Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -6 articles for you...
172
security advisorycriticalUbuntuUbuntu 25.04: Linux Kernel Critical Security Issues USN-7769-1
Several security issues were fixed in the Linux kernel.. ========================================================================== Ubuntu Security Notice USN-7769-1 September 24, 2025 linux, linux-aws, linux-gcp, linux-gcp-6.14, linux-oracle, linux-realtime, linux-riscv, linux-riscv-6.14 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 25.04 - Ubuntu 24.04 LTS Summary: Several security issues were fixed in the Linux kernel. Software Description: - linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services (AWS) systems - linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems - linux-oracle: Linux kernel for Oracle Cloud systems - linux-realtime: Linux kernel for Real-time systems - linux-riscv: Linux kernel for RISC-V systems - linux-gcp-6.14: Linux kernel for Google Cloud Platform (GCP) systems - linux-riscv-6.14: Linux kernel for RISC-V systems Details: Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - PowerPC architecture; - x86 architecture; - Block layer subsystem; - Cryptographic API; - ACPI drivers; - Android drivers; - Bluetooth drivers; - Bus devices; - Clock framework and drivers; - CPU frequency scaling framework; - Hardware crypto device drivers; - DMA engine subsystem; - EDAC drivers; - Arm Firmware Framework for ARMv8-A(FFA); - FPGA Framework; - GPIO subsystem; - GPU drivers; - HID subsystem; - Hardware monitoring drivers; - HW tracing; - InfiniBand drivers; - IOMMU subsystem; - Multiple devices driver; - Media drivers; - VMware VMCI Driver; - MTD block device drivers; - Network drivers; - Mellanox network drivers; - STMicroelectronics network drivers; - NVDIMM (Non-Volatile Memory Device) drivers; - NVME drivers; - NVMEM (NonVolatile Memory) drivers; - PCI subsystem; - Amlogic Meson DDR PMU; - NI-700 PMU driver; - PHY drivers; - Pin controllers subsystem; - x86 platform drivers; - PTP clock framework; - SCSI subsystem; - ASPEED SoC drivers; - SPI subsystem; - TCM subsystem; - Thunderbolt and USB4 drivers; - TTY drivers; - UFS subsystem; - USB core drivers; - USB Gadget drivers; - Renesas USBHS Controller drivers; - USB Type-C Port Controller Manager driver; - VFIO drivers; - Virtio Host (VHOST) subsystem; - Backlight driver; - Framebuffer layer; - Virtio drivers; - BTRFS file system; - EROFS file system; - F2FS file system; - File systems infrastructure; - Network file systems library; - NTFS3 file system; - SMB network file system; - Codetag library; - BPF subsystem; - LZO compression library; - Mellanox drivers; - IPv4 networking; - Bluetooth subsystem; - Network sockets; - XFRM subsystem; - Digital Audio (PCM) driver; - Tracing infrastructure; - io_uring subsystem; - Padata parallel execution mechanism; - DVFS energy model driver; - Restartable seuqences system call mechanism; - Timer subsystem; - Memory management; - KASAN memory debugging framework; - CAN network layer; - Networking core; - IPv6 networking; - Netfilter; - NetLabel subsystem; - Open vSwitch; - Network traffic control; - TIPC protocol; - TLS protocol; - ALSA framework; - sma1307 audio codecs; - Intel ASoC drivers; - MediaTek ASoC drivers; - USB sound devices; (CVE-2025-38122, CVE-2025-38119, CVE-2025-38071, CVE-2025-38310, CVE-2025-38166, CVE-2025-38055, CVE-2025-38292, CVE-2025-38078, CVE-2025-38134, CVE-2025-38063, CVE-2025-38282, CVE-2025-38059, CVE-2025-38112, CVE-2025-38082, CVE-2025-38296, CVE-2025-38126, CVE-2025-38136, CVE-2025-38075, CVE-2025-38042, CVE-2025-38113, CVE-2025-38003, CVE-2025-38318, CVE-2025-38156, CVE-2025-38290, CVE-2025-38102, CVE-2025-38076, CVE-2025-38097, CVE-2025-38313, CVE-2025-38298, CVE-2025-38300,CVE-2025-38169, CVE-2025-38131, CVE-2025-38301, CVE-2025-38050, CVE-2025-38139, CVE-2025-38305, CVE-2025-38317, CVE-2025-38045, CVE-2025-38040, CVE-2025-38279, CVE-2025-38123, CVE-2025-38074, CVE-2025-38111, CVE-2025-38117, CVE-2025-38069, CVE-2025-38035, CVE-2025-38128, CVE-2025-38277, CVE-2025-38061, CVE-2025-38306, CVE-2025-38051, CVE-2025-38124, CVE-2025-38291, CVE-2025-38130, CVE-2025-38319, CVE-2025-38272, CVE-2025-38175, CVE-2025-38176, CVE-2025-38070, CVE-2025-38032, CVE-2025-38151, CVE-2025-38107, CVE-2025-38103, CVE-2025-38274, CVE-2025-38163, CVE-2025-38293, CVE-2025-38064, CVE-2025-38498, CVE-2025-38039, CVE-2025-38173, CVE-2025-38038, CVE-2025-38135, CVE-2025-38149, CVE-2025-38142, CVE-2025-38414, CVE-2025-38120, CVE-2025-38106, CVE-2025-38092, CVE-2025-38091, CVE-2025-38415, CVE-2025-38294, CVE-2025-38043, CVE-2025-38147, CVE-2025-38037, CVE-2025-38108, CVE-2025-38088, CVE-2025-38316, CVE-2025-38312, CVE-2025-38352, CVE-2025-38115, CVE-2025-38161, CVE-2025-38036, CVE-2025-38275, CVE-2025-38098, CVE-2025-38132, CVE-2025-38146, CVE-2025-38288, CVE-2025-38143, CVE-2025-38278, CVE-2025-38155, CVE-2025-38047, CVE-2025-38160, CVE-2025-38053, CVE-2025-38072, CVE-2025-38140, CVE-2025-38141, CVE-2025-38068, CVE-2025-38058, CVE-2025-38062, CVE-2025-38303, CVE-2025-38164, CVE-2025-38101, CVE-2025-38145, CVE-2025-38105, CVE-2025-38295, CVE-2025-38284, CVE-2025-38137, CVE-2025-38073, CVE-2025-38269, CVE-2025-38118, CVE-2025-38165, CVE-2025-38162, CVE-2025-38170, CVE-2025-38114, CVE-2025-38066, CVE-2025-38116, CVE-2025-38315, CVE-2025-38153, CVE-2025-38031, CVE-2025-38041, CVE-2025-38168, CVE-2025-38499, CVE-2025-38048, CVE-2025-38158, CVE-2025-38060, CVE-2025-38299, CVE-2025-38286, CVE-2025-38125, CVE-2025-38297, CVE-2025-38270, CVE-2025-38044, CVE-2025-38080, CVE-2025-38096, CVE-2025-38314, CVE-2025-38307, CVE-2025-38174, CVE-2025-38267, CVE-2025-38304, CVE-2025-38057, CVE-2025-38065, CVE-2025-38311, CVE-2025-38302, CVE-2025-38138, CVE-2025-38033, CVE-2025-38079, CVE-2025-38280, CVE-2025-38109, CVE-2025-38287,CVE-2025-38159, CVE-2025-38289, CVE-2025-38283, CVE-2025-38081, CVE-2025-38172, CVE-2025-38148, CVE-2025-38285, CVE-2025-38034, CVE-2025-38154, CVE-2025-38077, CVE-2025-38054, CVE-2025-38029, CVE-2025-38127, CVE-2025-38281, CVE-2025-38100, CVE-2025-38129, CVE-2025-38004, CVE-2025-38099, CVE-2025-38157, CVE-2025-38067, CVE-2025-38265, CVE-2025-38052, CVE-2025-38110, CVE-2025-38268, CVE-2025-38167) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 25.04 linux-image-6.14.0-1012-realtime 6.14.0-1012.12 Available with Ubuntu Pro linux-image-6.14.0-1013-aws 6.14.0-1013.13 linux-image-6.14.0-1013-aws-64k 6.14.0-1013.13 linux-image-6.14.0-1013-oracle 6.14.0-1013.13 linux-image-6.14.0-1013-oracle-64k 6.14.0-1013.13 linux-image-6.14.0-1016-gcp 6.14.0-1016.17 linux-image-6.14.0-1016-gcp-64k 6.14.0-1016.17 linux-image-6.14.0-32-generic 6.14.0-32.32 linux-image-6.14.0-32-generic-64k 6.14.0-32.32 linux-image-aws 6.14.0-1013.13 linux-image-aws-6.14 6.14.0-1013.13 linux-image-aws-64k 6.14.0-1013.13 linux-image-aws-64k-6.14 6.14.0-1013.13 linux-image-gcp 6.14.0-1016.17 linux-image-gcp-6.14 6.14.0-1016.17 linux-image-gcp-64k 6.14.0-1016.17 linux-image-gcp-64k-6.14 6.14.0-1016.17 linux-image-generic 6.14.0-32.32.1 linux-image-generic-6.14 6.14.0-32.32.1 linux-image-generic-64k 6.14.0-32.32 linux-image-generic-64k-6.14 6.14.0-32.32 linux-image-oracle 6.14.0-1013.13 linux-image-oracle-6.14 6.14.0-1013.13 linux-image-oracle-64k 6.14.0-1013.13 linux-image-oracle-64k-6.14 6.14.0-1013.13 linux-image-realtime 6.14.0-1012.12 Available with Ubuntu Pro linux-image-realtime-6.14 6.14.0-1012.12 Available with Ubuntu Pro linux-image-virtual 6.14.0-32.32.1 linux-image-virtual-6.14 6.14.0-32.32.1 Ubuntu 24.04 LTS linux-image-6.14.0-1016-gcp 6.14.0-1016.17~24.04.1 linux-image-6.14.0-1016-gcp-64k 6.14.0-1016.17~24.04.1 linux-image-6.14.0-32-generic 6.14.0-32.32.1~24.04.1 linux-image-gcp 6.14.0-1016.17~24.04.1 linux-image-gcp-6.14 6.14.0-1016.17~24.04.1 linux-image-gcp-64k 6.14.0-1016.17~24.04.1 linux-image-gcp-64k-6.14 6.14.0-1016.17~24.04.1 linux-image-generic 6.14.0-32.32.1~24.04.1 linux-image-generic-6.14 6.14.0-32.32.1~24.04.1 linux-image-virtual 6.14.0-32.32.1~24.04.1 linux-image-virtual-6.14 6.14.0-32.32.1~24.04.1 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. References: https://ubuntu.com/security/notices/USN-7769-1 CVE-2025-38003, CVE-2025-38004, CVE-2025-38029, CVE-2025-38031, CVE-2025-38032, CVE-2025-38033, CVE-2025-38034, CVE-2025-38035, CVE-2025-38036, CVE-2025-38037, CVE-2025-38038, CVE-2025-38039, CVE-2025-38040, CVE-2025-38041, CVE-2025-38042, CVE-2025-38043, CVE-2025-38044, CVE-2025-38045, CVE-2025-38047, CVE-2025-38048, CVE-2025-38050, CVE-2025-38051, CVE-2025-38052, CVE-2025-38053, CVE-2025-38054, CVE-2025-38055, CVE-2025-38057, CVE-2025-38058, CVE-2025-38059, CVE-2025-38060, CVE-2025-38061, CVE-2025-38062, CVE-2025-38063, CVE-2025-38064, CVE-2025-38065, CVE-2025-38066, CVE-2025-38067, CVE-2025-38068, CVE-2025-38069, CVE-2025-38070, CVE-2025-38071, CVE-2025-38072, CVE-2025-38073, CVE-2025-38074, CVE-2025-38075, CVE-2025-38076, CVE-2025-38077, CVE-2025-38078, CVE-2025-38079, CVE-2025-38080, CVE-2025-38081, CVE-2025-38082, CVE-2025-38088, CVE-2025-38091, CVE-2025-38092, CVE-2025-38096, CVE-2025-38097, CVE-2025-38098, CVE-2025-38099, CVE-2025-38100, CVE-2025-38101, CVE-2025-38102, CVE-2025-38103, CVE-2025-38105, CVE-2025-38106, CVE-2025-38107, CVE-2025-38108, CVE-2025-38109, CVE-2025-38110, CVE-2025-38111, CVE-2025-38112, CVE-2025-38113, CVE-2025-38114, CVE-2025-38115, CVE-2025-38116, CVE-2025-38117, CVE-2025-38118, CVE-2025-38119, CVE-2025-38120, CVE-2025-38122, CVE-2025-38123, CVE-2025-38124, CVE-2025-38125, CVE-2025-38126, CVE-2025-38127, CVE-2025-38128, CVE-2025-38129, CVE-2025-38130, CVE-2025-38131, CVE-2025-38132, CVE-2025-38134, CVE-2025-38135, CVE-2025-38136, CVE-2025-38137, CVE-2025-38138, CVE-2025-38139, CVE-2025-38140, CVE-2025-38141, CVE-2025-38142, CVE-2025-38143, CVE-2025-38145, CVE-2025-38146, CVE-2025-38147, CVE-2025-38148, CVE-2025-38149, CVE-2025-38151, CVE-2025-38153, CVE-2025-38154, CVE-2025-38155, CVE-2025-38156, CVE-2025-38157, CVE-2025-38158, CVE-2025-38159, CVE-2025-38160, CVE-2025-38161, CVE-2025-38162, CVE-2025-38163, CVE-2025-38164, CVE-2025-38165, CVE-2025-38166, CVE-2025-38167, CVE-2025-38168, CVE-2025-38169, CVE-2025-38170, CVE-2025-38172, CVE-2025-38173, CVE-2025-38174, CVE-2025-38175, CVE-2025-38176, CVE-2025-38265, CVE-2025-38267, CVE-2025-38268, CVE-2025-38269, CVE-2025-38270, CVE-2025-38272, CVE-2025-38274, CVE-2025-38275, CVE-2025-38277, CVE-2025-38278, CVE-2025-38279, CVE-2025-38280, CVE-2025-38281, CVE-2025-38282, CVE-2025-38283, CVE-2025-38284, CVE-2025-38285, CVE-2025-38286, CVE-2025-38287, CVE-2025-38288, CVE-2025-38289, CVE-2025-38290, CVE-2025-38291, CVE-2025-38292, CVE-2025-38293, CVE-2025-38294, CVE-2025-38295, CVE-2025-38296, CVE-2025-38297, CVE-2025-38298, CVE-2025-38299, CVE-2025-38300, CVE-2025-38301, CVE-2025-38302, CVE-2025-38303, CVE-2025-38304, CVE-2025-38305, CVE-2025-38306, CVE-2025-38307, CVE-2025-38310, CVE-2025-38311, CVE-2025-38312, CVE-2025-38313, CVE-2025-38314, CVE-2025-38315, CVE-2025-38316, CVE-2025-38317, CVE-2025-38318, CVE-2025-38319, CVE-2025-38352, CVE-2025-38414, CVE-2025-38415, CVE-2025-38498, CVE-2025-38499 