2023-53525 at NVDCVE-2023-53526 at SUSECVE-2023-53526 at NVDCVE-2023-53530 at SUSECVE-2023-53530 at NVDCVE-2024-26583 at SUSECVE-2024-26583 at NVDCVE-2024-26584 at SUSECVE-2024-26584 at NVDCVE-2024-58240 at SUSECVE-2024-58240 at NVDCVE-2025-23155 at SUSECVE-2025-23155 at NVDCVE-2025-37738 at SUSECVE-2025-37738 at NVDCVE-2025-37885 at SUSECVE-2025-37885 at NVDCVE-2025-37958 at SUSECVE-2025-37958 at NVDCVE-2025-38084 at SUSECVE-2025-38084 at NVDCVE-2025-38085 at SUSECVE-2025-38085 at NVDCVE-2025-38111 at SUSECVE-2025-38111 at NVDCVE-2025-38184 at SUSECVE-2025-38184 at NVDCVE-2025-38380 at SUSECVE-2025-38380 at NVDCVE-2025-38470 at SUSECVE-2025-38470 at NVDCVE-2025-38476 at SUSECVE-2025-38476 at NVDCVE-2025-38488 at SUSECVE-2025-38488 at NVDCVE-2025-38553 at SUSECVE-2025-38553 at NVDCVE-2025-38572 at SUSECVE-2025-38572 at NVDCVE-2025-38659 at SUSECVE-2025-38659 at NVDCVE-2025-38664 at SUSECVE-2025-38664 at NVDCVE-2025-38678 at SUSECVE-2025-38678 at NVDCVE-2025-38685 at SUSECVE-2025-38685 at NVDCVE-2025-38706 at SUSECVE-2025-38706 at NVDCVE-2025-38713 at SUSECVE-2025-38713 at NVDCVE-2025-38734 at SUSECVE-2025-38734 at NVDCVE-2025-39691 at SUSECVE-2025-39691 at NVDCVE-2025-39703 at SUSECVE-2025-39703 at NVDCVE-2025-39726 at SUSECVE-2025-39726 at NVDCVE-2025-39746 at SUSECVE-2025-39746 at NVDCVE-2025-39751 at SUSECVE-2025-39751 at NVDCVE-2025-39790 at SUSECVE-2025-39790 at NVDCVE-2025-39797 at SUSECVE-2025-39797 at NVDCVE-2025-39823 at SUSECVE-2025-39823 at NVDCVE-2025-39824 at SUSECVE-2025-39824 at NVDCVE-2025-39860 at SUSECVE-2025-39860 at NVDCVE-2025-39869 at SUSECVE-2025-39869 at NVDcpe:/o:suse:sle-micro:5.4Security update for protobuf (Moderate)SUSE Linux Enterprise Micro 5.4
This update for protobuf fixes the following issues:
- CVE-2025-4565: parsing of untrusted Protocol Buffers data containing an arbitrary number of recursive groups or
messages can lead to crash due to a `RecursionError` (bsc#1244663).
ModerateSUSE bug 1244663CVE-2025-4565 at SUSECVE-2025-4565 at NVDcpe:/o:suse:sle-micro:5.4Security update for krb5 (Moderate)SUSE Linux Enterprise Micro 5.4
This update for krb5 fixes the following issues:
- CVE-2025-3576: weakness in the MD5 checksum design allows for spoofing of GSSAPI-protected messages that are using
RC4-HMAC-MD5 (bsc#1241219).
Krb5 as very old protocol supported quite a number of ciphers
that are not longer up to current cryptographic standards.
To avoid problems with those, SUSE has by default now disabled
those alorithms.
The following algorithms have been removed from valid krb5 enctypes:
- des3-cbc-sha1
- arcfour-hmac-md5
To reenable those algorithms, you can use allow options in krb5.conf:
[libdefaults]
allow_des3 = true
allow_rc4 = true
to reenable them.
ModerateSUSE bug 1241219CVE-2025-3576 at SUSECVE-2025-3576 at NVDcpe:/o:suse:sle-micro:5.4Security update for afterburn (Important)SUSE Linux Enterprise Micro 5.4
This update for afterburn fixes the following issues:
Update to version 5.9.0.git21.a73f509.
Security issues fixed:
- CVE-2022-24713: regex: no proper complexity limitation when parsing untrusted regular expressions with large
repetitions on empty sub-expressions can lead to excessive resource consumption and denial of service (bsc#1196972).
- CVE-2024-12224: idna: acceptance of Punycode labels that do not produce any non-ASCII output may lead to incorrect
hostname comparisons and incorrect URL parsing (bsc#1243850).
- CVE-2025-5791: users: `root` user being appended to group listings whenever listing does not have exactly 1024 groups
can lead to privilege escalation when information is used for access control (bsc#1244199).
- CVE-2025-3416: openssl: passing of `Some(...)` value as `properties` argument to `Md::fetch` or `Cipher::fetch` can
lead to use-after-free (bsc#1242665).
Other issues fixed:
- Fixed in version 5.9.0.git21.a73f509:
* cargo: update dependencies
* microsoft/azure: Add XML attribute alias for serde-xml-rs Fedora compat
* microsoft/azure: Fix SharedConfig parsing of XML attributes
* microsoft/azure: Mock goalstate.SharedConfig output in tests
* providers/azure: switch SSH key retrieval from certs endpoint to IMDS as azure stopped providing keys in the old one (bsc#1250471).
* upcloud: implement UpCloud provider
* Update several build dependencies
- Fixed in version 5.9.0:
* cargo: update dependencies
* dracut: Return 255 in module-setup
* oraclecloud: add release note and move base URL to constant
* oraclecloud: implement oraclecloud provider
* Update several build dependencies
- Fixed in version 5.8.2:
* cargo: update dependencies
* packit: add initial support
- Fixed in version 5.7.0.git103.bae893c:
* proxmoxve: Add more context to log messages.
* proxmoxve: Remove unneeded fields
* proxmoxve: Add tests for static network configuration from cloud-init.
* proxmoxve: Add support for static network configuration from cloud-init.
* providers/openstack: ignore ec2 metadata if not present
* proxmox: use noop provider if no configdrive
* Update several build dependencies
- Fixed in version 5.7.0:
* cargo: update dependencies
* dhcp: replace dbus_proxy with proxy, and zbus traits
* providers/hetzner: private ipv4 addresses in attributes
* openstack: Document the two platforms
* microsoft/azure: allow empty certificate chain in PKCS12 file
* proxmoxve: implement proxmoxve provider
* providers/hetzner: fix duplicate attribute prefix
* lint: silence deadcode warnings
* lint: address latest lint's from msrv update
* cargo: update msrv to 1.75
* providers: Add 'akamai' provider
* providers/vmware: add missing public functions for non-amd64
* providers/vmware: Process guestinfo.metadata netplan configuration
* kubevirt: Run afterburn-hostname service
* providers: add support for scaleway
* Move away from deprecated `users` to `uzers`
* providers/hetzner: add support for Hetzner Cloud
* cargo: update MSRV to 1.71
* cargo: specify required features for nix dependency
* openstack: Add attribute OPENSTACK_INSTANCE_UUID
* cargo: allow openssl 0.10.46
* build-sys: Use new tier = 2 for cargo-vendor-filterer
* cargo: fix minimum version of openssl crate
* microsoft/crypto/mod: replace deprecated function `parse` with `parse2`
* cli: switch to clap derive
* cli: add descriptive value names for option arguments in --help
* cli: have clap require exactly one of --cmdline/--provider
* providers/`*`: move endpoint mocking into retry::Client
* retry/client: move URL parsing into helper function
* providers/microsoft: import crate::retry
* providers/microsoft: use stored client for all fetches
* providers/packet: use stored client for boot checkin
* initrd: remember to write trailing newline to network kargs file
* util: drop obsolete 'OEM' terminology
* Inline variables into format strings
* Update several build dependencies
- Fixed in version 5.4.1:
* cargo: add configuration for cargo-vendor-filterer
* util: support DHCP option lookup from NetworkManager
* util: factor out retries of DHCP option lookup
* util: refactor DHCP option query helper into an enum
* util: move dns_lease_key_lookup() to a separate module
* cargo: update MSRV to 1.66
* cargo: update all packages to fix build error
* cargo: continue to support openssh-keys 0.5
* cargo: drop serde_derive crate in favor of serde derive feature
* cargo: use consistent declaration syntax for slog dependency
* cargo: drop unused dependencies
* cargo: continue to support base64 0.13
* cargo: continue to support mailparse 0.13.8
* cargo: continue to support clap 3.1
* cargo: stop enabling LTO in release builds
* providers/ibmcloud: avoid error if an ssh key not found in metadata
* systemd: add explicit ordering, after multi-user.target
* network: fix clippy 1.63.0 lints
* cargo: allow serde_yaml 0.8
* cargo: update version ranges for post-1.x deps
* providers: Use inline `format!` in a few places
* *: bump MSRV to 1.58.0
* cargo: update clap to 3.2.5
* copr: mark git checkout as safe
* providers/aws: expose instance availability-zone-id as AWS_AVAILABILITY_ZONE_ID
* Update several build dependencies
- Fixed in version 5.3.0:
* systemd: enable sshkeys on Power VS platform
* network: Encode information for systemd-networkd-wait-online
* cargo: update to clap 3.1
* cargo: enable clap wrap_help feature
* cli: run clap tests
* cli: avoid deprecated clap constructs
* cargo: update to clap 3.0
* cli: use clap mechanism to require exp subcommand
* cargo: declare MSRV in Cargo.toml
* cargo: update to Rust 2021; bump MSRV to 1.56.0
* copr: abort if specfile fetch fails
* providers/aws: add AWS_IPV6 attribute
* providers/aws: bump metadata version to 2021-01-03
* kubevirt: Add KubeVirt platform support
* *.service: add/update Documentation field
* aws/mock_tests: explicitly drop mocks before resetting
* aws/mock_tests: split out IMDS tests
* aws/mock_tests: factor out map building
* *: use `RemainAfterExit` on all oneshot services
* Update several build dependencies
ImportantSUSE bug 1196972SUSE bug 1242665SUSE bug 1243850SUSE bug 1244199SUSE bug 1244675SUSE bug 1250471CVE-2022-24713 at SUSECVE-2022-24713 at NVDCVE-2024-12224 at SUSECVE-2024-12224 at NVDCVE-2025-3416 at SUSECVE-2025-3416 at NVDCVE-2025-5791 at SUSECVE-2025-5791 at NVDcpe:/o:suse:sle-micro:5.4Security update for libssh (Moderate)SUSE Linux Enterprise Micro 5.4
This update for libssh fixes the following issues:
- CVE-2025-8277: memory exhaustion leading to client-side DoS due to improper memory management when KEX process is
repeated with incorrect guesses (bsc#1249375).
- CVE-2025-8114: NULL pointer dereference when an allocation error happens during the calculation of the KEX session ID
(bsc#1246974).
ModerateSUSE bug 1246974SUSE bug 1249375CVE-2025-8114 at SUSECVE-2025-8114 at NVDCVE-2025-8277 at SUSECVE-2025-8277 at NVDcpe:/o:suse:sle-micro:5.4Security update for chrony (Moderate)SUSE Linux Enterprise Micro 5.4
This update for chrony fixes the following issues:
- Race condition during socket creation by chronyc allows privilege escalation from user chrony to root (bsc#1246544).
This update also ships chrony-pool-empty to SLE Micro 5.x (jsc#SMO-587)
ModerateSUSE bug 1246544cpe:/o:suse:sle-micro:5.4Security update for mozilla-nss (Important)SUSE Linux Enterprise Micro 5.4
This update for mozilla-nss fixes the following issues:
- Move NSS DB password hash away from SHA-1
Update to NSS 3.112.2:
* Prevent leaks during pkcs12 decoding.
* SEC_ASN1Decode* should ensure it has read as many bytes as each length field indicates
Update to NSS 3.112.1:
* restore support for finding certificates by decoded serial number.
ImportantSUSE bug 1251263CVE-2025-9187 at SUSECVE-2025-9187 at NVDcpe:/o:suse:sle-micro:5.4Security update for xen (Important)SUSE Linux Enterprise Micro 5.4
This update for xen fixes the following issues:
- CVE-2025-58147, CVE-2025-58148: Fixed incorrect input sanitisation in Viridian hypercalls (bsc#1251271, XSA-475)
- CVE-2025-27466, CVE-2025-58142, CVE-2025-58143: Fixed mutiple vulnerabilities in the Viridian interface (bsc#1248807, XSA-472)
ImportantSUSE bug 1248807SUSE bug 1251271CVE-2025-27466 at SUSECVE-2025-27466 at NVDCVE-2025-58142 at SUSECVE-2025-58142 at NVDCVE-2025-58143 at SUSECVE-2025-58143 at NVDCVE-2025-58147 at SUSECVE-2025-58147 at NVDCVE-2025-58148 at SUSECVE-2025-58148 at NVDcpe:/o:suse:sle-micro:5.4Security update for libxslt (Important)SUSE Linux Enterprise Micro 5.4
This update for libxslt fixes the following issues:
- CVE-2025-11731: fixed a type confusion in exsltFuncResultComp function leading to denial of service (bsc#1251979)
- CVE-2025-10911: last fix caused a regression, patch was temporary disabled (bsc#1250553)
ImportantSUSE bug 1250553SUSE bug 1251979CVE-2025-10911 at SUSECVE-2025-10911 at NVDCVE-2025-11731 at SUSECVE-2025-11731 at NVDcpe:/o:suse:sle-micro:5.4Security update for openssl-3 (Moderate)SUSE Linux Enterprise Micro 5.4
This update for openssl-3 fixes the following issues:
- CVE-2024-13176: Fixed timing side-channel in ECDSA signature computation (bsc#1236136).
ModerateSUSE bug 1236136CVE-2024-13176 at SUSECVE-2024-13176 at NVDcpe:/o:suse:sle-micro:5.4Security update for colord (Moderate)SUSE Linux Enterprise Micro 5.4
This update for colord fixes the following issues:
- CVE-2021-42523: The original fix was wrong and did not properly free the error, resulting in a crash that has now been addressed (bsc#1250750).
ModerateSUSE bug 1250750CVE-2021-42523 at SUSECVE-2021-42523 at NVDcpe:/o:suse:sle-micro:5.4Security update for tiff (Important)SUSE Linux Enterprise Micro 5.4
This update for tiff fixes the following issues:
- CVE-2025-9900: Fixed Write-What-Where in libtiff via TIFFReadRGBAImageOriented (bsc#1250413).
ImportantSUSE bug 1250413CVE-2025-9900 at SUSECVE-2025-9900 at NVDcpe:/o:suse:sle-micro:5.4Security update for runc (Important)SUSE Linux Enterprise Micro 5.4
This update for runc fixes the following issues:
- CVE-2025-31133: Fixed container escape via 'masked path' abuse due to mount race conditions (bsc#1252232).
- CVE-2025-52565: Fixed container escape with malicious config due to /dev/console mount and related races (bsc#1252232).
- CVE-2025-52881: Fixed container escape and denial of service due to arbitrary write gadgets and procfs write redirects (bsc#1252232).
Update to runc v1.2.7.
- Upstream changelog is available from <https://github.com/opencontainers/runc/releases/tag/v1.2.7>
ImportantSUSE bug 1252232CVE-2025-31133 at SUSECVE-2025-31133 at NVDCVE-2025-52565 at SUSECVE-2025-52565 at NVDCVE-2025-52881 at SUSECVE-2025-52881 at NVDcpe:/o:suse:sle-micro:5.4Security update for gpg2 (Low)SUSE Linux Enterprise Micro 5.4
This update for gpg2 fixes the following issues:
- CVE-2025-30258: fixed a verification denial of service due to a malicious subkey in the keyring (bsc#1239119)
LowSUSE bug 1239119CVE-2025-30258 at SUSECVE-2025-30258 at NVDcpe:/o:suse:sle-micro:5.4Security update for runc (Important)SUSE Linux Enterprise Micro 5.4
This update for runc fixes the following issues:
Update to runc v1.3.3. Upstream changelog is available from
<https://github.com/opencontainers/runc/releases/tag/v1.3.3>. bsc#1252232
* CVE-2025-31133
* CVE-2025-52565
* CVE-2025-52881
Update to runc v1.3.2. Upstream changelog is available from
<https://github.com/opencontainers/runc/releases/tag/v1.3.2> bsc#1252110
- Includes an important fix for the CPUSet translation for cgroupv2.
Update to runc v1.3.1. Upstream changelog is available from
<https://github.com/opencontainers/runc/releases/tag/v1.3.1>
Update to runc v1.3.0. Upstream changelog is available from
<https://github.com/opencontainers/runc/releases/tag/v1.3.0> ImportantSUSE bug 1252110SUSE bug 1252232CVE-2025-31133 at SUSECVE-2025-31133 at NVDCVE-2025-52565 at SUSECVE-2025-52565 at NVDCVE-2025-52881 at SUSECVE-2025-52881 at NVDcpe:/o:suse:sle-micro:5.4Security update for podman (Important)SUSE Linux Enterprise Micro 5.4
This update for podman fixes the following issues:
- CVE-2025-31133: Fixed container escape via 'masked path' abuse due to mount race conditions (bsc#1252376)
- CVE-2025-52565: Fixed container escape with malicious config due to /dev/console mount and related races (bsc#1252376)
- CVE-2025-52881: Fixed container escape and denial of service due to arbitrary write gadgets and procfs write redirects (bsc#1252376)
Other fixes:
- podman and buildah with runc 1.3.2 fail with lots of warnings as rootless (bsc#1252543)
ImportantSUSE bug 1252376SUSE bug 1252543CVE-2025-31133 at SUSECVE-2025-31133 at NVDCVE-2025-52565 at SUSECVE-2025-52565 at NVDCVE-2025-52881 at SUSECVE-2025-52881 at NVDcpe:/o:suse:sle-micro:5.4Security update for elfutils (Moderate)SUSE Linux Enterprise Micro 5.4
This update for elfutils fixes the following issues:
- Fixing build/testsuite for more recent glibc and kernels.
- Fixing denial of service and general buffer overflow errors
(bsc#1237236, bsc#1237240, bsc#1237241, bsc#1237242):
- CVE-2025-1376: Fixed denial of service in function elf_strptr in the library /libelf/elf_strptr.c of the component eu-strip
- CVE-2025-1377: Fixed denial of service in function gelf_getsymshndx of the file strip.c of the component eu-strip
- CVE-2025-1372: Fixed buffer overflow in function dump_data_section/print_string_section of the file readelf.c of the component eu-readelf
- CVE-2025-1352: Fixed SEGV (illegal read access) in function __libdw_thread_tail in the library libdw_alloc.c of the component eu-readelf
- Fixing testsuite race conditions in run-debuginfod-find.sh. ModerateSUSE bug 1237236SUSE bug 1237240SUSE bug 1237241SUSE bug 1237242CVE-2025-1352 at SUSECVE-2025-1352 at NVDCVE-2025-1372 at SUSECVE-2025-1372 at NVDCVE-2025-1376 at SUSECVE-2025-1376 at NVDCVE-2025-1377 at SUSECVE-2025-1377 at NVDcpe:/o:suse:sle-micro:5.4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.4
The SUSE Linux Enterprise 15 SP4 kernel was updated to fix various security issues
The following security issues were fixed:
- CVE-2022-50327: ACPI: processor: idle: Check acpi_fetch_acpi_dev() return value (bsc#1249859).
- CVE-2022-50334: hugetlbfs: fix null-ptr-deref in hugetlbfs_parse_param() (bsc#1249857).
- CVE-2022-50490: bpf: Propagate error from htab_lock_bucket() to userspace (bsc#1251164).
- CVE-2022-50516: fs: dlm: fix invalid derefence of sb_lvbptr (bsc#1251741).
- CVE-2023-53365: ip6mr: Fix skb_under_panic in ip6mr_cache_report() (bsc#1249988).
- CVE-2023-53500: xfrm: fix slab-use-after-free in decode_session6 (bsc#1250816).
- CVE-2023-53559: ip_vti: fix potential slab-use-after-free in decode_session6 (bsc#1251052).
- CVE-2023-53574: wifi: rtw88: delete timer and free skb queue when unloading (bsc#1251222).
- CVE-2023-53619: netfilter: conntrack: Avoid nf_ct_helper_hash uses after free (bsc#1251743).
- CVE-2023-53673: Bluetooth: hci_event: call disconnect callback before deleting conn (bsc#1251763).
- CVE-2023-53705: ipv6: Fix out-of-bounds access in ipv6_find_tlv() (bsc#1252554).
- CVE-2025-39742: RDMA: hfi1: fix possible divide-by-zero in find_hw_thread_mask() (bsc#1249479).
- CVE-2025-39945: cnic: Fix use-after-free bugs in cnic_delete_task (bsc#1251230).
- CVE-2025-39967: fbcon: fix integer overflow in fbcon_do_set_font (bsc#1252033).
- CVE-2025-39968: i40e: add max boundary check for VF filters (bsc#1252047).
- CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252035).
- CVE-2025-39978: octeontx2-pf: Fix potential use after free in otx2_tc_add_flow() (bsc#1252069).
- CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252688).
- CVE-2025-40044: fs: udf: fix OOB read in lengthAllocDescs handling (bsc#1252785).
- CVE-2025-40088: hfsplus: fix slab-out-of-bounds read in hfsplus_strcasecmp() (bsc#1252904).
- CVE-2025-40102: KVM: arm64: Prevent access to vCPU events before init (bsc#1252919).
The following non security issues were fixed:
- fbcon: Fix OOB access in font allocation (bsc#1252033)
- mm: avoid unnecessary page fault retires on shared memory types (bsc#1251823).
- net: hv_netvsc: fix loss of early receive events from host during channel open (bsc#1252265).
ImportantSUSE bug 1065729SUSE bug 1205128SUSE bug 1206893SUSE bug 1207612SUSE bug 1207619SUSE bug 1210763SUSE bug 1211162SUSE bug 1211692SUSE bug 1213098SUSE bug 1213114SUSE bug 1213747SUSE bug 1214954SUSE bug 1214992SUSE bug 1215148SUSE bug 1217366SUSE bug 1236104SUSE bug 1249479SUSE bug 1249608SUSE bug 1249857SUSE bug 1249859SUSE bug 1249988SUSE bug 1250742SUSE bug 1250816SUSE bug 1250946SUSE bug 1251027SUSE bug 1251032SUSE bug 1251034SUSE bug 1251035SUSE bug 1251040SUSE bug 1251043SUSE bug 1251045SUSE bug 1251047SUSE bug 1251052SUSE bug 1251057SUSE bug 1251059SUSE bug 1251061SUSE bug 1251063SUSE bug 1251064SUSE bug 1251065SUSE bug 1251066SUSE bug 1251068SUSE bug 1251072SUSE bug 1251080SUSE bug 1251082SUSE bug 1251086SUSE bug 1251087SUSE bug 1251088SUSE bug 1251091SUSE bug 1251092SUSE bug 1251093SUSE bug 1251097SUSE bug 1251099SUSE bug 1251101SUSE bug 1251104SUSE bug 1251110SUSE bug 1251113SUSE bug 1251115SUSE bug 1251123SUSE bug 1251128SUSE bug 1251129SUSE bug 1251133SUSE bug 1251136SUSE bug 1251147SUSE bug 1251149SUSE bug 1251154SUSE bug 1251159SUSE bug 1251164SUSE bug 1251166SUSE bug 1251169SUSE bug 1251170SUSE bug 1251173SUSE bug 1251178SUSE bug 1251180SUSE bug 1251182SUSE bug 1251197SUSE bug 1251200SUSE bug 1251201SUSE bug 1251202SUSE bug 1251208SUSE bug 1251210SUSE bug 1251215SUSE bug 1251218SUSE bug 1251222SUSE bug 1251223SUSE bug 1251230SUSE bug 1251247SUSE bug 1251268SUSE bug 1251281SUSE bug 1251282SUSE bug 1251283SUSE bug 1251285SUSE bug 1251286SUSE bug 1251292SUSE bug 1251294SUSE bug 1251295SUSE bug 1251296SUSE bug 1251298SUSE bug 1251299SUSE bug 1251300SUSE bug 1251302SUSE bug 1251303SUSE bug 1251306SUSE bug 1251310SUSE bug 1251312SUSE bug 1251322SUSE bug 1251324SUSE bug 1251325SUSE bug 1251326SUSE bug 1251327SUSE bug 1251329SUSE bug 1251330SUSE bug 1251331SUSE bug 1251519SUSE bug 1251521SUSE bug 1251522SUSE bug 1251527SUSE bug 1251529SUSE bug 1251550SUSE bug 1251723SUSE bug 1251725SUSE bug 1251728SUSE bug 1251730SUSE bug 1251736SUSE bug 1251737SUSE bug 1251741SUSE bug 1251743SUSE bug 1251750SUSE bug 1251753SUSE bug 1251759SUSE bug 1251761SUSE bug 1251762SUSE bug 1251763SUSE bug 1251764SUSE bug 1251767SUSE bug 1251769SUSE bug 1251772SUSE bug 1251775SUSE bug 1251777SUSE bug 1251785SUSE bug 1251823SUSE bug 1251930SUSE bug 1251967SUSE bug 1252033SUSE bug 1252035SUSE bug 1252047SUSE bug 1252069SUSE bug 1252265SUSE bug 1252474SUSE bug 1252475SUSE bug 1252476SUSE bug 1252480SUSE bug 1252484SUSE bug 1252486SUSE bug 1252489SUSE bug 1252490SUSE bug 1252492SUSE bug 1252495SUSE bug 1252497SUSE bug 1252499SUSE bug 1252501SUSE bug 1252508SUSE bug 1252509SUSE bug 1252513SUSE bug 1252515SUSE bug 1252516SUSE bug 1252519SUSE bug 1252521SUSE bug 1252522SUSE bug 1252523SUSE bug 1252526SUSE bug 1252528SUSE bug 1252529SUSE bug 1252532SUSE bug 1252535SUSE bug 1252536SUSE bug 1252537SUSE bug 1252538SUSE bug 1252539SUSE bug 1252542SUSE bug 1252545SUSE bug 1252549SUSE bug 1252554SUSE bug 1252560SUSE bug 1252564SUSE bug 1252565SUSE bug 1252568SUSE bug 1252634SUSE bug 1252688SUSE bug 1252785SUSE bug 1252893SUSE bug 1252904SUSE bug 1252919CVE-2022-43945 at SUSECVE-2022-43945 at NVDCVE-2022-50327 at SUSECVE-2022-50327 at NVDCVE-2022-50334 at SUSECVE-2022-50334 at NVDCVE-2022-50470 at SUSECVE-2022-50470 at NVDCVE-2022-50471 at SUSECVE-2022-50471 at NVDCVE-2022-50472 at SUSECVE-2022-50472 at NVDCVE-2022-50475 at SUSECVE-2022-50475 at NVDCVE-2022-50478 at SUSECVE-2022-50478 at NVDCVE-2022-50480 at SUSECVE-2022-50480 at NVDCVE-2022-50482 at SUSECVE-2022-50482 at NVDCVE-2022-50484 at SUSECVE-2022-50484 at NVDCVE-2022-50485 at SUSECVE-2022-50485 at NVDCVE-2022-50487 at SUSECVE-2022-50487 at NVDCVE-2022-50488 at SUSECVE-2022-50488 at NVDCVE-2022-50489 at SUSECVE-2022-50489 at NVDCVE-2022-50490 at SUSECVE-2022-50490 at NVDCVE-2022-50492 at SUSECVE-2022-50492 at NVDCVE-2022-50493 at SUSECVE-2022-50493 at NVDCVE-2022-50494 at SUSECVE-2022-50494 at NVDCVE-2022-50496 at SUSECVE-2022-50496 at NVDCVE-2022-50497 at SUSECVE-2022-50497 at NVDCVE-2022-50498 at SUSECVE-2022-50498 at NVDCVE-2022-50499 at SUSECVE-2022-50499 at NVDCVE-2022-50501 at SUSECVE-2022-50501 at NVDCVE-2022-50503 at SUSECVE-2022-50503 at NVDCVE-2022-50504 at SUSECVE-2022-50504 at NVDCVE-2022-50505 at SUSECVE-2022-50505 at NVDCVE-2022-50509 at SUSECVE-2022-50509 at NVDCVE-2022-50511 at SUSECVE-2022-50511 at NVDCVE-2022-50512 at SUSECVE-2022-50512 at NVDCVE-2022-50513 at SUSECVE-2022-50513 at NVDCVE-2022-50514 at SUSECVE-2022-50514 at NVDCVE-2022-50516 at SUSECVE-2022-50516 at NVDCVE-2022-50519 at SUSECVE-2022-50519 at NVDCVE-2022-50520 at SUSECVE-2022-50520 at NVDCVE-2022-50521 at SUSECVE-2022-50521 at NVDCVE-2022-50523 at SUSECVE-2022-50523 at NVDCVE-2022-50525 at SUSECVE-2022-50525 at NVDCVE-2022-50528 at SUSECVE-2022-50528 at NVDCVE-2022-50529 at SUSECVE-2022-50529 at NVDCVE-2022-50530 at SUSECVE-2022-50530 at NVDCVE-2022-50532 at SUSECVE-2022-50532 at NVDCVE-2022-50534 at SUSECVE-2022-50534 at NVDCVE-2022-50535 at SUSECVE-2022-50535 at NVDCVE-2022-50537 at SUSECVE-2022-50537 at NVDCVE-2022-50541 at SUSECVE-2022-50541 at NVDCVE-2022-50542 at SUSECVE-2022-50542 at NVDCVE-2022-50544 at SUSECVE-2022-50544 at NVDCVE-2022-50545 at SUSECVE-2022-50545 at NVDCVE-2022-50546 at SUSECVE-2022-50546 at NVDCVE-2022-50549 at SUSECVE-2022-50549 at NVDCVE-2022-50551 at SUSECVE-2022-50551 at NVDCVE-2022-50553 at SUSECVE-2022-50553 at NVDCVE-2022-50556 at SUSECVE-2022-50556 at NVDCVE-2022-50559 at SUSECVE-2022-50559 at NVDCVE-2022-50560 at SUSECVE-2022-50560 at NVDCVE-2022-50561 at SUSECVE-2022-50561 at NVDCVE-2022-50562 at SUSECVE-2022-50562 at NVDCVE-2022-50563 at SUSECVE-2022-50563 at NVDCVE-2022-50564 at SUSECVE-2022-50564 at NVDCVE-2022-50566 at SUSECVE-2022-50566 at NVDCVE-2022-50567 at SUSECVE-2022-50567 at NVDCVE-2022-50568 at SUSECVE-2022-50568 at NVDCVE-2022-50570 at SUSECVE-2022-50570 at NVDCVE-2022-50572 at SUSECVE-2022-50572 at NVDCVE-2022-50574 at SUSECVE-2022-50574 at NVDCVE-2022-50575 at SUSECVE-2022-50575 at NVDCVE-2022-50576 at SUSECVE-2022-50576 at NVDCVE-2022-50578 at SUSECVE-2022-50578 at NVDCVE-2022-50579 at SUSECVE-2022-50579 at NVDCVE-2022-50580 at SUSECVE-2022-50580 at NVDCVE-2022-50581 at SUSECVE-2022-50581 at NVDCVE-2022-50582 at SUSECVE-2022-50582 at NVDCVE-2023-52923 at SUSECVE-2023-52923 at NVDCVE-2023-53365 at SUSECVE-2023-53365 at NVDCVE-2023-53500 at SUSECVE-2023-53500 at NVDCVE-2023-53533 at SUSECVE-2023-53533 at NVDCVE-2023-53534 at SUSECVE-2023-53534 at NVDCVE-2023-53541 at SUSECVE-2023-53541 at NVDCVE-2023-53542 at SUSECVE-2023-53542 at NVDCVE-2023-53548 at SUSECVE-2023-53548 at NVDCVE-2023-53551 at SUSECVE-2023-53551 at NVDCVE-2023-53552 at SUSECVE-2023-53552 at NVDCVE-2023-53553 at SUSECVE-2023-53553 at NVDCVE-2023-53554 at SUSECVE-2023-53554 at NVDCVE-2023-53556 at SUSECVE-2023-53556 at NVDCVE-2023-53559 at SUSECVE-2023-53559 at NVDCVE-2023-53560 at SUSECVE-2023-53560 at NVDCVE-2023-53564 at SUSECVE-2023-53564 at NVDCVE-2023-53566 at SUSECVE-2023-53566 at NVDCVE-2023-53567 at SUSECVE-2023-53567 at NVDCVE-2023-53568 at SUSECVE-2023-53568 at NVDCVE-2023-53571 at SUSECVE-2023-53571 at NVDCVE-2023-53572 at SUSECVE-2023-53572 at NVDCVE-2023-53574 at SUSECVE-2023-53574 at NVDCVE-2023-53576 at SUSECVE-2023-53576 at NVDCVE-2023-53579 at SUSECVE-2023-53579 at NVDCVE-2023-53582 at SUSECVE-2023-53582 at NVDCVE-2023-53587 at SUSECVE-2023-53587 at NVDCVE-2023-53589 at SUSECVE-2023-53589 at NVDCVE-2023-53592 at SUSECVE-2023-53592 at NVDCVE-2023-53594 at SUSECVE-2023-53594 at NVDCVE-2023-53597 at SUSECVE-2023-53597 at NVDCVE-2023-53603 at SUSECVE-2023-53603 at NVDCVE-2023-53604 at SUSECVE-2023-53604 at NVDCVE-2023-53605 at SUSECVE-2023-53605 at NVDCVE-2023-53607 at SUSECVE-2023-53607 at NVDCVE-2023-53608 at SUSECVE-2023-53608 at NVDCVE-2023-53611 at SUSECVE-2023-53611 at NVDCVE-2023-53612 at SUSECVE-2023-53612 at NVDCVE-2023-53615 at SUSECVE-2023-53615 at NVDCVE-2023-53616 at SUSECVE-2023-53616 at NVDCVE-2023-53617 at SUSECVE-2023-53617 at NVDCVE-2023-53619 at SUSECVE-2023-53619 at NVDCVE-2023-53622 at SUSECVE-2023-53622 at NVDCVE-2023-53625 at SUSECVE-2023-53625 at NVDCVE-2023-53626 at SUSECVE-2023-53626 at NVDCVE-2023-53631 at SUSECVE-2023-53631 at NVDCVE-2023-53637 at SUSECVE-2023-53637 at NVDCVE-2023-53639 at SUSECVE-2023-53639 at NVDCVE-2023-53640 at SUSECVE-2023-53640 at NVDCVE-2023-53641 at SUSECVE-2023-53641 at NVDCVE-2023-53644 at SUSECVE-2023-53644 at NVDCVE-2023-53648 at SUSECVE-2023-53648 at NVDCVE-2023-53650 at SUSECVE-2023-53650 at NVDCVE-2023-53651 at SUSECVE-2023-53651 at NVDCVE-2023-53658 at SUSECVE-2023-53658 at NVDCVE-2023-53659 at SUSECVE-2023-53659 at NVDCVE-2023-53662 at SUSECVE-2023-53662 at NVDCVE-2023-53667 at SUSECVE-2023-53667 at NVDCVE-2023-53668 at SUSECVE-2023-53668 at NVDCVE-2023-53670 at SUSECVE-2023-53670 at NVDCVE-2023-53673 at SUSECVE-2023-53673 at NVDCVE-2023-53674 at SUSECVE-2023-53674 at NVDCVE-2023-53675 at SUSECVE-2023-53675 at NVDCVE-2023-53679 at SUSECVE-2023-53679 at NVDCVE-2023-53680 at SUSECVE-2023-53680 at NVDCVE-2023-53681 at SUSECVE-2023-53681 at NVDCVE-2023-53683 at SUSECVE-2023-53683 at NVDCVE-2023-53687 at SUSECVE-2023-53687 at NVDCVE-2023-53692 at SUSECVE-2023-53692 at NVDCVE-2023-53693 at SUSECVE-2023-53693 at NVDCVE-2023-53695 at SUSECVE-2023-53695 at NVDCVE-2023-53696 at SUSECVE-2023-53696 at NVDCVE-2023-53700 at SUSECVE-2023-53700 at NVDCVE-2023-53704 at SUSECVE-2023-53704 at NVDCVE-2023-53705 at SUSECVE-2023-53705 at NVDCVE-2023-53708 at SUSECVE-2023-53708 at NVDCVE-2023-53709 at SUSECVE-2023-53709 at NVDCVE-2023-53711 at SUSECVE-2023-53711 at NVDCVE-2023-53715 at SUSECVE-2023-53715 at NVDCVE-2023-53717 at SUSECVE-2023-53717 at NVDCVE-2023-53718 at SUSECVE-2023-53718 at NVDCVE-2023-53719 at SUSECVE-2023-53719 at NVDCVE-2023-53722 at SUSECVE-2023-53722 at NVDCVE-2023-53723 at SUSECVE-2023-53723 at NVDCVE-2023-53724 at SUSECVE-2023-53724 at NVDCVE-2023-53725 at SUSECVE-2023-53725 at NVDCVE-2023-53726 at SUSECVE-2023-53726 at NVDCVE-2023-53730 at SUSECVE-2023-53730 at NVDCVE-2023-7324 at SUSECVE-2023-7324 at NVDCVE-2025-39742 at SUSECVE-2025-39742 at NVDCVE-2025-39797 at SUSECVE-2025-39797 at NVDCVE-2025-39945 at SUSECVE-2025-39945 at NVDCVE-2025-39965 at SUSECVE-2025-39965 at NVDCVE-2025-39967 at SUSECVE-2025-39967 at NVDCVE-2025-39968 at SUSECVE-2025-39968 at NVDCVE-2025-39973 at SUSECVE-2025-39973 at NVDCVE-2025-39978 at SUSECVE-2025-39978 at NVDCVE-2025-40018 at SUSECVE-2025-40018 at NVDCVE-2025-40044 at SUSECVE-2025-40044 at NVDCVE-2025-40088 at SUSECVE-2025-40088 at NVDCVE-2025-40102 at SUSECVE-2025-40102 at NVDcpe:/o:suse:sle-micro:5.4Security update for openssh (Moderate)SUSE Linux Enterprise Micro 5.4
This update for openssh fixes the following issues:
- CVE-2025-61984: Fixed code execution via control characters in usernames when a ProxyCommand is used (bsc#1251198)
- CVE-2025-61985: Fixed code execution via '\0' character in ssh:// URI when a ProxyCommand is used (bsc#1251199)
ModerateSUSE bug 1251198SUSE bug 1251199CVE-2025-61984 at SUSECVE-2025-61984 at NVDCVE-2025-61985 at SUSECVE-2025-61985 at NVDcpe:/o:suse:sle-micro:5.4Security update for libxml2 (Moderate)SUSE Linux Enterprise Micro 5.4
This update for libxml2 fixes the following issues:
- CVE-2025-9714: Fixed inifinite recursion at exsltDynMapFunction function in libexslt/dynamic.c (bsc#1249076)
- CVE-2025-8732: Fixed infinite recursion in catalog parsing functions when processing malformed SGML catalog files (bsc#1247850)
ModerateSUSE bug 1247850SUSE bug 1249076CVE-2025-8732 at SUSECVE-2025-8732 at NVDCVE-2025-9714 at SUSECVE-2025-9714 at NVDcpe:/o:suse:sle-micro:5.4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.4
The SUSE Linux Enterprise 15 SP4 RT kernel was updated to fix various security issues
The following security issues were fixed:
- CVE-2022-50327: ACPI: processor: idle: Check acpi_fetch_acpi_dev() return value (bsc#1249859).
- CVE-2022-50334: hugetlbfs: fix null-ptr-deref in hugetlbfs_parse_param() (bsc#1249857).
- CVE-2022-50490: bpf: Propagate error from htab_lock_bucket() to userspace (bsc#1251164).
- CVE-2022-50516: fs: dlm: fix invalid derefence of sb_lvbptr (bsc#1251741).
- CVE-2023-53365: ip6mr: Fix skb_under_panic in ip6mr_cache_report() (bsc#1249988).
- CVE-2023-53500: xfrm: fix slab-use-after-free in decode_session6 (bsc#1250816).
- CVE-2023-53559: ip_vti: fix potential slab-use-after-free in decode_session6 (bsc#1251052).
- CVE-2023-53574: wifi: rtw88: delete timer and free skb queue when unloading (bsc#1251222).
- CVE-2023-53619: netfilter: conntrack: Avoid nf_ct_helper_hash uses after free (bsc#1251743).
- CVE-2023-53673: Bluetooth: hci_event: call disconnect callback before deleting conn (bsc#1251763).
- CVE-2023-53705: ipv6: Fix out-of-bounds access in ipv6_find_tlv() (bsc#1252554).
- CVE-2025-39742: RDMA: hfi1: fix possible divide-by-zero in find_hw_thread_mask() (bsc#1249479).
- CVE-2025-39945: cnic: Fix use-after-free bugs in cnic_delete_task (bsc#1251230).
- CVE-2025-39967: fbcon: fix integer overflow in fbcon_do_set_font (bsc#1252033).
- CVE-2025-39968: i40e: add max boundary check for VF filters (bsc#1252047).
- CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252035).
- CVE-2025-39978: octeontx2-pf: Fix potential use after free in otx2_tc_add_flow() (bsc#1252069).
- CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252688).
- CVE-2025-40044: fs: udf: fix OOB read in lengthAllocDescs handling (bsc#1252785).
- CVE-2025-40088: hfsplus: fix slab-out-of-bounds read in hfsplus_strcasecmp() (bsc#1252904).
- CVE-2025-40102: KVM: arm64: Prevent access to vCPU events before init (bsc#1252919).
The following non security issues were fixed:
- fbcon: Fix OOB access in font allocation (bsc#1252033)
- mm: avoid unnecessary page fault retires on shared memory types (bsc#1251823).
- net: hv_netvsc: fix loss of early receive events from host during channel open (bsc#1252265).
