Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 8 articles for you...
100
security advisorysystem updateSUSE LinuxSUSE: 2025:0252-1 important: kernel live patch fixes 34 issues
* bsc#1220145 * bsc#1220832 * bsc#1221302 * bsc#1222685 * bsc#1223059 . # Security update for the Linux Kernel (Live Patch 11 for SLE 15 SP5) Announcement ID: SUSE-SU-2025:0252-1 Release Date: 2025-01-27T13:03:54Z Rating: important References: * bsc#1220145 * bsc#1220832 * bsc#1221302 * bsc#1222685 * bsc#1223059 * bsc#1223363 * bsc#1223514 * bsc#1223521 * bsc#1223681 * bsc#1223683 * bsc#1225011 * bsc#1225012 * bsc#1225013 * bsc#1225099 * bsc#1225309 * bsc#1225310 * bsc#1225311 * bsc#1225312 * bsc#1225313 * bsc#1225429 * bsc#1225733 * bsc#1225739 * bsc#1225819 * bsc#1226324 * bsc#1226325 * bsc#1226327 * bsc#1227471 * bsc#1228573 * bsc#1228786 * bsc#1229273 * bsc#1229275 * bsc#1229553 * bsc#1232637 * bsc#1233712 Cross-References: * CVE-2021-47517 * CVE-2021-47598 * CVE-2022-48651 * CVE-2022-48662 * CVE-2022-48956 * CVE-2023-52502 * CVE-2023-52752 * CVE-2023-52846 * CVE-2023-6546 * CVE-2024-23307 * CVE-2024-26610 * CVE-2024-26828 * CVE-2024-26852 * CVE-2024-26923 * CVE-2024-26930 * CVE-2024-27398 * CVE-2024-35817 * CVE-2024-35861 * CVE-2024-35862 * CVE-2024-35863 * CVE-2024-35864 * CVE-2024-35867 * CVE-2024-35905 * CVE-2024-35949 * CVE-2024-35950 * CVE-2024-36899 * CVE-2024-36904 * CVE-2024-36964 * CVE-2024-36971 * CVE-2024-40954 * CVE-2024-41057 * CVE-2024-41059 * CVE-2024-43861 * CVE-2024-50264 CVSS scores: * CVE-2021-47517 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H * CVE-2021-47598 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2021-47598 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48651 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48662 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48662 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48956 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H *CVE-2022-48956 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-52502 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-52502 ( NVD ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2023-52752 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-52752 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-52846 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-52846 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-6546 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-6546 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-6546 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-23307 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-23307 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-23307 ( NVD ): 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26610 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H * CVE-2024-26610 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26828 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H * CVE-2024-26828 ( NVD ): 6.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H * CVE-2024-26852 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26852 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26923 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26930 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26930 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-27398 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35817 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35861 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35861 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H *CVE-2024-35862 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35862 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35863 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35863 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35864 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35864 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35867 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35867 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35905 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35905 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35949 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35950 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-36899 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-36899 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-36904 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-36964 ( SUSE ): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2024-36971 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-36971 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-40954 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-40954 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41057 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-41057 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41057 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41059 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-41059 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41059 ( NVD ): 7.1CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2024-43861 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-43861 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-50264 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-50264 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-50264 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Live Patching 15-SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves 34 vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.14.21-150500_55_52 fixes several issues. The following security issues were fixed: * CVE-2024-41057: cachefiles: fix slab-use-after-free in cachefiles_withdraw_cookie() (bsc#1229275). * CVE-2024-36971: Fixed __dst_negative_advice() race (bsc#1226324). * CVE-2024-50264: vsock/virtio: Initialization of the dangling pointer occurring in vsk-> trans (bsc#1233712). * CVE-2022-48956: ipv6: avoid use-after-free in ip6_fragment() (bsc#1232637). * CVE-2021-47517: Fix panic when interrupt coaleceing is set via ethtool (bsc#1225429). * CVE-2024-36904: tcp: Use refcount_inc_not_zero() in tcp_twsk_unique() (bsc#1225733). * CVE-2024-43861: Fix memory leak for not ip packets (bsc#1229553). * CVE-2024-35905: Fixed int overflow for stack access size (bsc#1226327). * CVE-2021-47598: sch_cake: do not call cake_destroy() from cake_init() (bsc#1227471). * CVE-2024-35949: btrfs: make sure that WRITTEN is set on all metadata blocks (bsc#1229273). * CVE-2024-35863: Fixed potential UAF in is_valid_oplock_break() (bsc#1225011). * CVE-2023-52752: smb: client: fix use-after-free bug in cifs_debug_data_proc_show() (bsc#1225819). * CVE-2024-35862: Fixed potential UAF in smb2_is_network_name_deleted() (bsc#1225311). * CVE-2024-35867: Fixed potential UAF in cifs_stats_proc_show() (bsc#1225012). * CVE-2024-35864: Fixed potential UAF in smb2_is_valid_lease_break() (bsc#1225309). * CVE-2024-35861: Fixed potential UAF in cifs_signal_cifsd_for_reconnect() (bsc#1225312). * CVE-2024-36899: gpiolib: cdev: Fix use after free in lineinfo_changed_notify (bsc#1231353). * CVE-2024-36899: gpiolib: cdev: Fix use after free in lineinfo_changed_notify (bsc#1225739). * CVE-2024-40954: net: do not leave a dangling sk pointer, when socket creation fails (bsc#1227808) * CVE-2024-41059: hfsplus: fix uninit-value in copy_name (bsc#1228573). * CVE-2024-36964: fs/9p: only translate RWX permissions for plain 9P2000 (bsc#1226325). * CVE-2023-52846: hsr: Prevent use after free in prp_create_tagged_frame() (bsc#1225099). * CVE-2022-48662: Fixed a general protection fault (GPF) in i915_perf_open_ioctl (bsc#1223521). * CVE-2024-35817: Set gtt bound flag in amdgpu_ttm_gart_bind (bsc#1225313). * CVE-2024-27398: Fixed use-after-free bugs caused by sco_sock_timeout (bsc#1225013). * CVE-2024-35950: drm/client: Fully protect modes with dev-> mode_config.mutex (bsc#1225310). * CVE-2024-26923: Fixed false-positive lockdep splat for spin_lock() in __unix_gc() (bsc#1223683). * CVE-2024-26930: Fixed double free of the ha-> vp_map pointer (bsc#1223681). * CVE-2024-26828: Fixed underflow in parse_server_interfaces() (bsc#1223363). * CVE-2024-23307: Fixed Integer Overflow or Wraparound vulnerability in x86 and ARM md, raid, raid5 modules (bsc#1220145). * CVE-2024-26852: Fixed use-after-free in ip6_route_mpath_notify() (bsc#1223059). * CVE-2024-26610: Fixed memory corruption in wifi/iwlwifi (bsc#1221302). * CVE-2022-48651: Fixed an out-of-bound bug in ipvlan caused by unset skb-> mac_header (bsc#1223514). * CVE-2023-52502: Fixed a racecondition in nfc_llcp_sock_get() and nfc_llcp_sock_get_sn() (bsc#1220832). * CVE-2023-6546: Fixed a race condition in the GSM 0710 tty multiplexor via the GSMIOC_SETCONF ioctl that could lead to local privilege escalation (bsc#1222685). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2025-252=1 * SUSE Linux Enterprise Live Patching 15-SP5 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2025-252=1 ## Package List: * openSUSE Leap 15.5 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP5_Update_11-debugsource-11-150500.11.6.1 * kernel-livepatch-5_14_21-150500_55_52-default-debuginfo-11-150500.11.6.1 * kernel-livepatch-5_14_21-150500_55_52-default-11-150500.11.6.1 * SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP5_Update_11-debugsource-11-150500.11.6.1 * kernel-livepatch-5_14_21-150500_55_52-default-debuginfo-11-150500.11.6.1 * kernel-livepatch-5_14_21-150500_55_52-default-11-150500.11.6.1 ## References: * https://www.suse.com/security/cve/CVE-2021-47517.html * https://www.suse.com/security/cve/CVE-2021-47598.html * https://www.suse.com/security/cve/CVE-2022-48651.html * https://www.suse.com/security/cve/CVE-2022-48662.html * https://www.suse.com/security/cve/CVE-2022-48956.html * https://www.suse.com/security/cve/CVE-2023-52502.html * https://www.suse.com/security/cve/CVE-2023-52752.html * https://www.suse.com/security/cve/CVE-2023-52846.html * https://www.suse.com/security/cve/CVE-2023-6546.html * https://www.suse.com/security/cve/CVE-2024-23307.html * https://www.suse.com/security/cve/CVE-2024-26610.html * https://www.suse.com/security/cve/CVE-2024-26828.html * https://www.suse.com/security/cve/CVE-2024-26852.html * https://www.suse.com/security/cve/CVE-2024-26923.html * https://www.suse.com/security/cve/CVE-2024-26930.html * https://www.suse.com/security/cve/CVE-2024-27398.html * https://www.suse.com/security/cve/CVE-2024-35817.html * https://www.suse.com/security/cve/CVE-2024-35861.html * https://www.suse.com/security/cve/CVE-2024-35862.html * https://www.suse.com/security/cve/CVE-2024-35863.html * https://www.suse.com/security/cve/CVE-2024-35864.html * https://www.suse.com/security/cve/CVE-2024-35867.html * https://www.suse.com/security/cve/CVE-2024-35905.html * https://www.suse.com/security/cve/CVE-2024-35949.html * https://www.suse.com/security/cve/CVE-2024-35950.html * https://www.suse.com/security/cve/CVE-2024-36899.html * https://www.suse.com/security/cve/CVE-2024-36904.html * https://www.suse.com/security/cve/CVE-2024-36964.html * https://www.suse.com/security/cve/CVE-2024-36971.html * https://www.suse.com/security/cve/CVE-2024-40954.html * https://www.suse.com/security/cve/CVE-2024-41057.html * https://www.suse.com/security/cve/CVE-2024-41059.html * https://www.suse.com/security/cve/CVE-2024-43861.html * https://www.suse.com/security/cve/CVE-2024-50264.html * https://bugzilla.suse.com/show_bug.cgi?id=1220145 * https://bugzilla.suse.com/show_bug.cgi?id=1220832 * https://bugzilla.suse.com/show_bug.cgi?id=1221302 * https://bugzilla.suse.com/show_bug.cgi?id=1222685 * https://bugzilla.suse.com/show_bug.cgi?id=1223059 * https://bugzilla.suse.com/show_bug.cgi?id=1223363 * https://bugzilla.suse.com/show_bug.cgi?id=1223514 * https://bugzilla.suse.com/show_bug.cgi?id=1223521 * https://bugzilla.suse.com/show_bug.cgi?id=1223681 * https://bugzilla.suse.com/show_bug.cgi?id=1223683 * https://bugzilla.suse.com/show_bug.cgi?id=1225011 * https://bugzilla.suse.com/show_bug.cgi?id=1225012 * https://bugzilla.suse.com/show_bug.cgi?id=1225013 * https://bugzilla.suse.com/show_bug.cgi?id=1225099 * https://bugzilla.suse.com/show_bug.cgi?id=1225309 * https://bugzilla.suse.com/show_bug.cgi?id=1225310 *https://bugzilla.suse.com/show_bug.cgi?id=1225311 * https://bugzilla.suse.com/show_bug.cgi?id=1225312 * https://bugzilla.suse.com/show_bug.cgi?id=1225313 * https://bugzilla.suse.com/show_bug.cgi?id=1225429 * https://bugzilla.suse.com/show_bug.cgi?id=1225733 * https://bugzilla.suse.com/show_bug.cgi?id=1225739 * https://bugzilla.suse.com/show_bug.cgi?id=1225819 * https://bugzilla.suse.com/show_bug.cgi?id=1226324 * https://bugzilla.suse.com/show_bug.cgi?id=1226325 * https://bugzilla.suse.com/show_bug.cgi?id=1226327 * https://bugzilla.suse.com/show_bug.cgi?id=1227471 * https://bugzilla.suse.com/show_bug.cgi?id=1228573 * https://bugzilla.suse.com/show_bug.cgi?id=1228786 * https://bugzilla.suse.com/show_bug.cgi?id=1229273 * https://bugzilla.suse.com/show_bug.cgi?id=1229275 * https://bugzilla.suse.com/show_bug.cgi?id=1229553 * https://bugzilla.suse.com/show_bug.cgi?id=1232637 * https://bugzilla.suse.com/show_bug.cgi?id=1233712 . SUSE Linux Kernel Live Patch 11 has released an essential security update that rectifies 34 high-priority vulnerabilities, enhancing overall system integrity and protection.. SUSE Linux Kernel, Important Security Fix, Live Patch Update, System Vulnerabilities, Patch Management. . Severity: Important. LinuxSecurity.com Team
Jan 27, 2025
•Important
SuSE
202
security advisorykernel patchopenSUSEopenSUSE 15.4: 2024:4265-1 important: Kernel Live Patching Advisory
An update that solves two vulnerabilities can now be installed.. # Security update for the Linux Kernel (Live Patch 21 for SLE 15 SP4) Announcement ID: SUSE-SU-2024:4265-1 Release Date: 2024-12-09T10:04:37Z Rating: important References: * bsc#1225733 * bsc#1229553 Cross-References: * CVE-2024-36904 * CVE-2024-43861 CVSS scores: * CVE-2024-36904 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-43861 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-43861 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 An update that solves two vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.14.21-150400_24_100 fixes several issues. The following security issues were fixed: * CVE-2024-36904: tcp: Use refcount_inc_not_zero() in tcp_twsk_unique() (bsc#1225733). * CVE-2024-43861: Fix memory leak for not ip packets (bsc#1229553). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2024-4265=1 * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2024-4265=1 ## Package List: * openSUSE Leap 15.4 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150400_24_100-default-14-150400.2.1 * kernel-livepatch-5_14_21-150400_24_100-default-debuginfo-14-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_21-debugsource-14-150400.2.1 * SUSE Linux Enterprise LivePatching 15-SP4 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150400_24_100-default-14-150400.2.1 * kernel-livepatch-5_14_21-150400_24_100-default-debuginfo-14-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_21-debugsource-14-150400.2.1 ## References: * https://www.suse.com/security/cve/CVE-2024-36904.html * https://www.suse.com/security/cve/CVE-2024-43861.html * https://bugzilla.suse.com/show_bug.cgi?id=1225733 * https://bugzilla.suse.com/show_bug.cgi?id=1229553 . Security enhancements for the Linux Kernel resolve critical vulnerabilities in openSUSE and SUSE Enterprise, including comprehensive guidelines for patch deployment.. Linux Kernel Patch, SUSE Security Update, Live Patch Installation. . Severity: Important. LinuxSecurity.com Team
Dec 09, 2024
•Important
OpenSUSE
217
security advisorysecurity updatesoftware patchOracle Linux 9 ELSA-2024-1908 Critical: Firefox Security Update
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2024-1908 http://linux.oracle.com/errata/ELSA-2024-1908.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: firefox-115.10.0-1.0.1.el9_3.x86_64.rpm firefox-x11-115.10.0-1.0.1.el9_3.x86_64.rpm aarch64: firefox-115.10.0-1.0.1.el9_3.aarch64.rpm firefox-x11-115.10.0-1.0.1.el9_3.aarch64.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates//firefox-115.10.0-1.0.1.el9_3.src.rpm Related CVEs: CVE-2024-2609 CVE-2024-3852 CVE-2024-3854 CVE-2024-3857 CVE-2024-3859 CVE-2024-3861 CVE-2024-3864 Description of changes: [115.10.0-1.0.1] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [115.10.0-1] - Update to 115.10.0 build1 _______________________________________________ El-errata mailing list
Apr 22, 2024
•Critical
Oracle
100
security advisorysecurity updateDoSSUSE 12-SP5: SUSE-SU-2022:0469-1 Important: Xen Security Threats
An update that fixes three vulnerabilities is now available. . SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0469-1 Rating: important References: #1194576 #1194581 #1194588 Cross-References: CVE-2022-23033 CVE-2022-23034 CVE-2022-23035 CVSS scores: CVE-2022-23033 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-23034 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-23034 (SUSE): 4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-23035 (NVD) : 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-23035 (SUSE): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for xen fixes the following issues: - CVE-2022-23033: Fixed guest_physmap_remove_page not removing the p2m mappings. (XSA-393) (bsc#1194576) - CVE-2022-23034: Fixed possible DoS by a PV guest Xen while unmapping a grant. (XSA-394) (bsc#1194581) - CVE-2022-23035: Fixed insufficient cleanup of passed-through device IRQs. (XSA-395) (bsc#1194588) Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patchSUSE-SLE-SDK-12-SP5-2022-469=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-469=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 x86_64): xen-debugsource-4.12.4_18-3.58.2 xen-devel-4.12.4_18-3.58.2 - SUSE Linux Enterprise Server 12-SP5 (x86_64): xen-4.12.4_18-3.58.2 xen-debugsource-4.12.4_18-3.58.2 xen-doc-html-4.12.4_18-3.58.2 xen-libs-32bit-4.12.4_18-3.58.2 xen-libs-4.12.4_18-3.58.2 xen-libs-debuginfo-32bit-4.12.4_18-3.58.2 xen-libs-debuginfo-4.12.4_18-3.58.2 xen-tools-4.12.4_18-3.58.2 xen-tools-debuginfo-4.12.4_18-3.58.2 xen-tools-domU-4.12.4_18-3.58.2 xen-tools-domU-debuginfo-4.12.4_18-3.58.2 References: https://www.suse.com/security/cve/CVE-2022-23033.html https://www.suse.com/security/cve/CVE-2022-23034.html https://www.suse.com/security/cve/CVE-2022-23035.html https://bugzilla.suse.com/1194576 https://bugzilla.suse.com/1194581 https://bugzilla.suse.com/1194588 . SUSE Security Patch addresses significant vulnerabilities in the xen component, classified with both critical and moderate levels of severity. A system reboot is necessary post-installation.. SUSE Linux Update,xen security patch,DoS issues,fixed vulnerabilities. . Severity: Important. LinuxSecurity.com Team