Package Information: https://launchpad.net/ubuntu/+source/linux-gcp/6.14.0-1016.17 https://launchpad.net/ubuntu/+source/linux-riscv/6.14.0-32.32.1 https://launchpad.net/ubuntu/+source/linux-riscv-6.14/6.14.0-32.32.1~24.04.1 . Critical vulnerabilities addressed in the Ubuntu 24.04 and 25.04 Linux kernel. Users urged to apply updates promptly.. Ubuntu security notices, Linux kernel updates, system vulnerabilities. . Severity: Critical. LinuxSecurity.com Team
Sep 24, 2025
•Critical
Ubuntu
100
security advisoryimportantsuseSUSE: 2023:731-1 Important: Multiple Security Fixes for Containers
The container suse-sles-15-sp5-chost-byos-v20231013-x86_64-gen2 was updated. The following patches have been included in this update:. SUSE Image Update Advisory: suse-sles-15-sp5-chost-byos-v20231013-x86_64-gen2 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2023:731-1 Image Tags : suse-sles-15-sp5-chost-byos-v20231013-x86_64-gen2:20231013 Image Release : Severity : important Type : security References : 1023051 1120059 1152472 1157881 1177719 1181477 1188885 1193629 1194869 1196933 1200710 1201066 1202845 1203329 1203330 1204942 1205462 1205533 1206402 1206453 1206453 1206608 1207543 1207598 1208902 1208928 1208949 1209233 1209284 1209799 1209859 1209979 1210015 1210048 1210448 1210950 1211078 1211220 1211598 1211599 1211829 1212091 1212142 1212423 1212475 1212475 1212526 1212594 1212819 1212857 1212873 1212910 1212957 1213026 1213123 1213127 1213428 1213546 1213580 1213601 1213666 1213733 1213757 1213759 1213808 1213822 1213854 1213916 1213921 1213927 1213946 1213949 1213968 1213970 1213971 1214000 1214019 1214052 1214073 1214120 1214149 1214180 1214233 1214238 1214285 1214292 1214297 1214299 1214305 1214350 1214368 1214370 1214371 1214372 1214380 1214386 1214392 1214393 1214395 1214397 1214404 1214428 1214451 1214458 1214535 1214635 1214659 1214661 1214692 1214727 1214729 1214742 1214743 1214756 1214768 1214806 1214928 1214942 1214943 1214944 1214950 1214951 1214954 1214957 1214976 1214986 1214988 1214992 1214993 1215007 1215026 1215064 1215145 1215322 1215472 1215474 1215522 1215523 1215552 1215553 1215578 12155961215713 1215744 1215746 1215747 1215748 1215877 1215888 1215889 1215894 1215895 1215896 1215904 1215905 1215906 1215907 1215908 1215911 1215915 1215916 CVE-2022-38457 CVE-2022-40133 CVE-2022-45154 CVE-2023-1192 CVE-2023-1206 CVE-2023-1859 CVE-2023-2007 CVE-2023-20588 CVE-2023-20588 CVE-2023-2177 CVE-2023-22652 CVE-2023-30078 CVE-2023-30079 CVE-2023-32181 CVE-2023-3341 CVE-2023-34319 CVE-2023-34322 CVE-2023-34323 CVE-2023-34325 CVE-2023-34326 CVE-2023-34327 CVE-2023-34328 CVE-2023-35945 CVE-2023-3610 CVE-2023-37453 CVE-2023-3772 CVE-2023-38039 CVE-2023-38545 CVE-2023-38546 CVE-2023-3863 CVE-2023-39192 CVE-2023-39193 CVE-2023-39194 CVE-2023-3961 CVE-2023-39615 CVE-2023-40217 CVE-2023-40283 CVE-2023-4039 CVE-2023-4091 CVE-2023-4128 CVE-2023-4133 CVE-2023-4134 CVE-2023-4147 CVE-2023-4154 CVE-2023-4155 CVE-2023-4194 CVE-2023-42669 CVE-2023-42670 CVE-2023-4273 CVE-2023-42753 CVE-2023-42754 CVE-2023-4387 CVE-2023-4389 CVE-2023-4459 CVE-2023-4563 CVE-2023-4569 CVE-2023-4622 CVE-2023-4623 CVE-2023-4641 CVE-2023-4881 CVE-2023-4921 CVE-2023-5345 ----------------------------------------------------------------- The container suse-sles-15-sp5-chost-byos-v20231013-x86_64-gen2 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3661-1 Released: Mon Sep 18 21:44:09 2023 Summary: Security update for gcc12 Type: security Severity: important References: 1214052,CVE-2023-4039 This update for gcc12 fixes the following issues: - CVE-2023-4039: Fixed incorrect stack protector for C99 VLAs on Aarch64(bsc#1214052). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3663-1 Released: Mon Sep 18 21:49:09 2023 Summary: Recommended update for perl-Bootloader Type: recommended Severity: important References: 1215064 This update for perl-Bootloader fixes the following issues: - bootloader_entry script can have an optional 'force-default' argument (bsc#1215064) - skip warning about unsupported options when in compat mode ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3666-1 Released: Mon Sep 18 21:52:18 2023 Summary: Security update for libxml2 Type: security Severity: important References: 1214768,CVE-2023-39615 This update for libxml2 fixes the following issues: - CVE-2023-39615: Fixed crafted xml can cause global buffer overflow (bsc#1214768). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3717-1 Released: Thu Sep 21 06:51:51 2023 Summary: Recommended update for apparmor Type: recommended Severity: moderate References: 1214458 This update for apparmor fixes the following issues: - Update zgrep profile to allow egrep helper use (bsc#1214458) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3780-1 Released: Tue Sep 26 10:58:21 2023 Summary: Recommended update hidapi Type: recommended Severity: moderate References: 1214535 This update for hidapi ships the missing libhidapi-raw0 library to SLE and Leap Micro 5.3 and 5.4. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3814-1 Released: Wed Sep 27 18:08:17 2023 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1211829,1212819,1212910 This update for glibc fixes the following issues: - nscd: Fix netlink cache invalidation if epoll is used (bsc#1212910, BZ #29415) - Restore lookup of IPv4 mapped addresses in filesdatabase (bsc#1212819, BZ #25457) - elf: Remove excessive p_align check on PT_LOAD segments (bsc#1211829, BZ #28688) - elf: Properly align PT_LOAD segments (bsc#1211829, BZ #28676) - ld.so: Always use MAP_COPY to map the first segment (BZ #30452) - add GB18030-2022 charmap (jsc#PED-4908, BZ #30243) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3817-1 Released: Wed Sep 27 18:31:14 2023 Summary: Security update for containerd Type: security Severity: important References: 1212475 This update of containerd fixes the following issues: - rebuild the package with the go 1.21 security release (bsc#1212475). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3821-1 Released: Wed Sep 27 18:38:33 2023 Summary: Security update for bind Type: security Severity: important References: 1215472,CVE-2023-3341 This update for bind fixes the following issues: Update to release 9.16.44: - CVE-2023-3341: Fixed stack exhaustion flaw in control channel code may cause named to terminate unexpectedly (bsc#1215472). Update to release 9.16.43 * Processing already-queued queries received over TCP could cause an assertion failure, when the server was reconfigured at the same time or the cache was being flushed. This has been fixed. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3822-1 Released: Wed Sep 27 18:40:14 2023 Summary: Security update for supportutils Type: security Severity: moderate References: 1181477,1196933,1204942,1205533,1206402,1206608,1207543,1207598,1208928,1209979,1210015,1210950,1211598,1211599,1213127,CVE-2022-45154 This update for supportutils fixes the following issues: Security fixes: - CVE-2022-45154: Removed iSCSI passwords (bsc#1207598). Other Fixes: - Changes in version 3.1.26 + powerpc plugin to collect the slots and active memory (bsc#1210950) + A Cleartext Storage of Sensitive Informationvulnerability CVE-2022-45154 + supportconfig: collect BPF information (pr#154) + Added additional iscsi information (pr#155) - Added run time detection (bsc#1213127) - Changes for supportutils version 3.1.25 + Removed iSCSI passwords CVE-2022-45154 (bsc#1207598) + powerpc: Collect lsslot,amsstat, and opal elogs (pr#149) + powerpc: collect invscout logs (pr#150) + powerpc: collect RMC status logs (pr#151) + Added missing nvme nbft commands (bsc#1211599) + Fixed invalid nvme commands (bsc#1211598) + Added missing podman information (PED-1703, bsc#1181477) + Removed dependency on sysfstools + Check for systool use (bsc#1210015) + Added selinux checking (bsc#1209979) + Updated SLES_VER matrix - Fixed missing status detail for apparmor (bsc#1196933) - Corrected invalid argument list in docker.txt (bsc#1206608) - Applies limit equally to sar data and text files (bsc#1207543) - Collects hwinfo hardware logs (bsc#1208928) - Collects lparnumascore logs (issue#148) - Add dependency to `numactl` on ppc64le and `s390x`, this enforces that `numactl --hardware` data is provided in supportconfigs - Changes to supportconfig.rc version 3.1.11-35 + Corrected _sanitize_file to include iscsi.conf and others (bsc#1206402) - Changes to supportconfig version 3.1.11-46.4 + Added plymouth_info - Changes to getappcore version 1.53.02 + The location of chkbin was updated earlier. This documents that change (bsc#1205533, bsc#1204942) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3823-1 Released: Wed Sep 27 18:42:38 2023 Summary: Security update for curl Type: security Severity: important References: 1215026,CVE-2023-38039 This update for curl fixes the following issues: - CVE-2023-38039: Fixed possible DoS when receiving too large HTTP header. (bsc#1215026) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3828-1 Released: Wed Sep 27 19:07:38 2023 Summary: Security update forpython3 Type: security Severity: important References: 1214692,CVE-2023-40217 This update for python3 fixes the following issues: - CVE-2023-40217: Fixed TLS handshake bypass on closed sockets (bsc#1214692). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3831-1 Released: Wed Sep 27 19:15:23 2023 Summary: Security update for xen Type: security Severity: important References: 1215145,1215474,CVE-2023-20588,CVE-2023-34322 This update for xen fixes the following issues: - CVE-2023-20588: Fixed AMD CPU transitional execution leak via division by zero (XSA-439) (bsc#1215474). - CVE-2023-34322: Fixed top-level shadow reference dropped too early for 64-bit PV guests (XSA-438) (bsc#1215145). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3843-1 Released: Wed Sep 27 20:18:06 2023 Summary: Recommended update for suse-build-key Type: recommended Severity: important References: This update for suse-build-key fixes the following issues: This update adds and runs a import-suse-build-key script. It is run after installation with libzypp based installers. (jsc#PED-2777) It imports the future SUSE Linux Enterprise 15 4096 bit RSA key primary and reserve keys. To manually import them you can also run: # rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-3fa1d6ce-63c9481c.asc # rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-d588dc46-63c939db.asc ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3951-1 Released: Tue Oct 3 19:37:46 2023 Summary: Recommended update for python3-jmespath, python3-ply Type: recommended Severity: moderate References: 1209233 This update for python3-jmespath and python3-ply fixes the following issue: - the packages are required as dependencies for python3-salt, and were missing on aarch64 based SLE Micro flavors so far. There are no functionalchanges. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3952-1 Released: Tue Oct 3 20:06:23 2023 Summary: Security update for runc Type: security Severity: important References: 1212475 This update of runc fixes the following issues: - Update to runc v1.1.8. Upstream changelog is available from . - rebuild the package with the go 1.21 security release (bsc#1212475). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3954-1 Released: Tue Oct 3 20:09:47 2023 Summary: Security update for libeconf Type: security Severity: important References: 1211078,CVE-2023-22652,CVE-2023-30078,CVE-2023-30079,CVE-2023-32181 This update for libeconf fixes the following issues: Update to version 0.5.2. - CVE-2023-30078, CVE-2023-32181: Fixed a stack-buffer-overflow vulnerability in 'econf_writeFile' function (bsc#1211078). - CVE-2023-30079, CVE-2023-22652: Fixed a stack-buffer-overflow vulnerability in 'read_file' function. (bsc#1211078) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3970-1 Released: Wed Oct 4 14:17:12 2023 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1215578 This update for dracut fixes the following issues: - Honor nvme-cli's /etc/nvme/config.json in NVMe/TCP (bsc#1215578) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3971-1 Released: Wed Oct 4 14:36:01 2023 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1023051,1120059,1177719,1188885,1193629,1194869,1203329,1203330,1205462,1206453,1208902,1208949,1209284,1209799,1210048,1210448,1211220,1212091,1212142,1212423,1212526,1212857,1212873,1213026,1213123,1213546,1213580,1213601,1213666,1213733,1213757,1213759,1213916,1213921,1213927,1213946,1213949,1213968,1213970,1213971,1214000,1214019,1214073,1214120,1214149,1214180,1214233,1214238,1214285,1214297,1214299,1214305,1214350,1214368,1214370,1214371,1214372,1214380,1214386,1214392,1214393,1214397,1214404,1214428,1214451,1214635,1214659,1214661,1214727,1214729,1214742,1214743,1214756,1214976,1215522,1215523,1215552,1215553,CVE-2022-38457,CVE-2022-40133,CVE-2023-2007,CVE-2023-20588,CVE-2023-34319,CVE-2023-3610,CVE-2023-37453,CVE-2023-3772,CVE-2023-3863,CVE-2023-40283,CVE-2023-4128,CVE-2023-4133,CVE-2023-4134,CVE-2023-4147,CVE-2023-4194,CVE-2023-4273,CVE-2023-4387,CVE-2023-4459,CVE-2023-4563,CVE-2023-4569 The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-38457: Fixed a use-after-free vulnerability in vmwgfx driver that allowed a local attacker to cause a denial of service (bsc#1203330). - CVE-2022-40133: Fixed a use-after-free vulnerability in vmwgfx driver that allowed a local attacker to cause a denial of service (bsc#1203329). - CVE-2023-2007: Fixed a flaw in the DPT I2O Controller driver that could allow an attacker to escalate privileges and execute arbitrary code in the context of the kernel (bsc#1210448). - CVE-2023-20588: Fixed a division-by-zero error on some AMD processors that can potentially return speculative data resulting in loss of confidentiality (bsc#1213927). - CVE-2023-34319: Fixed buffer overrun triggered by unusual packet in xen/netback (XSA-432) (bsc#1213546). - CVE-2023-3610: Fixed use-after-free vulnerability in nf_tables can be exploited to achieve local privilege escalation (bsc#1213580). - CVE-2023-37453: Fixed oversight in SuperSpeed initialization (bsc#1213123). - CVE-2023-3772: Fixed a flawin XFRM subsystem that may have allowed a malicious user with CAP_NET_ADMIN privileges to directly dereference a NULL pointer leading to a possible kernel crash and denial of service (bsc#1213666). - CVE-2023-3863: Fixed a use-after-free flaw was found in nfc_llcp_find_local that allowed a local user with special privileges to impact a kernel information leak issue (bsc#1213601). - CVE-2023-40283: Fixed use-after-free in l2cap_sock_ready_cb (bsc#1214233). - CVE-2023-4128: Fixed a use-after-free flaw in net/sched/cls_fw.c that allowed a local attacker to perform a local privilege escalation due to incorrect handling of the existing filter, leading to a kernel information leak issue (bsc#1214149). - CVE-2023-4133: Fixed use after free bugs caused by circular dependency problem in cxgb4 (bsc#1213970). - CVE-2023-4134: Fixed use-after-free in cyttsp4_watchdog_work() (bsc#1213971). - CVE-2023-4147: Fixed use-after-free in nf_tables_newrule (bsc#1213968). - CVE-2023-4194: Fixed a type confusion in net tun_chr_open() (bsc#1214019). - CVE-2023-4273: Fixed a flaw in the exFAT driver of the Linux kernel that alloawed a local privileged attacker to overflow the kernel stack (bsc#1214120). - CVE-2023-4387: Fixed use-after-free flaw in vmxnet3_rq_alloc_rx_buf that could allow a local attacker to crash the system due to a double-free (bsc#1214350). - CVE-2023-4459: Fixed a NULL pointer dereference flaw in vmxnet3_rq_cleanup that may have allowed a local attacker with normal user privilege to cause a denial of service (bsc#1214451). - CVE-2023-4563: Fixed use-after-free in nft_verdict_dump due to a race between set GC and transaction (bsc#1214727). - CVE-2023-4569: Fixed information leak in nft_set_catchall_flush in net/netfilter/nf_tables_api.c (bsc#1214729). The following non-security bugs were fixed: - ACPI/IORT: Update SMMUv3 DeviceID support (bsc#1214305). - ACPI: processor: perflib: Avoid updating frequency QoS unnecessarily (git-fixes). - ACPI: processor: perflib: Use the 'no limit' frequency QoS (git-fixes). - ACPI:x86: s2idle: Fix a logic error parsing AMD constraints table (git-fixes). - ALSA: ac97: Fix possible error value of *rac97 (git-fixes). - ALSA: hda/cs8409: Support new Dell Dolphin Variants (git-fixes). - ALSA: hda/realtek - Remodified 3k pull low procedure (git-fixes). - ALSA: hda/realtek: Add quirk for HP Victus 16-d1xxx to enable mute LED (git-fixes). - ALSA: hda/realtek: Add quirk for mute LEDs on HP ENVY x360 15-eu0xxx (git-fixes). - ALSA: hda/realtek: Add quirks for HP G11 Laptops (git-fixes). - ALSA: hda/realtek: Switch Dell Oasis models to use SPI (git-fixes). - ALSA: pcm: Fix missing fixup call in compat hw_refine ioctl (git-fixes). - ALSA: usb-audio: Add support for Mythware XA001AU capture and playback interfaces (git-fixes). - ALSA: usb-audio: Fix init call orders for UAC1 (git-fixes). - ALSA: ymfpci: Fix the missing snd_card_free() call at probe error (git-fixes). - ARM: dts: imx6dl: prtrvt, prtvt7, prti6q, prtwd2: fix USB related warnings (git-fixes). - ARM: dts: imx6sll: fixup of operating points (git-fixes). - ARM: spear: Do not use timer namespace for timer_shutdown() function (bsc#1213970). - ASoC: SOF: Intel: fix SoundWire/HDaudio mutual exclusion (git-fixes). - ASoC: amd: yc: Fix a non-functional mic on Lenovo 82SJ (git-fixes). - ASoC: lower 'no backend DAIs enabled for ... Port' log severity (git-fixes). - ASoC: meson: axg-tdm-formatter: fix channel slot allocation (git-fixes). - ASoC: rt5665: add missed regulator_bulk_disable (git-fixes). - ASoC: stac9766: fix build errors with REGMAP_AC97 (git-fixes). - ASoC: tegra: Fix SFC conversion for few rates (git-fixes). - Bluetooth: Fix potential use-after-free when clear keys (git-fixes). - Bluetooth: L2CAP: Fix use-after-free (git-fixes). - Bluetooth: L2CAP: Fix use-after-free in l2cap_sock_ready_cb (git-fixes). - Bluetooth: Remove unused