Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 4 articles for you...
100
security advisorysecurity issueimportantSUSE: 2024:3151-1 Important: Buildah Security Fixes for Containers
* bsc#1221243 * bsc#1221677 * bsc#1224117 Cross-References: . # Security update for buildah Announcement ID: SUSE-SU-2024:3151-1 Rating: important References: * bsc#1221243 * bsc#1221677 * bsc#1224117 Cross-References: * CVE-2024-1753 * CVE-2024-24786 * CVE-2024-28180 * CVE-2024-3727 CVSS scores: * CVE-2024-1753 ( SUSE ): 8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H * CVE-2024-24786 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-3727 ( SUSE ): 8.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H Affected Products: * Containers Module 15-SP5 * Containers Module 15-SP6 * openSUSE Leap 15.5 * openSUSE Leap 15.6 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves four vulnerabilities can now be installed. ## Description: This update for buildah fixes the following issues: Update to version 1.35.4: * Bump to Buildah v1.35.4 * CVE-2024-3727 updates (bsc#1224117) * integration test: handle new labels in "bud and test --unsetlabel" * Bump go-jose CVE-2024-28180 * Bump ocicrypt and go-jose CVE-2024-28180 Update to version 1.35.3: * correctly configure /etc/hosts and resolv.conf * buildah: refactor resolv/hosts setup. * CVE-2024-24786 protobuf to 1.33 Update to version 1.35.1: * CVE-2024-1753 container escape fix (bsc#1221677) * Buildah dropped cni support, require netavark instead (bsc#1221243) * Remove obsolete requires libcontainers-image & libcontainers-storage * Require passt for rootless networking (poo#156955) Buildah moved to passt/pasta for rootless networking from slirp4netns (https://github.com/containers/common/pull/1846) Update to version 1.35.0: * Bump c/commonv0.58.0, c/image v5.30.0, c/storage v1.53.0 * conformance tests: don't break on trailing zeroes in layer blobs * Add a conformance test for copying to a mounted prior stage * cgroups: reuse version check from c/common * Update vendor of containers/(common,image) * manifest add: complain if we get artifact flags without --artifact * Use retry logic from containers/common * Vendor in containers/(storage,image,common) * Update module golang.org/x/crypto to v0.20.0 * Add comment re: Total Success task name * tests: skip_if_no_unshare(): check for --setuid * Properly handle build --pull=false * [skip-ci] Update tim-actions/get-pr-commits action to v1.3.1 * Update module go.etcd.io/bbolt to v1.3.9 * Revert "Reduce official image size" * Update module github.com/opencontainers/image-spec to v1.1.0 * Reduce official image size * Build with CNI support on FreeBSD * build --all-platforms: skip some base "image" platforms * Bump main to v1.35.0-dev * Vendor in latest containers/(storage,image,common) * Split up error messages for missing --sbom related flags * `buildah manifest`: add artifact-related options * cmd/buildah/manifest.go: lock lists before adding/annotating/pushing * cmd/buildah/manifest.go: don't make struct declarations aliases * Use golang.org/x/exp/slices.Contains * Disable loong64 again * Fix a couple of typos in one-line comments * egrep is obsolescent; use grep -E * Try Cirrus with a newer VM version * Set CONTAINERS_CONF in the chroot-mount-flags integration test * Update to match dependency API update * Update github.com/openshift/imagebuilder and containers/common * docs: correct default authfile path * tests: retrofit test for heredoc summary * build, heredoc: show heredoc summary in build output * manifest, push: add support for --retry and --retry-delay * imagebuildah: fix crash with empty RUN * Make buildah match podman for handling of ulimits * docs: move footnotes to where they're applicable * Allow users to specifyno-dereference * docs: use reversed logo for dark theme in README * build,commit: add --sbom to scan and produce SBOMs when committing * commit: force omitHistory if the parent has layers but no history * docs: fix a couple of typos * internal/mkcw.Archive(): handle extra image content * stage_executor,heredoc: honor interpreter in heredoc * stage_executor,layers: burst cache if heredoc content is changed * Replace map[K]bool with map[K]struct{} where it makes sense * Replace strings.SplitN with strings.Cut * Document use of containers-transports values in buildah * manifest: addCompression use default from containers.conf * commit: add a --add-file flag * mkcw: populate the rootfs using an overlay * Ignore errors if label.Relabel returns ENOSUP ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2024-3151=1 openSUSE-SLE-15.5-2024-3151=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2024-3151=1 * Containers Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Containers-15-SP5-2024-3151=1 * Containers Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Containers-15-SP6-2024-3151=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * buildah-1.35.4-150500.3.10.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * buildah-1.35.4-150500.3.10.1 * Containers Module 15-SP5 (aarch64 ppc64le s390x x86_64) * buildah-1.35.4-150500.3.10.1 * Containers Module 15-SP6 (aarch64 ppc64le s390x x86_64) * buildah-1.35.4-150500.3.10.1 ## References: * https://www.suse.com/security/cve/CVE-2024-1753.html * https://www.suse.com/security/cve/CVE-2024-24786.html * https://www.suse.com/security/cve/CVE-2024-28180.html * https://www.suse.com/security/cve/CVE-2024-3727.html *https://bugzilla.suse.com/show_bug.cgi?id=1221243 * https://bugzilla.suse.com/show_bug.cgi?id=1221677 * https://bugzilla.suse.com/show_bug.cgi?id=1224117 . Key security enhancement for buildah tackles various problems with significant resolutions on SUSE platforms.. buildah update, SUSE security advisory, important patch, container vulnerabilities. . Severity: Important. LinuxSecurity.com Team
Sep 06, 2024
•Important
SuSE
100
security advisorysystem updateimportant patchopenSUSE: 2023:4693-1 important: kubevirt containers security patch
Affected Products: * Containers Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 . # Security update for kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools- container, virt-operator-container Announcement ID: SUSE-SU-2023:4693-1 Rating: important References: Affected Products: * Containers Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that can now be installed. ## Description: This update for kubevirt, virt-api-container, virt-controller-container, virt- handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container fixes the following issues: Kubevirt is rebuilt against updated dependencies to fix security issues. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-4693=1 openSUSE-SLE-15.4-2023-4693=1 * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-4693=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-4693=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4693=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4693=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in-t patch SUSE-SLE-Micro-5.4-2023-4693=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4693=1 * Containers Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Containers-15-SP4-2023-4693=1 ## Package List: * openSUSE Leap 15.4 (x86_64) * kubevirt-virtctl-0.54.0-150400.3.26.1 * kubevirt-container-disk-debuginfo-0.54.0-150400.3.26.1 * kubevirt-virt-handler-0.54.0-150400.3.26.1 * obs-service-kubevirt_containers_meta-0.54.0-150400.3.26.1 * kubevirt-virtctl-debuginfo-0.54.0-150400.3.26.1 * kubevirt-tests-0.54.0-150400.3.26.1 * kubevirt-virt-controller-debuginfo-0.54.0-150400.3.26.1 * kubevirt-container-disk-0.54.0-150400.3.26.1 * kubevirt-manifests-0.54.0-150400.3.26.1 * kubevirt-tests-debuginfo-0.54.0-150400.3.26.1 * kubevirt-virt-api-debuginfo-0.54.0-150400.3.26.1 * kubevirt-virt-controller-0.54.0-150400.3.26.1 * kubevirt-virt-handler-debuginfo-0.54.0-150400.3.26.1 * kubevirt-virt-launcher-0.54.0-150400.3.26.1 * kubevirt-virt-api-0.54.0-150400.3.26.1 * kubevirt-virt-launcher-debuginfo-0.54.0-150400.3.26.1 * kubevirt-virt-operator-0.54.0-150400.3.26.1 * kubevirt-virt-operator-debuginfo-0.54.0-150400.3.26.1 * openSUSE Leap Micro 5.3 (x86_64) * kubevirt-virtctl-0.54.0-150400.3.26.1 * kubevirt-manifests-0.54.0-150400.3.26.1 * kubevirt-virtctl-debuginfo-0.54.0-150400.3.26.1 * openSUSE Leap Micro 5.4 (x86_64) * kubevirt-virtctl-0.54.0-150400.3.26.1 * kubevirt-manifests-0.54.0-150400.3.26.1 * kubevirt-virtctl-debuginfo-0.54.0-150400.3.26.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (x86_64) * kubevirt-virtctl-0.54.0-150400.3.26.1 * kubevirt-manifests-0.54.0-150400.3.26.1 * kubevirt-virtctl-debuginfo-0.54.0-150400.3.26.1 * SUSE Linux Enterprise Micro 5.3 (x86_64) * kubevirt-virtctl-0.54.0-150400.3.26.1 * kubevirt-manifests-0.54.0-150400.3.26.1 * kubevirt-virtctl-debuginfo-0.54.0-150400.3.26.1 * SUSE Linux Enterprise Micro for Rancher 5.4(x86_64) * kubevirt-virtctl-0.54.0-150400.3.26.1 * kubevirt-manifests-0.54.0-150400.3.26.1 * kubevirt-virtctl-debuginfo-0.54.0-150400.3.26.1 * SUSE Linux Enterprise Micro 5.4 (x86_64) * kubevirt-virtctl-0.54.0-150400.3.26.1 * kubevirt-manifests-0.54.0-150400.3.26.1 * kubevirt-virtctl-debuginfo-0.54.0-150400.3.26.1 * Containers Module 15-SP4 (x86_64) * kubevirt-virtctl-0.54.0-150400.3.26.1 * kubevirt-manifests-0.54.0-150400.3.26.1 * kubevirt-virtctl-debuginfo-0.54.0-150400.3.26.1 . Crucial announcement regarding kubevirt and its linked containers on openSUSE and SUSE Linux Enterprise to uphold system stability.. Kubevirt Security Update,SUSE Containers Patch,SUSE Linux Enterprise Fix. . Severity: Important. LinuxSecurity.com Team
Dec 07, 2023
•Important
SuSE
217