Feb 17, 2022
•Important
SuSE
217
security advisorykernel updatesecurity fixOracle Linux 8 ELSA-2022-9141 Critical: Kernel Update for Important Issues
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2022-9141 https://linux.oracle.com/errata/ELSA-2022-9141.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: kernel-uek-5.4.17-2136.302.7.2.3.el8uek.x86_64.rpm kernel-uek-debug-5.4.17-2136.302.7.2.3.el8uek.x86_64.rpm kernel-uek-debug-devel-5.4.17-2136.302.7.2.3.el8uek.x86_64.rpm kernel-uek-devel-5.4.17-2136.302.7.2.3.el8uek.x86_64.rpm kernel-uek-doc-5.4.17-2136.302.7.2.3.el8uek.noarch.rpm SRPMS: https://oss.oracle.com:443/ol8/SRPMS-updates/kernel-uek-5.4.17-2136.302.7.2.3.el8uek.src.rpm Related CVEs: CVE-2022-0492 Description of changes: [5.4.17-2136.302.7.2.3.el8uek] - cgroup-v1: Require capabilities to set release_agent (Eric W. Biederman) [Orabug: 33832574] {CVE-2022-0492} _______________________________________________ El-errata mailing list
Feb 09, 2022
•Critical
Oracle
202
security advisorysecurity updateimportant issuesopenSUSE Leap 15.3: 2021:4063-1 Important: icu.691 Security Fix
An update that contains security fixes and contains one feature can now be installed. . openSUSE Security Update: Security update for icu.691 ______________________________________________________________________________ Announcement ID: openSUSE-SU-2021:4063-1 Rating: important References: #1158955 #1159131 #1161007 #1162882 #1167603 #1182252 #1182645 SLE-17893 Affected Products: openSUSE Leap 15.3 ______________________________________________________________________________ An update that contains security fixes and contains one feature can now be installed. Description: This update for icu.691 fixes the following issues: - Renamed package from icu 69.1 for SUSE:SLE-15-SP3:Update. (jsc#SLE-17893) - Fix undefined behaviour in 'ComplexUnitsConverter::applyRounder' - Update to release 69.1 - For Norwegian, "no" is back to being the canonical code, with "nb" treated as equivalent. This aligns handling of Norwegian with other macro language codes. - Binary prefixes in measurement units (KiB, MiB, etc.) - Time zone offsets from local time with new APIs. - Don't disable testsuite under 'qemu-linux-user' - Fixed an issue when ICU test on 'aarch64 fails. (bsc#1182645) - Drop 'SUSE_ASNEEDED' as the issue was in binutils. (bsc#1182252) - Fix 'pthread' dependency issue. (bsc#1182252) - Update to release 68.2 - Fix memory problem in 'FormattedStringBuilder' - Fix assertion when 'setKeywordValue w/' long value. - Fix UBSan breakage on 8bit of rbbi - fix int32_t overflow in listFormat - Fix memory handling in MemoryPool::operator=() - Fix memory leak in AliasReplacer - Add back icu.keyring. - Update to release 68.1 - PluralRules selection for ranges of numbers - Locale ID canonicalization now conforms to the CLDR spec including edge cases - DateIntervalFormat supports output options such as capitalization - Measurementunits are normalized in skeleton string output - Time zone data (tzdata) version 2020d - Add the provides for libicu to Make .Net core can install successfully. (bsc#1167603, bsc#1161007) - Update to version 67.1 - Unicode 13 (ICU-20893, same as in ICU 66) - Total of 5930 new characters - 4 new scripts - 55 new emoji characters, plus additional new sequences - New CJK extension, first characters in plane 3: U+30000..U+3134A - New language at Modern coverage: Nigerian Pidgin - New languages at Basic coverage: Fulah (Adlam), Maithili, Manipuri, Santali, Sindhi (Devanagari), Sundanese - Region containment: EU no longer includes GB - Unicode 13 root collation data and Chinese data for collation and transliteration - DateTimePatternGenerator now obeys the "hc" preference in the locale identifier - Various other improvements for ECMA-402 conformance - Number skeletons have a new "concise" form that can be used in MessageFormat strings - Currency formatting options for formal and other currency display name variants - ListFormatter: new public API to select the style & type - ListFormatter now selects the proper ???and???/???or??? form for Spanish & Hebrew. - Locale ID canonicalization upgraded to implement the complete CLDR spec. - LocaleMatcher: New option to ignore one-way matches - acceptLanguage() reimplemented via LocaleMatcher - Data build tool: tzdbNames.res moved from the "zone_tree" category to the "zone_supplemental" category - Fixed uses of u8"literals" broken by the C++20 introduction of the incompatible char8_t type - and added a few API overloads to reduce the need for reinterpret_cast. - Support for manipulating CLDR 37 unit identifiers in MeasureUnit. - Drop icu-versioning. (bsc#1159131) - Update to version 66.1 - Unicode 13 support - Fix uses of u8"literals" broken by C++20introduction of incompatible char8_t type. - Fixed an issue when Qt apps can't handle non-ASCII filesystem path. ([bsc#1162882) - Remove '/usr/lib(64)/icu/current'. (bsc#1158955) Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2021-4063=1 Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): icu.691-69.1-7.3.2 icu.691-debuginfo-69.1-7.3.2 icu.691-debugsource-69.1-7.3.2 icu.691-devel-69.1-7.3.2 icu.691-doc-69.1-7.3.2 libicu69-69.1-7.3.2 libicu69-debuginfo-69.1-7.3.2 - openSUSE Leap 15.3 (noarch): libicu69-bedata-69.1-7.3.2 libicu69-ledata-69.1-7.3.2 References: https://bugzilla.suse.com/1158955 https://bugzilla.suse.com/1159131 https://bugzilla.suse.com/1161007 https://bugzilla.suse.com/1162882 https://bugzilla.suse.com/1167603 https://bugzilla.suse.com/1182252 https://bugzilla.suse.com/1182645 . This critical Fedora update upgrades libpng.123 with improvements and additional capabilities, maintaining system reliability and efficiency.. openSUSE Updates, icu Security Fixes, Linux Patch Management. . Severity: Important. LinuxSecurity.com Team
Dec 14, 2021
•Important
OpenSUSE
217
security advisorysecurity issuekernel updateOracle Linux 8: ELSA-2021-9487 Critical: Kernel Security Update