declaration amp_read_loc_info() (git-fixes). - Bluetooth: btusb: Add MT7922 bluetooth ID for the Asus Ally (git-fixes). - Bluetooth: btusb: Do not call kfree_skb() under spin_lock_irqsave() (git-fixes). -Bluetooth: nokia: fix value check in nokia_bluetooth_serdev_probe() (git-fixes). - CONFIG_NVME_VERBOSE_ERRORS=y gone with a82baa8083b - CONFIG_PRINTK_SAFE_LOG_BUF_SHIFT=13 gone with 7e152d55123 - Created new preempt kernel flavor Configs are cloned from the respective $arch/default configs. All changed configs appart from CONFIG_PREEMPT-> y are a result of dependencies, namely many lock/unlock primitives are no longer inlined in the preempt kernel. TREE_RCU has been also changed to PREEMPT_RCU which is the default implementation for PREEMPT kernel. - Documentation: devices.txt: Fix minors for ttyCPM* (git-fixes). - Documentation: devices.txt: Remove ttyIOC* (git-fixes). - Documentation: devices.txt: Remove ttySIOC* (git-fixes). - Drivers: hv: Do not remap addresses that are above shared_gpa_boundary (bsc#1206453). - Drivers: hv: Enable vmbus driver for nested root partition (bsc#1206453). - Drivers: hv: Explicitly request decrypted in vmap_pfn() calls (bsc#1206453). - Drivers: hv: Setup synic registers in case of nested root partition (bsc#1206453). - Drivers: hv: vmbus: Call hv_synic_free() if hv_synic_alloc() fails (bsc#1206453). - Drivers: hv: vmbus: Remove second mapping of VMBus monitor pages (bsc#1206453). - Drivers: hv: vmbus: Remove second way of mapping ring buffers (bsc#1206453). - Drivers: hv: vmbus: Remove the per-CPU post_msg_page (bsc#1206453). - Drop amdgpu patch causing spamming (bsc#1215523) - Drop cfg80211 lock fix patches that caused a regression (bsc#1213757) - Drop rtsx patch that caused a regression (bsc#1214397,bsc#1214428) - Enable Analog Devices Industrial Ethernet PHY driver (jsc#PED-4759) - HID: add quirk for 03f0:464a HP Elite Presenter Mouse (git-fixes). - HID: logitech-dj: Fix error handling in logi_dj_recv_switch_to_dj_mode() (git-fixes). - HID: logitech-hidpp: Add USB and Bluetooth IDs for the Logitech G915 TKL Keyboard (git-fixes). - HID: multitouch: Correct devm device reference for hidinput input_dev name (git-fixes). - HID: wacom: remove the battery when the EKR is off(git-fixes). - HWPOISON: offline support: fix spelling in Documentation/ABI/ (git-fixes). - IB/hfi1: Fix possible panic during hotplug remove (git-fixes) - IB/uverbs: Fix an potential error pointer dereference (git-fixes) - Input: exc3000 - properly stop timer on shutdown (git-fixes). - KVM: s390: fix sthyi error handling (git-fixes bsc#1214370). - Kbuild: add -Wno-shift-negative-value where -Wextra is used (bsc#1214756). - Kbuild: move to -std=gnu11 (bsc#1214756). - PCI/ASPM: Avoid link retraining race (git-fixes). - PCI/ASPM: Factor out pcie_wait_for_retrain() (git-fixes). - PCI/ASPM: Return 0 or -ETIMEDOUT from pcie_retrain_link() (git-fixes). - PCI: Mark NVIDIA T4 GPUs to avoid bus reset (git-fixes). - PCI: acpiphp: Reassign resources on bridge if necessary (git-fixes). - PCI: acpiphp: Use pci_assign_unassigned_bridge_resources() only for non-root bus (git-fixes). - PCI: hv: Enable PCI pass-thru devices in Confidential VMs (bsc#1206453). - PCI: hv: Replace retarget_msi_interrupt_params with (bsc#1206453). - PCI: meson: Remove cast between incompatible function type (git-fixes). - PCI: microchip: Correct the DED and SEC interrupt bit offsets (git-fixes). - PCI: microchip: Remove cast between incompatible function type (git-fixes). - PCI: pciehp: Use RMW accessors for changing LNKCTL (git-fixes). - PCI: rockchip: Remove writes to unused registers (git-fixes). - PCI: s390: Fix use-after-free of PCI resources with per-function hotplug (git-fixes). - PCI: tegra194: Fix possible array out of bounds access (git-fixes). - PM / devfreq: Fix leak in devfreq_dev_release() (git-fixes). - RDMA/bnxt_re: Fix error handling in probe failure path (git-fixes) - RDMA/bnxt_re: Fix max_qp count for virtual functions (git-fixes) - RDMA/efa: Fix wrong resources deallocation order (git-fixes) - RDMA/hns: Fix CQ and QP cache affinity (git-fixes) - RDMA/hns: Fix incorrect post-send with direct wqe of wr-list (git-fixes) - RDMA/hns: Fix port active speed (git-fixes) - RDMA/irdma: Prevent zero-length STAG registration (git-fixes) -RDMA/irdma: Replace one-element array with flexible-array member (git-fixes) - RDMA/mlx5: Return the firmware result upon destroying QP/RQ (git-fixes) - RDMA/qedr: Remove a duplicate assignment in irdma_query_ah() (git-fixes) - RDMA/siw: Balance the reference of cep-> kref in the error path (git-fixes) - RDMA/siw: Correct wrong debug message (git-fixes) - RDMA/umem: Set iova in ODP flow (git-fixes) - README.BRANCH: Add Miroslav Franc as a SLE15-SP4 co-maintainer. - Revert 'IB/isert: Fix incorrect release of isert connection' (git-fixes) - Revert 'tracing: Add '(fault)' name injection to kernel probes' (git-fixes). - SMB3: Do not send lease break acknowledgment if all file handles have been closed (git-fixes). - Update patches.suse/cpufreq-intel_pstate-Fix-cpu-pstate.turbo_freq-initi.patch (git-fixes bsc#1212526 bsc#1214368 jsc#PED-4927 jsc#PED-4929). - amba: bus: fix refcount leak (git-fixes). - arm64: dts: imx8mn-var-som: add missing pull-up for onboard PHY reset pinmux (git-fixes). - arm64: dts: qcom: qrb5165-rb5: fix thermal zone conflict (git-fixes). - arm64: dts: rockchip: Disable HS400 for eMMC on ROCK Pi 4 (git-fixes). - audit: fix possible soft lockup in __audit_inode_child() (git-fixes). - backlight/bd6107: Compare against struct fb_info.device (git-fixes). - backlight/gpio_backlight: Compare against struct fb_info.device (git-fixes). - backlight/lv5207lp: Compare against struct fb_info.device (git-fixes). - batman-adv: Do not get eth header before batadv_check_management_packet (git-fixes). - batman-adv: Do not increase MTU when set by user (git-fixes). - batman-adv: Fix TT global entry leak when client roamed back (git-fixes). - batman-adv: Fix batadv_v_ogm_aggr_send memory leak (git-fixes). - batman-adv: Hold rtnl lock during MTU update via netlink (git-fixes). - batman-adv: Trigger events for auto adjusted MTU (git-fixes). - bnx2x: fix page fault following EEH recovery (bsc#1214299). - bpf: Disable preemption in bpf_event_output (git-fixes). - bpftool: Print newline before '}' for struct withpadding only fields (bsc#1211220 jsc#PED-3924). - bus: mhi: host: Skip MHI reset if device is in RDDM (git-fixes). - bus: ti-sysc: Fix build warning for 64-bit build (git-fixes). - bus: ti-sysc: Fix cast to enum warning (git-fixes). - bus: ti-sysc: Flush posted write on enable before reset (git-fixes). - can: gs_usb: gs_usb_receive_bulk_callback(): count RX overflow errors also in case of OOM (git-fixes). - ceph: defer stopping mdsc delayed_work (bsc#1214392). - ceph: do not check for quotas on MDS stray dirs (bsc#1214238). - ceph: never send metrics if disable_send_metrics is set (bsc#1214180). - check-for-config-changes: ignore BUILTIN_RETURN_ADDRESS_STRIPS_PAC (bsc#1214380). gcc7 on SLE 15 does not support this while later gcc does. - cifs: add missing return value check for cifs_sb_tlink (bsc#1193629). - cifs: allow dumping keys for directories too (bsc#1193629). - cifs: fix mid leak during reconnection after timeout threshold (git-fixes). - cifs: if deferred close is disabled then close files immediately (git-fixes). - cifs: is_network_name_deleted should return a bool (bsc#1193629). - cifs: update internal module version number for cifs.ko (bsc#1193629). - clk: Fix slab-out-of-bounds error in devm_clk_release() (git-fixes). - clk: Fix undefined reference to `clk_rate_exclusive_{get,put}' (git-fixes). - clk: imx8mp: fix sai4 clock (git-fixes). - clk: imx: composite-8m: fix clock pauses when set_rate would be a no-op (git-fixes). - clk: imx: pll14xx: dynamically configure PLL for 393216000/361267200Hz (git-fixes). - clk: qcom: camcc-sc7180: fix async resume during probe (git-fixes). - clk: qcom: gcc-mdm9615: use proper parent for pll0_vote clock (git-fixes). - clk: qcom: gcc-sc7180: Fix up gcc_sdcc2_apps_clk_src (git-fixes). - clk: qcom: gcc-sm8250: Fix gcc_sdcc2_apps_clk_src (git-fixes). - clk: sunxi-ng: Modify mismatched function name (git-fixes). - clocksource/drivers/arm_arch_timer: Do not use timer namespace for timer_shutdown() function (bsc#1213970). - clocksource/drivers/hyper-v: Rework clocksourceand sched clock setup (bsc#1206453). - clocksource/drivers/sp804: Do not use timer namespace for timer_shutdown() function (bsc#1213970). - clocksource: hyper-v: Add TSC page support for root partition (bsc#1206453). - clocksource: hyper-v: Introduce TSC PFN getter (bsc#1206453). - clocksource: hyper-v: Introduce a pointer to TSC page (bsc#1206453). - clocksource: hyper-v: Use TSC PFN getter to map vvar page (bsc#1206453). - clocksource: hyper-v: make sure Invariant-TSC is used if it is (bsc#1206453). - cpu/SMT: Allow enabling partial SMT states via sysfs (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). - cpu/SMT: Create topology_smt_thread_allowed() (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). - cpu/SMT: Move SMT prototypes into cpu_smt.h (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). - cpu/SMT: Move smt/control simple exit cases earlier (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). - cpu/SMT: Remove topology_smt_supported() (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). - cpu/SMT: Store the current/max number of threads (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). - cpufreq: Fix the race condition while updating the transition_task of policy (git-fixes). - cpufreq: intel_pstate: Adjust balance_performance EPP for Sapphire Rapids (bsc#1214659). - cpufreq: intel_pstate: Enable HWP IO boost for all servers (bsc#1208949 jsc#PED-6003 jsc#PED-6004). - cpufreq: intel_pstate: Fix scaling for hybrid-capable systems with disabled E-cores (bsc#1212526 bsc#1214368 jsc#PED-4927 jsc#PED-4929). - cpufreq: intel_pstate: Read all MSRs on the target CPU (bsc#1212526 bsc#1214368 jsc#PED-4927 jsc#PED-4929). - cpufreq: intel_pstate: hybrid: Rework HWP calibration (bsc#1212526 bsc#1214368 jsc#PED-4927 jsc#PED-4929). - cpufreq: intel_pstate: hybrid: Use known scaling factor for P-cores (bsc#1212526 bsc#1214368 jsc#PED-4927 jsc#PED-4929). - crypto: caam - fix unchecked return value error (git-fixes). - crypto: stm32 - Properly handle pm_runtime_get failing (git-fixes). - define more Hyper-V related constants(bsc#1206453). - dma-buf/sw_sync: Avoid recursive lock during fence signal (git-fixes). - dma-buf/sync_file: Fix docs syntax (git-fixes). - dmaengine: idxd: Modify the dependence of attribute pasid_enabled (git-fixes). - dmaengine: mcf-edma: Fix a potential un-allocated memory access (git-fixes). - dmaengine: pl330: Return DMA_PAUSED when transaction is paused (git-fixes). - dmaengine: ste_dma40: Add missing IRQ check in d40_probe (git-fixes). - docs/process/howto: Replace C89 with C11 (bsc#1214756). - docs: kernel-parameters: Refer to the correct bitmap function (git-fixes). - docs: networking: replace skb_hwtstamp_tx with skb_tstamp_tx (git-fixes). - docs: printk-formats: Fix hex printing of signed values (git-fixes). - driver core: test_async: fix an error code (git-fixes). - drivers: clk: keystone: Fix parameter judgment in _of_pll_clk_init() (git-fixes). - drivers: usb: smsusb: fix error handling code in smsusb_init_device (git-fixes). - drm/amd/display: Apply 60us prefetch for DCFCLK 64 VPs for a fully enlightened TDX/SNP VM (bsc#1206453). - Drivers: hv: vmbus: Support fully enlightened TDX guests (bsc#1206453). - drm: gm12u320: Fix the timeout usage for usb_bulk_msg() (git-fixes). - drm/amd/display: Add smu write msg id fail retry process (git-fixes). - drm/amd/display: enable cursor degamma for DCN3+ DRM legacy gamma (git-fixes). - drm/amd/display: fix the white screen issue when > = 64GB DRAM (git-fixes). - drm/amd/display: prevent potential division by zero errors (git-fixes). - drm/amd/display: register edp_backlight_control() for DCN301 (git-fixes). - drm/amd/display: Remove wait while locked (git-fixes). - drm/ast: Add BMC virtual connector (bsc#1152472) Backporting changes: * rename ast_device to ast_private - drm/ast: report connection status on Display Port. (bsc#1152472) Backporting changes: * rename ast_device to ast_private * context changes - drm/display: Do not assume dual mode adaptors support i2c sub-addressing (bsc#1213808). - drm/i915: mark requests for GuC virtual engines to avoiduse-after-free (git-fixes). - drm/i915/gvt: Drop unused helper intel_vgpu_reset_gtt() (git-fixes). - drm/i915/gvt: Put the page reference obtained by KVM's gfn_to_pfn() (git-fixes). - drm/i915/gvt: Verify pfn is 'valid' before dereferencing 'struct page' (git-fixes). - drm/meson: fix memory leak on -> hpd_notify callback (git-fixes). - drm/virtio: Correct drm_gem_shmem_get_sg_table() error handling (git-fixes). - drm/virtio: Use appropriate atomic state in virtio_gpu_plane_cleanup_fb() (git-fixes). - ext4: avoid potential data overflow in next_linear_group (bsc#1214951). - ext4: correct inline offset when handling xattrs in inode body (bsc#1214950). - ext4: fix memory leaks in ext4_fname_{setup_filename,prepare_lookup} (bsc#1214954). - ext4: fix wrong unit use in ext4_mb_clear_bb (bsc#1214943). - ext4: fix wrong unit use in ext4_mb_new_blocks (bsc#1214944). - ext4: get block from bh in ext4_free_blocks for fast commit replay (bsc#1214942). - ext4: reflect error codes from ext4_multi_mount_protect() to its callers (bsc#1214941). - ext4: Remove ext4 locking of moved directory (bsc#1214957). - ext4: set goal start correctly in ext4_mb_normalize_request (bsc#1214940). - fs: do not update freeing inode i_io_list (bsc#1214813). - fs: Establish locking order for unrelated directories (bsc#1214958). - fs: Lock moved directories (bsc#1214959). - fs: lockd: avoid possible wrong NULL parameter (git-fixes). - fs: no need to check source (bsc#1215752). - fs: record I_DIRTY_TIME even if inode already has I_DIRTY_INODE (bsc#1214813). - fuse: nlookup missing decrement in fuse_direntplus_link (bsc#1215581). - gve: Add AF_XDP zero-copy support for GQI-QPL format (bsc#1214479). - gve: Add XDP DROP and TX support for GQI-QPL format (bsc#1214479). - gve: Add XDP REDIRECT support for GQI-QPL format (bsc#1214479). - gve: Changes to add new TX queues (bsc#1214479). - gve: Control path for DQO-QPL (bsc#1214479). - gve: fix frag_list chaining (bsc#1214479). - gve: Fix gve interrupt names (bsc#1214479). - gve: RX path for DQO-QPL(bsc#1214479). - gve: trivial spell fix Recive to Receive (bsc#1214479). - gve: Tx path for DQO-QPL (bsc#1214479). - gve: Unify duplicate GQ min pkt desc size constants (bsc#1214479). - gve: use vmalloc_array and vcalloc (bsc#1214479). - gve: XDP support GQI-QPL: helper function changes (bsc#1214479). - hwrng: virtio - add an internal buffer (git-fixes). - hwrng: virtio - always add a pending request (git-fixes). - hwrng: virtio - do not wait on cleanup (git-fixes). - hwrng: virtio - do not waste entropy (git-fixes). - hwrng: virtio - Fix race on data_avail and actual data (git-fixes). - i2c: aspeed: Reset the i2c controller when timeout occurs (git-fixes). - i3c: master: svc: fix probe failure when no i3c device exist (git-fixes). - i915/pmu: Move execlist stats initialization to execlist specific setup (git-fixes). - idr: fix param name in idr_alloc_cyclic() doc (git-fixes). - Input: tca6416-keypad - fix interrupt enable disbalance (git-fixes). - iommu/virtio: Detach domain on endpoint release (git-fixes). - iommu/virtio: Return size mapped for a detached domain (git-fixes). - jbd2: check 'jh-> b_transaction' before removing it from checkpoint (bsc#1214953). - jbd2: correct the end of the journal recovery scan range (bsc#1214955). - jbd2: fix a race when checking checkpoint buffer busy (bsc#1214949). - jbd2: fix checkpoint cleanup performance regression (bsc#1214952). - jbd2: Fix wrongly judgement for buffer head removing while doing checkpoint (bsc#1214948). - jbd2: recheck chechpointing non-dirty buffer (bsc#1214945). - jbd2: remove journal_clean_one_cp_list() (bsc#1214947). - jbd2: remove t_checkpoint_io_list (bsc#1214946). - jbd2: restore t_checkpoint_io_list to maintain kABI (bsc#1214946). - kabi: hide changes in enum ipl_type and struct sclp_info (jsc#PED-2023 jsc#PED-2025). - kabi/severities: ignore mlx4 internal symbols - kconfig: fix possible buffer overflow (git-fixes). - kernel-binary: Move build-time definitions together Move source list and build architecture to buildrequires to aid in futurereorganization of the spec template. - kernel-binary: python3 is needed for build At least scripts/bpf_helpers_doc.py requires python3 since Linux 4.18 Other simimlar scripts may exist. - kselftest/runner.sh: Propagate SIGTERM to runner child (git-fixes). - KVM: s390: fix KVM_S390_GET_CMMA_BITS for GFNs in memslot holes (git-fixes bsc#1215915). - KVM: s390: interrupt: use READ_ONCE() before cmpxchg() (git-fixes bsc#1215896). - KVM: s390: pv: fix external interruption loop not always detected (git-fixes bsc#1215916). - KVM: s390: vsie: Fix the initialization of the epoch extension (epdx) field (git-fixes bsc#1215894). - KVM: s390: vsie: fix the length of APCB bitmap (git-fixes bsc#1215895). - KVM: s390/diag: fix racy access of physical cpu number in diag 9c handler (git-fixes bsc#1215911). - KVM: SVM: Remove a duplicate definition of VMCB_AVIC_APIC_BAR_MASK (git-fixes). - KVM: VMX: Fix header file dependency of asm/vmx.h (git-fixes). - KVM: x86: Fix KVM_CAP_SYNC_REGS's sync_regs() TOCTOU issues (git-fixes). - KVM: x86/mmu: Include mmu.h in spte.h (git-fixes). - loop: Fix use-after-free issues (bsc#1214991). - loop: loop_set_status_from_info() check before assignment (bsc#1214990). - mlx4: Avoid resetting MLX4_INTFF_BONDING per driver (bsc#1187236). - mlx4: Connect the ethernet part to the auxiliary bus (bsc#1187236). - mlx4: Connect the infiniband part to the auxiliary bus (bsc#1187236). - mlx4: Delete custom device management logic (bsc#1187236). - mlx4: Get rid of the mlx4_interface.activate callback (bsc#1187236). - mlx4: Get rid of the mlx4_interface.get_dev callback (bsc#1187236). - mlx4: Move the bond work to the core driver (bsc#1187236). - mlx4: Register mlx4 devices to an auxiliary virtual bus (bsc#1187236). - mlx4: Rename member mlx4_en_dev.nb to netdev_nb (bsc#1187236). - mlx4: Replace the mlx4_interface.event callback with a notifier (bsc#1187236). - mlx4: Use 'void *' as the event param of mlx4_dispatch_event() (bsc#1187236). - module: Expose module_init_layout_section() (git-fixes) - net: do notallow gso_size to be set to GSO_BY_FRAGS (git-fixes). - net: mana: Add page pool for RX buffers (bsc#1214040). - net: mana: Configure hwc timeout from hardware (bsc#1214037). - net: phy: micrel: Correct bit assignments for phy_device flags (git-fixes). - net: usb: qmi_wwan: add Quectel EM05GV2 (git-fixes). - net/mlx4: Remove many unnecessary NULL values (bsc#1187236). - NFS: Guard against READDIR loop when entry names exceed MAXNAMELEN (git-fixes). - NFS/blocklayout: Use the passed in gfp flags (git-fixes). - NFS/pNFS: Report EINVAL errors from connect() to the server (git-fixes). - NFSD: da_addr_body field missing in some GETDEVICEINFO replies (git-fixes). - NFSD: fix change_info in NFSv4 RENAME replies (git-fixes). - NFSD: Fix race to FREE_STATEID and cl_revoked (git-fixes). - NFSv4: Fix dropped lock