security advisorysecurity issuekernel updateOracle Linux 7 ELSA-2023-12590: Critical Kernel Container Fix
The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2023-12590 https://linux.oracle.com/errata/ELSA-2023-12590.html The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network: x86_64: kernel-uek-container-5.4.17-2136.321.4.el7.x86_64.rpm kernel-uek-container-debug-5.4.17-2136.321.4.el7.x86_64.rpm SRPMS: https://oss.oracle.com:443/ol7/SRPMS-updates//kernel-uek-container-5.4.17-2136.321.4.el7.src.rpm Related CVEs: CVE-2022-34918 CVE-2022-39189 Description of changes: [5.4.17-2136.321.4.el7] - tick/common: Align tick period during sched_timer setup (Thomas Gleixner) [Orabug: 35520079] - net/rds: Fix endless rds_send_xmit() loop if cp_index > 0 (Gerd Rausch) [Orabug: 35510149] [5.4.17-2136.321.3.el7] - selinux: don't use make's grouped targets feature yet (Paul Moore) - lib: cpu_rmap: Fix potential use-after-free in irq_cpu_rmap_release() (Ben Hutchings) - Revert "staging: rtl8192e: Replace macro RTL_PCI_DEVICE with PCI_DEVICE" (Greg Kroah-Hartman) - iommu/amd: Fix compile error for unused function (Joerg Roedel) [Orabug: 35070061] - iommu/amd: Do not Invalidate IRT when IRTE caching is disabled (Suravee Suthikulpanit) [Orabug: 35070061] - iommu/amd: Introduce Disable IRTE Caching Support (Suravee Suthikulpanit) [Orabug: 35070061] - iommu/amd: Remove the unused struct amd_ir_data.ref (Suravee Suthikulpanit) [Orabug: 35070061] - iommu/amd: Switch amd_iommu_update_ga() to use modify_irte_ga() (Joao Martins) [Orabug: 35070061] - iommu/amd: Handle GALog overflows (Joao Martins) [Orabug: 35070061] - iommu/amd: Fix "Guest Virtual APIC Table Root Pointer" configuration in IRTE (Kishon Vijay Abraham I) [Orabug: 35070061] - KVM: x86: ioapic: Fix level-triggered EOI and userspace I/OAPIC reconfigure race (Adamos Ttofari) [Orabug: 35070061] - xfs: fix AGFL allocation deadlock (Wengang Wang) [Orabug: 35159734] - crypto: api - Demote BUG_ON() in crypto_unregister_alg() to aWARN_ON() (Toke H?iland-J?rgensen) [Orabug: 35152388] - crypto: qat - drop log level of msg in get_instance_node() (Giovanni Cabiddu) [Orabug: 35152388] - crypto: algapi - make unregistration functions return void (Eric Biggers) [Orabug: 35152388] - bnxt_en: Clear DEFRAG flag in firmware message when retry flashing. (Pavan Chebbi) [Orabug: 35365203] - bnxt_en: Enable batch mode when using HWRM_NVM_MODIFY to flash packages. (Michael Chan) [Orabug: 35365203] - bnxt_en: Retry installing FW package under NO_SPACE error condition. (Pavan Chebbi) [Orabug: 35365203] - bnxt_en: Restructure bnxt_flash_package_from_fw_obj() to execute in a loop. (Pavan Chebbi) [Orabug: 35365203] - bnxt_en: Rearrange the logic in bnxt_flash_package_from_fw_obj(). (Michael Chan) [Orabug: 35365203] - bnxt_en: Refactor bnxt_flash_nvram. (Pavan Chebbi) [Orabug: 35365203] [5.4.17-2136.321.2.el7] - LTS tag: v5.4.245 (Sherry Yang) - netfilter: ctnetlink: Support offloaded conntrack entry deletion (Paul Blakey) - ipv{4,6}/raw: fix output xfrm lookup wrt protocol (Nicolas Dichtel) - binder: fix UAF caused by faulty buffer cleanup (Carlos Llamas) - bluetooth: Add cmd validity checks at the start of hci_sock_ioctl() (Ruihan Li) - cdc_ncm: Fix the build warning (Alexander Bersenev) - net/mlx5: Devcom, serialize devcom registration (Shay Drory) - net/mlx5: devcom only supports 2 ports (Mark Bloch) - fs: fix undefined behavior in bit shift for SB_NOUSER (Hao Ge) - power: supply: bq24190: Call power_supply_changed() after updating input current (Hans de Goede) - power: supply: core: Refactor power_supply_set_input_current_limit_from_supplier() (Hans de Goede) - power: supply: bq27xxx: After charger plug in/out wait 0.5s for things to stabilize (Hans de Goede) - net: cdc_ncm: Deal with too low values of dwNtbOutMaxSize (Tudor Ambarus) - cdc_ncm: Implement the 32-bit version of NCM Transfer Block (Alexander Bersenev) - LTS tag: v5.4.244 (Sherry Yang) - 3c589_cs: Fix an error handling path in tc589_probe() (Christophe JAILLET) - net/mlx5: Devcom,fix error flow in mlx5_devcom_register_device (Shay Drory) - net/mlx5: Fix error message when failing to allocate device memory (Roi Dayan) - forcedeth: Fix an error handling path in nv_probe() (Christophe JAILLET) - ASoC: Intel: Skylake: Fix declaration of enum skl_ch_cfg (Cezary Rojewski) - x86/show_trace_log_lvl: Ensure stack pointer is aligned, again (Vernon Lovejoy) - xen/pvcalls-back: fix double frees with pvcalls_new_active_socket() (Dan Carpenter) - coresight: Fix signedness bug in tmc_etr_buf_insert_barrier_packet() (Dan Carpenter) - power: supply: sbs-charger: Fix INHIBITED bit for Status reg (Daisuke Nojiri) - power: supply: bq27xxx: Fix poll_interval handling and races on remove (Hans de Goede) - power: supply: bq27xxx: Fix I2C IRQ race on remove (Hans de Goede) - power: supply: bq27xxx: Fix bq27xxx_battery_update() race condition (Hans de Goede) - power: supply: leds: Fix blink to LED on transition (Hans de Goede) - ipv6: Fix out-of-bounds access in ipv6_find_tlv() (Gavrilov Ilia) - bpf: Fix mask generation for 32-bit narrow loads of 64-bit fields (Will Deacon) - net: fix skb leak in __skb_tstamp_tx() (Pratyush Yadav) - media: radio-shark: Add endpoint checks (Alan Stern) - USB: sisusbvga: Add endpoint checks (Alan Stern) - USB: core: Add routines for endpoint checks in old drivers (Alan Stern) - udplite: Fix NULL pointer dereference in __sk_mem_raise_allocated(). (Kuniyuki Iwashima) - net: fix stack overflow when LRO is disabled for virtual interfaces (Taehee Yoo) - fbdev: udlfb: Fix endpoint check (Alan Stern) - debugobjects: Don't wake up kswapd from fill_pool() (Tetsuo Handa) - x86/topology: Fix erroneous smp_num_siblings on Intel Hybrid platforms (Zhang Rui) - parisc: Fix flush_dcache_page() for usage from irq context (Helge Deller) - selftests/memfd: Fix unknown type name build failure (Hardik Garg) - x86/mm: Avoid incomplete Global INVLPG flushes (Dave Hansen) - btrfs: use nofs when cleaning up aborted transactions (Josef Bacik) - gpio: mockup: Fix mode of debugfs files (Zev Weiss) - parisc:Allow to reboot machine after system halt (Helge Deller) - parisc: Handle kgdb breakpoints only in kernel context (Helge Deller) - m68k: Move signal frame following exception on 68020/030 (Finn Thain) - ALSA: hda/realtek: Enable headset onLenovo M70/M90 (Bin Li) - ALSA: hda/ca0132: add quirk for EVGA X299 DARK (Adam Stylinski) - mt76: mt7615: Fix build with older compilers (Pablo Greco) - spi: fsl-cpm: Use 16 bit mode for large transfers with even size (Christophe Leroy) - spi: fsl-spi: Re-organise transfer bits_per_word adaptation (Christophe Leroy) - watchdog: sp5100_tco: Immediately trigger upon starting. (Gregory Oakes) - s390/qdio: fix do_sqbs() inline assembly constraint (Heiko Carstens) - s390/qdio: get rid of register asm (Heiko Carstens) - vc_screen: reload load of struct vc_data pointer in vcs_write() to avoid UAF (George Kennedy) - vc_screen: rewrite vcs_size to accept vc, not inode (Jiri Slaby) - usb: gadget: u_ether: Fix host MAC address case (Konrad Grafe) - usb: gadget: u_ether: Convert prints to device prints (Jon Hunter) - lib/string_helpers: Introduce string_upper() and string_lower() helpers (Vadim Pasternak) - HID: wacom: add three styli to wacom_intuos_get_tool_type (Ping Cheng) - HID: wacom: Add new Intuos Pro Small (PTH-460) device IDs (Ping Cheng) - HID: wacom: Force pen out of prox if no events have been received in a while (Jason Gerecke) - netfilter: nf_tables: hold mutex on netns pre_exit path (Pablo Neira Ayuso) - netfilter: nf_tables: validate NFTA_SET_ELEM_OBJREF based on NFT_SET_OBJECT flag (Pablo Neira Ayuso) - netfilter: nf_tables: stricter validation of element data (Pablo Neira Ayuso) - netfilter: nf_tables: allow up to 64 bytes in the set element data area (Pablo Neira Ayuso) - netfilter: nf_tables: add nft_setelem_parse_key() (Pablo Neira Ayuso) - netfilter: nf_tables: validate registers coming from userspace. (Pablo Neira Ayuso) - netfilter: nftables: statify nft_parse_register() (Pablo Neira Ayuso) - netfilter: nftables: add nft_parse_register_store() and use it (PabloNeira Ayuso) - netfilter: nftables: add nft_parse_register_load() and use it (Pablo Neira Ayuso) - nilfs2: fix use-after-free bug of nilfs_root in nilfs_evict_inode() (Ryusuke Konishi) - powerpc/64s/radix: Fix soft dirty tracking (Michael Ellerman) - tpm/tpm_tis: Disable interrupts for more Lenovo devices (Jerry Snitselaar) - ceph: force updating the msg pointer in non-split case (Xiubo Li) - serial: Add support for Advantech PCI-1611U card (Vitaliy Tomin) - statfs: enforce statfs[64] structure initialization (Ilya Leoshkevich) - KVM: x86: do not report a vCPU as preempted outside instruction boundaries (Paolo Bonzini) - can: kvaser_pciefd: Disable interrupts in probe error path (Jimmy Assarsson) - can: kvaser_pciefd: Do not send EFLUSH command on TFD interrupt (Jimmy Assarsson) - can: kvaser_pciefd: Clear listen-only bit if not explicitly requested (Jimmy Assarsson) - can: kvaser_pciefd: Empty SRB buffer in probe (Jimmy Assarsson) - can: kvaser_pciefd: Call request_irq() before enabling interrupts (Jimmy Assarsson) - can: kvaser_pciefd: Set CAN_STATE_STOPPED in kvaser_pciefd_stop() (Jimmy Assarsson) - can: j1939: recvmsg(): allow MSG_CMSG_COMPAT flag (Oliver Hartkopp) - ALSA: hda/realtek: Add quirk for 2nd ASUS GU603 (Luke D. Jones) - ALSA: hda/realtek: Add a quirk for HP EliteDesk 805 (Ai Chao) - ALSA: hda: Add NVIDIA codec IDs a3 through a7 to patch table (Nikhil Mahale) - ALSA: hda: Fix Oops by 9.1 surround channel names (Takashi Iwai) - usb: typec: altmodes/displayport: fix pin_assignment_show (Badhri Jagan Sridharan) - usb: dwc3: debugfs: Resume dwc3 before