The following updated rpms for Oracle Linux 8 have been uploaded to the Unb= reakable Linux Network: . Oracle Linux Security Advisory ELSA-2021-9487 https://linux.oracle.com/errata/ELSA-2021-9487.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: kernel-uek-container-5.4.17-2136.300.7.el8.x86_64.rpm kernel-uek-container-debug-5.4.17-2136.300.7.el8.x86_64.rpm SRPMS: https://oss.oracle.com:443/ol8/SRPMS-updates/kernel-uek-container-5.4.17-2136.300.7.el8.src.rpm Related CVEs: CVE-2017-6074 CVE-2020-16119 Description of changes: [5.4.17-2136.300.7.el8] - KVM: SVM: Fix mismerge in svm_update_pi_irte() (Liam Merwick) [Orabug: 33446526] - Revert "KVM: x86: hyperv: Remove duplicate definitions of Reference TSC Page" (Liam Merwick) [Orabug: 33450675] [5.4.17-2136.300.6.el8] - Revert "scsi: core: Cap scsi_host cmd_per_lun at can_queue" (Jack Vogel) [Orabug: 33441404] [5.4.17-2136.300.5.el8] - dccp: don't duplicate ccid when cloning dccp sock (Lin, Zhenpeng) [Orabug: 33408808] {CVE-2017-6074} {CVE-2020-16119} - block: workaround to avoid self-deadlock in del_gendisk (Junxiao Bi) [Orabug: 33396355] - uek-rpm: add ofb.ko and crypto_user.ko modules to nano kernel (Somasundaram Krishnasamy) [Orabug: 31895743] [5.4.17-2136.300.4.el8] - Reintroduce: certs: Add EFI_CERT_X509_GUID support for dbx entries (Konrad Rzeszutek Wilk) [Orabug: 33382994] - bnxt_en: Update the driver version string (Jack Vogel) [Orabug: 33392416] [5.4.17-2136.300.3.el8] - net: bonding: add new option arp_allslaves for arp_ip_target (Venkat Venkatsubra) [Orabug: 33379543] - KVM: X86: MMU: Use the correct inherited permissions to get shadow page (Lai Jiangshan) [Orabug: 33359297] {CVE-2021-38198} - KVM: x86: adjust SEV for commit 7e8e6eed75e (Paolo Bonzini) [Orabug: 33375655] - net/mlx5: Implement Oracle-only solution for mlx device names (Mikhael Goikhman) [Orabug: 33247746] [5.4.17-2136.300.2.el8] - btrfs: fix NULL pointer dereference when deleting device byinvalid id (Qu Wenruo) [Orabug: 33365609] {CVE-2021-3739} - Revert "uek-rpm: mark /etc/ld.so.conf.d/ files as %config" (aloktiw) [Orabug: 33359669] - bpf: provide BPF Type Format (BTF) info for kernel (Alan Maguire) [Orabug: 33331233] - perf/x86/amd: Don't touch the AMD64_EVENTSEL_HOSTONLY bit inside the guest (Like Xu) [Orabug: 33194216] - IB/core: Read subnet_prefix in ib_query_port via cache. (Anand Khoje) [Orabug: 33283556] - IB/core: Shifting initialization of device-> cache_lock (Anand Khoje) [Orabug: 33283556] - IB/core: Updating cache for subnet_prefix in config_non_roce_gid_cache() (Anand Khoje) [Orabug: 33283556] - IB/core: Shuffle locks in ib_port_data to save memory (Anand Khoje) [Orabug: 33283556] - IB/core: Removed port validity check from ib_get_cached_subnet_prefix (Anand Khoje) [Orabug: 33283556] - xen: delay xen_hvm_init_time_ops() if kdump is boot on vcpu> =3D32 (Dongli Zhang) [Orabug: 33106728] [5.4.17-2136.300.1.el8] - net: qrtr: fix another OOB Read in qrtr_endpoint_post (Xiaolong Huang) [Orabug: 33336805] {CVE-2021-3743} - ext4: fix race writing to an inline_data file while its xattrs are changing (Theodore Ts'o) [Orabug: 33336785] {CVE-2021-40490} - net/mlx5: E-Switch, Fix vlan or qos setting in legacy mode (Vu Pham) [Orabug: 33291040] - rds: ib: Set SEND_SIGNALED on the last WR posted (H=E5kon Bugge) [Orabug: 33331710] - RDMA/cma: Revert INIT-INIT patch (Mike Marciniszyn) [Orabug: 33331640] - usb: hso: fix error handling code of hso_create_net_device (Dongliang Mu) [Orabug: 33329086] {CVE-2021-37159} - hso: fix bailout in error case of probe (Oliver Neukum) [Orabug: 33329086] {CVE-2021-37159} - uek-rpm: Set DEFAULTKERNEL in /etc/sysconfig/kernel correctly (Dave Kleikamp) [Orabug: 33219604] - RDMA/mlx5: Fix crash when unbind multiport slave (Maor Gottlieb) [Orabug: 33303425] - net/mlx5: Don't overwrite HCA capabilities when setting MSI-X count (Leon Romanovsky) [Orabug: 33220810] - net/mlx5: Implement sriov_get_vf_total_msix/count() callbacks (Leon Romanovsky) [Orabug: 33220810] - net/mlx5: Dynamically assign MSI-X vectors count (Leon Romanovsky) [Orabug: 33220810] - net/mlx5: Add dynamic MSI-X capabilities bits (Leon Romanovsky) [Orabug: 33220810] - PCI/IOV: Add sysfs MSI-X vector assignment interface (Leon Romanovsky) [Orabug: 33220810] - net/mlx5: Check that driver was probed prior attaching the device (Leon Romanovsky) [Orabug: 33286656] [5.4.17-2136.300.0.el8] - misc/pvpanic: fix set driver data (Mihai Carabas) [Orabug: 33290806] - btrfs: fix race between marking inode needs to be logged and log syncing (Filipe Manana) [Orabug: 33265208] - vdpa/mlx5: fix feature negotiation across device reset (Si-Wei Liu) [Orabug: 33247045] - net/mlx5: E-switch, When eswitch is unsupported, return -EOPNOTSUPP (Parav Pandit) [Orabug: 33241452] - xen-acpi-processor: fix coordination type mismatch (Elena Ufimtseva) [Orabug: 33214673] - net/mlx5: E-switch, Use eswitch total_vports (Parav Pandit) [Orabug: 33213269] - net/mlx5: E-switch, Reuse total_vports and avoid duplicate nvports (Parav Pandit) [Orabug: 33213269] - net/mlx5: E-switch, Consider maximum vf vports for steering init (Parav Pandit) [Orabug: 33213269] - RDMA/mlx5: Fix NULL pointer dereference in destroy_prefetch_work (Maor Gottlieb) [Orabug: 33303297] - rds: fix statistics counters and check for memory leak (Hans Westgaard Ry) [Orabug: 31372378] - KVM: X86: Micro-optimize IPI fastpath delay (Wanpeng Li) [Orabug: 33119431] - net/mlx5_core: Restore driver version (Roy Novich) [Orabug: 33112151] - RDMA/umem: Use ib_dma_max_seg_size instead of dma_get_max_seg_size (Christoph Hellwig) [Orabug: 33107202] - lib/scatterlist: Do not limit max_segment to PAGE_ALIGNED values (Jason Gunthorpe) [Orabug: 33107202] - uek-rpm: update kABI lists for new symbols (Saeed Mirzamohammadi) [Orabug: 33246580] - rdmaip: trace message buffer size too small for rdmaip debug tracepoints (Alan Maguire) [Orabug: 33267573] - driver core: auxiliary bus: Fix memory leak when driver_register() fail (Peter Ujfalusi) [Orabug:32461425] - driver core: auxiliary bus: Remove unneeded module bits (Dave Jiang) [Orabug: 32461425] - driver core: auxiliary bus: Fix calling stage for auxiliary bus init (Dave Jiang) [Orabug: 32461425] - driver core: auxiliary bus: Fix auxiliary bus shutdown null auxdrv ptr (Dave Jiang) [Orabug: 32461425] - bnxt_en: Use register window 6 instead of 5 to read the PHC (Michael Chan) [Orabug: 33181761] - bnxt_en: Update firmware call to retrieve TX PTP timestamp (Michael Chan) [Orabug: 33181761] - bnxt_en: Update firmware interface to 1.10.2.52 (Michael Chan) [Orabug: 