ImportantSUSE bug 1065729SUSE bug 1205128SUSE bug 1206893SUSE bug 1207612SUSE bug 1207619SUSE bug 1210763SUSE bug 1211162SUSE bug 1211692SUSE bug 1213098SUSE bug 1213114SUSE bug 1213747SUSE bug 1214954SUSE bug 1214992SUSE bug 1215148SUSE bug 1217366SUSE bug 1236104SUSE bug 1249479SUSE bug 1249608SUSE bug 1249857SUSE bug 1249859SUSE bug 1249988SUSE bug 1250742SUSE bug 1250816SUSE bug 1250946SUSE bug 1251027SUSE bug 1251032SUSE bug 1251034SUSE bug 1251035SUSE bug 1251040SUSE bug 1251043SUSE bug 1251045SUSE bug 1251047SUSE bug 1251052SUSE bug 1251057SUSE bug 1251059SUSE bug 1251061SUSE bug 1251063SUSE bug 1251064SUSE bug 1251065SUSE bug 1251066SUSE bug 1251068SUSE bug 1251072SUSE bug 1251080SUSE bug 1251082SUSE bug 1251086SUSE bug 1251087SUSE bug 1251088SUSE bug 1251091SUSE bug 1251092SUSE bug 1251093SUSE bug 1251097SUSE bug 1251099SUSE bug 1251101SUSE bug 1251104SUSE bug 1251110SUSE bug 1251113SUSE bug 1251115SUSE bug 1251123SUSE bug 1251128SUSE bug 1251129SUSE bug 1251133SUSE bug 1251136SUSE bug 1251147SUSE bug 1251149SUSE bug 1251154SUSE bug 1251159SUSE bug 1251164SUSE bug 1251166SUSE bug 1251169SUSE bug 1251170SUSE bug 1251173SUSE bug 1251178SUSE bug 1251180SUSE bug 1251182SUSE bug 1251197SUSE bug 1251200SUSE bug 1251201SUSE bug 1251202SUSE bug 1251208SUSE bug 1251210SUSE bug 1251215SUSE bug 1251218SUSE bug 1251222SUSE bug 1251223SUSE bug 1251230SUSE bug 1251247SUSE bug 1251268SUSE bug 1251281SUSE bug 1251282SUSE bug 1251283SUSE bug 1251285SUSE bug 1251286SUSE bug 1251292SUSE bug 1251294SUSE bug 1251295SUSE bug 1251296SUSE bug 1251298SUSE bug 1251299SUSE bug 1251300SUSE bug 1251302SUSE bug 1251303SUSE bug 1251306SUSE bug 1251310SUSE bug 1251312SUSE bug 1251322SUSE bug 1251324SUSE bug 1251325SUSE bug 1251326SUSE bug 1251327SUSE bug 1251329SUSE bug 1251330SUSE bug 1251331SUSE bug 1251519SUSE bug 1251521SUSE bug 1251522SUSE bug 1251527SUSE bug 1251529SUSE bug 1251550SUSE bug 1251723SUSE bug 1251725SUSE bug 1251728SUSE bug 1251730SUSE bug 1251736SUSE bug 1251737SUSE bug 1251741SUSE bug 1251743SUSE bug 1251750SUSE bug 1251753SUSE bug 1251759SUSE bug 1251761SUSE bug 1251762SUSE bug 1251763SUSE bug 1251764SUSE bug 1251767SUSE bug 1251769SUSE bug 1251772SUSE bug 1251775SUSE bug 1251777SUSE bug 1251785SUSE bug 1251823SUSE bug 1251930SUSE bug 1251967SUSE bug 1252033SUSE bug 1252035SUSE bug 1252047SUSE bug 1252069SUSE bug 1252265SUSE bug 1252474SUSE bug 1252475SUSE bug 1252476SUSE bug 1252480SUSE bug 1252484SUSE bug 1252486SUSE bug 1252489SUSE bug 1252490SUSE bug 1252492SUSE bug 1252495SUSE bug 1252497SUSE bug 1252499SUSE bug 1252501SUSE bug 1252508SUSE bug 1252509SUSE bug 1252513SUSE bug 1252515SUSE bug 1252516SUSE bug 1252519SUSE bug 1252521SUSE bug 1252522SUSE bug 1252523SUSE bug 1252526SUSE bug 1252528SUSE bug 1252529SUSE bug 1252532SUSE bug 1252535SUSE bug 1252536SUSE bug 1252537SUSE bug 1252538SUSE bug 1252539SUSE bug 1252542SUSE bug 1252545SUSE bug 1252549SUSE bug 1252554SUSE bug 1252560SUSE bug 1252564SUSE bug 1252565SUSE bug 1252568SUSE bug 1252634SUSE bug 1252688SUSE bug 1252785SUSE bug 1252893SUSE bug 1252904SUSE bug 1252919CVE-2022-43945 at SUSECVE-2022-43945 at NVDCVE-2022-50327 at SUSECVE-2022-50327 at NVDCVE-2022-50334 at SUSECVE-2022-50334 at NVDCVE-2022-50470 at SUSECVE-2022-50470 at NVDCVE-2022-50471 at SUSECVE-2022-50471 at NVDCVE-2022-50472 at SUSECVE-2022-50472 at NVDCVE-2022-50475 at SUSECVE-2022-50475 at NVDCVE-2022-50478 at SUSECVE-2022-50478 at NVDCVE-2022-50480 at SUSECVE-2022-50480 at NVDCVE-2022-50482 at SUSECVE-2022-50482 at NVDCVE-2022-50484 at SUSECVE-2022-50484 at NVDCVE-2022-50485 at SUSECVE-2022-50485 at NVDCVE-2022-50487 at SUSECVE-2022-50487 at NVDCVE-2022-50488 at SUSECVE-2022-50488 at NVDCVE-2022-50489 at SUSECVE-2022-50489 at NVDCVE-2022-50490 at SUSECVE-2022-50490 at NVDCVE-2022-50492 at SUSECVE-2022-50492 at NVDCVE-2022-50493 at SUSECVE-2022-50493 at NVDCVE-2022-50494 at SUSECVE-2022-50494 at NVDCVE-2022-50496 at SUSECVE-2022-50496 at NVDCVE-2022-50497 at SUSECVE-2022-50497 at NVDCVE-2022-50498 at SUSECVE-2022-50498 at NVDCVE-2022-50499 at SUSECVE-2022-50499 at NVDCVE-2022-50501 at SUSECVE-2022-50501 at NVDCVE-2022-50503 at SUSECVE-2022-50503 at NVDCVE-2022-50504 at SUSECVE-2022-50504 at NVDCVE-2022-50505 at SUSECVE-2022-50505 at NVDCVE-2022-50509 at SUSECVE-2022-50509 at NVDCVE-2022-50511 at SUSECVE-2022-50511 at NVDCVE-2022-50512 at SUSECVE-2022-50512 at NVDCVE-2022-50513 at SUSECVE-2022-50513 at NVDCVE-2022-50514 at SUSECVE-2022-50514 at NVDCVE-2022-50516 at SUSECVE-2022-50516 at NVDCVE-2022-50519 at SUSECVE-2022-50519 at NVDCVE-2022-50520 at SUSECVE-2022-50520 at NVDCVE-2022-50521 at SUSECVE-2022-50521 at NVDCVE-2022-50523 at SUSECVE-2022-50523 at NVDCVE-2022-50525 at SUSECVE-2022-50525 at NVDCVE-2022-50528 at SUSECVE-2022-50528 at NVDCVE-2022-50529 at SUSECVE-2022-50529 at NVDCVE-2022-50530 at SUSECVE-2022-50530 at NVDCVE-2022-50532 at SUSECVE-2022-50532 at NVDCVE-2022-50534 at SUSECVE-2022-50534 at NVDCVE-2022-50535 at SUSECVE-2022-50535 at NVDCVE-2022-50537 at SUSECVE-2022-50537 at NVDCVE-2022-50541 at SUSECVE-2022-50541 at NVDCVE-2022-50542 at SUSECVE-2022-50542 at NVDCVE-2022-50544 at SUSECVE-2022-50544 at NVDCVE-2022-50545 at SUSECVE-2022-50545 at NVDCVE-2022-50546 at SUSECVE-2022-50546 at NVDCVE-2022-50549 at SUSECVE-2022-50549 at NVDCVE-2022-50551 at SUSECVE-2022-50551 at NVDCVE-2022-50553 at SUSECVE-2022-50553 at NVDCVE-2022-50556 at SUSECVE-2022-50556 at NVDCVE-2022-50559 at SUSECVE-2022-50559 at NVDCVE-2022-50560 at SUSECVE-2022-50560 at NVDCVE-2022-50561 at SUSECVE-2022-50561 at NVDCVE-2022-50562 at SUSECVE-2022-50562 at NVDCVE-2022-50563 at SUSECVE-2022-50563 at NVDCVE-2022-50564 at SUSECVE-2022-50564 at NVDCVE-2022-50566 at SUSECVE-2022-50566 at NVDCVE-2022-50567 at SUSECVE-2022-50567 at NVDCVE-2022-50568 at SUSECVE-2022-50568 at NVDCVE-2022-50570 at SUSECVE-2022-50570 at NVDCVE-2022-50572 at SUSECVE-2022-50572 at NVDCVE-2022-50574 at SUSECVE-2022-50574 at NVDCVE-2022-50575 at SUSECVE-2022-50575 at NVDCVE-2022-50576 at SUSECVE-2022-50576 at NVDCVE-2022-50578 at SUSECVE-2022-50578 at NVDCVE-2022-50579 at SUSECVE-2022-50579 at NVDCVE-2022-50580 at SUSECVE-2022-50580 at NVDCVE-2022-50581 at SUSECVE-2022-50581 at NVDCVE-2022-50582 at SUSECVE-2022-50582 at NVDCVE-2023-52923 at SUSECVE-2023-52923 at NVDCVE-2023-53365 at SUSECVE-2023-53365 at NVDCVE-2023-53500 at SUSECVE-2023-53500 at NVDCVE-2023-53533 at SUSECVE-2023-53533 at NVDCVE-2023-53534 at SUSECVE-2023-53534 at NVDCVE-2023-53541 at SUSECVE-2023-53541 at NVDCVE-2023-53542 at SUSECVE-2023-53542 at NVDCVE-2023-53548 at SUSECVE-2023-53548 at NVDCVE-2023-53551 at SUSECVE-2023-53551 at NVDCVE-2023-53552 at SUSECVE-2023-53552 at NVDCVE-2023-53553 at SUSECVE-2023-53553 at NVDCVE-2023-53554 at SUSECVE-2023-53554 at NVDCVE-2023-53556 at SUSECVE-2023-53556 at NVDCVE-2023-53559 at SUSECVE-2023-53559 at NVDCVE-2023-53560 at SUSECVE-2023-53560 at NVDCVE-2023-53564 at SUSECVE-2023-53564 at NVDCVE-2023-53566 at SUSECVE-2023-53566 at NVDCVE-2023-53567 at SUSECVE-2023-53567 at NVDCVE-2023-53568 at SUSECVE-2023-53568 at NVDCVE-2023-53571 at SUSECVE-2023-53571 at NVDCVE-2023-53572 at SUSECVE-2023-53572 at NVDCVE-2023-53574 at SUSECVE-2023-53574 at NVDCVE-2023-53576 at SUSECVE-2023-53576 at NVDCVE-2023-53579 at SUSECVE-2023-53579 at NVDCVE-2023-53582 at SUSECVE-2023-53582 at NVDCVE-2023-53587 at SUSECVE-2023-53587 at NVDCVE-2023-53589 at SUSECVE-2023-53589 at NVDCVE-2023-53592 at SUSECVE-2023-53592 at NVDCVE-2023-53594 at SUSECVE-2023-53594 at NVDCVE-2023-53597 at SUSECVE-2023-53597 at NVDCVE-2023-53603 at SUSECVE-2023-53603 at NVDCVE-2023-53604 at SUSECVE-2023-53604 at NVDCVE-2023-53605 at SUSECVE-2023-53605 at NVDCVE-2023-53607 at SUSECVE-2023-53607 at NVDCVE-2023-53608 at SUSECVE-2023-53608 at NVDCVE-2023-53611 at SUSECVE-2023-53611 at NVDCVE-2023-53612 at SUSECVE-2023-53612 at NVDCVE-2023-53615 at SUSECVE-2023-53615 at NVDCVE-2023-53616 at SUSECVE-2023-53616 at NVDCVE-2023-53617 at SUSECVE-2023-53617 at NVDCVE-2023-53619 at SUSECVE-2023-53619 at NVDCVE-2023-53622 at SUSECVE-2023-53622 at NVDCVE-2023-53625 at SUSECVE-2023-53625 at NVDCVE-2023-53626 at SUSECVE-2023-53626 at NVDCVE-2023-53631 at SUSECVE-2023-53631 at NVDCVE-2023-53637 at SUSECVE-2023-53637 at NVDCVE-2023-53639 at SUSECVE-2023-53639 at NVDCVE-2023-53640 at SUSECVE-2023-53640 at NVDCVE-2023-53641 at SUSECVE-2023-53641 at NVDCVE-2023-53644 at SUSECVE-2023-53644 at NVDCVE-2023-53648 at SUSECVE-2023-53648 at NVDCVE-2023-53650 at SUSECVE-2023-53650 at NVDCVE-2023-53651 at SUSECVE-2023-53651 at NVDCVE-2023-53658 at SUSECVE-2023-53658 at NVDCVE-2023-53659 at SUSECVE-2023-53659 at NVDCVE-2023-53662 at SUSECVE-2023-53662 at NVDCVE-2023-53667 at SUSECVE-2023-53667 at NVDCVE-2023-53668 at SUSECVE-2023-53668 at NVDCVE-2023-53670 at SUSECVE-2023-53670 at NVDCVE-2023-53673 at SUSECVE-2023-53673 at NVDCVE-2023-53674 at SUSECVE-2023-53674 at NVDCVE-2023-53675 at SUSECVE-2023-53675 at NVDCVE-2023-53679 at SUSECVE-2023-53679 at NVDCVE-2023-53680 at SUSECVE-2023-53680 at NVDCVE-2023-53681 at SUSECVE-2023-53681 at NVDCVE-2023-53683 at SUSECVE-2023-53683 at NVDCVE-2023-53687 at SUSECVE-2023-53687 at NVDCVE-2023-53692 at SUSECVE-2023-53692 at NVDCVE-2023-53693 at SUSECVE-2023-53693 at NVDCVE-2023-53695 at SUSECVE-2023-53695 at NVDCVE-2023-53696 at SUSECVE-2023-53696 at NVDCVE-2023-53700 at SUSECVE-2023-53700 at NVDCVE-2023-53704 at SUSECVE-2023-53704 at NVDCVE-2023-53705 at SUSECVE-2023-53705 at NVDCVE-2023-53708 at SUSECVE-2023-53708 at NVDCVE-2023-53709 at SUSECVE-2023-53709 at NVDCVE-2023-53711 at SUSECVE-2023-53711 at NVDCVE-2023-53715 at SUSECVE-2023-53715 at NVDCVE-2023-53717 at SUSECVE-2023-53717 at NVDCVE-2023-53718 at SUSECVE-2023-53718 at NVDCVE-2023-53719 at SUSECVE-2023-53719 at NVDCVE-2023-53722 at SUSECVE-2023-53722 at NVDCVE-2023-53723 at SUSECVE-2023-53723 at NVDCVE-2023-53724 at SUSECVE-2023-53724 at NVDCVE-2023-53725 at SUSECVE-2023-53725 at NVDCVE-2023-53726 at SUSECVE-2023-53726 at NVDCVE-2023-53730 at SUSECVE-2023-53730 at NVDCVE-2023-7324 at SUSECVE-2023-7324 at NVDCVE-2025-39742 at SUSECVE-2025-39742 at NVDCVE-2025-39797 at SUSECVE-2025-39797 at NVDCVE-2025-39945 at SUSECVE-2025-39945 at NVDCVE-2025-39965 at SUSECVE-2025-39965 at NVDCVE-2025-39967 at SUSECVE-2025-39967 at NVDCVE-2025-39968 at SUSECVE-2025-39968 at NVDCVE-2025-39973 at SUSECVE-2025-39973 at NVDCVE-2025-39978 at SUSECVE-2025-39978 at NVDCVE-2025-40018 at SUSECVE-2025-40018 at NVDCVE-2025-40044 at SUSECVE-2025-40044 at NVDCVE-2025-40088 at SUSECVE-2025-40088 at NVDCVE-2025-40102 at SUSECVE-2025-40102 at NVDcpe:/o:suse:sle-micro:5.4Security update for podman (Important)SUSE Linux Enterprise Micro 5.4
This update for podman fixes the following issues:
- CVE-2025-47913: golang.org/x/crypto/ssh/agent: Fixed client process termination when receiving an unexpected message type in response to a key listing or signing request (bsc#1253542)
ImportantSUSE bug 1253542CVE-2025-47913 at SUSECVE-2025-47913 at NVDcpe:/o:suse:sle-micro:5.4Security update for sssd (Important)SUSE Linux Enterprise Micro 5.4
This update for sssd fixes the following issues:
- CVE-2025-11561: Fixed privilege escalation on AD-joined Linux systems due
to default Kerberos configuration disabling localauth an2ln plugin (bsc#1251827)
Other fixes:
- Install file in krb5.conf.d to include sssd krb5 config snippets (bsc#1244325)
ImportantSUSE bug 1244325SUSE bug 1251827CVE-2025-11561 at SUSECVE-2025-11561 at NVDcpe:/o:suse:sle-micro:5.4Security update for grub2 (Moderate)SUSE Linux Enterprise Micro 5.4
This update for grub2 fixes the following issues:
- CVE-2025-54771: Fixed rub_file_close() does not properly controls the fs refcount (bsc#1252931)
- CVE-2025-61661: Fixed out-of-bounds write in grub_usb_get_string() function (bsc#1252932)
- CVE-2025-61662: Fixed missing unregister call for gettext command may lead to use-after-free (bsc#1252933)
- CVE-2025-61663: Fixed missing unregister call for normal commands may lead to use-after-free (bsc#1252934)
- CVE-2025-61664: Fixed missing unregister call for normal_exit command may lead to use-after-free (bsc#1252935)
Other fixes:
- Bump upstream SBAT generation to 6
ModerateSUSE bug 1252931SUSE bug 1252932SUSE bug 1252933SUSE bug 1252934SUSE bug 1252935CVE-2025-54771 at SUSECVE-2025-54771 at NVDCVE-2025-61661 at SUSECVE-2025-61661 at NVDCVE-2025-61662 at SUSECVE-2025-61662 at NVDCVE-2025-61663 at SUSECVE-2025-61663 at NVDCVE-2025-61664 at SUSECVE-2025-61664 at NVDcpe:/o:suse:sle-micro:5.4Security update for containerd (Important)SUSE Linux Enterprise Micro 5.4
This update for containerd fixes the following issues:
- Update to containerd v1.7.29
- CVE-2024-25621: Fixed an overly broad default permission vulnerability. (bsc#1253126)
- CVE-2025-64329: Fixed a goroutine leaks which can lead to memory exhaustion on the host. (bsc#1253132)
ImportantSUSE bug 1253126SUSE bug 1253132CVE-2024-25621 at SUSECVE-2024-25621 at NVDCVE-2025-64329 at SUSECVE-2025-64329 at NVDcpe:/o:suse:sle-micro:5.4Security update for cups (Moderate)SUSE Linux Enterprise Micro 5.4
This update for cups fixes the following issues:
- CVE-2025-61915: Fixed a local denial-of-service via cupsd.conf update and related issues. (bsc#1253783)
- CVE-2025-58436: Fixed an issue where a slow client communication leads to a possible DoS attack. (bsc#1244057)
ModerateSUSE bug 1234225SUSE bug 1244057SUSE bug 1253783CVE-2025-58436 at SUSECVE-2025-58436 at NVDCVE-2025-61915 at SUSECVE-2025-61915 at NVDcpe:/o:suse:sle-micro:5.4Security update for curl (Moderate)SUSE Linux Enterprise Micro 5.4
This update for curl fixes the following issues:
- CVE-2025-11563: Fixed wcurl path traversal with percent-encoded slashes (bsc#1253757)
ModerateSUSE bug 1253757CVE-2025-11563 at SUSECVE-2025-11563 at NVDcpe:/o:suse:sle-micro:5.4Security update for cups (Important)SUSE Linux Enterprise Micro 5.4
This update for cups fixes the following issues:
- The fix for CVE-2025-58436 causes a regression where
GTK applications will hang. (bsc#1254353)
See also https://github.com/OpenPrinting/cups/issues/1429
The fix has been temporary disabled.
ImportantSUSE bug 1254353CVE-2025-58436 at SUSECVE-2025-58436 at NVDcpe:/o:suse:sle-micro:5.4Security update for qemu (Moderate)SUSE Linux Enterprise Micro 5.4
This update for qemu fixes the following issues:
- CVE-2021-3611: Fixed segmentation fault due to stack overflow (bsc#1193914).
Other fixes:
- qemu.spec: mark bridge.conf as noreplace (bsc#1201944).
ModerateSUSE bug 1193914SUSE bug 1201944CVE-2021-3611 at SUSECVE-2021-3611 at NVDcpe:/o:suse:sle-micro:5.4Security update for glib2 (Moderate)SUSE Linux Enterprise Micro 5.4
This update for glib2 fixes the following issues:
- CVE-2025-7039: Fixed buffer under-read on glib through glib/gfileutils.c via get_tmp_file() (bsc#1249055)
ModerateSUSE bug 1249055CVE-2025-7039 at SUSECVE-2025-7039 at NVDcpe:/o:suse:sle-micro:5.4Security update for python3 (Low)SUSE Linux Enterprise Micro 5.4
This update for python3 fixes the following issues:
- CVE-2025-6075: quadratic complexity in `os.path.expandvars()` can lead to performance degradation when values passed
to it are user-controlled (bsc#1252974).
- CVE-2025-8291: lack of validity checks on the ZIP64 End of Central Directory (EOCD) record allows for the creation of
ZIP archives that are processed inconsistently by the `zipfile` module (bsc#1251305).
LowSUSE bug 1251305SUSE bug 1252974CVE-2025-6075 at SUSECVE-2025-6075 at NVDCVE-2025-8291 at SUSECVE-2025-8291 at NVDcpe:/o:suse:sle-micro:5.4Security update for librsvg (Moderate)SUSE Linux Enterprise Micro 5.4
This update for librsvg fixes the following issues:
Update to version 2.52.12.
- CVE-2024-12224: idna: incorrect hostname comparisons and URL parsing may be performed due to acceptance of Punycode
labels that do not produce any non-ASCII output when decoded (bsc#1243867).
- CVE-2024-43806: rustix: unbounded memory explosion leading to an application OOM crash when using the `rustix::fs::Dir`
iterator with the `linux_raw` backend (bsc#1229950).
ModerateSUSE bug 1229950SUSE bug 1243867CVE-2024-12224 at SUSECVE-2024-12224 at NVDCVE-2024-43806 at SUSECVE-2024-43806 at NVDcpe:/o:suse:sle-micro:5.4Security update for cups (Moderate)SUSE Linux Enterprise Micro 5.4
This update for cups fixes the following issues:
Security issues fixed:
- CVE-2025-58436: single client sending slow messages to cupsd can delay the application and make it unusable for other
clients (bsc#1244057).
Other issues fixed:
- Update the CVE-2025-58436 patch to fix a regression that causes GTK applications to hang (bsc#1254353).
ModerateSUSE bug 1244057SUSE bug 1254353CVE-2025-58436 at SUSECVE-2025-58436 at NVDcpe:/o:suse:sle-micro:5.4Security update for libpng16 (Important)SUSE Linux Enterprise Micro 5.4
This update for libpng16 fixes the following issues:
- CVE-2025-65018: Fixed heap buffer overflow in `png_combine_row` triggered via `png_image_finish_read` (bsc#1254160)
- CVE-2025-66293: Fixed LIBPNG out-of-bounds read in `png_image_read_composite` (bsc#1254480)
- CVE-2025-64506: Fixed heap buffer over-read in `png_write_image_8bit` with 8-bit input and `convert_to_8bit` enabled (bsc#1254158)
- CVE-2025-64720: Fixed buffer overflow in `png_image_read_composite` via incorrect palette premultiplication (bsc#1254159)
- CVE-2025-64505: Fixed heap buffer over-read in `png_do_quantize` via malformed palette index (bsc#1254157)
ImportantSUSE bug 1254157SUSE bug 1254158SUSE bug 1254159SUSE bug 1254160SUSE bug 1254480CVE-2025-64505 at SUSECVE-2025-64505 at NVDCVE-2025-64506 at SUSECVE-2025-64506 at NVDCVE-2025-64720 at SUSECVE-2025-64720 at NVDCVE-2025-65018 at SUSECVE-2025-65018 at NVDCVE-2025-66293 at SUSECVE-2025-66293 at NVDcpe:/o:suse:sle-micro:5.4Security update for salt (Important)SUSE Linux Enterprise Micro 5.4
This update for salt fixes the following issues:
- Security issues fixed:
- CVE-2025-62349: Added minimum_auth_version to enforce security (bsc#1254257)
- CVE-2025-62348: Fixed Junos module yaml loader (bsc#1254256)
- Backport security fixes for vendored tornado
* BDSA-2024-3438
* BDSA-2024-3439
* BDSA-2024-9026
- Other changes and bugs fixed:
- Fixed TLS and x509 modules for OSes with older cryptography module
- Fixed Salt for Python > 3.11 (bsc#1252285) (bsc#1252244)
* Use external tornado on Python > 3.11
* Make tls and x509 to use python-cryptography
* Remove usage of spwd
- Fixed payload signature verification on Tumbleweed (bsc#1251776)
- Fixed broken symlink on migration to Leap 16.0 (bsc#1250755)
- Fixed known_hosts error on gitfs (bsc#1250520) (bsc#1227207)
- Improved SL Micro 6.2 detection with grains
- Reverted requirement of M2Crypto >= 0.44.0 for SUSE Family distros
- Set python-CherryPy as required for python-salt-testsuite
ImportantSUSE bug 1227207SUSE bug 1250520SUSE bug 1250755SUSE bug 1251776SUSE bug 1252244SUSE bug 1252285SUSE bug 1254256SUSE bug 1254257CVE-2025-62348 at SUSECVE-2025-62348 at NVDCVE-2025-62349 at SUSECVE-2025-62349 at NVDcpe:/o:suse:sle-micro:5.4Security update for glib2 (Important)SUSE Linux Enterprise Micro 5.4
This update for glib2 fixes the following issues:
- CVE-2025-14512: integer overflow in the GIO `escape_byte_string()` function when processing malicious files or remote
filesystem attribute values can lead to denial-of-service (bsc#1254878).
- CVE-2025-14087: buffer underflow in the GVariant parser `bytestring_parse()` and `string_parse()` functions when
processing attacker-influenced data may lead to crash or code execution (bsc#1254662).
- CVE-2025-13601: heap-based buffer overflow in the `g_escape_uri_string()` function when processing strings with a
large number of unacceptable characters may lead to crash or code execution (bsc#1254297).
ImportantSUSE bug 1254297SUSE bug 1254662SUSE bug 1254878CVE-2025-13601 at SUSECVE-2025-13601 at NVDCVE-2025-14087 at SUSECVE-2025-14087 at NVDCVE-2025-14512 at SUSECVE-2025-14512 at NVDcpe:/o:suse:sle-micro:5.4Security update for gnutls (Moderate)SUSE Linux Enterprise Micro 5.4
This update for gnutls fixes the following issues:
- CVE-2025-9820: Fixed buffer overflow in gnutls_pkcs11_token_init. (bsc#1254132)
ModerateSUSE bug 1254132CVE-2025-9820 at SUSECVE-2025-9820 at NVDcpe:/o:suse:sle-micro:5.4Security update for ovmf (Important)SUSE Linux Enterprise Micro 5.4
This update for ovmf fixes the following issues:
- CVE-2024-1298: potential division-by-zero crash in edk2 due to UINT32 overflow in S3 ResumeCount. (bsc#1225889)
- CVE-2023-45229: out-of-bounds read in edk2 when processing IA_NA/IA_TA options in DHCPv6 Advertise messages.
(bsc#1218879)
- CVE-2023-45230: buffer overflow in the DHCPv6 client in edk2 via a long Server ID option. (bsc#1218880)
- CVE-2023-45231: out-of-bounds read in edk2 when handling a ND Redirect message with truncated options. (bsc#1218881)
- CVE-2023-45232: infinite loop in edk2 when parsing unknown options in the Destination Options header. (bsc#1218882)
- CVE-2023-45233: infinite loop in edk2 when parsing PadN options in the Destination Options header. (bsc#1218883)
- CVE-2023-45234: buffer overflow in edk2 when processing DNS Servers options in a DHCPv6 Advertise message.
(bsc#1218884)
- CVE-2023-45235: buffer overflow in edk2 when handling the Server ID option in a DHCPv6 proxy Advertise message.
(bsc#1218885)
- CVE-2023-45236: predictable TCP Initial Sequence Numbers in edk2 network packages. (bsc#1218886)
- CVE-2023-45237: use of a weak pseudorandom number generator in edk2. (bsc#1218887)
ImportantSUSE bug 1218879SUSE bug 1218880SUSE bug 1218881SUSE bug 1218882SUSE bug 1218883SUSE bug 1218884SUSE bug 1218885SUSE bug 1218886SUSE bug 1218887SUSE bug 1225889CVE-2023-45229 at SUSECVE-2023-45229 at NVDCVE-2023-45230 at SUSECVE-2023-45230 at NVDCVE-2023-45231 at SUSECVE-2023-45231 at NVDCVE-2023-45232 at SUSECVE-2023-45232 at NVDCVE-2023-45233 at SUSECVE-2023-45233 at NVDCVE-2023-45234 at SUSECVE-2023-45234 at NVDCVE-2023-45235 at SUSECVE-2023-45235 at NVDCVE-2023-45236 at SUSECVE-2023-45236 at NVDCVE-2023-45237 at SUSECVE-2023-45237 at NVDCVE-2024-1298 at SUSECVE-2024-1298 at NVDcpe:/o:suse:sle-micro:5.4Security update for libtasn1 (Important)SUSE Linux Enterprise Micro 5.4
This update for libtasn1 fixes the following issues:
- CVE-2024-12133: the processing of input DER data containing a large number of SEQUENCE OF or SET OF elements takes
quadratic time to complete. (bsc#1236878)
ImportantSUSE bug 1236878CVE-2024-12133 at SUSECVE-2024-12133 at NVDcpe:/o:suse:sle-micro:5.4Security update for python3 (Moderate)SUSE Linux Enterprise Micro 5.4
This update for python3 fixes the following issues:
- CVE-2025-0938: domain names containing square brackets are not identified as incorrect by urlparse. (bsc#1236705)
ModerateSUSE bug 1236705CVE-2025-0938 at SUSECVE-2025-0938 at NVDcpe:/o:suse:sle-micro:5.4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.4
The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2024-50199: mm/swapfile: skip HugeTLB pages for unuse_vma (bsc#1233112).
- CVE-2024-53104: media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format (bsc#1234025).
- CVE-2024-53166: block, bfq: fix bfqq uaf in bfq_limit_depth() (bsc#1234884).
- CVE-2024-53177: smb: prevent use-after-free due to open_cached_dir error paths (bsc#1234896).
- CVE-2024-56600: net: inet6: do not leave a dangling sk pointer in inet6_create() (bsc#1235217).
- CVE-2024-56601: net: inet: do not leave a dangling sk pointer in inet_create() (bsc#1235230).
- CVE-2024-56602: net: ieee802154: do not leave a dangling sk pointer in ieee802154_create() (bsc#1235521).
- CVE-2024-56623: scsi: qla2xxx: Fix use after free on unload (bsc#1235466).
- CVE-2024-56631: scsi: sg: Fix slab-use-after-free read in sg_release() (bsc#1235480).
- CVE-2024-56642: tipc: Fix use-after-free of kernel socket in cleanup_bearer() (bsc#1235433).
- CVE-2024-56645: can: j1939: j1939_session_new(): fix skb reference counting (bsc#1235134).
- CVE-2024-56648: net: hsr: avoid potential out-of-bound access in fill_frame_info() (bsc#1235451).
- CVE-2024-56650: netfilter: x_tables: fix LED ID check in led_tg_check() (bsc#1235430).
- CVE-2024-56658: net: defer final 'struct net' free in netns dismantle (bsc#1235441).
- CVE-2024-56664: bpf, sockmap: Fix race between element replace and close() (bsc#1235249).
- CVE-2024-56704: 9p/xen: fix release of IRQ (bsc#1235584).
- CVE-2024-56759: btrfs: fix use-after-free when COWing tree bock and tracing is enabled (bsc#1235645).
- CVE-2024-57791: net/smc: check return value of sock_recvmsg when draining clc data (bsc#1235759).
- CVE-2024-57792: power: supply: gpio-charger: Fix set charge current limits (bsc#1235764).
- CVE-2024-57798: drm/dp_mst: Ensure mst_primary pointer is valid in drm_dp_mst_handle_up_req() (bsc#1235818).
- CVE-2024-57849: s390/cpum_sf: Handle CPU hotplug remove during sampling (bsc#1235814).
- CVE-2024-57893: ALSA: seq: oss: Fix races at processing SysEx messages (bsc#1235920).
- CVE-2024-57897: drm/amdkfd: Correct the migration DMA map direction (bsc#1235969).
The following non-security bugs were fixed:
- NFS: Adjust the amount of readahead performed by NFS readdir (bsc#1231847).
- NFS: Do not flush the readdir cache in nfs_dentry_iput() (bsc#1231847).
- NFS: Improve heuristic for readdirplus (bsc#1231847).
- NFS: Trigger the 'ls -l' readdir heuristic sooner (bsc#1231847).
- tipc: fix NULL deref in cleanup_bearer() (bsc#1235433).
- x86/static-call: Remove early_boot_irqs_disabled check to fix Xen PVH dom0 (git-fixes).
ImportantSUSE bug 1230697SUSE bug 1231847SUSE bug 1233112SUSE bug 1233642SUSE bug 1234025SUSE bug 1234690SUSE bug 1234884SUSE bug 1234896SUSE bug 1234931SUSE bug 1235134SUSE bug 1235217SUSE bug 1235230SUSE bug 1235249SUSE bug 1235430SUSE bug 1235433SUSE bug 1235441SUSE bug 1235451SUSE bug 1235466SUSE bug 1235480SUSE bug 1235521SUSE bug 1235584SUSE bug 1235645SUSE bug 1235723SUSE bug 1235759SUSE bug 1235764SUSE bug 1235814SUSE bug 1235818SUSE bug 1235920SUSE bug 1235969SUSE bug 1236628CVE-2024-50199 at SUSECVE-2024-50199 at NVDCVE-2024-53095 at SUSECVE-2024-53095 at NVDCVE-2024-53104 at SUSECVE-2024-53104 at NVDCVE-2024-53144 at SUSECVE-2024-53144 at NVDCVE-2024-53166 at SUSECVE-2024-53166 at NVDCVE-2024-53177 at SUSECVE-2024-53177 at NVDCVE-2024-54680 at SUSECVE-2024-54680 at NVDCVE-2024-56600 at SUSECVE-2024-56600 at NVDCVE-2024-56601 at SUSECVE-2024-56601 at NVDCVE-2024-56602 at SUSECVE-2024-56602 at NVDCVE-2024-56623 at SUSECVE-2024-56623 at NVDCVE-2024-56631 at SUSECVE-2024-56631 at NVDCVE-2024-56642 at SUSECVE-2024-56642 at NVDCVE-2024-56645 at SUSECVE-2024-56645 at NVDCVE-2024-56648 at SUSECVE-2024-56648 at NVDCVE-2024-56650 at SUSECVE-2024-56650 at NVDCVE-2024-56658 at SUSECVE-2024-56658 at NVDCVE-2024-56661 at SUSECVE-2024-56661 at NVDCVE-2024-56664 at SUSECVE-2024-56664 at NVDCVE-2024-56704 at SUSECVE-2024-56704 at NVDCVE-2024-56759 at SUSECVE-2024-56759 at NVDCVE-2024-57791 at SUSECVE-2024-57791 at NVDCVE-2024-57792 at SUSECVE-2024-57792 at NVDCVE-2024-57798 at SUSECVE-2024-57798 at NVDCVE-2024-57849 at SUSECVE-2024-57849 at NVDCVE-2024-57893 at SUSECVE-2024-57893 at NVDCVE-2024-57897 at SUSECVE-2024-57897 at NVDCVE-2024-8805 at SUSECVE-2024-8805 at NVDcpe:/o:suse:sle-micro:5.4Security update for glibc (Low)SUSE Linux Enterprise Micro 5.4
This update for glibc fixes the following issues:
- CVE-2025-0395: Fix underallocation of abort_msg_s struct (bsc#1236282)
LowSUSE bug 1236282CVE-2025-0395 at SUSECVE-2025-0395 at NVDcpe:/o:suse:sle-micro:5.4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.4
The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2024-50199: mm/swapfile: skip HugeTLB pages for unuse_vma (bsc#1233112).
- CVE-2024-53104: media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format (bsc#1234025).
- CVE-2024-53166: block, bfq: fix bfqq uaf in bfq_limit_depth() (bsc#1234884).
- CVE-2024-53177: smb: prevent use-after-free due to open_cached_dir error paths (bsc#1234896).
- CVE-2024-56600: net: inet6: do not leave a dangling sk pointer in inet6_create() (bsc#1235217).
- CVE-2024-56601: net: inet: do not leave a dangling sk pointer in inet_create() (bsc#1235230).
- CVE-2024-56602: net: ieee802154: do not leave a dangling sk pointer in ieee802154_create() (bsc#1235521).
- CVE-2024-56623: scsi: qla2xxx: Fix use after free on unload (bsc#1235466).
- CVE-2024-56631: scsi: sg: Fix slab-use-after-free read in sg_release() (bsc#1235480).
- CVE-2024-56642: tipc: Fix use-after-free of kernel socket in cleanup_bearer() (bsc#1235433).
- CVE-2024-56645: can: j1939: j1939_session_new(): fix skb reference counting (bsc#1235134).
- CVE-2024-56648: net: hsr: avoid potential out-of-bound access in fill_frame_info() (bsc#1235451).
- CVE-2024-56650: netfilter: x_tables: fix LED ID check in led_tg_check() (bsc#1235430).
- CVE-2024-56658: net: defer final 'struct net' free in netns dismantle (bsc#1235441).
- CVE-2024-56664: bpf, sockmap: Fix race between element replace and close() (bsc#1235249).
- CVE-2024-56704: 9p/xen: fix release of IRQ (bsc#1235584).
- CVE-2024-56759: btrfs: fix use-after-free when COWing tree bock and tracing is enabled (bsc#1235645).
- CVE-2024-57791: net/smc: check return value of sock_recvmsg when draining clc data (bsc#1235759).
- CVE-2024-57792: power: supply: gpio-charger: Fix set charge current limits (bsc#1235764).
- CVE-2024-57798: drm/dp_mst: Ensure mst_primary pointer is valid in drm_dp_mst_handle_up_req() (bsc#1235818).
- CVE-2024-57849: s390/cpum_sf: Handle CPU hotplug remove during sampling (bsc#1235814).
- CVE-2024-57893: ALSA: seq: oss: Fix races at processing SysEx messages (bsc#1235920).
- CVE-2024-57897: drm/amdkfd: Correct the migration DMA map direction (bsc#1235969).
The following non-security bugs were fixed:
- NFS: Adjust the amount of readahead performed by NFS readdir (bsc#1231847).
- NFS: Do not flush the readdir cache in nfs_dentry_iput() (bsc#1231847).
- NFS: Improve heuristic for readdirplus (bsc#1231847).
- NFS: Trigger the 'ls -l' readdir heuristic sooner (bsc#1231847).
- tipc: fix NULL deref in cleanup_bearer() (bsc#1235433).
- x86/static-call: Remove early_boot_irqs_disabled check to fix Xen PVH dom0 (git-fixes).
ImportantSUSE bug 1230697SUSE bug 1231847SUSE bug 1233112SUSE bug 1233642SUSE bug 1234025SUSE bug 1234690SUSE bug 1234884SUSE bug 1234896SUSE bug 1234931SUSE bug 1235134SUSE bug 1235217SUSE bug 1235230SUSE bug 1235249SUSE bug 1235430SUSE bug 1235433SUSE bug 1235441SUSE bug 1235451SUSE bug 1235466SUSE bug 1235480SUSE bug 1235521SUSE bug 1235584SUSE bug 1235645SUSE bug 1235723SUSE bug 1235759SUSE bug 1235764SUSE bug 1235814SUSE bug 1235818SUSE bug 1235920SUSE bug 1235969SUSE bug 1236628CVE-2024-50199 at SUSECVE-2024-50199 at NVDCVE-2024-53095 at SUSECVE-2024-53095 at NVDCVE-2024-53104 at SUSECVE-2024-53104 at NVDCVE-2024-53144 at SUSECVE-2024-53144 at NVDCVE-2024-53166 at SUSECVE-2024-53166 at NVDCVE-2024-53177 at SUSECVE-2024-53177 at NVDCVE-2024-54680 at SUSECVE-2024-54680 at NVDCVE-2024-56600 at SUSECVE-2024-56600 at NVDCVE-2024-56601 at SUSECVE-2024-56601 at NVDCVE-2024-56602 at SUSECVE-2024-56602 at NVDCVE-2024-56623 at SUSECVE-2024-56623 at NVDCVE-2024-56631 at SUSECVE-2024-56631 at NVDCVE-2024-56642 at SUSECVE-2024-56642 at NVDCVE-2024-56645 at SUSECVE-2024-56645 at NVDCVE-2024-56648 at SUSECVE-2024-56648 at NVDCVE-2024-56650 at SUSECVE-2024-56650 at NVDCVE-2024-56658 at SUSECVE-2024-56658 at NVDCVE-2024-56661 at SUSECVE-2024-56661 at NVDCVE-2024-56664 at SUSECVE-2024-56664 at NVDCVE-2024-56704 at SUSECVE-2024-56704 at NVDCVE-2024-56759 at SUSECVE-2024-56759 at NVDCVE-2024-57791 at SUSECVE-2024-57791 at NVDCVE-2024-57792 at SUSECVE-2024-57792 at NVDCVE-2024-57798 at SUSECVE-2024-57798 at NVDCVE-2024-57849 at SUSECVE-2024-57849 at NVDCVE-2024-57893 at SUSECVE-2024-57893 at NVDCVE-2024-57897 at SUSECVE-2024-57897 at NVDCVE-2024-8805 at SUSECVE-2024-8805 at NVDcpe:/o:suse:sle-micro:5.4Security update for podman (Moderate)SUSE Linux Enterprise Micro 5.4
This update for podman fixes the following issues:
- CVE-2024-6104: possible sensitive data exposure due to hashicorp/go-retryablehttp not sanitizing URLs when writing
them to log files. (bsc#1227052)
- CVE-2023-45288: possible excessive CPU consumption due to no limit being set on the number of CONTINUATION frames
read for an HTTP/2 request in golang.org/x/net/http2. (bsc#1236507)
ModerateSUSE bug 1227052SUSE bug 1236507CVE-2023-45288 at SUSECVE-2023-45288 at NVDCVE-2024-6104 at SUSECVE-2024-6104 at NVDcpe:/o:suse:sle-micro:5.4Security update for grub2 (Important)SUSE Linux Enterprise Micro 5.4
This update for grub2 fixes the following issues:
- CVE-2024-45781: Fixed strcpy overflow in ufs. (bsc#1233617)
- CVE-2024-56737: Fixed a heap-based buffer overflow in hfs. (bsc#1234958)
- CVE-2024-45782: Fixed strcpy overflow in hfs. (bsc#1233615)
- CVE-2024-45780: Fixed an overflow in tar/cpio. (bsc#1233614)
- CVE-2024-45783: Fixed a refcount overflow in hfsplus. (bsc#1233616)
- CVE-2024-45774: Fixed a heap overflow in JPEG parser. (bsc#1233609)
- CVE-2024-45775: Fixed a missing NULL check in extcmd parser. (bsc#1233610)
- CVE-2024-45776: Fixed an overflow in .MO file handling. (bsc#1233612)
- CVE-2024-45777: Fixed an integer overflow in gettext. (bsc#1233613)
- CVE-2024-45778: Fixed bfs filesystem by removing it from lockdown capable modules. (bsc#1233606)
- CVE-2024-45779: Fixed a heap overflow in bfs. (bsc#1233608)
- CVE-2025-0624: Fixed an out-of-bounds write during the network boot process. (bsc#1236316)
- CVE-2025-0622: Fixed a use-after-free when handling hooks during module unload in command/gpg . (bsc#1236317)
- CVE-2025-0690: Fixed an integer overflow that may lead to an out-of-bounds write through the read command.