for racing OPEN and delegation return (git-fixes). - NFSv4: fix out path in __nfs4_get_acl_uncached (git-fixes). - NFSv4.2: fix error handling in nfs42_proc_getxattr (git-fixes). - NFSv4.2: fix handling of COPY ERR_OFFLOAD_NO_REQ (git-fixes). - NFSv4/pnfs: minor fix for cleanup path in nfs4_get_device_info (git-fixes). - ntb: Clean up tx tail index on link down (git-fixes). - ntb: Drop packets when qp link is down (git-fixes). - ntb: Fix calculation ntb_transport_tx_free_entry() (git-fixes). - nvme-auth: use chap-> s2 to indicate bidirectional authentication (bsc#1214543). - nvme-tcp: add recovery_delay to sysfs (bsc#1201284). - nvme-tcp: delay error recovery until the next KATO interval (bsc#1201284). - nvme-tcp: Do not terminate commands when in RESETTING (bsc#1201284). - nvme-tcp: make 'err_work' a delayed work (bsc#1201284). - PCI: Free released resource after coalescing (git-fixes). - platform/mellanox: mlxbf-pmc: Fix potential buffer overflows (git-fixes). - platform/mellanox: mlxbf-pmc: Fix reading of unprogrammed events (git-fixes). - platform/mellanox: mlxbf-tmfifo: Drop jumbo frames (git-fixes). - platform/mellanox: mlxbf-tmfifo: Drop the Rx packet if no more descriptors (git-fixes). - platform/x86:intel_scu_ipc: Check status after timeout in busy_loop() (git-fixes). - platform/x86: intel_scu_ipc: Check status upon timeout in ipc_wait_for_interrupt() (git-fixes). - platform/x86: intel_scu_ipc: Do not override scu in intel_scu_ipc_dev_simple_command() (git-fixes). - platform/x86: intel_scu_ipc: Fail IPC send if still busy (git-fixes). - pNFS: Fix assignment of xprtdata.cred (git-fixes). - powerpc/fadump: make is_kdump_kernel() return false when fadump is active (bsc#1212639 ltc#202582). - powerpc/iommu: Fix notifiers being shared by PCI and VIO buses (bsc#1065729). - powerpc/xics: Remove unnecessary endian conversion (bsc#1065729). - printk: ringbuffer: Fix truncating buffer size min_t cast (bsc#1215875). - pwm: lpc32xx: Remove handling of PWM channels (git-fixes). - quota: add new helper dquot_active() (bsc#1214998). - quota: factor out dquot_write_dquot() (bsc#1214995). - quota: fix dqput() to follow the guarantees dquot_srcu should provide (bsc#1214963). - quota: fix warning in dqgrab() (bsc#1214962). - quota: Properly disable quotas when add_dquot_ref() fails (bsc#1214961). - quota: rename dquot_active() to inode_quota_active() (bsc#1214997). - RDMA/siw: Fabricate a GID on tun and loopback devices (git-fixes) - s390/dasd: fix command reject error on ESE devices (LTC#203630 bsc#1215123 git-fixes). - s390/dasd: fix hanging device after request requeue (git-fixes LTC#203629 bsc#1215124). - s390/ipl: add DEFINE_GENERIC_LOADPARM() (jsc#PED-2023). - s390/ipl: add eckd dump support (jsc#PED-2025). - s390/ipl: add eckd support (jsc#PED-2023). - s390/ipl: add loadparm parameter to eckd ipl/reipl data (jsc#PED-2023). - s390/ipl: use octal values instead of S_* macros (jsc#PED-2023). - s390/qeth: Do not call dev_close/dev_open (DOWN/UP) (bsc#1214873 git-fixes). - s390/zcrypt: do not leak memory if dev_set_name() fails (git-fixes bsc#1215148). - scsi: 3w-xxxx: Add error handling for initialization failure in tw_probe() (git-fixes). - scsi: 53c700: Check that command slot is not NULL (git-fixes). - scsi: core: Fixlegacy /proc parsing buffer overflow (git-fixes). - scsi: core: Fix possible memory leak if device_add() fails (git-fixes). - scsi: fnic: Replace return codes in fnic_clean_pending_aborts() (git-fixes). - scsi: lpfc: Do not abuse UUID APIs and LPFC_COMPRESS_VMID_SIZE (git-fixes). - scsi: lpfc: Early return after marking final NLP_DROPPED flag in dev_loss_tmo (git-fixes). - scsi: lpfc: Fix the NULL vs IS_ERR() bug for debugfs_create_file() (git-fixes). - scsi: lpfc: Modify when a node should be put in device recovery mode during RSCN (git-fixes). - scsi: lpfc: Prevent use-after-free during rmmod with mapped NVMe rports (git-fixes). - scsi: lpfc: Remove reftag check in DIF paths (git-fixes). - scsi: qedf: Add synchronization between I/O completions and abort (bsc#1210658). - scsi: qedf: Fix firmware halt over suspend and resume (git-fixes). - scsi: qedf: Fix NULL dereference in error handling (git-fixes). - scsi: qedi: Fix firmware halt over suspend and resume (git-fixes). - scsi: qla2xxx: Add logs for SFP temperature monitoring (bsc#1214928). - scsi: qla2xxx: Allow 32-byte CDBs (bsc#1214928). - scsi: qla2xxx: Error code did not return to upper layer (bsc#1214928). - scsi: qla2xxx: Fix firmware resource tracking (bsc#1214928). - scsi: qla2xxx: Fix NULL vs IS_ERR() bug for debugfs_create_dir() (git-fixes). - scsi: qla2xxx: Fix smatch warn for qla_init_iocb_limit() (bsc#1214928). - scsi: qla2xxx: Flush mailbox commands on chip reset (bsc#1214928). - scsi: qla2xxx: Move resource to allow code reuse (bsc#1214928). - scsi: qla2xxx: Remove unsupported ql2xenabledif option (bsc#1214928). - scsi: qla2xxx: Remove unused declarations (bsc#1214928). - scsi: qla2xxx: Remove unused variables in qla24xx_build_scsi_type_6_iocbs() (bsc#1214928). - scsi: qla2xxx: Update version to 10.02.09.100-k (bsc#1214928). - scsi: qla2xxx: Use raw_smp_processor_id() instead of smp_processor_id() (git-fixes). - scsi: scsi_debug: Remove dead code (git-fixes). - scsi: snic: Fix double free in snic_tgt_create() (git-fixes). - scsi: snic: Fixpossible memory leak if device_add() fails (git-fixes). - scsi: storvsc: Handle additional SRB status values (git-fixes). - scsi: zfcp: Fix a double put in zfcp_port_enqueue() (git-fixes bsc#1215941). - selftests: mlxsw: Fix test failure on Spectrum-4 (jsc#PED-1549). - selftests: tracing: Fix to unmount tracefs for recovering environment (git-fixes). - spi: Add TPM HW flow flag (bsc#1213534) - spi: tegra210-quad: Enable TPM wait polling (bsc#1213534) - spi: tegra210-quad: set half duplex flag (bsc#1213534) - SUNRPC: Mark the cred for revalidation if the server rejects it (git-fixes). - tcpm: Avoid soft reset when partner does not support get_status (git-fixes). - tpm_tis_spi: Add hardware wait polling (bsc#1213534) - tracing: Fix race issue between cpu buffer write and swap (git-fixes). - tracing: Remove extra space at the end of hwlat_detector/mode (git-fixes). - tracing: Remove unnecessary copying of tr-> current_trace (git-fixes). - uapi: stddef.h: Fix __DECLARE_FLEX_ARRAY for C++ (git-fixes). - udf: Fix extension of the last extent in the file (bsc#1214964). - udf: Fix file corruption when appending just after end of preallocated extent (bsc#1214965). - udf: Fix off-by-one error when discarding preallocation (bsc#1214966). - udf: Fix uninitialized array access for some pathnames (bsc#1214967). - Update metadata - uprobes/x86: Allow to probe a NOP instruction with 0x66 prefix (git-fixes). - usb: ehci: add workaround for chipidea PORTSC.PEC bug (git-fixes). - usb: ehci: move new member has_ci_pec_bug into hole (git-fixes). - usb: serial: option: add FOXCONN T99W368/T99W373 product (git-fixes). - usb: serial: option: add Quectel EM05G variant (0x030e) (git-fixes). - usb: typec: tcpci: clear the fault status bit (git-fixes). - usb: typec: tcpci: move tcpci.h to include/linux/usb/ (git-fixes). - vhost_vdpa: fix the crash in unmap a large memory (git-fixes). - vhost-scsi: unbreak any layout for response (git-fixes). - vhost: allow batching hint without size (git-fixes). - vhost: allow batching hint without size(git-fixes). - vhost: fix hung thread due to erroneous iotlb entries (git-fixes). - vhost: handle error while adding split ranges to iotlb (git-fixes). - virtio_net: add checking sq is full inside xdp xmit (git-fixes). - virtio_net: Fix probe failed when modprobe virtio_net (git-fixes). - virtio_net: reorder some funcs (git-fixes). - virtio_net: separate the logic of checking whether sq is full (git-fixes). - virtio_ring: fix avail_wrap_counter in virtqueue_add_packed (git-fixes). - virtio-blk: set req-> state to MQ_RQ_COMPLETE after polling I/O is finished (git-fixes). - virtio-mmio: do not break lifecycle of vm_dev (git-fixes). - virtio-net: fix race between set queues and probe (git-fixes). - virtio-net: set queues after driver_ok (git-fixes). - virtio-rng: make device ready before making request (git-fixes). - virtio: acknowledge all features before access (git-fixes). - vmcore: remove dependency with is_kdump_kernel() for exporting vmcore (bsc#1212639 ltc#202582). - watchdog: intel-mid_wdt: add MODULE_ALIAS() to allow auto-load (git-fixes). - word-at-a-time: use the same return type for has_zero regardless of endianness (bsc#1065729). - x86/alternative: Fix race in try_get_desc() (git-fixes). - x86/boot/e820: Fix typo in e820.c comment (git-fixes). - x86/bugs: Reset speculation control settings on init (git-fixes). - x86/coco: Allow CPU online/offline for a TDX VM with the paravisor on Hyper-V (bsc#1206453). - x86/coco: Export cc_vendor (bsc#1206453). - x86/cpu: Add Lunar Lake M (git-fixes). - x86/cpu: Add model number for Intel Arrow Lake processor (git-fixes). - x86/fpu: Take task_struct* in copy_sigframe_from_user_to_xstate() (git-fixes). - x86/head/64: Switch to KERNEL_CS as soon as new GDT is installed (git-fixes). - x86/hyperv: Add hv_isolation_type_tdx() to detect TDX guests (bsc#1206453). - x86/hyperv: Add hv_write_efer() for a TDX VM with the paravisor (bsc#1206453). - x86/hyperv: Add hyperv-specific handling for VMMCALL under SEV-ES (bsc#1206453). - x86/hyperv: Add missing 'inline' tohv_snp_boot_ap() stub (bsc#1206453). - x86/hyperv: Add sev-snp enlightened guest static key (bsc#1206453) - x86/hyperv: Add smp support for SEV-SNP guest (bsc#1206453). - x86/hyperv: Add VTL specific structs and hypercalls (bsc#1206453). - x86/hyperv: Fix hyperv_pcpu_input_arg handling when CPUs go online/offline (bsc#1206453). - x86/hyperv: Fix serial console interrupts for fully enlightened TDX guests (bsc#1206453). - x86/hyperv: Fix undefined reference to isolation_type_en_snp without CONFIG_HYPERV (bsc#1206453). - x86/hyperv: Introduce a global variable hyperv_paravisor_present (bsc#1206453). - x86/hyperv: Mark hv_ghcb_terminate() as noreturn (bsc#1206453). - x86/hyperv: Mark Hyper-V vp assist page unencrypted in SEV-SNP enlightened guest (bsc#1206453). - x86/hyperv: Move the code in ivm.c around to avoid unnecessary ifdef's (bsc#1206453). - x86/hyperv: Remove hv_isolation_type_en_snp (bsc#1206453). - x86/hyperv: Set Virtual Trust Level in VMBus init message (bsc#1206453). - x86/hyperv: Support hypercalls for fully enlightened TDX guests (bsc#1206453). - x86/hyperv: Use TDX GHCI to access some MSRs in a TDX VM with the paravisor (bsc#1206453). - x86/hyperv: Use vmmcall to implement Hyper-V hypercall in sev-snp enlightened guest (bsc#1206453). - x86/i8259: Mark legacy PIC interrupts with IRQ_LEVEL (git-fixes). - x86/ioapic: Do not return 0 from arch_dynirq_lower_bound() (git-fixes). - x86/ioremap: Fix page aligned size calculation in __ioremap_caller() (git-fixes). - x86/mce: Retrieve poison range from hardware (git-fixes). - x86/mem_encrypt: Unbreak the AMD_MEM_ENCRYPT=n build (git-fixes). - x86/mm: Avoid incomplete Global INVLPG flushes (git-fixes). - x86/mm: Do not shuffle CPU entry areas without KASLR (git-fixes). - x86/purgatory: remove PGO flags (git-fixes). - x86/PVH: avoid 32-bit build warning when obtaining VGA console info (git-fixes). - x86/reboot: Disable virtualization in an emergency if SVM is supported (git-fixes). - x86/resctl: fix scheduler confusion with 'current' (git-fixes). - x86/resctrl:Fix task CLOSID/RMID update race (git-fixes). - x86/resctrl: Fix to restore to original value when re-enabling hardware prefetch register (git-fixes). - x86/rtc: Remove __init for runtime functions (git-fixes). - x86/sev: Make enc_dec_hypercall() accept a size instead of npages (bsc#1214635). - x86/sgx: Reduce delay and interference of enclave release (git-fixes). - x86/srso: Do not probe microcode in a guest (git-fixes). - x86/srso: Fix SBPB enablement for spec_rstack_overflow=off (git-fixes). - x86/srso: Fix srso_show_state() side effect (git-fixes). - x86/srso: Set CPUID feature bits independently of bug or mitigation status (git-fixes). - x86/virt: Force GIF=1 prior to disabling SVM (for reboot flows) (git-fixes). - xen: remove a confusing comment on auto-translated guest I/O (git-fixes). - xprtrdma: Remap Receive buffers after a reconnect (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4073-1 Released: Fri Oct 13 11:40:26 2023 Summary: Recommended update for rpm Type: recommended Severity: low References: This update for rpm fixes the following issue: - Enables build for all python modules (jsc#PED-68, jsc#PED-1988) The following package changes have been done: - apparmor-abstractions-3.0.4-150500.11.9.1 updated - apparmor-parser-3.0.4-150500.11.9.1 updated - bind-utils-9.16.44-150500.8.12.2 updated - containerd-ctr-1.6.21-150000.95.1 updated - containerd-1.6.21-150000.95.1 updated - curl-8.0.1-150400.5.32.1 updated - dracut-055+suse.371.g5237e44a-150500.3.12.1 updated - glibc-locale-base-2.31-150300.58.1 updated - glibc-locale-2.31-150300.58.1 updated - glibc-2.31-150300.58.1 updated - kernel-default-5.14.21-150500.55.31.1 updated - libapparmor1-3.0.4-150500.11.9.1 updated - libcurl4-8.0.1-150400.5.32.1 updated - libeconf0-0.5.2-150400.3.6.1 updated - libgcc_s1-12.3.0+git1204-150000.1.16.1 updated - libhidapi-hidraw0-0.10.1-150300.3.2.1 updated - libnghttp2-14-1.40.0-150200.9.1 updated - libpython3_6m1_0-3.6.15-150300.10.51.1updated - libstdc++6-12.3.0+git1204-150000.1.16.1 updated - libxml2-2-2.10.3-150500.5.8.1 updated - login_defs-4.8.1-150400.10.12.1 updated - nfs-client-2.1.1-150500.22.3.1 updated - perl-Bootloader-0.945-150400.3.9.1 updated - python3-base-3.6.15-150300.10.51.1 updated - python3-bind-9.16.44-150500.8.12.2 updated - python3-ply-3.10-150000.3.5.1 updated - python3-3.6.15-150300.10.51.1 updated - rpm-ndb-4.14.3-150400.59.3.1 updated - runc-1.1.8-150000.49.1 updated - samba-client-libs-4.17.9+git.421.abde31ca5c2-150500.3.11.1 updated - shadow-4.8.1-150400.10.12.1 updated - supportutils-3.1.26-150300.7.35.21.1 updated - suse-build-key-12.0-150000.8.34.1 updated - suse-module-tools-15.5.2-150500.3.3.1 updated - xen-libs-4.17.2_06-150500.3.12.1 updated - zypper-1.14.64-150400.3.32.1 updated - sysfsutils-2.1.0-3.3.1 removed . The SUSE Container Update Advisory outlines essential updates and security enhancements for the container suse-sles-15-sp5-chost-byos-v20231020.. SUSE Security Advisory, Container Patches, Kernel Updates, Software Assessments, Patch Management. . Severity: Important. LinuxSecurity.com Team
Oct 16, 2023
•Important
SuSE
100
security advisoryprivilege escalationcritical issuesSUSE: 2021:2407-1 Important: Addressing Kernel Security Concerns
An update that solves 5 vulnerabilities and has 15 fixes is now available. . SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:2407-1 Rating: important References: #1065729 #1085224 #1094840 #1153720 #1170511 #1183871 #1184114 #1185032 #1185308 #1185791 #1185995 #1187050 #1187215 #1187585 #1187934 #1188010 #1188062 #1188116 #1188273 #1188274 Cross-References: CVE-2020-36385 CVE-2021-22555 CVE-2021-33909 CVE-2021-3609 CVE-2021-3612 CVSS scores: CVE-2020-36385 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2020-36385 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-22555 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-22555 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-33909 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-3609 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-3612 (SUSE): 4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that solves 5 vulnerabilities and has 15 fixes is now available. Description: The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-22555: Fixed an heap out-of-bounds write in net/netfilter/x_tables.c that could allow local provilege escalation. (bnc#1188116) - CVE-2021-33909: Fixed an out-of-bounds write in the filesystem layer that allows to andobtain full root privileges (bsc#1188062). -CVE-2021-3609: Fixed a race condition in the CAN BCM networking protocol which allows for local privilege escalation (bsc#1187215). - CVE-2021-3612: Fixed an out-of-bounds memory write flaw which could allows a local user to crash the system or possibly escalate their privileges on the system. (bsc#1187585) - CVE-2020-36385: Fixed a use-after-free flaw in ucma.c which allows for local privilege escalation (bsc#1187050). The following non-security bugs were fixed: - ACPI: property: Constify stubs for CONFIG_ACPI=n case (git-fixes). - ACPI: sysfs: Fix a buffer overrun problem with description_show() (git-fixes). - ALSA: isa: Fix error return code in snd_cmi8330_probe() (git-fixes). - arm_pmu: Fix write counter incorrect in ARMv7 big-endian mode (git-fixes). - arm64/mm: Fix ttbr0 values stored in struct thread_info for software-pan (git-fixes). - ASoC: cs42l42: Correct definition of CS42L42_ADC_PDN_MASK (git-fixes). - ASoC: hisilicon: fix missing clk_disable_unprepare() on error in hi6210_i2s_startup() (git-fixes). - ata: ahci_sunxi: Disable DIPM (git-fixes). - ath10k: Fix an error code in ath10k_add_interface() (git-fixes). - Bluetooth: mgmt: Fix slab-out-of-bounds in tlv_data_is_valid (git-fixes). - brcmfmac: correctly report average RSSI in station info (git-fixes). - brcmfmac: fix setting of station info chains bitmask (git-fixes). - brcmsmac: mac80211_if: Fix a resource leak in an error handling path (git-fixes). - can: flexcan: disable completely the ECC mechanism (git-fixes). - can: gw: synchronize rcu operations before removing gw job entry (git-fixes). - can: hi311x: hi3110_can_probe(): silence clang warning (git-fixes). - can: peak_pciefd: pucan_handle_status(): fix a potential starvation issue in TX path (git-fixes). - can: xilinx_can: xcan_chip_start(): fix failure with invalid bus (git-fixes). - cfg80211: call cfg80211_leave_ocb when switching away from OCB (git-fixes). - char: pcmcia: error out if 'num_bytes_read' is greater than 4 in set_protocol() (git-fixes). - crypto: cavium/nitrox - Fix an error rhandling path in 'nitrox_probe()' (git-fixes). - crypto: ccp - Fix a resource leak in an error handling path (12sp5). - cxgb4: fix wrong shift (git-fixes). - drm: qxl: ensure surf.data is ininitialized (git-fixes). - drm/nouveau: wait for moving fence after pinning v2 (git-fixes). - drm/radeon: wait for moving fence after pinning (git-fixes). - drm/rockchip: cdn-dp-core: add missing clk_disable_unprepare() on error in cdn_dp_grf_write() (git-fixes). - extcon: max8997: Add missing modalias string (git-fixes). - extcon: sm5502: Drop invalid register write in sm5502_reg_data (git-fixes). - fpga: stratix10-soc: Add missing fpga_mgr_free() call (git-fixes). - fuse: check connected before queueing on fpq-> io (bsc#1188273). - fuse: reject internal errno (bsc#1188274). - genirq: Disable interrupts for force threaded handlers (git-fixes) - genirq: Fix reference leaks on irq affinity notifiers (git-fixes) - genirq: Let GENERIC_IRQ_IPI select IRQ_DOMAIN_HIERARCHY (git-fixes) - genirq/irqdomain: Do not try to free an interrupt that has no (git-fixes) - gve: Fix swapped vars when fetching max queues (git-fixes). - HID: Add BUS_VIRTUAL to hid_connect logging (git-fixes). - HID: gt683r: add missing MODULE_DEVICE_TABLE (git-fixes). - HID: hid-sensor-hub: Return error for hid_set_field() failure (git-fixes). - HID: usbhid: fix info leak in hid_submit_ctrl (git-fixes). - hwmon: (max31722) Remove non-standard ACPI