Stay Vigilant with Timely Linux Security Advisories

security advisorymoderateupdate

SUSE: Multi-Linux Manager 4.3 Moderate Security Advisory 2025:4479-1

An update that solves six vulnerabilities and contains one feature can now be installed.. # Maintenance update for Multi-Linux Manager 4.3 Release Notes Release Notes Announcement ID: SUSE-SU-2025:4479-1 Release Date: 2025-12-18T12:15:07Z Rating: moderate References: * bsc#1237060 * bsc#1241455 * bsc#1250911 * bsc#1251864 * bsc#1253024 * jsc#MSQA-1039 Cross-References: * CVE-2025-11065 * CVE-2025-47911 * CVE-2025-58190 * CVE-2025-62348 * CVE-2025-62349 * CVE-2025-64751 CVSS scores: * CVE-2025-11065 ( SUSE ): 5.7 CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2025-11065 ( SUSE ): 4.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N * CVE-2025-47911 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-47911 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-58190 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-58190 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-62348 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-62348 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-62349 ( SUSE ): 7.5 CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N * CVE-2025-62349 ( SUSE ): 6.2 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:L * CVE-2025-64751 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N * CVE-2025-64751 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N * CVE-2025-64751 ( NVD ): 5.8 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Affected Products: * openSUSE Leap 15.4 * SUSE Manager Proxy 4.3 * SUSE Manager Proxy 4.3 LTS * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Retail Branch Server 4.3 LTS * SUSE Manager Server4.3 * SUSE Manager Server 4.3 LTS An update that solves six vulnerabilities and contains one feature can now be installed. ## Recommended update 4.3.16.2 Unscheduled for Multi-Linux Manager Proxy and Retail Branch Server LTS ### Description: This update fixes the following issues: release-notes-susemanager-proxy: * Update to SUSE Manager 4.3.16.2 ## Security update 4.3.16.2 for Multi-Linux Manager Server LTS ### Description: This update fixes the following issues: release-notes-susemanager: * Update to SUSE Manager 4.3.16.2 * SUSE Linux Enterprise Server 15 SP6 LTSS channels enabled * CVEs Fixed: CVE-2025-11065, CVE-2025-64751, CCVE-2025-47911, CVE-2025-58190 CVE-2025-62349, CVE-2025-62348 * Bugs mentioned: bsc#1237060, bsc#1241455, bsc#1250911, bsc#1251864, bsc#1253024 ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Manager Server 4.3 LTS zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-LTS-2025-4479=1 * openSUSE Leap 15.4 zypper in -t patch SUSE-2025-4479=1 * SUSE Manager Proxy 4.3 LTS zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-LTS-2025-4479=1 * SUSE Manager Retail Branch Server 4.3 LTS zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.3-LTS-2025-4479=1 ## Package List: * SUSE Manager Server 4.3 LTS (noarch) * release-notes-susemanager-4.3.16.2-150400.3.148.1 * openSUSE Leap 15.4 (noarch) * release-notes-susemanager-proxy-4.3.16.2-150400.3.104.2 * release-notes-susemanager-4.3.16.2-150400.3.148.1 * SUSE Manager Proxy 4.3 LTS (noarch) * release-notes-susemanager-proxy-4.3.16.2-150400.3.104.2 * SUSE Manager Retail Branch Server 4.3 LTS (noarch) * release-notes-susemanager-proxy-4.3.16.2-150400.3.104.2 ## References: * https://www.suse.com/security/cve/CVE-2025-11065.html *https://www.suse.com/security/cve/CVE-2025-47911.html * https://www.suse.com/security/cve/CVE-2025-58190.html * https://www.suse.com/security/cve/CVE-2025-62348.html * https://www.suse.com/security/cve/CVE-2025-62349.html * https://www.suse.com/security/cve/CVE-2025-64751.html * https://bugzilla.suse.com/show_bug.cgi?id=1237060 * https://bugzilla.suse.com/show_bug.cgi?id=1241455 * https://bugzilla.suse.com/show_bug.cgi?id=1250911 * https://bugzilla.suse.com/show_bug.cgi?id=1251864 * https://bugzilla.suse.com/show_bug.cgi?id=1253024 * https://jira.suse.com/login.jsp?permissionViolation=true&os_destination=https%3A%2F%2Fjira.suse.com%2Fbrowse%2FMSQA-1039 . Update for Multi-Linux Manager 4.3 fixes six flaws and adds a feature. Recommended due to moderate severity concerns.. Multi-Linux Manager, SUSE update, security advisory, maintenance patch. . LinuxSecurity.com Team

Dec 18, 2025 SuSE

security advisoryfedoraupdate

Fedora 43: python3-docs Update 2025-e235793f10 - Maintenance Release

This is the second maintenance release of Python 3.14. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-e235793f10 2025-12-10 01:33:03.602028+00:00 -------------------------------------------------------------------------------- Name : python3-docs Product : Fedora 43 Version : 3.14.2 Release : 1.fc43 URL : https://www.python.org/ Summary : Documentation for the Python 3 programming language Description : The python3-docs package contains documentation on the Python 3 programming language and interpreter. -------------------------------------------------------------------------------- Update Information: This is the second maintenance release of Python 3.14 -------------------------------------------------------------------------------- ChangeLog: * Fri Dec 5 2025 Miro Hron\u010dok - 3.14.2-1 - Update to Python 3.14.2 * Wed Dec 3 2025 Karolina Surma - 3.14.1-1 - Update to Python 3.14.1 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2393850 - kicad crashes during python runtime initialization https://bugzilla.redhat.com/show_bug.cgi?id=2393850 [ 2 ] Bug #2413058 - CVE-2025-6075 python3.14: Quadratic complexity in os.path.expandvars() with user-controlled template [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2413058 [ 3 ] Bug #2414940 - argparse colorize fails if a tty is not available, like in mod_wsgi https://bugzilla.redhat.com/show_bug.cgi?id=2414940 [ 4 ] Bug #2416523 - Python 3.14 Stack overflow check very very broken https://bugzilla.redhat.com/show_bug.cgi?id=2416523 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-e235793f10' at the command line. For more information, refer to the dnf documentation availableat http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- . Python 3.14.2 documentation update for Fedora 43 includes maintenance fixes and is essential for developers.. Fedora 43, Python 3.14, software documentation, maintenance release. . Severity: Informational. LinuxSecurity.com Team

Dec 10, 2025 •Informational Fedora

security advisorysecurity issuecritical

SUSE Multi-Linux Manager 4.3 Important Update for CVE-2025-23392, DoS

* bsc#1157520 * bsc#1191142 * bsc#1209060 * bsc#1211373 * bsc#1213952 . # Maintenance update for Multi-Linux Manager 4.3: Server, Proxy and Retail Branch Server Announcement ID: SUSE-SU-2025:02475-1 Release Date: 2025-07-23T12:36:59Z Rating: critical References: * bsc#1157520 * bsc#1191142 * bsc#1209060 * bsc#1211373 * bsc#1213952 * bsc#1216187 * bsc#1221031 * bsc#1225740 * bsc#1230403 * bsc#1230908 * bsc#1233371 * bsc#1234608 * bsc#1236601 * bsc#1236635 * bsc#1236779 * bsc#1236810 * bsc#1236877 * bsc#1236910 * bsc#1237060 * bsc#1237082 * bsc#1237294 * bsc#1237403 * bsc#1237581 * bsc#1237694 * bsc#1237770 * bsc#1238922 * bsc#1238924 * bsc#1239102 * bsc#1239154 * bsc#1239604 * bsc#1239743 * bsc#1239826 * bsc#1239868 * bsc#1239907 * bsc#1240038 * bsc#1240386 * bsc#1240666 * bsc#1240842 * bsc#1241239 * bsc#1241286 * bsc#1241455 * bsc#1241490 * bsc#1242004 * bsc#1242030 * bsc#1242148 * bsc#1242554 * bsc#1242911 * bsc#1243239 * bsc#1243460 * bsc#1243724 * bsc#1243825 * bsc#1244065 * bsc#1244290 * bsc#1245005 * bsc#1245027 * bsc#1245222 * bsc#1245368 * bsc#1246119 * bsc#1246788 * jsc#MSQA-993 * jsc#PED-12321 Cross-References: * CVE-2025-23392 * CVE-2025-23393 * CVE-2025-46809 * CVE-2025-46811 CVSS scores: * CVE-2025-23392 ( SUSE ): 5.7 CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:A/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2025-23392 ( SUSE ): 5.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:N * CVE-2025-23392 ( NVD ): 5.7 CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:A/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-23392 ( NVD ): 5.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:N * CVE-2025-23393 ( SUSE ): 5.8 CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H * CVE-2025-23393 ( SUSE ): 6.0 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L * CVE-2025-23393 ( NVD): 5.7 CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:A/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-23393 ( NVD ): 5.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:N * CVE-2025-46809 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N * CVE-2025-46809 ( SUSE ): 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N * CVE-2025-46811 ( SUSE ): 9.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-46811 ( SUSE ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.3 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 * SUSE Linux Enterprise Desktop 15 SP1 * SUSE Linux Enterprise Desktop 15 SP2 * SUSE Linux Enterprise Desktop 15 SP3 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise High Performance Computing 15 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.0 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP1 * SUSE Linux Enterprise Real Time 15 SP2 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux EnterpriseServer 15 SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Manager Client Tools for SLE 15 * SUSE Manager Client Tools for SLE Micro 5 * SUSE Manager Proxy 4.3 * SUSE Manager Proxy 4.3 Module * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * SUSE Manager Server 4.3 Module An update that solves four vulnerabilities, contains two features and has 55 security fixes can now be installed. ## Security update 4.3.16 for Multi-Linux Manager Proxy and Retail Branch Server ### Description: This update fixes the following issues: mgr-daemon: * Version 4.3.12-0: * Updated translation strings proxy-helm: * Version 4.3.17: * Chart rebuilt to the newest version with updated dependencies for SUSE Manager 4.3.16 proxy-httpd-image: * Version 4.3.18: * Image rebuilt to the newest version with updated dependencies for SUSE Manager 4.3.16 proxy-salt-broker-image: * Version 4.3.18: * Image rebuilt to the newest version with updated dependencies for SUSE Manager 4.3.16 proxy-squid-image: * Version 4.3.18: * Image rebuilt to the newest version with updated dependencies for SUSE Manager 4.3.16 proxy-ssh-image: * Version 4.3.18: * Image rebuilt to the newest version with updated dependencies for SUSE Manager 4.3.16 proxy-tftpd-image: * Version 4.3.18: * Image rebuilt to the newest version with updateddependencies for SUSE Manager 4.3.16 spacecmd: * Version 4.3.31-0: * Improved translation update process spacewalk-backend: * version 4.3.33-0 * Security issues fixed: * CVE-2025-46809: Do not expose HTTP Proxy password when breaking URL format (bsc#1245005) * Other bugs fixed: * Enhance permissions for reposync zypper cache * Version 4.3.32-0: * Removed python3-simplejson use in spacewalk-repo-sync (bsc#1236635) * Improved translation update process * Make reposync allow commas as part of HTTP Proxy password (bsc#1243460) * Removed bootloader linux and initrd files from spacewalk-debug * Use libzypp's Curl2 backend during reposync (bsc#1245222) spacewalk-client-tools: * Version 4.3.23-0: * Improved translation update process spacewalk-proxy-installer: * Version 4.3.12-0: * Fixed configure-proxy not updating squid size correctly after switch to aufs backend spacewalk-web: * Version 4.3.45-0: * Security issues fixed: * CVE-2025-23392, CVE-2025-23393: Filter user input in systems list page (bsc#1239826, bsc#1240386) * Other bugs fixed: * Fix: Filters of type Product Temporary Fix cannot be created (bsc#1238922) * Better handling of system list filtering (bsc#1242004) * Improve translation update process supportutils-plugin-susemanager-client, supportutils-plugin-susemanager-proxy: * Version 4.3.5-0: * Backported supportutils plugin resource functions, replacing the removed supportutils scplugin.rc functions with those provided by supportconfig.rc susemanager-build-keys: * Changed keys to use SHA256 UIDs instead of SHA1 (bsc#1237294, bsc#1236779, jsc#PED-12321) * Renamed `build-alp-09d9ea69-645b99ce.asc` to `build-alp-09d9ea69.asc` * Renamed `gpg-pubkey-3fa1d6ce-63c9481c.asc` to `gpg-pubkey-3fa1d6ce.asc` * Adjusted `suse_ptf_key_2023.asc` and `suse_ptf_key.asc` susemanager-tftpsync-recv: * Version 4.3.10-0: * Fixed possible errors replacing IP addresses and FQDNs for proxies on PXE and Grub files(bsc#1236601) uyuni-proxy-systemd-services: * Version 4.3.16-0: * Updated to SUSE Manager 4.3.16 How to apply this update: 1. Log in as root user to the SUSE Multi-Linux Manager Proxy or Retail Branch Server. 2. Stop the proxy service: `spacewalk-proxy stop` 3. Apply the patch using either zypper patch or YaST Online Update. 4. Start the Spacewalk service: `spacewalk-proxy start` ## Security update 4.3.16 for Multi-Linux Manager Server ### Description: This update fixes the following issues: cobbler: * Prevent crash during Cobbler startup on NFS environments (bsc#1240666) * Synchronize cobbler add and sync actions (bsc#1233371) * Exclude disabled profiles from buildiso gen (bsc#1230908) grafana-formula: * Version 4.3.0: * Added SUSE Linux Enterprise Server 15 SP7 to the supported versions (bsc#1245368) * Dropped old unsupported SUSE versions from the supported versions list * Migrated from deprecated Graph panels to new timeseries panels inter-server-sync: * Version 0.3.7-0: * Added SSL signed export and import validation (bsc#1241239) * Version 0.3.6-0: * Included /var/log/hub (bsc#1243724) spacecmd: * Version 4.3.31-0: * Improved translation update process spacewalk-admin: * Version 4.3.33-0 * Security issues fixed: * CVE-2025-46809: Do not expose HTTP Proxy password when breaking URL format (bsc#1245005) * Other bugs fixed: * Enhance permissions for reposync zypper cache * Version 4.3.14-0: * Added support for environment variables in rhn-config-satellite (bsc#1242148) * mgr-monitoring-ctl: avoid possible errors due to non-ascii characters (bsc#1242030) spacewalk-backend: * Version 4.3.32-0 * Removed python3-simplejson use in spacewalk-repo-sync (bsc#1236635) * Improved translation update process * Make reposync allow commas as part of HTTP Proxy password (bsc#1243460) * Removed bootloader linux and initrd files from spacewalk-debug * Use libzypp's Curl2 backend during reposync(bsc#1245222) spacewalk-client-tools: * Version 4.3.23-0 * Improved translation update process spacewalk-config: * Version 4.3.16-0 * Allow passing environment variables to rhn-config-satellite (bsc#1242148) spacewalk-java: * Version 4.3.87-0 * Security issues fixed: * CVE-2025-46811: Clean up stale sessions on websocket open (bsc#1246119) * Version 4.3.86-0: * Security issues fixed: * CVE-2025-23393: Filter user input in systems list page (bsc#1240386) * Other bugs fixed: * Fixed tooltip text for icons in the patches list (bsc#1234608) * Fixed openscap audit is running immediately even when scheduled for next days (bsc#1239743) * Adds calling a highstate in the API for actionchain (bsc#1157520) * Fixed behavior of `reboot_suggested` or `restart_suggested` by API (bsc#1236910) * Fixed action chain scheduled within SSM creates no link for the new action chain (bsc#1243825) * Fixed severity levels missing in API output of errata.getDetails (bsc#1240038) * Fixed internal server error when accessing groups in activation keys (bsc#1237581) * Fixed http_proxy_password stored as clear text in /var/log/messages (bsc#1242148) * Fixed `manage errors` in user-defined pillars (bsc#1230403) * In CLM live-patching template form, show kernel versions from base product as well (bsc#1239907) * Improved handling of system list filtering (bsc#1242004) * Fixed issue preventing OES products from showing up (bsc#1237082) * Fixed config channels not following priority in highstate (bsc#1237694) * Improved performance when changing channels on multiple system through SSM (bsc#1239154) * Fixed package locking for packages not available anymore in the assigned repositories (bsc#1236877) * Do not show Vendor Advisory link for SL-Micro 6.0 and 6.1 products (bsc#1237770) * Fixed API namespace for AdminPaygHandler * Fixed CLM channel name definition (bsc#1239868) * Fixed XMLRPC API endpoint updateRepoSsl repository property * FixedAPI documentation for system config listFiles (bsc#1245027) * Fixed inconsistency in task schedule deactivation and add activation capability (bsc#1225740) spacewalk-utils: * Version 4.3.24-0: * Removed spacewalk-clone-by-date dependency on python3-simplejson spacewalk-web: * Version 4.3.45-0: * Security issues fixed: * CVE-2025-23392, CVE-2025-23393: Filter user input in systems list page (bsc#1239826, bsc#1240386) * Other bugs fixed: * Fix: Filters of type Product Temporary Fix cannot be created (bsc#1238922) * Improved handling of system list filtering (bsc#1242004) * Improved translation update process subscription-matcher: * Version 0.40: * Fixed integer overflow which can cause a division by zero error (bsc#1243239) * Version 0.39: * Fixed the wrong matching for 2 Sockets or 2 VMs subscription string (bsc#1238924) * Fixed logging issues * Updated runtime dependencies supportutils-plugin-susemanager: * Version 4.3.15-0: * Backported supportutils plugin resource functions, replacing the removed supportutils `scplugin.rc` functions with those provided by `supportconfig.rc` susemanager: * Version 4.3.42-0: * Fixed bootstrap repository definition for SLE 15 SP7 and support only bootstrapping with salt-bundle (bsc#1246788) * Version 4.3.41-0: * Improved translation update process susemanager-build-keys: * Changed keys to use SHA256 UIDs instead of SHA1 (bsc#1237294, bsc#1236779, jsc#PED-12321) * Renamed `build-alp-09d9ea69-645b99ce.asc` to `build-alp-09d9ea69.asc` * Renamed `gpg-pubkey-3fa1d6ce-63c9481c.asc` to `gpg-pubkey-3fa1d6ce.asc` * Adjusted `suse_ptf_key_2023.asc` and `suse_ptf_key.asc` susemanager-docs_en: * SUSE Manager 4.3.16 Update * Added information about missing monitoring package to Administration Guide (bsc#1191142) * Added missing script parameters in Installation and Upgrade Guide (bsc#1216187) * Added reference to the list of supported SCAP profiles (bsc#1213952) * Extendedinformation in an admonition in Specialized Guides (bsc#1221031) * Added missing 4505 and 4506 Salt ports in network requirements in Installation and Upgrade Guide * Removed references to the methods no longer used from Reference Guide (bsc#1209060) * Fixed Python script in Administration Guide (bsc#1244290) * Extended troubleshooting section with a reposync example (bsc#1211373) * Added section about enabling SUSE Manager 4.3 LTS in Installation and Upgrade Guide * Added missing Task Schedules to the list and updated the Task Schedule page to reflect changesânow only allowing disabling of tasks, not deletion in the Administration Guide * Added SUSE Linux Enterprise 15 SP7 as a supported client * Fixed asciidoc menu macro issue with duplicate css class, menu items now display correctly * Added note about autoyast profiles not having passwords * Added details about the behavior of the rescheduled failed action (bsc#1244065) * Updated Network Requirement section to add settings for server configuration behind HTTP OSI level 7 Proxy * Clarified that NFS with Cobbler is not supported (bsc#1240666) * Fixed a URL link in Common Workflows Guide (bsc#1242911) * Documented uptodate action in Common Workflows Guide as background information * Documented renaming the journal folder when changing machine ID in Administration Guide (bsc#1241286) * Fixed removing Salt bundle client procedure in Client Configuration Guide * Added referenced target and remove obsolete section in Common Workflows (bsc#1240842, bsc#1242554) * Fixed GPG key import command in Administration Guide (bsc#1239102) * Added java.smtp_server parameter for mail configuration in Administration Guide (bsc#1241490) * Added system_listeventhistory to spacecmd reference in Reference Guide (bsc#1239604) * Added links to supported features tables for third party operating systems (bsc#1236810) * Fixed typo in Installation and Upgrade Guide (bsc#1237403) *Added note to limit Squid's cache_dir size to 60% of available free space in Installation and Upgrade Guide susemanager-schema: * Version 4.3.29-0: * Fixed typo in OES 24.4 channel definition susemanager-sls: * Version 4.3.47-0: * Change uptodate recurring action to use dist-upgrade instead of upgrade for Debian systems (bsc#1237060) * Adjust SLS files for SUSE Linux Enterprise SP7 and other systems running higher Python versions * Optimize SAP module to prevent high IO workload (bsc#1241455) susemanager-sync-data: * Version 4.3.24-0: * Fixed typo in OES 24.4 product definition How to apply this update: 1. Log in as root user to the SUSE Multi-Linux Manager Server. 2. Stop the Spacewalk service: `spacewalk-service stop` 3. Apply the patch using either zypper patch or YaST Online Update. 4. Start the Spacewalk service: `spacewalk-service start` ## Recommended update for SUSE Manager Client Tools ### Description: This update fixes the following issues: uyuni-proxy-systemd-services: * Version 4.3.16-0: * Updated to SUSE Manager 4.3.16 ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Manager Proxy 4.3 Module zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.3-2025-2475=1 * SUSE Manager Server 4.3 Module zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.3-2025-2475=1 * SUSE Manager Client Tools for SLE 15 zypper in -t patch SUSE-SLE-Manager-Tools-15-2025-2475=1 * SUSE Manager Client Tools for SLE Micro 5 zypper in -t patch SUSE-SLE-Manager-Tools-For-Micro-5-2025-2475=1 ## Package List: * SUSE Manager Proxy 4.3 Module (noarch) * spacewalk-proxy-installer-4.3.12-150400.3.9.2 * uyuni-proxy-systemd-services-4.3.16-150000.1.33.1 * python3-spacewalk-check-4.3.23-150400.3.39.3 * supportutils-plugin-susemanager-client-4.3.5-150400.3.9.2 *spacecmd-4.3.31-150400.3.48.2 * spacewalk-base-minimal-4.3.45-150400.3.60.3 * spacewalk-client-setup-4.3.23-150400.3.39.3 * mgr-daemon-4.3.12-150400.3.24.2 * spacewalk-client-tools-4.3.23-150400.3.39.3 * susemanager-build-keys-15.4.11-150400.3.35.2 * susemanager-tftpsync-recv-4.3.10-150400.3.12.2 * spacewalk-check-4.3.23-150400.3.39.3 * python3-spacewalk-client-setup-4.3.23-150400.3.39.3 * supportutils-plugin-susemanager-proxy-4.3.5-150400.3.9.2 * spacewalk-backend-4.3.33-150400.3.55.2 * spacewalk-base-minimal-config-4.3.45-150400.3.60.3 * python3-spacewalk-client-tools-4.3.23-150400.3.39.3 * susemanager-build-keys-web-15.4.11-150400.3.35.2 * SUSE Manager Server 4.3 Module (noarch) * spacewalk-backend-sql-postgresql-4.3.33-150400.3.55.2 * spacewalk-backend-4.3.33-150400.3.55.2 * subscription-matcher-0.40-150400.3.28.2 * susemanager-sync-data-4.3.24-150400.3.44.2 * spacewalk-utils-4.3.24-150400.3.35.4 * spacewalk-backend-applet-4.3.33-150400.3.55.2 * spacewalk-backend-server-4.3.33-150400.3.55.2 * spacewalk-base-minimal-4.3.45-150400.3.60.3 * uyuni-config-modules-4.3.47-150400.3.61.4 * spacewalk-backend-config-files-common-4.3.33-150400.3.55.2 * spacewalk-client-tools-4.3.23-150400.3.39.3 * spacewalk-backend-sql-4.3.33-150400.3.55.2 * spacewalk-java-4.3.87-150400.3.110.2 * susemanager-sls-4.3.47-150400.3.61.4 * spacewalk-html-4.3.45-150400.3.60.3 * spacewalk-java-config-4.3.87-150400.3.110.2 * spacewalk-config-4.3.16-150400.3.24.2 * spacewalk-utils-extras-4.3.24-150400.3.35.4 * susemanager-build-keys-15.4.11-150400.3.35.2 * spacecmd-4.3.31-150400.3.48.2 * spacewalk-taskomatic-4.3.87-150400.3.110.2 * susemanager-schema-4.3.29-150400.3.51.2 * spacewalk-admin-4.3.14-150400.3.15.3 * susemanager-docs_en-pdf-4.3.16-150400.9.72.2 * cobbler-3.3.3-150400.5.58.3 * spacewalk-base-4.3.45-150400.3.60.3 * susemanager-docs_en-4.3.16-150400.9.72.2 *spacewalk-java-postgresql-4.3.87-150400.3.110.2 * spacewalk-java-lib-4.3.87-150400.3.110.2 * spacewalk-backend-package-push-server-4.3.33-150400.3.55.2 * susemanager-build-keys-web-15.4.11-150400.3.35.2 * spacewalk-backend-tools-4.3.33-150400.3.55.2 * supportutils-plugin-susemanager-4.3.15-150400.3.33.2 * spacewalk-backend-iss-export-4.3.33-150400.3.55.2 * spacewalk-backend-config-files-4.3.33-150400.3.55.2 * susemanager-schema-utility-4.3.29-150400.3.51.2 * spacewalk-backend-xml-export-libs-4.3.33-150400.3.55.2 * spacewalk-backend-xmlrpc-4.3.33-150400.3.55.2 * spacewalk-backend-app-4.3.33-150400.3.55.2 * spacewalk-backend-config-files-tool-4.3.33-150400.3.55.2 * spacewalk-base-minimal-config-4.3.45-150400.3.60.3 * spacewalk-backend-iss-4.3.33-150400.3.55.2 * python3-spacewalk-client-tools-4.3.23-150400.3.39.3 * grafana-formula-4.3.0-150400.3.24.2 * SUSE Manager Server 4.3 Module (ppc64le s390x x86_64) * inter-server-sync-0.3.7-150400.3.39.4 * susemanager-4.3.42-150400.3.66.1 * inter-server-sync-debuginfo-0.3.7-150400.3.39.4 * susemanager-tools-4.3.42-150400.3.66.1 * SUSE Manager Client Tools for SLE 15 (noarch) * uyuni-proxy-systemd-services-4.3.16-150000.1.33.1 * SUSE Manager Client Tools for SLE Micro 5 (noarch) * uyuni-proxy-systemd-services-4.3.16-150000.1.33.1 ## References: * https://www.suse.com/security/cve/CVE-2025-23392.html * https://www.suse.com/security/cve/CVE-2025-23393.html * https://www.suse.com/security/cve/CVE-2025-46809.html * https://www.suse.com/security/cve/CVE-2025-46811.html * https://bugzilla.suse.com/show_bug.cgi?id=1157520 * https://bugzilla.suse.com/show_bug.cgi?id=1191142 * https://bugzilla.suse.com/show_bug.cgi?id=1209060 * https://bugzilla.suse.com/show_bug.cgi?id=1211373 * https://bugzilla.suse.com/show_bug.cgi?id=1213952 * https://bugzilla.suse.com/show_bug.cgi?id=1216187 * https://bugzilla.suse.com/show_bug.cgi?id=1221031 *https://bugzilla.suse.com/show_bug.cgi?id=1225740 * https://bugzilla.suse.com/show_bug.cgi?id=1230403 * https://bugzilla.suse.com/show_bug.cgi?id=1230908 * https://bugzilla.suse.com/show_bug.cgi?id=1233371 * https://bugzilla.suse.com/show_bug.cgi?id=1234608 * https://bugzilla.suse.com/show_bug.cgi?id=1236601 * https://bugzilla.suse.com/show_bug.cgi?id=1236635 * https://bugzilla.suse.com/show_bug.cgi?id=1236779 * https://bugzilla.suse.com/show_bug.cgi?id=1236810 * https://bugzilla.suse.com/show_bug.cgi?id=1236877 * https://bugzilla.suse.com/show_bug.cgi?id=1236910 * https://bugzilla.suse.com/show_bug.cgi?id=1237060 * https://bugzilla.suse.com/show_bug.cgi?id=1237082 * https://bugzilla.suse.com/show_bug.cgi?id=1237294 * https://bugzilla.suse.com/show_bug.cgi?id=1237403 * https://bugzilla.suse.com/show_bug.cgi?id=1237581 * https://bugzilla.suse.com/show_bug.cgi?id=1237694 * https://bugzilla.suse.com/show_bug.cgi?id=1237770 * https://bugzilla.suse.com/show_bug.cgi?id=1238922 * https://bugzilla.suse.com/show_bug.cgi?id=1238924 * https://bugzilla.suse.com/show_bug.cgi?id=1239102 * https://bugzilla.suse.com/show_bug.cgi?id=1239154 * https://bugzilla.suse.com/show_bug.cgi?id=1239604 * https://bugzilla.suse.com/show_bug.cgi?id=1239743 * https://bugzilla.suse.com/show_bug.cgi?id=1239826 * https://bugzilla.suse.com/show_bug.cgi?id=1239868 * https://bugzilla.suse.com/show_bug.cgi?id=1239907 * https://bugzilla.suse.com/show_bug.cgi?id=1240038 * https://bugzilla.suse.com/show_bug.cgi?id=1240386 * https://bugzilla.suse.com/show_bug.cgi?id=1240666 * https://bugzilla.suse.com/show_bug.cgi?id=1240842 * https://bugzilla.suse.com/show_bug.cgi?id=1241239 * https://bugzilla.suse.com/show_bug.cgi?id=1241286 * https://bugzilla.suse.com/show_bug.cgi?id=1241455 * https://bugzilla.suse.com/show_bug.cgi?id=1241490 * https://bugzilla.suse.com/show_bug.cgi?id=1242004 * https://bugzilla.suse.com/show_bug.cgi?id=1242030 *https://bugzilla.suse.com/show_bug.cgi?id=1242148 * https://bugzilla.suse.com/show_bug.cgi?id=1242554 * https://bugzilla.suse.com/show_bug.cgi?id=1242911 * https://bugzilla.suse.com/show_bug.cgi?id=1243239 * https://bugzilla.suse.com/show_bug.cgi?id=1243460 * https://bugzilla.suse.com/show_bug.cgi?id=1243724 * https://bugzilla.suse.com/show_bug.cgi?id=1243825 * https://bugzilla.suse.com/show_bug.cgi?id=1244065 * https://bugzilla.suse.com/show_bug.cgi?id=1244290 * https://bugzilla.suse.com/show_bug.cgi?id=1245005 * https://bugzilla.suse.com/show_bug.cgi?id=1245027 * https://bugzilla.suse.com/show_bug.cgi?id=1245222 * https://bugzilla.suse.com/show_bug.cgi?id=1245368 * https://bugzilla.suse.com/show_bug.cgi?id=1246119 * https://bugzilla.suse.com/show_bug.cgi?id=1246788 * https://jira.suse.com/login.jsp?permissionViolation=true&os_destination=%2Fbrowse%2FMSQA-993&page_caps=&user_role= * https://jira.suse.com/login.jsp?permissionViolation=true&os_destination=%2Fbrowse%2FPED-12321&page_caps=&user_role= . Essential upgrade announcement for Multi-Linux Supervisor 4.3 addresses various vulnerabilities affecting numerous SUSE applications.. SUSE Manager, Multi-Linux Manager, security update, critical patch, SUSE Linux. . Severity: Important. LinuxSecurity.com Team