(bsc#1237012)
- CVE-2025-1118: Fixed an issue where the dump command was not being blocked when grub was in lockdown mode.
(bsc#1237013)
- CVE-2025-0677: Fixed an integer overflow that may lead to an out-of-bounds write when handling symlinks in ufs.
(bsc#1237002)
- CVE-2025-0684: Fixed an integer overflow that may lead to an out-of-bounds write when handling symlinks in reiserfs.
(bsc#1237008)
- CVE-2025-0685: Fixed an integer overflow that may lead to an out-of-bounds write when handling symlinks in jfs.
(bsc#1237009)
- CVE-2025-0686: Fixed an integer overflow that may lead to an out-of-bounds write when handling symlinks in romfs.
(bsc#1237010)
- CVE-2025-0689: Fixed a heap-based buffer overflow in udf that may lead to arbitrary code execution. (bsc#1237011)
- CVE-2025-1125: Fixed an integer overflow that may lead to an out-of-bounds write in hfs. (bsc#1237014)
- CVE-2025-0678: Fixed an integer overflow that may lead to an out-of-bounds write in squash4. (bsc#1237006)
ImportantSUSE bug 1233606SUSE bug 1233608SUSE bug 1233609SUSE bug 1233610SUSE bug 1233612SUSE bug 1233613SUSE bug 1233614SUSE bug 1233615SUSE bug 1233616SUSE bug 1233617SUSE bug 1234958SUSE bug 1236316SUSE bug 1236317SUSE bug 1237002SUSE bug 1237006SUSE bug 1237008SUSE bug 1237009SUSE bug 1237010SUSE bug 1237011SUSE bug 1237012SUSE bug 1237013SUSE bug 1237014CVE-2024-45774 at SUSECVE-2024-45774 at NVDCVE-2024-45775 at SUSECVE-2024-45775 at NVDCVE-2024-45776 at SUSECVE-2024-45776 at NVDCVE-2024-45777 at SUSECVE-2024-45777 at NVDCVE-2024-45778 at SUSECVE-2024-45778 at NVDCVE-2024-45779 at SUSECVE-2024-45779 at NVDCVE-2024-45780 at SUSECVE-2024-45780 at NVDCVE-2024-45781 at SUSECVE-2024-45781 at NVDCVE-2024-45782 at SUSECVE-2024-45782 at NVDCVE-2024-45783 at SUSECVE-2024-45783 at NVDCVE-2024-56737 at SUSECVE-2024-56737 at NVDCVE-2025-0622 at SUSECVE-2025-0622 at NVDCVE-2025-0624 at SUSECVE-2025-0624 at NVDCVE-2025-0677 at SUSECVE-2025-0677 at NVDCVE-2025-0678 at SUSECVE-2025-0678 at NVDCVE-2025-0684 at SUSECVE-2025-0684 at NVDCVE-2025-0685 at SUSECVE-2025-0685 at NVDCVE-2025-0686 at SUSECVE-2025-0686 at NVDCVE-2025-0689 at SUSECVE-2025-0689 at NVDCVE-2025-0690 at SUSECVE-2025-0690 at NVDCVE-2025-1118 at SUSECVE-2025-1118 at NVDCVE-2025-1125 at SUSECVE-2025-1125 at NVDcpe:/o:suse:sle-micro:5.4Security update for ucode-intel (Moderate)SUSE Linux Enterprise Micro 5.4
This update for ucode-intel fixes the following issues:
- Intel CPU Microcode was updated to the 20250211 release (bsc#1237096)
- CVE-2024-31068: Improper Finite State Machines (FSMs) in Hardware Logic for some Intel Processors may allow privileged user to potentially enable denial of service via local access.
- CVE-2024-36293: A potential security vulnerability in some Intel Software Guard Extensions (Intel SGX) Platforms may allow denial of service. Intel is releasing microcode updates to mitigate this potential vulnerability.
- CVE-2024-39355: A potential security vulnerability in some 13th and 14th Generation Intel Core Processors may allow denial of service. Intel is releasing microcode and UEFI reference code updates to mitigate this potential vulnerability.
- CVE-2024-37020: A potential security vulnerability in the Intel Data Streaming Accelerator (Intel DSA) for some Intel Xeon Processors may allow denial of service. Intel is releasing software updates to mitigate this potential vulnerability.
- New Platforms
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
| SRF-SP | C0 | 06-af-03/01 | | 03000330 | Xeon 6700-Series Processors with E-Cores
### Updated Platforms
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
| ADL | C0 | 06-97-02/07 | 00000037 | 00000038 | Core Gen12
| ADL | H0 | 06-97-05/07 | 00000037 | 00000038 | Core Gen12
| ADL | L0 | 06-9a-03/80 | 00000435 | 00000436 | Core Gen12
| ADL | R0 | 06-9a-04/80 | 00000435 | 00000436 | Core Gen12
| ADL-N | N0 | 06-be-00/19 | 0000001a | 0000001c | Core i3-N305/N300, N50/N97/N100/N200, Atom x7211E/x7213E/x7425E
| AZB | A0/R0 | 06-9a-04/40 | 00000007 | 00000009 | Intel(R) Atom(R) C1100
| CFL-H | R0 | 06-9e-0d/22 | 00000100 | 00000102 | Core Gen9 Mobile
| CFL-H/S/E3 | U0 | 06-9e-0a/22 | 000000f8 | 000000fa | Core Gen8 Desktop, Mobile, Xeon E
| EMR-SP | A0 | 06-cf-01/87 | 21000283 | 21000291 | Xeon Scalable Gen5
| EMR-SP | A1 | 06-cf-02/87 | 21000283 | 21000291 | Xeon Scalable Gen5
| ICL-D | B0 | 06-6c-01/10 | 010002b0 | 010002c0 | Xeon D-17xx, D-27xx
| ICX-SP | Dx/M1 | 06-6a-06/87 | 0d0003e7 | 0d0003f5 | Xeon Scalable Gen3
| RPL-E/HX/S | B0 | 06-b7-01/32 | 0000012b | 0000012c | Core Gen13/Gen14
| RPL-H/P/PX 6+8 | J0 | 06-ba-02/e0 | 00004123 | 00004124 | Core Gen13
| RPL-HX/S | C0 | 06-bf-02/07 | 00000037 | 00000038 | Core Gen13/Gen14
| RPL-U 2+8 | Q0 | 06-ba-03/e0 | 00004123 | 00004124 | Core Gen13
| RPL-S | H0 | 06-bf-05/07 | 00000037 | 00000038 | Core Gen13/Gen14
| RKL-S | B0 | 06-a7-01/02 | 00000062 | 00000063 | Core Gen11
| SPR-HBM | Bx | 06-8f-08/10 | 2c000390 | 2c0003e0 | Xeon Max
| SPR-SP | E4/S2 | 06-8f-07/87 | 2b000603 | 2b000620 | Xeon Scalable Gen4
| SPR-SP | E5/S3 | 06-8f-08/87 | 2b000603 | 2b000620 | Xeon Scalable Gen4
| TWL | N0 | 06-be-00/19 | 0000001a | 0000001c | Core i3-N305/N300, N50/N97/N100/N200, Atom x7211E/x7213E/x7425E
### New Disclosures Updated in Prior Releases
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
| CFL-H/S | P0 | 06-9e-0c/22 | 000000f6 | 000000f8 | Core Gen9
ModerateSUSE bug 1237096CVE-2024-31068 at SUSECVE-2024-31068 at NVDCVE-2024-36293 at SUSECVE-2024-36293 at NVDCVE-2024-37020 at SUSECVE-2024-37020 at NVDCVE-2024-39355 at SUSECVE-2024-39355 at NVDcpe:/o:suse:sle-micro:5.4Security update for openssh (Moderate)SUSE Linux Enterprise Micro 5.4
This update for openssh fixes the following issues:
- CVE-2025-26465: Fixed MitM attack against OpenSSH's VerifyHostKeyDNS-enabled client (bsc#1237040).
ModerateSUSE bug 1237040CVE-2025-26465 at SUSECVE-2025-26465 at NVDcpe:/o:suse:sle-micro:5.4Security update for gstreamer-plugins-base (Important)SUSE Linux Enterprise Micro 5.4
This update for gstreamer-plugins-base fixes the following issues:
- CVE-2024-47538: Fixed a stack-buffer overflow in vorbis_handle_identification_packet. (bsc#1234415)
- CVE-2024-47835: Fixed a NULL-pointer dereference in LRC subtitle parser. (bsc#1234450)
- CVE-2024-47600: Fixed an out-of-bounds read in gst-discoverer-1.0 commandline tool. (bsc#1234453)
- CVE-2024-47615: Fixed an out-of-bounds write in Ogg demuxer. (bsc#1234456)
- CVE-2024-47541: Fixed an out-of-bounds write in SSA subtitle parser. (bsc#1234459)
- CVE-2024-47542: Fixed an ID3v2 parser out-of-bounds read and NULL-pointer dereference. (bsc#1234460)
- CVE-2024-47607: Fixed a stack buffer-overflow in Opus decoder. (bsc#1234455)
ImportantSUSE bug 1234415SUSE bug 1234450SUSE bug 1234453SUSE bug 1234455SUSE bug 1234456SUSE bug 1234459SUSE bug 1234460CVE-2024-47538 at SUSECVE-2024-47538 at NVDCVE-2024-47541 at SUSECVE-2024-47541 at NVDCVE-2024-47542 at SUSECVE-2024-47542 at NVDCVE-2024-47600 at SUSECVE-2024-47600 at NVDCVE-2024-47607 at SUSECVE-2024-47607 at NVDCVE-2024-47615 at SUSECVE-2024-47615 at NVDCVE-2024-47835 at SUSECVE-2024-47835 at NVDcpe:/o:suse:sle-micro:5.4Security update for ovmf (Important)SUSE Linux Enterprise Micro 5.4
This update for ovmf fixes the following issues:
- PXE boot is failing due to patches applied to fix CVE-2023-45236 and CVE-2023-45237 (bsc#1237084).
ImportantSUSE bug 1237084CVE-2023-45236 at SUSECVE-2023-45236 at NVDCVE-2023-45237 at SUSECVE-2023-45237 at NVDcpe:/o:suse:sle-micro:5.4Security update for gstreamer (Important)SUSE Linux Enterprise Micro 5.4
This update for gstreamer fixes the following issues:
- CVE-2024-47606: Fixed an integer overflows in MP4/MOV demuxer and memory allocator that can lead to out-of-bounds writes. (boo#1234449)
ImportantSUSE bug 1234449CVE-2024-47606 at SUSECVE-2024-47606 at NVDcpe:/o:suse:sle-micro:5.4Security update for dnsmasq (Important)SUSE Linux Enterprise Micro 5.4
This update for dnsmasq fixes the following issues:
- Version update to 2.90:
- CVE-2023-50387: Fixed a Denial Of Service while trying to validate specially crafted DNSSEC responses. (bsc#1219823)
- CVE-2023-50868: Fixed a Denial Of Service while trying to validate specially crafted DNSSEC responses. (bsc#1219826)
- CVE-2023-28450: Default maximum EDNS.0 UDP packet size should be 1232. (bsc#1209358)
ImportantSUSE bug 1200344SUSE bug 1207174SUSE bug 1209358SUSE bug 1214884SUSE bug 1219823SUSE bug 1219826CVE-2023-28450 at SUSECVE-2023-28450 at NVDCVE-2023-50387 at SUSECVE-2023-50387 at NVDCVE-2023-50868 at SUSECVE-2023-50868 at NVDcpe:/o:suse:sle-micro:5.4Security update for pam_pkcs11 (Moderate)SUSE Linux Enterprise Micro 5.4
This update for pam_pkcs11 fixes the following issues:
- CVE-2025-24032: default value for `cert_policy` (`none`) allows for authentication bypass (bsc#1237062).
- CVE-2025-24031: uninitialized pointer dereference caused by user pressing ctrl-c/ctrl-d when asked for PIN leads to
crash (bsc#1237058).
ModerateSUSE bug 1237058SUSE bug 1237062CVE-2025-24031 at SUSECVE-2025-24031 at NVDCVE-2025-24032 at SUSECVE-2025-24032 at NVDcpe:/o:suse:sle-micro:5.4Security update for vim (Moderate)SUSE Linux Enterprise Micro 5.4
This update for vim fixes the following issues:
Update to version 9.1.1101:
- CVE-2024-43790: possible out-of-bounds read when performing a search command (bsc#1229685).
- CVE-2024-43802: heap buffer overflow due to incorrect flushing of the typeahead buffer (bsc#1229822).
- CVE-2024-45306: heap buffer overflow when cursor position is invalid (bsc#1230078).
- CVE-2025-22134: heap buffer overflow when switching to other buffers using the :all command with active visual mode
(bsc#1235695).
- CVE-2025-24014: NULL pointer dereference may lead to segmentation fault when in silent Ex mode (bsc#1236151).
- CVE-2025-1215: memory corruption when manipulating the --log argument (bsc#1237137).
ModerateSUSE bug 1229685SUSE bug 1229822SUSE bug 1230078SUSE bug 1235695SUSE bug 1236151SUSE bug 1237137CVE-2024-43790 at SUSECVE-2024-43790 at NVDCVE-2024-43802 at SUSECVE-2024-43802 at NVDCVE-2024-45306 at SUSECVE-2024-45306 at NVDCVE-2025-1215 at SUSECVE-2025-1215 at NVDCVE-2025-22134 at SUSECVE-2025-22134 at NVDCVE-2025-24014 at SUSECVE-2025-24014 at NVDcpe:/o:suse:sle-micro:5.4Security update for procps (Important)SUSE Linux Enterprise Micro 5.4
This update for procps fixes the following issues:
- Integer overflow due to incomplete fix for CVE-2023-4016 can lead to segmentation fault in ps command when pid
argument has a leading space (bsc#1236842, bsc#1214290).
ImportantSUSE bug 1214290SUSE bug 1236842CVE-2023-4016 at SUSECVE-2023-4016 at NVDcpe:/o:suse:sle-micro:5.4Security update for libxml2 (Important)SUSE Linux Enterprise Micro 5.4
This update for libxml2 fixes the following issues:
- CVE-2024-56171: use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c
(bsc#1237363).
- CVE-2025-24928: stack-based buffer overflow in xmlSnprintfElements in valid.c (bsc#1237370).
- CVE-2025-27113: NULL pointer dereference in xmlPatMatch in pattern.c (bsc#1237418).
ImportantSUSE bug 1237363SUSE bug 1237370SUSE bug 1237418CVE-2024-56171 at SUSECVE-2024-56171 at NVDCVE-2025-24928 at SUSECVE-2025-24928 at NVDCVE-2025-27113 at SUSECVE-2025-27113 at NVDcpe:/o:suse:sle-micro:5.4Security update for libX11 (Moderate)SUSE Linux Enterprise Micro 5.4
This update for libX11 fixes the following issues:
- CVE-2025-26597: improper resizing of key actions when nGroups is 0 can lead to buffer overflows in
XkbChangeTypesOfKey() (bsc#1237431).
ModerateSUSE bug 1237431CVE-2025-26597 at SUSECVE-2025-26597 at NVDcpe:/o:suse:sle-micro:5.4Security update for u-boot (Moderate)SUSE Linux Enterprise Micro 5.4
This update for u-boot fixes the following issues:
- CVE-2024-57256: integer overflow in U-Boot's ext4 symlink resolution function (bsc#1237284).
- CVE-2024-57258: multiple integer overflows in U-Boot's memory allocator (bsc#1237287).
ModerateSUSE bug 1237284SUSE bug 1237287CVE-2024-57256 at SUSECVE-2024-57256 at NVDCVE-2024-57258 at SUSECVE-2024-57258 at NVDcpe:/o:suse:sle-micro:5.4Security update for gnutls (Moderate)SUSE Linux Enterprise Micro 5.4
This update for gnutls fixes the following issues:
- CVE-2024-12243: quadratic complexity of DER input decoding in libtasn1 can lead to a DoS (bsc#1236974).
ModerateSUSE bug 1236974CVE-2024-12243 at SUSECVE-2024-12243 at NVDcpe:/o:suse:sle-micro:5.4Security update for docker (Moderate)SUSE Linux Enterprise Micro 5.4
This update for docker fixes the following issues:
Update to Docker 27.5.1-ce (bsc#1237335):
- CVE-2024-29018: External DNS requests from 'internal' networks could lead to data exfiltration (bsc#1234089).
ModerateSUSE bug 1234089SUSE bug 1237335CVE-2024-29018 at SUSECVE-2024-29018 at NVDcpe:/o:suse:sle-micro:5.4Security update for podman (Important)SUSE Linux Enterprise Micro 5.4
This update for podman fixes the following issues:
- CVE-2025-27144: Fixed denial of service in parsing function of embedded library Go JOSE (bsc#1237641)
ImportantSUSE bug 1237641CVE-2025-27144 at SUSECVE-2025-27144 at NVDcpe:/o:suse:sle-micro:5.4Recommended update for python3-M2Crypto (Moderate)SUSE Linux Enterprise Micro 5.4
This update for python3-M2Crypto fixes the following issues:
- Fix spelling of BSD-2-Clause license.
- Update to 0.44.0:
- The real license is BSD 2-Clause, not MIT.
- Remove python-M2Crypto.keyring, because PyPI broke GPG support
- Build for modern python stack on SLE/Leap
- require setuptools
- Make tests running again.
- Remove unnecessary fdupes call
- Add python-typing as a dependency
- SLE12 requires swig3 for a successful build, too ModerateSUSE bug 1205042SUSE bug 1231589SUSE bug 1236664CVE-2020-25657 at SUSECVE-2020-25657 at NVDcpe:/o:suse:sle-micro:5.4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.4
The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2022-49080: mm/mempolicy: fix mpol_new leak in shared_policy_replace (bsc#1238033).
- CVE-2024-35949: btrfs: make sure that WRITTEN is set on all metadata blocks (bsc#1224700).
- CVE-2024-50128: net: wwan: fix global oob in wwan_rtnl_policy (bsc#1232905).
- CVE-2024-53135: KVM: VMX: Bury Intel PT virtualization (guest/host mode) behind CONFIG_BROKEN (bsc#1234154).
- CVE-2024-57948: mac802154: check local interfaces before deleting sdata list (bsc#1236677).
- CVE-2025-21690: scsi: storvsc: Ratelimit warning logs to prevent VM denial of service (bsc#1237025).
- CVE-2025-21692: net: sched: fix ets qdisc OOB Indexing (bsc#1237028).
- CVE-2025-21699: gfs2: Truncate address space when flipping GFS2_DIF_JDATA flag (bsc#1237139).
The following non-security bugs were fixed:
- idpf: call set_real_num_queues in idpf_open (bsc#1236661 bsc#1237316).
- ipv4/tcp: do not use per netns ctl sockets (bsc#1237693).
- net: mana: Add get_link and get_link_ksettings in ethtool (bsc#1236761).
- net: mana: Cleanup 'mana' debugfs dir after cleanup of all children (bsc#1236760).
- net: mana: Enable debugfs files for MANA device (bsc#1236758).
- net: netvsc: Update default VMBus channels (bsc#1236757).
- scsi: storvsc: Use scsi_cmd_to_rq() instead of scsi_cmnd.request (git-fixes).
- x86/kvm: fix is_stale_page_fault() (bsc#1236675).
- x86/xen: add FRAME_END to xen_hypercall_hvm() (git-fixes).
- x86/xen: fix xen_hypercall_hvm() to not clobber %rbx (git-fixes).
ImportantSUSE bug 1208995SUSE bug 1220946SUSE bug 1224700SUSE bug 1225742SUSE bug 1232905SUSE bug 1232919SUSE bug 1234154SUSE bug 1234853SUSE bug 1234891SUSE bug 1234963SUSE bug 1235054SUSE bug 1235061SUSE bug 1235073SUSE bug 1236661SUSE bug 1236675SUSE bug 1236677SUSE bug 1236757SUSE bug 1236758SUSE bug 1236760SUSE bug 1236761SUSE bug 1237025SUSE bug 1237028SUSE bug 1237139SUSE bug 1237316SUSE bug 1237693SUSE bug 1238033CVE-2022-49080 at SUSECVE-2022-49080 at NVDCVE-2023-1192 at SUSECVE-2023-1192 at NVDCVE-2023-52572 at SUSECVE-2023-52572 at NVDCVE-2024-35949 at SUSECVE-2024-35949 at NVDCVE-2024-50115 at SUSECVE-2024-50115 at NVDCVE-2024-50128 at SUSECVE-2024-50128 at NVDCVE-2024-53135 at SUSECVE-2024-53135 at NVDCVE-2024-53173 at SUSECVE-2024-53173 at NVDCVE-2024-53239 at SUSECVE-2024-53239 at NVDCVE-2024-56539 at SUSECVE-2024-56539 at NVDCVE-2024-56548 at SUSECVE-2024-56548 at NVDCVE-2024-56605 at SUSECVE-2024-56605 at NVDCVE-2024-57948 at SUSECVE-2024-57948 at NVDCVE-2025-21690 at SUSECVE-2025-21690 at NVDCVE-2025-21692 at SUSECVE-2025-21692 at NVDCVE-2025-21699 at SUSECVE-2025-21699 at NVDcpe:/o:suse:sle-micro:5.4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.4
The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2022-49080: mm/mempolicy: fix mpol_new leak in shared_policy_replace (bsc#1238033).
- CVE-2024-35949: btrfs: make sure that WRITTEN is set on all metadata blocks (bsc#1224700).
- CVE-2024-50128: net: wwan: fix global oob in wwan_rtnl_policy (bsc#1232905).
- CVE-2024-53135: KVM: VMX: Bury Intel PT virtualization (guest/host mode) behind CONFIG_BROKEN (bsc#1234154).
- CVE-2024-57948: mac802154: check local interfaces before deleting sdata list (bsc#1236677).
- CVE-2025-21690: scsi: storvsc: Ratelimit warning logs to prevent VM denial of service (bsc#1237025).
- CVE-2025-21692: net: sched: fix ets qdisc OOB Indexing (bsc#1237028).
- CVE-2025-21699: gfs2: Truncate address space when flipping GFS2_DIF_JDATA flag (bsc#1237139).
The following non-security bugs were fixed:
- idpf: call set_real_num_queues in idpf_open (bsc#1236661 bsc#1237316).
- ipv4/tcp: do not use per netns ctl sockets (bsc#1237693).
- net: mana: Add get_link and get_link_ksettings in ethtool (bsc#1236761).
- net: mana: Cleanup 'mana' debugfs dir after cleanup of all children (bsc#1236760).
- net: mana: Enable debugfs files for MANA device (bsc#1236758).
- net: netvsc: Update default VMBus channels (bsc#1236757).
- scsi: storvsc: Use scsi_cmd_to_rq() instead of scsi_cmnd.request (git-fixes).
- x86/kvm: fix is_stale_page_fault() (bsc#1236675).
- x86/xen: add FRAME_END to xen_hypercall_hvm() (git-fixes).
- x86/xen: fix xen_hypercall_hvm() to not clobber %rbx (git-fixes).
ImportantSUSE bug 1208995SUSE bug 1220946SUSE bug 1224700SUSE bug 1225742SUSE bug 1232905SUSE bug 1232919SUSE bug 1234154SUSE bug 1234853SUSE bug 1234891SUSE bug 1234963SUSE bug 1235054SUSE bug 1235061SUSE bug 1235073SUSE bug 1236661SUSE bug 1236675SUSE bug 1236677SUSE bug 1236757SUSE bug 1236758SUSE bug 1236760SUSE bug 1236761SUSE bug 1237025SUSE bug 1237028SUSE bug 1237139SUSE bug 1237316SUSE bug 1237693SUSE bug 1238033CVE-2022-49080 at SUSECVE-2022-49080 at NVDCVE-2023-1192 at SUSECVE-2023-1192 at NVDCVE-2023-52572 at SUSECVE-2023-52572 at NVDCVE-2024-35949 at SUSECVE-2024-35949 at NVDCVE-2024-50115 at SUSECVE-2024-50115 at NVDCVE-2024-50128 at SUSECVE-2024-50128 at NVDCVE-2024-53135 at SUSECVE-2024-53135 at NVDCVE-2024-53173 at SUSECVE-2024-53173 at NVDCVE-2024-53239 at SUSECVE-2024-53239 at NVDCVE-2024-56539 at SUSECVE-2024-56539 at NVDCVE-2024-56548 at SUSECVE-2024-56548 at NVDCVE-2024-56605 at SUSECVE-2024-56605 at NVDCVE-2024-57948 at SUSECVE-2024-57948 at NVDCVE-2025-21690 at SUSECVE-2025-21690 at NVDCVE-2025-21692 at SUSECVE-2025-21692 at NVDCVE-2025-21699 at SUSECVE-2025-21699 at NVDcpe:/o:suse:sle-micro:5.4Security update for libarchive (Moderate)SUSE Linux Enterprise Micro 5.4
This update for libarchive fixes the following issues:
- CVE-2025-25724: Fixed buffer overflow vulnerability in function list_item_verbose() in tar/util.c (bsc#1238610).
ModerateSUSE bug 1238610CVE-2025-25724 at SUSECVE-2025-25724 at NVDcpe:/o:suse:sle-micro:5.4Security update for freetype2 (Important)SUSE Linux Enterprise Micro 5.4
This update for freetype2 fixes the following issues:
- CVE-2025-27363: Fixed out-of-bounds write when attempting to parse font
subglyph structures related to TrueType GX and variable font files (bsc#1239465).
ImportantSUSE bug 1239465CVE-2025-27363 at SUSECVE-2025-27363 at NVDcpe:/o:suse:sle-micro:5.4Security update for salt (Important)SUSE Linux Enterprise Micro 5.4
This update for salt fixes the following issues:
- Security issues fixed:
* CVE-2025-67724: Fixed missing validation of supplied reason phrase (bsc#1254903)
* CVE-2025-67725: Fixed DoS via malicious HTTP request (bsc#1254905)
* CVE-2025-67726: Fixed HTTP header parameter parsing algorithm (bsc#1254904)
* CVE-2025-13836: Set a safe limit to http.client response read (bsc#1254400)
- Made syntax in httputil_test compatible with Python 3.6
- Fixed KeyError in postgres module with PostgreSQL 17 (bsc#1254325)
- Use internal deb classes instead of external aptsource lib
- Improved wheel key.finger call (bsc#1240532)
- Improved utils.find_json function (bsc#1246130)
- Extended warn_until period to 2027
ImportantSUSE bug 1240532SUSE bug 1246130SUSE bug 1254325SUSE bug 1254400SUSE bug 1254903SUSE bug 1254904SUSE bug 1254905CVE-2025-13836 at SUSECVE-2025-13836 at NVDCVE-2025-67724 at SUSECVE-2025-67724 at NVDCVE-2025-67725 at SUSECVE-2025-67725 at NVDCVE-2025-67726 at SUSECVE-2025-67726 at NVDcpe:/o:suse:sle-micro:5.4Security update for systemd (Important)SUSE Linux Enterprise Micro 5.4
This update for systemd fixes the following issues:
- CVE-2026-4105: privilege escalation due to improper access control in RegisterMachine D-Bus method (bsc#1259650).
- CVE-2026-29111: local unprivileged user can trigger an assert in systemd (bsc#1259418).
- udev: check for invalid chars in various fields received from the kernel (bsc#1259697).
Changelog:
- 6a38d88a42 machined: reject invalid class types when registering machines
- 8c9a592e5a udev: fix review mixup
- b57007a917 udev-builtin-net-id: print cescaped bad attributes
- ee23c7604b udev-builtin-net_id: do not assume the current interface name is ethX
- 0f63e799e6 udev: ensure tag parsing stays within bounds
- 046f52ec12 udev: ensure there is space for trailing NUL before calling sprintf
- 5be21460ce udev: check for invalid chars in various fields received from the kernel
- 9559607b16 core/cgroup: avoid one unnecessary strjoina()
- fcae348ca4 core: validate input cgroup path more prudently
- a3ca6b3031 alloc-util: add strdupa_safe() + strndupa_safe() and use it everywhere
- 08125d6b06 units: add dep on systemd-logind.service by user@.service
ImportantSUSE bug 1259418SUSE bug 1259650SUSE bug 1259697CVE-2026-29111 at SUSECVE-2026-29111 at NVDCVE-2026-4105 at SUSECVE-2026-4105 at NVDcpe:/o:suse:sle-micro:5.4Security update for sqlite3 (Moderate)SUSE Linux Enterprise Micro 5.4
This update for sqlite3 fixes the following issues:
Update sqlite3 to 3.51.3:
- CVE-2025-7709: Integer Overflow in FTS5 Extension (bsc#1254670).
- CVE-2025-70873: SQLite zipfile extension may disclose uninitialized heap memory during inflation (bsc#1259619).
Changelog:
* Fix the WAL-reset database corruption bug:
https://sqlite.org/wal.html#walresetbug
ModerateSUSE bug 1254670SUSE bug 1259619CVE-2025-70873 at SUSECVE-2025-70873 at NVDCVE-2025-7709 at SUSECVE-2025-7709 at NVDcpe:/o:suse:sle-micro:5.4Security update for python-urllib3 (Moderate)SUSE Linux Enterprise Micro 5.4
This update for python-urllib3 fixes the following issue:
- CVE-2025-66471: excessive resource consumption via decompression of highly compressed data in Streaming API
(bsc#1254867).
ModerateSUSE bug 1254867SUSE bug 1259829CVE-2025-66471 at SUSECVE-2025-66471 at NVDcpe:/o:suse:sle-micro:5.4Security update for python3 (Important)SUSE Linux Enterprise Micro 5.4
This update for python3 fixes the following issues:
- CVE-2026-1299: header injection when an email is serialized due to improper newline quoting in BytesGenerator (bsc#1257181). ImportantSUSE bug 1257181CVE-2026-1299 at SUSECVE-2026-1299 at NVDcpe:/o:suse:sle-micro:5.4Security update for vim (Moderate)SUSE Linux Enterprise Micro 5.4
This update for vim fixes the following issues:
Update Vim to version 9.2.0110:
- CVE-2025-53906: Fixed that malicious zip archive may cause a path traversal in Vim's zip (bsc#1246602).
- CVE-2026-26269: Fixed Netbeans specialKeys stack buffer overflow (bsc#1258229).
- CVE-2026-28417: Fixed crafted URL parsed by netrw plugin can lead to execute arbitrary shell commands (bsc#1259051).
- CVE-2026-28418: Fixed that a malformed tags file can cause an heap-based buffer overflow out-of-bounds read (bsc#1259052)
- CVE-2026-28419: Fixed processing a malformed tags file containing a delimiter can lead to a crash (bsc#1259053)
- CVE-2026-28420: Fixed that processing maximum combining characters in terminal emulator can lead to heap-based buffer overflow write (bsc#1259054)
- CVE-2026-28421: Fixed that a crafted swap file can cause a heap-buffer-overflow and a segmentation fault
- CVE-2026-28422: Fixed that a malicious modeline or plugin can trigger a stack-buffer-overflow (bsc#1259056)
ModerateSUSE bug 1246602SUSE bug 1258229SUSE bug 1259051SUSE bug 1259052SUSE bug 1259053SUSE bug 1259054SUSE bug 1259055SUSE bug 1259056CVE-2025-53906 at SUSECVE-2025-53906 at NVDCVE-2026-26269 at SUSECVE-2026-26269 at NVDCVE-2026-28417 at SUSECVE-2026-28417 at NVDCVE-2026-28418 at SUSECVE-2026-28418 at NVDCVE-2026-28419 at SUSECVE-2026-28419 at NVDCVE-2026-28420 at SUSECVE-2026-28420 at NVDCVE-2026-28421 at SUSECVE-2026-28421 at NVDCVE-2026-28422 at SUSECVE-2026-28422 at NVDcpe:/o:suse:sle-micro:5.4Security update for containerd (Important)SUSE Linux Enterprise Micro 5.4
This update for containerd rebuilds it against the current go 1.25 security release.
Importantcpe:/o:suse:sle-micro:5.4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.4
The SUSE Linux Enterprise 15 SP4 RT kernel was updated to fix various security issues
The following security issues were fixed:
- CVE-2024-46854: net: dpaa: Pad packets to ETH_ZLEN (bsc#1231084).
- CVE-2025-21738: ata: libata-sff: Ensure that we cannot write outside the allocated buffer (bsc#1238917).
- CVE-2025-40242: gfs2: Fix unlikely race in gdlm_put_lock (bsc#1255075).
- CVE-2025-68312: usbnet: Prevents free active kevent (bsc#1255171).
- CVE-2025-71066: net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change
(bsc#1256645).
- CVE-2025-71085: ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() (bsc#1256623).
- CVE-2025-71112: net: hns3: add VLAN id validation before using (bsc#1256726).
- CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257236).
- CVE-2026-23001: macvlan: fix possible UAF in macvlan_forward_source() (bsc#1257232).
- CVE-2026-23004: dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list() (bsc#1257231).
- CVE-2026-23060: crypto: authencesn - reject too-short AAD (assoclen<8) to match ESP/ESN spec (bsc#1257735).
- CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1257749).
- CVE-2026-23089: ALSA: usb-audio: Fix use-after-free in snd_usb_mixer_free() (bsc#1257790).
- CVE-2026-23191: ALSA: aloop: Fix racy access at PCM trigger (bsc#1258395).
- CVE-2026-23204: net: add skb_header_pointer_careful() helper (bsc#1258340).
- CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258518).
- CVE-2026-23268: apparmor: fix unprivileged local user can do privileged policy management (bsc#1258850).
- CVE-2026-23269: apparmor: validate DFA start states are in bounds in unpack_pdb (bsc#1259857).
The following non security issues were fixed:
- apparmor: fix differential encoding verification (bsc#1258849).
- apparmor: Fix double free of ns_name in aa_replace_profiles() (bsc#1258849).
- apparmor: fix memory leak in verify_header (bsc#1258849).
- apparmor: fix missing bounds check on DEFAULT table in verify_dfa() (bsc#1258849).
- apparmor: fix race between freeing data and fs accessing it (bsc#1258849).
- apparmor: fix race on rawdata dereference (bsc#1258849).
- apparmor: fix side-effect bug in match_char() macro usage (bsc#1258849).
- apparmor: fix unprivileged local user can do privileged policy management (bsc#1258849).
- apparmor: fix: limit the number of levels of policy namespaces (bsc#1258849).
- apparmor: replace recursive profile removal with iterative approach (bsc#1258849).
- apparmor: validate DFA start states are in bounds in unpack_pdb (bsc#1258849).
- net: hv_netvsc: reject RSS hash key programming without RX indirection table (bsc#1257473).
- net: tcp: allow zero-window ACK update the window (bsc#1254767).
- net: tcp: send zero-window ACK when no memory (bsc#1254767).
- scsi: storvsc: Process unsupported MODE_SENSE_10 (bsc#1257296).
- tcp: correct handling of extreme memory squeeze (bsc#1254767).
- x86/its: Fix crash during dynamic its initialization (bsc#1257771).
- x86/modules: Set VM_FLUSH_RESET_PERMS in module_alloc() (bsc#1257771).
ImportantSUSE bug 1220137SUSE bug 1220144SUSE bug 1223007SUSE bug 1231084SUSE bug 1233038SUSE bug 1235905SUSE bug 1236104SUSE bug 1236208SUSE bug 1237885SUSE bug 1237906SUSE bug 1238414SUSE bug 1238754SUSE bug 1238763SUSE bug 1238917SUSE bug 1244758SUSE bug 1244904SUSE bug 1245110SUSE bug 1248306SUSE bug 1248377SUSE bug 1249156SUSE bug 1249158SUSE bug 1249827SUSE bug 1252785SUSE bug 1253028SUSE bug 1253409SUSE bug 1254462SUSE bug 1254463SUSE bug 1254464SUSE bug 1254767SUSE bug 1255075SUSE bug 1255171SUSE bug 1256623SUSE bug 1256645SUSE bug 1256726SUSE bug 1256792SUSE bug 1257231SUSE bug 1257232SUSE bug 1257236SUSE bug 1257296SUSE bug 1257473SUSE bug 1257732SUSE bug 1257735SUSE bug 1257749SUSE bug 1257771SUSE bug 1257790SUSE bug 1258340SUSE bug 1258395SUSE bug 1258518SUSE bug 1258849SUSE bug 1258850SUSE bug 1259857CVE-2022-49604 at SUSECVE-2022-49604 at NVDCVE-2022-49943 at SUSECVE-2022-49943 at NVDCVE-2022-49980 at SUSECVE-2022-49980 at NVDCVE-2022-50232 at SUSECVE-2022-50232 at NVDCVE-2023-52433 at SUSECVE-2023-52433 at NVDCVE-2023-52923 at SUSECVE-2023-52923 at NVDCVE-2023-53178 at SUSECVE-2023-53178 at NVDCVE-2023-53407 at SUSECVE-2023-53407 at NVDCVE-2023-53412 at SUSECVE-2023-53412 at NVDCVE-2023-53417 at SUSECVE-2023-53417 at NVDCVE-2023-53418 at SUSECVE-2023-53418 at NVDCVE-2024-26581 at SUSECVE-2024-26581 at NVDCVE-2024-26832 at SUSECVE-2024-26832 at NVDCVE-2024-46854 at SUSECVE-2024-46854 at NVDCVE-2024-50143 at SUSECVE-2024-50143 at NVDCVE-2024-54031 at SUSECVE-2024-54031 at NVDCVE-2025-21658 at SUSECVE-2025-21658 at NVDCVE-2025-21738 at SUSECVE-2025-21738 at NVDCVE-2025-21760 at SUSECVE-2025-21760 at NVDCVE-2025-21764 at SUSECVE-2025-21764 at NVDCVE-2025-21765 at SUSECVE-2025-21765 at NVDCVE-2025-21766 at SUSECVE-2025-21766 at NVDCVE-2025-38563 at SUSECVE-2025-38563 at NVDCVE-2025-38565 at SUSECVE-2025-38565 at NVDCVE-2025-38684 at SUSECVE-2025-38684 at NVDCVE-2025-40044 at SUSECVE-2025-40044 at NVDCVE-2025-40139 at SUSECVE-2025-40139 at NVDCVE-2025-40242 at SUSECVE-2025-40242 at NVDCVE-2025-68312 at SUSECVE-2025-68312 at NVDCVE-2025-71066 at SUSECVE-2025-71066 at NVDCVE-2025-71085 at SUSECVE-2025-71085 at NVDCVE-2025-71112 at SUSECVE-2025-71112 at NVDCVE-2026-22999 at SUSECVE-2026-22999 at NVDCVE-2026-23001 at SUSECVE-2026-23001 at NVDCVE-2026-23004 at SUSECVE-2026-23004 at NVDCVE-2026-23054 at SUSECVE-2026-23054 at NVDCVE-2026-23060 at SUSECVE-2026-23060 at NVDCVE-2026-23074 at SUSECVE-2026-23074 at NVDCVE-2026-23089 at SUSECVE-2026-23089 at NVDCVE-2026-23191 at SUSECVE-2026-23191 at NVDCVE-2026-23204 at SUSECVE-2026-23204 at NVDCVE-2026-23209 at SUSECVE-2026-23209 at NVDCVE-2026-23268 at SUSECVE-2026-23268 at NVDCVE-2026-23269 at SUSECVE-2026-23269 at NVDcpe:/o:suse:sle-micro:5.4Security update for python-pyasn1 (Important)SUSE Linux Enterprise Micro 5.4
This update for python-pyasn1 fixes the following issues:
- CVE-2026-30922: Denial of Service via Unbounded Recursion (bsc#1259803).
ImportantSUSE bug 1259803CVE-2026-30922 at SUSECVE-2026-30922 at NVDcpe:/o:suse:sle-micro:5.4Security update for expat (Important)SUSE Linux Enterprise Micro 5.4
This update for expat fixes the following issues:
- CVE-2026-32776: NULL pointer dereference when processing empty external parameter entities inside an entity
declaration value (bsc#1259726).
- CVE-2026-32777: denial of service due to infinite loop in DTD content parsing (bsc#1259711).
- CVE-2026-32778: NULL pointer dereference in `setContext` on retry after an out-of-memory condition (bsc#1259729).
ImportantSUSE bug 1259711SUSE bug 1259726SUSE bug 1259729CVE-2026-32776 at SUSECVE-2026-32776 at NVDCVE-2026-32777 at SUSECVE-2026-32777 at NVDCVE-2026-32778 at SUSECVE-2026-32778 at NVDcpe:/o:suse:sle-micro:5.4Security update for python-tornado (Important)SUSE Linux Enterprise Micro 5.4
This update for python-tornado fixes the following issues:
- CVE-2026-31958: parsing large multipart bodies with many parts can cause a denial of service (bsc#1259553).
- incomplete validation of cookie attributes allows for injection of user-controlled values in other cookie attributes
(bsc#1259630).
ImportantSUSE bug 1254905SUSE bug 1259553SUSE bug 1259630CVE-2026-31958 at SUSECVE-2026-31958 at NVDcpe:/o:suse:sle-micro:5.4Security update for tar (Important)SUSE Linux Enterprise Micro 5.4
This update for tar fixes the following issue:
- CVE-2025-45582: file overwrite via directory traversal in crafted TAR archives (bsc#1246399).
ImportantSUSE bug 1246399CVE-2025-45582 at SUSECVE-2025-45582 at NVDcpe:/o:suse:sle-micro:5.4Security update for libsoup2 (Moderate)SUSE Linux Enterprise Micro 5.4
This update for libsoup2 fixes the following issue:
- CVE-2026-0716: improper bounds handling may allow out-of-bounds read (bsc#1256418).
ModerateSUSE bug 1256418CVE-2026-0716 at SUSECVE-2026-0716 at NVDcpe:/o:suse:sle-micro:5.4Security update for ignition (Important)SUSE Linux Enterprise Micro 5.4
This update for ignition fixes the following issue:
- CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2: path pseudo-
header (bsc#1260251)
ImportantSUSE bug 1260251CVE-2026-33186 at SUSECVE-2026-33186 at NVDcpe:/o:suse:sle-micro:5.4Security update for openssl-3 (Important)SUSE Linux Enterprise Micro 5.4
This update for openssl-3 fixes the following issues:
- CVE-2026-28387: Potential use-after-free in DANE client code (bsc#1260441).
- CVE-2026-28388: NULL Pointer Dereference When Processing a Delta CRL (bsc#1260442).
- CVE-2026-28389: Possible NULL dereference when processing CMS KeyAgreeRecipientInfo (bsc#1260443).
- CVE-2026-31789: Heap buffer overflow in hexadecimal conversion (bsc#1260444).
- CVE-2026-31790: Incorrect failure handling in RSA KEM RSASVE encapsulation (bsc#1260445).
ImportantSUSE bug 1260441SUSE bug 1260442SUSE bug 1260443SUSE bug 1260444SUSE bug 1260445CVE-2026-28387 at SUSECVE-2026-28387 at NVDCVE-2026-28388 at SUSECVE-2026-28388 at NVDCVE-2026-28389 at SUSECVE-2026-28389 at NVDCVE-2026-31789 at SUSECVE-2026-31789 at NVDCVE-2026-31790 at SUSECVE-2026-31790 at NVDcpe:/o:suse:sle-micro:5.4Security update for nghttp2 (Important)SUSE Linux Enterprise Micro 5.4
This update for nghttp2 fixes the following issue:
- CVE-2026-27135: assertion failure due to missing state validation can lead to DoS (bsc#1259845).