accessing registers (Udipto Goswami) - USB: UHCI: adjust zhaoxin UHCI controllers OverCurrent bit value (Weitao Wang) - usb-storage: fix deadlock when a scsi command timeouts more than once (Maxime Bizon) - USB: usbtmc: Fix direction for 0-length ioctl control messages (Alan Stern) - vlan: fix a potential uninit-value in vlan_dev_hard_start_xmit() (Eric Dumazet) - igb: fix bit_shift to be in [1..8] range (Aleksandr Loktionov) - cassini: Fix a memoryleak in the error handling path of cas_init_one() (Christophe JAILLET) - wifi: iwlwifi: mvm: don't trust firmware n_channels (Johannes Berg) - net: bcmgenet: Restore phy_stop() depending upon suspend/close (Florian Fainelli) - net: bcmgenet: Remove phy_stop() from bcmgenet_netif_stop() (Florian Fainelli) - net: nsh: Use correct mac_offset to unwind gso skb in nsh_gso_segment() (Dong Chenchen) - drm/exynos: fix g2d_open/close helper function definitions (Arnd Bergmann) - media: netup_unidvb: fix use-after-free at del_timer() (Duoming Zhou) - net: hns3: fix reset delay time to avoid configuration timeout (Jie Wang) - net: hns3: fix sending pfc frames after reset issue (Jijie Shao) - erspan: get the proto with the md version for collect_md (Xin Long) - ip_gre, ip6_gre: Fix race condition on o_seqno in collect_md mode (Peilin Ye) - ip6_gre: Make o_seqno start from 0 in native mode (Peilin Ye) - ip6_gre: Fix skb_under_panic in __gre6_xmit() (Peilin Ye) - serial: arc_uart: fix of_iomap leak in arc_serial_probe (Ke Zhang) - vsock: avoid to close connected socket after the timeout (Zhuang Shengen) - ALSA: firewire-digi00x: prevent potential use after free (Dan Carpenter) - net: fec: Better handle pm_runtime_get() failing in .remove() (Uwe Kleine-Konig) - af_key: Reject optional tunnel/BEET mode templates in outbound policies (Tobias Brunner) - cpupower: Make TSC read per CPU for Mperf monitor (Wyes Karny) - ASoC: fsl_micfil: register platform component before registering cpu dai (Shengjiu Wang) - btrfs: fix space cache inconsistency after error loading it from disk (Filipe Manana) - btrfs: replace calls to btrfs_find_free_ino with btrfs_find_free_objectid (Nikolay Borisov) - mfd: dln2: Fix memory leak in dln2_probe() (Qiang Ning) - phy: st: miphy28lp: use _poll_timeout functions for waits (Alain Volmat) - Input: xpad - add constants for GIP interface numbers (Vicki Pfau) - iommu/arm-smmu-v3: Acknowledge pri/event queue overflow if any (Tomas Krcka) - clk: tegra20: fix gcc-7 constant overflow warning (Arnd Bergmann) -RDMA/core: Fix multiple -Warray-bounds warnings (Gustavo A. R. Silva) - recordmcount: Fix memory leaks in the uwrite function (Hao Zeng) - sched: Fix KCSAN noinstr violation (Josh Poimboeuf) - mcb-pci: Reallocate memory region to avoid memory overlapping (Rodriguez Barbarin, Jose Javier) - serial: 8250: Reinit port-> pm on port specific driver unbind (Tony Lindgren) - usb: typec: tcpm: fix multiple times discover svids error (Frank Wang) - HID: wacom: generic: Set battery quirk only when we see battery data (Jason Gerecke) - spi: spi-imx: fix MX51_ECSPI_* macros when cs > 3 (Kevin Groeneveld) - HID: logitech-hidpp: Reconcile USB and Unifying serials (Bastien Nocera) - HID: logitech-hidpp: Don't use the USB serial for USB devices (Bastien Nocera) - staging: rtl8192e: Replace macro RTL_PCI_DEVICE with PCI_DEVICE (Philipp Hortmann) - Bluetooth: L2CAP: fix "bad unlock balance" in l2cap_disconnect_rsp (Min Li) - wifi: iwlwifi: dvm: Fix memcpy: detected field-spanning write backtrace (Hans de Goede) - wifi: iwlwifi: pcie: Fix integer overflow in iwl_write_to_user_buf (Hyunwoo Kim) - wifi: iwlwifi: pcie: fix possible NULL pointer dereference (Daniel Gabay) - samples/bpf: Fix fout leak in hbm's run_bpf_prog (Hao Zeng) - f2fs: fix to drop all dirty pages during umount() if cp_error is set (Chao Yu) - ext4: Fix best extent lstart adjustment logic in ext4_mb_new_inode_pa() (Ojaswin Mujoo) - ext4: set goal start correctly in ext4_mb_normalize_request (Kemeng Shi) - gfs2: Fix inode height consistency check (Andreas Gruenbacher) - scsi: message: mptlan: Fix use after free bug in mptlan_remove() due to race condition (Zheng Wang) - lib: cpu_rmap: Avoid use after free on rmap-> obj array entries (Eli Cohen) - net: Catch invalid index in XPS mapping (Nick Child) - net: pasemi: Fix return type of pasemi_mac_start_tx() (Nathan Chancellor) - scsi: lpfc: Prevent lpfc_debugfs_lockstat_write() buffer overflow (Justin Tee) - ext2: Check block size validity during mount (Jan Kara) - wifi: brcmfmac: cfg80211: Pass the PMK in binaryinstead of hex (Hector Martin) - ACPICA: ACPICA: check null return of ACPI_ALLOCATE_ZEROED in acpi_db_display_objects (void0red) - ACPICA: Avoid undefined behavior: applying zero offset to null pointer (Tamir Duberstein) - drm/tegra: Avoid potential 32-bit integer overflow (Nur Hussein) - ACPI: EC: Fix oops when removing custom query handlers (Armin Wolf) - firmware: arm_sdei: Fix sleep from invalid context BUG (Sherry Yang) - memstick: r592: Fix UAF bug in r592_remove due to race condition (Zheng Wang) - regmap: cache: Return error in cache sync operations for REGCACHE_NONE (Alexander Stein) - drm/amd/display: Use DC_LOG_DC in the trasform pixel function (Rodrigo Siqueira) - fs: hfsplus: remove WARN_ON() from hfsplus_cat_{read,write}_inode() (Tetsuo Handa) - af_unix: Fix data races around sk-> sk_shutdown. (Kuniyuki Iwashima) - af_unix: Fix a data race of sk-> sk_receive_queue-> qlen. (Kuniyuki Iwashima) - net: datagram: fix data-races in datagram_poll() (Eric Dumazet) - ipvlan:Fix out-of-bounds caused by unclear skb-> cb (t.feng) - net: add vlan_get_protocol_and_depth() helper (Eric Dumazet) - net: tap: check vlan with eth_type_vlan() method (Menglong Dong) - net: annotate sk-> sk_err write from do_recvmmsg() (Eric Dumazet) - netlink: annotate accesses to nlk-> cb_running (Eric Dumazet) - netfilter: conntrack: fix possible bug_on with enable_hooks=1 (Florian Westphal) - net: Fix load-tearing on sk-> sk_stamp in sock_recv_cmsgs(). (Kuniyuki Iwashima) - linux/dim: Do nothing if no time delta between samples (Roy Novich) - ARM: 9296/1: HP Jornada 7XX: fix kernel-doc warnings (Randy Dunlap) - drm/mipi-dsi: Set the fwnode for mipi_dsi_device (Saravana Kannan) - driver core: add a helper to setup both the of_node and fwnode of a device (Ioana Ciornei) - LTS tag: v5.4.243 (Sherry Yang) - drm/amd/display: Fix hang when skipping modeset (Aurabindo Pillai) - mm/page_alloc: fix potential deadlock on zonelist_update_seq seqlock (Tetsuo Handa) - drm/exynos: move to use request_irq by IRQF_NO_AUTOEN flag (Tian Tao) -drm/msm/adreno: Fix null ptr access in adreno_gpu_cleanup() (Akhil P Oommen) - firmware: raspberrypi: fix possible memory leak in rpi_firmware_probe() (Yang Yingliang) - drm/msm: Fix double pm_runtime_disable() call (Maximilian Luz) - PM: domains: Restore comment indentation for generic_pm_domain.child_links (Geert Uytterhoeven) - printk: declare printk_deferred_{enter,safe}() in include/linux/printk.h (Tetsuo Handa) - PCI: pciehp: Fix AB-BA deadlock between reset_lock and device_lock (Lukas Wunner) - PCI: pciehp: Use down_read/write_nested(reset_lock) to fix lockdep errors (Hans de Goede) - drbd: correctly submit flush bio on barrier (Christoph Bohmwalder) - serial: 8250: Fix serial8250_tx_empty() race with DMA Tx (Ilpo Jarvinen) - tty: Prevent writing chars during tcsetattr TCSADRAIN/FLUSH (Ilpo Jarvinen) - ext4: fix invalid free tracking in ext4_xattr_move_to_block() (Theodore Ts'o) - ext4: remove a BUG_ON in ext4_mb_release_group_pa() (Theodore Ts'o) - ext4: bail out of ext4_xattr_ibody_get() fails for any reason (Theodore Ts'o) - ext4: add bounds checking in get_max_inline_xattr_value_size() (Theodore Ts'o) - ext4: fix deadlock when converting an inline directory in nojournal mode (Theodore Ts'o) - ext4: improve error recovery code paths in __ext4_remount() (Theodore Ts'o) - ext4: fix data races when using cached status extents (Jan Kara) - ext4: avoid a potential slab-out-of-bounds in ext4_group_desc_csum (Tudor Ambarus) - ext4: fix WARNING in mb_find_extent (Ye Bin) - HID: wacom: insert timestamp to packed Bluetooth (BT) events (Ping Cheng) - HID: wacom: Set a default resolution for older tablets (Ping Cheng) - drm/amdgpu: disable sdma ecc irq only when sdma RAS is enabled in suspend (Guchun Chen) - drm/amdgpu/gfx: disable gfx9 cp_ecc_error_irq only when enabling legacy gfx ras (Guchun Chen) - drm/amdgpu: fix an amdgpu_irq_put() issue in gmc_v9_0_hw_fini() (Hamza Mahfooz) - drm/panel: otm8009a: Set backlight parent to panel device (James Cowgill) - f2fs: fix potential corruption when moving a directory(Jaegeuk Kim) - ARM: dts: s5pv210: correct MIPI CSIS clock name (Krzysztof Kozlowski) - ARM: dts: exynos: fix WM8960 clock name in Itop Elite (Krzysztof Kozlowski) - remoteproc: st: Call of_node_put() on iteration error (Mathieu Poirier) - remoteproc: stm32: Call of_node_put() on iteration error (Mathieu Poirier) - sh: nmi_debug: fix return value of __setup handler (Randy Dunlap) - sh: init: use OF_EARLY_FLATTREE for early init (Randy Dunlap) - sh: math-emu: fix macro redefined warning (Randy Dunlap) - inotify: Avoid reporting event with invalid wd (Jan Kara) - platform/x86: touchscreen_dmi: Add info for the Dexp Ursus KX210i (Andrey Avdeev) - cifs: fix pcchunk length type in smb2_copychunk_range (Pawel Witek) - btrfs: print-tree: parent bytenr must be aligned to sector size (Anastasia Belova) - btrfs: don't free qgroup space unless specified (Josef Bacik) - btrfs: fix btrfs_prev_leaf() to not return the same key twice (Filipe Manana) - perf symbols: Fix return incorrect build_id size in elf_read_build_id() (Yang Jihong) - perf map: Delete two variable