33181761] [5.4.17-2122.305.7.el8] - ice: implement device flash update via devlink (Jacob Keller) [Orabug: 33236075] - ice: add board identifier info to devlink .info_get (Jacob Keller) [Orabug: 33236075] - ice: add basic handler for devlink .info_get (Jacob Keller) [Orabug: 33236075] - ice: enable initial devlink support (Jacob Keller) [Orabug: 33236075] - bitops: introduce the for_each_set_clump8 macro (William Breathitt Gray) [Orabug: 33236075] - Add pldmfw library for PLDM firmware update (Jacob Keller) [Orabug: 33236075] - devlink: expand the devlink-info documentation (Jakub Kicinski) [Orabug: 33236075] - devlink: promote "fw.bundle_id" to a generic info version (Jacob Keller) [Orabug: 33236075] - devlink: remove trigger command from devlink-region.rst (Jacob Keller) [Orabug: 33236075] - devlink: add trap metadata type for cookie (Jiri Pirko) [Orabug: 33236075] - devlink: add ACL generic packet traps (Jiri Pirko) [Orabug: 33236075] - devlink: Force enclosing array on binary fmsg data (Aya Levin) [Orabug: 33236075] - devlink: document devlink info versions reported by bnxt_en driver (Vasundhara Volam) [Orabug: 33236075] - devlink: add macro for "fw.roce" (Vasundhara Volam) [Orabug: 33236075] - devlink: Add health recover notifications on devlink flows (Moshe Shemesh) [Orabug: 33236075] - devlink: Add overlay source MAC is multicast trap (Amit Cohen) [Orabug: 33236075] - devlink: Add tunnel generic packet traps (Amit Cohen) [Orabug: 33236075] - devlink: Add non-routable packet trap (Amit Cohen) [Orabug: 33236075] - devlink: fix typos in qed documentation (Jacob Keller) [Orabug: 33236075] - devlink: correct misspelling of snapshot (Jacob Keller) [Orabug: 33236075] - devlink: document region snapshot triggering from userspace (Jacob Keller) [Orabug: 33236075] - devlink: introduce devlink-dpipe.rst documentation file (Jacob Keller) [Orabug: 33236075] - devlink: add a devlink-resource.rst documentation file (Jacob Keller) [Orabug: 33236075] - devlink: rename and expand devlink-trap-netdevsim.rst (Jacob Keller) [Orabug: 33236075] - devlink: add documentation for ionic device driver (Jacob Keller) [Orabug: 33236075] - devlink: add a file documenting devlink regions (Jacob Keller) [Orabug: 33236075] - devlink: add a driver-specific file for the qed driver (Jacob Keller) [Orabug: 33236075] - devlink: add parameter documentation for the mlx4 driver (Jacob Keller) [Orabug: 33236075] - devlink: document info versions for each driver (Jacob Keller) [Orabug: 33236075] - devlink: convert driver-specific files to reStructuredText (Jacob Keller) [Orabug: 33236075] - devlink: mention reloading in devlink-params.rst (Jacob Keller) [Orabug: 33236075] - devlink: add documentation for generic devlink parameters (Jacob Keller) [Orabug: 33236075] - devlink: convert devlink-params.txt to reStructuredText (Jacob Keller) [Orabug: 33236075] - devlink: rename devlink-info-versions.rst and add a header (Jacob Keller) [Orabug: 33236075] - devlink: convert devlink-health.txt to rst format (Jacob Keller) [Orabug: 33236075] - devlink: move devlink documentation to subfolder (Jacob Keller) [Orabug: 33236075] - devlink: add macro for "fw.psid" (Jacob Keller) [Orabug: 33236075] - devlink: add devink notification when reporter update health state (Vikas Gupta) [Orabug: 33236075] - rds_rdma: add missing rds_ib_cm_handle_connect tracepoint (Alan Maguire) [Orabug: 33243559] _______________________________________________ El-errata mailinglist
Oct 14, 2021
•Critical
Oracle
100
security advisorysoftware updatesecurity fixSUSE: 2021:281-1 Important: Security Update For SUSE-Container SLE15
The container suse/sle15 was updated. The following patches have been included in this update:. SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:281-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.8.2.961 Container Release : 8.2.961 Severity : important Type : security References : 1029961 1040589 1047218 1047218 1099521 1106014 1154935 1157818 1158812 1158958 1158959 1158960 1159491 1159715 1159847 1159850 1160309 1160438 1160439 1161268 1164719 1167471 1172091 1172115 1172234 1172236 1172240 1172308 1173641 1175448 1175449 1178561 1178577 1178624 1178675 1182016 1182604 1184326 1184399 1184761 1184967 1184994 1184997 1185046 1185221 1185325 1185331 1185540 1185807 1185958 1186015 1186049 1186447 1186503 1186579 1186642 1186791 1187060 1187210 1187212 1187292 1187400 1188063 1188217 1188218 1188219 1188220 928700 928701 CVE-2015-3414 CVE-2015-3415 CVE-2019-19244 CVE-2019-19317 CVE-2019-19603 CVE-2019-19645 CVE-2019-19646 CVE-2019-19880 CVE-2019-19923 CVE-2019-19924 CVE-2019-19925 CVE-2019-19926 CVE-2019-19959 CVE-2019-20218 CVE-2020-13434 CVE-2020-13435 CVE-2020-13630 CVE-2020-13631 CVE-2020-13632 CVE-2020-15358 CVE-2020-24370 CVE-2020-24371 CVE-2020-9327 CVE-2021-22922 CVE-2021-22923 CVE-2021-22924 CVE-2021-22925 CVE-2021-33560 CVE-2021-33910 CVE-2021-3541 CVE-2021-3580 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID:SUSE-RU-2021:1861-1 Released: Fri Jun 4 09:59:40 2021 Summary: Recommended update for gcc10 Type: recommended Severity: moderate References: 1029961,1106014,1178577,1178624,1178675,1182016 This update for gcc10 fixes the following issues: - Disable nvptx offloading for aarch64 again since it doesn't work - Fixed a build failure issue. (bsc#1182016) - Fix for memory miscompilation on 'aarch64'. (bsc#1178624, bsc#1178577) - Fix 32bit 'libgnat.so' link. (bsc#1178675) - prepare usrmerge: Install libgcc_s into %_libdir. ABI wise it stays /%lib. (bsc#1029961) - Build complete set of multilibs for arm-none target. (bsc#1106014) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1879-1 Released: Tue Jun 8 09:16:09 2021 Summary: Recommended update for libzypp, zypper Type: recommended Severity: important References: 1184326,1184399,1184997,1185325 This update for libzypp, zypper fixes the following issues: libzypp was updated to 17.26.0: - Work around download.o.o broken https redirects. - Allow trusted repos to add additional signing keys (bsc#1184326) Repositories signed with a trusted gpg key may import additional package signing keys. This is needed if different keys were used to sign the the packages shipped by the repository. - MediaCurl: Fix logging of redirects. - Use 15.3 resolver problem and solution texts on all distros. - $ZYPP_LOCK_TIMEOUT: Let negative values wait forever for the zypp lock (bsc#1184399) Helps boot time services like 'zypper purge-kernels' to wait for the zypp lock until other services using zypper have completed. - Fix purge-kernels is broken in Leap 15.3 (bsc#1185325) Leap 15.3 introduces a new kernel package called kernel-flavour-extra, which contain kmp's. Currently kmp's are detected by name '.