ImportantSUSE bug 1259845CVE-2026-27135 at SUSECVE-2026-27135 at NVDcpe:/o:suse:sle-micro:5.4Security update for podman (Moderate)SUSE Linux Enterprise Micro 5.4
This update for podman fixes the following issues:
- CVE-2025-47914: Fixed ssh-agent that could cause a panic due to an
out-of-bounds read with non validated message size (bsc#1253993)
ModerateSUSE bug 1253993CVE-2025-47914 at SUSECVE-2025-47914 at NVDcpe:/o:suse:sle-micro:5.4Security update for openssl-1_1 (Important)SUSE Linux Enterprise Micro 5.4
This update for openssl-1_1 fixes the following issues:
- CVE-2026-28387: Potential use-after-free in DANE client code (bsc#1260441).
- CVE-2026-28388: NULL Pointer Dereference When Processing a Delta CRL (bsc#1260442).
- CVE-2026-28389: Possible NULL dereference when processing CMS KeyAgreeRecipientInfo (bsc#1260443).
- CVE-2026-31789: Heap buffer overflow in hexadecimal conversion (bsc#1260444).
- CVE-2026-31790: Incorrect failure handling in RSA KEM RSASVE encapsulation (bsc#1260445).
ImportantSUSE bug 1260441SUSE bug 1260442SUSE bug 1260443SUSE bug 1260444SUSE bug 1260445CVE-2026-28387 at SUSECVE-2026-28387 at NVDCVE-2026-28388 at SUSECVE-2026-28388 at NVDCVE-2026-28389 at SUSECVE-2026-28389 at NVDCVE-2026-31789 at SUSECVE-2026-31789 at NVDCVE-2026-31790 at SUSECVE-2026-31790 at NVDcpe:/o:suse:sle-micro:5.4Security update for ovmf (Important)SUSE Linux Enterprise Micro 5.4
This update for ovmf fixes the following issues:
- CVE-2022-36765: Fixed integer overflow to buffer overflow via local network vulnerability (bsc#1218680).
ImportantSUSE bug 1218680CVE-2022-36765 at SUSECVE-2022-36765 at NVDcpe:/o:suse:sle-micro:5.4Security update for gpg2 (Important)SUSE Linux Enterprise Micro 5.4
This update for gpg2 fixes the following issues:
- CVE-2025-68973: Fix possible memory corruption in the armor parser (gpg.fail/memcpy)(bsc#1255715).
- Avoid potential downgrade to SHA1 in 3rd party key signatures (gpg.fail/sha1) (bsc#1256246).
- Error out on unverified output for non-detached signatures (gpg.fail/detached) (bsc#1256244).
- Fix Cleartext Signature Forgery in the NotDashEscaped header implementation in GnuPG (gpg.fail/notdash) (bsc#1256390).
ImportantSUSE bug 1255715SUSE bug 1256244SUSE bug 1256246SUSE bug 1256390CVE-2025-68973 at SUSECVE-2025-68973 at NVDcpe:/o:suse:sle-micro:5.4Security update for kernel-firmware (Important)SUSE Linux Enterprise Micro 5.4
This update for kernel-firmware fixes the following issues:
- Update AMD CPU ucode to 20251203 (bsc#1256483)
ImportantSUSE bug 1256483cpe:/o:suse:sle-micro:5.4Security update for python-tornado (Important)SUSE Linux Enterprise Micro 5.4
This update for python-tornado fixes the following issues:
- CVE-2025-67725: inefficient algorithm when parsing parameters for HTTP header values (bsc#1254905).
- CVE-2025-67726: Denial of Service (DoS) via maliciously crafted HTTP request caused by the HTTPHeaders.add method (bsc#1254904).
ImportantSUSE bug 1254904SUSE bug 1254905CVE-2025-67725 at SUSECVE-2025-67725 at NVDCVE-2025-67726 at SUSECVE-2025-67726 at NVDcpe:/o:suse:sle-micro:5.4Security update for libsodium (Moderate)SUSE Linux Enterprise Micro 5.4
This update for libsodium fixes the following issues:
- CVE-2025-15444: fixed cryptographic bypass via improper elliptic curve point validation (bsc#1256070).
ModerateSUSE bug 1256070CVE-2025-15444 at SUSECVE-2025-15444 at NVDcpe:/o:suse:sle-micro:5.4Security update for libtasn1 (Moderate)SUSE Linux Enterprise Micro 5.4
This update for libtasn1 fixes the following issues:
- CVE-2025-13151: stack-based buffer overflow in `asn1_expend_octet_string` (bsc#1256341).
ModerateSUSE bug 1256341CVE-2025-13151 at SUSECVE-2025-13151 at NVDcpe:/o:suse:sle-micro:5.4Security update for net-snmp (Important)SUSE Linux Enterprise Micro 5.4
This update for net-snmp fixes the following issues:
- CVE-2025-68615: Fixed snmptrapd buffer overflow (bsc#1255491)
ImportantSUSE bug 1255491CVE-2025-68615 at SUSECVE-2025-68615 at NVDcpe:/o:suse:sle-micro:5.4Security update for libsoup2 (Important)SUSE Linux Enterprise Micro 5.4
This update for libsoup2 fixes the following issues:
- CVE-2025-14523: Reject duplicated Host in headers and followed upstream update (bsc#1254876).
- CVE-2026-0719: Fixed overflow for password md4sum (bsc#1256399)
ImportantSUSE bug 1254876SUSE bug 1256399CVE-2025-14523 at SUSECVE-2025-14523 at NVDCVE-2026-0719 at SUSECVE-2026-0719 at NVDcpe:/o:suse:sle-micro:5.4Security update for python3 (Moderate)SUSE Linux Enterprise Micro 5.4
This update for python3 fixes the following issues:
- CVE-2025-12084: cpython: Fixed quadratic algorithm in xml.dom.minidom leading to denial of service (bsc#1254997)
- CVE-2025-13836: Fixed default Content-Lenght read amount from HTTP response (bsc#1254400)
- CVE-2025-13837: Fixed plistlib module denial of service (bsc#1254401)
ModerateSUSE bug 1254400SUSE bug 1254401SUSE bug 1254997CVE-2025-12084 at SUSECVE-2025-12084 at NVDCVE-2025-13836 at SUSECVE-2025-13836 at NVDCVE-2025-13837 at SUSECVE-2025-13837 at NVDcpe:/o:suse:sle-micro:5.4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.4
The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2022-50280: pnode: terminate at peers of source (bsc#1249806).
- CVE-2023-53676: scsi: target: iscsi: Fix buffer overflow in lio_target_nacl_info_show() (bsc#1251786).
- CVE-2025-40040: mm/ksm: fix flag-dropping behavior in ksm_madvise (bsc#1252780).
- CVE-2025-40048: uio_hv_generic: Let userspace take care of interrupt mask (bsc#1252862).
- CVE-2025-40121: ASoC: Intel: bytcr_rt5651: Fix invalid quirk input mapping (bsc#1253367).
- CVE-2025-40154: ASoC: Intel: bytcr_rt5640: Fix invalid quirk input mapping (bsc#1253431).
- CVE-2025-40204: sctp: Fix MAC comparison to be constant-time (bsc#1253436).
- CVE-2025-39967: fbcon: fix integer overflow in fbcon_do_set_font (bsc#1252033)
The following non-security bugs were fixed:
- scsi: storvsc: Prefer returning channel with the same CPU as on the I/O issuing CPU (bsc#1252267).
ImportantSUSE bug 1249806SUSE bug 1251786SUSE bug 1252033SUSE bug 1252267SUSE bug 1252780SUSE bug 1252862SUSE bug 1253367SUSE bug 1253431SUSE bug 1253436CVE-2022-50280 at SUSECVE-2022-50280 at NVDCVE-2023-53676 at SUSECVE-2023-53676 at NVDCVE-2025-39967 at SUSECVE-2025-39967 at NVDCVE-2025-40040 at SUSECVE-2025-40040 at NVDCVE-2025-40048 at SUSECVE-2025-40048 at NVDCVE-2025-40121 at SUSECVE-2025-40121 at NVDCVE-2025-40154 at SUSECVE-2025-40154 at NVDCVE-2025-40204 at SUSECVE-2025-40204 at NVDcpe:/o:suse:sle-micro:5.4Security update for openssl-3 (Critical)SUSE Linux Enterprise Micro 5.4
This update for openssl-3 fixes the following issues:
- CVE-2025-15467: Stack buffer overflow in CMS AuthEnvelopedData parsing (bsc#1256830).
- CVE-2025-68160: Heap out-of-bounds write in BIO_f_linebuffer on short writes (bsc#1256834).
- CVE-2025-69418: Unauthenticated/unencrypted trailing bytes with low-level OCB function calls (bsc#1256835).
- CVE-2025-69419: Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion (bsc#1256836).
- CVE-2025-69420: Missing ASN1_TYPE validation in TS_RESP_verify_response() function (bsc#1256837).
- CVE-2025-69421: NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function (bsc#1256838).
- CVE-2026-22795: Missing ASN1_TYPE validation in PKCS#12 parsing (bsc#1256839).
- CVE-2026-22796: ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function (bsc#1256840).
CriticalSUSE bug 1256830SUSE bug 1256834SUSE bug 1256835SUSE bug 1256836SUSE bug 1256837SUSE bug 1256838SUSE bug 1256839SUSE bug 1256840CVE-2025-15467 at SUSECVE-2025-15467 at NVDCVE-2025-68160 at SUSECVE-2025-68160 at NVDCVE-2025-69418 at SUSECVE-2025-69418 at NVDCVE-2025-69419 at SUSECVE-2025-69419 at NVDCVE-2025-69420 at SUSECVE-2025-69420 at NVDCVE-2025-69421 at SUSECVE-2025-69421 at NVDCVE-2026-22795 at SUSECVE-2026-22795 at NVDCVE-2026-22796 at SUSECVE-2026-22796 at NVDcpe:/o:suse:sle-micro:5.4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.4
The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2022-50280: pnode: terminate at peers of source (bsc#1249806).
- CVE-2023-53676: scsi: target: iscsi: Fix buffer overflow in lio_target_nacl_info_show() (bsc#1251786).
- CVE-2025-39967: fbcon: fix integer overflow in fbcon_do_set_font (bsc#1252033).
- CVE-2025-40040: mm/ksm: fix flag-dropping behavior in ksm_madvise (bsc#1252780).
- CVE-2025-40048: uio_hv_generic: Let userspace take care of interrupt mask (bsc#1252862).
- CVE-2025-40121: ASoC: Intel: bytcr_rt5651: Fix invalid quirk input mapping (bsc#1253367).
- CVE-2025-40154: ASoC: Intel: bytcr_rt5640: Fix invalid quirk input mapping (bsc#1253431).
- CVE-2025-40204: sctp: Fix MAC comparison to be constant-time (bsc#1253436).
The following non-security bugs were fixed:
- scsi: storvsc: Prefer returning channel with the same CPU as on the I/O issuing CPU (bsc#1252267).
ImportantSUSE bug 1249806SUSE bug 1251786SUSE bug 1252033SUSE bug 1252267SUSE bug 1252780SUSE bug 1252862SUSE bug 1253367SUSE bug 1253431SUSE bug 1253436CVE-2022-50280 at SUSECVE-2022-50280 at NVDCVE-2023-53676 at SUSECVE-2023-53676 at NVDCVE-2025-39967 at SUSECVE-2025-39967 at NVDCVE-2025-40040 at SUSECVE-2025-40040 at NVDCVE-2025-40048 at SUSECVE-2025-40048 at NVDCVE-2025-40121 at SUSECVE-2025-40121 at NVDCVE-2025-40154 at SUSECVE-2025-40154 at NVDCVE-2025-40204 at SUSECVE-2025-40204 at NVDcpe:/o:suse:sle-micro:5.4Security update for openssl-1_1 (Moderate)SUSE Linux Enterprise Micro 5.4
This update for openssl-1_1 fixes the following issues:
- CVE-2026-22795: Missing ASN1_TYPE validation in PKCS#12 parsing (bsc#1256839).
- CVE-2025-69420: Missing ASN1_TYPE validation in TS_RESP_verify_response() function (bsc#1256837).
- CVE-2025-69421: NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function (bsc#1256838).
- CVE-2026-22796: ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function (bsc#1256840).
- CVE-2025-68160: Heap out-of-bounds write in BIO_f_linebuffer on short writes (bsc#1256834).
- CVE-2025-69418: Unauthenticated/unencrypted trailing bytes with low-level OCB function calls (bsc#1256835).
- CVE-2025-69419: Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion (bsc#1256836).
ModerateSUSE bug 1256834SUSE bug 1256835SUSE bug 1256836SUSE bug 1256837SUSE bug 1256838SUSE bug 1256839SUSE bug 1256840CVE-2025-68160 at SUSECVE-2025-68160 at NVDCVE-2025-69418 at SUSECVE-2025-69418 at NVDCVE-2025-69419 at SUSECVE-2025-69419 at NVDCVE-2025-69420 at SUSECVE-2025-69420 at NVDCVE-2025-69421 at SUSECVE-2025-69421 at NVDCVE-2026-22795 at SUSECVE-2026-22795 at NVDCVE-2026-22796 at SUSECVE-2026-22796 at NVDcpe:/o:suse:sle-micro:5.4Security update for libsodium (Moderate)SUSE Linux Enterprise Micro 5.4
This update for libsodium fixes the following issues:
- CVE-2025-15444: Fixed cryptographic bypass via improper elliptic curve point validation (bsc#1256070).
- CVE-2025-69277: Fixed incorrect validation of elliptic curve points in crypto_core_ed25519_is_valid_point function (bsc#1255764).
ModerateSUSE bug 1255764SUSE bug 1256070CVE-2025-15444 at SUSECVE-2025-15444 at NVDCVE-2025-69277 at SUSECVE-2025-69277 at NVDcpe:/o:suse:sle-micro:5.4Security update for libvirt (Moderate)SUSE Linux Enterprise Micro 5.4
This update for libvirt fixes the following issues:
Security fixes:
- CVE-2025-13193: Fixed umask for 'qemu-img' when creating external inactive snapshots (bsc#1253703)
- CVE-2025-12748: Fixed check ACLs before parsing the whole domain XML (bsc#1253278)
Other fixes:
- libvirt-supportconfig: Add support for supportconfig.rc (bsc#1251822)
ModerateSUSE bug 1251822SUSE bug 1253278SUSE bug 1253703CVE-2025-12748 at SUSECVE-2025-12748 at NVDCVE-2025-13193 at SUSECVE-2025-13193 at NVDcpe:/o:suse:sle-micro:5.4Security update for xen (Moderate)SUSE Linux Enterprise Micro 5.4
This update for xen fixes the following issues:
Security fixes:
- CVE-2025-58150: Fixed buffer overrun with shadow paging and
tracing (XSA-477) (bsc#1256745)
- CVE-2026-23553: Fixed incomplete IBPB for vCPU isolation
(XSA-479) (bsc#1256747)
- CVE-2025-58149: Fixed incorrect removal od permissions on PCI
device unplug allow PV guests to access memory of devices no
longer assigned to it (XSA-476) (bsc#1252692)
Other fixes:
- Fixed virtxend service restart. Caused by a failure to start
xenstored (bsc#1254180)
ModerateSUSE bug 1252692SUSE bug 1254180SUSE bug 1256745SUSE bug 1256747CVE-2025-58149 at SUSECVE-2025-58149 at NVDCVE-2025-58150 at SUSECVE-2025-58150 at NVDCVE-2026-23553 at SUSECVE-2026-23553 at NVDcpe:/o:suse:sle-micro:5.4Security update for rsync (Moderate)SUSE Linux Enterprise Micro 5.4
This update for rsync fixes the following issues:
- CVE-2025-10158: Fixed out of bounds array access via negative index (bsc#1254441)
ModerateSUSE bug 1254441CVE-2025-10158 at SUSECVE-2025-10158 at NVDcpe:/o:suse:sle-micro:5.4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.4
The SUSE Linux Enterprise 15 SP4 RT kernel was updated to fix various security issues
The following security issues were fixed:
- CVE-2022-50630: mm: hugetlb: fix UAF in hugetlb_handle_userfault (bsc#1254785).
- CVE-2022-50697: mrp: introduce active flags to prevent UAF when applicant uninit (bsc#1255594).
- CVE-2022-50700: wifi: ath10k: Delay the unmapping of the buffer (bsc#1255576).
- CVE-2023-53215: sched/fair: Don't balance task to its current running CPU (bsc#1250397).
- CVE-2023-53254: cacheinfo: Fix shared_cpu_map to handle shared caches at different levels (bsc#1249871).
- CVE-2023-53781: smc: Fix use-after-free in tcp_write_timer_handler() (bsc#1254751).
- CVE-2023-54142: gtp: Fix use-after-free in __gtp_encap_destroy() (bsc#1256095).
- CVE-2023-54243: netfilter: ebtables: fix table blob use-after-free (bsc#1255908).
- CVE-2024-28956: x86/its: Enumerate Indirect Target Selection (ITS) bug (bsc#1242006).
- CVE-2024-36348: x86/bugs: Add a Transient Scheduler Attacks mitigation (bsc#1238896).
- CVE-2024-36349: x86/bugs: Add a Transient Scheduler Attacks mitigation (bsc#1238896).
- CVE-2024-36350: x86/bugs: Add a Transient Scheduler Attacks mitigation (bsc#1238896).
- CVE-2024-36357: x86/bugs: Add a Transient Scheduler Attacks mitigation (bsc#1238896).
- CVE-2024-44987: ipv6: prevent UAF in ip6_send_skb() (bsc#1230185).
- CVE-2025-38068: crypto: lzo - Fix compression buffer overrun (bsc#1245210).
- CVE-2025-38129: page_pool: fix inconsistency for page_pool_ring_lock() (bsc#1245723).
- CVE-2025-38159: wifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds (bsc#1245751).
- CVE-2025-38375: virtio-net: ensure the received length does not exceed allocated size (bsc#1247177).
- CVE-2025-39977: futex: Prevent use-after-free during requeue-PI (bsc#1252046).
- CVE-2025-40019: crypto: essiv - Check ssize for decryption and in-place encryption (bsc#1252678).
- CVE-2025-40139: net: ipv4: Consolidate ipv4_mtu and ip_dst_mtu_maybe_forward (bsc#1253409).
- CVE-2025-40215: kABI: xfrm: delete x->tunnel as we delete x (bsc#1254959).
- CVE-2025-40220: fuse: fix livelock in synchronous file put from fuseblk workers (bsc#1254520).
- CVE-2025-40233: ocfs2: clear extent cache after moving/defragmenting extents (bsc#1254813).
- CVE-2025-40257: mptcp: fix a race in mptcp_pm_del_add_timer() (bsc#1254842).
- CVE-2025-40258: mptcp: fix race condition in mptcp_schedule_work() (bsc#1254843).
- CVE-2025-40277: drm/vmwgfx: Validate command header size against (bsc#1254894).
- CVE-2025-40280: tipc: Fix use-after-free in tipc_mon_reinit_self() (bsc#1254847).
- CVE-2025-40300: Documentation/hw-vuln: Add VMSCAPE documentation (bsc#1247483).
- CVE-2025-40331: sctp: Prevent TOCTOU out-of-bounds write (bsc#1254615).
- CVE-2025-68183: ima: don't clear IMA_DIGSIG flag when setting or removing non-IMA xattr (bsc#1255251).
- CVE-2025-68284: libceph: prevent potential out-of-bounds writes in handle_auth_session_key() (bsc#1255377).
- CVE-2025-68285: libceph: fix potential use-after-free in have_mon_and_osd_map() (bsc#1255401).
- CVE-2025-68732: gpu: host1x: Fix race in syncpt alloc/free (bsc#1255688).
- CVE-2025-68771: ocfs2: fix kernel BUG in ocfs2_find_victim_chain (bsc#1256582).
- CVE-2025-68813: ipvs: fix ipv4 null-ptr-deref in route error path (bsc#1256641).
- CVE-2025-71089: iommu: disable SVA when CONFIG_X86 is set (bsc#1256612).
- CVE-2025-71116: libceph: make decode_pool() more resilient against corrupted osdmaps (bsc#1256744).
- CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256779).
The following non security issues were fixed:
- x86/CPU/AMD: Add ZenX generations flags (bsc#1238896).
- x86: make page fault handling disable interrupts properly (git-fixes).
ImportantSUSE bug 1065729SUSE bug 1193629SUSE bug 1194869SUSE bug 1196823SUSE bug 1204957SUSE bug 1205567SUSE bug 1206889SUSE bug 1207051SUSE bug 1207088SUSE bug 1207611SUSE bug 1207620SUSE bug 1207622SUSE bug 1207636SUSE bug 1207644SUSE bug 1207646SUSE bug 1207652SUSE bug 1207653SUSE bug 1208570SUSE bug 1208758SUSE bug 1209799SUSE bug 1210817SUSE bug 1210943SUSE bug 1211690SUSE bug 1213025SUSE bug 1213032SUSE bug 1213093SUSE bug 1213105SUSE bug 1213110SUSE bug 1213111SUSE bug 1213653SUSE bug 1213747SUSE bug 1213867SUSE bug 1214635SUSE bug 1214940SUSE bug 1214962SUSE bug 1214986SUSE bug 1214990SUSE bug 1216062SUSE bug 1228015SUSE bug 1230185SUSE bug 1238896SUSE bug 1242006SUSE bug 1245210SUSE bug 1245723SUSE bug 1245751SUSE bug 1247177SUSE bug 1247483SUSE bug 1249871SUSE bug 1250397SUSE bug 1252046SUSE bug 1252678SUSE bug 1253409SUSE bug 1253702SUSE bug 1254520SUSE bug 1254559SUSE bug 1254562SUSE bug 1254572SUSE bug 1254578SUSE bug 1254580SUSE bug 1254592SUSE bug 1254608SUSE bug 1254609SUSE bug 1254614SUSE bug 1254615SUSE bug 1254617SUSE bug 1254625SUSE bug 1254631SUSE bug 1254632SUSE bug 1254634SUSE bug 1254644SUSE bug 1254645SUSE bug 1254649SUSE bug 1254653SUSE bug 1254656SUSE bug 1254658SUSE bug 1254660SUSE bug 1254664SUSE bug 1254671SUSE bug 1254674SUSE bug 1254676SUSE bug 1254677SUSE bug 1254686SUSE bug 1254690SUSE bug 1254692SUSE bug 1254694SUSE bug 1254696SUSE bug 1254698SUSE bug 1254699SUSE bug 1254704SUSE bug 1254706SUSE bug 1254709SUSE bug 1254710SUSE bug 1254711SUSE bug 1254712SUSE bug 1254713SUSE bug 1254714SUSE bug 1254716SUSE bug 1254723SUSE bug 1254725SUSE bug 1254728SUSE bug 1254729SUSE bug 1254743SUSE bug 1254745SUSE bug 1254751SUSE bug 1254756SUSE bug 1254759SUSE bug 1254763SUSE bug 1254775SUSE bug 1254780SUSE bug 1254781SUSE bug 1254782SUSE bug 1254783SUSE bug 1254785SUSE bug 1254788SUSE bug 1254789SUSE bug 1254792SUSE bug 1254813SUSE bug 1254842SUSE bug 1254843SUSE bug 1254847SUSE bug 1254851SUSE bug 1254894SUSE bug 1254902SUSE bug 1254915SUSE bug 1254916SUSE bug 1254917SUSE bug 1254920SUSE bug 1254959SUSE bug 1254974SUSE bug 1254986SUSE bug 1254994SUSE bug 1255002SUSE bug 1255005SUSE bug 1255007SUSE bug 1255049SUSE bug 1255060SUSE bug 1255163SUSE bug 1255165SUSE bug 1255251SUSE bug 1255377SUSE bug 1255401SUSE bug 1255467SUSE bug 1255469SUSE bug 1255521SUSE bug 1255528SUSE bug 1255546SUSE bug 1255549SUSE bug 1255554SUSE bug 1255555SUSE bug 1255558SUSE bug 1255560SUSE bug 1255562SUSE bug 1255565SUSE bug 1255574SUSE bug 1255576SUSE bug 1255578SUSE bug 1255582SUSE bug 1255594SUSE bug 1255600SUSE bug 1255607SUSE bug 1255608SUSE bug 1255609SUSE bug 1255618SUSE bug 1255619SUSE bug 1255620SUSE bug 1255623SUSE bug 1255624SUSE bug 1255626SUSE bug 1255627SUSE bug 1255628SUSE bug 1255636SUSE bug 1255688SUSE bug 1255690SUSE bug 1255697SUSE bug 1255702SUSE bug 1255704SUSE bug 1255749SUSE bug 1255750SUSE bug 1255757SUSE bug 1255758SUSE bug 1255760SUSE bug 1255762SUSE bug 1255769SUSE bug 1255771SUSE bug 1255773SUSE bug 1255780SUSE bug 1255786SUSE bug 1255787SUSE bug 1255789SUSE bug 1255790SUSE bug 1255791SUSE bug 1255792SUSE bug 1255796SUSE bug 1255797SUSE bug 1255800SUSE bug 1255801SUSE bug 1255802SUSE bug 1255803SUSE bug 1255804SUSE bug 1255806SUSE bug 1255808SUSE bug 1255819SUSE bug 1255839SUSE bug 1255843SUSE bug 1255844SUSE bug 1255872SUSE bug 1255875SUSE bug 1255876SUSE bug 1255877SUSE bug 1255878SUSE bug 1255880SUSE bug 1255889SUSE bug 1255901SUSE bug 1255902SUSE bug 1255905SUSE bug 1255906SUSE bug 1255908SUSE bug 1255909SUSE bug 1255910SUSE bug 1255912SUSE bug 1255919SUSE bug 1255922SUSE bug 1255925SUSE bug 1255939SUSE bug 1255950SUSE bug 1255953SUSE bug 1255954SUSE bug 1255962SUSE bug 1255964SUSE bug 1255968SUSE bug 1255969SUSE bug 1255970SUSE bug 1255971SUSE bug 1255978SUSE bug 1255979SUSE bug 1255983SUSE bug 1255985SUSE bug 1255990SUSE bug 1255993SUSE bug 1255994SUSE bug 1255996SUSE bug 1256034SUSE bug 1256040SUSE bug 1256042SUSE bug 1256045SUSE bug 1256046SUSE bug 1256048SUSE bug 1256049SUSE bug 1256053SUSE bug 1256056SUSE bug 1256057SUSE bug 1256062SUSE bug 1256063SUSE bug 1256064SUSE bug 1256065SUSE bug 1256074SUSE bug 1256081SUSE bug 1256086SUSE bug 1256091SUSE bug 1256093SUSE bug 1256095SUSE bug 1256099SUSE bug 1256114SUSE bug 1256115SUSE bug 1256118SUSE bug 1256119SUSE bug 1256121SUSE bug 1256122SUSE bug 1256124SUSE bug 1256125SUSE bug 1256126SUSE bug 1256127SUSE bug 1256130SUSE bug 1256131SUSE bug 1256132SUSE bug 1256133SUSE bug 1256136SUSE bug 1256137SUSE bug 1256140SUSE bug 1256141SUSE bug 1256142SUSE bug 1256143SUSE bug 1256145SUSE bug 1256149SUSE bug 1256152SUSE bug 1256154SUSE bug 1256155SUSE bug 1256157SUSE bug 1256158SUSE bug 1256162SUSE bug 1256165SUSE bug 1256167SUSE bug 1256172SUSE bug 1256173SUSE bug 1256174SUSE bug 1256177SUSE bug 1256178SUSE bug 1256179SUSE bug 1256182SUSE bug 1256184SUSE bug 1256185SUSE bug 1256186SUSE bug 1256188SUSE bug 1256189SUSE bug 1256191SUSE bug 1256192SUSE bug 1256193SUSE bug 1256194SUSE bug 1256196SUSE bug 1256199SUSE bug 1256200SUSE bug 1256202SUSE bug 1256203SUSE bug 1256204SUSE bug 1256205SUSE bug 1256206SUSE bug 1256207SUSE bug 1256208SUSE bug 1256211SUSE bug 1256215SUSE bug 1256216SUSE bug 1256219SUSE bug 1256220SUSE bug 1256221SUSE bug 1256223SUSE bug 1256228SUSE bug 1256230SUSE bug 1256231SUSE bug 1256235SUSE bug 1256241SUSE bug 1256242SUSE bug 1256245SUSE bug 1256248SUSE bug 1256250SUSE bug 1256254SUSE bug 1256260SUSE bug 1256265SUSE bug 1256269SUSE bug 1256271SUSE bug 1256274SUSE bug 1256282SUSE bug 1256285SUSE bug 1256291SUSE bug 1256295SUSE bug 1256300SUSE bug 1256306SUSE bug 1256317SUSE bug 1256320SUSE bug 1256323SUSE bug 1256326SUSE bug 1256328SUSE bug 1256333SUSE bug 1256334SUSE bug 1256335SUSE bug 1256337SUSE bug 1256338SUSE bug 1256344SUSE bug 1256346SUSE bug 1256349SUSE bug 1256353SUSE bug 1256355SUSE bug 1256368SUSE bug 1256370SUSE bug 1256375SUSE bug 1256382SUSE bug 1256383SUSE bug 1256384SUSE bug 1256386SUSE bug 1256388SUSE bug 1256391SUSE bug 1256394SUSE bug 1256395SUSE bug 1256396SUSE bug 1256397SUSE bug 1256423SUSE bug 1256426SUSE bug 1256432SUSE bug 1256582SUSE bug 1256612SUSE bug 1256641SUSE bug 1256744SUSE bug 1256779CVE-2022-0854 at SUSECVE-2022-0854 at NVDCVE-2022-48853 at SUSECVE-2022-48853 at NVDCVE-2022-50614 at SUSECVE-2022-50614 at NVDCVE-2022-50615 at SUSECVE-2022-50615 at NVDCVE-2022-50617 at SUSECVE-2022-50617 at NVDCVE-2022-50618 at SUSECVE-2022-50618 at NVDCVE-2022-50619 at SUSECVE-2022-50619 at NVDCVE-2022-50622 at SUSECVE-2022-50622 at NVDCVE-2022-50623 at SUSECVE-2022-50623 at NVDCVE-2022-50625 at SUSECVE-2022-50625 at NVDCVE-2022-50626 at SUSECVE-2022-50626 at NVDCVE-2022-50629 at SUSECVE-2022-50629 at NVDCVE-2022-50630 at SUSECVE-2022-50630 at NVDCVE-2022-50633 at SUSECVE-2022-50633 at NVDCVE-2022-50635 at SUSECVE-2022-50635 at NVDCVE-2022-50636 at SUSECVE-2022-50636 at NVDCVE-2022-50638 at SUSECVE-2022-50638 at NVDCVE-2022-50640 at SUSECVE-2022-50640 at NVDCVE-2022-50641 at SUSECVE-2022-50641 at NVDCVE-2022-50643 at SUSECVE-2022-50643 at NVDCVE-2022-50644 at SUSECVE-2022-50644 at NVDCVE-2022-50646 at SUSECVE-2022-50646 at NVDCVE-2022-50649 at SUSECVE-2022-50649 at NVDCVE-2022-50652 at SUSECVE-2022-50652 at NVDCVE-2022-50653 at SUSECVE-2022-50653 at NVDCVE-2022-50656 at SUSECVE-2022-50656 at NVDCVE-2022-50658 at SUSECVE-2022-50658 at NVDCVE-2022-50660 at SUSECVE-2022-50660 at NVDCVE-2022-50661 at SUSECVE-2022-50661 at NVDCVE-2022-50662 at SUSECVE-2022-50662 at NVDCVE-2022-50664 at SUSECVE-2022-50664 at NVDCVE-2022-50666 at SUSECVE-2022-50666 at NVDCVE-2022-50668 at SUSECVE-2022-50668 at NVDCVE-2022-50669 at SUSECVE-2022-50669 at NVDCVE-2022-50670 at SUSECVE-2022-50670 at NVDCVE-2022-50671 at SUSECVE-2022-50671 at NVDCVE-2022-50672 at SUSECVE-2022-50672 at NVDCVE-2022-50673 at SUSECVE-2022-50673 at NVDCVE-2022-50675 at SUSECVE-2022-50675 at NVDCVE-2022-50677 at SUSECVE-2022-50677 at NVDCVE-2022-50678 at SUSECVE-2022-50678 at NVDCVE-2022-50679 at SUSECVE-2022-50679 at NVDCVE-2022-50697 at SUSECVE-2022-50697 at NVDCVE-2022-50698 at SUSECVE-2022-50698 at NVDCVE-2022-50699 at SUSECVE-2022-50699 at NVDCVE-2022-50700 at SUSECVE-2022-50700 at NVDCVE-2022-50702 at SUSECVE-2022-50702 at NVDCVE-2022-50703 at SUSECVE-2022-50703 at NVDCVE-2022-50704 at SUSECVE-2022-50704 at NVDCVE-2022-50709 at SUSECVE-2022-50709 at NVDCVE-2022-50715 at SUSECVE-2022-50715 at NVDCVE-2022-50716 at SUSECVE-2022-50716 at NVDCVE-2022-50717 at SUSECVE-2022-50717 at NVDCVE-2022-50718 at SUSECVE-2022-50718 at NVDCVE-2022-50719 at SUSECVE-2022-50719 at NVDCVE-2022-50722 at SUSECVE-2022-50722 at NVDCVE-2022-50724 at SUSECVE-2022-50724 at NVDCVE-2022-50726 at SUSECVE-2022-50726 at NVDCVE-2022-50727 at SUSECVE-2022-50727 at NVDCVE-2022-50728 at SUSECVE-2022-50728 at NVDCVE-2022-50730 at SUSECVE-2022-50730 at NVDCVE-2022-50731 at SUSECVE-2022-50731 at NVDCVE-2022-50732 at SUSECVE-2022-50732 at NVDCVE-2022-50733 at SUSECVE-2022-50733 at NVDCVE-2022-50735 at SUSECVE-2022-50735 at NVDCVE-2022-50736 at SUSECVE-2022-50736 at NVDCVE-2022-50740 at SUSECVE-2022-50740 at NVDCVE-2022-50742 at SUSECVE-2022-50742 at NVDCVE-2022-50744 at SUSECVE-2022-50744 at NVDCVE-2022-50745 at SUSECVE-2022-50745 at NVDCVE-2022-50747 at SUSECVE-2022-50747 at NVDCVE-2022-50749 at SUSECVE-2022-50749 at NVDCVE-2022-50750 at SUSECVE-2022-50750 at NVDCVE-2022-50751 at SUSECVE-2022-50751 at NVDCVE-2022-50752 at SUSECVE-2022-50752 at NVDCVE-2022-50754 at SUSECVE-2022-50754 at NVDCVE-2022-50755 at SUSECVE-2022-50755 at NVDCVE-2022-50756 at SUSECVE-2022-50756 at NVDCVE-2022-50757 at SUSECVE-2022-50757 at NVDCVE-2022-50758 at SUSECVE-2022-50758 at NVDCVE-2022-50760 at SUSECVE-2022-50760 at NVDCVE-2022-50761 at SUSECVE-2022-50761 at NVDCVE-2022-50763 at SUSECVE-2022-50763 at NVDCVE-2022-50767 at SUSECVE-2022-50767 at NVDCVE-2022-50769 at SUSECVE-2022-50769 at NVDCVE-2022-50770 at SUSECVE-2022-50770 at NVDCVE-2022-50773 at SUSECVE-2022-50773 at NVDCVE-2022-50774 at SUSECVE-2022-50774 at NVDCVE-2022-50776 at SUSECVE-2022-50776 at NVDCVE-2022-50777 at SUSECVE-2022-50777 at NVDCVE-2022-50779 at SUSECVE-2022-50779 at NVDCVE-2022-50781 at SUSECVE-2022-50781 at NVDCVE-2022-50782 at SUSECVE-2022-50782 at NVDCVE-2022-50809 at SUSECVE-2022-50809 at NVDCVE-2022-50814 at SUSECVE-2022-50814 at NVDCVE-2022-50819 at SUSECVE-2022-50819 at NVDCVE-2022-50821 at SUSECVE-2022-50821 at NVDCVE-2022-50822 at SUSECVE-2022-50822 at NVDCVE-2022-50823 at SUSECVE-2022-50823 at NVDCVE-2022-50824 at SUSECVE-2022-50824 at NVDCVE-2022-50826 at SUSECVE-2022-50826 at NVDCVE-2022-50827 at SUSECVE-2022-50827 at NVDCVE-2022-50828 at SUSECVE-2022-50828 at NVDCVE-2022-50829 at SUSECVE-2022-50829 at NVDCVE-2022-50830 at SUSECVE-2022-50830 at NVDCVE-2022-50832 at SUSECVE-2022-50832 at NVDCVE-2022-50834 at SUSECVE-2022-50834 at NVDCVE-2022-50835 at SUSECVE-2022-50835 at NVDCVE-2022-50836 at SUSECVE-2022-50836 at NVDCVE-2022-50839 at SUSECVE-2022-50839 at NVDCVE-2022-50840 at SUSECVE-2022-50840 at NVDCVE-2022-50842 at SUSECVE-2022-50842 at NVDCVE-2022-50843 at SUSECVE-2022-50843 at NVDCVE-2022-50844 at SUSECVE-2022-50844 at NVDCVE-2022-50845 at SUSECVE-2022-50845 at NVDCVE-2022-50846 at SUSECVE-2022-50846 at NVDCVE-2022-50848 at SUSECVE-2022-50848 at NVDCVE-2022-50849 at SUSECVE-2022-50849 at NVDCVE-2022-50850 at SUSECVE-2022-50850 at NVDCVE-2022-50851 at SUSECVE-2022-50851 at NVDCVE-2022-50853 at SUSECVE-2022-50853 at NVDCVE-2022-50856 at SUSECVE-2022-50856 at NVDCVE-2022-50858 at SUSECVE-2022-50858 at NVDCVE-2022-50859 at SUSECVE-2022-50859 at NVDCVE-2022-50860 at SUSECVE-2022-50860 at NVDCVE-2022-50861 at SUSECVE-2022-50861 at NVDCVE-2022-50864 at SUSECVE-2022-50864 at NVDCVE-2022-50866 at SUSECVE-2022-50866 at NVDCVE-2022-50868 at SUSECVE-2022-50868 at NVDCVE-2022-50870 at SUSECVE-2022-50870 at NVDCVE-2022-50872 at SUSECVE-2022-50872 at NVDCVE-2022-50876 at SUSECVE-2022-50876 at NVDCVE-2022-50878 at SUSECVE-2022-50878 at NVDCVE-2022-50880 at SUSECVE-2022-50880 at NVDCVE-2022-50881 at SUSECVE-2022-50881 at NVDCVE-2022-50882 at SUSECVE-2022-50882 at NVDCVE-2022-50884 at SUSECVE-2022-50884 at NVDCVE-2022-50885 at SUSECVE-2022-50885 at NVDCVE-2022-50886 at SUSECVE-2022-50886 at NVDCVE-2022-50887 at SUSECVE-2022-50887 at NVDCVE-2022-50888 at SUSECVE-2022-50888 at NVDCVE-2022-50889 at SUSECVE-2022-50889 at NVDCVE-2023-23559 at SUSECVE-2023-23559 at NVDCVE-2023-53215 at SUSECVE-2023-53215 at NVDCVE-2023-53254 at SUSECVE-2023-53254 at NVDCVE-2023-53743 at SUSECVE-2023-53743 at NVDCVE-2023-53744 at SUSECVE-2023-53744 at NVDCVE-2023-53746 at SUSECVE-2023-53746 at NVDCVE-2023-53747 at SUSECVE-2023-53747 at NVDCVE-2023-53751 at SUSECVE-2023-53751 at NVDCVE-2023-53754 at SUSECVE-2023-53754 at NVDCVE-2023-53755 at SUSECVE-2023-53755 at NVDCVE-2023-53761 at SUSECVE-2023-53761 at NVDCVE-2023-53766 at SUSECVE-2023-53766 at NVDCVE-2023-53781 at SUSECVE-2023-53781 at NVDCVE-2023-53783 at SUSECVE-2023-53783 at NVDCVE-2023-53786 at SUSECVE-2023-53786 at NVDCVE-2023-53788 at SUSECVE-2023-53788 at NVDCVE-2023-53792 at SUSECVE-2023-53792 at NVDCVE-2023-53794 at SUSECVE-2023-53794 at NVDCVE-2023-53802 at SUSECVE-2023-53802 at NVDCVE-2023-53803 at SUSECVE-2023-53803 at NVDCVE-2023-53804 at SUSECVE-2023-53804 at NVDCVE-2023-53808 at SUSECVE-2023-53808 at NVDCVE-2023-53811 at SUSECVE-2023-53811 at NVDCVE-2023-53814 at SUSECVE-2023-53814 at NVDCVE-2023-53818 at SUSECVE-2023-53818 at NVDCVE-2023-53819 at SUSECVE-2023-53819 at NVDCVE-2023-53820 at SUSECVE-2023-53820 at NVDCVE-2023-53827 at SUSECVE-2023-53827 at NVDCVE-2023-53830 at SUSECVE-2023-53830 at NVDCVE-2023-53832 at SUSECVE-2023-53832 at NVDCVE-2023-53834 at SUSECVE-2023-53834 at NVDCVE-2023-53837 at SUSECVE-2023-53837 at NVDCVE-2023-53840 at SUSECVE-2023-53840 at NVDCVE-2023-53842 at SUSECVE-2023-53842 at NVDCVE-2023-53844 at SUSECVE-2023-53844 at NVDCVE-2023-53845 at SUSECVE-2023-53845 at NVDCVE-2023-53847 at SUSECVE-2023-53847 at NVDCVE-2023-53850 at SUSECVE-2023-53850 at NVDCVE-2023-53852 at SUSECVE-2023-53852 at NVDCVE-2023-53858 at SUSECVE-2023-53858 at NVDCVE-2023-53862 at SUSECVE-2023-53862 at NVDCVE-2023-53866 at SUSECVE-2023-53866 at NVDCVE-2023-53990 at SUSECVE-2023-53990 at NVDCVE-2023-53991 at SUSECVE-2023-53991 at NVDCVE-2023-53996 at SUSECVE-2023-53996 at NVDCVE-2023-53998 at SUSECVE-2023-53998 at NVDCVE-2023-54001 at SUSECVE-2023-54001 at NVDCVE-2023-54003 at SUSECVE-2023-54003 at NVDCVE-2023-54007 at SUSECVE-2023-54007 at NVDCVE-2023-54009 at SUSECVE-2023-54009 at NVDCVE-2023-54010 at SUSECVE-2023-54010 at NVDCVE-2023-54014 at SUSECVE-2023-54014 at NVDCVE-2023-54015 at SUSECVE-2023-54015 at NVDCVE-2023-54018 at SUSECVE-2023-54018 at NVDCVE-2023-54019 at SUSECVE-2023-54019 at NVDCVE-2023-54020 at SUSECVE-2023-54020 at NVDCVE-2023-54021 at SUSECVE-2023-54021 at NVDCVE-2023-54024 at SUSECVE-2023-54024 at NVDCVE-2023-54025 at SUSECVE-2023-54025 at NVDCVE-2023-54026 at SUSECVE-2023-54026 at NVDCVE-2023-54028 at SUSECVE-2023-54028 at NVDCVE-2023-54036 at SUSECVE-2023-54036 at NVDCVE-2023-54039 at SUSECVE-2023-54039 at NVDCVE-2023-54040 at SUSECVE-2023-54040 at NVDCVE-2023-54042 at SUSECVE-2023-54042 at NVDCVE-2023-54045 at SUSECVE-2023-54045 at NVDCVE-2023-54046 at SUSECVE-2023-54046 at NVDCVE-2023-54048 at SUSECVE-2023-54048 at NVDCVE-2023-54049 at SUSECVE-2023-54049 at NVDCVE-2023-54050 at SUSECVE-2023-54050 at NVDCVE-2023-54051 at SUSECVE-2023-54051 at NVDCVE-2023-54053 at SUSECVE-2023-54053 at NVDCVE-2023-54055 at SUSECVE-2023-54055 at NVDCVE-2023-54058 at SUSECVE-2023-54058 at NVDCVE-2023-54064 at SUSECVE-2023-54064 at NVDCVE-2023-54072 at SUSECVE-2023-54072 at NVDCVE-2023-54076 at SUSECVE-2023-54076 at NVDCVE-2023-54078 at SUSECVE-2023-54078 at NVDCVE-2023-54079 at SUSECVE-2023-54079 at NVDCVE-2023-54083 at SUSECVE-2023-54083 at NVDCVE-2023-54084 at SUSECVE-2023-54084 at NVDCVE-2023-54090 at SUSECVE-2023-54090 at NVDCVE-2023-54091 at SUSECVE-2023-54091 at NVDCVE-2023-54092 at SUSECVE-2023-54092 at NVDCVE-2023-54095 at SUSECVE-2023-54095 at NVDCVE-2023-54096 at SUSECVE-2023-54096 at NVDCVE-2023-54097 at SUSECVE-2023-54097 at NVDCVE-2023-54098 at SUSECVE-2023-54098 at NVDCVE-2023-54100 at SUSECVE-2023-54100 at NVDCVE-2023-54102 at SUSECVE-2023-54102 at NVDCVE-2023-54104 at SUSECVE-2023-54104 at NVDCVE-2023-54108 at SUSECVE-2023-54108 at NVDCVE-2023-54110 at SUSECVE-2023-54110 at NVDCVE-2023-54111 at SUSECVE-2023-54111 at NVDCVE-2023-54115 at SUSECVE-2023-54115 at NVDCVE-2023-54118 at SUSECVE-2023-54118 at NVDCVE-2023-54119 at SUSECVE-2023-54119 at NVDCVE-2023-54120 at SUSECVE-2023-54120 at NVDCVE-2023-54122 at SUSECVE-2023-54122 at NVDCVE-2023-54123 at SUSECVE-2023-54123 at NVDCVE-2023-54126 at SUSECVE-2023-54126 at NVDCVE-2023-54127 at SUSECVE-2023-54127 at NVDCVE-2023-54130 at SUSECVE-2023-54130 at NVDCVE-2023-54131 at SUSECVE-2023-54131 at NVDCVE-2023-54136 at SUSECVE-2023-54136 at NVDCVE-2023-54140 at SUSECVE-2023-54140 at NVDCVE-2023-54142 at SUSECVE-2023-54142 at NVDCVE-2023-54146 at SUSECVE-2023-54146 at NVDCVE-2023-54150 at SUSECVE-2023-54150 at NVDCVE-2023-54153 at SUSECVE-2023-54153 at NVDCVE-2023-54156 at SUSECVE-2023-54156 at NVDCVE-2023-54159 at SUSECVE-2023-54159 at NVDCVE-2023-54166 at SUSECVE-2023-54166 at NVDCVE-2023-54168 at SUSECVE-2023-54168 at NVDCVE-2023-54170 at SUSECVE-2023-54170 at NVDCVE-2023-54171 at SUSECVE-2023-54171 at NVDCVE-2023-54173 at SUSECVE-2023-54173 at NVDCVE-2023-54177 at SUSECVE-2023-54177 at NVDCVE-2023-54179 at SUSECVE-2023-54179 at NVDCVE-2023-54183 at SUSECVE-2023-54183 at NVDCVE-2023-54186 at SUSECVE-2023-54186 at NVDCVE-2023-54189 at SUSECVE-2023-54189 at NVDCVE-2023-54190 at SUSECVE-2023-54190 at NVDCVE-2023-54197 at SUSECVE-2023-54197 at NVDCVE-2023-54198 at SUSECVE-2023-54198 at NVDCVE-2023-54199 at SUSECVE-2023-54199 at NVDCVE-2023-54201 at SUSECVE-2023-54201 at NVDCVE-2023-54202 at SUSECVE-2023-54202 at NVDCVE-2023-54205 at SUSECVE-2023-54205 at NVDCVE-2023-54208 at SUSECVE-2023-54208 at NVDCVE-2023-54211 at SUSECVE-2023-54211 at NVDCVE-2023-54213 at SUSECVE-2023-54213 at NVDCVE-2023-54214 at SUSECVE-2023-54214 at NVDCVE-2023-54219 at SUSECVE-2023-54219 at NVDCVE-2023-54230 at SUSECVE-2023-54230 at NVDCVE-2023-54236 at SUSECVE-2023-54236 at NVDCVE-2023-54242 at SUSECVE-2023-54242 at NVDCVE-2023-54243 at SUSECVE-2023-54243 at NVDCVE-2023-54244 at SUSECVE-2023-54244 at NVDCVE-2023-54245 at SUSECVE-2023-54245 at NVDCVE-2023-54252 at SUSECVE-2023-54252 at NVDCVE-2023-54260 at SUSECVE-2023-54260 at NVDCVE-2023-54264 at SUSECVE-2023-54264 at NVDCVE-2023-54266 at SUSECVE-2023-54266 at NVDCVE-2023-54269 at SUSECVE-2023-54269 at NVDCVE-2023-54270 at SUSECVE-2023-54270 at NVDCVE-2023-54271 at SUSECVE-2023-54271 at NVDCVE-2023-54274 at SUSECVE-2023-54274 at NVDCVE-2023-54275 at SUSECVE-2023-54275 at NVDCVE-2023-54277 at SUSECVE-2023-54277 at NVDCVE-2023-54280 at SUSECVE-2023-54280 at NVDCVE-2023-54284 at SUSECVE-2023-54284 at NVDCVE-2023-54286 at SUSECVE-2023-54286 at NVDCVE-2023-54287 at SUSECVE-2023-54287 at NVDCVE-2023-54289 at SUSECVE-2023-54289 at NVDCVE-2023-54292 at SUSECVE-2023-54292 at NVDCVE-2023-54293 at SUSECVE-2023-54293 at NVDCVE-2023-54294 at SUSECVE-2023-54294 at NVDCVE-2023-54295 at SUSECVE-2023-54295 at NVDCVE-2023-54298 at SUSECVE-2023-54298 at NVDCVE-2023-54299 at SUSECVE-2023-54299 at NVDCVE-2023-54300 at SUSECVE-2023-54300 at NVDCVE-2023-54301 at SUSECVE-2023-54301 at NVDCVE-2023-54302 at SUSECVE-2023-54302 at NVDCVE-2023-54304 at SUSECVE-2023-54304 at NVDCVE-2023-54305 at SUSECVE-2023-54305 at NVDCVE-2023-54309 at SUSECVE-2023-54309 at NVDCVE-2023-54311 at SUSECVE-2023-54311 at NVDCVE-2023-54315 at SUSECVE-2023-54315 at NVDCVE-2023-54317 at SUSECVE-2023-54317 at NVDCVE-2023-54319 at SUSECVE-2023-54319 at NVDCVE-2023-54321 at SUSECVE-2023-54321 at NVDCVE-2023-54325 at SUSECVE-2023-54325 at NVDCVE-2023-54326 at SUSECVE-2023-54326 at NVDCVE-2024-28956 at SUSECVE-2024-28956 at NVDCVE-2024-36348 at SUSECVE-2024-36348 at NVDCVE-2024-36349 at SUSECVE-2024-36349 at NVDCVE-2024-36350 at SUSECVE-2024-36350 at NVDCVE-2024-36357 at SUSECVE-2024-36357 at NVDCVE-2024-44987 at SUSECVE-2024-44987 at NVDCVE-2025-38068 at SUSECVE-2025-38068 at NVDCVE-2025-38129 at SUSECVE-2025-38129 at NVDCVE-2025-38159 at SUSECVE-2025-38159 at NVDCVE-2025-38375 at SUSECVE-2025-38375 at NVDCVE-2025-39977 at SUSECVE-2025-39977 at NVDCVE-2025-40019 at SUSECVE-2025-40019 at NVDCVE-2025-40139 at SUSECVE-2025-40139 at NVDCVE-2025-40215 at SUSECVE-2025-40215 at NVDCVE-2025-40220 at SUSECVE-2025-40220 at NVDCVE-2025-40233 at SUSECVE-2025-40233 at NVDCVE-2025-40256 at SUSECVE-2025-40256 at NVDCVE-2025-40257 at SUSECVE-2025-40257 at NVDCVE-2025-40258 at SUSECVE-2025-40258 at NVDCVE-2025-40277 at SUSECVE-2025-40277 at NVDCVE-2025-40280 at SUSECVE-2025-40280 at NVDCVE-2025-40300 at SUSECVE-2025-40300 at NVDCVE-2025-40331 at SUSECVE-2025-40331 at NVDCVE-2025-68183 at SUSECVE-2025-68183 at NVDCVE-2025-68284 at SUSECVE-2025-68284 at NVDCVE-2025-68285 at SUSECVE-2025-68285 at NVDCVE-2025-68732 at SUSECVE-2025-68732 at NVDCVE-2025-68771 at SUSECVE-2025-68771 at NVDCVE-2025-68813 at SUSECVE-2025-68813 at NVDCVE-2025-71089 at SUSECVE-2025-71089 at NVDCVE-2025-71116 at SUSECVE-2025-71116 at NVDCVE-2025-71120 at SUSECVE-2025-71120 at NVDcpe:/o:suse:sle-micro:5.4Security update for qemu (Important)SUSE Linux Enterprise Micro 5.4
This update for qemu fixes the following issues:
Security issues fixed:
- CVE-2023-1544: out-of-bounds read in VMWare's paravirtual RDMA device operations can be exploited through a malicious
guest driver to crash the QEMU process on the host (bsc#1209554).