Jul 23, 2025 •Important SuSE

security advisorycriticalSuSE

SUSE: Multi-Linux Manager 4.3 Critical Security Update 2025:02476-1

* bsc#1157520 * bsc#1191142 * bsc#1209060 * bsc#1211373 * bsc#1213952 . # Maintenance update for Multi-Linux Manager 4.3 Release Notes Release Notes Announcement ID: SUSE-SU-2025:02476-1 Release Date: 2025-07-23T12:37:13Z Rating: critical References: * bsc#1157520 * bsc#1191142 * bsc#1209060 * bsc#1211373 * bsc#1213952 * bsc#1216187 * bsc#1221031 * bsc#1225740 * bsc#1230403 * bsc#1230908 * bsc#1233371 * bsc#1234608 * bsc#1236601 * bsc#1236635 * bsc#1236779 * bsc#1236810 * bsc#1236877 * bsc#1236910 * bsc#1237060 * bsc#1237082 * bsc#1237294 * bsc#1237403 * bsc#1237581 * bsc#1237694 * bsc#1237770 * bsc#1238922 * bsc#1238924 * bsc#1239102 * bsc#1239154 * bsc#1239604 * bsc#1239743 * bsc#1239826 * bsc#1239868 * bsc#1239907 * bsc#1240038 * bsc#1240386 * bsc#1240666 * bsc#1240842 * bsc#1241239 * bsc#1241286 * bsc#1241455 * bsc#1241490 * bsc#1242004 * bsc#1242030 * bsc#1242148 * bsc#1242554 * bsc#1242911 * bsc#1243239 * bsc#1243460 * bsc#1243724 * bsc#1243825 * bsc#1244065 * bsc#1244290 * bsc#1245005 * bsc#1245027 * bsc#1245222 * bsc#1245368 * bsc#1246119 * jsc#MSQA-993 Cross-References: * CVE-2024-38822 * CVE-2024-38823 * CVE-2024-38824 * CVE-2024-38825 * CVE-2025-22236 * CVE-2025-22237 * CVE-2025-22238 * CVE-2025-22239 * CVE-2025-22240 * CVE-2025-22241 * CVE-2025-22242 * CVE-2025-23392 * CVE-2025-23393 * CVE-2025-46809 * CVE-2025-46811 CVSS scores: * CVE-2024-38822 ( SUSE ): 5.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2024-38822 ( SUSE ): 2.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N * CVE-2024-38822 ( NVD ): 2.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N * CVE-2024-38823 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2024-38823 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2024-38823 ( NVD ): 2.7CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N * CVE-2024-38824 ( SUSE ): 9.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N * CVE-2024-38824 ( SUSE ): 9.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N * CVE-2024-38824 ( NVD ): 9.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N * CVE-2024-38824 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2024-38825 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N * CVE-2024-38825 ( SUSE ): 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N * CVE-2024-38825 ( NVD ): 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N * CVE-2025-22236 ( SUSE ): 6.1 CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:L * CVE-2025-22236 ( SUSE ): 8.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L * CVE-2025-22236 ( NVD ): 8.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L * CVE-2025-22237 ( SUSE ): 8.4 CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-22237 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2025-22237 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2025-22238 ( SUSE ): 6.7 CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2025-22238 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N * CVE-2025-22238 ( NVD ): 4.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N * CVE-2025-22239 ( SUSE ): 6.1 CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:L * CVE-2025-22239 ( SUSE ): 8.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L * CVE-2025-22239 ( NVD ): 8.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L * CVE-2025-22240 ( SUSE ): 5.4 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-22240 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H * CVE-2025-22240 ( NVD ): 6.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H * CVE-2025-22241 ( SUSE ): 5.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N *CVE-2025-22241 ( SUSE ): 5.6 CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N * CVE-2025-22241 ( NVD ): 5.6 CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N * CVE-2025-22242 ( SUSE ): 6.7 CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-22242 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2025-22242 ( NVD ): 5.6 CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:H * CVE-2025-23392 ( SUSE ): 5.7 CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:A/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2025-23392 ( SUSE ): 5.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:N * CVE-2025-23392 ( NVD ): 5.7 CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:A/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-23392 ( NVD ): 5.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:N * CVE-2025-23393 ( SUSE ): 5.8 CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H * CVE-2025-23393 ( SUSE ): 6.0 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L * CVE-2025-23393 ( NVD ): 5.7 CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:A/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-23393 ( NVD ): 5.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:N * CVE-2025-46809 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N * CVE-2025-46809 ( SUSE ): 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N * CVE-2025-46811 ( SUSE ): 9.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-46811 ( SUSE ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves 15 vulnerabilities, contains one feature and has 43 security fixes can now be installed. ## Security update 4.3.16 for Multi-Linux Manager Proxy and RetailBranch Server ### Description: This update fixes the following issues: release-notes-susemanager-proxy: * Update to SUSE Manager 4.3.16 * CVE Fixed CVE-2025-23392, CVE-2025-23393, CVE-2025-46809 * Bugs mentioned: bsc#1236601, bsc#1236635, bsc#1236779, bsc#1237294, bsc#1238922 bsc#1239826, bsc#1240386, bsc#1242004, bsc#1243460, bsc#1245222 bsc#1245005 ## Security update 4.3.16 for Multi-Linux Manager Server ### Description: This update fixes the following issues: release-notes-susemanager: * Update to SUSE Manager 4.3.16 * Important Salt Security Update * Added support for SUSE Linux Enterprise 15 SP7 as a client using the Salt Bundle * CVE Fixed CVE-2025-23392, CVE-2025-23393, CVE-2024-38824, CVE-2025-22239 CVE-2025-22236, CVE-2025-22237, CVE-2024-38825, CVE-2025-22240 CVE-2024-38823, CVE-2025-22241, CVE-2025-22238, CVE-2025-22242 CVE-2024-38822, CVE-2025-46811, CVE-2025-46809 * Bugs mentioned: bsc#1157520, bsc#1191142, bsc#1209060, bsc#1211373, bsc#1213952 bsc#1216187, bsc#1221031, bsc#1225740, bsc#1230403, bsc#1230908 bsc#1233371, bsc#1234608, bsc#1236635, bsc#1236779, bsc#1236810 bsc#1236877, bsc#1236910, bsc#1237060, bsc#1237082, bsc#1237294 bsc#1237403, bsc#1237581, bsc#1237694, bsc#1237770, bsc#1238922 bsc#1238924, bsc#1239102, bsc#1239154, bsc#1239604, bsc#1239743 bsc#1239826, bsc#1239868, bsc#1239907, bsc#1240038, bsc#1240386 bsc#1240666, bsc#1240842, bsc#1241239, bsc#1241286, bsc#1241455 bsc#1241490, bsc#1242004, bsc#1242030, bsc#1242148, bsc#1242554 bsc#1242911, bsc#1243239, bsc#1243460, bsc#1243724, bsc#1243825 bsc#1244065, bsc#1244290, bsc#1245027, bsc#1245222, bsc#1245368 bsc#1245005, bsc#1246119 ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Manager Retail Branch Server 4.3 zypper in -t patchSUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.3-2025-2476=1 * SUSE Manager Server 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2025-2476=1 * openSUSE Leap 15.4 zypper in -t patch SUSE-2025-2476=1 * SUSE Manager Proxy 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2025-2476=1 ## Package List: * SUSE Manager Retail Branch Server 4.3 (noarch) * release-notes-susemanager-proxy-4.3.16-150400.3.98.1 * SUSE Manager Server 4.3 (noarch) * release-notes-susemanager-4.3.16-150400.3.140.1 * openSUSE Leap 15.4 (noarch) * release-notes-susemanager-proxy-4.3.16-150400.3.98.1 * release-notes-susemanager-4.3.16-150400.3.140.1 * SUSE Manager Proxy 4.3 (noarch) * release-notes-susemanager-proxy-4.3.16-150400.3.98.1 ## References: * https://www.suse.com/security/cve/CVE-2024-38822.html * https://www.suse.com/security/cve/CVE-2024-38823.html * https://www.suse.com/security/cve/CVE-2024-38824.html * https://www.suse.com/security/cve/CVE-2024-38825.html * https://www.suse.com/security/cve/CVE-2025-22236.html * https://www.suse.com/security/cve/CVE-2025-22237.html * https://www.suse.com/security/cve/CVE-2025-22238.html * https://www.suse.com/security/cve/CVE-2025-22239.html * https://www.suse.com/security/cve/CVE-2025-22240.html * https://www.suse.com/security/cve/CVE-2025-22241.html * https://www.suse.com/security/cve/CVE-2025-22242.html * https://www.suse.com/security/cve/CVE-2025-23392.html * https://www.suse.com/security/cve/CVE-2025-23393.html * https://www.suse.com/security/cve/CVE-2025-46809.html * https://www.suse.com/security/cve/CVE-2025-46811.html * https://bugzilla.suse.com/show_bug.cgi?id=1157520 * https://bugzilla.suse.com/show_bug.cgi?id=1191142 * https://bugzilla.suse.com/show_bug.cgi?id=1209060 * https://bugzilla.suse.com/show_bug.cgi?id=1211373 * https://bugzilla.suse.com/show_bug.cgi?id=1213952 * https://bugzilla.suse.com/show_bug.cgi?id=1216187 *https://bugzilla.suse.com/show_bug.cgi?id=1221031 * https://bugzilla.suse.com/show_bug.cgi?id=1225740 * https://bugzilla.suse.com/show_bug.cgi?id=1230403 * https://bugzilla.suse.com/show_bug.cgi?id=1230908 * https://bugzilla.suse.com/show_bug.cgi?id=1233371 * https://bugzilla.suse.com/show_bug.cgi?id=1234608 * https://bugzilla.suse.com/show_bug.cgi?id=1236601 * https://bugzilla.suse.com/show_bug.cgi?id=1236635 * https://bugzilla.suse.com/show_bug.cgi?id=1236779 * https://bugzilla.suse.com/show_bug.cgi?id=1236810 * https://bugzilla.suse.com/show_bug.cgi?id=1236877 * https://bugzilla.suse.com/show_bug.cgi?id=1236910 * https://bugzilla.suse.com/show_bug.cgi?id=1237060 * https://bugzilla.suse.com/show_bug.cgi?id=1237082 * https://bugzilla.suse.com/show_bug.cgi?id=1237294 * https://bugzilla.suse.com/show_bug.cgi?id=1237403 * https://bugzilla.suse.com/show_bug.cgi?id=1237581 * https://bugzilla.suse.com/show_bug.cgi?id=1237694 * https://bugzilla.suse.com/show_bug.cgi?id=1237770 * https://bugzilla.suse.com/show_bug.cgi?id=1238922 * https://bugzilla.suse.com/show_bug.cgi?id=1238924 * https://bugzilla.suse.com/show_bug.cgi?id=1239102 * https://bugzilla.suse.com/show_bug.cgi?id=1239154 * https://bugzilla.suse.com/show_bug.cgi?id=1239604 * https://bugzilla.suse.com/show_bug.cgi?id=1239743 * https://bugzilla.suse.com/show_bug.cgi?id=1239826 * https://bugzilla.suse.com/show_bug.cgi?id=1239868 * https://bugzilla.suse.com/show_bug.cgi?id=1239907 * https://bugzilla.suse.com/show_bug.cgi?id=1240038 * https://bugzilla.suse.com/show_bug.cgi?id=1240386 * https://bugzilla.suse.com/show_bug.cgi?id=1240666 * https://bugzilla.suse.com/show_bug.cgi?id=1240842 * https://bugzilla.suse.com/show_bug.cgi?id=1241239 * https://bugzilla.suse.com/show_bug.cgi?id=1241286 * https://bugzilla.suse.com/show_bug.cgi?id=1241455 * https://bugzilla.suse.com/show_bug.cgi?id=1241490 * https://bugzilla.suse.com/show_bug.cgi?id=1242004 *https://bugzilla.suse.com/show_bug.cgi?id=1242030 * https://bugzilla.suse.com/show_bug.cgi?id=1242148 * https://bugzilla.suse.com/show_bug.cgi?id=1242554 * https://bugzilla.suse.com/show_bug.cgi?id=1242911 * https://bugzilla.suse.com/show_bug.cgi?id=1243239 * https://bugzilla.suse.com/show_bug.cgi?id=1243460 * https://bugzilla.suse.com/show_bug.cgi?id=1243724 * https://bugzilla.suse.com/show_bug.cgi?id=1243825 * https://bugzilla.suse.com/show_bug.cgi?id=1244065 * https://bugzilla.suse.com/show_bug.cgi?id=1244290 * https://bugzilla.suse.com/show_bug.cgi?id=1245005 * https://bugzilla.suse.com/show_bug.cgi?id=1245027 * https://bugzilla.suse.com/show_bug.cgi?id=1245222 * https://bugzilla.suse.com/show_bug.cgi?id=1245368 * https://bugzilla.suse.com/show_bug.cgi?id=1246119 * https://jira.suse.com/login.jsp?permissionViolation=true&os_destination=%2Fbrowse%2FMSQA-993&page_caps=&user_role= . Important upgrade for Universal-Linux Administrator 5.1 tackles several concerns and applies various fixes. Safeguard your networks!. SUSE Manager, Multi-Linux, Security Update, Maintenance Update. . Severity: Critical. LinuxSecurity.com Team