initialisations before null pointer checks in sort__sym_from_cmp() (Markus Elfring) - perf vendor events power9: Remove UTF-8 characters from JSON files (Kajol Jain) - virtio_net: suppress cpu stall when free_unused_bufs (Wenliang Wang) - virtio_net: split free_unused_bufs() (Xuan Zhuo) - net: dsa: mt7530: fix corrupt frames using trgmii on 40 MHz XTAL MT7621 (Ar?nc UNAL) - ALSA: caiaq: input: Add error handling for unsupported input methods in snd_usb_caiaq_input_init (Ruliang Lin) - drm/amdgpu: add a missing lock for AMDGPU_SCHED (Chia-I Wu) - af_packet: Don't send zero-byte data in packet_sendmsg_spkt(). (Kuniyuki Iwashima) - ionic: remove noise from ethtool rxnfc error msg (Shannon Nelson) - rxrpc: Fix hard call timeout units (David Howells) - net/sched: act_mirred: Add carrier check (Victor Nogueira) - writeback: fix call of incorrect macro (Maxim Korotkov) - net: dsa: mv88e6xxx: add mv88e6321 rsvd2cpu (Angelo Dureghello) - sit: update dev-> needed_headroomin ipip6_tunnel_bind_dev() (Cong Wang) - net/sched: cls_api: remove block_cb from driver_list before freeing (Vlad Buslov) - net/ncsi: clear Tx enable mode when handling a Config required AEN (Cosmo Chou) - relayfs: fix out-of-bounds access in relay_file_read (Zhang Zhengming) - kernel/relay.c: fix read_pos error when multiple readers (Pengcheng Yang) - crypto: safexcel - Cleanup ring IRQ workqueues on load failure (Jonathan McDowell) - crypto: inside-secure - irq balance (Sven Auhagen) - dm verity: fix error handling for check_at_most_once on FEC (Yeongjin Gil) - dm verity: skip redundant verity_handle_err() on I/O errors (Akilesh Kailash) - mailbox: zynqmp: Fix counts of child nodes (Tanmay Shah) - mailbox: zynq: Switch to flexible array to simplify code (Christophe JAILLET) - tick/nohz: Fix cpu_is_hotpluggable() by checking with nohz subsystem (Joel Fernandes (Google)) - nohz: Add TICK_DEP_BIT_RCU (Frederic Weisbecker) - debugobject: Ensure pool refill (again) (Thomas Gleixner) - perf intel-pt: Fix CYC timestamps after standalone CBR (Adrian Hunter) - perf auxtrace: Fix address filter entire kernel size (Adrian Hunter) - dm ioctl: fix nested locking in table_clear() to remove deadlock concern (Mike Snitzer) - dm flakey: fix a crash with invalid table line (Mikulas Patocka) - dm integrity: call kmem_cache_destroy() in dm_integrity_init() error path (Mike Snitzer) - dm clone: call kmem_cache_destroy() in dm_clone_init() error path (Mike Snitzer) - s390/dasd: fix hanging blockdevice after request requeue (Stefan Haberland) - btrfs: scrub: reject unsupported scrub flags (Qu Wenruo) - scripts/gdb: fix lx-timerlist for Python3 (Peng Liu) - clk: rockchip: rk3399: allow clk_cifout to force clk_cifout_src to reparent (Quentin Schulz) - wifi: rtl8xxxu: RTL8192EU always needs full init (Bitterblue Smith) - mailbox: zynqmp: Fix typo in IPI documentation (Tanmay Shah) - mailbox: zynqmp: Fix IPI isr handling (Tanmay Shah) - md/raid10: fix null-ptr-deref in raid10_sync_request (Li Nan) - nilfs2: fix infinite loop innilfs_mdt_get_block() (Ryusuke Konishi) - nilfs2: do not write dirty data after degenerating to read-only (Ryusuke Konishi) - parisc: Fix argument pointer in real64_call_asm() (Helge Deller) - afs: Fix updating of i_size with dv jump from server (Marc Dionne) - dmaengine: at_xdmac: do not enable all cyclic channels (Claudiu Beznea) - dmaengine: dw-edma: Fix to enable to issue dma request on DMA processing (Shunsuke Mie) - dmaengine: dw-edma: Fix to change for continuous transfer (Shunsuke Mie) - phy: tegra: xusb: Add missing tegra_xusb_port_unregister for usb2_port and ulpi_port (Gaosheng Cui) - pwm: mtk-disp: Disable shadow registers before setting backlight values (AngeloGioacchino Del Regno) - pwm: mtk-disp: Adjust the clocks to avoid them mismatch (Jitao Shi) - pwm: mtk-disp: Don't check the return code of pwmchip_remove() (Uwe Kleine-Konig) - dmaengine: mv_xor_v2: Fix an error code. (Christophe JAILLET) - leds: TI_LMU_COMMON: select REGMAP instead of depending on it (Randy Dunlap) - ext4: fix use-after-free read in ext4_find_extent for bigalloc + inline (Ye Bin) - openrisc: Properly store r31 to pt_regs on unhandled exceptions (Stafford Horne) - clocksource/drivers/davinci: Fix memory leak in davinci_timer_register when init fails (Qinrun Dai) - clocksource: davinci: axe a pointless __GFP_NOFAIL (Christophe JAILLET) - clocksource/drivers/davinci: Avoid trailing '\n' hidden in pr_fmt() (Christophe JAILLET) - RDMA/mlx5: Use correct device num_ports when modify DC (Mark Zhang) - Input: raspberrypi-ts - fix refcount leak in rpi_ts_probe (Miaoqian Lin) - input: raspberrypi-ts: Release firmware handle when not needed (Nicolas Saenz Julienne) - firmware: raspberrypi: Introduce devm_rpi_firmware_get() (Nicolas Saenz Julienne) - firmware: raspberrypi: Keep count of all consumers (Nicolas Saenz Julienne) - NFSv4.1: Always send a RECLAIM_COMPLETE after establishing lease (Trond Myklebust) - IB/hfi1: Fix SDMA mmu_rb_node not being evicted in LRU order (Patrick Kelsey) - RDMA/siw: Remove namespace check fromsiw_netdev_event() (Tetsuo Handa) - clk: add missing of_node_put() in "assigned-clocks" property parsing (Clement Leger) - power: supply: generic-adc-battery: fix unit scaling (Sebastian Reichel) - rtc: meson-vrtc: Use ktime_get_real_ts64() to get the current time (Martin Blumenstingl) - RDMA/mlx4: Prevent shift wrapping in set_user_sq_size() (Dan Carpenter) - rtc: omap: include header for omap_rtc_power_off_program prototype (Krzysztof Kozlowski) - RDMA/rdmavt: Delete unnecessary NULL check (Natalia Petrova) - RDMA/siw: Fix potential page_array out of range access (Daniil Dulov) - perf/core: Fix hardlockup failure caused by perf throttle (Yang Jihong) - powerpc/rtas: use memmove for potentially overlapping buffer copy (Nathan Lynch) - macintosh: via-pmu-led: requires ATA to be set (Randy Dunlap) - powerpc/sysdev/tsi108: fix resource printk format warnings (Randy Dunlap) - powerpc/wii: fix resource printk format warnings (Randy Dunlap) - powerpc/mpc512x: fix resource printk format warning (Randy Dunlap) - macintosh/windfarm_smu_sat: Add missing of_node_put() (Liang He) - spmi: Add a check for remove callback when removing a SPMI driver (Jishnu Prakash) - staging: rtl8192e: Fix W_DISABLE# does not work after stop/start (Philipp Hortmann) - serial: 8250: Add missing wakeup event reporting (Florian Fainelli) - tty: serial: fsl_lpuart: adjust buffer length to the intended size (Shenwei Wang) - firmware: stratix10-svc: Fix an NULL vs IS_ERR() bug in probe (Dan Carpenter) - usb: mtu3: fix kernel panic at qmu transfer done irq handler (Chunfeng Yun) - usb: chipidea: fix missing goto in ci_hdrc_probe (Yinhao Hu) - sh: sq: Fix incorrect element size for allocating bitmap buffer (John Paul Adrian Glaubitz) - uapi/linux/const.h: prefer ISO-friendly __typeof__ (Kevin Brodsky) - spi: cadence-quadspi: fix suspend-resume implementations (Dhruva Gole) - mtd: spi-nor: cadence-quadspi: Handle probe deferral while requesting DMA channel (Vignesh Raghavendra) - mtd: spi-nor: cadence-quadspi: Don't initialize rx_dma_complete onfailure (Vignesh Raghavendra) - mtd: spi-nor: cadence-quadspi: Make driver independent of flash geometry (Vignesh Raghavendra) - scripts/gdb: bail early if there are no generic PD (Florian Fainelli) - PM: domains: Fix up terminology with parent/child (Kees Cook) - scripts/gdb: bail early if there are no clocks (Florian Fainelli) - ia64: salinfo: placate defined-but-not-used warning (Randy Dunlap) - ia64: mm/contig: fix section mismatch warning/error (Randy Dunlap) - of: Fix modalias string generation (Miquel Raynal) - vmci_host: fix a race condition in vmci_host_poll() causing GPF (Dae R. Jeong) - spi: fsl-spi: Fix CPM/QE mode Litte Endian (Christophe Leroy) - spi: qup: Don't skip cleanup in remove's error path (Uwe Kleine-Konig) - linux/vt_buffer.h: allow either builtin or modular for macros (Randy Dunlap) - ASoC: es8316: Handle optional IRQ assignment (Cristian Ciocaltea) - ASoC: es8316: Use IRQF_NO_AUTOEN when requesting the IRQ (Hans de Goede) - genirq: Add IRQF_NO_AUTOEN for request_irq/nmi() (Barry Song) - PCI: imx6: Install the fault handler only on compatible match (H. Nikolaus Schaller) - usb: gadget: udc: renesas_usb3: Fix use after free bug in renesas_usb3_remove due to race condition (Zheng Wang) - iio: light: max44009: add missing OF device matching (Krzysztof Kozlowski) - fpga: bridge: fix kernel-doc parameter description (Marco Pagani) - usb: host: xhci-rcar: remove leftover quirk handling (Wolfram Sang) - pstore: Revert pmsg_lock back to a normal mutex (John Stultz) - tcp/udp: Fix memleaks of sk and zerocopy skbs with TX timestamp. (Kuniyuki Iwashima) - net: amd: Fix link leak when verifying config failed (Gencen Gan) - netlink: Use copy_to_user() for optval in netlink_getsockopt(). (Kuniyuki Iwashima) - ipv4: Fix potential uninit variable access bug in __ip_make_skb() (Ziyang Xuan) - netfilter: nf_tables: don't write table validation state without mutex (Florian Westphal) - bpf: Don't EFAULT for getsockopt with optval=NULL (Stanislav Fomichev) - ixgbe: Enable setting RSS table to default values(Joe Damato) - ixgbe: Allow flow hash to be set via ethtool (Joe Damato) - wifi: iwlwifi: mvm: check firmware response size (Johannes Berg) - wifi: iwlwifi: make the loop for card preparation effective (Emmanuel Grumbach) - md/raid10: fix memleak of md thread (Yu Kuai) - md: update the optimal I/O size on reshape (Christoph Hellwig) - md/raid10: fix memleak for 'conf-> bio_split' (Yu Kuai) - md/raid10: fix leak of 'r10bio-> remaining' for recovery (Yu Kuai) - bpf, sockmap: Revert buggy deadlock fix in the sockhash and sockmap (Daniel