- CVE-2024-6505: heap-based buffer overflow in the virtio-net device operations can be exploited by a malicious
privileged user to crash the QEMU process on the host (bsc#1227397).
- CVE-2025-12464: stack-based buffer overflow in the e1000 network device operations can be exploited by a malicious
guest user to crash the QEMU process on the host (bsc#1253002).
Other updates and bugfixes:
- [openSUSE][RPM] spec: require qemu-hw-display-virtio-gpu-pci for x86 too.
- [openSUSE][RPM} spec: delete old specfile constructs.
- block/curl: fix curl internal handles handling (bsc#1252768).
- [openSUSE][RPM]: really fix *-virtio-gpu-pci dependency on ARM (bsc#1254286).
ImportantSUSE bug 1209554SUSE bug 1227397SUSE bug 1252768SUSE bug 1253002SUSE bug 1254286CVE-2023-1544 at SUSECVE-2023-1544 at NVDCVE-2024-6505 at SUSECVE-2024-6505 at NVDCVE-2025-12464 at SUSECVE-2025-12464 at NVDcpe:/o:suse:sle-micro:5.4Security update for python-pyasn1 (Important)SUSE Linux Enterprise Micro 5.4
This update for python-pyasn1 fixes the following issues:
- CVE-2026-23490: Fixed malformed RELATIVE-OID with excessive continuation
octets leading to Denial of Service (bsc#1256902)
ImportantSUSE bug 1256902CVE-2026-23490 at SUSECVE-2026-23490 at NVDcpe:/o:suse:sle-micro:5.4Security update for sqlite3 (Moderate)SUSE Linux Enterprise Micro 5.4
This update for sqlite3 fixes the following issues:
- Update to v3.51.2:
- CVE-2025-7709: Fixed an integer overflow in the FTS5 extension. (bsc#1254670)
ModerateSUSE bug 1248586SUSE bug 1254670CVE-2025-7709 at SUSECVE-2025-7709 at NVDcpe:/o:suse:sle-micro:5.4Security update for qemu (Important)SUSE Linux Enterprise Micro 5.4
This update for qemu fixes the following issues:
- CVE-2025-11234: Fixed use-after-free in websocket handshake code can lead to denial of service (bsc#1250984).
ImportantSUSE bug 1250984CVE-2025-11234 at SUSECVE-2025-11234 at NVDcpe:/o:suse:sle-micro:5.4Security update for mozjs60 (Moderate)SUSE Linux Enterprise Micro 5.4
This update for mozjs60 fixes the following issues:
- CVE-2024-45492: embedded expat: detect integer overflow in function nextScaffoldPart (bsc#1230038)
- CVE-2024-45491: embedded expat: detect integer overflow in dtdCopy (bsc#1230037)
- CVE-2024-45490: embedded expat: reject negative len for XML_ParseBuffer (bsc#1230036)
- CVE-2024-50602: libexpat: DoS via XML_ResumeParser (bsc#1232602)
ModerateSUSE bug 1230036SUSE bug 1230037SUSE bug 1230038SUSE bug 1232602CVE-2024-45490 at SUSECVE-2024-45490 at NVDCVE-2024-45491 at SUSECVE-2024-45491 at NVDCVE-2024-45492 at SUSECVE-2024-45492 at NVDCVE-2024-50602 at SUSECVE-2024-50602 at NVDcpe:/o:suse:sle-micro:5.4Security update for python-urllib3 (Moderate)SUSE Linux Enterprise Micro 5.4
This update for python-urllib3_1 fixes the following issues:
- CVE-2025-66471: excessive resource consumption via decompression of highly compressed data in Streaming API (bsc#1254867).
- CVE-2025-66418: resource exhaustion via unbounded number of links in the decompression chain (bsc#1254866).
- CVE-2026-21441: excessive resource consumption during decompression of data in HTTP redirect responses (bsc#1256331).
ModerateSUSE bug 1254866SUSE bug 1254867SUSE bug 1256331CVE-2025-66418 at SUSECVE-2025-66418 at NVDCVE-2025-66471 at SUSECVE-2025-66471 at NVDCVE-2026-21441 at SUSECVE-2026-21441 at NVDcpe:/o:suse:sle-micro:5.4Security update for rust-keylime (Important)SUSE Linux Enterprise Micro 5.4
This update for rust-keylime fixes the following issues:
Update to version 0.2.8+116.
Security issues fixed:
- CVE-2026-25727: time: parsing of user-provided input by the RFC 2822 date parser can lead to stack exhaustion
(bsc#1257908).
Other updates and bugfixes:
- Update vendored crates `time` to version 0.3.47.
- Update to version 0.2.8+116:
* build(deps): bump bytes from 1.7.2 to 1.11.1
* api: Modify /version endpoint output in version 2.5
* Add API v2.5 with backward-compatible /v2.5/quotes/integrity
* tests: add unit test for resolve_agent_id (#1182)
* (pull-model): enable retry logic for registration
* rpm: Update specfiles to apply on master
* workflows: Add test to detect unused crates
* lib: Drop unused crates
* push-model: Drop unused crates
* keylime-agent: Drop unused crates
* build(deps): bump uuid from 1.18.1 to 1.19.0
* Update reqwest-retry to 0.8, retry-policies to 0.5
* rpm: Fix cargo_build macro usage on CentOS Stream
* fix(push-model): resolve hash_ek uuid to actual EK hash
* build(deps): bump thiserror from 2.0.16 to 2.0.17
* workflows: Separate upstream test suite from e2e coverage
* Send UEFI measured boot logs as raw bytes (#1173)
* auth: Add unit tests for SecretToken implementation
* packit: Enable push-attestation tests
* resilient_client: Prevent authentication token leakage in logs
- Use tmpfiles.d for /var directories (PED-14736)
- Update to version 0.2.8+96:
* build(deps): bump wiremock from 0.6.4 to 0.6.5
* build(deps): bump actions/checkout from 5 to 6
* build(deps): bump chrono from 0.4.41 to 0.4.42
* packit: Get coverage from Fedora 43 runs
* Fix issues pointed out by clippy
* Replace mutex unwraps with proper error handling in TPM library
* Remove unused session request methods from StructureFiller
* Fix config panic on missing ek_handle in push model agent
* build(deps): bump tempfile from 3.21.0 to 3.23.0
* build(deps): bump actions/upload-artifact from 4 to 6 (#1163)
* Fix clippy warnings project-wide
* Add KEYLIME_DIR support for verifier TLS certificates in push model agent
* Thread privileged resources and use MeasurementList for IMA reading
* Add privileged resource initialization and privilege dropping to push model agent
* Fix privilege dropping order in run_as()
* add documentation on FQDN hostnames
* Remove confusing logs for push mode agent
* Set correct default Verifier port (8891->8881) (#1159)
* Add verifier_url to reference configuration file (#1158)
* Add TLS support for Registrar communication (#1139)
* Fix agent handling of 403 registration responses (#1154)
* Add minor README.md rephrasing (#1151)
* build(deps): bump actions/checkout from 5 to 6 (#1153)
* ci: update spec files for packit COPR build
* docs: improve challenge encoding and async TPM documentation
* refactor: improve middleware and error handling
* feat: add authentication client with middleware integration
* docker: Include keylime_push_model_agent binary
* Include attestation_interval configuration (#1146)
* Persist payload keys to avoid attestation failure on restart
* crypto: Implement the load or generate pattern for keys
* Use simple algorithm specifiers in certification_keys object (#1140)
* tests: Enable more tests in CI
* Fix RSA2048 algorithm reporting in keylime agent
* Remove disabled_signing_algorithms configuration
* rpm: Fix metadata patches to apply to current code
* workflows/rpm.yml: Use more strict patching
* build(deps): bump uuid from 1.17.0 to 1.18.1
* Fix ECC algorithm selection and reporting for keylime agent
* Improve logging consistency and coherency
* Implement minimal RFC compliance for Location header and URI parsing (#1125)
* Use separate keys for payload mechanism and mTLS
* docker: update rust to 1.81 for distroless Dockerfile
* Ensure UEFI log capabilities are set to false
* build(deps): bump http from 1.1.0 to 1.3.1
* build(deps): bump log from 0.4.27 to 0.4.28
* build(deps): bump cfg-if from 1.0.1 to 1.0.3
* build(deps): bump actix-rt from 2.10.0 to 2.11.0
* build(deps): bump async-trait from 0.1.88 to 0.1.89
* build(deps): bump trybuild from 1.0.105 to 1.0.110
* Accept evidence handling structures null entries
* workflows: Add test to check if RPM patches still apply
* CI: Enable test add-agent-with-malformed-ek-cert
* config: Fix singleton tests
* FSM: Remove needless lifetime annotations (#1105)
* rpm: Do not remove wiremock which is now available in Fedora
* Use latest Fedora httpdate version (1.0.3)
* Enhance coverage with parse_retry_after test
* Fix issues reported by CI regarding unwrap() calls
* Reuse max retries indicated to the ResilientClient
* Include limit of retries to 5 for Retry-After
* Add policy to handle Retry-After response headers
* build(deps): bump wiremock from 0.6.3 to 0.6.4
* build(deps): bump serde_json from 1.0.140 to 1.0.143
* build(deps): bump pest_derive from 2.8.0 to 2.8.1
* build(deps): bump syn from 2.0.90 to 2.0.106
* build(deps): bump tempfile from 3.20.0 to 3.21.0
* build(deps): bump thiserror from 2.0.12 to 2.0.16
* rpm: Fix patches to apply to current master code
* build(deps): bump anyhow from 1.0.98 to 1.0.99
* state_machine: Automatically clean config override during tests
* config: Implement singleton and factory pattern
* testing: Support overriding configuration during tests
* feat: implement standalone challenge-response authentication module
* structures: rename session structs for clarity and fix typos
* tpm: refactor certify_credential_with_iak() into a more generic function
* Add Push Model Agent Mermaid FSM chart (#1095)
* Add state to avoid exiting on wrong attestation (#1093)
* Add 6 alphanumeric lowercase X-Request-ID header
* Enhance Evidence Handling response parsing
* build(deps): bump quote from 1.0.35 to 1.0.40
* build(deps): bump libc from 0.2.172 to 0.2.175
* build(deps): bump glob from 0.3.2 to 0.3.3
* build(deps): bump actix-web from 4.10.2 to 4.11.0
ImportantSUSE bug 1257908CVE-2026-25727 at SUSECVE-2026-25727 at NVDcpe:/o:suse:sle-micro:5.4Security update for glib2 (Important)SUSE Linux Enterprise Micro 5.4
This update for glib2 fixes the following issues:
- CVE-2026-1485: Fixed buffer underflow and out-of-bounds access due to integer wraparound in content type parsing (bsc#1257354).
- CVE-2026-1484: Fixed buffer underflow and out-of-bounds access due to miscalculated buffer boundaries in the Base64 encoding routine (bsc#1257355).
- CVE-2026-1489: Fixed undersized heap allocation followed by out-of-bounds access due to integer overflow in Unicode case conversion (bsc#1257353).
- CVE-2026-0988: Fixed a potential integer overflow in g_buffered_input_stream_peek (bsc#1257049).
ImportantSUSE bug 1257049CVE-2026-0988 at SUSECVE-2026-0988 at NVDcpe:/o:suse:sle-micro:5.4Security update for nvidia-modprobe.cuda, nvidia-open-driver-G06-signed, nvidia-persistenced.cuda (Important)SUSE Linux Enterprise Micro 5.4
This update for nvidia-modprobe.cuda, nvidia-open-driver-G06-signed, nvidia-persistenced.cuda fixes the following issues:
Changes in nvidia-open-driver-G06-signed:
- updated CUDA variant to version 580.126.09
- update non-CUDA variant to version 580.126.09 (bsc#1255858)
- update non-CUDA variant to version 580.119.02 (bsc#1254801)
Changes in nvidia-persistenced.cuda:
- update to version 580.126.09
Changes in nvidia-modprobe.cuda:
- update to version 580.126.09
ImportantSUSE bug 1254801SUSE bug 1255858cpe:/o:suse:sle-micro:5.4Security update for libsoup2 (Important)SUSE Linux Enterprise Micro 5.4
This update for libsoup2 fixes the following issues:
- CVE-2026-1761: Check length of bytes read in soup_filter_input_stream_read_until to avoid a stack-based buffer
overflow (bsc#1257598).
- CVE-2026-0716: improper bounds handling may allow out-of-bounds read (bsc#1256418).
- CVE-2025-4476: null pointer dereference may lead to denial of service (bsc#1243422).
ImportantSUSE bug 1243422SUSE bug 1256418SUSE bug 1257598CVE-2025-4476 at SUSECVE-2025-4476 at NVDCVE-2026-0716 at SUSECVE-2026-0716 at NVDCVE-2026-1761 at SUSECVE-2026-1761 at NVDcpe:/o:suse:sle-micro:5.4Security update for curl (Moderate)SUSE Linux Enterprise Micro 5.4
This update for curl fixes the following issues:
- CVE-2025-14017: Fixed broken TLS options for threaded LDAPS (bsc#1256105).
- CVE-2025-14524: bearer token leak on cross-protocol redirect (bsc#1255731).
- CVE-2025-14819: libssh global knownhost override (bsc#1255732).
- CVE-2025-15079: libssh key passphrase bypass without agent set (bsc#1255733).
- CVE-2025-15224: OpenSSL partial chain store policy bypass (bsc#1255734).
ModerateSUSE bug 1255731SUSE bug 1255732SUSE bug 1255733SUSE bug 1255734SUSE bug 1256105CVE-2025-14017 at SUSECVE-2025-14017 at NVDCVE-2025-14524 at SUSECVE-2025-14524 at NVDCVE-2025-14819 at SUSECVE-2025-14819 at NVDCVE-2025-15079 at SUSECVE-2025-15079 at NVDCVE-2025-15224 at SUSECVE-2025-15224 at NVDcpe:/o:suse:sle-micro:5.4Security update for util-linux (Moderate)SUSE Linux Enterprise Micro 5.4
This update for util-linux fixes the following issues:
- CVE-2025-14104: Fixed heap buffer overread in setpwnam() when processing 256-byte usernames (bsc#1254666).
- lscpu: Add support for NVIDIA Olympus arm64 core (jsc#PED-13682).
ModerateSUSE bug 1254666CVE-2025-14104 at SUSECVE-2025-14104 at NVDcpe:/o:suse:sle-micro:5.4Security update for protobuf (Moderate)SUSE Linux Enterprise Micro 5.4
This update for protobuf fixes the following issues:
- CVE-2026-0994: Fixed google.protobuf.Any recursion depth bypass in Python json_format.ParseDict (bsc#1257173).
ModerateSUSE bug 1257173CVE-2026-0994 at SUSECVE-2026-0994 at NVDcpe:/o:suse:sle-micro:5.4Security update for libpcap (Low)SUSE Linux Enterprise Micro 5.4
This update for libpcap fixes the following issues:
- CVE-2025-11961: missing validation of provided MAC-48 address string in `pcap_ether_aton()` can lead to out-of-bounds
read and write (bsc#1255765).
LowSUSE bug 1255765CVE-2025-11961 at SUSECVE-2025-11961 at NVDcpe:/o:suse:sle-micro:5.4Security update for avahi (Moderate)SUSE Linux Enterprise Micro 5.4
This update for avahi fixes the following issues:
- CVE-2025-68276: Fixed refuse to create wide-area record browsers when
wide-area is off (bsc#1256498)
- CVE-2025-68471: Fixed DoS bug by changing assert to return (bsc#1256500)
- CVE-2025-68468: Fixed DoS bug by removing incorrect assertion (bsc#1256499)
ModerateSUSE bug 1256498SUSE bug 1256499SUSE bug 1256500CVE-2025-68276 at SUSECVE-2025-68276 at NVDCVE-2025-68468 at SUSECVE-2025-68468 at NVDCVE-2025-68471 at SUSECVE-2025-68471 at NVDcpe:/o:suse:sle-micro:5.4Security update for libpng16 (Important)SUSE Linux Enterprise Micro 5.4
This update for libpng16 fixes the following issues:
- CVE-2025-28162: memory leaks when running `pngimage` (bsc#1257364).
- CVE-2025-28164: memory leaks when running `pngimage` (bsc#1257365).
- CVE-2026-22695: heap buffer over-read in png_image_finish_read (bsc#1256525).
- CVE-2026-22801: integer truncation causing heap buffer over-read in png_image_write_* (bsc#1256526).
- CVE-2026-25646: heap buffer overflow vulnerability in png_set_dither/png_set_quantize (bsc#1258020).
ImportantSUSE bug 1256525SUSE bug 1256526SUSE bug 1257364SUSE bug 1257365SUSE bug 1258020CVE-2025-28162 at SUSECVE-2025-28162 at NVDCVE-2025-28164 at SUSECVE-2025-28164 at NVDCVE-2026-22695 at SUSECVE-2026-22695 at NVDCVE-2026-22801 at SUSECVE-2026-22801 at NVDCVE-2026-25646 at SUSECVE-2026-25646 at NVDcpe:/o:suse:sle-micro:5.4Security update for libxml2 (Moderate)SUSE Linux Enterprise Micro 5.4
This update for libxml2 fixes the following issues:
- CVE-2026-0990: Fixed a call stack overflow leading to application crash due to infinite recursion in `xmlCatalogXMLResolveURI`. (bsc#1256807, bsc#1256811)
- CVE-2026-0992: Fixed an excessive resource consumption when processing XML catalogs due to exponential behavior. (bsc#1256809, bsc#1256812)
- CVE-2026-1757: Fixed a memory leak in the `xmllint` interactive shell. (bsc#1257594, bsc#1257595)
- CVE-2025-10911: Fixed a use-after-free with key data stored cross-RVT. (bsc#1250553)
- CVE-2026-0989: Fixe a call stack exhaustion leading to application crash due to RelaxNG parser not limiting the recursion depth. (bsc#1256805, bsc#1256810)
ModerateSUSE bug 1250553SUSE bug 1256804SUSE bug 1256805SUSE bug 1256807SUSE bug 1256808SUSE bug 1256809SUSE bug 1256810SUSE bug 1256811SUSE bug 1256812SUSE bug 1257593SUSE bug 1257594SUSE bug 1257595CVE-2025-10911 at SUSECVE-2025-10911 at NVDCVE-2026-0989 at SUSECVE-2026-0989 at NVDCVE-2026-0990 at SUSECVE-2026-0990 at NVDCVE-2026-0992 at SUSECVE-2026-0992 at NVDCVE-2026-1757 at SUSECVE-2026-1757 at NVDcpe:/o:suse:sle-micro:5.4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.4
The SUSE Linux Enterprise 15 SP4 kernel was updated to fix various security issues
The following security issues were fixed:
- CVE-2022-50630: mm: hugetlb: fix UAF in hugetlb_handle_userfault (bsc#1254785).
- CVE-2022-50697: mrp: introduce active flags to prevent UAF when applicant uninit (bsc#1255594).
- CVE-2022-50700: wifi: ath10k: Delay the unmapping of the buffer (bsc#1255576).
- CVE-2023-53215: sched/fair: Don't balance task to its current running CPU (bsc#1250397).
- CVE-2023-53254: cacheinfo: Fix shared_cpu_map to handle shared caches at different levels (bsc#1249871).
- CVE-2023-53781: smc: Fix use-after-free in tcp_write_timer_handler() (bsc#1254751).
- CVE-2023-54142: gtp: Fix use-after-free in __gtp_encap_destroy() (bsc#1256095).
- CVE-2023-54243: netfilter: ebtables: fix table blob use-after-free (bsc#1255908).
- CVE-2024-28956: x86/its: Enumerate Indirect Target Selection (ITS) bug (bsc#1242006).
- CVE-2024-36348: x86/bugs: Add a Transient Scheduler Attacks mitigation (bsc#1238896).
- CVE-2024-36349: x86/bugs: Add a Transient Scheduler Attacks mitigation (bsc#1238896).
- CVE-2024-36350: x86/bugs: Add a Transient Scheduler Attacks mitigation (bsc#1238896).
- CVE-2024-36357: x86/bugs: Add a Transient Scheduler Attacks mitigation (bsc#1238896).
- CVE-2024-44987: ipv6: prevent UAF in ip6_send_skb() (bsc#1230185).
- CVE-2024-46854: net: dpaa: Pad packets to ETH_ZLEN (bsc#1231084).
- CVE-2025-21738: ata: libata-sff: Ensure that we cannot write outside the allocated buffer (bsc#1238917).
- CVE-2025-38068: crypto: lzo - Fix compression buffer overrun (bsc#1245210).
- CVE-2025-38129: page_pool: fix inconsistency for page_pool_ring_lock() (bsc#1245723).
- CVE-2025-38159: wifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds (bsc#1245751).
- CVE-2025-38375: virtio-net: ensure the received length does not exceed allocated size (bsc#1247177).
- CVE-2025-39977: futex: Prevent use-after-free during requeue-PI (bsc#1252046).
- CVE-2025-40019: crypto: essiv - Check ssize for decryption and in-place encryption (bsc#1252678).
- CVE-2025-40139: net: ipv4: Consolidate ipv4_mtu and ip_dst_mtu_maybe_forward (bsc#1253409).
- CVE-2025-40215: kABI: xfrm: delete x->tunnel as we delete x (bsc#1254959).
- CVE-2025-40220: fuse: fix livelock in synchronous file put from fuseblk workers (bsc#1254520).
- CVE-2025-40233: ocfs2: clear extent cache after moving/defragmenting extents (bsc#1254813).
- CVE-2025-40257: mptcp: fix a race in mptcp_pm_del_add_timer() (bsc#1254842).
- CVE-2025-40258: mptcp: fix race condition in mptcp_schedule_work() (bsc#1254843).
- CVE-2025-40277: drm/vmwgfx: Validate command header size against (bsc#1254894).
- CVE-2025-40280: tipc: Fix use-after-free in tipc_mon_reinit_self() (bsc#1254847).
- CVE-2025-40300: Documentation/hw-vuln: Add VMSCAPE documentation (bsc#1247483).
- CVE-2025-40331: sctp: Prevent TOCTOU out-of-bounds write (bsc#1254615).
- CVE-2025-68183: ima: don't clear IMA_DIGSIG flag when setting or removing non-IMA xattr (bsc#1255251).
- CVE-2025-68284: libceph: prevent potential out-of-bounds writes in handle_auth_session_key() (bsc#1255377).
- CVE-2025-68285: libceph: fix potential use-after-free in have_mon_and_osd_map() (bsc#1255401).
- CVE-2025-68312: usbnet: Prevents free active kevent (bsc#1255171).
- CVE-2025-68732: gpu: host1x: Fix race in syncpt alloc/free (bsc#1255688).
- CVE-2025-68813: ipvs: fix ipv4 null-ptr-deref in route error path (bsc#1256641).
- CVE-2025-71085: ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() (bsc#1256623).
- CVE-2025-71089: iommu: disable SVA when CONFIG_X86 is set (bsc#1256612).
- CVE-2025-71112: net: hns3: add VLAN id validation before using (bsc#1256726).
- CVE-2025-71116: libceph: make decode_pool() more resilient against corrupted osdmaps (bsc#1256744).
- CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256779).
- CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257236).
- CVE-2026-23001: macvlan: fix possible UAF in macvlan_forward_source() (bsc#1257232).
- CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1257749).
- CVE-2026-23089: ALSA: usb-audio: Fix use-after-free in snd_usb_mixer_free() (bsc#1257790).
The following non security issues were fixed:
- net: hv_netvsc: reject RSS hash key programming without RX indirection table (bsc#1257473).
- net: tcp: allow zero-window ACK update the window (bsc#1254767).
- net: tcp: send zero-window ACK when no memory (bsc#1254767).
- scsi: storvsc: Process unsupported MODE_SENSE_10 (bsc#1257296).
- tcp: correct handling of extreme memory squeeze (bsc#1254767).
- x86/CPU/AMD: Add ZenX generations flags (bsc#1238896).
- x86/its: Fix crash during dynamic its initialization (bsc#1257771).
- x86/modules: Set VM_FLUSH_RESET_PERMS in module_alloc() (bsc#1257771).
- x86: make page fault handling disable interrupts properly (git-fixes).