Jul 23, 2025 •Critical SuSE

security advisorymoderateSUSE

SUSE: 2025:01985-1 moderate: Multi-Linux Manager 4.3 maintenance update

* jsc#MSQA-992 Cross-References: * CVE-2023-45288 * CVE-2024-11741 . # Maintenance update for Multi-Linux Manager 4.3 Release Notes Release Notes Announcement ID: SUSE-SU-2025:01985-1 Release Date: 2025-06-18T02:07:51Z Rating: moderate References: * jsc#MSQA-992 Cross-References: * CVE-2023-45288 * CVE-2024-11741 * CVE-2024-45337 * CVE-2024-45339 * CVE-2024-47535 * CVE-2024-51744 * CVE-2024-9264 * CVE-2024-9476 * CVE-2025-22870 * CVE-2025-22872 * CVE-2025-2703 * CVE-2025-27144 * CVE-2025-3454 * CVE-2025-3580 * CVE-2025-4123 CVSS scores: * CVE-2023-45288 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2023-45288 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2024-11741 ( SUSE ): 2.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2024-11741 ( SUSE ): 3.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2024-11741 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2024-45337 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2024-45337 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2024-45339 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-45339 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H * CVE-2024-45339 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2024-47535 ( SUSE ): 5.6 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-47535 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2024-47535 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-51744 ( SUSE ): 2.1 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2024-51744 ( SUSE ): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N * CVE-2024-51744 ( NVD ): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N * CVE-2024-9264 ( SUSE ): 9.4 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2024-9264 ( SUSE ): 9.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2024-9264 ( NVD ): 9.4 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2024-9264 ( NVD ): 9.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2024-9264 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-9476 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2024-9476 ( NVD ): 5.1 CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2024-9476 ( NVD ): 0.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:N * CVE-2025-22870 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-22870 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L * CVE-2025-22870 ( NVD ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L * CVE-2025-22872 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L * CVE-2025-22872 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L * CVE-2025-22872 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L * CVE-2025-2703 ( SUSE ): 6.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L * CVE-2025-2703 ( NVD ): 6.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L * CVE-2025-27144 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-27144 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-27144 ( NVD ): 6.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-3454 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2025-3454 ( NVD ): 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N * CVE-2025-3580 ( SUSE ): 7.0 CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2025-3580 ( SUSE ): 5.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H * CVE-2025-3580 ( NVD ): 5.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H * CVE-2025-4123 ( SUSE ): 7.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L * CVE-2025-4123 ( NVD ): 7.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L Affected Products: * openSUSE Leap 15.4 * SUSE Manager Server 4.3 An update that solves 15 vulnerabilities and contains one feature can now be installed. ## Description: This update fixes the following issues: release-notes-susemanager: * Update to SUSE Manager 4.3.15.2 * SUSE Manager 4.3 will transition to LTS after June 2025 * CVE Fixed CVE-2023-45288, CVE-2024-11741, CVE-2024-45337, CVE-2024-45339 CVE-2024-51744, CVE-2024-9264, CVE-2024-9476, CVE-2025-22870 CVE-2025-22872, CVE-2025-2703 CVE-2025-27144, CVE-2025-3454 CVE-2025-3580, CVE-2025-4123, CVE-2024-47535 ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2025-1985=1 * SUSE Manager Server 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2025-1985=1 ## Package List: * openSUSE Leap 15.4 (noarch) * release-notes-susemanager-4.3.15.2-150400.3.133.1 * SUSE Manager Server 4.3 (noarch) * release-notes-susemanager-4.3.15.2-150400.3.133.1 ## References: * https://www.suse.com/security/cve/CVE-2023-45288.html *https://www.suse.com/security/cve/CVE-2024-11741.html * https://www.suse.com/security/cve/CVE-2024-45337.html * https://www.suse.com/security/cve/CVE-2024-45339.html * https://www.suse.com/security/cve/CVE-2024-47535.html * https://www.suse.com/security/cve/CVE-2024-51744.html * https://www.suse.com/security/cve/CVE-2024-9264.html * https://www.suse.com/security/cve/CVE-2024-9476.html * https://www.suse.com/security/cve/CVE-2025-22870.html * https://www.suse.com/security/cve/CVE-2025-22872.html * https://www.suse.com/security/cve/CVE-2025-2703.html * https://www.suse.com/security/cve/CVE-2025-27144.html * https://www.suse.com/security/cve/CVE-2025-3454.html * https://www.suse.com/security/cve/CVE-2025-3580.html * https://www.suse.com/security/cve/CVE-2025-4123.html * https://jira.suse.com/login.jsp?permissionViolation=true&os_destination=%2Fbrowse%2FMSQA-992&page_caps=&user_role= . The recent release of SUSE Manager 4.3 offers solutions to various concerns and includes vital maintenance information for both users and administrators.. SUSE Manager 4.3, security advisory, update instructions. . LinuxSecurity.com Team