device IDs (git-fixes). - hwmon: (max31790) Fix fan speed reporting for fan7..12 (git-fixes). - i2c: robotfuzz-osif: fix control-request directions (git-fixes). - ibmvnic: Allow device probe if the device is not ready at boot (bsc#1184114 ltc#192237). - ibmvnic: fix kernel build warning (bsc#1184114 ltc#192237). - ibmvnic: fix kernel build warning in strncpy (bsc#1184114ltc#192237). - ibmvnic: fix kernel build warnings in build_hdr_descs_arr (bsc#1184114 ltc#192237). - ibmvnic: fix send_request_map incompatible argument (bsc#1184114 ltc#192237). - ibmvnic: free tx_pool if tso_pool alloc fails (bsc#1085224 ltc#164363). - ibmvnic: parenthesize a check (bsc#1184114 ltc#192237 bsc#1183871 ltc#192139 git-fixes). - ibmvnic: set ltb-> buff to NULL after freeing (bsc#1094840 ltc#167098). - ibmvnic: Use list_for_each_entry() to simplify code in ibmvnic.c (bsc#1184114 ltc#192237). - ibmvnic: Use strscpy() instead of strncpy() (bsc#1184114 ltc#192237). - iio: accel: bma180: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: accel: bma220: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: accel: hid: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: accel: kxcjk-1013: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: accel: stk8312: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: accel: stk8ba50: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: adc: mxs-lradc: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: adc: ti-ads1015: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: adc: vf610: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: adis_buffer: do not return ints in irq handlers (git-fixes). - iio: gyro: bmg160: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: humidity: am2315: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: light: isl29125: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: light: tcs3414: Fix buffer alignment in iio_push_to_buffers_with_timestamp()(git-fixes). - iio: ltr501: ltr501_read_ps(): add missing endianness conversion (git-fixes). - iio: ltr501: ltr559: fix initialization of LTR501_ALS_CONTR (git-fixes). - iio: ltr501: mark register holding upper 8 bits of ALS_DATA{0,1} and PS_DATA as volatile, too (git-fixes). - iio: potentiostat: lmp91000: Fix alignment of buffer in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: prox: pulsed-light: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - Input: hil_kbd - fix error return code in hil_dev_connect() (git-fixes). - Input: usbtouchscreen - fix control-request directions (git-fixes). - leds: ktd2692: Fix an error handling path (git-fixes). - leds: trigger: fix potential deadlock with libata (git-fixes). - lib/decompressors: remove set but not used variabled 'level' (git-fixes). - lpfc: Decouple port_template and vport_template (bsc#1185032). - mac80211: remove iwlwifi specific workaround NDPs of null_response (git-fixes). - mac80211: remove warning in ieee80211_get_sband() (git-fixes). - media: dtv5100: fix control-request directions (git-fixes). - media: dvb-usb: fix wrong definition (git-fixes). - media: exynos4-is: Fix a use after free in isp_video_release (git-fixes). - media: gspca/gl860: fix zero-length control requests (git-fixes). - media: gspca/sq905: fix control-request direction (git-fixes). - media: gspca/sunplus: fix zero-length control requests (git-fixes). - media: I2C: change 'RST' to "RSET" to fix multiple build errors (git-fixes). - media: rtl28xxu: fix zero-length control request (git-fixes). - media: s5p-g2d: Fix a memory leak on ctx-> fh.m2m_ctx (git-fixes). - media: siano: Fix out-of-bounds warnings in smscore_load_firmware_family2() (git-fixes). - media: tc358743: Fix error return code in tc358743_probe_of() (git-fixes). - media: zr364xx: fix memory leak in zr364xx_start_readpipe (git-fixes). - memory: atmel-ebi: add missingof_node_put for loop iteration (git-fixes). - memory: fsl_ifc: fix leak of IO mapping on probe failure (git-fixes). - memory: fsl_ifc: fix leak of private memory on probe failure (git-fixes). - memory: gpmc: fix out of bounds read and dereference on gpmc_cs[] (git-fixes). - mlxsw: spectrum: Do not process learned records with a dummy FID (git-fixes). - mmc: block: Disable CMDQ on the ioctl path (git-fixes). - mmc: core: clear flags before allowing to retune (git-fixes). - mmc: sdhci-esdhc-imx: remove unused is_imx6q_usdhc (git-fixes). - mmc: sdhci: Fix warning message when accessing RPMB in HS400 mode (git-fixes). - mmc: usdhi6rol0: fix error return code in usdhi6_probe() (git-fixes). - mmc: vub3000: fix control-request direction (git-fixes). - mwifiex: re-fix for unaligned accesses (git-fixes). - net: caif: Fix debugfs on 64-bit platforms (git-fixes). - net: dsa: qca8k: Use up to 7 ports for all operations (git-fixes). - net: stmmac: Correctly take timestamp for PTPv2 (git-fixes). - net: usb: fix possible use-after-free in smsc75xx_bind (git-fixes). - netsec: restore phy power state after controller reset (git-fixes). - nvme: verify MNAN value if ANA is enabled (bsc#1185791). - PCI: Mark some NVIDIA GPUs to avoid bus reset (git-fixes). - PCI: Mark TI C667X to avoid bus reset (git-fixes). - PCI: Work around Huawei Intelligent NIC VF FLR erratum (git-fixes). - r8152: Avoid memcpy() over-reading of ETH_SS_STATS (git-fixes). - reset: a10sr: add missing of_match_table reference (git-fixes). - reset: bail if try_module_get() fails (git-fixes). - reset: sti: reset-syscfg: fix struct description warnings (git-fixes). - Revert "ALSA: bebob/oxfw: fix Kconfig entry for Mackie d.2 Pro" (git-fixes). - Revert "hwmon: (lm80) fix a missing check of bus read in lm80 probe" (git-fixes). - Revert "ibmvnic: remove duplicate napi_schedule call in open function" (bsc#1065729). - Revert "PCI: PM: Do not read powerstate in pci_enable_device_flags()" (git-fixes). - Revert "USB: cdc-acm: fix rounding error in TIOCSSERIAL" (git-fixes). - sched/cpufreq/schedutil: Fix error path mutex unlock (git-fixes) - sched/fair: Do not assign runtime for throttled cfs_rq (git-fixes) - sched/fair: Fix unfairness caused by missing load decay (git-fixes) - sched/numa: Fix a possible divide-by-zero (git-fixes) - scsi: mpt3sas: Fix kernel panic observed on soft HBA unplug (bsc#1185995). - scsi: qedf: Do not put host in qedf_vport_create() unconditionally (bsc#1170511). - scsi: ufs: ufshcd-pltfrm depends on HAS_IOMEM (bsc#1188010). - serial: mvebu-uart: clarify the baud rate derivation (git-fixes). - serial: mvebu-uart: correctly calculate minimal possible baudrate (git-fixes). - serial: mvebu-uart: do not allow changing baudrate when uartclk is not available (git-fixes). - serial: mvebu-uart: fix calculation of clock divisor (git-fixes). - spi: spi-sun6i: Fix chipselect/clock bug (git-fixes). - spi: tegra114: Fix an error message (git-fixes). - staging: gdm724x: check for buffer overflow in gdm_lte_multi_sdu_pkt() (git-fixes). - staging: gdm724x: check for overflow in gdm_lte_netif_rx() (git-fixes). - tty: nozomi: Fix a resource leak in an error handling function (git-fixes). - tty: nozomi: Fix the error handling path of 'nozomi_card_init()' (git-fixes). - usb: typec: Add the missed altmode_id_remove() in typec_register_altmode() (git-fixes). - watchdog: aspeed: fix hardware timeout calculation (git-fixes). - watchdog: sp805: Fix kernel doc description (git-fixes). - wcn36xx: Move hal_buf allocation to devm_kmalloc in probe (git-fixes). - wireless: carl9170: fix LEDS build errors and warnings (git-fixes). - x86/debug: Extend the lower bound of crash kernel low reservations (bsc#1153720). - x86/kvm: Disable all PV features on crash (bsc#1185308). - x86/kvm: Disable kvmclock on all CPUs on shutdown (bsc#1185308). -x86/kvm: Fix pr_info() for async PF setup/teardown (bsc#1185308). - x86/kvm: Teardown PV features on boot CPU as well (bsc#1185308). - x86/kvm: Unify kvm_pv_guest_cpu_reboot() with kvm_guest_cpu_offline() (bsc#1185308). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-2407=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (noarch): kernel-devel-azure-4.12.14-16.65.1 kernel-source-azure-4.12.14-16.65.1 - SUSE Linux Enterprise Server 12-SP5 (x86_64): kernel-azure-4.12.14-16.65.1 kernel-azure-base-4.12.14-16.65.1 kernel-azure-base-debuginfo-4.12.14-16.65.1 kernel-azure-debuginfo-4.12.14-16.65.1 kernel-azure-debugsource-4.12.14-16.65.1 kernel-azure-devel-4.12.14-16.65.1 kernel-syms-azure-4.12.14-16.65.1 References: https://www.suse.com/security/cve/CVE-2020-36385.html https://www.suse.com/security/cve/CVE-2021-22555.html https://www.suse.com/security/cve/CVE-2021-33909.html https://www.suse.com/security/cve/CVE-2021-3609.html https://www.suse.com/security/cve/CVE-2021-3612.html https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1085224 https://bugzilla.suse.com/1094840 https://bugzilla.suse.com/1153720 https://bugzilla.suse.com/1170511 https://bugzilla.suse.com/1183871 https://bugzilla.suse.com/1184114 https://bugzilla.suse.com/1185032 https://bugzilla.suse.com/1185308 https://bugzilla.suse.com/1185791 https://bugzilla.suse.com/1185995 https://bugzilla.suse.com/1187050 https://bugzilla.suse.com/1187215 https://bugzilla.suse.com/1187585 https://bugzilla.suse.com/1187934 https://bugzilla.suse.com/1188010 https://bugzilla.suse.com/1188062 https://bugzilla.suse.com/1188116 https://bugzilla.suse.com/1188273 https://bugzilla.suse.com/1188274 . Fedora OS Kernel Patch Release: Essential remedies for multiple vulnerabilities have been deployed. A system restart is advised after the update.. SUSE Linux Kernel Fixes, Security Update Announcement, Privilege Escalation Mitigation. . Severity: Important. LinuxSecurity.com Team
Jul 20, 2021
•Important
SuSE
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!