ImportantSUSE bug 1065729SUSE bug 1193629SUSE bug 1194869SUSE bug 1196823SUSE bug 1204957SUSE bug 1205567SUSE bug 1206889SUSE bug 1207051SUSE bug 1207088SUSE bug 1207611SUSE bug 1207620SUSE bug 1207622SUSE bug 1207636SUSE bug 1207644SUSE bug 1207646SUSE bug 1207652SUSE bug 1207653SUSE bug 1208570SUSE bug 1208758SUSE bug 1209799SUSE bug 1210817SUSE bug 1210943SUSE bug 1211690SUSE bug 1213025SUSE bug 1213032SUSE bug 1213093SUSE bug 1213105SUSE bug 1213110SUSE bug 1213111SUSE bug 1213653SUSE bug 1213747SUSE bug 1213867SUSE bug 1214635SUSE bug 1214940SUSE bug 1214962SUSE bug 1214986SUSE bug 1214990SUSE bug 1216062SUSE bug 1220137SUSE bug 1220144SUSE bug 1223007SUSE bug 1228015SUSE bug 1230185SUSE bug 1231084SUSE bug 1233038SUSE bug 1235905SUSE bug 1236104SUSE bug 1236208SUSE bug 1237885SUSE bug 1237906SUSE bug 1238414SUSE bug 1238754SUSE bug 1238763SUSE bug 1238896SUSE bug 1238917SUSE bug 1242006SUSE bug 1244758SUSE bug 1244904SUSE bug 1245110SUSE bug 1245210SUSE bug 1245723SUSE bug 1245751SUSE bug 1247177SUSE bug 1247483SUSE bug 1248306SUSE bug 1248377SUSE bug 1249156SUSE bug 1249158SUSE bug 1249827SUSE bug 1249871SUSE bug 1250397SUSE bug 1252046SUSE bug 1252678SUSE bug 1252785SUSE bug 1253028SUSE bug 1253409SUSE bug 1253702SUSE bug 1254462SUSE bug 1254463SUSE bug 1254464SUSE bug 1254520SUSE bug 1254559SUSE bug 1254562SUSE bug 1254572SUSE bug 1254578SUSE bug 1254580SUSE bug 1254592SUSE bug 1254608SUSE bug 1254609SUSE bug 1254614SUSE bug 1254615SUSE bug 1254617SUSE bug 1254625SUSE bug 1254631SUSE bug 1254632SUSE bug 1254634SUSE bug 1254644SUSE bug 1254645SUSE bug 1254649SUSE bug 1254653SUSE bug 1254656SUSE bug 1254658SUSE bug 1254660SUSE bug 1254664SUSE bug 1254671SUSE bug 1254674SUSE bug 1254676SUSE bug 1254677SUSE bug 1254686SUSE bug 1254690SUSE bug 1254692SUSE bug 1254694SUSE bug 1254696SUSE bug 1254698SUSE bug 1254699SUSE bug 1254704SUSE bug 1254706SUSE bug 1254709SUSE bug 1254710SUSE bug 1254711SUSE bug 1254712SUSE bug 1254713SUSE bug 1254714SUSE bug 1254716SUSE bug 1254723SUSE bug 1254725SUSE bug 1254728SUSE bug 1254729SUSE bug 1254743SUSE bug 1254745SUSE bug 1254751SUSE bug 1254756SUSE bug 1254759SUSE bug 1254763SUSE bug 1254767SUSE bug 1254775SUSE bug 1254780SUSE bug 1254781SUSE bug 1254782SUSE bug 1254783SUSE bug 1254785SUSE bug 1254788SUSE bug 1254789SUSE bug 1254792SUSE bug 1254813SUSE bug 1254842SUSE bug 1254843SUSE bug 1254847SUSE bug 1254851SUSE bug 1254894SUSE bug 1254902SUSE bug 1254915SUSE bug 1254916SUSE bug 1254917SUSE bug 1254920SUSE bug 1254959SUSE bug 1254974SUSE bug 1254986SUSE bug 1254994SUSE bug 1255002SUSE bug 1255005SUSE bug 1255007SUSE bug 1255049SUSE bug 1255060SUSE bug 1255163SUSE bug 1255165SUSE bug 1255171SUSE bug 1255251SUSE bug 1255377SUSE bug 1255401SUSE bug 1255467SUSE bug 1255469SUSE bug 1255521SUSE bug 1255528SUSE bug 1255546SUSE bug 1255549SUSE bug 1255554SUSE bug 1255555SUSE bug 1255558SUSE bug 1255560SUSE bug 1255562SUSE bug 1255565SUSE bug 1255574SUSE bug 1255576SUSE bug 1255578SUSE bug 1255582SUSE bug 1255594SUSE bug 1255600SUSE bug 1255607SUSE bug 1255608SUSE bug 1255609SUSE bug 1255618SUSE bug 1255619SUSE bug 1255620SUSE bug 1255623SUSE bug 1255624SUSE bug 1255626SUSE bug 1255627SUSE bug 1255628SUSE bug 1255636SUSE bug 1255688SUSE bug 1255690SUSE bug 1255697SUSE bug 1255702SUSE bug 1255704SUSE bug 1255749SUSE bug 1255750SUSE bug 1255757SUSE bug 1255758SUSE bug 1255760SUSE bug 1255762SUSE bug 1255769SUSE bug 1255771SUSE bug 1255773SUSE bug 1255780SUSE bug 1255786SUSE bug 1255787SUSE bug 1255789SUSE bug 1255790SUSE bug 1255791SUSE bug 1255792SUSE bug 1255796SUSE bug 1255797SUSE bug 1255800SUSE bug 1255801SUSE bug 1255802SUSE bug 1255803SUSE bug 1255804SUSE bug 1255806SUSE bug 1255808SUSE bug 1255819SUSE bug 1255839SUSE bug 1255843SUSE bug 1255844SUSE bug 1255872SUSE bug 1255875SUSE bug 1255876SUSE bug 1255877SUSE bug 1255878SUSE bug 1255880SUSE bug 1255889SUSE bug 1255901SUSE bug 1255902SUSE bug 1255905SUSE bug 1255906SUSE bug 1255908SUSE bug 1255909SUSE bug 1255910SUSE bug 1255912SUSE bug 1255919SUSE bug 1255922SUSE bug 1255925SUSE bug 1255939SUSE bug 1255950SUSE bug 1255953SUSE bug 1255954SUSE bug 1255962SUSE bug 1255964SUSE bug 1255968SUSE bug 1255969SUSE bug 1255970SUSE bug 1255971SUSE bug 1255978SUSE bug 1255979SUSE bug 1255983SUSE bug 1255985SUSE bug 1255990SUSE bug 1255993SUSE bug 1255994SUSE bug 1255996SUSE bug 1256034SUSE bug 1256040SUSE bug 1256042SUSE bug 1256045SUSE bug 1256046SUSE bug 1256048SUSE bug 1256049SUSE bug 1256053SUSE bug 1256056SUSE bug 1256057SUSE bug 1256062SUSE bug 1256063SUSE bug 1256064SUSE bug 1256065SUSE bug 1256074SUSE bug 1256081SUSE bug 1256086SUSE bug 1256091SUSE bug 1256093SUSE bug 1256095SUSE bug 1256099SUSE bug 1256114SUSE bug 1256115SUSE bug 1256118SUSE bug 1256119SUSE bug 1256121SUSE bug 1256122SUSE bug 1256124SUSE bug 1256125SUSE bug 1256126SUSE bug 1256127SUSE bug 1256130SUSE bug 1256131SUSE bug 1256132SUSE bug 1256133SUSE bug 1256136SUSE bug 1256137SUSE bug 1256140SUSE bug 1256141SUSE bug 1256142SUSE bug 1256143SUSE bug 1256145SUSE bug 1256149SUSE bug 1256152SUSE bug 1256154SUSE bug 1256155SUSE bug 1256157SUSE bug 1256158SUSE bug 1256162SUSE bug 1256165SUSE bug 1256167SUSE bug 1256172SUSE bug 1256173SUSE bug 1256174SUSE bug 1256177SUSE bug 1256178SUSE bug 1256179SUSE bug 1256182SUSE bug 1256184SUSE bug 1256185SUSE bug 1256186SUSE bug 1256188SUSE bug 1256189SUSE bug 1256191SUSE bug 1256192SUSE bug 1256193SUSE bug 1256194SUSE bug 1256196SUSE bug 1256199SUSE bug 1256200SUSE bug 1256202SUSE bug 1256203SUSE bug 1256204SUSE bug 1256205SUSE bug 1256206SUSE bug 1256207SUSE bug 1256208SUSE bug 1256211SUSE bug 1256215SUSE bug 1256216SUSE bug 1256219SUSE bug 1256220SUSE bug 1256221SUSE bug 1256223SUSE bug 1256228SUSE bug 1256230SUSE bug 1256231SUSE bug 1256235SUSE bug 1256241SUSE bug 1256242SUSE bug 1256245SUSE bug 1256248SUSE bug 1256250SUSE bug 1256254SUSE bug 1256260SUSE bug 1256265SUSE bug 1256269SUSE bug 1256271SUSE bug 1256274SUSE bug 1256282SUSE bug 1256285SUSE bug 1256291SUSE bug 1256295SUSE bug 1256300SUSE bug 1256306SUSE bug 1256317SUSE bug 1256320SUSE bug 1256323SUSE bug 1256326SUSE bug 1256328SUSE bug 1256333SUSE bug 1256334SUSE bug 1256335SUSE bug 1256337SUSE bug 1256338SUSE bug 1256344SUSE bug 1256346SUSE bug 1256349SUSE bug 1256353SUSE bug 1256355SUSE bug 1256368SUSE bug 1256370SUSE bug 1256375SUSE bug 1256382SUSE bug 1256383SUSE bug 1256384SUSE bug 1256386SUSE bug 1256388SUSE bug 1256391SUSE bug 1256394SUSE bug 1256395SUSE bug 1256396SUSE bug 1256397SUSE bug 1256423SUSE bug 1256426SUSE bug 1256432SUSE bug 1256582SUSE bug 1256612SUSE bug 1256623SUSE bug 1256641SUSE bug 1256726SUSE bug 1256744SUSE bug 1256779SUSE bug 1256792SUSE bug 1257232SUSE bug 1257236SUSE bug 1257296SUSE bug 1257473SUSE bug 1257749SUSE bug 1257771SUSE bug 1257790CVE-2022-0854 at SUSECVE-2022-0854 at NVDCVE-2022-48853 at SUSECVE-2022-48853 at NVDCVE-2022-49604 at SUSECVE-2022-49604 at NVDCVE-2022-49943 at SUSECVE-2022-49943 at NVDCVE-2022-49980 at SUSECVE-2022-49980 at NVDCVE-2022-50232 at SUSECVE-2022-50232 at NVDCVE-2022-50614 at SUSECVE-2022-50614 at NVDCVE-2022-50615 at SUSECVE-2022-50615 at NVDCVE-2022-50617 at SUSECVE-2022-50617 at NVDCVE-2022-50618 at SUSECVE-2022-50618 at NVDCVE-2022-50619 at SUSECVE-2022-50619 at NVDCVE-2022-50622 at SUSECVE-2022-50622 at NVDCVE-2022-50623 at SUSECVE-2022-50623 at NVDCVE-2022-50625 at SUSECVE-2022-50625 at NVDCVE-2022-50626 at SUSECVE-2022-50626 at NVDCVE-2022-50629 at SUSECVE-2022-50629 at NVDCVE-2022-50630 at SUSECVE-2022-50630 at NVDCVE-2022-50633 at SUSECVE-2022-50633 at NVDCVE-2022-50635 at SUSECVE-2022-50635 at NVDCVE-2022-50636 at SUSECVE-2022-50636 at NVDCVE-2022-50638 at SUSECVE-2022-50638 at NVDCVE-2022-50640 at SUSECVE-2022-50640 at NVDCVE-2022-50641 at SUSECVE-2022-50641 at NVDCVE-2022-50643 at SUSECVE-2022-50643 at NVDCVE-2022-50644 at SUSECVE-2022-50644 at NVDCVE-2022-50646 at SUSECVE-2022-50646 at NVDCVE-2022-50649 at SUSECVE-2022-50649 at NVDCVE-2022-50652 at SUSECVE-2022-50652 at NVDCVE-2022-50653 at SUSECVE-2022-50653 at NVDCVE-2022-50656 at SUSECVE-2022-50656 at NVDCVE-2022-50658 at SUSECVE-2022-50658 at NVDCVE-2022-50660 at SUSECVE-2022-50660 at NVDCVE-2022-50661 at SUSECVE-2022-50661 at NVDCVE-2022-50662 at SUSECVE-2022-50662 at NVDCVE-2022-50664 at SUSECVE-2022-50664 at NVDCVE-2022-50666 at SUSECVE-2022-50666 at NVDCVE-2022-50668 at SUSECVE-2022-50668 at NVDCVE-2022-50669 at SUSECVE-2022-50669 at NVDCVE-2022-50670 at SUSECVE-2022-50670 at NVDCVE-2022-50671 at SUSECVE-2022-50671 at NVDCVE-2022-50672 at SUSECVE-2022-50672 at NVDCVE-2022-50673 at SUSECVE-2022-50673 at NVDCVE-2022-50675 at SUSECVE-2022-50675 at NVDCVE-2022-50677 at SUSECVE-2022-50677 at NVDCVE-2022-50678 at SUSECVE-2022-50678 at NVDCVE-2022-50679 at SUSECVE-2022-50679 at NVDCVE-2022-50697 at SUSECVE-2022-50697 at NVDCVE-2022-50698 at SUSECVE-2022-50698 at NVDCVE-2022-50699 at SUSECVE-2022-50699 at NVDCVE-2022-50700 at SUSECVE-2022-50700 at NVDCVE-2022-50702 at SUSECVE-2022-50702 at NVDCVE-2022-50703 at SUSECVE-2022-50703 at NVDCVE-2022-50704 at SUSECVE-2022-50704 at NVDCVE-2022-50709 at SUSECVE-2022-50709 at NVDCVE-2022-50715 at SUSECVE-2022-50715 at NVDCVE-2022-50716 at SUSECVE-2022-50716 at NVDCVE-2022-50717 at SUSECVE-2022-50717 at NVDCVE-2022-50718 at SUSECVE-2022-50718 at NVDCVE-2022-50719 at SUSECVE-2022-50719 at NVDCVE-2022-50722 at SUSECVE-2022-50722 at NVDCVE-2022-50724 at SUSECVE-2022-50724 at NVDCVE-2022-50726 at SUSECVE-2022-50726 at NVDCVE-2022-50727 at SUSECVE-2022-50727 at NVDCVE-2022-50728 at SUSECVE-2022-50728 at NVDCVE-2022-50730 at SUSECVE-2022-50730 at NVDCVE-2022-50731 at SUSECVE-2022-50731 at NVDCVE-2022-50732 at SUSECVE-2022-50732 at NVDCVE-2022-50733 at SUSECVE-2022-50733 at NVDCVE-2022-50735 at SUSECVE-2022-50735 at NVDCVE-2022-50736 at SUSECVE-2022-50736 at NVDCVE-2022-50740 at SUSECVE-2022-50740 at NVDCVE-2022-50742 at SUSECVE-2022-50742 at NVDCVE-2022-50744 at SUSECVE-2022-50744 at NVDCVE-2022-50745 at SUSECVE-2022-50745 at NVDCVE-2022-50747 at SUSECVE-2022-50747 at NVDCVE-2022-50749 at SUSECVE-2022-50749 at NVDCVE-2022-50750 at SUSECVE-2022-50750 at NVDCVE-2022-50751 at SUSECVE-2022-50751 at NVDCVE-2022-50752 at SUSECVE-2022-50752 at NVDCVE-2022-50754 at SUSECVE-2022-50754 at NVDCVE-2022-50755 at SUSECVE-2022-50755 at NVDCVE-2022-50756 at SUSECVE-2022-50756 at NVDCVE-2022-50757 at SUSECVE-2022-50757 at NVDCVE-2022-50758 at SUSECVE-2022-50758 at NVDCVE-2022-50760 at SUSECVE-2022-50760 at NVDCVE-2022-50761 at SUSECVE-2022-50761 at NVDCVE-2022-50763 at SUSECVE-2022-50763 at NVDCVE-2022-50767 at SUSECVE-2022-50767 at NVDCVE-2022-50769 at SUSECVE-2022-50769 at NVDCVE-2022-50770 at SUSECVE-2022-50770 at NVDCVE-2022-50773 at SUSECVE-2022-50773 at NVDCVE-2022-50774 at SUSECVE-2022-50774 at NVDCVE-2022-50776 at SUSECVE-2022-50776 at NVDCVE-2022-50777 at SUSECVE-2022-50777 at NVDCVE-2022-50779 at SUSECVE-2022-50779 at NVDCVE-2022-50781 at SUSECVE-2022-50781 at NVDCVE-2022-50782 at SUSECVE-2022-50782 at NVDCVE-2022-50809 at SUSECVE-2022-50809 at NVDCVE-2022-50814 at SUSECVE-2022-50814 at NVDCVE-2022-50819 at SUSECVE-2022-50819 at NVDCVE-2022-50821 at SUSECVE-2022-50821 at NVDCVE-2022-50822 at SUSECVE-2022-50822 at NVDCVE-2022-50823 at SUSECVE-2022-50823 at NVDCVE-2022-50824 at SUSECVE-2022-50824 at NVDCVE-2022-50826 at SUSECVE-2022-50826 at NVDCVE-2022-50827 at SUSECVE-2022-50827 at NVDCVE-2022-50828 at SUSECVE-2022-50828 at NVDCVE-2022-50829 at SUSECVE-2022-50829 at NVDCVE-2022-50830 at SUSECVE-2022-50830 at NVDCVE-2022-50832 at SUSECVE-2022-50832 at NVDCVE-2022-50834 at SUSECVE-2022-50834 at NVDCVE-2022-50835 at SUSECVE-2022-50835 at NVDCVE-2022-50836 at SUSECVE-2022-50836 at NVDCVE-2022-50839 at SUSECVE-2022-50839 at NVDCVE-2022-50840 at SUSECVE-2022-50840 at NVDCVE-2022-50842 at SUSECVE-2022-50842 at NVDCVE-2022-50843 at SUSECVE-2022-50843 at NVDCVE-2022-50844 at SUSECVE-2022-50844 at NVDCVE-2022-50845 at SUSECVE-2022-50845 at NVDCVE-2022-50846 at SUSECVE-2022-50846 at NVDCVE-2022-50848 at SUSECVE-2022-50848 at NVDCVE-2022-50849 at SUSECVE-2022-50849 at NVDCVE-2022-50850 at SUSECVE-2022-50850 at NVDCVE-2022-50851 at SUSECVE-2022-50851 at NVDCVE-2022-50853 at SUSECVE-2022-50853 at NVDCVE-2022-50856 at SUSECVE-2022-50856 at NVDCVE-2022-50858 at SUSECVE-2022-50858 at NVDCVE-2022-50859 at SUSECVE-2022-50859 at NVDCVE-2022-50860 at SUSECVE-2022-50860 at NVDCVE-2022-50861 at SUSECVE-2022-50861 at NVDCVE-2022-50864 at SUSECVE-2022-50864 at NVDCVE-2022-50866 at SUSECVE-2022-50866 at NVDCVE-2022-50868 at SUSECVE-2022-50868 at NVDCVE-2022-50870 at SUSECVE-2022-50870 at NVDCVE-2022-50872 at SUSECVE-2022-50872 at NVDCVE-2022-50876 at SUSECVE-2022-50876 at NVDCVE-2022-50878 at SUSECVE-2022-50878 at NVDCVE-2022-50880 at SUSECVE-2022-50880 at NVDCVE-2022-50881 at SUSECVE-2022-50881 at NVDCVE-2022-50882 at SUSECVE-2022-50882 at NVDCVE-2022-50884 at SUSECVE-2022-50884 at NVDCVE-2022-50885 at SUSECVE-2022-50885 at NVDCVE-2022-50886 at SUSECVE-2022-50886 at NVDCVE-2022-50887 at SUSECVE-2022-50887 at NVDCVE-2022-50888 at SUSECVE-2022-50888 at NVDCVE-2022-50889 at SUSECVE-2022-50889 at NVDCVE-2023-23559 at SUSECVE-2023-23559 at NVDCVE-2023-52433 at SUSECVE-2023-52433 at NVDCVE-2023-52923 at SUSECVE-2023-52923 at NVDCVE-2023-53178 at SUSECVE-2023-53178 at NVDCVE-2023-53215 at SUSECVE-2023-53215 at NVDCVE-2023-53254 at SUSECVE-2023-53254 at NVDCVE-2023-53407 at SUSECVE-2023-53407 at NVDCVE-2023-53412 at SUSECVE-2023-53412 at NVDCVE-2023-53417 at SUSECVE-2023-53417 at NVDCVE-2023-53418 at SUSECVE-2023-53418 at NVDCVE-2023-53743 at SUSECVE-2023-53743 at NVDCVE-2023-53744 at SUSECVE-2023-53744 at NVDCVE-2023-53746 at SUSECVE-2023-53746 at NVDCVE-2023-53747 at SUSECVE-2023-53747 at NVDCVE-2023-53751 at SUSECVE-2023-53751 at NVDCVE-2023-53754 at SUSECVE-2023-53754 at NVDCVE-2023-53755 at SUSECVE-2023-53755 at NVDCVE-2023-53761 at SUSECVE-2023-53761 at NVDCVE-2023-53766 at SUSECVE-2023-53766 at NVDCVE-2023-53781 at SUSECVE-2023-53781 at NVDCVE-2023-53783 at SUSECVE-2023-53783 at NVDCVE-2023-53786 at SUSECVE-2023-53786 at NVDCVE-2023-53788 at SUSECVE-2023-53788 at NVDCVE-2023-53792 at SUSECVE-2023-53792 at NVDCVE-2023-53794 at SUSECVE-2023-53794 at NVDCVE-2023-53802 at SUSECVE-2023-53802 at NVDCVE-2023-53803 at SUSECVE-2023-53803 at NVDCVE-2023-53804 at SUSECVE-2023-53804 at NVDCVE-2023-53808 at SUSECVE-2023-53808 at NVDCVE-2023-53811 at SUSECVE-2023-53811 at NVDCVE-2023-53814 at SUSECVE-2023-53814 at NVDCVE-2023-53818 at SUSECVE-2023-53818 at NVDCVE-2023-53819 at SUSECVE-2023-53819 at NVDCVE-2023-53820 at SUSECVE-2023-53820 at NVDCVE-2023-53827 at SUSECVE-2023-53827 at NVDCVE-2023-53830 at SUSECVE-2023-53830 at NVDCVE-2023-53832 at SUSECVE-2023-53832 at NVDCVE-2023-53834 at SUSECVE-2023-53834 at NVDCVE-2023-53837 at SUSECVE-2023-53837 at NVDCVE-2023-53840 at SUSECVE-2023-53840 at NVDCVE-2023-53842 at SUSECVE-2023-53842 at NVDCVE-2023-53844 at SUSECVE-2023-53844 at NVDCVE-2023-53845 at SUSECVE-2023-53845 at NVDCVE-2023-53847 at SUSECVE-2023-53847 at NVDCVE-2023-53850 at SUSECVE-2023-53850 at NVDCVE-2023-53852 at SUSECVE-2023-53852 at NVDCVE-2023-53858 at SUSECVE-2023-53858 at NVDCVE-2023-53862 at SUSECVE-2023-53862 at NVDCVE-2023-53866 at SUSECVE-2023-53866 at NVDCVE-2023-53990 at SUSECVE-2023-53990 at NVDCVE-2023-53991 at SUSECVE-2023-53991 at NVDCVE-2023-53996 at SUSECVE-2023-53996 at NVDCVE-2023-53998 at SUSECVE-2023-53998 at NVDCVE-2023-54001 at SUSECVE-2023-54001 at NVDCVE-2023-54003 at SUSECVE-2023-54003 at NVDCVE-2023-54007 at SUSECVE-2023-54007 at NVDCVE-2023-54009 at SUSECVE-2023-54009 at NVDCVE-2023-54010 at SUSECVE-2023-54010 at NVDCVE-2023-54014 at SUSECVE-2023-54014 at NVDCVE-2023-54015 at SUSECVE-2023-54015 at NVDCVE-2023-54018 at SUSECVE-2023-54018 at NVDCVE-2023-54019 at SUSECVE-2023-54019 at NVDCVE-2023-54020 at SUSECVE-2023-54020 at NVDCVE-2023-54021 at SUSECVE-2023-54021 at NVDCVE-2023-54024 at SUSECVE-2023-54024 at NVDCVE-2023-54025 at SUSECVE-2023-54025 at NVDCVE-2023-54026 at SUSECVE-2023-54026 at NVDCVE-2023-54028 at SUSECVE-2023-54028 at NVDCVE-2023-54036 at SUSECVE-2023-54036 at NVDCVE-2023-54039 at SUSECVE-2023-54039 at NVDCVE-2023-54040 at SUSECVE-2023-54040 at NVDCVE-2023-54042 at SUSECVE-2023-54042 at NVDCVE-2023-54045 at SUSECVE-2023-54045 at NVDCVE-2023-54046 at SUSECVE-2023-54046 at NVDCVE-2023-54048 at SUSECVE-2023-54048 at NVDCVE-2023-54049 at SUSECVE-2023-54049 at NVDCVE-2023-54050 at SUSECVE-2023-54050 at NVDCVE-2023-54051 at SUSECVE-2023-54051 at NVDCVE-2023-54053 at SUSECVE-2023-54053 at NVDCVE-2023-54055 at SUSECVE-2023-54055 at NVDCVE-2023-54058 at SUSECVE-2023-54058 at NVDCVE-2023-54064 at SUSECVE-2023-54064 at NVDCVE-2023-54072 at SUSECVE-2023-54072 at NVDCVE-2023-54076 at SUSECVE-2023-54076 at NVDCVE-2023-54078 at SUSECVE-2023-54078 at NVDCVE-2023-54079 at SUSECVE-2023-54079 at NVDCVE-2023-54083 at SUSECVE-2023-54083 at NVDCVE-2023-54084 at SUSECVE-2023-54084 at NVDCVE-2023-54090 at SUSECVE-2023-54090 at NVDCVE-2023-54091 at SUSECVE-2023-54091 at NVDCVE-2023-54092 at SUSECVE-2023-54092 at NVDCVE-2023-54095 at SUSECVE-2023-54095 at NVDCVE-2023-54096 at SUSECVE-2023-54096 at NVDCVE-2023-54097 at SUSECVE-2023-54097 at NVDCVE-2023-54098 at SUSECVE-2023-54098 at NVDCVE-2023-54100 at SUSECVE-2023-54100 at NVDCVE-2023-54102 at SUSECVE-2023-54102 at NVDCVE-2023-54104 at SUSECVE-2023-54104 at NVDCVE-2023-54108 at SUSECVE-2023-54108 at NVDCVE-2023-54110 at SUSECVE-2023-54110 at NVDCVE-2023-54111 at SUSECVE-2023-54111 at NVDCVE-2023-54115 at SUSECVE-2023-54115 at NVDCVE-2023-54118 at SUSECVE-2023-54118 at NVDCVE-2023-54119 at SUSECVE-2023-54119 at NVDCVE-2023-54120 at SUSECVE-2023-54120 at NVDCVE-2023-54122 at SUSECVE-2023-54122 at NVDCVE-2023-54123 at SUSECVE-2023-54123 at NVDCVE-2023-54126 at SUSECVE-2023-54126 at NVDCVE-2023-54127 at SUSECVE-2023-54127 at NVDCVE-2023-54130 at SUSECVE-2023-54130 at NVDCVE-2023-54131 at SUSECVE-2023-54131 at NVDCVE-2023-54136 at SUSECVE-2023-54136 at NVDCVE-2023-54140 at SUSECVE-2023-54140 at NVDCVE-2023-54142 at SUSECVE-2023-54142 at NVDCVE-2023-54146 at SUSECVE-2023-54146 at NVDCVE-2023-54150 at SUSECVE-2023-54150 at NVDCVE-2023-54153 at SUSECVE-2023-54153 at NVDCVE-2023-54156 at SUSECVE-2023-54156 at NVDCVE-2023-54159 at SUSECVE-2023-54159 at NVDCVE-2023-54166 at SUSECVE-2023-54166 at NVDCVE-2023-54168 at SUSECVE-2023-54168 at NVDCVE-2023-54170 at SUSECVE-2023-54170 at NVDCVE-2023-54171 at SUSECVE-2023-54171 at NVDCVE-2023-54173 at SUSECVE-2023-54173 at NVDCVE-2023-54177 at SUSECVE-2023-54177 at NVDCVE-2023-54179 at SUSECVE-2023-54179 at NVDCVE-2023-54183 at SUSECVE-2023-54183 at NVDCVE-2023-54186 at SUSECVE-2023-54186 at NVDCVE-2023-54189 at SUSECVE-2023-54189 at NVDCVE-2023-54190 at SUSECVE-2023-54190 at NVDCVE-2023-54197 at SUSECVE-2023-54197 at NVDCVE-2023-54198 at SUSECVE-2023-54198 at NVDCVE-2023-54199 at SUSECVE-2023-54199 at NVDCVE-2023-54201 at SUSECVE-2023-54201 at NVDCVE-2023-54202 at SUSECVE-2023-54202 at NVDCVE-2023-54205 at SUSECVE-2023-54205 at NVDCVE-2023-54208 at SUSECVE-2023-54208 at NVDCVE-2023-54211 at SUSECVE-2023-54211 at NVDCVE-2023-54213 at SUSECVE-2023-54213 at NVDCVE-2023-54214 at SUSECVE-2023-54214 at NVDCVE-2023-54219 at SUSECVE-2023-54219 at NVDCVE-2023-54230 at SUSECVE-2023-54230 at NVDCVE-2023-54236 at SUSECVE-2023-54236 at NVDCVE-2023-54242 at SUSECVE-2023-54242 at NVDCVE-2023-54243 at SUSECVE-2023-54243 at NVDCVE-2023-54244 at SUSECVE-2023-54244 at NVDCVE-2023-54245 at SUSECVE-2023-54245 at NVDCVE-2023-54252 at SUSECVE-2023-54252 at NVDCVE-2023-54260 at SUSECVE-2023-54260 at NVDCVE-2023-54264 at SUSECVE-2023-54264 at NVDCVE-2023-54266 at SUSECVE-2023-54266 at NVDCVE-2023-54269 at SUSECVE-2023-54269 at NVDCVE-2023-54270 at SUSECVE-2023-54270 at NVDCVE-2023-54271 at SUSECVE-2023-54271 at NVDCVE-2023-54274 at SUSECVE-2023-54274 at NVDCVE-2023-54275 at SUSECVE-2023-54275 at NVDCVE-2023-54277 at SUSECVE-2023-54277 at NVDCVE-2023-54280 at SUSECVE-2023-54280 at NVDCVE-2023-54284 at SUSECVE-2023-54284 at NVDCVE-2023-54286 at SUSECVE-2023-54286 at NVDCVE-2023-54287 at SUSECVE-2023-54287 at NVDCVE-2023-54289 at SUSECVE-2023-54289 at NVDCVE-2023-54292 at SUSECVE-2023-54292 at NVDCVE-2023-54293 at SUSECVE-2023-54293 at NVDCVE-2023-54294 at SUSECVE-2023-54294 at NVDCVE-2023-54295 at SUSECVE-2023-54295 at NVDCVE-2023-54298 at SUSECVE-2023-54298 at NVDCVE-2023-54299 at SUSECVE-2023-54299 at NVDCVE-2023-54300 at SUSECVE-2023-54300 at NVDCVE-2023-54301 at SUSECVE-2023-54301 at NVDCVE-2023-54302 at SUSECVE-2023-54302 at NVDCVE-2023-54304 at SUSECVE-2023-54304 at NVDCVE-2023-54305 at SUSECVE-2023-54305 at NVDCVE-2023-54309 at SUSECVE-2023-54309 at NVDCVE-2023-54311 at SUSECVE-2023-54311 at NVDCVE-2023-54315 at SUSECVE-2023-54315 at NVDCVE-2023-54317 at SUSECVE-2023-54317 at NVDCVE-2023-54319 at SUSECVE-2023-54319 at NVDCVE-2023-54321 at SUSECVE-2023-54321 at NVDCVE-2023-54325 at SUSECVE-2023-54325 at NVDCVE-2023-54326 at SUSECVE-2023-54326 at NVDCVE-2024-26581 at SUSECVE-2024-26581 at NVDCVE-2024-26832 at SUSECVE-2024-26832 at NVDCVE-2024-28956 at SUSECVE-2024-28956 at NVDCVE-2024-36348 at SUSECVE-2024-36348 at NVDCVE-2024-36349 at SUSECVE-2024-36349 at NVDCVE-2024-36350 at SUSECVE-2024-36350 at NVDCVE-2024-36357 at SUSECVE-2024-36357 at NVDCVE-2024-44987 at SUSECVE-2024-44987 at NVDCVE-2024-46854 at SUSECVE-2024-46854 at NVDCVE-2024-50143 at SUSECVE-2024-50143 at NVDCVE-2024-54031 at SUSECVE-2024-54031 at NVDCVE-2025-21658 at SUSECVE-2025-21658 at NVDCVE-2025-21738 at SUSECVE-2025-21738 at NVDCVE-2025-21760 at SUSECVE-2025-21760 at NVDCVE-2025-21764 at SUSECVE-2025-21764 at NVDCVE-2025-21765 at SUSECVE-2025-21765 at NVDCVE-2025-21766 at SUSECVE-2025-21766 at NVDCVE-2025-38068 at SUSECVE-2025-38068 at NVDCVE-2025-38129 at SUSECVE-2025-38129 at NVDCVE-2025-38159 at SUSECVE-2025-38159 at NVDCVE-2025-38375 at SUSECVE-2025-38375 at NVDCVE-2025-38563 at SUSECVE-2025-38563 at NVDCVE-2025-38565 at SUSECVE-2025-38565 at NVDCVE-2025-38684 at SUSECVE-2025-38684 at NVDCVE-2025-39977 at SUSECVE-2025-39977 at NVDCVE-2025-40019 at SUSECVE-2025-40019 at NVDCVE-2025-40044 at SUSECVE-2025-40044 at NVDCVE-2025-40139 at SUSECVE-2025-40139 at NVDCVE-2025-40215 at SUSECVE-2025-40215 at NVDCVE-2025-40220 at SUSECVE-2025-40220 at NVDCVE-2025-40233 at SUSECVE-2025-40233 at NVDCVE-2025-40256 at SUSECVE-2025-40256 at NVDCVE-2025-40257 at SUSECVE-2025-40257 at NVDCVE-2025-40258 at SUSECVE-2025-40258 at NVDCVE-2025-40277 at SUSECVE-2025-40277 at NVDCVE-2025-40280 at SUSECVE-2025-40280 at NVDCVE-2025-40300 at SUSECVE-2025-40300 at NVDCVE-2025-40331 at SUSECVE-2025-40331 at NVDCVE-2025-68183 at SUSECVE-2025-68183 at NVDCVE-2025-68284 at SUSECVE-2025-68284 at NVDCVE-2025-68285 at SUSECVE-2025-68285 at NVDCVE-2025-68312 at SUSECVE-2025-68312 at NVDCVE-2025-68732 at SUSECVE-2025-68732 at NVDCVE-2025-68813 at SUSECVE-2025-68813 at NVDCVE-2025-71085 at SUSECVE-2025-71085 at NVDCVE-2025-71089 at SUSECVE-2025-71089 at NVDCVE-2025-71112 at SUSECVE-2025-71112 at NVDCVE-2025-71116 at SUSECVE-2025-71116 at NVDCVE-2025-71120 at SUSECVE-2025-71120 at NVDCVE-2026-22999 at SUSECVE-2026-22999 at NVDCVE-2026-23001 at SUSECVE-2026-23001 at NVDCVE-2026-23074 at SUSECVE-2026-23074 at NVDCVE-2026-23089 at SUSECVE-2026-23089 at NVDcpe:/o:suse:sle-micro:5.4Security update for protobuf (Moderate)SUSE Linux Enterprise Micro 5.4
This update for protobuf fixes the following issues:i
- CVE-2026-0994: Fixed google.protobuf.Any recursion depth bypass in Python json_format.ParseDict (bsc#1257173).
ModerateSUSE bug 1257173CVE-2026-0994 at SUSECVE-2026-0994 at NVDcpe:/o:suse:sle-micro:5.4Security update for python3 (Important)SUSE Linux Enterprise Micro 5.4
This update for python3 fixes the following issues:
- CVE-2025-11468: header injection when folding a long comment in an email header containing exclusively unfoldable
characters (bsc#1257029).
- CVE-2026-0672: HTTP header injection via user-controlled cookie values and parameters when using http.cookies.Morsel
(bsc#1257031).
- CVE-2026-0865: user-controlled header containing newlines can allow injecting HTTP headers (bsc#1257042).
- CVE-2025-15366: user-controlled command can allow additional commands injected using newlines (bsc#1257044).
- CVE-2025-15282: user-controlled data URLs parsed may allow injecting headers (bsc#1257046).
- CVE-2025-15367: control characters may allow the injection of additional commands (bsc#1257041).
ImportantSUSE bug 1257029SUSE bug 1257031SUSE bug 1257041SUSE bug 1257042SUSE bug 1257044SUSE bug 1257046CVE-2025-11468 at SUSECVE-2025-11468 at NVDCVE-2025-15282 at SUSECVE-2025-15282 at NVDCVE-2025-15366 at SUSECVE-2025-15366 at NVDCVE-2025-15367 at SUSECVE-2025-15367 at NVDCVE-2026-0672 at SUSECVE-2026-0672 at NVDCVE-2026-0865 at SUSECVE-2026-0865 at NVDcpe:/o:suse:sle-micro:5.4Security update for docker (Moderate)SUSE Linux Enterprise Micro 5.4
This update for docker fixes the following issues:
- CVE-2025-58181: Fixed a bug in crypto/ssh where invalidated number of mechanisms can cause unbounded memory consumption. (bsc#1253904)
ModerateSUSE bug 1253904CVE-2025-58181 at SUSECVE-2025-58181 at NVDcpe:/o:suse:sle-micro:5.4Security update for ucode-intel (Important)SUSE Linux Enterprise Micro 5.4
This update for ucode-intel fixes the following issues:
- Intel CPU Microcode was updated to the 20260210 release (bsc#1258046)
- CVE-2024-24853: Updated fix for incorrect behavior order in transition
between executive monitor and SMI transfer monitor (STM) in some Intel(R)
Processor may allow a privileged user to potentially enable escalation
of privilege via local access. (bsc#1229129)
- CVE-2025-31648: Improper handling of values in the microcode flow for
some Intel Processor Family may allow an escalation of privilege. (bsc#1258046)
ImportantSUSE bug 1229129SUSE bug 1258046CVE-2024-24853 at SUSECVE-2024-24853 at NVDCVE-2025-31648 at SUSECVE-2025-31648 at NVDcpe:/o:suse:sle-micro:5.4Security update for gpg2 (Moderate)SUSE Linux Enterprise Micro 5.4
This update for gpg2 fixes the following issues:
Security fix:
- Fixed GnuPG accepting Path Separators and Path Traversals
in Literal Data (bsc#1256389)
ModerateSUSE bug 1256389cpe:/o:suse:sle-micro:5.4Security update for shim (Moderate)SUSE Linux Enterprise Micro 5.4
This update for shim fixes the following issues:
shim is updated to version 16.1:
- shim_start_image(): fix guid/handle pairing when uninstalling protocols
- Fix uncompressed ipv6 netboot
- fix test segfaults caused by uninitialized memory
- SbatLevel_Variable.txt: minor typo fix.
- Realloc() needs to allocate one more byte for sprintf()
- IPv6: Add more check to avoid multiple double colon and illegal char
- Loader proto v2
- loader-protocol: add workaround for EDK2 2025.02 page fault on FreePages
- Generate Authenticode for the entire PE file
- README: mention new loader protocol and interaction with UKIs
- shim: change automatically enable MOK_POLICY_REQUIRE_NX
- Save var info
- add SbatLevel entry 2025051000 for PSA-2025-00012-1
- Coverity fixes 20250804
- fix http boot
- Fix double free and leak in the loader protocol
shim is updated to version 16.0:
- Validate that a supplied vendor cert is not in PEM format
- sbat: Add grub.peimage,2 to latest (CVE-2024-2312)
- sbat: Also bump latest for grub,4 (and to todays date)
- undo change that limits certificate files to a single file
- shim: don't set second_stage to the empty string
- Fix SBAT.md for today's consensus about numbers
- Update Code of Conduct contact address
- make-certs: Handle missing OpenSSL installation
- Update MokVars.txt
- export DEFINES for sub makefile
- Drop unused EFI_IMAGE_SECURITY_DATABASE_GUID definition
- Null-terminate 'arguments' in fallback
- Fix 'Verifiying' typo in error message
- Update Fedora CI targets
- Force gcc to produce DWARF4 so that gdb can use it
- Minor housekeeping 2024121700
- Discard load-options that start with WINDOWS
- Fix the issue that the gBS->LoadImage pointer was empty.
- shim: Allow data after the end of device path node in load options
- Handle network file not found like disks
- Update gnu-efi submodule for EFI_HTTP_ERROR
- Increase EFI file alignment
- avoid EFIv2 runtime services on Apple x86 machines
- Improve shortcut performance when comparing two boolean expressions
- Provide better error message when MokManager is not found
- tpm: Boot with a warning if the event log is full
- MokManager: remove redundant logical constraints
- Test import_mok_state() when MokListRT would be bigger than available size
- test-mok-mirror: minor bug fix
- Fix file system browser hang when enrolling MOK from disk
- Ignore a minor clang-tidy nit
- Allow fallback to default loader when encountering errors on network boot
- test.mk: don't use a temporary random.bin
- pe: Enhance debug report for update_mem_attrs
- Multiple certificate handling improvements
- Generate SbatLevel Metadata from SbatLevel_Variable.txt
- Apply EKU check with compile option
- Add configuration option to boot an alternative 2nd stage
- Loader protocol (with Device Path resolution support)
- netboot cleanup for additional files
- Document how revocations can be delivered
- post-process-pe: add tests to validate NX compliance
- regression: CopyMem() in ad8692e copies out of bounds
- Save the debug and error logs in mok-variables
- Add features for the Host Security ID program
- Mirror some more efi variables to mok-variables
- This adds DXE Services measurements to HSI and uses them for NX
- Add shim's current NX_COMPAT status to HSIStatus
- README.tpm: reflect that vendor_db is in fact logged as 'vendor_db'
- Reject HTTP message with duplicate Content-Length header fields
- Disable log saving
- fallback: don't add new boot order entries backwards
- README.tpm: Update MokList entry to MokListRT
- SBAT Level update for February 2025 GRUB CVEs
ModerateSUSE bug 1240871SUSE bug 1247432CVE-2024-2312 at SUSECVE-2024-2312 at NVDcpe:/o:suse:sle-micro:5.4Security update for libxslt (Moderate)SUSE Linux Enterprise Micro 5.4
This update for libxslt fixes the following issues:
- CVE-2025-10911: use-after-free will be fixed on libxml2 side instead (bsc#1250553).
ModerateSUSE bug 1250553CVE-2025-10911 at SUSECVE-2025-10911 at NVDcpe:/o:suse:sle-micro:5.4Security update for mozilla-nss (Moderate)SUSE Linux Enterprise Micro 5.4
This update for mozilla-nss fixes the following issues:
Update to NSS 3.112.3:
* CVE-2026-2781: Avoid integer overflow in platform-independent ghash (bsc#1258568)
ModerateSUSE bug 1258568CVE-2026-2781 at SUSECVE-2026-2781 at NVDcpe:/o:suse:sle-micro:5.4Security update for openCryptoki (Moderate)SUSE Linux Enterprise Micro 5.4
This update for openCryptoki fixes the following issues:
- CVE-2026-23893: Fixed privilege escalation or data exposure via symlink following (bsc#1257116)
ModerateSUSE bug 1257116CVE-2026-23893 at SUSECVE-2026-23893 at NVDcpe:/o:suse:sle-micro:5.4Security update for expat (Moderate)SUSE Linux Enterprise Micro 5.4
This update for expat fixes the following issues:
- CVE-2026-24515: Fixed a null dereference in XML_ExternalEntityParserCreate. (bsc#1257144)
- CVE-2026-25210: Fixed an integer overflow in doContent. (bsc#1257496)
ModerateSUSE bug 1257144SUSE bug 1257496CVE-2026-24515 at SUSECVE-2026-24515 at NVDCVE-2026-25210 at SUSECVE-2026-25210 at NVDcpe:/o:suse:sle-micro:5.4Security update for libsoup2 (Important)SUSE Linux Enterprise Micro 5.4
This update for libsoup2 fixes the following issues:
- CVE-2025-32049: denial of service attack to websocket server (bsc#1240751).
- CVE-2026-1467: lack of input sanitization can lead to unintended or unauthorized HTTP requests (bsc#1257398).
- CVE-2026-1539: proxy authentication credentials leaked via the Proxy-Authorization header when handling HTTP redirects
(bsc#1257441).
- CVE-2026-1760: improper handling of HTTP requests combining certain headers by SoupServer can lead to HTTP request
smuggling and potential DoS (bsc#1257597).
- CVE-2026-2369: buffer overread due to integer underflow when handling zero-length resources (bsc#1258120).
- CVE-2026-2443: out-of-bounds read when processing specially crafted HTTP Range headers can lead to heap information
disclosure to remote attackers (bsc#1258170).
- CVE-2026-2708: HTTP request smuggling via duplicate Content-Length headers (bsc#1258508).
ImportantSUSE bug 1240751SUSE bug 1257398SUSE bug 1257441SUSE bug 1257597SUSE bug 1258120SUSE bug 1258170SUSE bug 1258508CVE-2025-32049 at SUSECVE-2025-32049 at NVDCVE-2026-1467 at SUSECVE-2026-1467 at NVDCVE-2026-1539 at SUSECVE-2026-1539 at NVDCVE-2026-1760 at SUSECVE-2026-1760 at NVDCVE-2026-2369 at SUSECVE-2026-2369 at NVDCVE-2026-2443 at SUSECVE-2026-2443 at NVDCVE-2026-2708 at SUSECVE-2026-2708 at NVDcpe:/o:suse:sle-micro:5.4Security update for python-tornado (Moderate)SUSE Linux Enterprise Micro 5.4
This update for python-tornado fixes the following issue:
- CVE-2025-67724: missing validation of the supplied reason phrase (bsc#1254903).
ModerateSUSE bug 1254903CVE-2025-67724 at SUSECVE-2025-67724 at NVDcpe:/o:suse:sle-micro:5.4Security update for gnutls (Moderate)SUSE Linux Enterprise Micro 5.4
This update for gnutls fixes the following issues:
- CVE-2025-14831: excessive resource consumption when verifying specially crafted malicious certificates containing
a large number of name constraints and subject alternative names (SANs) (bsc#1257960).
ModerateSUSE bug 1257960CVE-2025-14831 at SUSECVE-2025-14831 at NVDcpe:/o:suse:sle-micro:5.4Security update for glibc (Important)SUSE Linux Enterprise Micro 5.4
This update for glibc fixes the following issues:
- CVE-2026-0861: memalign: reinstate alignment overflow check (bsc#1256766)
- CVE-2026-0915: resolv: Fix NSS DNS backend for getnetbyaddr (bsc#1256822)
- CVE-2025-15281: posix: Reset wordexp_t fields with WRDE_REUSE (bsc#1257005)
- CVE-2025-8058: posix: Fix double-free after allocation failure in regcomp (bsc#1246965)
ImportantSUSE bug 1246965SUSE bug 1256766SUSE bug 1256822SUSE bug 1257005CVE-2025-15281 at SUSECVE-2025-15281 at NVDCVE-2025-8058 at SUSECVE-2025-8058 at NVDCVE-2026-0861 at SUSECVE-2026-0861 at NVDCVE-2026-0915 at SUSECVE-2026-0915 at NVDcpe:/o:suse:sle-micro:5.4Security update for curl (Important)SUSE Linux Enterprise Micro 5.4
This update for curl fixes the following issues:
- CVE-2026-1965: bad reuse of HTTP Negotiate connection (bsc#1259362).
- CVE-2026-3783: token leak with redirect and netrc (bsc#1259363).
- CVE-2026-3784: wrong proxy connection reuse with credentials (bsc#1259364).
- CVE-2026-3805: use after free in SMB connection reuse (bsc#1259365).
ImportantSUSE bug 1259362SUSE bug 1259363SUSE bug 1259364SUSE bug 1259365CVE-2026-1965 at SUSECVE-2026-1965 at NVDCVE-2026-3783 at SUSECVE-2026-3783 at NVDCVE-2026-3784 at SUSECVE-2026-3784 at NVDCVE-2026-3805 at SUSECVE-2026-3805 at NVDcpe:/o:suse:sle-micro:5.4Security update for jq (Low)SUSE Linux Enterprise Micro 5.4
This update for jq fixes the following issue:
- CVE-2025-9403: test suite assertion failure in JSON parsing consistency validation (bsc#1248600).
LowSUSE bug 1248600CVE-2025-9403 at SUSECVE-2025-9403 at NVDcpe:/o:suse:sle-micro:5.4Security update for runc (Important)SUSE Linux Enterprise Micro 5.4
This update for runc rebuilds it against the current go 1.25 security release.
Importantcpe:/o:suse:sle-micro:5.4Security update for docker (Important)SUSE Linux Enterprise Micro 5.4
This update for docker rebuilds it against the current go 1.25 security release.
Importantcpe:/o:suse:sle-micro:5.4Security update for util-linux (Moderate)SUSE Linux Enterprise Micro 5.4
This update for util-linux fixes the following issues:
- CVE-2026-3184: Fix full hostname usage for PAM to ensure correct access control for 'login -h' (bsc#1258859).
ModerateSUSE bug 1258859CVE-2026-3184 at SUSECVE-2026-3184 at NVDcpe:/o:suse:sle-micro:5.4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.4
The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2025-21738: ata: libata-sff: Ensure that we cannot write outside the allocated buffer (bsc#1238917).
- CVE-2025-40242: gfs2: Fix unlikely race in gdlm_put_lock (bsc#1255075).
- CVE-2025-71066: net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change (bsc#1256645).
- CVE-2026-23004: dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list() (bsc#1257231).
- CVE-2026-23060: crypto: authencesn - reject too-short AAD (assoclen<8) to match ESP/ESN spec (bsc#1257735).
- CVE-2026-23191: ALSA: aloop: Fix racy access at PCM trigger (bsc#1258395).
- CVE-2026-23204: net/sched: cls_u32: use skb_header_pointer_careful() (bsc#1258340).
- CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258518).
- CVE-2026-23268: apparmor: fix unprivileged local user can do privileged policy management (bsc#1258850).
- CVE-2026-23269: apparmor: validate DFA start states are in bounds in unpack_pdb (bsc#1259857).
The following non-security bugs were fixed:
- Disable CONFIG_NET_SCH_ATM (jsc#PED-12836).
- apparmor: Fix double free of ns_name in aa_replace_profiles() (bsc#1258849).
- apparmor: fix differential encoding verification (bsc#1258849).
- apparmor: fix memory leak in verify_header (bsc#1258849).
- apparmor: fix missing bounds check on DEFAULT table in verify_dfa() (bsc#1258849).
- apparmor: fix race between freeing data and fs accessing it (bsc#1258849).
- apparmor: fix race on rawdata dereference (bsc#1258849).
- apparmor: fix side-effect bug in match_char() macro usage (bsc#1258849).
- apparmor: fix unprivileged local user can do privileged policy management (bsc#1258849).
- apparmor: fix: limit the number of levels of policy namespaces (bsc#1258849).
- apparmor: replace recursive profile removal with iterative approach (bsc#1258849).
- apparmor: validate DFA start states are in bounds in unpack_pdb (bsc#1258849).