Jun 18, 2025 SuSE

security advisorysecurity issueupdate

Oracle Linux 8 ELSA-2024-12884 critical: kernel security updates

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2024-12884 http://linux.oracle.com/errata/ELSA-2024-12884.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: kernel-uek-5.4.17-2136.338.4.1.el8uek.x86_64.rpm kernel-uek-container-5.4.17-2136.338.4.1.el8uek.x86_64.rpm kernel-uek-container-debug-5.4.17-2136.338.4.1.el8uek.x86_64.rpm kernel-uek-debug-5.4.17-2136.338.4.1.el8uek.x86_64.rpm kernel-uek-debug-devel-5.4.17-2136.338.4.1.el8uek.x86_64.rpm kernel-uek-devel-5.4.17-2136.338.4.1.el8uek.x86_64.rpm kernel-uek-doc-5.4.17-2136.338.4.1.el8uek.noarch.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates//kernel-uek-5.4.17-2136.338.4.1.el8uek.src.rpm RelatedCVEs: CVE-2024-26734 CVE-2024-26885 CVE-2024-26921 CVE-2024-40953 CVE-2024-41016 CVE-2024-42229 CVE-2024-44931 CVE-2024-46849 CVE-2024-46853 CVE-2024-46854 CVE-2024-47670 CVE-2024-47671 CVE-2024-47672 CVE-2024-47674 CVE-2024-47679 CVE-2024-47684 CVE-2024-47685 CVE-2024-47692 CVE-2024-47696 CVE-2024-47697 CVE-2024-47698 CVE-2024-47699 CVE-2024-47701 CVE-2024-47709 CVE-2024-47710 CVE-2024-47712 CVE-2024-47713 CVE-2024-47723 CVE-2024-47737 CVE-2024-47740 CVE-2024-47742 CVE-2024-47747 CVE-2024-47749 CVE-2024-47756 CVE-2024-47757 CVE-2024-49851 CVE-2024-49860 CVE-2024-49867 CVE-2024-49868 CVE-2024-49877 CVE-2024-49878 CVE-2024-49879 CVE-2024-49882 CVE-2024-49883 CVE-2024-49892 CVE-2024-49894 CVE-2024-49896 CVE-2024-49900 CVE-2024-49902 CVE-2024-49903 CVE-2024-49924 CVE-2024-49938 CVE-2024-49944 CVE-2024-49948 CVE-2024-49949 CVE-2024-49952 CVE-2024-49955 CVE-2024-49957 CVE-2024-49959 CVE-2024-49962 CVE-2024-49963 CVE-2024-49965 CVE-2024-49966 CVE-2024-49967 CVE-2024-49973 CVE-2024-49981 CVE-2024-49982 CVE-2024-49985 CVE-2024-49995 CVE-2024-49997 CVE-2024-50006 CVE-2024-50007 CVE-2024-50008 CVE-2024-50024 CVE-2024-50033 CVE-2024-50035 CVE-2024-50039 CVE-2024-50040 CVE-2024-50044 CVE-2024-50045 CVE-2024-50059 CVE-2024-50074 CVE-2024-50082 CVE-2024-50089 CVE-2024-50096 CVE-2024-50099 CVE-2024-50116 CVE-2024-50117 CVE-2024-50127 CVE-2024-50131 CVE-2024-50134 CVE-2024-50142 CVE-2024-50143 CVE-2024-50148 CVE-2024-50150 CVE-2024-50151 CVE-2024-50167 CVE-2024-50168 CVE-2024-50171 CVE-2024-50179 CVE-2024-50180 CVE-2024-50184 CVE-2024-50194 CVE-2024-50195 CVE-2024-50199 CVE-2024-50202 CVE-2024-50205 CVE-2024-50210 CVE-2024-50218 CVE-2024-50228 CVE-2024-50229 CVE-2024-50230 CVE-2024-50233 CVE-2024-50234 CVE-2024-50236 CVE-2024-50237 CVE-2024-50251 CVE-2024-50262 CVE-2024-53057 CVE-2024-53059 CVE-2024-53060 CVE-2024-53097 Description of changes: [5.4.17-2136.338.4.1.el8uek] - Revert "ocfs2: fix the la space leak when unmounting an ocfs2 volume" (Sherry Yang) [Orabug: 37383196] [5.4.17-2136.338.4.el8uek] - devlink: fixpossible use-after-free and memory leaks in devlink_init() (Vasiliy Kovalev) [Orabug: 37284641] {CVE-2024-26734} - mm: avoid leaving partial pfn mappings around in error case (Linus Torvalds) [Orabug: 37174200] {CVE-2024-47674} - mm: add remap_pfn_range_notrack (Christoph Hellwig) [Orabug: 37174200] {CVE-2024-47674} - mm/memory.c: make remap_pfn_range() reject unaligned addr (Alex Zhang) [Orabug: 37174200] {CVE-2024-47674} - mm: fix ambiguous comments for better code readability (chenqiwu) [Orabug: 37174200] {CVE-2024-47674} - mm: clarify a confusing comment for remap_pfn_range() (WANG Wenhu) [Orabug: 37174200] {CVE-2024-47674} [5.4.17-2136.338.3.el8uek] - drm/amdgpu: prevent NULL pointer dereference if ATIF is not supported (Antonio Quartulli) [Orabug: 37304754] {CVE-2024-53060} - rds: Add rds stuck shutdown timeout (Rohit Nair) [Orabug: 37180926] - ACPI: ioremap: avoid redundant rounding to OS page size (Ard Biesheuvel) [Orabug: 37243611] - blk-mq: fix missing blk_account_io_done() in error path (Yu Kuai) [Orabug: 37280096] - Revert "net/mlx5: disable the 'fast unload' feature on Exadata systems" (Qing Huang) [Orabug: 37285309] [5.4.17-2136.338.2.el8uek] - LTS tag: v5.4.285 (Sherry Yang) - mm: krealloc: Fix MTE false alarm in __do_krealloc (Qun-Wei Lin) [Orabug: 37331939] {CVE-2024-53097} - mac80211: always have ieee80211_sta_restart() (Johannes Berg) - vt: prevent kernel-infoleak in con_font_get() (Jeongjun Park) - Revert "drm/mipi-dsi: Set the fwnode for mipi_dsi_device" (Jason-JH.Lin) - mm: shmem: fix data-race in shmem_getattr() (Jeongjun Park) [Orabug: 37268581] {CVE-2024-50228} - nilfs2: fix kernel bug due to missing clearing of checked flag (Ryusuke Konishi) [Orabug: 37268589] {CVE-2024-50230} - ocfs2: pass u64 to ocfs2_truncate_inline maybe overflow (Edward Adam Davis) [Orabug: 37268564] {CVE-2024-50218} - riscv: Remove unused GENERATING_ASM_OFFSETS (Chunyan Zhang) - nilfs2: fix potential deadlock with newly created symlinks (Ryusuke Konishi) [Orabug: 37268585] {CVE-2024-50229} -staging: iio: frequency: ad9832: fix division by zero in ad9832_calc_freqreg() (Zicheng Qu) [Orabug: 37268598] {CVE-2024-50233} - wifi: iwlegacy: Clear stale interrupts before resuming device (Ville SyrjÃ¤lÃ¤) [Orabug: 37268603] {CVE-2024-50234} - wifi: ath10k: Fix memory leak in management tx (Manikanta Pubbisetty) [Orabug: 37268611] {CVE-2024-50236} - wifi: mac80211: do not pass a stopped vif to the driver in .get_txpower (Felix Fietkau) [Orabug: 37268614] {CVE-2024-50237} - Revert "driver core: Fix uevent_show() vs driver detach race" (Greg Kroah-Hartman) - xhci: Fix Link TRB DMA in command ring stopped completion event (Faisal Hassan) - usb: phy: Fix API devm_usb_put_phy() can not release the phy (Zijun Hu) - usbip: tools: Fix detach_port() invalid port error path (Zongmin Zhou) - misc: sgi-gru: Don't disable preemption in GRU driver (Dimitri Sivanich) - net: amd: mvme147: Fix probe banner message (Daniel Palmer) - firmware: arm_sdei: Fix the input parameter of cpuhp_remove_state() (Xiongfeng Wang) - drivers/misc: ti-st: Remove unneeded variable in st_tty_open (zhong jiang) - netfilter: nft_payload: sanitize offset and length before calling skb_checksum() (Pablo Neira Ayuso) [Orabug: 37268671] {CVE-2024-50251} - net: skip offload for NETIF_F_IPV6_CSUM if ipv6 header contains extension (BenoÃ®t Monin) - net: support ip generic csum processing in skb_csum_hwoffload_help (Xin Long) - bpf: Fix out-of-bounds write in trie_get_next_key() (Byeonguk Jeong) [Orabug: 37268703] {CVE-2024-50262} - net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT (Pedro Tammela) [Orabug: 37304741] {CVE-2024-53057} - gtp: allow -1 to be specified as file description from userspace (Pablo Neira Ayuso) - gtp: simplify error handling code in 'gtp_encap_enable()' (Christophe JAILLET) - dt-bindings: gpu: Convert Samsung Image Rotator to dt-schema (Maciej Falkowski) - ASoC: cs42l51: Fix some error handling paths in cs42l51_probe() (Christophe JAILLET) - wifi: iwlwifi: mvm: Fix response handling in iwl_mvm_send_recovery_cmd() (DanielGabay) [Orabug: 37304750] {CVE-2024-53059} - wifi: iwlwifi: mvm: disconnect station vifs if recovery failed (Emmanuel Grumbach) - mac80211: Add support to trigger sta disconnect on hardware restart (Youghandhar Chintala) - mac80211: do drv_reconfig_complete() before restarting all (Johannes Berg) - wifi: mac80211: skip non-uploaded keys in ieee80211_iter_keys (Felix Fietkau) - cgroup: Fix potential overflow issue when checking max_depth (Xiu Jianfeng) - xfrm: validate new SA's prefixlen using SA family when sel.family is unset (Sabrina Dubroca) [Orabug: 37264076] {CVE-2024-50142} - arm64/uprobes: change the uprobe_opcode_t typedef to fix the sparse warning (junhua huang) - selinux: improve error checking in sel_write_load() (Paul Moore) - hv_netvsc: Fix VF namespace also in synthetic NIC NETDEV_REGISTER event (Haiyang Zhang) - ALSA: hda/realtek: Add subwoofer quirk for Acer Predator G9-593 (JosÃ© Relvas) - nilfs2: fix kernel bug due to missing clearing of buffer delay flag (Ryusuke Konishi) [Orabug: 37252378] {CVE-2024-50116} - ACPI: button: Add DMI quirk for Samsung Galaxy Book2 to fix initial lid detection issue (Shubham Panwar) - ACPI: resource: Add LG 16T90SP to irq1_level_low_skip_override[] (Christian Heusel) - drm/amd: Guard against bad data for ATIF ACPI method (Mario Limonciello) [Orabug: 37252384] {CVE-2024-50117} - ALSA: hda/realtek: Update default depop procedure (Kailang Yang) - ALSA: firewire-lib: Avoid division by zero in apply_constraint_to_size() (Andrey Shumilin) [Orabug: 37264275] {CVE-2024-50205} - posix-clock: posix-clock: Fix unbalanced locking in pc_clock_settime() (Jinjie Ruan) [Orabug: 37304479] {CVE-2024-50210} - r8169: avoid unsolicited interrupts (Heiner Kallweit) - net: sched: fix use-after-free in taprio_change() (Dmitry Antipov) [Orabug: 37252408] {CVE-2024-50127} - net: usb: usbnet: fix name regression (Oliver Neukum) - be2net: fix potential memory leak in be_xmit() (Wang Hai) [Orabug: 37264144] {CVE-2024-50167} - net/sun3_82586: fix potential memory leak insun3_82586_send_packet() (Wang Hai) [Orabug: 37264150] {CVE-2024-50168} - tracing: Consider the NULL character when validating the event length (Leo Yan) [Orabug: 37252416] {CVE-2024-50131} - jfs: Fix sanity check in dbMount (Dave Kleikamp) - udf: fix uninit-value use in udf_get_fileshortad (Gianfranco Trad) [Orabug: 37264081] {CVE-2024-50143} - drm/vboxvideo: Replace fake VLA at end of vbva_mouse_pointer_shape with real VLA (Hans de Goede) [Orabug: 37252421] {CVE-2024-50134} - KVM: s390: gaccess: Check if guest address is in memslot (Nico Boehr) - KVM: s390: gaccess: Cleanup access to guest pages (Janis Schoetterl-Glausch) - KVM: s390: gaccess: Refactor access address range check (Janis Schoetterl-Glausch) - KVM: s390: gaccess: Refactor gpa and length calculation (Janis Schoetterl-Glausch) - arm64: probes: Fix uprobes for big-endian kernels (Mark Rutland) [Orabug: 37264237] {CVE-2024-50194} - arm64:uprobe fix the uprobe SWBP_INSN in big-endian (junhua huang) - Bluetooth: bnep: fix wild-memory-access in proto_unregister (Ye Bin) [Orabug: 37264097] {CVE-2024-50148} - usb: typec: altmode should keep reference to parent (Thadeu Lima de Souza Cascardo) [Orabug: 37264103] {CVE-2024-50150} - smb: client: fix OOBs when building SMB2_IOCTL request (Paulo Alcantara) [Orabug: 37264108] {CVE-2024-50151} - genetlink: hold RCU in genlmsg_mcast() (Eric Dumazet) - net: systemport: fix potential memory leak in bcm_sysport_xmit() (Wang Hai) [Orabug: 37264157] {CVE-2024-50171} - net: ethernet: aeroflex: fix potential memory leak in greth_start_xmit_gbit() (Wang Hai) - macsec: don't increment counters for an unrelated SA (Sabrina Dubroca) - drm/msm/dsi: fix 32-bit signed integer extension in pclk_rate calculation (Jonathan Marek) - RDMA/bnxt_re: Return more meaningful error (Kalesh AP) - ipv4: give an IPv4 dev to blackhole_netdev (Xin Long) - RDMA/cxgb4: Fix RDMA_CM_EVENT_UNREACHABLE error for iWARP (Anumula Murali Mohan Reddy) - ARM: dts: bcm2837-rpi-cm3-io3: Fix HDMI hpd-gpio pin (Florian Klink) - RDMA/bnxt_re: Fix incorrectAVID type in WQE structure (Saravanan Vajravel) - mac80211: Fix NULL ptr deref for injected rate info (Mathy Vanhoef) - erofs: fix lz4 inplace decompression (Gao Xiang) - nilfs2: propagate directory read errors from nilfs_find_entry() (Ryusuke Konishi) [Orabug: 37264267] {CVE-2024-50202} - x86/apic: Always explicitly disarm TSC-deadline timer (Zhang Rui) - x86/resctrl: Annotate get_mem_config() functions as __init (Nathan Chancellor) - parport: Proper fix for array out-of-bounds access (Takashi Iwai) [Orabug: 37227436] {CVE-2024-50074} - USB: serial: option: add Telit FN920C04 MBIM compositions (Daniele Palmas) - USB: serial: option: add support for Quectel EG916Q-GL (Benjamin B. Frost) - xhci: Fix incorrect stream context type macro (Mathias Nyman) - Bluetooth: btusb: Fix regression with fake CSR controllers 0a12:0001 (Luiz Augusto von Dentz) - Bluetooth: Remove debugfs directory on module init failure (Aaron Thompson) - iio: adc: ti-ads124s08: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig (Javier Carrasco) - iio: proximity: mb1232: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig (Javier Carrasco) - iio: light: opt3001: add missing full-scale range value (Emil Gedenryd) - iio: hid-sensors: Fix an error handling path in _hid_sensor_set_report_latency() (Christophe JAILLET) - iio: adc: ti-ads8688: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig (Javier Carrasco) - iio: dac: stm32-dac-core: add missing select REGMAP_MMIO in Kconfig (Javier Carrasco) - iio: dac: ltc1660: add missing select REGMAP_SPI in Kconfig (Javier Carrasco) - drm/vmwgfx: Handle surface check failure correctly (Nikolay Kuratov) - blk-rq-qos: fix crash on rq_qos_wait vs. rq_qos_wake_function race (Omar Sandoval) [Orabug: 37227404] {CVE-2024-50082} - x86/cpufeatures: Define X86_FEATURE_AMD_IBPB_RET (Jim Mattson) - KVM: s390: Change virtual to physical address access in diag 0x258 handler (Michael Mueller) - s390/sclp_vt220: Convert newlines to CRLF instead of LFCR (Thomas WeiÃschuh) - KVM: Fix a data race on last_boosted_vcpuin kvm_vcpu_on_spin() (Breno Leitao) [Orabug: 36835837] {CVE-2024-40953} - wifi: mac80211: fix potential key use-after-free (Johannes Berg) - mm/swapfile: skip HugeTLB pages for unuse_vma (Liu Shixin) [Orabug: 37264257] {CVE-2024-50199} - fat: fix uninitialized variable (OGAWA Hirofumi) - PCI: Add function 0 DMA alias quirk for Glenfly Arise chip (WangYuli) - tracing/kprobes: Fix symbol counting logic by looking at modules as well (Andrii Nakryiko) - tracing/kprobes: Return EADDRNOTAVAIL when func matches several symbols (Francis Laniel) - arm64: probes: Fix simulate_ldr*_literal() (Mark Rutland) - arm64: probes: Remove broken LDR (literal) uprobe support (Mark Rutland) [Orabug: 37252317] {CVE-2024-50099} - posix-clock: Fix missing timespec64 check in pc_clock_settime() (Jinjie Ruan) [Orabug: 37264242] {CVE-2024-50195} - nouveau/dmem: Fix vulnerability in migrate_to_ram upon copy error (Yonatan Maman) [Orabug: 37252308] {CVE-2024-50096} - net: Fix an unsafe loop on the list (Anastasia Kovaleva) [Orabug: 37206409] {CVE-2024-50024} - hid: intel-ish-hid: Fix uninitialized variable 'rv' in ish_fw_xfer_direct_dma (SurajSonawane2415) - usb: storage: ignore bogus device raised by JieLi BR21 USB sound chip (Icenowy Zheng) - usb: xhci: Fix problem with xhci resume from suspend (Jose Alberto Reguero) - usb: dwc3: core: Stop processing of pending events if controller is halted (Selvarasu Ganesan) - Revert "usb: yurex: Replace snprintf() with the safer scnprintf() variant" (Oliver Neukum) - HID: plantronics: Workaround for an unexcepted opposite volume key (Wade Wang) - CDC-NCM: avoid overflow in sanity checking (Oliver Neukum) - resource: fix region_intersects() vs add_memory_driver_managed() (Huang Ying) [Orabug: 37200931] {CVE-2024-49878} - lockdep: fix deadlock issue between lockdep and rcu (Zhiguo Niu) - locking/lockdep: Avoid potential access of invalid memory in lock_class (Waiman Long) - locking/lockdep: Rework lockdep_lock (Peter Zijlstra) - locking/lockdep: Fix bad recursion pattern (Peter Zijlstra) - slip: makeslhc_remember() more robust against malicious packets (Eric Dumazet) [Orabug: 37206429] {CVE-2024-50033} - ppp: fix ppp_async_encode() illegal access (Eric Dumazet) [Orabug: 37206435] {CVE-2024-50035} - sctp: ensure sk_state is set to CLOSED if hashing fails in sctp_listen_start (Xin Long) - net: annotate lockless accesses to sk-> sk_max_ack_backlog (Eric Dumazet) - net: annotate lockless accesses to sk-> sk_ack_backlog (Eric Dumazet) - net: ibm: emac: mal: fix wrong goto (Rosen Penev) - net/sched: accept TCA_STAB only for root qdisc (Eric Dumazet) [Orabug: 37206457] {CVE-2024-50039} - igb: Do not bring the device up after non-fatal error (Mohamed Khalfella) [Orabug: 37206464] {CVE-2024-50040} - gpio: aspeed: Use devm_clk api to manage clock source (Billy Tsai) - gpio: aspeed: Add the flush write to ensure the write complete. (Billy Tsai) - Bluetooth: RFCOMM: FIX possible deadlock in rfcomm_sk_state_change (Luiz Augusto von Dentz) [Orabug: 37206474] {CVE-2024-50044} - netfilter: br_netfilter: fix panic with metadata_dst skb (Andy Roulin) [Orabug: 37206482] {CVE-2024-50045} - tcp: fix tcp_enter_recovery() to zero retrans_stamp when it's safe (Neal Cardwell) - tcp: fix to allow timestamp undo if no retransmits were sent (Neal Cardwell) - SUNRPC: Fix integer overflow in decode_rc_list() (Dan Carpenter) - ice: fix VLAN replay after reset (Dave Ertman) - RDMA/rxe: Fix seg fault in rxe_comp_queue_pkt (Bob Pearson) - fbdev: sisfb: Fix strbuf array overflow (Andrey Shumilin) [Orabug: 37264186] {CVE-2024-50180} - driver core: bus: Return -EIO instead of 0 when show/store invalid bus attribute (Zijun Hu) - tools/iio: Add memory allocation failure check for trigger_name (Zhu Jun) - virtio_pmem: Check device status before requesting flush (Philip Chen) [Orabug: 37264205] {CVE-2024-50184} - usb: dwc2: Adjust the timing of USB Driver Interrupt Registration in the Crashkernel Scenario (Shawn Shao) - usb: chipidea: udc: enable suspend interrupt after usb reset (Xu Yang) - media: videobuf2-core: clear memory related fields in__vb2_plane_dmabuf_put() (Yunke Cao) - ntb: ntb_hw_switchtec: Fix use after free vulnerability in switchtec_ntb_remove due to race condition (Kaixin Wang) [Orabug: 37206542] {CVE-2024-50059} - PCI: Mark Creative Labs EMU20k2 INTx masking as broken (Alex Williamson) - i2c: i801: Use a different adapter-name for IDF adapters (Hans de Goede) - PCI: Add ACS quirk for Qualcomm SA8775P (Subramanian Ananthanarayanan) - clk: bcm: bcm53573: fix OF node leak in init (Krzysztof Kozlowski) - ktest.pl: Avoid false positives with grub2 skip regex (Daniel Jordan) - s390/cpum_sf: Remove WARN_ON_ONCE statements (Thomas Richter) - ext4: nested locking for xattr inode (Wojciech GÅadysz) - s390/mm: Add cond_resched() to cmm_alloc/free_pages() (Gerald Schaefer) - s390/facility: Disable compile time optimization for decompressor code (Heiko Carstens) - bpf: Check percpu map value size first (Tao Chen) - Input: synaptics-rmi4 - fix UAF of IRQ domain on driver removal (Mathias Krause) - virtio_console: fix misc probe bugs (Michael S. Tsirkin) - tracing: Have saved_cmdlines arrays all in one allocation (Steven Rostedt (Google)) - drm/crtc: fix uninitialized variable use even harder (Rob Clark) - tracing: Remove precision vsnprintf() check from print event (Steven Rostedt (Google)) - net: ethernet: cortina: Drop TSO support (Linus Walleij) - unicode: Don't special case ignorable code points (Gabriel Krisman Bertazi) [Orabug: 37252274] {CVE-2024-50089} - ext4: fix inode tree inconsistency caused by ENOMEM (zhanchengbin) - ACPI: battery: Fix possible crash when unregistering a battery hook (Armin Wolf) [Orabug: 37206092] {CVE-2024-49955} - ACPI: battery: Simplify battery hook locking (Armin Wolf) - r8169: add tally counter fields added with RTL8125 (Heiner Kallweit) [Orabug: 37206183] {CVE-2024-49973} - r8169: Fix spelling mistake: "tx_underun" -> "tx_underrun" (Colin Ian King) - clk: qcom: clk-rpmh: Fix overflow in BCM vote (Mike Tipton) - clk: qcom: rpmh: Simplify clk_rpmh_bcm_send_cmd() (Stephen Boyd) - nfsd: fixdelegation_blocked() to block correctly for at least 30 seconds (NeilBrown) - nfsd: use ktime_get_seconds() for timestamps (Arnd Bergmann) - uprobes: fix kernel info leak via "[uprobes]" vma (Oleg Nesterov) - arm64: errata: Expand speculative SSBS workaround once more (Mark Rutland) - arm64: cputype: Add Neoverse-N3 definitions (Mark Rutland) - arm64: Add Cortex-715 CPU part definition (Anshuman Khandual) - i2c: qcom-geni: Use IRQF_NO_AUTOEN flag in request_irq() (Jinjie Ruan) - i2c: qcom-geni: Grow a dev pointer to simplify code (Stephen Boyd) - i2c: qcom-geni: Let firmware specify irq trigger flags (Stephen Boyd) - gpio: davinci: fix lazy disable (Emanuele Ghidoli) - btrfs: wait for fixup workers before stopping cleaner kthread during umount (Filipe Manana) [Orabug: 37200897] {CVE-2024-49867} - btrfs: fix a NULL pointer dereference when failed to start a new trasacntion (Qu Wenruo) [Orabug: 37200903] {CVE-2024-49868} - ACPI: resource: Add Asus ExpertBook B2502CVA to irq1_level_low_skip_override[] (Hans de Goede) - ACPI: resource: Add Asus Vivobook X1704VAP to irq1_level_low_skip_override[] (Hans de Goede) - Input: adp5589-keys - fix adp5589_gpio_get_value() (Nuno Sa) - rtc: at91sam9: fix OF node leak in probe() error path (Krzysztof Kozlowski) - tomoyo: fallback to realpath if symlink's pathname does not exist (Tetsuo Handa) - iio: magnetometer: ak8975: Fix reading for ak099xx sensors (BarnabÃ¡s CzÃ©mÃ¡n) - media: venus: fix use after free bug in venus_remove due to race condition (Zheng Wang) [Orabug: 37206210] {CVE-2024-49981} - media: uapi/linux/cec.h: cec_msg_set_reply_to: zero flags (Hans Verkuil) - media: sun4i_csi: Implement link validate for sun4i_csi subdev (Laurent Pinchart) - clk: rockchip: fix error for unknown clocks (Sebastian Reichel) - aoe: fix the potential use-after-free problem in more places (Chun-Yi Lee) [Orabug: 37206642] {CVE-2024-49982} - riscv: define ILLEGAL_POINTER_VALUE for 64bit (Jisheng Zhang) - ocfs2: fix possible null-ptr-deref in ocfs2_set_buffer_uptodate (Lizhi Xu)[Orabug: 37200926] {CVE-2024-49877} - ocfs2: fix null-ptr-deref when journal load failed. (Julian Sun) [Orabug: 37206097] {CVE-2024-49957} - ocfs2: remove unreasonable unlock in ocfs2_read_blocks (Lizhi Xu) [Orabug: 37206137] {CVE-2024-49965} - ocfs2: cancel dqi_sync_work before freeing oinfo (Joseph Qi) [Orabug: 37206141] {CVE-2024-49966} - ocfs2: fix uninit-value in ocfs2_get_block() (Joseph Qi) - ocfs2: fix the la space leak when unmounting an ocfs2 volume (Heming Zhao) - mm: krealloc: consider spare memory for __GFP_ZERO (Danilo Krummrich) - jbd2: stop waiting for space when jbd2_cleanup_journal_tail() returns error (Baokun Li) [Orabug: 37206109] {CVE-2024-49959} - drm: omapdrm: Add missing check for alloc_ordered_workqueue (Ma Ke) [Orabug: 37200935] {CVE-2024-49879} in of_msi_get_domain (Andrew Jones) - parisc: Fix stack start for ADDR_NO_RANDOMIZE personality (Helge Deller) - parisc: Fix 64-bit userspace syscall path (Helge Deller) - ext4: fix incorrect tid assumption in ext4_wait_for_tail_page_commit() (Luis Henriques (SUSE)) - ext4: fix double brelse() the buffer of the extents path (Baokun Li) [Orabug: 37200948] {CVE-2024-49882} - ext4: aovid use-after-free in ext4_ext_insert_extent() (Baokun Li) [Orabug: 37200954] {CVE-2024-49883} - ext4: fix incorrect tid assumption in __jbd2_log_wait_for_space() (Luis