Borkmann) - nvme-fcloop: fix "inconsistent {IN-HARDIRQ-W} -> {HARDIRQ-ON-W} usage" (Ming Lei) - nvme: fix async event trace event (Keith Busch) - nvme: handle the persistent internal error AER (Michael Kelley) - bpf, sockmap: fix deadlocks in the sockhash and sockmap (Xin Liu) - scsi: lpfc: Fix ioremap issues in lpfc_sli4_pci_mem_setup() (Shuchang Li) - crypto: drbg - Only fail when jent is unavailable in FIPS mode (Herbert Xu) - crypto: drbg - make drbg_prepare_hrng() handle jent instantiation errors (Nicolai Stange) - bpftool: Fix bug for long instructions in program CFG dumps (Quentin Monnet) - wifi: rtlwifi: fix incorrect error codes in rtl_debugfs_set_write_reg() (Wei Chen) - wifi: rtlwifi: fix incorrect error codes in rtl_debugfs_set_write_rfreg() (Wei Chen) - rtlwifi: Replace RT_TRACE with rtl_dbg (Larry Finger) - rtlwifi: Start changing RT_TRACE into rtl_dbg (Larry Finger) - f2fs: handle dqget error in f2fs_transfer_project_quota() (Yangtao Li) - scsi: megaraid: Fix mega_cmd_done() CMDID_INT_CMDS (Danila Chernetsov) - net/packet: convert po-> auxdata to an atomic flag (Eric Dumazet) - net/packet: convert po-> origdev to an atomic flag (Eric Dumazet) - net/packet: annotate accesses to po-> xmit (Eric Dumazet) - vlan: partially enable SIOCSHWTSTAMP in container (Vadim Fedorenko) - scm: fix MSG_CTRUNC setting condition for SO_PASSSEC (Alexander Mikhalitsyn) - wifi: rtw88: mac: Return the original error from rtw_mac_power_switch() (Martin Blumenstingl) - wifi: rtw88: mac:Return the original error from rtw_pwr_seq_parser() (Martin Blumenstingl) - tools: bpftool: Remove invalid \' json escape (Luis Gerhorst) - wifi: ath6kl: reduce WARN to dev_dbg() in callback (Fedor Pchelkin) - wifi: ath5k: fix an off by one check in ath5k_eeprom_read_freq_list() (Dan Carpenter) - wifi: ath9k: hif_usb: fix memory leak of remain_skbs (Fedor Pchelkin) - wifi: ath6kl: minor fix for allocation size (Alexey V. Vissarionov) - tick/common: Align tick period with the HZ tick. (Sebastian Andrzej Siewior) - tick: Get rid of tick_period (Thomas Gleixner) - tick/sched: Optimize tick_do_update_jiffies64() further (Thomas Gleixner) - tick/sched: Reduce seqcount held scope in tick_do_update_jiffies64() (Yunfeng Ye) - tick/sched: Use tick_next_period for lockless quick check (Thomas Gleixner) - timekeeping: Split jiffies seqlock (Thomas Gleixner) - debugobject: Prevent init race with static objects (Thomas Gleixner) - arm64: kgdb: Set PSTATE.SS to 1 to re-enable single-step (Sumit Garg) - x86/ioapic: Don't return 0 from arch_dynirq_lower_bound() (Saurabh Sengar) - regulator: stm32-pwr: fix of_iomap leak (YAN SHI) - media: rc: gpio-ir-recv: Fix support for wake-up (Florian Fainelli) - media: rcar_fdp1: Fix refcount leak in probe and remove function (Miaoqian Lin) - media: rcar_fdp1: Fix the correct variable assignments (Tang Bin) - media: rcar_fdp1: Make use of the helper function devm_platform_ioremap_resource() (Cai Huoqing) - media: rcar_fdp1: fix pm_runtime_get_sync() usage count (Mauro Carvalho Chehab) - media: rcar_fdp1: simplify error check logic at fdp_open() (Mauro Carvalho Chehab) - media: saa7134: fix use after free bug in saa7134_finidev due to race condition (Zheng Wang) - media: dm1105: Fix use after free bug in dm1105_remove due to race condition (Zheng Wang) - x86/apic: Fix atomic update of offset in reserve_eilvt_offset() (Uros Bizjak) - regulator: core: Avoid lockdep reports when resolving supplies (Douglas Anderson) - regulator: core: Consistently set mutex_owner when using ww_mutex_lock_slow()(Douglas Anderson) - drm/lima/lima_drv: Add missing unwind goto in lima_pdev_probe() (Harshit Mogalapalli) - mmc: sdhci-of-esdhc: fix quirk to ignore command inhibit for data (Georgii Kruglov) - drm/msm/adreno: drop bogus pm_runtime_set_active() (Johan Hovold) - drm/msm/adreno: Defer enabling runpm until hw_init() (Rob Clark) - drm/msm: fix unbalanced pm_runtime_enable in adreno_gpu_{init, cleanup} (Jonathan Marek) - firmware: qcom_scm: Clear download bit during reboot (Mukesh Ojha) - media: av7110: prevent underflow in write_ts_to_decoder() (Dan Carpenter) - media: uapi: add MEDIA_BUS_FMT_METADATA_FIXED media bus format. (Dafna Hirschfeld) - media: bdisp: Add missing check for create_workqueue (Jiasheng Jiang) - ARM: dts: qcom: ipq8064: Fix the PCI I/O port range (Manivannan Sadhasivam) - ARM: dts: qcom: ipq8064: reduce pci IO size to 64K (Christian Marangi) - ARM: dts: qcom: ipq4019: Fix the PCI I/O port range (Manivannan Sadhasivam) - EDAC/skx: Fix overflows on the DRAM row address mapping arrays (Qiuxu Zhuo) - arm64: dts: renesas: r8a774c0: Remove bogus voltages from OPP table (Geert Uytterhoeven) - arm64: dts: renesas: r8a77990: Remove bogus voltages from OPP table (Geert Uytterhoeven) - drm/probe-helper: Cancel previous job before starting new one (Dom Cobley) - drm/vgem: add missing mutex_destroy (Maira Canal) - drm/rockchip: Drop unbalanced obj unref (Rob Clark) - erofs: fix potential overflow calculating xattr_isize (Jingbo Xu) - erofs: stop parsing non-compact HEAD index if clusterofs is invalid (Gao Xiang) - tpm, tpm_tis: Do not skip reset of original interrupt vector (Lino Sanfilippo) - selinux: ensure av_permissions.h is built when needed (Paul Moore) - selinux: fix Makefile dependencies of flask.h (Ondrej Mosnacek) - ubifs: Free memory for tmpfile name (Marten Lindahl) - ubi: Fix return value overwrite issue in try_write_vid_and_data() (Wang YanQing) - ubifs: Fix memleak when insert_old_idx() failed (Zhihao Cheng) - i2c: omap: Fix standard mode false ACK readings (Reid Tonking) - KVM: nVMX: EmulateNOPs in L2, and PAUSE if it's not intercepted (Sean Christopherson) - reiserfs: Add security prefix to xattr name in reiserfs_security_write() (Roberto Sassu) - ring-buffer: Sync IRQ works before buffer destruction (Johannes Berg) - pwm: meson: Fix g12a ao clk81 name (Heiner Kallweit) - pwm: meson: Fix axg ao mux parents (Heiner Kallweit) - kheaders: Use array declaration instead of char (Kees Cook) - ipmi: fix SSIF not responding under certain cond. (Zhang Yuchen) - MIPS: fw: Allow firmware to pass a empty env (Jiaxun Yang) - xhci: fix debugfs register accesses while suspended (Johan Hovold) - debugfs: regset32: Add Runtime PM support (Geert Uytterhoeven) - staging: iio: resolver: ads1210: fix config mode (Nuno Sa) - perf sched: Cast PTHREAD_STACK_MIN to int as it may turn into sysconf(__SC_THREAD_STACK_MIN_VALUE) (Arnaldo Carvalho de Melo) - USB: dwc3: fix runtime pm imbalance on unbind (Johan Hovold) - USB: dwc3: fix runtime pm imbalance on probe errors (Johan Hovold) - asm-generic/io.h: suppress endianness warnings for readq() and writeq() (Vladimir Oltean) - ASoC: Intel: bytcr_rt5640: Add quirk for the Acer Iconia One 7 B1-750 (Hans de Goede) - iio: adc: palmas_gpadc: fix NULL dereference on rmmod (Patrik Dahlstrom) - USB: serial: option: add UNISOC vendor and TOZED LT70C product (Ar?nc UNAL) - bluetooth: Perform careful capability checks in hci_sock_ioctl() (Ruihan Li) - drm/fb-helper: set x/yres_virtual in drm_fb_helper_check_var (Daniel Vetter) - wifi: brcmfmac: slab-out-of-bounds read in brcmf_get_assoc_ies() (Jisoo Jang) - counter: 104-quad-8: Fix race condition between FLAG and CNTR reads (William Breathitt Gray) [5.4.17-2136.321.1.el7] - uek-rpm: Blacklist cls_tcindex module (Somasundaram Krishnasamy) [Orabug: 35408335] - uek_kabi: Add UEK_KABI_DEPRECATE_ENUM (Sherry Yang) [Orabug: 35469883] - perf kvm: Add kvm-stat for arm64 (Sergey Senozhatsky) [Orabug: 35415996] - dsc-drivers: update ionic drivers to 23.04.1-001 (Dave Kleikamp) [Orabug: 35416310] - dsc-drivers: update ionic drivers to22.11.1-001 (Dave Kleikamp) [Orabug: 35416310] - dsc-drivers: update drivers for 1.15.9-C-100 (Dave Kleikamp) [Orabug: 35416310] - elba.dtsi: Improved sdclk and sdclk-hsmmc timing. (David Clear) [Orabug: 35416310] - drivers/i2c: Fix Lattice RD1173 interrupt handling (Hiren Mehta) [Orabug: 35416310] - defconfig: cleanup elba_defconfig (Hiren Mehta) [Orabug: 35416310] _______________________________________________ El-errata mailing list
Aug 24, 2023
•Critical
Oracle
202
security advisorynetwork securitymoderate severityopenSUSE: 2023:3057-1 Moderate: Kubevirt Container Security Update
This update for kubevirt, virt-api-container, virt-controller-container, virt- handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container fixes the following issues:. # Security update for kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools- container, virt-operator-container Announcement ID: SUSE-SU-2023:3057-1 Rating: moderate References: Affected Products: * Containers Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that can now be installed. ## Description: This update for kubevirt, virt-api-container, virt-controller-container, virt- handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container fixes the following issues: This update rebuilds the kubevirt stack with the current GO release. ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-3057=1 openSUSE-SLE-15.4-2023-3057=1 * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-3057=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-3057=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-3057=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-3057=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-3057=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-3057=1 * Containers Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Containers-15-SP4-2023-3057=1 ## Package List: * openSUSE Leap 15.4 (x86_64) * kubevirt-virt-api-debuginfo-0.54.0-150400.3.19.1 * kubevirt-virt-operator-debuginfo-0.54.0-150400.3.19.1 * kubevirt-virt-api-0.54.0-150400.3.19.1 * kubevirt-container-disk-0.54.0-150400.3.19.1 * kubevirt-tests-debuginfo-0.54.0-150400.3.19.1 * kubevirt-virt-controller-0.54.0-150400.3.19.1 * kubevirt-virt-launcher-debuginfo-0.54.0-150400.3.19.1 * kubevirt-virt-handler-0.54.0-150400.3.19.1 * kubevirt-tests-0.54.0-150400.3.19.1 * kubevirt-virt-controller-debuginfo-0.54.0-150400.3.19.1 * kubevirt-virtctl-0.54.0-150400.3.19.1 * kubevirt-virt-handler-debuginfo-0.54.0-150400.3.19.1 * kubevirt-container-disk-debuginfo-0.54.0-150400.3.19.1 * kubevirt-virt-launcher-0.54.0-150400.3.19.1 * kubevirt-manifests-0.54.0-150400.3.19.1 * kubevirt-virtctl-debuginfo-0.54.0-150400.3.19.1 * obs-service-kubevirt_containers_meta-0.54.0-150400.3.19.1 * kubevirt-virt-operator-0.54.0-150400.3.19.1 * openSUSE Leap Micro 5.3 (x86_64) * kubevirt-virtctl-debuginfo-0.54.0-150400.3.19.1 * kubevirt-manifests-0.54.0-150400.3.19.1 * kubevirt-virtctl-0.54.0-150400.3.19.1 * openSUSE Leap Micro 5.4 (x86_64) * kubevirt-virtctl-debuginfo-0.54.0-150400.3.19.1 * kubevirt-manifests-0.54.0-150400.3.19.1 * kubevirt-virtctl-0.54.0-150400.3.19.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (x86_64) * kubevirt-virtctl-debuginfo-0.54.0-150400.3.19.1 * kubevirt-manifests-0.54.0-150400.3.19.1 * kubevirt-virtctl-0.54.0-150400.3.19.1 * SUSE Linux Enterprise Micro 5.3 (x86_64) * kubevirt-virtctl-debuginfo-0.54.0-150400.3.19.1 *kubevirt-manifests-0.54.0-150400.3.19.1 * kubevirt-virtctl-0.54.0-150400.3.19.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (x86_64) * kubevirt-virtctl-debuginfo-0.54.0-150400.3.19.1 * kubevirt-manifests-0.54.0-150400.3.19.1 * kubevirt-virtctl-0.54.0-150400.3.19.1 * SUSE Linux Enterprise Micro 5.4 (x86_64) * kubevirt-virtctl-debuginfo-0.54.0-150400.3.19.1 * kubevirt-manifests-0.54.0-150400.3.19.1 * kubevirt-virtctl-0.54.0-150400.3.19.1 * Containers Module 15-SP4 (x86_64) * kubevirt-virtctl-debuginfo-0.54.0-150400.3.19.1 * kubevirt-manifests-0.54.0-150400.3.19.1 * kubevirt-virtctl-0.54.0-150400.3.19.1 . Enhancements for kubevirt and associated container images targeting medium-level security vulnerabilities in various openSUSE ecosystems.. openSUSE Container Update,Kubevirt Security Patch,Moderate Security Advisory. . LinuxSecurity.com Team
Jul 31, 2023
OpenSUSE
98
security advisorymoderatesecurity updateRed Hat OpenShift 4.13.5 Moderate: DoS, Memory Growth Security Issues
Red Hat OpenShift Container Platform release 4.13.5 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.13.. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: OpenShift Container Platform 4.13.5 security update Advisory ID: RHSA-2023:4091-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2023:4091 Issue date: 2023-07-20 CVE Names: CVE-2022-4304 CVE-2022-4450 CVE-2022-41717 CVE-2022-41723 CVE-2022-46663 CVE-2023-0215 CVE-2023-0361 CVE-2023-0464 CVE-2023-0465 CVE-2023-0466 CVE-2023-1255 CVE-2023-1260 CVE-2023-2253 CVE-2023-2650 CVE-2023-2700 CVE-2023-3089 CVE-2023-24329 CVE-2023-24534 CVE-2023-24536 CVE-2023-24537 CVE-2023-24538 CVE-2023-24539 CVE-2023-27561 CVE-2023-29400 CVE-2023-32067 ==================================================================== 1. Summary: Red Hat OpenShift Container Platform release 4.13.5 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.13. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShiftContainer Platform 4.13.5 See the following advisory for the RPM packages for this release: https://access.redhat.com/errata/RHSA-2023:4093 Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes: https://docs.redhat.com/en/documentation/openshift_container_platform/4.13/html/release_notes/ocp-4-13-release-notes Security Fix(es): * golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests (CVE-2022-41717) * net/http, golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding (CVE-2022-41723) * distribution/distribution: DoS from malicious API request (CVE-2023-2253) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. All OpenShift Container Platform 4.13 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.redhat.com/en/documentation/openshift_container_platform/4.13/html/updating_clusters/updating-cluster-cli 3. Solution: For OpenShift Container Platform 4.13 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update: https://docs.redhat.com/en/documentation/openshift_container_platform/4.13/html/release_notes/ocp-4-13-release-notes You may download the oc tool and use it to inspect release image metadata for x86_64, s390x, ppc64le, and aarch64 architectures. The image digests may be found at https://quay.io/repository/openshift-release-dev/ocp-release?tab=tags The sha values for the release are: (For x86_64 architecture) The image digestis sha256:af19e94813478382e36ae1fa2ae7bbbff1f903dded6180f4eb0624afe6fc6cd4 (For s390x architecture) The image digest is sha256:d4d2c747fade057e55f64e02a34bb752bd2cd1484b02f029d0842d346f872870 (For ppc64le architecture) The image digest is sha256:48466f0b7c86292379c5d987ec37f0d4a4cc26a69357374e127a7293b230c943 (For aarch64 architecture) The image digest is sha256:e9afcbe007e2440d2b862dc7709138df73dd851421d69c7f39f195301e0cda53 All OpenShift Container Platform 4.13 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.redhat.com/en/documentation/openshift_container_platform/4.13/html/updating_clusters/updating-cluster-cli 4. Bugs fixed (https://bugzilla.redhat.com/): 2161274 - CVE-2022-41717 golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests 2178358 - CVE-2022-41723 net/http, golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding 2189886 - CVE-2023-2253 distribution/distribution: DoS from malicious API request 5. JIRA issues fixed (https://issues.redhat.com/): OCPBUGS-10326 - Re-enable operator-install-single-namespace.spec.ts test OCPBUGS-11143 - [Azure] Replace master failed as new master did not add into lb backend OCPBUGS-11974 - User telemetry is broken (inaccurate) due to the fact that page titles are not unique. OCPBUGS-12206 - [4.13] Keep systemd journal using LZ4 compression (via new env var) OCPBUGS-12256 - ptp operator socket management need rework since a few test case fails due to cleaning up the file before other processes are terminated. OCPBUGS-12743 - [4.13] SNO cluster deployment failing due to authentication and console CO in degraded state OCPBUGS-12785 - [release-4.13] Enable/Disable plugin options are not shown on Operator details page OCPBUGS-13311 - Kubelet CA file not written by MCD firstboot OCPBUGS-13323 - [4.13]Bootimage bump tracker OCPBUGS-13642 - [release-4.13] OLM k8sResourcePrefix x-descriptor dropdown unexpectedly clears selections OCPBUGS-13747 - [4.13] cgroupv1 support for cpu balancing is broken for non-SNO nodes OCPBUGS-13752 - AdditionalTrustBundle is only included when doing mirroring OCPBUGS-13809 - OVN image pre-puller pod uses `imagePullPolicy: Always` and blocks upgrade when there is no registry OCPBUGS-13812 - [azure] Installer doesn't validate diskType on ASH which lead to install fails with unsupported disktype OCPBUGS-14030 - Invalid CA certificate bundle provided by service account token OCPBUGS-14166 - Make Serverless form is broken OCPBUGS-14189 - Route Checkbox getting checked even if it is unchecked during editing the Serverless Function form OCPBUGS-14251 - Add new console metrics to cluster-monitoring-operator telemetry configuration (4.13) OCPBUGS-14267 - [Openshift Pipelines] Metrics page is broken OCPBUGS-14310 - Could not import multiple resources via JSON (while YAML supports this) OCPBUGS-14318 - [release-4.13] gather podDisruptionBudget only from openshift namespaces OCPBUGS-14336 - [Openshift Pipelines] Link to Openshift Route from service is breaking because of hardcoded value of targetPort OCPBUGS-14426 - Failed to list Kepler CSV OCPBUGS-14459 - The MCD repeats a "State and Reason" log line even when nothing is happening OCPBUGS-14482 - Sync RHEL9 Dockerfiles to regular Dockerfiles OCPBUGS-14598 - Update Jenkins to use 4.13 images OCPBUGS-14773 - (release-4.13) gather "gateway-mode-config" config map from "openshift-network-operator" namespace OCPBUGS-14867 - When installing SNO with bootstrap in place it takes cluster-policy-controller 6 minutes to acquire the leader lease OCPBUGS-14916 - images: RHEL-8-based container image is broken OCPBUGS-14943 - visiting Configurations page returns error Cannot read properties of undefined (reading 'apiGroup') OCPBUGS-15031 - (release-4.13) Insights config not correctly deserialized OCPBUGS-15101 - IngressVIP getting attach to two nodes atonce OCPBUGS-15130 - Helm Repository "Edit" button results in 404 OCPBUGS-15139 - The whereabouts-reconciler should not set an hard-coded node selector on the kubernetes.io/architecture label OCPBUGS-15161 - CPMS: Surface cpms vs machine diff OCPBUGS-15171 - CPO doesn't skip AWS resource deletion for 'Unknown' OIDC state OCPBUGS-15187 - images: RHEL-8 container image is missing `xz` OCPBUGS-15224 - [4.13] openvswitch user is not in the hugetblfs group OCPBUGS-15225 - while/after upgrading to OKD 4.11 2023-01-14 CoreDNS has a problem with UDP overflows OCPBUGS-15228 - Create helm release page doesn't show a YAML editor when schema isn't available (httpd-imagestreams chart) OCPBUGS-15230 - Allow installer to use existing Azure NSG during OpenShift IPI install OCPBUGS-15246 - Bump to kubernetes 1.26.6 OCPBUGS-15281 - Leftover IngressController Preventing Clean Uninstall OCPBUGS-15289 - GCP XPN Installs Require bindPrivateDNSZone Permission in host project OCPBUGS-15330 - CPMSO: fix linting issue comment in test OCPBUGS-15335 - PipelineRun failed with log 'Tasks Completed: 3 (Failed: 1, Cancelled 0), Skipped: 1.' OCPBUGS-15360 - Serverless functions UI warning is misleading OCPBUGS-15372 - [4.13z] Duplicate acls cause network policy failure for namespaces with long names (> 61 chars) OCPBUGS-15376 - [4.13] Cleanup Tech debt: remove unused repo code OCPBUGS-15410 - [release-4.13] Add Git Repository (PAC) doesn't setup GitLab and Bitbucket configuration correct OCPBUGS-15434 - [GWAPI] [4.13.z] The DNS provider failed to ensure the record, invalid value for name (gcp) OCPBUGS-15457 - python-grpcio and python-protobuf are unneeded dependencies OCPBUGS-15463 - [release-4.13] Unable to set protectKernelDefaults from "true" to "false" in kubelet.conf [release-4.13] OCPBUGS-15465 - [CI Watcher] Testing uninstall of Business Automation Operator "attempts to uninstall the Operator and delete all Operand Instances, shows 'Error Deleting Operands' alert" OCPBUGS-15476 - Network Operator not setting its version and blockingupgrade completion OCPBUGS-15481 - [CI Watcher] Broken pipeline-plugin e2e tests: PipelineResource CRD isn't installed anymore OCPBUGS-15512 - HCP Service Loadbalancer uses default SecurityGroup OCPBUGS-15515 - CI fails on TestAWSELBConnectionIdleTimeout OCPBUGS-15557 - TUI stuck on agent installer network boot setup OCPBUGS-15580 - updated nmstate builds will not work for MCO OCPBUGS-15585 - [4.13] Cannot fix a misconfigured Egress Firewall OCPBUGS-15586 - [4.13] NetworkPolicy not working as expected when allowing inbound traffic from any namespace OCPBUGS-15589 - Dynamic conversion webhook clientConfig not retained as operator installs OCPBUGS-15591 - GCP bootstrap VM should allow SecureBoot setting on 4.13 clustersOCPBUGS-15606 - Can't use git lfs in BuildConfig git source with strategy Docker OCPBUGS-15608 - [release-4.13] Clean up old RHEL9 dockerfiles to reduce confusion OCPBUGS-15720 - Helm Chart installation form hangs on create if JSON-schema is using 2019-09 or 2020-20 standard revisions OCPBUGS-15721 - Helm Chart installation form hangs on create if JSON-schema contains unknown value format OCPBUGS-15722 - Helm Chart installation screen fails to render if JSON schema contains remote $refs OCPBUGS-15734 - [4.13] binary should be compiled on RHEL9 OCPBUGS-15736 - TuneD reverts node level profiles on termination OCPBUGS-15738 - tuned daemonset rprivate default mount propagation with `hostPath: path: /` volumeMount breaks CSI driver relying on multipath OCPBUGS-15746 - Alibaba clusters are TechPreview and should not be upgradeable OCPBUGS-15756 - [release-4.13] Bump Jenkins and Jenkins Agent Base image versions OCPBUGS-15777 - ironic-agent-image PRs permafailing due to udevadm command missing OCPBUGS-15782 - [OSD] There is no error message shown on node label edit modal OCPBUGS-15787 - Project admins cannot see 'Pipelines' section in 'import from git' from RHOCP4 web console OCPBUGS-15808 - [4.13.x] Downstream OLM PSA plug-in is disabled OCPBUGS-15848 - The upgrade Helm Release tab in OpenShift GUIDeveloper console is not refreshing with updated values. OCPBUGS-15892 - 9% of OKD tests failing on error: tag latest failed: Internal error occurred: registry.centos.org/dotnet/dotnet-31-centos7:latest: Get "": dial tcp: lookup registry.centos.org on 172.30.0.10:53: no such host OCPBUGS-15962 - ovn-k8s-cni-overlay: /lib64/libc.so.6: version `GLIBC_2.34' not found on 4.12-to-4.13 OCPBUGS-15965 - Active Endpoint Connection blocks cluster uninstallation OCPBUGS-16084 - [4.13] OCP 4.14.0-ec.3 machine-api-controller pod crashing OCPBUGS-7762 - openshift-tests does not file Azure Disk zone topology 6.References: https://access.redhat.com/security/cve/CVE-2022-4304 https://access.redhat.com/security/cve/CVE-2022-4450 https://access.redhat.com/security/cve/CVE-2022-41717 https://access.redhat.com/security/cve/CVE-2022-41723 https://access.redhat.com/security/cve/CVE-2022-46663 https://access.redhat.com/security/cve/CVE-2023-0215 https://access.redhat.com/security/cve/CVE-2023-0361 https://access.redhat.com/security/cve/CVE-2023-0464 https://access.redhat.com/security/cve/CVE-2023-0465 https://access.redhat.com/security/cve/CVE-2023-0466 https://access.redhat.com/security/cve/CVE-2023-1255 https://access.redhat.com/security/cve/CVE-2023-1260 https://access.redhat.com/security/cve/CVE-2023-2253 https://access.redhat.com/security/cve/CVE-2023-2650 https://access.redhat.com/security/cve/CVE-2023-2700 https://access.redhat.com/security/cve/CVE-2023-3089 https://access.redhat.com/security/cve/CVE-2023-24329 https://access.redhat.com/security/cve/CVE-2023-24534 https://access.redhat.com/security/cve/CVE-2023-24536 https://access.redhat.com/security/cve/CVE-2023-24537 https://access.redhat.com/security/cve/CVE-2023-24538 https://access.redhat.com/security/cve/CVE-2023-24539 https://access.redhat.com/security/cve/CVE-2023-27561 https://access.redhat.com/security/cve/CVE-2023-29400 https://access.redhat.com/security/cve/CVE-2023-32067 https://access.redhat.com/security/updates/classification/#moderate https://docs.redhat.com/en/documentation/openshift_container_platform/4.13/html/release_notes/ocp-4-13-release-notes 7. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIcBAEBCAAGBQJkuYVOAAoJENzjgjWX9erExUgP/2/25PbUv77tHgYG+Oj5rmcT oTnu0LnBLOsDXYGOomnrE/UZFvWtQr8lGWpvkHpZjJjg7IZo4vN4mUhK+z7dM+3M zuyV++GHDF/zr1XxYf6xWWWNtdCTwWsUKcb6FB4J+WCiUJ8PSYFY3lbPcvAbTamP Hj1JHc3/NxYswwfwBcmK+E4DX4y0XImRdu5+vIXZdp5dpTBehchnSa+Mgjt7vdwi rHi7CdAsHDrPQhThlIRmc17cwsqiZS760xxpx9UNHvix5UQA9ns+OcUx/dLaGR9E dp41kCebze5st+wpBMCPoOZEvHJIMjC6ODFVb4mzRbhbAbWJS6GZl2V783v5RGrr FemE7DDKKt6QEjZhT61GXVS9EdWdFrNii5kmgEiUc/F6Md0fHrPcdt5yxK0dhPZb 3R/64vcMsHllsEStpg8s1aieAZbpmheylEKK+zf82Vz3nlBNX5kxi2IxCrl4nG6X KublzGkkKiNXS9rZqzPDRgtGAn5Qi01U9kUzVgdKGfMsyRnvAVDeZf/FUdOhCm7M h2Yt9M2cgPImRWatKkECpsAwcHbgGtsFL96/5z6CSOoXbqkB2xV6LVixsoa4ys76 cHsXRPJFDU97Y1I9h1kJbro/N8UdPZSicVdsWrLYadujBrhaPq5MoW+B1FpayaDh +AfFGtVd9LRp5sYROCuT =2EuA -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Jul 20, 2023
Red Hat
98
security advisoryRed HatcriticalRed Hat Advanced Cluster Management 2.5.9 Critical: Sandbox Escape Fix
Red Hat Advanced Cluster Management for Kubernetes 2.5.9 General Availability release images, which fix security issues and update container images. Red Hat Product Security has rated this update as having a security impact. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Critical: Red Hat Advanced Cluster Management 2.5.9 security fixes and container updates Advisory ID: RHSA-2023:3356-01 Product: Red Hat ACM Advisory URL: https://access.redhat.com/errata/RHSA-2023:3356 Issue date: 2023-05-30 CVE Names: CVE-2021-26341 CVE-2021-33655 CVE-2021-33656 CVE-2022-1462 CVE-2022-1679 CVE-2022-1789 CVE-2022-2196 CVE-2022-2663 CVE-2022-2795 CVE-2022-3028 CVE-2022-3204 CVE-2022-3239 CVE-2022-3522 CVE-2022-3524 CVE-2022-3564 CVE-2022-3566 CVE-2022-3567 CVE-2022-3619 CVE-2022-3623 CVE-2022-3625 CVE-2022-3627 CVE-2022-3628 CVE-2022-3707 CVE-2022-3970 CVE-2022-4129 CVE-2022-20141 CVE-2022-25265 CVE-2022-30594 CVE-2022-36227 CVE-2022-39188 CVE-2022-39189 CVE-2022-41218 CVE-2022-41674 CVE-2022-41973 CVE-2022-42703 CVE-2022-42720 CVE-2022-42721 CVE-2022-42722 CVE-2022-43750 CVE-2022-47929 CVE-2023-0394 CVE-2023-0461 CVE-2023-1195 CVE-2023-1582 CVE-2023-1999 CVE-2023-22490 CVE-2023-23454 CVE-2023-23946 CVE-2023-25652 CVE-2023-25815 CVE-2023-27535 CVE-2023-29007 CVE-2023-32313 CVE-2023-32314 ==================================================================== 1. Summary: Red Hat Advanced Cluster Management for Kubernetes 2.5.9 General Availability release images, which fix security issues and update container images. Red HatProduct Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section. 2. Description: Red Hat Advanced Cluster Management for Kubernetes 2.5.9 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single consoleâwith security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release: https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.5/html/release_notes/ Security fix(es): * CVE-2023-32314 vm2: Sandbox Escape * CVE-2023-32313 vm2: Inspect Manipulation 3. Solution: For Red Hat Advanced Cluster Management for Kubernetes, see the following documentation, which will be updated shortly for this release, for important instructions about installing this release: https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.5/html-single/install/index#installing 4. Bugs fixed (https://bugzilla.redhat.com/): 2208376 - CVE-2023-32314 vm2: Sandbox Escape 2208377 - CVE-2023-32313 vm2: Inspect Manipulation 5.References: https://access.redhat.com/security/cve/CVE-2021-26341 https://access.redhat.com/security/cve/CVE-2021-33655 https://access.redhat.com/security/cve/CVE-2021-33656 https://access.redhat.com/security/cve/CVE-2022-1462 https://access.redhat.com/security/cve/CVE-2022-1679 https://access.redhat.com/security/cve/CVE-2022-1789 https://access.redhat.com/security/cve/CVE-2022-2196 https://access.redhat.com/security/cve/CVE-2022-2663 https://access.redhat.com/security/cve/CVE-2022-2795 https://access.redhat.com/security/cve/CVE-2022-3028 https://access.redhat.com/security/cve/CVE-2022-3204 https://access.redhat.com/security/cve/CVE-2022-3239 https://access.redhat.com/security/cve/CVE-2022-3522 https://access.redhat.com/security/cve/CVE-2022-3524 https://access.redhat.com/security/cve/CVE-2022-3564 https://access.redhat.com/security/cve/CVE-2022-3566 https://access.redhat.com/security/cve/CVE-2022-3567 https://access.redhat.com/security/cve/CVE-2022-3619 https://access.redhat.com/security/cve/CVE-2022-3623 https://access.redhat.com/security/cve/CVE-2022-3625 https://access.redhat.com/security/cve/CVE-2022-3627 https://access.redhat.com/security/cve/CVE-2022-3628 https://access.redhat.com/security/cve/CVE-2022-3707 