*-kmp(-.*)?' but this does not work which those new packages. This patch fixes the problem by checking packages for kmod(*) and ksym(*) provides and only falls back to name checking if thepackage in question does not provide one of those. - Introduce zypp-runpurge, a tool to run purge-kernels on testcases. zypper was updated to 1.14.45: - Fix service detection with cgroupv2 (bsc#1184997) - Add hints to 'trust GPG key' prompt. - Add report when receiving new package signing keys from a trusted repo (bsc#1184326) - Added translation using Weblate (Kabyle) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1917-1 Released: Wed Jun 9 14:48:05 2021 Summary: Security update for libxml2 Type: security Severity: moderate References: 1186015,CVE-2021-3541 This update for libxml2 fixes the following issues: - CVE-2021-3541: Fixed exponential entity expansion attack bypasses all existing protection mechanisms. (bsc#1186015) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1937-1 Released: Thu Jun 10 10:47:09 2021 Summary: Recommended update for nghttp2 Type: recommended Severity: moderate References: 1186642 This update for nghttp2 fixes the following issue: - The (lib)nghttp2 packages had a lower release number in SUSE Linux Enterprise 15 sp2 and sp3 than in 15 sp1, which could lead to migration issues. (bsc#1186642) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1953-1 Released: Thu Jun 10 16:18:50 2021 Summary: Recommended update for gpg2 Type: recommended Severity: moderate References: 1161268,1172308 This update for gpg2 fixes the following issues: - Fixed an issue where the gpg-agent's ssh-agent does not handle flags in signing requests properly (bsc#1161268 and bsc#1172308). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2143-1 Released: Wed Jun 23 16:27:04 2021 Summary: Security update for libnettle Type: security Severity: important References: 1187060,CVE-2021-3580 This update for libnettle fixes the following issues: -CVE-2021-3580: Fixed a remote denial of service in the RSA decryption via manipulated ciphertext (bsc#1187060). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2157-1 Released: Thu Jun 24 15:40:14 2021 Summary: Security update for libgcrypt Type: security Severity: important References: 1187212,CVE-2021-33560 This update for libgcrypt fixes the following issues: - CVE-2021-33560: Fixed a side-channel against ElGamal encryption, caused by missing exponent blinding (bsc#1187212). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2173-1 Released: Mon Jun 28 14:59:45 2021 Summary: Recommended update for automake Type: recommended Severity: moderate References: 1040589,1047218,1182604,1185540,1186049 This update for automake fixes the following issues: - Implement generated autoconf makefiles reproducible (bsc#1182604) - Add fix to avoid date variations in docs. (bsc#1047218, jsc#SLE-17848) - Avoid bashisms in test-driver script. (bsc#1185540) This update for pcre fixes the following issues: - Do not run profiling 'check' in parallel to make package build reproducible. (bsc#1040589) This update for brp-check-suse fixes the following issues: - Add fixes to support reproducible builds. (bsc#1186049) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2191-1 Released: Mon Jun 28 18:38:13 2021 Summary: Recommended update for patterns-microos Type: recommended Severity: moderate References: 1186791 This update for patterns-microos provides the following fix: - Add zypper-migration-plugin to the default pattern. (bsc#1186791) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2196-1 Released: Tue Jun 29 09:41:39 2021 Summary: Security update for lua53 Type: security Severity: moderate References: 1175448,1175449,CVE-2020-24370,CVE-2020-24371 This update for lua53 fixes thefollowing issues: Update to version 5.3.6: - CVE-2020-24371: lgc.c mishandles the interaction between barriers and the sweep phase, leading to a memory access violation involving collectgarbage (bsc#1175449) - CVE-2020-24370: ldebug.c allows a negation overflow and segmentation fault in getlocal and setlocal (bsc#1175448) - Long brackets with a huge number of '=' overflow some internal buffer arithmetic. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2205-1 Released: Wed Jun 30 09:17:41 2021 Summary: Recommended update for openldap2 Type: recommended Severity: important References: 1187210 This update for openldap2 fixes the following issues: - Resolve issues in the idle / connection 'TTL' timeout implementation in OpenLDAP. (bsc#1187210) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2229-1 Released: Thu Jul 1 20:40:37 2021 Summary: Recommended update for release packages Type: recommended Severity: moderate References: 1099521,1185221 This update for the release packages provides the following fix: - Fix grub menu entries after migration from SLE-12*. (bsc#1099521) - Adjust the sles-release changelog to include an entry for the previous release that was reverting a broken change. (bsc#1185221) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2246-1 Released: Mon Jul 5 15:17:49 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1154935,1167471,1178561,1184761,1184967,1185046,1185331,1185807,1185958,1187292,1187400 This update for systemd fixes the following issues: cgroup: Parse infinity properly for memory protections. (bsc#1167471) cgroup: Make empty assignments reset to default. (bsc#1167471) cgroup: Support 0-value for memory protection directives. (bsc#1167471) core/cgroup: Fixed an issue with ignored parameter of 'MemorySwapMax=0'. (bsc#1154935) bus-unit-util: Add proper 'MemorySwapMax' serialization. core: Accept MemorySwapMax= properties that are scaled. execute: Make sure to call into PAM after initializing resource limits. (bsc#1184967) core: Rename 'ShutdownWatchdogSec' to 'RebootWatchdogSec'. (bsc#1185331) Return -EAGAIN instead of -EALREADY