Henriques (SUSE)) - ext4: propagate errors from ext4_find_extent() in ext4_insert_range() (Baokun Li) - ext4: no need to continue when the number of entries is 1 (Edward Adam Davis) [Orabug: 37206147] {CVE-2024-49967} - ALSA: core: add isascii() check to card ID generator (Jaroslav Kysela) - drm: Consistently use struct drm_mode_rect for FB_DAMAGE_CLIPS (Thomas Zimmermann) - parisc: Fix itlb miss handler for 64-bit programs (Helge Deller) - perf/core: Fix small negative period being ignored (Luo Gengkun) - spi: bcm63xx: Fix module autoloading (Jinjie Ruan) - firmware: tegra: bpmp: Drop unused mbox_client_to_bpmp() (Krzysztof Kozlowski) - i2c: xiic: Wait for TX empty to avoid missed TX NAKs (RobertHancock) - i2c: stm32f7: Do not prepare/unprepare clock during runtime suspend/resume (Marek Vasut) [Orabug: 37206220] {CVE-2024-49985} - selftests: vDSO: fix vDSO symbols lookup for powerpc64 (Christophe Leroy) - selftests: breakpoints: use remaining time to check if suspend succeed (Yifei Liu) - spi: s3c64xx: fix timeout counters in flush_fifo (Ben Dooks) - ext4: fix i_data_sem unlock order in ext4_ind_migrate() (Artem Sadovnikov) [Orabug: 37206323] {CVE-2024-50006} - ext4: ext4_search_dir should return a proper error (Thadeu Lima de Souza Cascardo) - of/irq: Refer to actual buffer size in of_irq_parse_one() (Geert Uytterhoeven) - drm/radeon/r100: Handle unknown family in r100_cp_init_microcode() (Geert Uytterhoeven) - scsi: aacraid: Rearrange order of struct aac_srb_unit (Kees Cook) - drm/printer: Allow NULL data in devcoredump printer (Matthew Brost) - drm/amd/display: Initialize get_bytes_per_element's default to 1 (Alex Hung) [Orabug: 37205727] {CVE-2024-49892} - drm/amd/display: Fix index out of bounds in degamma hardware format translation (Srinivasan Shanmugam) [Orabug: 37205740] {CVE-2024-49894} - drm/amd/display: Check stream before comparing them (Alex Hung) [Orabug: 37205752] {CVE-2024-49896} - jfs: Fix uninit-value access of new_ea in ea_buffer (Zhao Mengmeng) [Orabug: 37205778] {CVE-2024-49900} - jfs: check if leafidx greater than num leaves per dmap tree (Edward Adam Davis) [Orabug: 37205790] {CVE-2024-49902} - jfs: Fix uaf in dbFreeBits (Edward Adam Davis) [Orabug: 37205795] {CVE-2024-49903} - jfs: UBSAN: shift-out-of-bounds in dbFindBits (Remington Brasga) - ata: sata_sil: Rename sil_blacklist to sil_quirks (Damien Le Moal) - power: reset: brcmstb: Do not go into infinite loop if reset fails (Andrew Davis) - fbdev: pxafb: Fix possible use after free in pxafb_task() (Kaixin Wang) [Orabug: 37205936] {CVE-2024-49924} - x86/syscall: Avoid memcpy() for ia32 syscall_get_arguments() (Kees Cook) - ALSA: hdsp: Break infinite MIDI input flush loop (Takashi Iwai) - ALSA: asihpi: Fix potential OOB arrayaccess (Takashi Iwai) [Orabug: 37206328] {CVE-2024-50007} - signal: Replace BUG_ON()s (Thomas Gleixner) - nfp: Use IRQF_NO_AUTOEN flag in request_irq() (Jinjie Ruan) - wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_cmd_802_11_scan_ext() (Gustavo A. R. Silva) [Orabug: 37206333] {CVE-2024-50008} - proc: add config & param to block forcing mem writes (Adrian Ratiu) - ACPICA: iasl: handle empty connection_node (Aleksandrs Vinarskis) - tcp: avoid reusing FIN_WAIT2 when trying to find port in connect() process (Jason Xing) - ipv4: Mask upper DSCP bits and ECN bits in NETLINK_FIB_LOOKUP family (Ido Schimmel) - ipv4: Check !in_dev earlier for ioctl(SIOCSIFADDR). (Kuniyuki Iwashima) - net: mvpp2: Increase size of queue_name buffer (Simon Horman) - tipc: guard against string buffer overrun (Simon Horman) [Orabug: 37206278] {CVE-2024-49995} - ACPICA: check null return of ACPI_ALLOCATE_ZEROED() in acpi_db_convert_to_package() (Pei Xiao) [Orabug: 37206124] {CVE-2024-49962} - ACPI: EC: Do not release locks during operation region accesses (Rafael J. Wysocki) - wifi: rtw88: select WANT_DEV_COREDUMP (Zong-Zhe Yang) - net: sched: consistently use rcu_replace_pointer() in taprio_change() (Dmitry Antipov) - ACPICA: Fix memory leak if acpi_ps_get_next_field() fails (Armin Wolf) - ACPICA: Fix memory leak if acpi_ps_get_next_namepath() fails (Armin Wolf) - net: hisilicon: hns_mdio: fix OF node leak in probe() (Krzysztof Kozlowski) - net: hisilicon: hns_dsaf_mac: fix OF node leak in hns_mac_get_info() (Krzysztof Kozlowski) - net: hisilicon: hip04: fix OF node leak in probe() (Krzysztof Kozlowski) - ice: Adjust over allocation of memory in ice_sched_add_root_node() and ice_sched_add_node() (Aleksandr Mishin) - wifi: ath9k_htc: Use __skb_set_length() for resetting urb before resubmit (Toke HÃ¸iland-JÃ¸rgensen) [Orabug: 37206029] {CVE-2024-49938} - wifi: ath9k: fix possible integer overflow in ath9k_get_et_stats() (Dmitry Kandybka) - f2fs: Require FMODE_WRITE for atomic write ioctls (Jann Horn) [Orabug: 37200794]{CVE-2024-47740} - ALSA: hda/conexant: Fix conflicting quirk for System76 Pangolin (Takashi Iwai) - ALSA: hda/generic: Unconditionally prefer preferred_dacs pairs (Takashi Iwai) - ALSA: hda/realtek: Fix the push button function for the ALC257 (Oder Chiou) - sctp: set sk_state back to CLOSED if autobind fails in sctp_listen_start (Xin Long) [Orabug: 37206051] {CVE-2024-49944} - ipv4: ip_gre: Fix drops of small packets in ipgre_xmit (Anton Danilov) - net: add more sanity checks to qdisc_pkt_len_init() (Eric Dumazet) [Orabug: 37206064] {CVE-2024-49948} - net: avoid potential underflow in qdisc_pkt_len_init() with UFO (Eric Dumazet) [Orabug: 37206070] {CVE-2024-49949} - net: ethernet: lantiq_etop: fix memory disclosure (Aleksander Jan Bajkowski) [Orabug: 37206289] {CVE-2024-49997} - Bluetooth: btmrvl: Use IRQF_NO_AUTOEN flag in request_irq() (Jinjie Ruan) - Bluetooth: btmrvl_sdio: Refactor irq wakeup (Abhishek Pandit-Subedi) - netfilter: nf_tables: prevent nf_skb_duplicated corruption (Eric Dumazet) [Orabug: 37206081] {CVE-2024-49952} - net: ieee802154: mcr20a: Use IRQF_NO_AUTOEN flag in request_irq() (Jinjie Ruan) - netfilter: uapi: NFTA_FLOWTABLE_HOOK is NLA_NESTED (Phil Sutter) - net/mlx5: Added cond_resched() to crdump collection (Mohamed Khalfella) - ieee802154: Fix build error (Jinjie Ruan) - drivers: net: Fix Kconfig indentation, continued (Krzysztof Kozlowski) - Minor fixes to the CAIF Transport drivers Kconfig file (rd.dunlab@gmail.com) - ceph: remove the incorrect Fw reference check when dirtying pages (Xiubo Li) [Orabug: 37264181] {CVE-2024-50179} - mailbox: bcm2835: Fix timeout during suspend mode (Stefan Wahren) [Orabug: 37206130] {CVE-2024-49963} - mailbox: rockchip: fix a typo in module autoloading (Liao Chen) - usb: yurex: Fix inconsistent locking bug in yurex_read() (Harshit Mogalapalli) - i2c: isch: Add missed 'else' (Andy Shevchenko) - i2c: aspeed: Update the stop sw state when the bus recovery occurs (Tommy Huang) - mm: only enforce minimum stack gap size if it's sensible (David Gow) - pps: addan error check in parport_attach (Ma Ke) - pps: remove usage of the deprecated ida_simple_xx() API (Christophe JAILLET) - USB: misc: yurex: fix race between read and write (Oliver Neukum) - usb: yurex: Replace snprintf() with the safer scnprintf() variant (Lee Jones) - soc: versatile: realview: fix soc_dev leak during device remove (Krzysztof Kozlowski) - soc: versatile: realview: fix memory leak during device remove (Krzysztof Kozlowski) - PCI: xilinx-nwl: Fix off-by-one in INTx IRQ handler (Sean Anderson) - PCI: xilinx-nwl: Use irq_data_get_irq_chip_data() (Thomas Gleixner) - ASoC: meson: axg-card: fix 'use-after-free' (Arseniy Krasnov) [Orabug: 37116540] {CVE-2024-46849} - ASoC: meson: axg: extract sound card utils (Jerome Brunet) - nfs: fix memory leak in error path of nfs4_do_reclaim (Li Lingfeng) - fs: Fix file_set_fowner LSM hook inconsistencies (MickaÃ«l SalaÃ¼n) - vfs: fix race between evice_inodes() and find_inode()&iput() (Julian Sun) [Orabug: 37200604] {CVE-2024-47679} - hwrng: mtk - Use devm_pm_runtime_enable (Guoqing Jiang) - f2fs: avoid potential int overflow in sanity_check_area_boundary() (Nikita Zhandarovich) - f2fs: prevent possible int overflow in dir_block_index() (Nikita Zhandarovich) - debugobjects: Fix conditions in fill_pool() (Zhen Lei) - wifi: rtw88: 8822c: Fix reported RX band width (Bitterblue Smith) - ACPI: resource: Add another DMI match for the TongFang GMxXGxx (Werner Sembach) - ACPI: sysfs: validate return type of _STR method (Thomas WeiÃschuh) [Orabug: 37200878] {CVE-2024-49860} - drbd: Add NULL check for net_conf to prevent dereference in state validation (Mikhail Lobanov) - drbd: Fix atomicity violation in drbd_uuid_set_bm() (Qiu-ji Chen) - tty: rp2: Fix reset with non forgiving PCIe host bridges (Florian Fainelli) - firmware_loader: Block path traversal (Jann Horn) [Orabug: 37200802] {CVE-2024-47742} - USB: class: CDC-ACM: fix race between get_serial and set_serial (Oliver Neukum) - USB: misc: cypress_cy7c63: check for short transfer (Oliver Neukum) - USB:appledisplay: close race between probe and completion handler (Oliver Neukum) - drm/amd/display: Round calculated vtotal (Robin Chen) - soc: versatile: integrator: fix OF node leak in probe() error path (Krzysztof Kozlowski) - Remove *.orig pattern from .gitignore (Laurent Pinchart) - crypto: aead,cipher - zeroize key buffer after use (Hailey Mothershead) [Orabug: 36898014] {CVE-2024-42229} - netfilter: ctnetlink: compile ctnetlink_label_size with CONFIG_NF_CONNTRACK_EVENTS (Simon Horman) - net: qrtr: Update packets cloning when broadcasting (Youssef Samir) - tcp: check skb is non-NULL in tcp_rto_delta_us() (Josh Hunt) [Orabug: 37200624] {CVE-2024-47684} - net: seeq: Fix use after free vulnerability in ether3 Driver Due to Race Condition (Kaixin Wang) [Orabug: 37200818] {CVE-2024-47747} - netfilter: nf_reject_ipv6: fix nf_reject_ip6_tcphdr_put() (Eric Dumazet) [Orabug: 37200630] {CVE-2024-47685} - coresight: tmc: sg: Do not leak sg_table (Suzuki K Poulose) - iio: adc: ad7606: fix standby gpio state to match the documentation (Guillaume Stols) - iio: adc: ad7606: fix oversampling gpio array (Guillaume Stols) - f2fs: reduce expensive checkpoint trigger frequency (Chao Yu) - f2fs: remove unneeded check condition in __f2fs_setxattr() (Chao Yu) - f2fs: fix to update i_ctime in __f2fs_setxattr() (Chao Yu) - f2fs: fix typo (Yonggil Song) - f2fs: enhance to update i_mode and acl atomically in f2fs_setattr() (Chao Yu) - nfsd: return -EINVAL when namelen is 0 (Li Lingfeng) [Orabug: 37200650] {CVE-2024-47692} - nfsd: call cache_put if xdr_reserve_space returns NULL (Guoqing Jiang) [Orabug: 37200783] {CVE-2024-47737} - ntb: intel: Fix the NULL vs IS_ERR() bug for debugfs_create_dir() (Jinjie Ruan) - RDMA/cxgb4: Added NULL check for lookup_atid (Mikhail Lobanov) [Orabug: 37200824] {CVE-2024-47749} - riscv: Fix fp alignment bug in perf_callchain_user() (Jinjie Ruan) - RDMA/hns: Optimize hem allocation performance (Junxian Huang) - watchdog: imx_sc_wdt: Don't disable WDT in suspend (Jonas Blixt) - pinctrl: mvebu: Fixdevinit_dove_pinctrl_probe function (Wang Jianzheng) - clk: ti: dra7-atl: Fix leak of of_nodes (David Lechner) - pinctrl: single: fix missing error code in pcs_probe() (Yang Yingliang) - RDMA/iwcm: Fix WARNING:at_kernel/workqueue.c:#check_flush_dependency (Zhu Yanjun) [Orabug: 37205521] {CVE-2024-47696} - PCI: xilinx-nwl: Fix register misspelling (Sean Anderson) - PCI: keystone: Fix if-statement expression in ks_pcie_quirk() (Dan Carpenter) [Orabug: 37205560] {CVE-2024-47756} - drivers: media: dvb-frontends/rtl2830: fix an out-of-bounds write error (Junlin Li) [Orabug: 37200662] {CVE-2024-47697} - drivers: media: dvb-frontends/rtl2832: fix an out-of-bounds write error (Junlin Li) [Orabug: 37200669] {CVE-2024-47698} - clk: rockchip: Set parent rate for DCLK_VOP clock on RK3228 (Jonas Karlman) - perf time-utils: Fix 32-bit nsec parsing (Ian Rogers) - perf sched timehist: Fixed timestamp error when unable to confirm event sched_in time (Yang Jihong) - perf sched timehist: Fix missing free of session in perf_sched__timehist() (Yang Jihong) - bpf: Fix bpf_strtol and bpf_strtoul helpers for 32bit (Daniel Borkmann) - nilfs2: fix potential oob read in nilfs_btree_check_delete() (Ryusuke Konishi) [Orabug: 37200843] {CVE-2024-47757} - nilfs2: determine empty node blocks as corrupted (Ryusuke Konishi) - nilfs2: fix potential null-ptr-deref in nilfs_btree_insert() (Ryusuke Konishi) [Orabug: 37200676] {CVE-2024-47699} - ext4: avoid OOB when system.data xattr changes underneath the filesystem (Thadeu Lima de Souza Cascardo) [Orabug: 37200682] {CVE-2024-47701} - ext4: return error on ext4_find_inline_entry (Thadeu Lima de Souza Cascardo) - ext4: avoid negative min_clusters in find_group_orlov() (Kemeng Shi) - smackfs: Use rcu_assign_pointer() to ensure safe assignment in smk_set_cipso (Jiawei Ye) - ext4: clear EXT4_GROUP_INFO_WAS_TRIMMED_BIT even mount with discard (yangerkun) - jbd2: introduce/export functions jbd2_journal_submit|finish_inode_data_buffers() (Mauricio Faria de Oliveira) - kthread: fix task state in kthreadworker if being frozen (Chen Yu) - kthread: add kthread_work tracepoints (Rob Clark) - xz: cleanup CRC32 edits from 2018 (Lasse Collin) - selftests/bpf: Fix error compiling test_lru_map.c (Tony Ambardar) - selftests/bpf: Fix compiling tcp_rtt.c with musl-libc (Tony Ambardar) - selftests/bpf: Fix compiling flow_dissector.c with musl-libc (Tony Ambardar) - selftests/bpf: Fix compile error from rlim_t in sk_storage_map.c (Tony Ambardar) - tpm: Clean up TPM space after command failure (Jonathan McDowell) [Orabug: 37200851] {CVE-2024-49851} - xen/swiotlb: add alignment check for dma buffers (Juergen Gross) - xen: use correct end address of kernel for conflict checking (Juergen Gross) - drivers:drm:exynos_drm_gsc:Fix wrong assignment in gsc_bind() (Yuesong Li) - drm/msm: fix %s null argument error (Sherry Yang) - ipmi: docs: don't advertise deprecated sysfs entries (Wolfram Sang) - drm/msm/a5xx: fix races in preemption evaluation stage (Vladimir Lypak) - drm/msm/a5xx: properly clear preemption records on resume (Vladimir Lypak) - drm/msm/a5xx: disable preemption in submits by default (Vladimir Lypak) - drm/msm: Fix incorrect file name output in adreno_request_fw() (Aleksandr Mishin) - jfs: fix out-of-bounds in dbNextAG() and diAlloc() (Jeongjun Park) [Orabug: 37200741] {CVE-2024-47723} - drm/radeon/evergreen_cs: fix int overflow errors in cs track offsets (Nikita Zhandarovich) - drm/rockchip: dw_hdmi: Fix reading EDID when using a forced mode (Jonas Karlman) - drm/rockchip: vop: Allow 4096px width scaling (Alex Bee) - drm/radeon: properly handle vbios fake edid sizing (Alex Deucher) - drm/radeon: Replace one-element array with flexible-array member (Paulo Miguel Almeida) - drm/amdgpu: properly handle vbios fake edid sizing (Alex Deucher) - drm/amdgpu: Replace one-element array with flexible-array member (Paulo Miguel Almeida) - drm/stm: Fix an error handling path in stm_drm_platform_probe() (Christophe JAILLET) - mtd: powernv: Add check devm_kasprintf() returned value (Charles Han) - fbdev: hpfb: Fix an error handlingpath in hpfb_dio_probe() (Christophe JAILLET) - power: supply: max17042_battery: Fix SOC threshold calc w/ no current sense (Artur Weber) - power: supply: axp20x_battery: Remove design from min and max voltage (Chris Morgan) - power: supply: axp20x_battery: allow disabling battery charging (Hermann Lauer) - hwmon: (ntc_thermistor) fix module autoloading (Yuntao Liu) - mtd: slram: insert break after errors in parsing the map (Mirsad Todorovac) - hwmon: (max16065) Fix overflows seen when writing limits (Guenter Roeck) - clocksource/drivers/qcom: Add missing iounmap() on errors in msm_dt_timer_init() (Ankit Agrawal) - reset: berlin: fix OF node leak in probe() error path (Krzysztof Kozlowski) - ARM: versatile: fix OF node leak in CPUs prepare (Krzysztof Kozlowski) - ARM: dts: imx7d-zii-rmu2: fix Ethernet PHY pinctrl property (Krzysztof Kozlowski) - spi: ppc4xx: Avoid returning 0 when failed to parse and map IRQ (Andy Shevchenko) - spi: ppc4xx: handle irq_of_parse_and_map() errors (Ma Ke) - block, bfq: don't break merge chain in bfq_split_bfqq() (Yu Kuai) - block, bfq: choose the last bfqq from merge chain in bfq_setup_cooperator() (Yu Kuai) - block, bfq: fix possible UAF for bfqq-> bic with merge chain (Yu Kuai) - net: tipc: avoid possible garbage value (Su Hui) - Bluetooth: btusb: Fix not handling ZPL/short-transfer (Luiz Augusto von Dentz) - can: bcm: Clear bo-> bcm_proc_read after remove_proc_entry(). (Kuniyuki Iwashima) [Orabug: 37205476] {CVE-2024-47709} - sock_map: Add a cond_resched() in sock_hash_free() (Eric Dumazet) [Orabug: 37200715] {CVE-2024-47710} - wifi: wilc1000: fix potential RCU dereference issue in wilc_parse_join_bss_param (Jiawei Ye) [Orabug: 37205503] {CVE-2024-47712} - wifi: mac80211: use two-phase skb reclamation in ieee80211_do_stop() (Dmitry Antipov) [Orabug: 37200721] {CVE-2024-47713} - mac80211: parse radiotap header when selecting Tx queue (Mathy Vanhoef) - wifi: cfg80211: fix two more possible UBSAN-detected off-by-one errors (Dmitry Antipov) - wifi: cfg80211: fix UBSAN noise incfg80211_wext_siwscan() (Dmitry Antipov) - netfilter: nf_tables: reject expiration higher than timeout (Pablo Neira Ayuso) - netfilter: nf_tables: reject element expiration with no timeout (Pablo Neira Ayuso) - netfilter: nf_tables: elements with timeout below CONFIG_HZ never expire (Pablo Neira Ayuso) - can: j1939: use correct function name in comment (Zhang Changzhong) - mount: handle OOM on mnt_warn_timestamp_expiry (Olaf Hering) - fs/namespace: fnic: Switch to use %ptTd (Andy Shevchenko) - mount: warn only once about timestamp range expiration (Anthony Iliopoulos) - fs: explicitly unregister per-superblock BDIs (Christoph Hellwig) - wifi: ath9k: Remove error checks when creating debugfs entries (Toke HÃ¸iland-JÃ¸rgensen) - wifi: ath9k: fix parameter check in ath9k_init_debug() (Minjie Du) - ACPI: PMIC: Remove unneeded check in tps68470_pmic_opregion_probe() (Aleksandr Mishin) - USB: usbtmc: prevent kernel-usb-infoleak (Edward Adam Davis) [Orabug: 37159778] {CVE-2024-47671} - USB: serial: pl2303: add device id for Macrosilicon MS3020 (Junhao Xie) - bpf: Fix DEVMAP_HASH overflow check on 32-bit arches (Toke HÃ¸iland-JÃ¸rgensen) [Orabug: 36544917] {CVE-2024-26885} - inet: inet_defrag: prevent sk release while still in use (Florian Westphal) [Orabug: 36545060] {CVE-2024-26921} - gpio: prevent potential speculation leaks in gpio_device_get_desc() (Hagar Hemdan) [Orabug: 36993135] {CVE-2024-44931} - ocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry() (Ferry Meng) [Orabug: 36891661] {CVE-2024-41016} - ocfs2: add bounds checking to ocfs2_xattr_find_entry() (Ferry Meng) [Orabug: 37159773] {CVE-2024-47670} - x86/hyperv: Set X86_FEATURE_TSC_KNOWN_FREQ when Hyper-V provides frequency (Michael Kelley) - spi: bcm63xx: Enable module autoloading (Liao Chen) - drm: komeda: Fix an issue related to normalized zpos (hongchi.peng) - ASoC: tda7419: fix module autoloading (Liao Chen) - wifi: iwlwifi: mvm: don't wait for tx queues if firmware is dead (Emmanuel Grumbach) [Orabug: 37159781] {CVE-2024-47672} -wifi: iwlwifi: mvm: fix iwl_mvm_max_scan_ie_fw_cmd_room() (Daniel Gabay) - net: ftgmac100: Ensure tx descriptor updates are visible (Jacky Chou) - microblaze: don't treat zero reserved memory regions as error (Mike Rapoport) - pinctrl: at91: make it work with current gpiolib (Thomas Blocher) - ALSA: hda/realtek - FIxed ALC285 headphone no sound (Kailang Yang) - ALSA: hda/realtek - Fixed ALC256 headphone no sound (Kailang Yang) - ASoC: allow module autoloading for table db1200_pids (Hongbo Li) - soundwire: stream: Revert "soundwire: stream: fix programming slave ports for non-continous port maps" (Krzysztof Kozlowski) - spi: nxp-fspi: fix the KASAN report out-of-bounds bug (Han Xu) [Orabug: 37116548] {CVE-2024-46853} - net: dpaa: Pad packets to ETH_ZLEN (Sean Anderson) [Orabug: 37116551] {CVE-2024-46854} - net: ftgmac100: Enable TX interrupt to avoid TX timeout (Jacky Chou) - net/mlx5e: Add missing link modes to ptys2ethtool_map (Shahar Shitrit) - ice: fix accounting for filters shared by multiple VSIs (Jacob Keller) - arm64: dts: rockchip: override BIOS_DISABLE signal via GPIO hog on RK3399 Puma (Quentin Schulz) - scripts: kconfig: merge_config: config files: add a trailing newline (Anders Roxell) - net: phy: vitesse: repair vsc73xx autonegotiation (Pawel Dembicki) - net: ethernet: use ip_hdrlen() instead of bit shift (Moon Yeounsu) - usbnet: ipheth: fix carrier detection in modes 1 and 4 (Foster Snowhill) [5.4.17-2136.338.1.el8uek] - rds: ib: Avoid reuse of IB MRs when cleaning is in progress (HÃ¥kon Bugge) [Orabug: 33387996] [5.4.17-2136.337.5.el8uek] - net/mlx5: disable the 'fast unload' feature on Exadata systems (Qing Huang) [Orabug: 37093177] [5.4.17-2136.337.4.el8uek] - ocfs2: reserve space for inline xattr before attaching reflink tree (Gautham Ananthakrishna) [Orabug: 37199020] {CVE-2024-49958} - Revert "ocfs2: ocfs2 crash due to invalid h_next_leaf_blk value in extent block" (Gautham Ananthakrishna) [Orabug: 37199020] - net/rds: Make send+receive IRQ assignments visible to user-space (GerdRausch) [Orabug: 36987151] - igb: Do not free the irq resources if they are already freed by igb_close() (Yifei Liu) [Orabug: 37005245] - A/A Bonding: check port count during RDMA device addition (Arumugam Kolappan) [Orabug: 36579195] [5.4.17-2136.337.3.el8uek] - vhost/scsi: null-ptr-dereference in vhost_scsi_get_req() (Haoran Zhang) [Orabug: 37137548] {CVE-2024-49863} - rds/ib: Count memory consumed by rds_page_frag (Hans Westgaard Ry) [Orabug: 37172717] - fs/dcache: allow fractional values in fs.negative-dentry-limit (Gautham Ananthakrishna) [Orabug: 37156523] - mm/hugetlb: fix DEBUG_LOCKS_WARN_ON(1) when dissolve_free_hugetlb_folio() (Miaohe Lin) [Orabug: 36683094] {CVE-2024-36028} - uek: Disable /proc/uek under Xen and under non-Exadata systems (Konrad Rzeszutek Wilk) [Orabug: 37170992] - uek: Add force_noio runtime option. (Konrad Rzeszutek Wilk) [Orabug: 37145327] - treewide: Make the force_noio parameter be writable. (Konrad Rzeszutek Wilk) [Orabug: 37145327] - treewide: Sample foo_bar_force_noio before use (HÃ¥kon Bugge) [Orabug: 37145327] - workqueue: Add Oracle specific code to modify the flags of tasks. (Konrad Rzeszutek Wilk) [Orabug: 37145327] - net/mlx5: Free IRQ rmap and notifier on kernel shutdown (Saeed Mahameed) [Orabug: 36706485] - net/mlx5: Free irqs only on shutdown callback (Shay Drory) [Orabug: 36706485] - kpcimgr: Add dynamic memory region