ImportantSUSE bug 1238917SUSE bug 1255075SUSE bug 1256645SUSE bug 1257231SUSE bug 1257473SUSE bug 1257732SUSE bug 1257735SUSE bug 1258340SUSE bug 1258395SUSE bug 1258518SUSE bug 1258849SUSE bug 1258850SUSE bug 1259857CVE-2025-21738 at SUSECVE-2025-21738 at NVDCVE-2025-40242 at SUSECVE-2025-40242 at NVDCVE-2025-71066 at SUSECVE-2025-71066 at NVDCVE-2026-23004 at SUSECVE-2026-23004 at NVDCVE-2026-23054 at SUSECVE-2026-23054 at NVDCVE-2026-23060 at SUSECVE-2026-23060 at NVDCVE-2026-23191 at SUSECVE-2026-23191 at NVDCVE-2026-23204 at SUSECVE-2026-23204 at NVDCVE-2026-23209 at SUSECVE-2026-23209 at NVDCVE-2026-23268 at SUSECVE-2026-23268 at NVDCVE-2026-23269 at SUSECVE-2026-23269 at NVDcpe:/o:suse:sle-micro:5.4NetworkManagerNetworkManager-bluetoothNetworkManager-cloud-setupNetworkManager-pppoeNetworkManager-tuiNetworkManager-wwanlibnm0typelib-1_0-NM-1_0SLE-Micro-releaseafterburnafterburn-dracutaideapparmor-parserlibapparmor1pam_apparmoraugeasaugeas-lenseslibaugeas0avahilibavahi-client3libavahi-common3libavahi-core7aws-clibashbash-shlibreadline7bcm43xx-firmwarebtrfsmaintenancebzip2libbz2-1chronychrony-pool-susecifs-utilscnicni-pluginsconmonconntrack-toolscontainerdcontainerized-data-importer-manifestscoolkeycoreutilscpiocracklibcracklib-dict-smalllibcrack2cryptsetuplibcryptsetup12libcryptsetup12-hmaccups-configlibcups2curllibcurl4cyrus-saslcyrus-sasl-digestmd5cyrus-sasl-gssapilibsasl2-3db48-utilslibdb-4_8dbus-1dbus-1-x11libdbus-1-3dnsmasqdockerdocker-libnetworkdocker-runcdracutdracut-fipsdracut-mkinitrd-deprecatede2fsprogslibcom_err2libext2fs2elfutilslibasm1libdw1libelf1filefile-magiclibmagic1firewalldpython3-firewallfuselibfuse2gdk-pixbuf-loader-rsvglibrsvg-2-2gdk-pixbuf-query-loaderslibgdk_pixbuf-2_0-0typelib-1_0-GdkPixbuf-2_0glib-networkingglib2-toolslibgio-2_0-0libglib-2_0-0libgmodule-2_0-0libgobject-2_0-0glibcglibc-develglibc-localeglibc-locale-basegnutlslibgnutls30libgnutls30-hmacgpg2gptfdiskgrepgroffgrub2grub2-arm64-efigrub2-i386-pcgrub2-powerpc-ieee1275grub2-s390x-emugrub2-snapper-plugingrub2-x86_64-efigrub2-x86_64-xengstreamerlibgstreamer-1_0-0gstreamer-plugins-baselibgstallocators-1_0-0libgstapp-1_0-0libgstaudio-1_0-0libgstgl-1_0-0libgstpbutils-1_0-0libgstriff-1_0-0libgsttag-1_0-0libgstvideo-1_0-0gtk2-toolslibgtk-2_0-0guestfs-dataguestfs-toolslibguestfs0perl-Sys-Guestfsgzipliblzma5xzhaproxyiscsiuiolibopeniscsiusr0_2_0open-iscsijqlibjq1kdumpkeepalivedkernel-defaultkernel-firmware-allkernel-firmware-amdgpukernel-firmware-ath10kkernel-firmware-ath11kkernel-firmware-atheroskernel-firmware-bluetoothkernel-firmware-bnx2kernel-firmware-brcmkernel-firmware-chelsiokernel-firmware-dpaa2kernel-firmware-i915kernel-firmware-intelkernel-firmware-iwlwifikernel-firmware-liquidiokernel-firmware-marvellkernel-firmware-mediakernel-firmware-mediatekkernel-firmware-mellanoxkernel-firmware-mwifiexkernel-firmware-networkkernel-firmware-nfpkernel-firmware-nvidiakernel-firmware-platformkernel-firmware-presterakernel-firmware-qcomkernel-firmware-qlogickernel-firmware-radeonkernel-firmware-realtekkernel-firmware-serialkernel-firmware-soundkernel-firmware-tikernel-firmware-ueaglekernel-firmware-usb-networkucode-amdkernel-rtkpartxlibmpath0multipath-toolskrb5kubevirt-manifestskubevirt-virtctllesslibX11-6libX11-datalibX11-xcb1libXcursor1libXext6libXfixes3libXi6libXinerama1libXrandr2libXrender1libXtst6libXv1libarchive13libaudit1libauparse0libblkid1libfdisk1libmount1libsmartcols1libuuid1util-linuxutil-linux-systemdlibbluetooth3libbrotlicommon1libbrotlidec1libbsd0libcairo-gobject2libcairo2libcares2libcolord2libcontainers-commonlibekmfweb1libkmipclient1s390-toolslibevent-2_1-8libexpat1libfreebl3libfreebl3-hmaclibsoftokn3libsoftokn3-hmacmozilla-nssmozilla-nss-certsmozilla-nss-toolslibfreetype6libfribidi0libgbm1libgcrypt20libgcrypt20-hmaclibgmp10libgraphite2-3libharfbuzz-gobject0libharfbuzz0typelib-1_0-HarfBuzz-0_0libhivex0perl-Win-Hivexlibhogweed6libnettle8libicu-suse65_1libicu65_1-bedatalibicu65_1-ledatalibidn2-0libjansson4libjbig2libjpeg8libjson-c3libksba8liblcms2-2libldap-2_4-2libldap-datalibldb2liblua5_3-5liblz4-1liblzo2-2libmicrohttpd12libmpfr6libmspack0libncurses6ncurses-utilsterminfoterminfo-baselibndp0libnewt0_52libnghttp2-14libonig4libopenssl-1_1-devellibopenssl1_1libopenssl1_1-hmacopenssl-1_1libopus0libosinfolibosinfo-1_0-0typelib-1_0-Libosinfo-1_0libp11-kit0p11-kitp11-kit-toolslibpango-1_0-0typelib-1_0-Pango-1_0libpcap1libpcre1libpcre2-8-0libpcsclite1pcsc-litelibpixman-1-0libpng16-16libpolkit0polkitlibprocps7procpslibprotobuf-lite20libproxy1libpython3_6m1_0python3python3-baselibrados2librbd1libseccomp2libsepol2libslirp0libsnmp40snmp-mibslibsolv-toolslibsoup-2_4-1libspice-server1libsqlite3-0sqlite3-tcllibssh-configlibssh4libssh2-1libsss_certmap0libsss_idmap0libsss_nss_idmap0sssdsssd-commonsssd-krb5-commonsssd-ldaplibsystemd0libudev1systemdsystemd-containersystemd-journal-remotesystemd-sysvinitudevlibtasn1libtasn1-6libtiff5libtirpc-netconfiglibtirpc3libtpms0libtss2-esys0libtss2-fapi1libtss2-mu0libtss2-rc0libtss2-sys1libtss2-tcti-device0libtss2-tctildr0tpm2-0-tsslibudisks2-0libudisks2-0_btrfslibudisks2-0_lvm2udisks2libunwindlibvirglrenderer1libvirt-clientlibvirt-daemonlibvirt-daemon-driver-interfacelibvirt-daemon-driver-networklibvirt-daemon-driver-nodedevlibvirt-daemon-driver-nwfilterlibvirt-daemon-driver-qemulibvirt-daemon-driver-secretlibvirt-daemon-driver-storagelibvirt-daemon-driver-storage-corelibvirt-daemon-driver-storage-disklibvirt-daemon-driver-storage-iscsilibvirt-daemon-driver-storage-iscsi-directlibvirt-daemon-driver-storage-logicallibvirt-daemon-driver-storage-mpathlibvirt-daemon-driver-storage-rbdlibvirt-daemon-driver-storage-scsilibvirt-daemon-qemulibvirt-libslibvmtools0open-vm-toolslibvorbis0libvorbisenc2libxkbcommon0libxml2-2libxml2-toolspython3-libxml2libxslt1libyajl2libyaml-cpp0_6libz1zlib-devellibzmq5libzstd1zstdlibzypplogin_defsshadowlogrotatemozilla-nsprnfs-clientnfs-kernel-serveropenscopenslpopensshopenssh-clientsopenssh-commonopenssh-fipsopenssh-serveropensslpampam_u2fperlperl-baseperl-ExtUtils-MakeMakerpermissionspodmanpodman-cni-configpolicycoreutilspolicycoreutils-develpolicycoreutils-python-utilspython3-policycoreutilspowerpc-utilspppprocmailpython3-Babelpython3-Jinja2python3-M2Cryptopython3-PyYAMLpython3-certifipython3-cryptographypython3-futurepython3-lxmlpython3-pypython3-requestspython3-rsapython3-saltsaltsalt-minionsalt-transactional-updatepython3-setuptoolspython3-urllib3qemuqemu-SLOFqemu-accel-tcg-x86qemu-armqemu-audio-spiceqemu-chardev-spiceqemu-guest-agentqemu-hw-display-qxlqemu-hw-display-virtio-gpuqemu-hw-display-virtio-vgaqemu-hw-usb-redirectqemu-ipxeqemu-ppcqemu-s390xqemu-seabiosqemu-sgabiosqemu-toolsqemu-ui-openglqemu-ui-spice-coreqemu-vgabiosqemu-x86qemu-ovmf-x86_64qemu-uefi-aarch64rpcbindrpmrsyncruncsamba-client-libssamba-libsshimslirp4netnssocatsquashfssudosupportutilsswtpmsysstattartpm2.0-toolstrousersu-boot-rpiarm64ucode-intelupdate-alternativesvim-data-commonvim-smallvirt-installvirt-manager-commonwickedwicked-servicewpa_supplicantxen-libszypperzypper-needs-restartingkernel-default-baselibwayland-client0libwayland-cursor0libwayland-egl1libwayland-server0dmidecodeopenssl-ibmcatftpboot-installation-SLE-Micro-5.4-aarch64tftpboot-installation-SLE-Micro-5.4-s390xtftpboot-installation-SLE-Micro-5.4-x86_64xxdignitionignition-dracut-grub2python3-jmespathpython3-plypython3-simplejsonpython3-pyzmqlibcap2python3-tornadolibopenssl3python3-configobjlibxmlsec1-1libxmlsec1-openssl1gawkca-certificates-mozillalibicu73_2libicu73_2-bedatalibicu73_2-ledatalibgcc_s1libstdc++6mdadmlibeconf0suse-module-toolslibzck1kernel-firmware-nvidia-gspx-G06nvidia-open-driver-G06-signed-kmp-defaultfdo-clientfdo-client-develtraceroutesuse-build-keykernel-source-rtcockpit-wickedpython3-idnapython3-rpmrpm-ndblibprotobuf-lite25_1_0podman-remotecockpitcockpit-bridgecockpit-networkmanagercockpit-selinuxcockpit-storagedcockpit-systemcockpit-wspython3-dnspythongtk3-datagtk3-schemagtk3-toolslibgtk-3-0typelib-1_0-Gtk-3_0liborc-0_4-0libatomic1libabsl2308_0_0libmozjs-60system-user-brlttys390-tools-genprotimg-dataiputilsscreenpam_pkcs11libbd_btrfs2libbd_crypto2libbd_fs2libbd_loop2libbd_lvm2libbd_mdraid2libbd_part2libbd_swap2libbd_utils2libblockdevlibblockdev2pam-configboost-license1_66_0libboost_system1_66_0libboost_thread1_66_0kernel-firmware-nvidia-gspx-G06-cudanv-prefer-signed-open-drivernvidia-open-driver-G06-signed-cuda-kmp-defaultrust-keylimeregionServiceClientConfigAzureregionServiceClientConfigEC2regionServiceClientConfigGCEnet-toolschrony-pool-emptylibprocps8python3-pyasn1libsodium23qemu-hw-display-virtio-gpu-pcidocker-buildxopenCryptoki(aarch64|ppc64le|s390x|x86_64)0:1.38.2-150400.1.35.4(aarch64|ppc64le|s390x|x86_64)0:5.2.0-150400.1.5(aarch64|ppc64le|s390x|x86_64)0:0.16-24.1(aarch64|ppc64le|s390x|x86_64)0:3.0.4-150400.5.3.1(aarch64|ppc64le|s390x|x86_64)0:1.12.0-150400.3.3.6(aarch64|ppc64le|s390x|x86_64)0:0.8-150400.5.73(aarch64|ppc64le|s390x|x86_64)0:1.24.4-150200.30.8.1(aarch64|ppc64le|s390x|x86_64)0:4.4-150400.25.22(aarch64|ppc64le|s390x|x86_64)0:7.0-150400.25.22(aarch64|ppc64le|s390x|x86_64)0:20180314-150400.28.5(aarch64|ppc64le|s390x|x86_64)0:0.4.2-3.3.1(aarch64|ppc64le|s390x|x86_64)0:1.0.8-150400.1.122(aarch64|ppc64le|s390x|x86_64)0:4.1-150400.19.4(aarch64|ppc64le|s390x|x86_64)0:6.15-150400.3.9.1(aarch64|ppc64le|s390x|x86_64)0:0.7.1-150100.3.8.1(aarch64|ppc64le|s390x|x86_64)0:0.8.6-150100.3.11.1(aarch64|ppc64le|s390x|x86_64)0:2.1.5-150400.3.3.1(aarch64|ppc64le|s390x|x86_64)0:1.4.5-1.46(aarch64|ppc64le|s390x|x86_64)0:1.6.12-150000.79.1(aarch64|ppc64le|s390x|x86_64)0:1.51.0-150400.4.7.1(aarch64|ppc64le|s390x|x86_64)0:1.1.0-1.31(aarch64|ppc64le|s390x|x86_64)0:8.32-150400.7.5(aarch64|ppc64le|s390x|x86_64)0:2.13-150400.1.98(aarch64|ppc64le|s390x|x86_64)0:2.9.7-11.6.1(aarch64|ppc64le|s390x|x86_64)0:2.4.3-150400.1.110(aarch64|ppc64le|s390x|x86_64)0:2.2.7-150000.3.35.1(aarch64|ppc64le|s390x|x86_64)0:7.79.1-150400.5.15.1(aarch64|ppc64le|s390x|x86_64)0:2.1.27-150300.4.6.1(aarch64|ppc64le|s390x|x86_64)0:4.8.30-150000.7.6.1(aarch64|ppc64le|s390x|x86_64)0:1.12.2-150400.18.5.1(aarch64|ppc64le|s390x|x86_64)0:2.86-150400.14.3(aarch64|ppc64le|s390x|x86_64)0:20.10.17_ce-150000.169.1(aarch64|ppc64le|s390x|x86_64)0:0.7.0.1+gitr2908_55e924b8a842-4.31.1(aarch64|ppc64le|s390x|x86_64)0:1.0.0rc10+gitr3981_dc9208a3303f-6.45.3(aarch64|ppc64le|s390x|x86_64)0:055+suse.331.g05b9ccb7-150400.3.16.1(aarch64|ppc64le|s390x|x86_64)0:1.46.4-150400.3.3.1(aarch64|ppc64le|s390x|x86_64)0:0.185-150400.5.3.1(aarch64|ppc64le|s390x|x86_64)0:5.32-7.14.1(aarch64|ppc64le|s390x|x86_64)0:0.9.3-150400.8.6.1(aarch64|ppc64le|s390x|x86_64)0:2.9.7-3.3.1(aarch64|ppc64le|s390x|x86_64)0:2.52.9-150400.3.3.1(aarch64|ppc64le|s390x|x86_64)0:2.42.9-150400.5.6.1(aarch64|ppc64le|s390x|x86_64)0:2.70.1-150400.1.6(aarch64|ppc64le|s390x|x86_64)0:2.70.5-150400.3.3.1(aarch64|ppc64le|s390x|x86_64)0:2.31-150300.41.1(aarch64|ppc64le|s390x|x86_64)0:3.7.3-150400.4.27.1(aarch64|ppc64le|s390x|x86_64)0:2.2.27-150300.3.5.1(aarch64|ppc64le|s390x|x86_64)0:1.0.8-150400.1.7(aarch64|ppc64le|s390x|x86_64)0:3.1-150000.4.6.1(aarch64|ppc64le|s390x|x86_64)0:1.22.4-150400.3.4(aarch64|ppc64le|s390x|x86_64)0:2.06-150400.11.17.1(aarch64|ppc64le|s390x|x86_64)0:1.20.1-150400.1.5(aarch64|ppc64le|s390x|x86_64)0:1.20.1-150400.1.9(aarch64|ppc64le|s390x|x86_64)0:2.24.33-150400.2.11(aarch64|ppc64le|s390x|x86_64)0:1.44.2-150400.3.3.1(aarch64|ppc64le|s390x|x86_64)0:1.10-150200.10.1(aarch64|ppc64le|s390x|x86_64)0:5.2.3-150000.4.7.1(aarch64|ppc64le|s390x|x86_64)0:2.4.8+git0.d1f8d41e0-150400.3.10.1(aarch64|ppc64le|s390x|x86_64)0:0.7.8.6-150400.39.8.1(aarch64|ppc64le|s390x|x86_64)0:2.1.7-150400.39.8.1(aarch64|ppc64le|s390x|x86_64)0:1.6-3.3.1(aarch64|ppc64le|s390x|x86_64)0:1.0.2+git20.g64239cc-150400.3.11.1(aarch64|ppc64le|s390x|x86_64)0:2.2.2-150400.3.7.2(aarch64|ppc64le|s390x|x86_64)0:5.14.21-150400.24.46.1(aarch64|ppc64le|s390x|x86_64)0:20220509-150400.4.13.1(aarch64|ppc64le|s390x|x86_64)0:5.14.21-150400.15.11.1(aarch64|ppc64le|s390x|x86_64)0:0.9.0+62+suse.3e048d4-150400.4.7.1(aarch64|ppc64le|s390x|x86_64)0:1.19.2-150400.3.3.1(aarch64|ppc64le|s390x|x86_64)0:0.54.0-150400.3.7.1(aarch64|ppc64le|s390x|x86_64)0:590-150400.3.3.1(aarch64|ppc64le|s390x|x86_64)0:1.6.5-150000.3.24.1(aarch64|ppc64le|s390x|x86_64)0:1.1.15-1.18(aarch64|ppc64le|s390x|x86_64)0:1.3.3-1.30(aarch64|ppc64le|s390x|x86_64)0:6.0.0-150400.1.4(aarch64|ppc64le|s390x|x86_64)0:1.7.9-3.2.1(aarch64|ppc64le|s390x|x86_64)0:1.1.3-1.22(aarch64|ppc64le|s390x|x86_64)0:1.5.1-2.17(aarch64|ppc64le|s390x|x86_64)0:0.9.10-1.30(aarch64|ppc64le|s390x|x86_64)0:1.2.3-1.24(aarch64|ppc64le|s390x|x86_64)0:1.0.11-1.23(aarch64|ppc64le|s390x|x86_64)0:3.5.1-150400.3.12.1(aarch64|ppc64le|s390x|x86_64)0:3.0.6-150400.2.13(aarch64|ppc64le|s390x|x86_64)0:2.37.2-150400.8.14.1(aarch64|ppc64le|s390x|x86_64)0:5.62-150400.4.8.1(aarch64|ppc64le|s390x|x86_64)0:1.0.7-3.3.1(aarch64|ppc64le|s390x|x86_64)0:0.8.7-3.3.17(aarch64|ppc64le|s390x|x86_64)0:1.16.0-150400.9.6(aarch64|ppc64le|s390x|x86_64)0:1.19.0-150000.3.20.1(aarch64|ppc64le|s390x|x86_64)0:1.4.5-150400.4.3.1(aarch64|ppc64le|s390x|x86_64)0:20210626-150400.1.3(aarch64|ppc64le|s390x|x86_64)0:2.19.0-150400.7.15.2(aarch64|ppc64le|s390x|x86_64)0:2.1.8-2.23(aarch64|ppc64le|s390x|x86_64)0:2.4.4-150400.3.12.1(aarch64|ppc64le|s390x|x86_64)0:3.79.4-150400.3.26.1(aarch64|ppc64le|s390x|x86_64)0:2.10.4-150000.4.12.1(aarch64|ppc64le|s390x|x86_64)0:1.0.10-150400.3.3.1(aarch64|ppc64le|s390x|x86_64)0:21.2.4-150400.68.9.1(aarch64|ppc64le|s390x|x86_64)0:1.9.4-150400.6.5.1(aarch64|ppc64le|s390x|x86_64)0:6.1.2-4.9.1(aarch64|ppc64le|s390x|x86_64)0:1.3.11-150000.4.3.1(aarch64|ppc64le|s390x|x86_64)0:3.4.0-150400.3.3.1(aarch64|ppc64le|s390x|x86_64)0:1.3.21-150400.2.10(aarch64|ppc64le|s390x|x86_64)0:3.7.3-150400.2.21(aarch64|ppc64le|s390x|x86_64)0:65.1-150200.4.5.1(aarch64|ppc64le|s390x|x86_64)0:2.2.0-3.6.1(aarch64|ppc64le|s390x|x86_64)0:2.9-1.24(aarch64|ppc64le|s390x|x86_64)0:2.1-3.2.1(aarch64|ppc64le|s390x|x86_64)0:8.2.2-150400.15.9(aarch64|ppc64le|s390x|x86_64)0:0.13-3.3.1(aarch64|ppc64le|s390x|x86_64)0:1.3.5-150000.4.6.1(aarch64|ppc64le|s390x|x86_64)0:2.12-150400.1.10(aarch64|ppc64le|s390x|x86_64)0:2.4.46-150200.14.11.2(aarch64|ppc64le|s390x|x86_64)0:2.4.3-150400.4.8.1(aarch64|ppc64le|s390x|x86_64)0:5.3.6-3.6.1(aarch64|ppc64le|s390x|x86_64)0:1.9.3-150400.1.7(aarch64|ppc64le|s390x|x86_64)0:2.10-2.22(aarch64|ppc64le|s390x|x86_64)0:0.9.57-1.33(aarch64|ppc64le|s390x|x86_64)0:4.0.2-3.3.1(aarch64|ppc64le|s390x|x86_64)0:0.6-3.14.1(aarch64|ppc64le|s390x|x86_64)0:6.1-150000.5.12.1(aarch64|ppc64le|s390x|x86_64)0:1.6-1.26(aarch64|ppc64le|s390x|x86_64)0:0.52.20-5.35(aarch64|ppc64le|s390x|x86_64)0:1.40.0-6.1(aarch64|ppc64le|s390x|x86_64)0:6.7.0-150000.3.3.1(aarch64|ppc64le|s390x|x86_64)0:1.1.1l-150400.7.25.1(aarch64|ppc64le|s390x|x86_64)0:1.3.1-150000.3.8.1(aarch64|ppc64le|s390x|x86_64)0:1.7.1-150400.8.6(aarch64|ppc64le|s390x|x86_64)0:0.23.22-150400.1.10(aarch64|ppc64le|s390x|x86_64)0:1.50.4-150400.1.5(aarch64|ppc64le|s390x|x86_64)0:1.10.1-150400.1.7(aarch64|ppc64le|s390x|x86_64)0:8.45-150000.20.13.1(aarch64|ppc64le|s390x|x86_64)0:10.39-150400.4.6.1(aarch64|ppc64le|s390x|x86_64)0:1.9.4-150400.1.9(aarch64|ppc64le|s390x|x86_64)0:0.40.0-150400.3.3.1(aarch64|ppc64le|s390x|x86_64)0:1.6.34-3.9.1(aarch64|ppc64le|s390x|x86_64)0:0.116-3.9.1(aarch64|ppc64le|s390x|x86_64)0:3.3.15-150000.7.28.1(aarch64|ppc64le|s390x|x86_64)0:3.9.2-150200.4.19.2(aarch64|ppc64le|s390x|x86_64)0:0.4.17-150400.1.8(aarch64|ppc64le|s390x|x86_64)0:3.6.15-150300.10.40.1(aarch64|ppc64le|s390x|x86_64)0:16.2.9.536+g41a9f9a5573-150400.3.3.1(aarch64|ppc64le|s390x|x86_64)0:2.5.3-150400.2.4(aarch64|ppc64le|s390x|x86_64)0:3.4-150400.1.11(aarch64|ppc64le|s390x|x86_64)0:4.3.1-150300.11.1(aarch64|ppc64le|s390x|x86_64)0:5.9.3-150300.15.8.1(aarch64|ppc64le|s390x|x86_64)0:0.7.22-150400.1.5(aarch64|ppc64le|s390x|x86_64)0:2.74.2-150400.1.6(aarch64|ppc64le|s390x|x86_64)0:0.15.0-150400.2.8(aarch64|ppc64le|s390x|x86_64)0:3.39.3-150000.3.20.1(aarch64|ppc64le|s390x|x86_64)0:0.9.6-150400.1.5(aarch64|ppc64le|s390x|x86_64)0:1.9.0-4.13.1(aarch64|ppc64le|s390x|x86_64)0:2.5.2-150400.4.11.1(aarch64|ppc64le|s390x|x86_64)0:249.15-150400.8.22.1(aarch64|ppc64le|s390x|x86_64)0:4.13-150000.4.8.1(aarch64|ppc64le|s390x|x86_64)0:4.0.9-150000.45.25.1(aarch64|ppc64le|s390x|x86_64)0:1.2.6-150300.3.17.1(aarch64|ppc64le|s390x|x86_64)0:0.8.2-150300.3.6.1(aarch64|ppc64le|s390x|x86_64)0:3.1.0-150400.3.3.1(aarch64|ppc64le|s390x|x86_64)0:2.9.2-150400.3.3.1(aarch64|ppc64le|s390x|x86_64)0:1.5.0-4.5.1(aarch64|ppc64le|s390x|x86_64)0:0.9.1-150400.3.3.1(aarch64|ppc64le|s390x|x86_64)0:8.0.0-150400.7.3.1(aarch64|ppc64le|s390x|x86_64)0:12.1.0-150300.21.2(aarch64|ppc64le|s390x|x86_64)0:1.3.6-150000.4.5.2(aarch64|ppc64le|s390x|x86_64)0:1.3.0-150400.1.13(aarch64|ppc64le|s390x|x86_64)0:2.9.14-150400.5.13.1(aarch64|ppc64le|s390x|x86_64)0:1.1.34-150400.3.3.1(aarch64|ppc64le|s390x|x86_64)0:2.1.0-150000.4.3.1(aarch64|ppc64le|s390x|x86_64)0:0.6.3-150400.4.3.1(aarch64|ppc64le|s390x|x86_64)0:1.2.11-150000.3.39.1(aarch64|ppc64le|s390x|x86_64)0:4.2.3-3.15.4(aarch64|ppc64le|s390x|x86_64)0:1.5.0-150400.1.71(aarch64|ppc64le|s390x|x86_64)0:17.31.2-150400.3.9.1(aarch64|ppc64le|s390x|x86_64)0:4.8.1-150400.1.7(aarch64|ppc64le|s390x|x86_64)0:3.18.1-150400.3.7.1(aarch64|ppc64le|s390x|x86_64)0:4.34.1-150000.3.26.1(aarch64|ppc64le|s390x|x86_64)0:2.1.1-150100.10.27.1(aarch64|ppc64le|s390x|x86_64)0:0.22.0-150400.1.7(aarch64|ppc64le|s390x|x86_64)0:2.0.0-6.15.1(aarch64|ppc64le|s390x|x86_64)0:8.4p1-150300.3.15.4(aarch64|ppc64le|s390x|x86_64)0:1.1.1l-150400.1.5(aarch64|ppc64le|s390x|x86_64)0:1.3.0-150000.6.61.1(aarch64|ppc64le|s390x|x86_64)0:1.2.0-150400.2.4(aarch64|ppc64le|s390x|x86_64)0:5.26.1-150300.17.11.1(aarch64|ppc64le|s390x|x86_64)0:7.62-150400.1.5(aarch64|ppc64le|s390x|x86_64)0:20201225-150400.5.16.1(aarch64|ppc64le|s390x|x86_64)0:4.3.1-150400.4.11.1(aarch64|ppc64le|s390x|x86_64)0:3.4-150400.1.1(aarch64|ppc64le|s390x|x86_64)0:1.3.10-150400.19.9.1(aarch64|ppc64le|s390x|x86_64)0:2.4.7-150000.5.8.1(aarch64|ppc64le|s390x|x86_64)0:3.22-2.34(aarch64|ppc64le|s390x|x86_64)0:2.8.0-3.3.1(aarch64|ppc64le|s390x|x86_64)0:2.10.1-3.10.2(aarch64|ppc64le|s390x|x86_64)0:0.38.0-150400.3.6.1(aarch64|ppc64le|s390x|x86_64)0:5.4.1-1.1(aarch64|ppc64le|s390x|x86_64)0:2018.1.18-150000.3.3.1(aarch64|ppc64le|s390x|x86_64)0:3.3.2-150400.16.3.1(aarch64|ppc64le|s390x|x86_64)0:0.18.2-150300.3.3.1(aarch64|ppc64le|s390x|x86_64)0:4.7.1-150200.3.10.1(aarch64|ppc64le|s390x|x86_64)0:1.10.0-150100.5.12.1(aarch64|ppc64le|s390x|x86_64)0:2.24.0-1.24(aarch64|ppc64le|s390x|x86_64)0:3.4.2-150000.3.7.1(aarch64|ppc64le|s390x|x86_64)0:3004-150400.8.20.1(aarch64|ppc64le|s390x|x86_64)0:44.1.1-150400.3.3.1(aarch64|ppc64le|s390x|x86_64)0:1.25.10-4.3.1(aarch64|ppc64le|s390x|x86_64)0:6.2.0-150400.37.8.2(aarch64|ppc64le|s390x|x86_64)0:1.0.0+-150400.37.8.2(aarch64|ppc64le|s390x|x86_64)0:1.15.0_0_g2dd4b9b-150400.37.8.2(aarch64|ppc64le|s390x|x86_64)0:8-150400.37.8.2(aarch64|ppc64le|s390x|x86_64)0:202202-150400.5.5.1(aarch64|ppc64le|s390x|x86_64)0:0.2.3-5.9.2(aarch64|ppc64le|s390x|x86_64)0:4.14.3-150300.52.1(aarch64|ppc64le|s390x|x86_64)0:3.2.3-150400.3.8.1(aarch64|ppc64le|s390x|x86_64)0:1.1.4-150000.36.1(aarch64|ppc64le|s390x|x86_64)0:4.15.13+git.591.ab36624310c-150400.3.19.1(aarch64|ppc64le|s390x|x86_64)0:15.4-4.7.1(aarch64|ppc64le|s390x|x86_64)0:0.4.7-3.15.1(aarch64|ppc64le|s390x|x86_64)0:1.7.3.2-4.10(aarch64|ppc64le|s390x|x86_64)0:4.4-1.1(aarch64|ppc64le|s390x|x86_64)0:1.9.9-150400.4.12.1(aarch64|ppc64le|s390x|x86_64)0:3.1.21-150300.7.35.15.1(aarch64|ppc64le|s390x|x86_64)0:0.5.3-150300.3.3.1(aarch64|ppc64le|s390x|x86_64)0:12.0.2-3.33.1(aarch64|ppc64le|s390x|x86_64)0:1.34-150000.3.31.1(aarch64|ppc64le|s390x|x86_64)0:5.2-150400.4.6(aarch64|ppc64le|s390x|x86_64)0:0.3.15-150400.1.10(aarch64|ppc64le|s390x|x86_64)0:2021.10-150400.4.11.1(aarch64|ppc64le|s390x|x86_64)0:20230214-150200.21.1(aarch64|ppc64le|s390x|x86_64)0:1.19.0.4-150000.4.4.1(aarch64|ppc64le|s390x|x86_64)0:9.0.1234-150000.5.34.1(aarch64|ppc64le|s390x|x86_64)0:4.0.0-150400.3.3.1(aarch64|ppc64le|s390x|x86_64)0:0.6.70-150400.3.3.1(aarch64|ppc64le|s390x|x86_64)0:2.9-150000.4.36.1(aarch64|ppc64le|s390x|x86_64)0:4.16.3_02-150400.4.19.1(aarch64|ppc64le|s390x|x86_64)0:1.14.57-150400.3.9.1(aarch64|x86_64)0:16.2.11.58+g38d6afd3b78-150400.3.6.1(x86_64)0:5.14.21-150400.15.18.1(aarch64|s390x|x86_64)0:1.9.9-150400.4.26.1(aarch64|s390x|x86_64)0:0.9.57-150000.3.3.1(aarch64|s390x|x86_64)0:1.5.0-150400.3.3.1(aarch64|s390x|x86_64)0:2.4.4-150400.4.11.1(aarch64|s390x|x86_64)0:4.15.13+git.636.53d93c5b9d6-150400.3.23.1(aarch64|x86_64)0:15.7-150300.4.11.1(aarch64|s390x|x86_64)0:5.14.21-150400.24.55.3(aarch64|s390x|x86_64)0:5.14.21-150400.24.55.3.150400.24.22.7(aarch64|s390x|x86_64)0:2.31-150300.46.1(aarch64|s390x|x86_64)0:1.1.1l-150400.7.31.2(aarch64|s390x|x86_64)0:2.1.5-150400.3.6.1(aarch64|s390x|x86_64)0:4.4.4-150400.4.16.1(noarch)0:4.4.4-150400.4.16.1(aarch64|s390x|x86_64)0:1.6.19-150000.87.1(aarch64|s390x|x86_64)0:3.4.0-150400.3.6.1(aarch64|s390x|x86_64)0:1.19.0-150400.3.3.1(aarch64|s390x|x86_64)0:99~1.19.0-150400.3.3.1(aarch64|s390x|x86_64)0:5.14.21-150400.24.60.1(aarch64|s390x|x86_64)0:5.14.21-150400.24.60.1.150400.24.24.3(aarch64|s390x|x86_64)0:1.1.1l-150400.7.34.1(aarch64|x86_64)0:3.4-150400.16.8.1(x86_64)0:1.51.0-150400.4.13.1(x86_64)0:0.54.0-150400.3.13.1(x86_64)0:5.14.21-150400.15.23.1(aarch64|s390x|x86_64)0:0.8-150400.7.3.1(aarch64|s390x|x86_64)0:1.1.5-150000.41.1(s390x)0:2.4.0-150400.4.8.1(aarch64|s390x|x86_64)0:0.8.2-150300.3.9.1(aarch64|s390x|x86_64)0:2.9.14-150400.5.16.1(aarch64|s390x|x86_64)0:2.70.5-150400.3.8.1(noarch)0:16.57.26-150400.3.2.1(aarch64|x86_64)0:15.7-150300.4.16.1(noarch)0:9.0.1443-150000.5.40.1(aarch64|s390x|x86_64)0:9.0.1443-150000.5.40.1(aarch64|s390x|x86_64)0:6.1-150000.5.15.1(aarch64|s390x|x86_64)0:2.15.0-150400.4.2.1(aarch64|s390x|x86_64)0:5.14.21-150400.24.63.1(aarch64|x86_64)0:5.14.21-150400.24.63.1.150400.24.27.1(aarch64|s390x|x86_64)0:2.1.5-150400.3.8.1(aarch64|s390x|x86_64)0:8.0.1-150400.5.23.1(x86_64)0:5.14.21-150400.15.28.2(noarch)0:202202-150400.5.10.1(x86_64)0:20230512-150200.24.1(aarch64|s390x|x86_64)0:1.6.19-150000.90.3(aarch64|s390x|x86_64)0:1.1.5-150000.43.1(aarch64|s390x|x86_64)0:1.19.1-150000.3.23.1(aarch64|s390x|x86_64)0:0.8.6-150100.3.13.1(aarch64|s390x|x86_64)0:0.7.1-150100.3.10.1(aarch64|s390x|x86_64)0:4.0.9-150000.45.28.1(aarch64|s390x|x86_64)0:1.1.1l-150400.7.37.1(aarch64|s390x|x86_64)0:2.2.7-150000.3.43.1(aarch64|s390x|x86_64)0:8.0.0-150400.7.6.1(aarch64|x86_64)0:8.0.0-150400.7.6.1(aarch64|s390x|x86_64)0:2.4.46-150200.14.14.1(noarch)0:2.4.46-150200.14.14.1(aarch64|s390x|x86_64)0:0.22.0-150400.3.3.1(aarch64|s390x|x86_64)0:3.6.15-150300.10.48.1(noarch)0:0.9.3-150000.3.3.4(noarch)0:3.10-150000.3.3.4(aarch64|s390x|x86_64)0:3006.0-150400.8.34.2(aarch64|s390x|x86_64)0:3.17.2-150300.3.2.3(aarch64|s390x|x86_64)0:17.1.2-150000.3.5.2(x86_64)0:12.2.0-150300.29.1(aarch64|s390x|x86_64)0:5.62-150400.4.13.1(aarch64|s390x|x86_64)0:1.6.5-150000.3.30.1(noarch)0:1.6.5-150000.3.30.1(aarch64|s390x|x86_64)0:2.2.7-150000.3.46.1(noarch)0:9.0.1572-150000.5.46.1(aarch64|s390x|x86_64)0:9.0.1572-150000.5.46.1(aarch64|s390x|x86_64)0:1.1.1l-150400.7.42.1(aarch64|s390x|x86_64)0:5.14.21-150400.24.66.1(aarch64|x86_64)0:5.14.21-150400.24.66.1.150400.24.29.1(aarch64|s390x|x86_64)0:2.63-150400.3.3.1(x86_64)0:5.14.21-150400.15.37.2(x86_64)0:5.14.21-150400.15.40.1(aarch64|s390x|x86_64)0:5.14.21-150400.24.69.1(aarch64|x86_64)0:5.14.21-150400.24.69.1.150400.24.31.1(noarch)0:2.24.0-150300.3.3.1(aarch64|s390x|x86_64)0:0.7.1-150100.3.12.1(aarch64|s390x|x86_64)0:0.8.6-150100.3.15.1(aarch64|s390x|x86_64)0:1.12.2-150400.18.8.1(aarch64|s390x|x86_64)0:5.26.1-150300.17.14.1(aarch64|s390x|x86_64)0:8.0.1-150400.5.26.1(aarch64|s390x|x86_64)0:4.15.13+git.663.9c654e06cdb-150400.3.28.1(aarch64|s390x|x86_64)0:8.4p1-150300.3.22.1(aarch64|s390x|x86_64)0:1.1.1l-150400.7.48.1(aarch64|s390x|x86_64)0:2.1.7-150400.3.11.1(x86_64)0:1.51.0-150400.4.16.1(aarch64|s390x|x86_64)0:2.52.10-150400.3.6.1(noarch)0:20220509-150400.4.19.1(x86_64)0:0.54.0-150400.3.19.1(aarch64|s390x|x86_64)0:4.5.3-150000.3.6.1(aarch64|s390x|x86_64)0:3006.0-150400.8.37.2(aarch64|s390x|x86_64)0:5.14.21-150400.24.74.1(aarch64|x86_64)0:5.14.21-150400.24.74.1.150400.24.33.3(aarch64|s390x|x86_64)0:1.20.1-150400.3.3.1(aarch64|s390x|x86_64)0:6.2.0-150400.37.20.1(x86_64)0:6.2.0-150400.37.20.1(aarch64)0:6.2.0-150400.37.20.1(noarch)0:1.0.0+-150400.37.20.1(s390x)0:6.2.0-150400.37.20.1(noarch)0:1.15.0_0_g2dd4b9b-150400.37.20.1(noarch)0:8-150400.37.20.1(aarch64|s390x|x86_64)0:5.62-150400.4.16.1(s390x|x86_64)0:3.0.8-150400.4.34.1(aarch64|s390x|x86_64)0:2.1.0-150000.4.6.1(aarch64|s390x|x86_64)0:5.14.21-150400.24.81.1(aarch64|x86_64)0:5.14.21-150400.24.81.1.150400.24.35.3(x86_64)0:5.14.21-150400.15.46.1(aarch64|s390x|x86_64)0:10.39-150400.4.9.1(noarch)0:20220509-150400.4.22.1(aarch64|s390x|x86_64)0:1.19.2-150400.3.6.1(noarch)0:5.0.6-150000.3.3.1(x86_64)0:20230808-150200.27.1(x86_64)0:4.16.5_02-150400.4.31.1(aarch64|s390x|x86_64)0:1.1.1l-150400.7.53.1(x86_64)0:1.2.37-150400.14.3.4(aarch64|s390x|x86_64)0:4.2.1-150000.3.3.1(noarch)0:2.62-150200.30.1(aarch64|s390x|x86_64)0:2.10.4-150000.4.15.1(aarch64|s390x|x86_64)0:2.4.22+git0.f8e3218e2-150400.3.16.1(aarch64|s390x|x86_64)0:3.3.15-150000.7.34.1(x86_64)0:12.2.0-150300.33.1(aarch64|s390x|x86_64)0:24.0.5_ce-150000.185.1(aarch64|s390x|x86_64)0:1.9.0-150000.4.16.1(aarch64|s390x|x86_64)0:73.2-150000.1.3.1(noarch)0:73.2-150000.1.3.1(noarch)0:4.8.1-150400.3.3.1(aarch64|s390x|x86_64)0:4.8.1-150400.3.3.1(aarch64|s390x|x86_64)0:12.3.0+git1204-150000.1.16.1(aarch64|s390x|x86_64)0:2.9.14-150400.5.22.1(aarch64|s390x|x86_64)0:2.2.7-150000.3.51.2(aarch64|s390x|x86_64)0:0.7.1-150100.3.14.1(aarch64|s390x|x86_64)0:0.8.6-150100.3.17.1(aarch64|s390x|x86_64)0:1.6.21-150000.95.1(noarch)0:3.1.26-150300.7.35.21.1(aarch64|s390x|x86_64)0:8.0.1-150400.5.29.1(aarch64|s390x|x86_64)0:3.6.15-150300.10.51.1(x86_64)0:4.16.5_04-150400.4.34.1(x86_64)0:12.3.0-150300.37.1(aarch64|s390x|x86_64)0:3006.0-150400.8.44.1(aarch64|s390x|x86_64)0:1.1.8-150000.49.1(aarch64|s390x|x86_64)0:4.1-150300.24.33.1(aarch64|s390x|x86_64)0:0.5.2-150400.3.6.1(noarch)0:9.0.1894-150000.5.54.1(aarch64|s390x|x86_64)0:9.0.1894-150000.5.54.1(aarch64|s390x|x86_64)0:1.6.5-150000.3.33.1(noarch)0:1.6.5-150000.3.33.1(x86_64)0:5.14.21-150400.15.53.1(aarch64|s