from unit_reload. (bsc#1185046) rules: Don't ignore Xen virtual interfaces anymore. (bsc#1178561) write_net_rules: Set execute bits. (bsc#1178561) udev: Rework network device renaming. Revert 'Revert 'udev: Network device renaming - immediately give up if the target name isn't available' mount-util: tape over name_to_handle_at() flakiness (#7517) (bsc#1184761) core: fix output (logging) for mount units (#7603) (bsc#1187400) udev requires systemd in its %post (bsc#1185958) cgroup: Parse infinity properly for memory protections (bsc#1167471) cgroup: Make empty assignments reset to default (bsc#1167471) cgroup: Support 0-value for memory protection directives (bsc#1167471) Create /run/lock/subsys again (bsc#1187292) The creation of this directory was mistakenly dropped when 'filesystem' package took the initialization of the generic paths over. Expect 644 permissions for /usr/lib/udev/compat-symlink-generation (bsc#1185807) ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:2249-1 Released: Mon Jul 5 15:40:46 2021 Summary: Optional update for gnutls Type: optional Severity: low References: 1047218,1186579 This update for gnutls does not fix any user visible issues. It is therefore optional to install. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2273-1 Released: Thu Jul 8 09:48:48 2021 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1186447,1186503 This update for libzypp, zypper fixes the following issues: - Enhance XML output of repo GPG options - Add optional attributes showing the rawvalues actually present in the '.repo' file. - Link all executables with -PIE (bsc#1186447) - Ship an empty '/etc/zypp/needreboot' per default (jsc#PM-2645) - Add 'Solvable::isBlacklisted' as superset of retracted and ptf packages (bsc#1186503) - Fix segv if 'ZYPP_FULLOG' is set. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2320-1 Released: Wed Jul 14 17:01:06 2021 Summary: Security update for sqlite3 Type: security Severity: important References: 1157818,1158812,1158958,1158959,1158960,1159491,1159715,1159847,1159850,1160309,1160438,1160439,1164719,1172091,1172115,1172234,1172236,1172240,1173641,928700,928701,CVE-2015-3414,CVE-2015-3415,CVE-2019-19244,CVE-2019-19317,CVE-2019-19603,CVE-2019-19645,CVE-2019-19646,CVE-2019-19880,CVE-2019-19923,CVE-2019-19924,CVE-2019-19925,CVE-2019-19926,CVE-2019-19959,CVE-2019-20218,CVE-2020-13434,CVE-2020-13435,CVE-2020-13630,CVE-2020-13631,CVE-2020-13632,CVE-2020-15358,CVE-2020-9327 This update for sqlite3 fixes the following issues: - Update to version 3.36.0 - CVE-2020-15358: heap-based buffer overflow in multiSelectOrderBy due to mishandling of query-flattener optimization (bsc#1173641) - CVE-2020-9327: NULL pointer dereference and segmentation fault because of generated column optimizations in isAuxiliaryVtabOperator (bsc#1164719) - CVE-2019-20218: selectExpander in select.c proceeds with WITH stack unwinding even after a parsing error (bsc#1160439) - CVE-2019-19959: memory-management error via ext/misc/zipfile.c involving embedded '\0' input (bsc#1160438) - CVE-2019-19923: improper handling of certain uses of SELECT DISTINCT in flattenSubquery may lead to null pointer dereference (bsc#1160309) - CVE-2019-19924: improper error handling in sqlite3WindowRewrite() (bsc#1159850) - CVE-2019-19925: improper handling of NULL pathname during an update of a ZIP archive (bsc#1159847) - CVE-2019-19926: improper handling of certain errors during parsing multiSelect in select.c (bsc#1159715) - CVE-2019-19880:exprListAppendList in window.c allows attackers to trigger an invalid pointer dereference (bsc#1159491) - CVE-2019-19603: during handling of CREATE TABLE and CREATE VIEW statements, does not consider confusion with a shadow table name (bsc#1158960) - CVE-2019-19646: pragma.c mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns (bsc#1158959) - CVE-2019-19645: alter.c allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements (bsc#1158958) - CVE-2019-19317: lookupName in resolve.c omits bits from the colUsed bitmask in the case of a generated column, which allows attackers to cause a denial of service (bsc#1158812) - CVE-2019-19244: sqlite3,sqlite2,sqlite: The function sqlite3Select in select.c allows a crash if a sub-select uses both DISTINCT and window functions, and also has certain ORDER BY usage (bsc#1157818) - CVE-2015-3415: sqlite3VdbeExec comparison operator vulnerability (bsc#928701) - CVE-2015-3414: sqlite3,sqlite2: dequoting of collation-sequence names (bsc#928700) - CVE-2020-13434: integer overflow in sqlite3_str_vappendf (bsc#1172115) - CVE-2020-13630: (bsc#1172234: use-after-free in fts3EvalNextRow - CVE-2020-13631: virtual table allowed to be renamed to one of its shadow tables (bsc#1172236) - CVE-2020-13632: NULL pointer dereference via crafted matchinfo() query (bsc#1172240) - CVE-2020-13435: Malicious SQL statements could have crashed the process that is running SQLite (bsc#1172091) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2404-1 Released: Tue Jul 20 14:21:30 2021 Summary: Security update for systemd Type: security Severity: moderate References: 1184994,1188063,CVE-2021-33910 This update for systemd fixes the following issues: - CVE-2021-33910: Fixed a denial of service in systemd via unit_name_path_escape() (bsc#1188063) - Skip udev rules if 'elevator=' is used(bsc#1184994) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2439-1 Released: Wed Jul 21 13:46:48 2021 Summary: Security update for curl Type: security Severity: moderate References: 1188217,1188218,1188219,1188220,CVE-2021-22922,CVE-2021-22923,CVE-2021-22924,CVE-2021-22925 This update for curl fixes the following issues: - CVE-2021-22925: TELNET stack contents disclosure again. (bsc#1188220) - CVE-2021-22924: Bad connection reuse due to flawed path name checks. (bsc#1188219) - CVE-2021-22923: Insufficiently Protected Credentials. (bsc#1188218) - CVE-2021-22922: Wrong content via metalink not discarded. (bsc#1188217) . SUSE Container Update Notification for suse/sle15 featuring essential updates and enhancements, encompassing significant security fixes.. SUSE Container Updates, Security Fixes, Important Patches, SUSE SLE15. . Severity: Important. LinuxSecurity.com Team
Aug 07, 2021
•Important
SuSE
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!