allocation feature (Joe Dobosenski) [Orabug: 36983478] - uek: kabi: Introduce APIs to hide/fake inclusion of headers (Saeed Mirzamohammadi) [Orabug: 37097450] - RDMA/cma: Always set static rate to 0 for RoCE (Mark Zhang) [Orabug: 37100215] - net/mlx5e: nullify cq-> dbg pointer in mlx5_debug_cq_remove() (Valentine Fatiev) [Orabug: 37104450] - net/mlx5e: Fix memory leak in mlx5_core_destroy_cq() error path (Valentine Fatiev) [Orabug: 37099359] [5.4.17-2136.337.2.el8uek] - LTS tag: v5.4.284 (Sherry Yang) - Revert "parisc: Use irq_enter_rcu() to fix warning at kernel/context_tracking.c:367" (Greg Kroah-Hartman) - cx82310_eth: fixerror return code in cx82310_bind() (Zhang Changzhong) - net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socket (Daniel Borkmann) - rtmutex: Drop rt_mutex::wait_lock before scheduling (Roland Xu) [Orabug: 37116446] {CVE-2024-46829} - drm/i915/fence: Mark debug_fence_free() with __maybe_unused (Andy Shevchenko) - drm/i915/fence: Mark debug_fence_init_onstack() with __maybe_unused (Andy Shevchenko) - nvmet-tcp: fix kernel crash if commands allocation fails (Maurizio Lombardi) [Orabug: 37074465] {CVE-2024-46737} - arm64: acpi: Harden get_cpu_for_acpi_id() against missing CPU entry (Jonathan Cameron) [Orabug: 37116413] {CVE-2024-46822} - arm64: acpi: Move get_cpu_for_acpi_id() to a header (James Morse) - ACPI: processor: Fix memory leaks in error paths of processor_add() (Jonathan Cameron) - ACPI: processor: Return an error if acpi_processor_get_info() fails in processor_add() (Jonathan Cameron) - nilfs2: protect references to superblock parameters exposed in sysfs (Ryusuke Konishi) [Orabug: 37074677] {CVE-2024-46780} - nilfs2: replace snprintf in show functions with sysfs_emit (Qing Wang) - tracing: Avoid possible softlockup in tracing_iter_reset() (Zheng Yejian) - ring-buffer: Rename ring_buffer_read() to read_buffer_iter_advance() (Steven Rostedt (VMware)) - uprobes: Use kzalloc to allocate xol area (Sven Schnelle) - clocksource/drivers/timer-of: Remove percpu irq related code (Daniel Lezcano) - clocksource/drivers/imx-tpm: Fix next event not taking effect sometime (Jacky Bai) - clocksource/drivers/imx-tpm: Fix return -ETIME when delta exceeds INT_MAX (Jacky Bai) - Drivers: hv: vmbus: Fix rescind handling in uio_hv_generic (Naman Jain) - uio_hv_generic: Fix kernel NULL pointer dereference in hv_uio_rescind (Saurabh Sengar) [Orabug: 37074473] {CVE-2024-46739} - nvmem: Fix return type of devm_nvmem_device_get() in kerneldoc (Geert Uytterhoeven) - binder: fix UAF caused by offsets overwrite (Carlos Llamas) [Orabug: 37074477] {CVE-2024-46740} - iio: fix scale application iniio_convert_raw_to_processed_unlocked (Matteo Martelli) - iio: buffer-dmaengine: fix releasing dma channel on error (David Lechner) - staging: iio: frequency: ad9834: Validate frequency parameter value (Aleksandr Mishin) [Orabug: 37159728] {CVE-2024-47663} - NFSv4: Add missing rescheduling points in nfs_client_return_marked_delegations (Trond Myklebust) - ata: pata_macio: Use WARN instead of BUG (Michael Ellerman) - lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc() (Kent Overstreet) [Orabug: 37159757] {CVE-2024-47668} - of/irq: Prevent device address out-of-bounds read in interrupt map walk (Stefan Wiehler) [Orabug: 37074488] {CVE-2024-46743} - Squashfs: sanity check symbolic link size (Phillip Lougher) [Orabug: 37074495] {CVE-2024-46744} - usbnet: ipheth: race between ipheth_close and error handling (Oliver Neukum) - Input: uinput - reject requests with unreasonable number of slots (Dmitry Torokhov) [Orabug: 37074503] {CVE-2024-46745} - HID: cougar: fix slab-out-of-bounds Read in cougar_report_fixup (Camila Alvarez) [Orabug: 37074513] {CVE-2024-46747} - btrfs: initialize location to fix -Wmaybe-uninitialized in btrfs_lookup_dentry() (David Sterba) - PCI: Add missing bridge lock to pci_bus_lock() (Dan Williams) [Orabug: 37074532] {CVE-2024-46750} - btrfs: clean up our handling of refs == 0 in snapshot delete (Josef Bacik) [Orabug: 37116494] {CVE-2024-46840} - btrfs: replace BUG_ON with ASSERT in walk_down_proc() (Josef Bacik) - smp: Add missing destroy_work_on_stack() call in smp_call_on_cpu() (Zqiang) - wifi: mwifiex: Do not return unused priv in mwifiex_get_priv_by_id() (Sascha Hauer) [Orabug: 37074561] {CVE-2024-46755} - libbpf: Add NULL checks to bpf_object__{prev_map,next_map} (Andreas Ziegler) - hwmon: (w83627ehf) Fix underflows seen when writing limit attributes (Guenter Roeck) [Orabug: 37074566] {CVE-2024-46756} - hwmon: (nct6775-core) Fix underflows seen when writing limit attributes (Guenter Roeck) [Orabug: 37074571] {CVE-2024-46757} - hwmon: (lm95234) Fix underflows seen when writinglimit attributes (Guenter Roeck) [Orabug: 37074579] {CVE-2024-46758} - hwmon: (adc128d818) Fix underflows seen when writing limit attributes (Guenter Roeck) [Orabug: 37074584] {CVE-2024-46759} - pci/hotplug/pnv_php: Fix hotplug driver crash on Powernv (Krishna Kumar) [Orabug: 37074595] {CVE-2024-46761} - devres: Initialize an uninitialized struct member (Zijun Hu) - um: line: always fill *error_out in setup_one_line() (Johannes Berg) [Orabug: 37116518] {CVE-2024-46844} - cgroup: Protect css-> cgroup write under css_set_lock (Waiman Long) - iommu/vt-d: Handle volatile descriptor status read (Jacob Pan) - dm init: Handle minors larger than 255 (Benjamin Marzinski) - ASoC: topology: Properly initialize soc_enum values (Amadeusz SÅawiÅski) - net: dsa: vsc73xx: fix possible subblocks range of CAPT block (Pawel Dembicki) - net: bridge: br_fdb_external_learn_add(): always set EXT_LEARN (Jonas Gorski) - net: bridge: fdb: convert added_by_external_learn to use bitops (Nikolay Aleksandrov) - net: bridge: fdb: convert added_by_user to bitops (Nikolay Aleksandrov) - net: bridge: fdb: convert is_sticky to bitops (Nikolay Aleksandrov) - net: bridge: fdb: convert is_static to bitops (Nikolay Aleksandrov) - net: bridge: fdb: convert is_local to bitops (Nikolay Aleksandrov) - usbnet: modern method to get random MAC (Oliver Neukum) - net: usb: don't write directly to netdev-> dev_addr (Jakub Kicinski) - drivers/net/usb: Remove all strcpy() uses (Len Baker) - cx82310_eth: re-enable ethernet mode after router reboot (Ondrej Zary) - tcp_bpf: fix return value of tcp_bpf_sendmsg() (Cong Wang) [Orabug: 37074693] {CVE-2024-46783} - platform/x86: dell-smbios: Fix error path in dell_smbios_init() (Aleksandr Mishin) - can: bcm: Remove proc entry when dev is unregistered. (Kuniyuki Iwashima) [Orabug: 37074625] {CVE-2024-46771} - pcmcia: Use resource_size function on resource object (Jules Irenge) - media: qcom: camss: Add check for v4l2_fwnode_endpoint_parse (Chen Ni) - PCI: keystone: Add workaround for Errata #i2037 (AM65x SR 1.0)(Kishon Vijay Abraham I) [Orabug: 37159750] {CVE-2024-47667} - usb: uas: set host status byte on data completion error (Shantanu Goel) - wifi: brcmsmac: advertise MFP_CAPABLE to enable WPA3 (Arend van Spriel) - udf: Avoid excessive partition lengths (Jan Kara) [Orabug: 37074665] {CVE-2024-46777} - netfilter: nf_conncount: fix wrong variable type (Yunjian Wang) - af_unix: Remove put_pid()/put_cred() in copy_peercred(). (Kuniyuki Iwashima) - irqchip/armada-370-xp: Do not allow mapping IRQ 0 and 1 (Pali RohÃ¡r) - smack: unix sockets: fix accept()ed socket label (Konstantin Andreev) - ALSA: hda: Add input value sanity checks to HDMI channel map controls (Takashi Iwai) - nilfs2: fix state management in error path of log writing function (Ryusuke Konishi) [Orabug: 37159765] {CVE-2024-47669} - nilfs2: fix missing cleanup on rollforward recovery error (Ryusuke Konishi) [Orabug: 37074684] {CVE-2024-46781} - sched: sch_cake: fix bulk flow accounting logic for host fairness (Toke HÃ¸iland-JÃ¸rgensen) [Orabug: 37116443] {CVE-2024-46828} - ila: call nf_unregister_net_hooks() sooner (Eric Dumazet) [Orabug: 37074689] {CVE-2024-46782} - clk: qcom: clk-alpha-pll: Fix the trion pll postdiv set rate API (Satya Priya Kakitapalli) - clk: qcom: clk-alpha-pll: Fix the pll post div mask (Satya Priya Kakitapalli) - clk: hi6220: use CLK_OF_DECLARE_DRIVER (Peter Griffin) - reset: hi6220: Add support for AO reset controller (Peter Griffin) - fuse: use unsigned type for getxattr/listxattr size truncation (Jann Horn) - fuse: update stats for pages in dropped aux writeback list (Joanne Koong) - mmc: sdhci-of-aspeed: fix module autoloading (Liao Chen) - mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K (Sam Protsenko) - irqchip/gic-v2m: Fix refcount leak in gicv2m_of_init() (Ma Ke) - ata: libata: Fix memory leak for error path in ata_host_alloc() (Zheng Qixing) - ALSA: hda/conexant: Add pincfg quirk to enable top speakers on Sirius devices (Christoffer Sandberg) - ASoC: dapm: Fix UAF for snd_soc_pcm_runtime object (robelin)[Orabug: 37074722] {CVE-2024-46798} - sch/netem: fix use after free in netem_dequeue (Stephen Hemminger) [Orabug: 37074726] {CVE-2024-46800} - i2c: Use IS_REACHABLE() for substituting empty ACPI functions (Richard Fitzgerald) - udf: Limit file size to 4TB (Jan Kara) - virtio_net: Fix napi_skb_cache_put warning (Breno Leitao) [Orabug: 36964474] {CVE-2024-43835} - net: set SOCK_RCU_FREE before inserting socket into hashtable (Stanislav Fomichev) - block: initialize integrity buffer to zero before writing it to media (Christoph Hellwig) [Orabug: 36964515] {CVE-2024-43854} - media: uvcvideo: Enforce alignment of frame and interval (Ricardo Ribalda) - drm/amd/display: Skip wbscl_set_scaler_filter if filter is null (Alex Hung) [Orabug: 37073032] {CVE-2024-46714} - wifi: cfg80211: make hash table duplicates more survivable (Johannes Berg) - smack: tcp: ipv4, fix incorrect labeling (Casey Schaufler) - usb: typec: ucsi: Fix null pointer dereference in trace (Abhishek Pandit-Subedi) [Orabug: 37073065] {CVE-2024-46719} - usbip: Don't submit special requests twice (Simon Holesch) - ionic: fix potential irq name truncation (Shannon Nelson) - apparmor: fix possible NULL pointer dereference (Leesoo Ahn) [Orabug: 37073078] {CVE-2024-46721} - drm/amdkfd: Reconcile the definition and use of oem_id in struct kfd_topology_device (Michael Chen) - drm/amdgpu: fix mc_data out-of-bounds read warning (Tim Huang) [Orabug: 37073083] {CVE-2024-46722} - drm/amdgpu: fix ucode out-of-bounds read warning (Tim Huang) [Orabug: 37073088] {CVE-2024-46723} - drm/amd/display: Fix Coverity INTEGER_OVERFLOW within dal_gpio_service_create (Hersen Wu) - drm/amd/display: Check num_valid_sets before accessing reader_wm_sets[] (Alex Hung) [Orabug: 37116366] {CVE-2024-46815} - drm/amd/display: Stop amdgpu_dm initialize when stream nums greater than 6 (Hersen Wu) [Orabug: 37116376] {CVE-2024-46817} - drm/amd/display: Check gpio_id before used as array index (Alex Hung) [Orabug: 37116385] {CVE-2024-46818} - drm/amdgpu: fix overflowed array index read warning(Tim Huang) - drm/amdgpu: Fix uninitialized variable warning in amdgpu_afmt_acr (Ma Jun) - net: usb: qmi_wwan: add MeiG Smart SRM825L (ZHANG Yuntian) - i2c: Fix conditional for substituting empty ACPI functions (Richard Fitzgerald) - drm: panel-orientation-quirks: Add quirk for OrangePi Neo (Philip Mueller) - LTS tag: v5.4.283 (Sherry Yang) - scsi: aacraid: Fix double-free on probe failure (Ben Hutchings) [Orabug: 37070700] {CVE-2024-46673} - net: dsa: mv8e6xxx: Fix stub function parameters (Andrew Lunn) - usb: core: sysfs: Unmerge @usb3_hardware_lpm_attr_group in remove_power_attributes() (Zijun Hu) - usb: dwc3: st: add missing depopulate in probe error path (Krzysztof Kozlowski) - usb: dwc3: st: fix probed platform device ref count on probe error path (Krzysztof Kozlowski) [Orabug: 37070705] {CVE-2024-46674} - usb: dwc3: core: Prevent USB core invalid event buffer address access (Selvarasu Ganesan) [Orabug: 37070710] {CVE-2024-46675} - usb: dwc3: omap: add missing depopulate in probe error path (Krzysztof Kozlowski) - USB: serial: option: add MeiG Smart SRM825L (ZHANG Yuntian) - cdc-acm: Add DISABLE_ECHO quirk for GE HealthCare UI Controller (Ian Ray) - soc: qcom: cmd-db: Map shared memory as WC, not WB (Volodymyr Babchuk) - nfc: pn533: Add poll mod list filling check (Aleksandr Mishin) [Orabug: 37070717] {CVE-2024-46676} - nfc: pn533: Add autopoll capability (Lars Poeschel) - nfc: pn533: Add dev_up/dev_down hooks to phy_ops (Lars Poeschel) - net: busy-poll: use ktime_get_ns() instead of local_clock() (Eric Dumazet) - gtp: fix a potential NULL pointer dereference (Cong Wang) [Orabug: 37070722] {CVE-2024-46677} - ethtool: check device is present when getting link settings (Jamie Bainbridge) [Orabug: 37070728] {CVE-2024-46679} - r8152: Factor out OOB link list waits (Prashant Malani) - soundwire: stream: fix programming slave ports for non-continous port maps (Krzysztof Kozlowski) - cgroup/cpuset: Prevent UAF in proc_cpuset_show() (Chen Ridong) [Orabug: 36964510] {CVE-2024-43853} - ata: libata-core: Fix nullpointer dereference on error (Niklas Cassel) [Orabug: 36897457] {CVE-2024-41098} - media: uvcvideo: Fix integer overflow calculating timestamp (Ricardo Ribalda) - drm/amdkfd: don't allow mapping the MMIO HDP page with large pages (Alex Deucher) [Orabug: 36867631] {CVE-2024-41011} - wifi: mwifiex: duplicate static structs used in driver instances (Sascha Hauer) - pinctrl: single: fix potential NULL dereference in pcs_get_function() (Ma Ke) [Orabug: 37070744] {CVE-2024-46685} - drm/amdgpu: Using uninitialized value *size when calling amdgpu_vce_cs_reloc (Jesse Zhang) [Orabug: 36898009] {CVE-2024-42228} (Alexander Lobakin) - Input: MT - limit max slots (Tetsuo Handa) [Orabug: 37029137] {CVE-2024-45008} - Bluetooth: hci_ldisc: check HCI_UART_PROTO_READY flag in HCIUARTGETPROTO (Lee, Chun-Yi) [Orabug: 36654191] {CVE-2023-31083} - mmc: dw_mmc: allow biu and ciu clocks to defer (Ben Whitten) - cxgb4: add forgotten u64 ivlan cast before shift (Nikolay Kuratov) - HID: microsoft: Add rumble support to latest xbox controllers (Siarhei Vishniakou) - HID: wacom: Defer calculation of resolution until resolution_code is known (Jason Gerecke) - Bluetooth: MGMT: Add error handling to pair_device() (Griffin Kroah-Hartman) [Orabug: 36992976] {CVE-2024-43884} - mmc: mmc_test: Fix NULL dereference on allocation failure (Dan Carpenter) [Orabug: 37070691] {CVE-2024-45028} - drm/msm/dpu: don't play tricks with debug macros (Dmitry Baryshkov) - drm/msm: use drm_debug_enabled() to check for debug categories (Jani Nikula) - net: xilinx: axienet: Fix dangling multicast addresses (Sean Anderson) - net: xilinx: axienet: Always disable promiscuous mode (Sean Anderson) - ipv6: prevent UAF in ip6_send_skb() (Eric Dumazet) [Orabug: 37029076] {CVE-2024-44987} - netem: fix return value if duplicate enqueue fails (Stephen Hemminger) [Orabug: 37070660] {CVE-2024-45016} - net: dsa: mv88e6xxx: Fix out-of-bound access (Joseph Huang) [Orabug: 37029082] {CVE-2024-44988} - net: dsa: mv88e6xxx: replace ATU violation prints with trace points (VladimirOltean) - net: dsa: mv88e6xxx: read FID when handling ATU violations (Hans J. Schultz) - net: dsa: mv88e6xxx: global1_atu: Add helper for get next (Andrew Lunn) - net: dsa: mv88e6xxx: global2: Expose ATU stats register (Andrew Lunn) - netfilter: nft_counter: Synchronize nft_counter_reset() against reader. (Sebastian Andrzej Siewior) - kcm: Serialise kcm_sendmsg() for the same socket. (Kuniyuki Iwashima) [Orabug: 37013761] {CVE-2024-44946} - tc-testing: don't access non-existent variable on exception (Simon Horman) - Bluetooth: hci_core: Fix LE quote calculation (Luiz Augusto von Dentz) - Bluetooth: hci_core: Fix not handling link timeouts propertly (Luiz Augusto von Dentz) - Bluetooth: Make use of __check_timeout on hci_sched_le (Luiz Augusto von Dentz) - dm suspend: return -ERESTARTSYS instead of -EINTR (Mikulas Patocka) - dm: do not use waitqueue for request-based DM (Ming Lei) - dm mpath: pass IO start time to path selector (Gabriel Krisman Bertazi) - media: solo6x10: replace max(a, min(b, c)) by clamp(b, a, c) (Aurelien Jarno) - block: use "unsigned long" for blk_validate_block_size(). (Tetsuo Handa) - gtp: pull network headers in gtp_dev_xmit() (Eric Dumazet) [Orabug: 37029111] {CVE-2024-44999} - hrtimer: Prevent queuing of hrtimer without a function callback (Phil Chang) - nvmet-rdma: fix possible bad dereference when freeing rsps (Sagi Grimberg) - ext4: set the type of max_zeroout to unsigned int to avoid overflow (Baokun Li) - irqchip/gic-v3-its: Remove BUG_ON in its_vpe_irq_domain_alloc (Guanrui Huang) - usb: dwc3: core: Skip setting event buffers for host only controllers (Krishna Kurapati) - s390/iucv: fix receive buffer virtual vs physical address confusion (Alexander Gordeev) - openrisc: Call setup_memory() earlier in the init sequence (Oreoluwa Babatunde) - NFS: avoid infinite loop in pnfs_update_layout. (NeilBrown) - nvmet-tcp: do not continue for invalid icreq (Hannes Reinecke) - Bluetooth: bnep: Fix out-of-bound access (Luiz Augusto von Dentz) - nvme: clear caller pointer on identify failure(Keith Busch) - usb: gadget: fsl: Increase size of name buffer for endpoints (Uwe Kleine-KÃ¶nig) - f2fs: fix to do sanity check in update_sit_entry (Zhiguo Niu) - btrfs: delete pointless BUG_ON check on quota root in btrfs_qgroup_account_extent() (David Sterba) - btrfs: send: handle unexpected data in header buffer in begin_cmd() (David Sterba) - btrfs: handle invalid root reference found in may_destroy_subvol() (David Sterba) - btrfs: change BUG_ON to assertion when checking for delayed_node root (David Sterba) - powerpc/boot: Only free if realloc() succeeds (Michael Ellerman) - powerpc/boot: Handle allocation failure in simple_realloc() (Li zeming) - parisc: Use irq_enter_rcu() to fix warning at kernel/context_tracking.c:367 (Helge Deller) - x86: Increase brk randomness entropy for 64-bit systems (Kees Cook) - md: clean up invalid BUG_ON in md_ioctl (Li Nan) - virtiofs: forbid newlines in tags (Stefan Hajnoczi) - drm/lima: set gp bus_stop bit before hard reset (Erico Nunes) - net/sun3_82586: Avoid reading past buffer in debug output (Kees Cook) - scsi: lpfc: Initialize status local variable in lpfc_sli4_repost_sgl_list() (Justin Tee) - fs: binfmt_elf_efpic: don't use missing interpreter's properties (Max Filippov) - media: pci: cx23885: check cx23885_vdev_init() return (Hans Verkuil) - quota: Remove BUG_ON from dqget() (Jan Kara) - ext4: do not trim the group with corrupted block bitmap (Baokun Li) - nvmet-trace: avoid dereferencing pointer too early (Daniel Wagner) - powerpc/xics: Check return value of kasprintf in icp_native_map_one_cpu (Kunwu Chan) - IB/hfi1: Fix potential deadlock on &irq_src_lock and &dd-> uctxt_lock (Chengfeng Ye) - wifi: iwlwifi: abort scan when rfkill on but device enabled (Miri Korenblit) - gfs2: setattr_chown: Add missing initialization (Andreas Gruenbacher) - scsi: spi: Fix sshdr use (Mike Christie) - binfmt_misc: cleanup on filesystem umount (Christian Brauner) - staging: ks7010: disable bh on tx_dev_lock (Chengfeng Ye) - media: radio-isa: use dev_name to fill in bus_info (HansVerkuil) - i2c: riic: avoid potential division by zero (Wolfram Sang) - wifi: cw1200: Avoid processing an invalid TIM IE (Jeff Johnson) - ssb: Fix division by zero issue in ssb_calc_clock_rate (Rand Deeb) - net: hns3: fix a deadlock problem when config TC during resetting (Jie Wang) [Orabug: 37029098] {CVE-2024-44995} - net: dsa: vsc73xx: pass value in phy_write operation (Pawel Dembicki) - net: axienet: Fix register defines comment description (Radhey Shyam Pandey) - net: axienet: Autodetect 64-bit DMA capability (Andre Przywara) - net: axienet: Upgrade descriptors to hold 64-bit addresses (Andre Przywara) - net: axienet: Wrap DMA pointer writes to prepare for 64 bit (Andre Przywara) - net: axienet: Drop MDIO interrupt registers from ethtools dump (Andre Przywara) - net: axienet: Check for DMA mapping errors (Andre Przywara) - net: axienet: Factor out TX descriptor chain cleanup (Andre Przywara) - net: axienet: Improve DMA error handling (Andre Przywara) - net: axienet: Fix DMA descriptor cleanup path (Andre Przywara) - atm: idt77252: prevent use after free in dequeue_rx() (Dan Carpenter) [Orabug: 37029105] {CVE-2024-44998} - net/mlx5e: Correctly report errors for ethtool rx flows (Cosmin Ratiu) - s390/uv: Panic for set and remove shared access UVC errors (Claudio Imbrenda) - btrfs: rename bitmap_set_bits() -> btrfs_bitmap_set_bits() (Alexander Lobakin) - s390/cio: rename bitmap_size() -> idset_bitmap_size() (Alexander Lobakin) - overflow: Implement size_t saturating arithmetic helpers (Kees Cook) - overflow.h: Add flex_array_size() helper (Gustavo A. R. Silva) - memcg_write_event_control(): fix a user-triggerable oops (Al Viro) [Orabug: 37070672] {CVE-2024-45021} - drm/amdgpu: Actually check flags for all context ops. (Bas Nieuwenhuizen) - selinux: fix potential counting error in avc_add_xperms_decision() (Zhen Lei) - fix bitmap corruption on close_range() with CLOSE_RANGE_UNSHARE (Al Viro) [Orabug: 37070680] {CVE-2024-45025} - bitmap: introduce generic optimized bitmap_size() (Alexander Lobakin) - vfs:Don't evict inode under the inode lru traversing context (Zhihao Cheng) [Orabug: 37029119] {CVE-2024-45003} - dm persistent data: fix memory allocation failure (Mikulas Patocka) - dm resume: don't return EINVAL when signalled (Khazhismel Kumykov) - arm64: ACPI: NUMA: initialize all values of acpi_early_node_map to NUMA_NO_NODE (Haibo Xu) - s390/dasd: fix error recovery leading to data corruption on ESE devices (Stefan Haberland) [Orabug: 37070687] {CVE-2024-45026} - xhci: Fix Panther point NULL pointer deref at full-speed re-enumeration (Mathias Nyman) [Orabug: 37029125] {CVE-2024-45006} - ALSA: usb-audio: Support Yamaha P-125 quirk entry (Juan JosÃ© Arboleda) - fuse: Initialize beyond-EOF page contents before setting uptodate (Jann Horn) [Orabug: 37017951] {CVE-2024-44947} [5.4.17-2136.337.1.el8uek] - wireguard: netlink: check for dangling peer via is_dead instead of empty list (Jason A. Donenfeld) [Orabug: 36596766] {CVE-2024-26951} - xsigo: add prefix xve/xsvnic with gro and __path_find (Alok Tiwari) [Orabug: 37089693] _______________________________________________ El-errata mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. https://oss.oracle.com/mailman/listinfo/el-errata . Critical security patch released for the Oracle Linux kernel, focusing on various bugs and weaknesses. More information is available here.. Oracle Linux Security, Kernel Updates, Important Security Updates, Oracle Advisory. . Severity: Critical. LinuxSecurity.com Team