390x|x86_64)0:5.14.21-150400.24.88.1(aarch64|x86_64)0:5.14.21-150400.24.88.1.150400.24.40.1(aarch64|s390x|x86_64)0:1.40.0-150200.9.1(aarch64|s390x|x86_64)0:2.1.7-150400.3.14.1(aarch64|s390x|x86_64)0:8.0.1-150400.5.32.1(x86_64)0:4.16.5_06-150400.4.37.1(aarch64|s390x|x86_64)0:6.2.0-150400.37.23.1(x86_64)0:6.2.0-150400.37.23.1(aarch64)0:6.2.0-150400.37.23.1(noarch)0:1.0.0+-150400.37.23.1(s390x)0:6.2.0-150400.37.23.1(noarch)0:1.15.0_0_g2dd4b9b-150400.37.23.1(noarch)0:8-150400.37.23.1(aarch64|s390x|x86_64)0:4.15.13+git.691.3d3cea0641-150400.3.31.1(aarch64|s390x|x86_64)0:5.14.21-150400.24.92.1(aarch64|x86_64)0:5.14.21-150400.24.92.1.150400.24.42.1(aarch64|s390x|x86_64)0:0.22.0-150400.3.6.1(x86_64)0:5.14.21-150400.15.56.1(noarch)0:1.25.10-150300.4.6.1(aarch64|s390x|x86_64)0:2.31-150300.63.1(aarch64|s390x|x86_64)0:0.7.1-150100.3.16.1(aarch64|s390x|x86_64)0:0.8.6-150100.3.20.1(aarch64|s390x|x86_64)0:15.4.18-150400.3.14.1(aarch64|s390x|x86_64)0:2.06-150400.11.38.1(noarch)0:2.06-150400.11.38.1(s390x)0:2.06-150400.11.38.1(aarch64|s390x|x86_64)0:13.2.1+git7813-150000.1.3.3(aarch64|s390x|x86_64)0:3.0.8-150400.4.37.1(aarch64|s390x|x86_64)0:1.11.0-150000.4.19.1(aarch64|s390x|x86_64)0:1.40.0-150200.12.1(aarch64|s390x|x86_64)0:1.2.11-150000.3.48.1(aarch64|s390x|x86_64)0:1.1.16-150400.3.7.1(x86_64)0:12.3.0-150300.43.1(x86_64)0:5.14.21-150400.15.59.1(x86_64)0:0.54.0-150400.3.23.1(aarch64|s390x|x86_64)0:4.0.9-150000.45.32.1(aarch64|s390x|x86_64)0:5.14.21-150400.24.97.1(aarch64|x86_64)0:5.14.21-150400.24.97.1.150400.24.44.2(aarch64|s390x|x86_64)0:3006.0-150400.8.49.2(aarch64|s390x|x86_64)0:3.17.2-150300.3.4.1(x86_64)0:1.51.0-150400.4.20.2(aarch64|x86_64)0:535.129.03-150400.9.12.1(aarch64|x86_64)0:535.129.03_k5.14.21_150400.24.92-150400.9.27.1(x86_64)0:20231113-150200.32.1(noarch)0:1.25.10-150300.4.9.1(x86_64)0:4.16.5_08-150400.4.40.1(x86_64)0:20231114-150200.35.1(aarch64|s390x|x86_64)0:0.8-150400.7.10.1(noarch)0:44.1.1-150400.9.6.1(aarch64|s390x|x86_64)0:1.1.1l-150400.7.60.2(aarch64|s390x|x86_64)0:2.9.14-150400.5.25.1(aarch64|s390x|x86_64)0:1.0.0+git20210816.baa09b5-150400.3.3.1(noarch)0:9.0.2103-150000.5.57.1(aarch64|s390x|x86_64)0:9.0.2103-150000.5.57.1(aarch64|s390x|x86_64)0:4.6.1-150300.3.3.1(aarch64|s390x|x86_64)0:3.44.0-150000.3.23.1(aarch64|s390x|x86_64)0:2.0.21-150000.3.3.1(aarch64|s390x|x86_64)0:2.4.22+git0.f8e3218e2-150400.3.19.1(aarch64|s390x|x86_64)0:3.0.8-150400.4.42.1(aarch64|s390x|x86_64)0:8.0.1-150400.5.36.1(noarch)0:20220509-150400.4.25.1(noarch)0:12.0-150000.8.37.1(x86_64)0:1.51.0-150400.4.23.1(x86_64)0:0.54.0-150400.3.26.1(aarch64|s390x|x86_64)0:1.7.8-150000.103.1(aarch64|s390x|x86_64)0:1.1.10-150000.55.1(x86_64)0:5.14.21-150400.15.62.1(aarch64|s390x|x86_64)0:5.14.21-150400.24.100.2(aarch64|x86_64)0:5.14.21-150400.24.100.2.150400.24.46.2(aarch64|s390x|x86_64)0:3.3.2-150400.23.1(aarch64|s390x|x86_64)0:4.0.9-150000.45.35.1(aarch64|s390x|x86_64)0:6.1-150000.5.20.1(aarch64|s390x|x86_64)0:0.8-150400.7.13.1(aarch64|s390x|x86_64)0:8.4p1-150300.3.27.1(aarch64|s390x|x86_64)0:24.0.7_ce-150000.190.4(aarch64|s390x|x86_64)0:2.4.7-150000.5.13.1(aarch64|s390x|x86_64)0:2.1-150000.3.5.1(aarch64|s390x|x86_64)0:3.7.3-150400.4.38.1(aarch64|s390x|x86_64)0:1.6.5-150000.3.27.1(noarch)0:1.6.5-150000.3.27.1(aarch64|x86_64)0:3.3.2-150400.16.6.1(noarch)0:9.0.1386-150000.5.37.1(aarch64|s390x|x86_64)0:9.0.1386-150000.5.37.1(aarch64|s390x|x86_64)0:20.10.23_ce-150000.175.1(x86_64)0:4.16.3_06-150400.4.25.1(aarch64|s390x|x86_64)0:3.6.15-150300.10.45.1(aarch64|s390x|x86_64)0:6.2.0-150400.37.14.2(x86_64)0:6.2.0-150400.37.14.2(aarch64)0:6.2.0-150400.37.14.2(noarch)0:1.0.0+-150400.37.14.2(s390x)0:6.2.0-150400.37.14.2(noarch)0:1.15.0_0_g2dd4b9b-150400.37.14.2(noarch)0:8-150400.37.14.2(aarch64|s390x|x86_64)0:0.116-150200.3.12.1(aarch64|s390x|x86_64)0:1.19.2-150400.3.9.1(aarch64|s390x|x86_64)0:0.8-150400.7.16.1(aarch64|s390x|x86_64)0:4.4.4-150400.4.22.1(noarch)0:4.4.4-150400.4.22.1(aarch64|s390x|x86_64)0:8.0.0-150400.7.11.2(aarch64|x86_64)0:8.0.0-150400.7.11.2(x86_64)0:4.16.5_14-150400.4.52.1(aarch64|s390x|x86_64)0:2.4.4-150400.3.17.1(aarch64|s390x|x86_64)0:6.1-150000.5.24.1(aarch64|s390x|x86_64)0:1.19.1-150000.3.26.1(x86_64)0:20240312-150200.38.1(aarch64|s390x|x86_64)0:0.7.1-150100.3.18.1(aarch64|s390x|x86_64)0:0.8.6-150100.3.22.3(aarch64|s390x|x86_64)0:8.0.1-150400.5.44.1(aarch64|s390x|x86_64)0:1.40.0-150200.17.1(aarch64|s390x|x86_64)0:2.37.2-150400.8.29.1(aarch64|s390x|x86_64)0:590-150400.3.6.2(x86_64)0:4.16.6_02-150400.4.55.1(aarch64|s390x|x86_64)0:3.7.3-150400.4.44.1(x86_64)0:5.14.21-150400.15.65.1(x86_64)0:5.14.21-150400.15.76.1(noarch)0:5.14.21-150400.15.76.1(aarch64|s390x|x86_64)0:5.14.21-150400.24.116.1(aarch64|x86_64)0:5.14.21-150400.24.116.1.150400.24.54.5(aarch64|s390x|x86_64)0:1.3.0-150000.6.66.1(aarch64|x86_64)0:15.8-150300.4.20.2(aarch64|s390x|x86_64)0:2.31-150300.74.1(aarch64|s390x|x86_64)0:6.2.0-150400.37.29.1(x86_64)0:6.2.0-150400.37.29.1(aarch64)0:6.2.0-150400.37.29.1(noarch)0:1.0.0+-150400.37.29.1(s390x)0:6.2.0-150400.37.29.1(noarch)0:1.15.0_0_g2dd4b9b-150400.37.29.1(noarch)0:8-150400.37.29.1(aarch64|s390x|x86_64)0:0.9.8-150400.3.3.1(aarch64|s390x|x86_64)0:0.22.0-150400.3.9.1(noarch)0:4.5-150400.3.3.1(noarch)0:2.6-150000.3.3.1(aarch64|s390x|x86_64)0:4.14.3-150400.59.16.1(aarch64|s390x|x86_64)0:5.14.21-150400.24.103.1(aarch64|x86_64)0:5.14.21-150400.24.103.1.150400.24.48.1(aarch64|s390x|x86_64)0:2.5.2-150400.4.27.1(aarch64|s390x|x86_64)0:590-150400.3.9.1(aarch64|s390x|x86_64)0:3.1.0-150400.3.6.1(aarch64|s390x|x86_64)0:5.2-150400.6.3.1(aarch64|s390x|x86_64)0:25.1-150400.9.6.1(aarch64|s390x|x86_64)0:5.14.21-150400.24.119.1(aarch64|x86_64)0:5.14.21-150400.24.119.1.150400.24.56.1(x86_64)0:5.14.21-150400.15.79.1(noarch)0:5.14.21-150400.15.79.1(aarch64|s390x|x86_64)0:1.16.0-150400.11.3.1(aarch64|s390x|x86_64)0:5.26.1-150300.17.17.1(x86_64)0:20240514-150200.41.1(aarch64|s390x|x86_64)0:2.70.5-150400.3.11.1(noarch)0:2.10.1-150000.3.13.1(noarch)0:2.25.1-150300.3.9.1(aarch64|s390x|x86_64)0:2.31-150300.83.1(aarch64|s390x|x86_64)0:1.20.1-150400.3.8.2(aarch64|s390x|x86_64)0:3.0.8-150400.4.54.1(aarch64|s390x|x86_64)0:1.1.1l-150400.7.66.2(aarch64|s390x|x86_64)0:2.2.7-150000.3.59.1(aarch64|x86_64)0:550.90.07-150400.9.33.1(aarch64|x86_64)0:550.90.07_k5.14.21_150400.24.119-150400.9.62.1(x86_64)0:5.14.21-150400.15.82.1(noarch)0:5.14.21-150400.15.82.1(aarch64|s390x|x86_64)0:4.0.9-150000.45.44.1(aarch64|s390x|x86_64)0:5.62-150400.4.19.1(aarch64|s390x|x86_64)0:2.42.12-150400.5.9.1(aarch64|s390x|x86_64)0:3.0.8-150400.4.57.1(aarch64|s390x|x86_64)0:1.1.1l-150400.7.69.1(aarch64|s390x|x86_64)0:4.9.5-150400.4.27.1(aarch64|s390x|x86_64)0:1.7.17-150000.111.3(aarch64|s390x|x86_64)0:3.5.1-150400.3.15.1(aarch64|s390x|x86_64)0:5.14.21-150400.24.122.2(aarch64|x86_64)0:5.14.21-150400.24.122.2.150400.24.58.2(aarch64|s390x|x86_64)0:4.9.5-150400.4.30.1(aarch64|s390x|x86_64)0:2.9.14-150400.5.32.1(aarch64|s390x|x86_64)0:1.6-150000.3.3.1(aarch64|s390x|x86_64)0:1.19.2-150400.3.12.1(aarch64|s390x|x86_64)0:2.13-150400.3.3.1(x86_64)0:5.14.21-150400.15.85.1(noarch)0:5.14.21-150400.15.85.1(aarch64|s390x|x86_64)0:6.7.0-150000.3.6.1(aarch64|s390x|x86_64)0:3.6.15-150300.10.65.1(aarch64|s390x|x86_64)0:3.6.15-150300.10.65.2(aarch64|s390x|x86_64)0:251.3-150400.6.7.1(noarch)0:251.3-150400.6.7.1(aarch64|s390x|x86_64)0:5.14.21-150400.24.125.1(aarch64|x86_64)0:5.14.21-150400.24.125.1.150400.24.60.1(noarch)0:1.15.0-150000.3.5.1(noarch)0:4.8.1-150400.3.9.1(aarch64|s390x|x86_64)0:4.8.1-150400.3.9.1(aarch64|s390x|x86_64)0:2.24.33-150400.4.3.1(noarch)0:3.24.34-150400.3.9.1(aarch64|s390x|x86_64)0:3.24.34-150400.3.9.1(noarch)0:1.25.10-150300.4.12.1(aarch64|s390x|x86_64)0:0.4.28-150000.3.6.1(x86_64)0:4.16.5_12-150400.4.46.1(aarch64|s390x|x86_64)0:3.101.2-150400.3.48.1(noarch)0:4.8.1-150400.3.12.1(aarch64|s390x|x86_64)0:4.8.1-150400.3.12.1(noarch)0:2.68-150200.33.1(x86_64)0:5.14.21-150400.15.88.1(noarch)0:5.14.21-150400.15.88.1(aarch64|s390x|x86_64)0:1.1.1l-150400.7.72.1(aarch64|s390x|x86_64)0:5.14.21-150400.24.128.1(aarch64|x86_64)0:5.14.21-150400.24.128.1.150400.24.62.1(aarch64|s390x|x86_64)0:3.0.8-150400.4.60.1(aarch64|s390x|x86_64)0:1.1.11-150000.58.1(noarch)0:20220509-150400.4.28.1(aarch64|s390x|x86_64)0:2.2.2-150400.3.10.1(aarch64|s390x|x86_64)0:2.13-150400.3.6.1(noarch)0:44.1.1-150400.9.9.1(aarch64|s390x|x86_64)0:8.0.1-150400.5.47.1(aarch64|s390x|x86_64)0:2.70.5-150400.3.14.1(x86_64)0:20240813-150200.44.1(aarch64|s390x|x86_64)0:3.0.8-150400.4.63.1(aarch64|s390x|x86_64)0:4.0.9-150000.45.47.1(aarch64|s390x|x86_64)0:25.0.6_ce-150000.207.1(aarch64|s390x|x86_64)0:249.17-150400.8.43.1(aarch64|s390x|x86_64)0:1.10.1-150400.3.3.2(aarch64|s390x|x86_64)0:8.0.1-150400.5.50.1(aarch64|s390x|x86_64)0:2.4.4-150400.3.22.1(aarch64|s390x|x86_64)0:1.7.21-150000.117.1(aarch64|s390x|x86_64)0:1.1.14-150000.70.1(x86_64)0:5.14.21-150400.15.91.3(noarch)0:5.14.21-150400.15.91.3(noarch)0:1.15.0-150000.3.10.2(x86_64)0:20240910-150200.47.1(aarch64|s390x|x86_64)0:6.2.0-150400.37.34.1(x86_64)0:6.2.0-150400.37.34.1(aarch64)0:6.2.0-150400.37.34.1(noarch)0:1.0.0+-150400.37.34.1(s390x)0:6.2.0-150400.37.34.1(noarch)0:1.15.0_0_g2dd4b9b-150400.37.34.1(noarch)0:8-150400.37.34.1(x86_64)0:5.14.21-150400.15.94.1(noarch)0:5.14.21-150400.15.94.1(aarch64|s390x|x86_64)0:5.14.21-150400.24.133.2(aarch64|x86_64)0:5.14.21-150400.24.133.2.150400.24.64.5(x86_64)0:4.16.6_04-150400.4.62.1(aarch64|s390x|x86_64)0:0.22.0-150400.3.12.1(aarch64|s390x|x86_64)0:3.6.15-150300.10.72.1(aarch64|s390x|x86_64)0:3.0.8-150400.4.66.1(aarch64|s390x|x86_64)0:21.2.4-150400.68.15.1(aarch64|s390x|x86_64)0:5.14.21-150400.24.136.1(aarch64|x86_64)0:5.14.21-150400.24.136.1.150400.24.66.1(x86_64)0:5.14.21-150400.15.97.1(noarch)0:5.14.21-150400.15.97.1(aarch64|s390x|x86_64)0:25.1-150400.9.10.1(aarch64|s390x|x86_64)0:3.0.8-150400.4.69.1(aarch64|s390x|x86_64)0:1.1.1l-150400.7.75.1(aarch64|s390x|x86_64)0:3.6.15-150300.10.75.1(aarch64|s390x|x86_64)0:8.0.1-150400.5.56.1(aarch64|s390x|x86_64)0:2.4.4-150400.3.25.1(x86_64)0:20241112-150200.50.1(aarch64|s390x|x86_64)0:2.70.5-150400.3.17.1(x86_64)0:5.14.21-150400.15.100.1(noarch)0:5.14.21-150400.15.100.1(x86_64)0:4.16.6_06-150400.4.65.1(aarch64|s390x|x86_64)0:5.14.21-150400.24.141.1(aarch64|x86_64)0:5.14.21-150400.24.141.1.150400.24.68.2(aarch64|s390x|x86_64)0:3.6.15-150300.10.78.1(aarch64|s390x|x86_64)0:1.8.0.0-150400.14.6.1(aarch64|s390x|x86_64)0:6.2.0-150400.37.37.3(x86_64)0:6.2.0-150400.37.37.3(aarch64)0:6.2.0-150400.37.37.3(noarch)0:1.0.0+-150400.37.37.3(s390x)0:6.2.0-150400.37.37.3(noarch)0:1.15.0_0_g2dd4b9b-150400.37.37.3(noarch)0:8-150400.37.37.3(x86_64)0:5.14.21-150400.15.103.1(noarch)0:5.14.21-150400.15.103.1(aarch64|s390x|x86_64)0:5.14.21-150400.24.144.1(aarch64|x86_64)0:5.14.21-150400.24.144.1.150400.24.70.1(aarch64|s390x|x86_64)0:2.74.2-150400.3.3.1(noarch)0:16.57.26-150400.3.4.1(aarch64|s390x|x86_64)0:8.0.1-150400.5.59.1(aarch64|s390x|x86_64)0:26.1.5_ce-150000.212.1(aarch64|s390x|x86_64)0:0.8-150400.7.20.1(noarch)0:12.0-150000.8.40.1(aarch64|s390x|x86_64)0:13.2.1+git7813-150000.1.6.1(aarch64|s390x|x86_64)0:1.1.12-150000.61.2(x86_64)0:5.14.21-150400.15.68.1(aarch64|s390x|x86_64)0:3006.0-150400.8.54.1(aarch64|s390x|x86_64)0:5.14.21-150400.24.108.1(aarch64|x86_64)0:5.14.21-150400.24.108.1.150400.24.50.2(aarch64|s390x|x86_64)0:3.0.8-150400.4.49.1(aarch64|s390x|x86_64)0:1.11.0-150000.4.25.1(aarch64|s390x|x86_64)0:20230802.1-150400.10.4.1(aarch64|s390x|x86_64)0:25.1-150400.9.3.1(aarch64|s390x|x86_64)0:3.6.15-150300.10.54.1(aarch64|s390x|x86_64)0:24.0.7_ce-150000.193.1(aarch64|s390x|x86_64)0:4.0.9-150000.45.38.1(aarch64|s390x|x86_64)0:8.4p1-150300.3.30.1(aarch64|s390x|x86_64)0:3.90.2-150400.3.39.1(aarch64|s390x|x86_64)0:1.11.0-150000.4.22.1(aarch64|s390x|x86_64)0:2.9.14-150400.5.28.1(aarch64|s390x|x86_64)0:3.7.3-150400.4.41.3(aarch64|s390x|x86_64)0:1.34-150000.3.34.1(aarch64|x86_64)0:550.54.14-150400.9.21.1(aarch64|x86_64)0:550.54.14_k5.14.21_150400.24.108-150400.9.50.1(aarch64|s390x|x86_64)0:2.9-150000.4.39.1(aarch64|s390x|x86_64)0:1.1.1l-150400.7.63.1(aarch64|s390x|x86_64)0:2.31-150300.68.1(noarch)0:9.1.0111-150000.5.60.1(aarch64|s390x|x86_64)0:9.1.0111-150000.5.60.1(aarch64|s390x|x86_64)0:1.9.9-150400.4.36.1(aarch64|s390x|x86_64)0:5.14.21-150400.24.111.2(aarch64|x86_64)0:5.14.21-150400.24.111.2.150400.24.52.1(aarch64|s390x|x86_64)0:3.6.15-150300.10.57.1(x86_64)0:4.16.5_14-150400.4.49.1(noarch)0:4.8.1-150400.3.6.1(aarch64|s390x|x86_64)0:4.8.1-150400.3.6.1(aarch64|s390x|x86_64)0:4.0.9-150000.45.41.1(x86_64)0:5.14.21-150400.15.71.1(noarch)0:5.14.21-150400.15.71.1(noarch)0:2.10.1-150000.3.21.1(aarch64|s390x|x86_64)0:5.14.21-150400.24.158.1(aarch64|x86_64)0:5.14.21-150400.24.158.1.150400.24.78.1(aarch64|s390x|x86_64)0:4.9.5-150400.4.44.1(aarch64|s390x|x86_64)0:3.6.15-150300.10.84.1(aarch64|s390x|x86_64)0:27.5.1_ce-150000.218.1(aarch64|s390x|x86_64)0:1.1.34-150400.3.6.1(x86_64)0:5.14.21-150400.15.115.1(noarch)0:5.14.21-150400.15.115.1(aarch64|s390x|x86_64)0:3.0.4-150400.5.12.2(aarch64|s390x|x86_64)0:5.14.21-150400.24.161.1(aarch64|x86_64)0:5.14.21-150400.24.161.1.150400.24.80.1(aarch64|s390x|x86_64)0:2.7.1-150400.3.28.1(aarch64|s390x|x86_64)0:1.3.0-150000.6.76.1(aarch64|s390x|x86_64)0:2.4.22+git0.f8e3218e2-150400.3.22.1(aarch64|s390x|x86_64)0:1.7.27-150000.123.1(aarch64|s390x|x86_64)0:60.9.0-150200.6.3.1(aarch64|s390x|x86_64)0:6.15-150400.3.12.1(aarch64|s390x|x86_64)0:1.12.0-150400.3.8.1(aarch64|s390x|x86_64)0:2.9.14-150400.5.41.1(aarch64|s390x|x86_64)0:3.49.1-150000.3.27.1(aarch64|s390x|x86_64)0:2.74.2-150400.3.6.1(aarch64|s390x|x86_64)0:3.0.4-150400.5.18.1(x86_64)0:5.14.21-150400.15.118.1(noarch)0:5.14.21-150400.15.118.1(aarch64|s390x|x86_64)0:8.4p1-150300.3.49.1(noarch)0:6.4-150400.4.8.1(aarch64|s390x|x86_64)0:2.70.5-150400.3.20.1(aarch64|s390x|x86_64)0:5.14.21-150400.24.164.1(aarch64|x86_64)0:5.14.21-150400.24.164.1.150400.24.82.1(s390x)0:2.31.0-150400.7.31.1(noarch)0:2.31.0-150400.7.31.1(aarch64|s390x|x86_64)0:3.2.3-150400.3.17.1(x86_64)0:20250512-150200.56.1(x86_64)0:12.5.2-150300.58.1(aarch64|s390x|x86_64)0:4.5.3-150000.3.10.1(aarch64|s390x|x86_64)0:20211215-150400.3.19.1(aarch64|s390x|x86_64)0:2.31-150300.95.1(noarch)0:44.1.1-150400.9.12.1(aarch64|s390x|x86_64)0:2.74.2-150400.3.9.1(aarch64|s390x|x86_64)0:12.0.2-150000.3.37.1(x86_64)0:5.14.21-150400.15.121.1(noarch)0:5.14.21-150400.15.121.1(noarch)0:2.25.1-150300.3.15.1(aarch64|s390x|x86_64)0:1.2.0-150400.4.5.1(aarch64|s390x|x86_64)0:1.3.0-150000.6.83.1(aarch64|s390x|x86_64)0:4.6.2-150000.5.8.1(aarch64|s390x|x86_64)0:5.26.1-150300.17.20.1(aarch64|s390x|x86_64)0:5.14.21-150400.24.147.1(aarch64|x86_64)0:5.14.21-150400.24.147.1.150400.24.72.1(aarch64|s390x|x86_64)0:0.6.10-150100.3.11.1(aarch64|s390x|x86_64)0:2.15.0-150400.4.11.1(aarch64|s390x|x86_64)0:2.26-150400.3.5.1(aarch64|s390x|x86_64)0:65.1-150200.4.15.1(noarch)0:65.1-150200.4.15.1(aarch64|s390x|x86_64)0:1.1-150200.3.14.1(aarch64|s390x|x86_64)0:4.9.5-150400.4.47.2(aarch64|s390x|x86_64)0:1.9.9-150400.4.39.1(aarch64|s390x|x86_64)0:1.2.6-150000.73.2(noarch)0:9.1.1406-150000.5.75.1(aarch64|s390x|x86_64)0:9.1.1406-150000.5.75.1(aarch64|s390x|x86_64)0:5.14.21-150400.24.167.1(aarch64|x86_64)0:5.14.21-150400.24.167.1.150400.24.84.1(aarch64|s390x|x86_64)0:0.9.8-150400.3.9.1(aarch64|s390x|x86_64)0:28.2.2_ce-150000.227.1(aarch64|s390x|x86_64)0:25.1-150400.9.16.1(x86_64)0:5.14.21-150400.15.106.1(noarch)0:5.14.21-150400.15.106.1(x86_64)0:5.14.21-150400.15.124.1(noarch)0:5.14.21-150400.15.124.1(x86_64)0:4.16.7_02-150400.4.72.1(aarch64|s390x|x86_64)0:2.9.14-150400.5.44.1(aarch64|s390x|x86_64)0:8.32-150400.9.9.1(aarch64|s390x|x86_64)0:2.70.5-150400.3.23.1(aarch64|s390x|x86_64)0:1.6-150000.3.6.1(aarch64|s390x|x86_64)0:20211215-150400.3.22.1(aarch64|s390x|x86_64)0:1.9.4-150400.6.11.1(aarch64|s390x|x86_64)0:1.20.1-150400.3.14.1(aarch64|s390x|x86_64)0:3006.0-150400.8.80.1(aarch64|s390x|x86_64)0:0.116-150200.3.15.1(noarch)0:1.66.0-150200.12.7.1(aarch64|s390x|x86_64)0:1.66.0-150200.12.7.1(aarch64|s390x|x86_64)0:5.14.21-150400.24.170.2(aarch64|x86_64)0:5.14.21-150400.24.170.2.150400.24.86.2(aarch64|s390x|x86_64)0:3.7.3-150400.4.50.1(aarch64|x86_64)0:565.57.01-150400.89.1(aarch64|x86_64)0:565.57.01_k5.14.21_150400.24.170-150400.89.1(aarch64|x86_64)0:550.144.03_k5.14.21_150400.24.170-150400.89.1(aarch64|s390x|x86_64)0:2.9.14-150400.5.47.1(aarch64|s390x|x86_64)0:4.9.5-150400.4.35.1(aarch64|s390x|x86_64)0:3.50.2-150000.3.33.1(aarch64|s390x|x86_64)0:249.17-150400.8.49.2(aarch64|s390x|x86_64)0:1.16.0-150400.11.6.1(aarch64|s390x|x86_64)0:3.5.1-150400.3.21.1(aarch64|s390x|x86_64)0:2.06-150400.11.63.1(noarch)0:2.06-150400.11.63.1(s390x)0:2.06-150400.11.63.1(aarch64|s390x|x86_64)0:1.19.0.4-150000.4.7.1(aarch64|s390x|x86_64)0:3.6.15-150300.10.97.1(aarch64|s390x|x86_64)0:3.6.15-150300.10.97.2(aarch64|s390x|x86_64)0:4.9.5-150400.4.50.1(aarch64|s390x|x86_64)0:0.2.7+141-150400.3.5.1(aarch64|s390x|x86_64)0:4.0.9-150000.45.50.1(aarch64|s390x|x86_64)0:5.14.21-150400.24.173.1(aarch64|x86_64)0:5.14.21-150400.24.173.1.150400.24.88.1(x86_64)0:5.14.21-150400.15.127.1(noarch)0:5.14.21-150400.15.127.1(noarch)0:2.10.1-150000.3.18.1(aarch64|s390x|x86_64)0:28.3.3_ce-150000.230.1(aarch64|s390x|x86_64)0:1.6-150000.3.9.1(aarch64|s390x|x86_64)0:0.2.8+12-150400.3.8.1(aarch64|s390x|x86_64)0:2.42.12-150400.5.14.1(aarch64|s390x|x86_64)0:1.3.0-150000.6.86.1(noarch)0:1.25.10-150300.4.18.1(aarch64|s390x|x86_64)0:2.9.2-150400.3.11.1(noarch)0:0.18.2-150300.3.6.1(x86_64)0:20250812-150200.59.1(aarch64|s390x|x86_64)0:2.74.2-150400.3.12.1(noarch)0:3.0.0-150000.3.28.1(noarch)0:5.0.0-150000.3.38.1(noarch)0:5.0.0-150000.4.18.1(aarch64|s390x|x86_64)0:2.15.0-150400.4.5.1(noarch)0:9.1.1629-150000.5.78.1(aarch64|s390x|x86_64)0:9.1.1629-150000.5.78.1(aarch64|s390x|x86_64)0:2.0+git20170221.479bb4a-150000.5.13.1(aarch64|s390x|x86_64)0:2.2.7-150000.3.72.1(aarch64|s390x|x86_64)0:8.14.1-150400.5.69.1(aarch64|s390x|x86_64)0:1.0.7-150200.3.5.1(aarch64|s390x|x86_64)0:5.62-150400.4.22.1(aarch64|s390x|x86_64)0:1.16.0-150400.11.9.1(aarch64|s390x|x86_64)0:5.14.21-150400.24.176.1(aarch64|x86_64)0:5.14.21-150400.24.176.1.150400.24.90.1(aarch64|s390x|x86_64)0:0.8-150400.7.23.1(aarch64|s390x|x86_64)0:4.0.9-150000.45.55.1(x86_64)0:5.14.21-150400.15.130.1(noarch)0:5.14.21-150400.15.130.1(aarch64|s390x|x86_64)0:3.2.3-150400.3.20.1(aarch64|s390x|x86_64)0:2.9.14-150400.5.35.1(aarch64|x86_64)0:580.82.07-150400.98.1(aarch64|x86_64)0:580.82.07_k5.14.21_150400.24.173-150400.98.1(aarch64|s390x|x86_64)0:1.19.2-150400.3.15.1(x86_64)0:13.0.0-150300.64.1(aarch64|s390x|x86_64)0:1.1.1l-150400.7.84.1(aarch64|s390x|x86_64)0:3.0.8-150400.4.75.1(aarch64|s390x|x86_64)0:0.4.28-150000.3.9.1(aarch64|s390x|x86_64)0:1.1.1l-150400.7.78.1(aarch64|s390x|x86_64)0:4.9.5-150400.4.53.1(aarch64|s390x|x86_64)0:2.4.22+git0.f8e3218e2-150400.3.25.1(aarch64|s390x|x86_64)0:4.15.13+git.736.b791be993ba-150400.3.40.1(aarch64|s390x|x86_64)0:2.7.1-150400.3.31.1(aarch64|s390x|x86_64)0:5.14.21-150400.24.179.1(aarch64|x86_64)0:5.14.21-150400.24.179.1.150400.24.92.1(aarch64|s390x|x86_64)0:8.0.1-150400.5.62.1(x86_64)0:5.14.21-150400.15.133.1(noarch)0:5.14.21-150400.15.133.1(aarch64|s390x|x86_64)0:3.9.2-150200.4.27.1(aarch64|s390x|x86_64)0:1.19.2-150400.3.18.1(aarch64|x86_64)0:5.9.0.git21.a73f509-150400.3.3.1(noarch)0:5.9.0.git21.a73f509-150400.3.3.1(aarch64|s390x|x86_64)0:0.9.8-150400.3.12.1(aarch64|s390x|x86_64)0:4.1-150400.21.8.1(noarch)0:4.1-150400.21.8.1(aarch64|s390x|x86_64)0:3.112.2-150400.3.60.1(x86_64)0:4.16.7_04-150400.4.75.1(aarch64|s390x|x86_64)0:1.1.34-150400.3.13.1(aarch64|s390x|x86_64)0:3.0.8-150400.4.72.1(aarch64|s390x|x86_64)0:1.4.5-150400.4.9.1(aarch64|s390x|x86_64)0:4.0.9-150000.45.60.1(aarch64|s390x|x86_64)0:1.2.7-150000.80.1(aarch64|s390x|x86_64)0:2.2.27-150300.3.13.1(aarch64|s390x|x86_64)0:1.3.3-150000.85.1(aarch64|s390x|x86_64)0:4.9.5-150400.4.59.2(aarch64|s390x|x86_64)0:0.185-150400.5.8.3(aarch64|s390x|x86_64)0:5.14.21-150400.24.184.1(aarch64|x86_64)0:5.14.21-150400.24.184.1.150400.24.94.2(aarch64|s390x|x86_64)0:8.4p1-150300.3.57.1(aarch64|s390x|x86_64)0:2.9.14-150400.5.50.1(x86_64)0:5.14.21-150400.15.136.1(noarch)0:5.14.21-150400.15.136.1(aarch64|s390x|x86_64)0:4.9.5-150400.4.62.1(aarch64|s390x|x86_64)0:2.5.2-150400.4.40.1(aarch64|s390x|x86_64)0:2.06-150400.11.66.1(noarch)0:2.06-150400.11.66.1(s390x)0:2.06-150400.11.66.1(aarch64|s390x|x86_64)0:1.7.29-150000.128.1(aarch64|s390x|x86_64)0:2.2.7-150000.3.77.1(aarch64|s390x|x86_64)0:8.14.1-150400.5.72.1(aarch64|s390x|x86_64)0:2.2.7-150000.3.80.1(aarch64|s390x|x86_64)0:6.2.0-150400.37.40.1(x86_64)0:6.2.0-150400.37.40.1(aarch64)0:6.2.0-150400.37.40.1(noarch)0:1.0.0+-150400.37.40.1(s390x)0:6.2.0-150400.37.40.1(noarch)0:1.15.0_0_g2dd4b9b-150400.37.40.1(noarch)0:8-150400.37.40.1(aarch64|s390x|x86_64)0:2.70.5-150400.3.26.1(aarch64|s390x|x86_64)0:3.6.15-150300.10.100.1(aarch64|s390x|x86_64)0:2.52.12-150400.3.9.1(aarch64|s390x|x86_64)0:2.2.7-150000.3.83.1(aarch64|s390x|x86_64)0:1.6.34-150000.3.12.1(aarch64|s390x|x86_64)0:3006.0-150400.8.91.1(aarch64|s390x|x86_64)0:2.70.5-150400.3.29.1(aarch64|s390x|x86_64)0:3.7.3-150400.4.53.1(noarch)0:202202-150400.5.15.1(aarch64|s390x|x86_64)0:4.13-150000.4.11.1(aarch64|s390x|x86_64)0:3.6.15-150300.10.81.1(x86_64)0:5.14.21-150400.15.109.1(noarch)0:5.14.21-150400.15.109.1(aarch64|s390x|x86_64)0:2.31-150300.92.1(aarch64|s390x|x86_64)0:5.14.21-150400.24.150.1(aarch64|x86_64)0:5.14.21-150400.24.150.1.150400.24.74.1(aarch64|s390x|x86_64)0:4.9.5-150400.4.38.1(aarch64|s390x|x86_64)0:2.06-150400.11.55.2(noarch)0:2.06-150400.11.55.2(s390x)0:2.06-150400.11.55.2(x86_64)0:20250211-150200.53.1(aarch64|s390x|x86_64)0:8.4p1-150300.3.42.1(aarch64|s390x|x86_64)0:1.20.1-150400.3.11.1(noarch)0:202202-150400.5.18.1(aarch64|s390x|x86_64)0:2.90-150400.16.3.1(aarch64|s390x|x86_64)0:0.6.10-150100.3.6.1(noarch)0:9.1.1101-150000.5.69.1(aarch64|s390x|x86_64)0:9.1.1101-150000.5.69.1(aarch64|s390x|x86_64)0:3.3.17-150000.7.42.1(aarch64|s390x|x86_64)0:2.9.14-150400.5.38.1(aarch64|s390x|x86_64)0:1.6.5-150000.3.36.1(noarch)0:1.6.5-150000.3.36.1(aarch64)0:2021.10-150400.4.14.1(aarch64|s390x|x86_64)0:3.7.3-150400.4.47.1(aarch64|s390x|x86_64)0:27.5.1_ce-150000.215.3(aarch64|s390x|x86_64)0:4.9.5-150400.4.41.1(aarch64|s390x|x86_64)0:0.44.0-150400.13.1(aarch64|s390x|x86_64)0:5.14.21-150400.24.153.1(aarch64|x86_64)0:5.14.21-150400.24.153.1.150400.24.76.1(x86_64)0:5.14.21-150400.15.112.1(noarch)0:5.14.21-150400.15.112.1(aarch64|s390x|x86_64)0:3.5.1-150400.3.18.1(aarch64|s390x|x86_64)0:2.10.4-150000.4.18.1(aarch64|s390x|x86_64)0:3006.0-150400.8.94.2(aarch64|s390x|x86_64)0:249.17-150400.8.55.1(aarch64|s390x|x86_64)0:3.51.3-150000.3.39.1(noarch)0:1.25.10-150300.4.24.1(aarch64|s390x|x86_64)0:3.6.15-150300.10.109.1(noarch)0:9.2.0110-150000.5.86.1(aarch64|s390x|x86_64)0:9.2.0110-150000.5.86.1(aarch64|s390x|x86_64)0:1.7.29-150000.130.1(x86_64)0:5.14.21-150400.15.145.1(noarch)0:5.14.21-150400.15.145.1(noarch)0:0.4.2-150000.3.16.1(aarch64|s390x|x86_64)0:2.7.1-150400.3.37.1(aarch64|s390x|x86_64)0:4.5.3-150000.3.19.1(aarch64|s390x|x86_64)0:1.34-150000.3.37.1(aarch64|s390x|x86_64)0:2.74.2-150400.3.34.1(aarch64|s390x|x86_64)0:2.15.0-150400.4.14.1(aarch64|s390x|x86_64)0:3.0.8-150400.4.81.1(aarch64|s390x|x86_64)0:1.40.0-150200.22.1(aarch64|s390x|x86_64)0:4.9.5-150400.4.65.2(aarch64|s390x|x86_64)0:1.1.1l-150400.7.90.1(noarch)0:202202-150400.5.21.1(aarch64|s390x|x86_64)0:2.2.27-150300.3.16.1(noarch)0:20220509-150400.4.31.1(aarch64|s390x|x86_64)0:4.5.3-150000.3.13.1(aarch64|s390x|x86_64)0:1.0.18-150000.4.11.1(aarch64|s390x|x86_64)0:4.13-150000.4.14.1(aarch64|s390x|x86_64)0:5.9.4-150300.15.21.1(aarch64|s390x|x86_64)0:2.74.2-150400.3.19.1(aarch64|s390x|x86_64)0:3.6.15-150300.10.103.1(aarch64|s390x|x86_64)0:5.14.21-150400.24.187.3(aarch64|x86_64)0:5.14.21-150400.24.187.3.150400.24.96.3(aarch64|s390x|x86_64)0:3.0.8-150400.4.78.1(x86_64)0:5.14.21-150400.15.139.2(noarch)0:5.14.21-150400.15.139.1(aarch64|s390x|x86_64)0:1.1.1l-150400.7.87.1(aarch64|s390x|x86_64)0:1.0.18-150000.4.14.1(aarch64|s390x|x86_64)0:8.0.0-150400.7.14.1(aarch64|x86_64)0:8.0.0-150400.7.14.1(x86_64)0:4.16.7_06-150400.4.78.1(aarch64|s390x|x86_64)0:3.2.3-150400.3.26.1(x86_64)0:5.14.21-150400.15.142.1(noarch)0:5.14.21-150400.15.142.1(aarch64|s390x|x86_64)0:6.2.0-150400.37.46.1(x86_64)0:6.2.0-150400.37.46.1(aarch64)0:6.2.0-150400.37.46.1(noarch)0:1.0.0+-150400.37.46.1(s390x)0:6.2.0-150400.37.46.1(noarch)0:1.15.0_0_g2dd4b9b-150400.37.46.1(noarch)0:8-150400.37.46.1(noarch)0:0.4.2-150000.3.13.1(aarch64|s390x|x86_64)0:3.51.2-150000.3.36.1(aarch64|s390x|x86_64)0:6.2.0-150400.37.49.1(x86_64)0:6.2.0-150400.37.49.1(aarch64)0:6.2.0-150400.37.49.1(noarch)0:1.0.0+-150400.37.49.1(s390x)0:6.2.0-150400.37.49.1(noarch)0:1.15.0_0_g2dd4b9b-150400.37.49.1(noarch)0:8-150400.37.49.1(aarch64|s390x|x86_64)0:60.9.0-150200.6.8.1(noarch)0:1.25.10-150300.4.21.1(aarch64|s390x|x86_64)0:0.2.8+116-150400.3.11.1(aarch64|s390x|x86_64)0:2.70.5-150400.3.34.1(aarch64|x86_64)0:580.126.09-150400.107.1(aarch64|x86_64)0:580.126.09_k5.14.21_150400.24.187-150400.107.1(aarch64|s390x|x86_64)0:2.74.2-150400.3.26.1(aarch64|s390x|x86_64)0:8.14.1-150400.5.77.1(aarch64|s390x|x86_64)0:2.37.2-150400.8.38.1(aarch64|s390x|x86_64)0:25.1-150400.9.19.1(aarch64|s390x|x86_64)0:1.10.1-150400.3.9.1(aarch64|s390x|x86_64)0:0.8-150400.7.26.1(aarch64|s390x|x86_64)0:1.6.34-150000.3.19.1(aarch64|s390x|x86_64)0:2.9.14-150400.5.55.1(aarch64|s390x|x86_64)0:5.14.21-150400.24.194.1(aarch64|x86_64)0:5.14.21-150400.24.194.1.150400.24.98.3(aarch64|s390x|x86_64)0:3.9.2-150200.4.30.1(aarch64|s390x|x86_64)0:3.6.15-150300.10.106.1(aarch64|s390x|x86_64)0:28.5.1_ce-150000.241.2(aarch64|s390x|x86_64)0:0.29.0-150000.241.2(x86_64)0:20260210-150200.62.1(aarch64|s390x|x86_64)0:2.2.27-150300.3.19.1(aarch64|x86_64)0:16.1-150300.4.31.3(aarch64|s390x|x86_64)0:1.1.34-150400.3.16.1(aarch64|s390x|x86_64)0:3.112.3-150400.3.63.1(s390x)0:3.17.0-150400.4.11.1(aarch64|s390x|x86_64)0:2.7.1-150400.3.34.1(aarch64|s390x|x86_64)0:2.74.2-150400.3.31.1(aarch64|s390x|x86_64)0:4.5.3-150000.3.16.1(aarch64|s390x|x86_64)0:3.7.3-150400.4.56.1(aarch64|s390x|x86_64)0:2.31-150300.98.1(aarch64|s390x|x86_64)0:8.14.1-150400.5.80.1(aarch64|s390x|x86_64)0:1.6-150000.3.12.1(aarch64|s390x|x86_64)0:1.3.4-150000.90.1(aarch64|s390x|x86_64)0:28.5.1_ce-150000.243.1(aarch64|s390x|x86_64)0:0.29.0-150000.243.1(aarch64|s390x|x86_64)0:2.37.2-150400.8.41.1(aarch64|s390x|x86_64)0:5.14.21-150400.24.197.1(aarch64|x86_64)0:5.14.21-150400.24.197.1.150400.24.100.1