https://access.redhat.com/security/cve/CVE-2022-3970 https://access.redhat.com/security/cve/CVE-2022-4129 https://access.redhat.com/security/cve/CVE-2022-20141 https://access.redhat.com/security/cve/CVE-2022-25265 https://access.redhat.com/security/cve/CVE-2022-30594 https://access.redhat.com/security/cve/CVE-2022-36227 https://access.redhat.com/security/cve/CVE-2022-39188 https://access.redhat.com/security/cve/CVE-2022-39189 https://access.redhat.com/security/cve/CVE-2022-41218 https://access.redhat.com/security/cve/CVE-2022-41674 https://access.redhat.com/security/cve/CVE-2022-41973 https://access.redhat.com/security/cve/CVE-2022-42703 https://access.redhat.com/security/cve/CVE-2022-42720 https://access.redhat.com/security/cve/CVE-2022-42721 https://access.redhat.com/security/cve/CVE-2022-42722 https://access.redhat.com/security/cve/CVE-2022-43750 https://access.redhat.com/security/cve/CVE-2022-47929 https://access.redhat.com/security/cve/CVE-2023-0394 https://access.redhat.com/security/cve/CVE-2023-0461 https://access.redhat.com/security/cve/CVE-2023-1195 https://access.redhat.com/security/cve/CVE-2023-1582 https://access.redhat.com/security/cve/CVE-2023-1999 https://access.redhat.com/security/cve/CVE-2023-22490 https://access.redhat.com/security/cve/CVE-2023-23454 https://access.redhat.com/security/cve/CVE-2023-23946 https://access.redhat.com/security/cve/CVE-2023-25652 https://access.redhat.com/security/cve/CVE-2023-25815 https://access.redhat.com/security/cve/CVE-2023-27535 https://access.redhat.com/security/cve/CVE-2023-29007 https://access.redhat.com/security/cve/CVE-2023-32313 https://access.redhat.com/security/cve/CVE-2023-32314 https://access.redhat.com/security/updates/classification/#critical 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBZHsDMdzjgjWX9erEAQizYhAAgojSi/Dpw4kJE0u2IgcMVr+9lW8tikZV GccB3XSq3RVKsJ+iG+yAE+jDoaaRsWyvSQfR2oZ1Bvd9SzBJGeAehu1Dvstvvv2Z oW6zGDOxAXraxaxVxlM7l9oblu+HUSDyzwShhyTCbfHwJ7VZA7Q+0phzkEFuhdG0 r0SCN704hEykVNcsJrHu08GznGqzy4uMns2Zqy24ZAP36ASRU2Yf0kyDWYpd+YOl qnC8BLI88TtOBZ1R2JDF2PJhwtaj6A7Mdk53QL4yXU+GCK2Hf1YRfPnBHs/DxvvA LPlp96ECR8sbcBi4WLoWNlCVPjShesBkij03lbnD7SHL631ev4fPO4NEa3BZq8yK MxtfyUikpCzTpizu3sTVPEYrZOaPWth55dcuZLaxBhjlvQfyG8bi/0CSlEVdEs8d kKQK0F3fbzg813HCb+RWgkDugjzTDzF0WU3+Cnj9ljq5SAcbleCOxn2rPvUk9o5V eJ4VEGnkJB2Dh+ksttx5KA3QOs4RMj1d0nejIZ3O83aq692+5RRHejvjxBxvmjKL Ns02sdx0qsqFU+1oZShxFXeBtLWXrf4oTKVCj1VExT4Td5eCyOFAAYrOYww3kNTV zse4ZmCsb9uTx9vSmCD48o0IpCGW0umTXuE/q/zN8suDXbu+Hs3emO0pssWjcMMJ 4Xfns6sfgw4=gXAt -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Jun 03, 2023
•Critical
Red Hat
100
security advisoryimportant fixSUSE Linux EnterpriseSUSE: 2022:4147-1 Important: Kubevirt Stack Security Update
An update that contains security fixes can now be installed. . SUSE Security Update: Security update for kubevirt stack ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4147-1 Rating: important References: Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Module for Containers 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 openSUSE Leap Micro 5.3 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update provides rebuilds of the kubevirt containers with up to date base images, fixing various security issues. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.3: zypper in -t patch openSUSE-Leap-Micro-5.3-2022-4147=1 - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4147=1 - SUSE Linux Enterprise Module for Containers 15-SP4: zypper in -t patch SUSE-SLE-Module-Containers-15-SP4-2022-4147=1 - SUSE Linux Enterprise Micro 5.3: zypper in -t patch SUSE-SLE-Micro-5.3-2022-4147=1 Package List: - openSUSE Leap Micro 5.3 (x86_64): kubevirt-manifests-0.54.0-150400.3.7.1 kubevirt-virtctl-0.54.0-150400.3.7.1 kubevirt-virtctl-debuginfo-0.54.0-150400.3.7.1 - openSUSE Leap 15.4 (x86_64): kubevirt-container-disk-0.54.0-150400.3.7.1 kubevirt-container-disk-debuginfo-0.54.0-150400.3.7.1 kubevirt-manifests-0.54.0-150400.3.7.1 kubevirt-tests-0.54.0-150400.3.7.1 kubevirt-tests-debuginfo-0.54.0-150400.3.7.1 kubevirt-virt-api-0.54.0-150400.3.7.1 kubevirt-virt-api-debuginfo-0.54.0-150400.3.7.1 kubevirt-virt-controller-0.54.0-150400.3.7.1 kubevirt-virt-controller-debuginfo-0.54.0-150400.3.7.1 kubevirt-virt-handler-0.54.0-150400.3.7.1 kubevirt-virt-handler-debuginfo-0.54.0-150400.3.7.1 kubevirt-virt-launcher-0.54.0-150400.3.7.1 kubevirt-virt-launcher-debuginfo-0.54.0-150400.3.7.1 kubevirt-virt-operator-0.54.0-150400.3.7.1 kubevirt-virt-operator-debuginfo-0.54.0-150400.3.7.1 kubevirt-virtctl-0.54.0-150400.3.7.1 kubevirt-virtctl-debuginfo-0.54.0-150400.3.7.1 obs-service-kubevirt_containers_meta-0.54.0-150400.3.7.1 - SUSE Linux Enterprise Module for Containers 15-SP4 (x86_64): kubevirt-manifests-0.54.0-150400.3.7.1 kubevirt-virtctl-0.54.0-150400.3.7.1 kubevirt-virtctl-debuginfo-0.54.0-150400.3.7.1 - SUSE Linux Enterprise Micro 5.3 (x86_64): kubevirt-manifests-0.54.0-150400.3.7.1 kubevirt-virtctl-0.54.0-150400.3.7.1 kubevirt-virtctl-debuginfo-0.54.0-150400.3.7.1 References: . SUSE Security Release for kubevirt framework tackles significant issues and vulnerabilities affecting various distributions.. SUSE Linux Security,kubevirt update,container security fix,important security update. . Severity: Important. LinuxSecurity.com Team
Nov 21, 2022
•Important
SuSE
98
security advisorycommand injectionimportant updateRed Hat OpenStack 16.2: RHSA-2022-5673 Important Security Update
Red Hat OpenStack Platform 16.2 (Train) director operator containers, with several Important security fixes, are available for technology preview. 2. Description: Release osp-director-operator images. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: Release of containers for OSP 16.2.z director operator tech preview Advisory ID: RHSA-2022:5673-01 Product: Red Hat OpenStack Platform Advisory URL: https://access.redhat.com/errata/RHSA-2022:5673 Issue date: 2022-07-20 CVE Names: CVE-2021-3634 CVE-2021-3737 CVE-2021-4189 CVE-2021-40528 CVE-2021-41103 CVE-2021-43565 CVE-2022-1271 CVE-2022-1621 CVE-2022-1629 CVE-2022-22576 CVE-2022-25313 CVE-2022-25314 CVE-2022-26945 CVE-2022-27774 CVE-2022-27776 CVE-2022-27782 CVE-2022-29824 CVE-2022-30321 CVE-2022-30322 CVE-2022-30323 ==================================================================== 1. Summary: Red Hat OpenStack Platform 16.2 (Train) director operator containers, with several Important security fixes, are available for technology preview. 2. Description: Release osp-director-operator images Security Fix(es): * go-getter: unsafe download (issue 1 of 3) [Important] (CVE-2022-30321) * go-getter: unsafe download (issue 2 of 3) [Important] (CVE-2022-30322) * go-getter: unsafe download (issue 3 of 3) [Important] (CVE-2022-30323) * go-getter: command injection vulnerability [Important] (CVE-2022-26945) * golang.org/x/crypto: empty plaintext packet causes panic [Moderate] (CVE-2021-43565) * containerd: insufficiently restricted permissions on container root and plugin directories [Moderate] (CVE-2021-41103) 3. Solution: OSP 16.2 Release - OSP Director Operator Containers tech preview 4. Bugs fixed (https://bugzilla.redhat.com/): 2011007 - CVE-2021-41103 containerd:insufficiently restricted permissions on container root and plugin directories 2030787 - CVE-2021-43565 golang.org/x/crypto: empty plaintext packet causes panic 2092918 - CVE-2022-30321 go-getter: unsafe download (issue 1 of 3) 2092923 - CVE-2022-30322 go-getter: unsafe download (issue 2 of 3) 2092925 - CVE-2022-30323 go-getter: unsafe download (issue 3 of 3) 2092928 - CVE-2022-26945 go-getter: command injection vulnerability 5. References: https://access.redhat.com/security/cve/CVE-2021-3634 https://access.redhat.com/security/cve/CVE-2021-3737 https://access.redhat.com/security/cve/CVE-2021-4189 https://access.redhat.com/security/cve/CVE-2021-40528 https://access.redhat.com/security/cve/CVE-2021-41103 https://access.redhat.com/security/cve/CVE-2021-43565 https://access.redhat.com/security/cve/CVE-2022-1271 https://access.redhat.com/security/cve/CVE-2022-1621 https://access.redhat.com/security/cve/CVE-2022-1629 https://access.redhat.com/security/cve/CVE-2022-22576 https://access.redhat.com/security/cve/CVE-2022-25313 https://access.redhat.com/security/cve/CVE-2022-25314 https://access.redhat.com/security/cve/CVE-2022-26945 https://access.redhat.com/security/cve/CVE-2022-27774 https://access.redhat.com/security/cve/CVE-2022-27776 https://access.redhat.com/security/cve/CVE-2022-27782 https://access.redhat.com/security/cve/CVE-2022-29824 https://access.redhat.com/security/cve/CVE-2022-30321 https://access.redhat.com/security/cve/CVE-2022-30322 https://access.redhat.com/security/cve/CVE-2022-30323 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/errata/RHSA-2022:4991 https://access.redhat.com/containers 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBYtg1odzjgjWX9erEAQgLKhAAmNPdMhNGBxVdTDymf3EpM8xQcr25XWOR wfdum3Q4/Ji9/IQJ1NCv/5IsphsHgDaKlo9pY9BPzgeT4z90ga+5ldcXgqC9dk74 KVBUURmWxfbkg57E5dWHkMb9fxyRIpo0NiFlwLx5ynjIjO/WwWwFzz4YIiktDy1H AgGz1oZnX+hdZ+BpH2Ltx70cCyqvHgA+aOFXGHZNl8qQXQEjtCBN957XEo4c1hgp 6HBmK3GkcaL2Ml32/EM+2j4BLyz4hUK9Xfe171le0RcjkIND9BNzx2055dXov9uY eN52pn7pL8BvWU37b39wZx4EEyluYfnnlLaM9I+Y0t0NFhtA2H5Xk/hei1W3tzkP FdSR6gYIB1wwkBKu/qus4RqrtDEhYHOYXqIziEE+G0nF0ht1As7kLq7U05n7spOu 9mKht4iXLj17lzPHAXM5N9HF0/v3WuVNQf1DXOzb29BUF14fGFzXCWp/nIG+PpEt efmBklT4DAgLaibGwKyLZ7YOcfl/mQoQDCs3uPqpqeXf799cTtJFmC520ox/eaFx OFQ1ZNpDI/FKi1919hl2Ox5V7OxOZRIs/MPsLJ+HBtr9CmGMV2/rezeTEu+cD7Ts SFDt82MQeqSJuxjpa04odqcU6NZbccoF3c7sxn49Vvk6AAn6umXgJCR/Pnp9QPZT /jnfjsj7xYM=+5tE -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Jul 20, 2022
•Important
Red Hat
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!