Dec 17, 2024 •Critical Oracle

security advisorycriticalsoftware update

SUSE: 2024:4006-1 critical: Security Updates for Manager 4.3

* bsc#1146701 * bsc#1211899 * bsc#1212985 * bsc#1217003 * bsc#1217338 . # Maintenance update for SUSE Manager 4.3: Server, Proxy and Retail Branch Server Announcement ID: SUSE-SU-2024:4006-1 Release Date: 2024-11-18T13:20:05Z Rating: critical References: * bsc#1146701 * bsc#1211899 * bsc#1212985 * bsc#1217003 * bsc#1217338 * bsc#1217978 * bsc#1218090 * bsc#1219450 * bsc#1219645 * bsc#1219887 * bsc#1221435 * bsc#1221505 * bsc#1223312 * bsc#1223988 * bsc#1224108 * bsc#1224209 * bsc#1225603 * bsc#1225619 * bsc#1225960 * bsc#1226090 * bsc#1226439 * bsc#1226461 * bsc#1226478 * bsc#1226687 * bsc#1226917 * bsc#1227133 * bsc#1227334 * bsc#1227406 * bsc#1227526 * bsc#1227543 * bsc#1227599 * bsc#1227606 * bsc#1227746 * bsc#1228036 * bsc#1228101 * bsc#1228130 * bsc#1228147 * bsc#1228286 * bsc#1228326 * bsc#1228345 * bsc#1228412 * bsc#1228545 * bsc#1228638 * bsc#1228851 * bsc#1228945 * bsc#1229079 * bsc#1229178 * bsc#1229260 * bsc#1229339 * bsc#1231332 * bsc#1231852 * bsc#1231900 * bsc#1231922 * jsc#MSQA-863 Cross-References: * CVE-2024-47533 * CVE-2024-49502 * CVE-2024-49503 CVSS scores: * CVE-2024-47533 ( SUSE ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2024-49502 ( SUSE ): 4.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2024-49502 ( SUSE ): 3.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N * CVE-2024-49503 ( SUSE ): 4.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2024-49503 ( SUSE ): 3.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N Affected Products: * openSUSE Leap 15.3 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 * SUSE Linux Enterprise Desktop 15 SP1 * SUSE Linux Enterprise Desktop 15 SP2 * SUSE Linux Enterprise Desktop 15 SP3 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE LinuxEnterprise Desktop 15 SP6 * SUSE Linux Enterprise High Performance Computing 15 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.0 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP1 * SUSE Linux Enterprise Real Time 15 SP2 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Manager Client Tools for SLE 15 * SUSE Manager Client Tools for SLE Micro 5 * SUSE Manager Proxy 4.3 * SUSE Manager Proxy 4.3 Module 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * SUSE Manager Server 4.3 Module 4.3 An update that solves three vulnerabilities, contains one feature and has 50 security fixes can now be installed. ## Security update for SUSE Manager Proxy and Retail Branch Server 4.3 ### Description: This update fixesthe following issues: mgr-daemon: * Version 4.3.11-0 * Update translation strings spacecmd: * Version 4.3.29-0 * Speed up softwarechannel_removepackages (bsc#1227606) spacewalk-backend: * Version 4.3.30-0 * Make ISSv1 timezone independent (bsc#1221505) * reposync: introduce timeout when syncing DEB channels (bsc#1225960) * yum_src: use proper name variable name for subprocess.TimeoutExpired * Check and populate PTF attributes at the time of importing packages (bsc#1225619) * reposync: import GPG keys to RPM DB individually (bsc#1217003) * Add log string to the journal when services are stopped because of insufficient disk space spacewalk-certs-tools: * Version 4.3.26-0 * Fix private key format in jabberd certificate file (bsc#1228851) * Fix parsing Authority Key Identifier when keyid is not prefixed (bsc#1229079) * Support multiple certificates for root-ca-file and server-cert-file spacewalk-client-tools: * Version 4.3.21-0 * Update translation strings spacewalk-proxy: * Version 4.3.19-0 * Allow execute of ssh-keygen command on the Proxy to clean up SSH known_hosts (bsc#1228345) spacewalk-web: * Security issues fixed: * Version 4.3.42-0 * CVE-2024-49503: Escape organization credentials username to mitigate XSS vulnerability (bsc#1231922) * Version 4.3.41-0 * CVE-2024-49502: Validate proxy hostname format and escape proxy username to mitigate XSS vulnerabilities (bsc#1231852) * Bugs fixed: * Version 4.3.40-0 * Fix channel selection using SSM (bsc#1226917) * Fix datetime selection when using maintenance windows (bsc#1228036) susemanager-build-keys: * Extended 2048 bit SUSE SLE 12, 15 GA-SP5 key until 2028. (bsc#1229339) uyuni-common-libs: * Version 4.3.11-0 * Enforce directory permissions at repo-sync when creating directories (bsc#1229260) * Make ISSv1 timezone independent (bsc#1221505) uyuni-proxy-systemd-services: * version 4.3.14-0 * Update to SUSE Manager 4.3.14 How to apply thisupdate: 1. Log in as root user to the SUSE Manager Proxy or Retail Branch Server. 2. Stop the proxy service: `spacewalk-proxy stop` 3. Apply the patch using either zypper patch or YaST Online Update. 4. Start the Spacewalk service: `spacewalk-proxy start` ## Security update for SUSE Manager Server 4.3 ### Description: This update fixes the following issues: cobbler: * Security issues fixed: * CVE-2024-47533: Prevent privilege escalation from none to admin (bsc#1231332) * Other bugs fixed: * Increase start timeout for cobblerd unit (bsc#1219450) * Provide sync_single_system for DHCP modules to improve performance (bsc#1219450) * Add input_string_*, input_boolean, input_int functions to public API * Add new setting for Uyuni authentication endpoint (bsc#1219887) grafana-formula: * Version 0.11.0 * Add SLES 15 SP6 to supported versions (bsc#1228286) inter-server-sync: * Version 0.3.5-0 * Decode boolean values for export (bsc#1228545) saltboot-formula: * Update to version 0.1.1723628891.ffb1da5 * Rework request stop function to avoid unnecessary warnings (bsc#1212985) spacecmd: * Version 4.3.29-0 * Speed up softwarechannel_removepackages (bsc#1227606) spacewalk-backend: * Version 4.3.30-0 * Make ISSv1 timezone independent (bsc#1221505) * reposync: introduce timeout when syncing DEB channels (bsc#1225960) * yum_src: use proper name variable name for subprocess.TimeoutExpired * Check and populate PTF attributes at the time of importing packages (bsc#1225619) * reposync: import GPG keys to RPM DB individually (bsc#1217003) * Add log string to the journal when services are stopped because of insufficient disk space spacewalk-certs-tools: * Version 4.3.26-0 * Fix private key format in jabberd certificate file (bsc#1228851) * Fix parsing Authority Key Identifier when keyid is not prefixed (bsc#1229079) * Support multiple certificates for root-ca-file and server-cert-file spacewalk-client-tools: * Version 4.3.21-0 *Update translation strings spacewalk-config: * Version 4.3.14-0 * Trust the Content-Length header from AJP (bsc#1226439) spacewalk-java: * Version 4.3.82-0 * Limit frontend-log message size (bsc#1231900) * Version 4.3.81-0 * Add detection of Ubuntu 24.04 * Version 4.3.80-0 * Use custom select instead of errata view for better performance (bsc#1225619) * Version 4.3.79-0 * Add info URL for cobbler to clean the system profile (bsc#1219645) * Require correct scap packages for Ubuntu * Require correct scap packages for Debian 12 (bsc#1227746) * Fix finding system_checkin_threshold configuration value on Sytems Overview page (bsc#1224108) * Allow changing base channel to SUSE Liberty Linux LTSS when the system is on Liberty (bsc#1228326) * Implement product migration from RHEL and Clones to SUSE Liberty Linux * Remove system also from proxy SSH known_hosts (bsc#1228345) * Fix NullPointerException when generating subscription matcher input (bsc#1228638) * Allow free products and SUSE Manager Proxy being managed by SUSE Manager Server PAYG * Open bootstrap script directory URL in a new page (bsc#1225603) * Delay package list refresh when Salt was updated (bsc#1217978) * Add SLE Micro 5 to the list of systems which support monitoring (bsc#1227334) * Add all SLE Micro systems to the list of systems which get PTF repositories * Update last sync refresh timestamp only when at least one time products were synced before * Prevent NullPointerException when listing history events without completion time (bsc#1146701) * Autoinstallation: prevent issues with duplicate IP address due to some networks (bsc#1226461) * Improve SQL queries and performance to check for PTF packages (bsc#1225619) * Check the correct Salt package before product migration (bsc#1224209) * Fix the date format output when using the HTTP API to use ISO 8601 format (bsc#1227543) * Fix transactional update check for SL Micro (bsc#1227406) * Improve scorecomparison in system search to fix ISE (bsc#1228412) * Fix package profile update on CentOS 7 when yum-utils is not installed (bsc#1227133) spacewalk-utils: * Version 4.3.22-0 * Add repositories for Ubuntu 24.04 LTS * Version 4.3.21-0 * Drop unsupported tool spacewalk-final-archive as it is broken and may disclose sensitive information (bsc#1228945) spacewalk-web: * Security issues fixed: * Version 4.3.42-0 * CVE-2024-49503: Escape organization credentials username to mitigate XSS vulnerability (bsc#1231922) * Version 4.3.41-0 * CVE-2024-49502: Validate proxy hostname format and escape proxy username to mitigate XSS vulnerabilities (bsc#1231852) * Bugs fixed: * Version 4.3.40-0 * Fix channel selection using SSM (bsc#1226917) * Fix datetime selection when using maintenance windows (bsc#1228036) susemanager: * Version 4.3.39-0 * Enable bootstrapping for Ubuntu 24.04 LTS * Version 4.3.38-0 * Add missing package python3-ply to bootstrap repo definition (bsc#1228130) * Create special bootstrap data for SUSE Manager Server 4.3 with LTSS updates for Hub scenario (bsc#1211899) * Add LTSS updates to SUSE Manager Proxy 4.3 bootstrap data * Add traditional stack to boostrap repo on sles15sp6 (bsc#1228147) * Change package to libdbus-glib-1-2 on sle15sp6 (bsc#1228147) susemanager-build-keys: * Extended 2048 bit SUSE SLE 12, 15 GA-SP5 key until 2028. (bsc#1229339) susemanager-docs_en: * Documented Ubuntu 24.04 LTS as a supported client OS in Client * SUSE Manager 4.3.14 documentation update * In network ports section, deleted partially outdated image, added port 443 for clients, and removed Cobbler only used internally (bsc#1217338) * Added installer-updates.suse.com to the list of URLs in Installation and Upgrade Guide (bsc#1229178) * Enhanced instructions about the permissions for the IAM role in Public Cloud Guide * Fixed OS minor number in Client Configuration Guide (bsc#1218090) * Added warning about Package Hub(bsc#1221435) * Removed Verify Packages section from Package Management chapter in Client Configuration Guide * Added note about usernames in PAM section in Administration Guide (bsc#1227599) * Updated Content Lifecycle Management (CLM) examples for Red Hat Enterprise Linux 9 (bsc#1226687) * Added VM based proxy installation in Installation and Upgrade Guide * Fixed PostgreSQL name entity * Improved Large Deployments Guide with better tuning values and extra parameters added * Updated lists of SUSE Linux Enterprise hardening profiles in openSCAP chapter in the Administration Guide susemanager-schema: * Version 4.3.27-0 * Introduce new attributes to detect PTF packages (bsc#1225619) susemanager-sls: * Version 4.3.45-0 * Start using DEB822 format for repository sources beginning with Ubuntu 24.04 * Version 4.3.44-0 * Speed-up mgrutil.remove_ssh_known_host runner (bsc#1223312) * Implement product migration from RHEL and clones to SUSE Liberty Linux * Disable transactional-update.timer on SLEM at bootstrap * Explicitly remove old venv-minion environment when updating Python versions * sumautil: properly detect bridge interfaces (bsc#1226461) * Fix typo on directories to clean up when deleting a system (bsc#1228101) * Translate GPG URL if it has server name and client behind proxy (bsc#1223988) * Fix yum-utils package missing on CentOS7 minions (bsc#1227133) * Implement IMDSv2 for AWS instance detection (bsc#1226090) * Fix package profile update on CentOS 7 when yum-utils is not installed (bsc#1227133) * Fix parsing passwords with special characters for PostgreSQL exporter susemanager-sync-data: * Version 4.3.21-0 * Add SLES15-SP5-LTSS channel families * Add MicroOS PPC channel family * Version 4.3.20-0 * Add Ubuntu 24.04 support * Version 4.3.19-0 * Fix CentOS 7 repo urls (bsc#1227526) * Add channel family for SLES 12 SP5 LTSS Extended Security * Implement product migration from RHEL and clones to SUSE LibertyLinux uyuni-common-libs: * Version 4.3.11-0 * Enforce directory permissions at repo-sync when creating directories (bsc#1229260) * Make ISSv1 timezone independent (bsc#1221505) uyuni-reportdb-schema: * Version 4.3.11-0 * Change Errata CVE column to type text as a varchar reaches the maximum (bsc#1226478) How to apply this update: 1. Log in as root user to the SUSE Manager Server. 2. Stop the Spacewalk service: `spacewalk-service stop` 3. Apply the patch using either zypper patch or YaST Online Update. 4. Start the Spacewalk service: `spacewalk-service start` ## Recommended update for SUSE Manager Client Tools ### Description: This update fixes the following issues: uyuni-proxy-systemd-services: * version 4.3.14-0 * Update to SUSE Manager 4.3.14 ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Manager Client Tools for SLE Micro 5 zypper in -t patch SUSE-SLE-Manager-Tools-For-Micro-5-2024-4006=1 * SUSE Manager Proxy 4.3 Module 4.3 zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.3-2024-4006=1 * SUSE Manager Server 4.3 Module 4.3 zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.3-2024-4006=1 * SUSE Manager Client Tools for SLE 15 zypper in -t patch SUSE-SLE-Manager-Tools-15-2024-4006=1 ## Package List: * SUSE Manager Client Tools for SLE Micro 5 (noarch) * uyuni-proxy-systemd-services-4.3.14-150000.1.27.4 * SUSE Manager Proxy 4.3 Module 4.3 (noarch) * spacewalk-proxy-redirect-4.3.19-150400.3.29.9 * python3-spacewalk-certs-tools-4.3.26-150400.3.36.7 * spacewalk-proxy-package-manager-4.3.19-150400.3.29.9 * spacewalk-client-tools-4.3.21-150400.3.33.11 * uyuni-proxy-systemd-services-4.3.14-150000.1.27.4 * mgr-daemon-4.3.11-150400.3.21.6 * spacewalk-base-minimal-4.3.42-150400.3.52.1 * spacewalk-backend-4.3.30-150400.3.47.16 * spacecmd-4.3.29-150400.3.42.8 * spacewalk-proxy-salt-4.3.19-150400.3.29.9 * python3-spacewalk-client-setup-4.3.21-150400.3.33.11 * python3-spacewalk-client-tools-4.3.21-150400.3.33.11 * spacewalk-certs-tools-4.3.26-150400.3.36.7 * spacewalk-client-setup-4.3.21-150400.3.33.11 * spacewalk-proxy-common-4.3.19-150400.3.29.9 * susemanager-build-keys-15.4.10-150400.3.29.4 * spacewalk-proxy-broker-4.3.19-150400.3.29.9 * susemanager-build-keys-web-15.4.10-150400.3.29.4 * python3-spacewalk-check-4.3.21-150400.3.33.11 * spacewalk-proxy-management-4.3.19-150400.3.29.9 * spacewalk-check-4.3.21-150400.3.33.11 * spacewalk-base-minimal-config-4.3.42-150400.3.52.1 * SUSE Manager Proxy 4.3 Module 4.3 (x86_64) * python3-uyuni-common-libs-4.3.11-150400.3.21.6 * SUSE Manager Server 4.3 Module 4.3 (noarch) * spacewalk-backend-sql-postgresql-4.3.30-150400.3.47.16 * spacewalk-taskomatic-4.3.82-150400.3.96.1 * spacewalk-backend-sql-4.3.30-150400.3.47.16 * spacewalk-java-4.3.82-150400.3.96.1 * susemanager-schema-utility-4.3.27-150400.3.45.11 * spacewalk-backend-config-files-common-4.3.30-150400.3.47.16 * susemanager-schema-4.3.27-150400.3.45.11 * python3-spacewalk-certs-tools-4.3.26-150400.3.36.7 * spacewalk-backend-applet-4.3.30-150400.3.47.16 * spacewalk-java-postgresql-4.3.82-150400.3.96.1 * spacewalk-backend-server-4.3.30-150400.3.47.16 * spacewalk-client-tools-4.3.21-150400.3.33.11 * susemanager-docs_en-pdf-4.3.14-150400.9.66.2 * susemanager-docs_en-4.3.14-150400.9.66.2 * spacewalk-backend-xmlrpc-4.3.30-150400.3.47.16 * spacewalk-backend-package-push-server-4.3.30-150400.3.47.16 * spacewalk-base-minimal-4.3.42-150400.3.52.1 * spacewalk-backend-config-files-4.3.30-150400.3.47.16 * spacewalk-backend-4.3.30-150400.3.47.16 * spacecmd-4.3.29-150400.3.42.8 * spacewalk-base-4.3.42-150400.3.52.1 * python3-spacewalk-client-tools-4.3.21-150400.3.33.11 *spacewalk-backend-config-files-tool-4.3.30-150400.3.47.16 * spacewalk-certs-tools-4.3.26-150400.3.36.7 * spacewalk-backend-iss-export-4.3.30-150400.3.47.16 * spacewalk-html-4.3.42-150400.3.52.1 * susemanager-build-keys-15.4.10-150400.3.29.4 * saltboot-formula-0.1.1723628891.ffb1da5-150400.3.18.4 * spacewalk-utils-4.3.22-150400.3.29.2 * susemanager-build-keys-web-15.4.10-150400.3.29.4 * spacewalk-backend-xml-export-libs-4.3.30-150400.3.47.16 * spacewalk-java-config-4.3.82-150400.3.96.1 * susemanager-sls-4.3.45-150400.3.55.4 * spacewalk-java-lib-4.3.82-150400.3.96.1 * spacewalk-backend-app-4.3.30-150400.3.47.16 * uyuni-config-modules-4.3.45-150400.3.55.4 * spacewalk-backend-iss-4.3.30-150400.3.47.16 * spacewalk-utils-extras-4.3.22-150400.3.29.2 * cobbler-3.3.3-150400.5.52.3 * spacewalk-backend-tools-4.3.30-150400.3.47.16 * susemanager-sync-data-4.3.21-150400.3.35.2 * uyuni-reportdb-schema-4.3.11-150400.3.18.12 * spacewalk-base-minimal-config-4.3.42-150400.3.52.1 * spacewalk-config-4.3.14-150400.3.18.6 * grafana-formula-0.11.0-150400.3.21.4 * SUSE Manager Server 4.3 Module 4.3 (ppc64le s390x x86_64) * susemanager-4.3.39-150400.3.58.5 * inter-server-sync-0.3.5-150400.3.36.13 * python3-uyuni-common-libs-4.3.11-150400.3.21.6 * susemanager-tools-4.3.39-150400.3.58.5 * inter-server-sync-debuginfo-0.3.5-150400.3.36.13 * SUSE Manager Client Tools for SLE 15 (noarch) * uyuni-proxy-systemd-services-4.3.14-150000.1.27.4 ## References: * https://www.suse.com/security/cve/CVE-2024-47533.html * https://www.suse.com/security/cve/CVE-2024-49502.html * https://www.suse.com/security/cve/CVE-2024-49503.html * https://bugzilla.suse.com/show_bug.cgi?id=1146701 * https://bugzilla.suse.com/show_bug.cgi?id=1211899 * https://bugzilla.suse.com/show_bug.cgi?id=1212985 * https://bugzilla.suse.com/show_bug.cgi?id=1217003 * https://bugzilla.suse.com/show_bug.cgi?id=1217338 *https://bugzilla.suse.com/show_bug.cgi?id=1217978 * https://bugzilla.suse.com/show_bug.cgi?id=1218090 * https://bugzilla.suse.com/show_bug.cgi?id=1219450 * https://bugzilla.suse.com/show_bug.cgi?id=1219645 * https://bugzilla.suse.com/show_bug.cgi?id=1219887 * https://bugzilla.suse.com/show_bug.cgi?id=1221435 * https://bugzilla.suse.com/show_bug.cgi?id=1221505 * https://bugzilla.suse.com/show_bug.cgi?id=1223312 * https://bugzilla.suse.com/show_bug.cgi?id=1223988 * https://bugzilla.suse.com/show_bug.cgi?id=1224108 * https://bugzilla.suse.com/show_bug.cgi?id=1224209 * https://bugzilla.suse.com/show_bug.cgi?id=1225603 * https://bugzilla.suse.com/show_bug.cgi?id=1225619 * https://bugzilla.suse.com/show_bug.cgi?id=1225960 * https://bugzilla.suse.com/show_bug.cgi?id=1226090 * https://bugzilla.suse.com/show_bug.cgi?id=1226439 * https://bugzilla.suse.com/show_bug.cgi?id=1226461 * https://bugzilla.suse.com/show_bug.cgi?id=1226478 * https://bugzilla.suse.com/show_bug.cgi?id=1226687 * https://bugzilla.suse.com/show_bug.cgi?id=1226917 * https://bugzilla.suse.com/show_bug.cgi?id=1227133 * https://bugzilla.suse.com/show_bug.cgi?id=1227334 * https://bugzilla.suse.com/show_bug.cgi?id=1227406 * https://bugzilla.suse.com/show_bug.cgi?id=1227526 * https://bugzilla.suse.com/show_bug.cgi?id=1227543 * https://bugzilla.suse.com/show_bug.cgi?id=1227599 * https://bugzilla.suse.com/show_bug.cgi?id=1227606 * https://bugzilla.suse.com/show_bug.cgi?id=1227746 * https://bugzilla.suse.com/show_bug.cgi?id=1228036 * https://bugzilla.suse.com/show_bug.cgi?id=1228101 * https://bugzilla.suse.com/show_bug.cgi?id=1228130 * https://bugzilla.suse.com/show_bug.cgi?id=1228147 * https://bugzilla.suse.com/show_bug.cgi?id=1228286 * https://bugzilla.suse.com/show_bug.cgi?id=1228326 * https://bugzilla.suse.com/show_bug.cgi?id=1228345 * https://bugzilla.suse.com/show_bug.cgi?id=1228412 * https://bugzilla.suse.com/show_bug.cgi?id=1228545 *https://bugzilla.suse.com/show_bug.cgi?id=1228638 * https://bugzilla.suse.com/show_bug.cgi?id=1228851 * https://bugzilla.suse.com/show_bug.cgi?id=1228945 * https://bugzilla.suse.com/show_bug.cgi?id=1229079 * https://bugzilla.suse.com/show_bug.cgi?id=1229178 * https://bugzilla.suse.com/show_bug.cgi?id=1229260 * https://bugzilla.suse.com/show_bug.cgi?id=1229339 * https://bugzilla.suse.com/show_bug.cgi?id=1231332 * https://bugzilla.suse.com/show_bug.cgi?id=1231852 * https://bugzilla.suse.com/show_bug.cgi?id=1231900 * https://bugzilla.suse.com/show_bug.cgi?id=1231922 * https://jira.suse.com/login.jsp?permissionViolation=true&os_destination=%2Fbrowse%2FMSQA-863&page_caps=&user_role= . The latest SUSE Manager 4.3 update introduces essential enhancements and security remedies affecting numerous modules throughout both the server and proxy environments.. SUSE Manager, Security Patch, XSS Attack, Server Update, Maintenance Release. . Severity: Critical. LinuxSecurity.com Team

Nov 18, 2024 •Critical SuSE

security advisoryupdateimportant

SUSE: 2023:3474-1 Important Update – DoS Issue Resolved in Manager 4.2

* bsc#1175823 * bsc#1208528 * bsc#1208577 * bsc#1209156 * bsc#1210103 . # Maintenance update for SUSE Manager 4.2: Server, Proxy and Retail Branch Server Announcement ID: SUSE-SU-2023:3474-1 Rating: important References: * bsc#1175823 * bsc#1208528 * bsc#1208577 * bsc#1209156 * bsc#1210103 * bsc#1210994 * bsc#1211100 * bsc#1211469 * bsc#1211650 * bsc#1211884 * bsc#1212032 * bsc#1212106 * bsc#1212416 * bsc#1212507 * bsc#1212589 * bsc#1212700 * bsc#1212943 * bsc#1213880 * bsc#1214187 * bsc#1214333 * jsc#MSQA-698 Cross-References: * CVE-2023-29409 CVSS scores: * CVE-2023-29409 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-29409 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.2 Module 4.2 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Server 4.2 * SUSE Manager Server 4.2 Module 4.2 An update that solves one vulnerability, contains one feature and has 19 security fixes can now be installed. ## Recommended update for SUSE Manager Proxy and Retail Branch Server 4.2 ### Description: This update fixes the following issues: spacecmd: * Version 4.2.24-1 * Update translations spacewalk-backend: * Version 4.2.29-1 * Use a constant to get the product name in python code rather than reading rhn.conf (bsc#1212943) * Only show missing /root/.curlrc error with log_level = 5 (bsc#1212507) spacewalk-web: * Version 4.2.36-1 * Update translations * Fix VHM CPU and RAM display when 0 (bsc#1175823) * Fix parsing error when showing notification message details (bsc#1211469) How to apply this update: 1. Log in as root user to the SUSE Manager Proxy or Retail Branch Server. 2. Stop the proxy service: `spacewalk-proxy stop` 3. Apply the patch using either zypper patch or YaST Online Update. 4. Start the Spacewalk service: `spacewalk-proxy start` ## Recommended update for SUSE Manager Server 4.2 ### Description: This update fixes the followingissues: hub-xmlrpc-api: * Security fix: * CVE-2023-29409: Restrict RSA keys in certificates to less than or equal to 8192 bits to avoid DoSing client/server while validating signatures for extremely large RSA keys. (bsc#1213880) * There are no direct source changes. The CVE on hub-xmlrpc-api is fixed rebuilding the sources with the patched Go version. spacecmd: * Version 4.2.24-1 * Update translations spacewalk-backend: * Version 4.2.29-1 * Use a constant to get the product name in python code rather than reading rhn.conf (bsc#1212943) * Only show missing /root/.curlrc error with log_level = 5 (bsc#1212507) spacewalk-java: * Version 4.2.55-1 * Set swap memory value if available * Set primary FQDN to hostname if none is set (bsc#1209156, bsc#1214333) * Version 4.2.54-1 * Consider venv-salt-minion package update as a Salt update to prevent backtraces on upgrading salt with itself (bsc#1211884) * Version 4.2.53-1 * Fix "more then one method candidate found" for API function (bsc#1211100) * Fixed a bug that caused the tab Autoinstallation to hide when clicking on Power Management Management/Operations on SSM -> Provisioning * Update copyright year (bsc#1212106) * Disable jinja processing for the roster file (bsc#1211650) * Version 4.2.52-1 * Update jetty-util to version 9.4.51 * Version 4.2.51-1 * Update version of Tomcat build dependencies spacewalk-reports: * Version 4.2.8-1 * Drop Python2 compatibility (bsc#1212589) spacewalk-setup: * Version 4.2.13-1 * Drop usage of salt.ext.six in embedded_diskspace_check spacewalk-utils: * Version 4.2.20-1 * Drop Python2 compatibility spacewalk-web: * Version 4.2.36-1 * Update translation * Fix VHM CPU and RAM display when 0 (bsc#1175823) * Fix parsing error when showing notification message details (bsc#1211469) susemanager: * Version 4.2.44-1 * Require LTSS channels for SUSE Linux Enterprise 15 SP1/SP2/SP3 and SUSE Manager Proxy 4.2 (bsc#1214187) * Version 4.2.43-1 * Add missing Salt 3006.0 dependencies tobootstrap repo definitions (bsc#1212700) * Make mgr-salt-ssh to properly fix HOME environment to avoid issues with gitfs (bsc#1210994) susemanager-doc-indexes: * Typo correction for Cobbler buildiso command in Client Configuration Guide * Replaced plain text with dedicated attribute for AutoYaST * Added a note about Oracle Unbreakable Linux Network mirroring requirements in Client Configuration Guide (bsc#1212032) * Added SUSE Linux Enterprise 15 SP5 and openSUSE Leap 15.5 as supported clients in the Client Configuration Guide * Fixed missing tables of content in the Reference Guide (bsc#1208577) * Fixed instruction for Single sign-on implementation example in the Administration Guide (bsc#1210103) * Removed reference to non-exitent files in Reference Guide (bsc#1208528) susemanager-docs_en: * Typo correction for Cobbler buildiso command in Client Configuration Guide * Replaced plain text with dedicated attribute for AutoYaST * Added a note about Oracle Unbreakable Linux Network mirroring requirements in Client Configuration Guide (bsc#1212032) * Added SUSE Linux Enterprise 15 SP5 and openSUSE Leap 15.5 as supported clients in the Client Configuration Guide * Fixed missing tables of content in the Reference Guide (bsc#1208577) * Fixed instruction for Single sign-on implementation example in the Administration Guide (bsc#1210103) * Removed reference to non-exitent files in Reference Guide (bsc#1208528) susemanager-schema: * Version 4.2.29-1 * Add schema directory for susemanager-schema-4.2.29 susemanager-sls: * Version 4.2.35-1 * Do not disable salt-minion on salt-ssh managed clients * Use venv-salt-minion instead of salt for docker states (bsc#1212416) How to apply this update: 1. Log in as root user to the SUSE Manager Server. 2. Stop the Spacewalk service: `spacewalk-service stop` 3. Apply the patch using either zypper patch or YaST Online Update. 4. Start the Spacewalk service: `spacewalk-service start` ## Patch Instructions: To install this SUSE update use the SUSErecommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Manager Proxy 4.2 Module 4.2 zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.2-2023-3474=1 * SUSE Manager Server 4.2 Module 4.2 zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.2-2023-3474=1 ## Package List: * SUSE Manager Proxy 4.2 Module 4.2 (noarch) * spacewalk-backend-4.2.29-150300.4.44.5 * spacewalk-base-minimal-config-4.2.36-150300.3.47.5 * spacecmd-4.2.24-150300.4.42.3 * spacewalk-base-minimal-4.2.36-150300.3.47.5 * SUSE Manager Server 4.2 Module 4.2 (ppc64le s390x x86_64) * inter-server-sync-debuginfo-0.3.0-150300.8.36.1 * susemanager-4.2.44-150300.3.59.1 * hub-xmlrpc-api-0.7-150300.3.14.2 * inter-server-sync-0.3.0-150300.8.36.1 * susemanager-tools-4.2.44-150300.3.59.1 * SUSE Manager Server 4.2 Module 4.2 (noarch) * spacewalk-java-lib-4.2.55-150300.3.73.2 * spacewalk-backend-package-push-server-4.2.29-150300.4.44.5 * spacewalk-backend-xml-export-libs-4.2.29-150300.4.44.5 * spacewalk-base-minimal-4.2.36-150300.3.47.5 * spacewalk-utils-extras-4.2.20-150300.3.27.3 * spacewalk-setup-4.2.13-150300.3.21.3 * spacewalk-backend-iss-4.2.29-150300.4.44.5 * spacewalk-backend-xmlrpc-4.2.29-150300.4.44.5 * spacewalk-html-4.2.36-150300.3.47.5 * spacewalk-java-4.2.55-150300.3.73.2 * susemanager-doc-indexes-4.2-150300.12.48.5 * spacewalk-utils-4.2.20-150300.3.27.3 * spacewalk-backend-4.2.29-150300.4.44.5 * spacewalk-base-4.2.36-150300.3.47.5 * spacewalk-backend-tools-4.2.29-150300.4.44.5 * spacewalk-backend-sql-postgresql-4.2.29-150300.4.44.5 * susemanager-sls-4.2.35-150300.3.54.3 * spacecmd-4.2.24-150300.4.42.3 * spacewalk-java-config-4.2.55-150300.3.73.2 * susemanager-schema-4.2.29-150300.3.41.5 * spacewalk-backend-server-4.2.29-150300.4.44.5 * spacewalk-base-minimal-config-4.2.36-150300.3.47.5 * spacewalk-backend-sql-4.2.29-150300.4.44.5 * spacewalk-backend-applet-4.2.29-150300.4.44.5 *spacewalk-backend-config-files-4.2.29-150300.4.44.5 * susemanager-docs_en-pdf-4.2-150300.12.48.3 * susemanager-docs_en-4.2-150300.12.48.3 * spacewalk-java-postgresql-4.2.55-150300.3.73.2 * spacewalk-backend-config-files-tool-4.2.29-150300.4.44.5 * spacewalk-backend-app-4.2.29-150300.4.44.5 * spacewalk-reports-4.2.8-150300.3.12.3 * spacewalk-backend-iss-export-4.2.29-150300.4.44.5 * uyuni-config-modules-4.2.35-150300.3.54.3 * spacewalk-taskomatic-4.2.55-150300.3.73.2 * spacewalk-backend-config-files-common-4.2.29-150300.4.44.5 ## References: * https://www.suse.com/security/cve/CVE-2023-29409.html * https://bugzilla.suse.com/show_bug.cgi?id=1175823 * https://bugzilla.suse.com/show_bug.cgi?id=1208528 * https://bugzilla.suse.com/show_bug.cgi?id=1208577 * https://bugzilla.suse.com/show_bug.cgi?id=1209156 * https://bugzilla.suse.com/show_bug.cgi?id=1210103 * https://bugzilla.suse.com/show_bug.cgi?id=1210994 * https://bugzilla.suse.com/show_bug.cgi?id=1211100 * https://bugzilla.suse.com/show_bug.cgi?id=1211469 * https://bugzilla.suse.com/show_bug.cgi?id=1211650 * https://bugzilla.suse.com/show_bug.cgi?id=1211884 * https://bugzilla.suse.com/show_bug.cgi?id=1212032 * https://bugzilla.suse.com/show_bug.cgi?id=1212106 * https://bugzilla.suse.com/show_bug.cgi?id=1212416 * https://bugzilla.suse.com/show_bug.cgi?id=1212507 * https://bugzilla.suse.com/show_bug.cgi?id=1212589 * https://bugzilla.suse.com/show_bug.cgi?id=1212700 * https://bugzilla.suse.com/show_bug.cgi?id=1212943 * https://bugzilla.suse.com/show_bug.cgi?id=1213880 * https://bugzilla.suse.com/show_bug.cgi?id=1214187 * https://bugzilla.suse.com/show_bug.cgi?id=1214333 * . Essential upkeep notification for SUSE Manager 4.2 tackles significant concerns and patch updates for security vulnerabilities.. SUSE Manager 4.2, security fix, maintenance update. . Severity: Important. LinuxSecurity.com Team

Feb 27, 2024 •Important SuSE

Community Poll

More Polls

Stay Secure with the Latest Linux Advisories

Fedora 43 hplip Major Update Addressing Possible Arbitrary Code Execution

Oracle Linux 8 Important Kernel Security Advisory ELSA-2026-21706

Oracle Linux 8 httpd Important Denial of Service Vuln ELSA-2026-22140

Oracle Linux 8 ELSA-2026-22315 compat-openssl10 Moderate DoS Fix

Oracle Linux 8 gnutls Important Buffer Overflow Auth Bypass ELSA-2026-20611

Ubuntu 20.04 LTS nginx Security Advisory for Critical DoS Vulnerabilities

Ubuntu 20.04 LTS MySQL Important Security Issues USN-8363-2

Ubuntu 20.04 LTS GStreamer Base Significant DoS Attack Vulnerability Alert

Ubuntu 26.04 LTS python-pip Moderate DoS Regression Fix USN-8344-3

Refine advisories

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending News

Ubuntu 25.10 kmod Critical Algif_aead Privilege Escalation USN-8226-1

Ubuntu 26.04 LTS nginx Critical Denial of Service 2026-42945

Ubuntu 26.04 Docker Critical Security Threats USN-8230-1 CVE-2026-33747

Debian OpenSSH Critical DSA-6204-1 CVE-2026-3497 Remote DoS Execution

Explore Latest Linux Security advisories

SUSE: Multi-Linux Manager 4.3 Moderate Security Advisory 2025:4479-1

Fedora 43: python3-docs Update 2025-e235793f10 - Maintenance Release

SUSE Multi-Linux Manager 4.3 Important Update for CVE-2025-23392, DoS

SUSE: Multi-Linux Manager 4.3 Critical Security Update 2025:02476-1

SUSE: 2025:01985-1 moderate: Multi-Linux Manager 4.3 maintenance update

Oracle Linux 8 ELSA-2024-12884 critical: kernel security updates

SUSE: 2024:4006-1 critical: Security Updates for Manager 4.3

SUSE: 2023:3474-1 Important Update – DoS Issue Resolved in Manager 4.2

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending News

Ubuntu 25.10 kmod Critical Algif_aead Privilege Escalation USN-8226-1

Ubuntu 26.04 LTS nginx Critical Denial of Service 2026-42945

Ubuntu 26.04 Docker Critical Security Threats USN-8230-1 CVE-2026-33747

Debian OpenSSH Critical DSA-6204-1 CVE-2026-3497 Remote DoS Execution

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Stay Secure with the Latest Linux Advisories

Fedora 43 hplip Major Update Addressing Possible Arbitrary Code Execution

Oracle Linux 8 Important Kernel Security Advisory ELSA-2026-21706

Oracle Linux 8 httpd Important Denial of Service Vuln ELSA-2026-22140

Oracle Linux 8 ELSA-2026-22315 compat-openssl10 Moderate DoS Fix

Oracle Linux 8 gnutls Important Buffer Overflow Auth Bypass ELSA-2026-20611

Ubuntu 20.04 LTS nginx Security Advisory for Critical DoS Vulnerabilities

Ubuntu 20.04 LTS MySQL Important Security Issues USN-8363-2

Ubuntu 20.04 LTS GStreamer Base Significant DoS Attack Vulnerability Alert

Ubuntu 26.04 LTS python-pip Moderate DoS Regression Fix USN-8344-3

Refine advisories

severity

Topics

Distro

Published Date

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending News

Explore Latest Linux Security advisories

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending News

Search Topics

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!