Explore top 10 tips to secure your open-source projects now. Read More
×Several security issues were fixed in SQLite.. ========================================================================== Ubuntu Security Notice USN-8480-1 June 29, 2026 sqlite3 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 26.04 LTS - Ubuntu 25.10 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS Summary: Several security issues were fixed in SQLite. Software Description: - sqlite3: C library that implements an SQL database engine Details: It was discovered that SQLite incorrectly handled certain memory operations in the FTS5 full-text search extension. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 26.04 LTS libsqlite3-0 3.46.1-9ubuntu0.1 Ubuntu 25.10 libsqlite3-0 3.46.1-8ubuntu0.1 Ubuntu 24.04 LTS libsqlite3-0 3.45.1-1ubuntu2.6 Ubuntu 22.04 LTS libsqlite3-0 3.37.2-2ubuntu0.6 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8480-1 CVE-2026-11822, CVE-2026-11824 Package Information: https://launchpad.net/ubuntu/+source/sqlite3/3.46.1-9ubuntu0.1 https://launchpad.net/ubuntu/+source/sqlite3/3.46.1-8ubuntu0.1 https://launchpad.net/ubuntu/+source/sqlite3/3.45.1-1ubuntu2.6 https://launchpad.net/ubuntu/+source/sqlite3/3.37.2-2ubuntu0.6 . Several security issues addressed in SQLite may lead to crashes or unauthorized code execution. Update required for Ubuntu.. SQLite Security Update, Denial Of Service, Ubuntu Security Advisory. . Severity: Important. LinuxSecurity.com Team
An update that solves four vulnerabilities can now be installed.. # Security update for xkbcomp Announcement ID: SUSE-SU-2026:20186-1 Release Date: 2026-01-28T15:47:30Z Rating: low References: * bsc#1105832 Cross-References: * CVE-2018-15853 * CVE-2018-15859 * CVE-2018-15861 * CVE-2018-15863 CVSS scores: * CVE-2018-15853 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2018-15853 ( SUSE ): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2018-15853 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2018-15859 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2018-15859 ( SUSE ): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2018-15859 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2018-15861 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2018-15861 ( SUSE ): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2018-15861 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2018-15863 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2018-15863 ( SUSE ): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2018-15863 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP Applications 16.0 An update that solves four vulnerabilities can now be installed. ## Description: This update for xkbcomp fixes the following issues: * CVE-2018-15863, CVE-2018-15861, CVE-2018-15859, CVE-2018-15853: Fixed multiple memory handling and correctness issues (bsc#1105832) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-208=1 * SUSE Linux Enterprise Server for SAP Applications 16.0 zypper in -t patch SUSE-SLES-16.0-208=1 ## Package List: * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * xkbcomp-debuginfo-1.4.7-160000.3.1 * xkbcomp-1.4.7-160000.3.1 * xkbcomp-devel-1.4.7-160000.3.1 * xkbcomp-debugsource-1.4.7-160000.3.1 * SUSE Linux Enterprise Server for SAP Applications 16.0 (ppc64le x86_64) * xkbcomp-debuginfo-1.4.7-160000.3.1 * xkbcomp-1.4.7-160000.3.1 * xkbcomp-devel-1.4.7-160000.3.1 * xkbcomp-debugsource-1.4.7-160000.3.1 ## References: * https://www.suse.com/security/cve/CVE-2018-15853.html * https://www.suse.com/security/cve/CVE-2018-15859.html * https://www.suse.com/security/cve/CVE-2018-15861.html * https://www.suse.com/security/cve/CVE-2018-15863.html * https://bugzilla.suse.com/show_bug.cgi?id=1105832 . This security advisory highlights a low-severity update for xkbcomp addressing multiple memory handling issues.. SUSE security update,xkbcomp update,low severity security,xkbcomp vulnerabilities,SUSE advisory. . Severity: Low. LinuxSecurity.com Team
An update that solves two vulnerabilities can now be installed.. # Security update for samba Announcement ID: SUSE-SU-2025:3677-1 Release Date: 2025-10-20T08:37:56Z Rating: critical References: * bsc#1251279 * bsc#1251280 Cross-References: * CVE-2025-10230 * CVE-2025-9640 CVSS scores: * CVE-2025-10230 ( SUSE ): 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H * CVE-2025-9640 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2025-9640 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Affected Products: * openSUSE Leap 15.3 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Availability Extension 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 Business Critical Linux * SUSE Linux Enterprise Server 15 SP3 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Manager Proxy 4.2 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Server 4.2 An update that solves two vulnerabilities can now be installed. ## Description: This update for samba fixes the following issues: * CVE-2025-9640: Fixed vfs_streams_xattr uninitialized memory write (bsc#1251279). * CVE-2025-10230: Fixed command Injection in WINS Server Hook Script (bsc#1251280). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.3 zypper in -t patch SUSE-2025-3677=1 * SUSE Linux Enterprise High Availability Extension 15 SP3 zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2025-3677=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patchSUSE-SLE-Product-HPC-15-SP3-LTSS-2025-3677=1 * SUSE Linux Enterprise Server 15 SP3 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-3677=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2025-3677=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2025-3677=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2025-3677=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2025-3677=1 ## Package List: * openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586) * samba-python3-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-ad-dc-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-debugsource-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-test-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-dsdb-modules-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-ldb-ldap-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-libs-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-python3-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-winbind-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-ad-dc-libs-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-client-libs-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-libs-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * ctdb-pcp-pmda-4.15.13+git.736.b791be993ba-150300.3.96.1 * libsamba-policy-devel-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-client-libs-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * libsamba-policy0-python3-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-tool-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-test-4.15.13+git.736.b791be993ba-150300.3.96.1 * libsamba-policy0-python3-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 *samba-winbind-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-winbind-libs-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-client-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-client-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-ad-dc-libs-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * ctdb-pcp-pmda-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-ad-dc-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-dsdb-modules-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-devel-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-winbind-libs-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-libs-python3-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * ctdb-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-libs-python3-4.15.13+git.736.b791be993ba-150300.3.96.1 * libsamba-policy-python3-devel-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-gpupdate-4.15.13+git.736.b791be993ba-150300.3.96.1 * ctdb-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-ldb-ldap-4.15.13+git.736.b791be993ba-150300.3.96.1 * openSUSE Leap 15.3 (x86_64) * samba-winbind-libs-32bit-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-client-libs-32bit-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-ad-dc-libs-32bit-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-client-libs-32bit-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-ad-dc-libs-32bit-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * libsamba-policy0-python3-32bit-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-devel-32bit-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-libs-python3-32bit-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-winbind-libs-32bit-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-libs-python3-32bit-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 *libsamba-policy0-python3-32bit-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-libs-32bit-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-client-32bit-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-libs-32bit-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-client-32bit-4.15.13+git.736.b791be993ba-150300.3.96.1 * openSUSE Leap 15.3 (noarch) * samba-doc-4.15.13+git.736.b791be993ba-150300.3.96.1 * openSUSE Leap 15.3 (aarch64 x86_64) * samba-ceph-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-ceph-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * openSUSE Leap 15.3 (aarch64_ilp32) * samba-client-64bit-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-winbind-libs-64bit-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-ad-dc-libs-64bit-4.15.13+git.736.b791be993ba-150300.3.96.1 * libsamba-policy0-python3-64bit-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-libs-64bit-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-ad-dc-libs-64bit-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-client-64bit-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-winbind-libs-64bit-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-devel-64bit-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-client-libs-64bit-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-libs-python3-64bit-4.15.13+git.736.b791be993ba-150300.3.96.1 * libsamba-policy0-python3-64bit-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-libs-64bit-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-client-libs-64bit-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-libs-python3-64bit-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * SUSE Linux Enterprise High Availability Extension 15 SP3 (aarch64 ppc64le s390x x86_64) * samba-debugsource-4.15.13+git.736.b791be993ba-150300.3.96.1 * ctdb-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 *samba-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * ctdb-4.15.13+git.736.b791be993ba-150300.3.96.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * samba-python3-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-debugsource-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-dsdb-modules-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-ldb-ldap-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-libs-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-python3-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-winbind-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-ad-dc-libs-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-client-libs-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-libs-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * libsamba-policy-devel-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-client-libs-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * libsamba-policy0-python3-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-tool-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-winbind-4.15.13+git.736.b791be993ba-150300.3.96.1 * libsamba-policy0-python3-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-winbind-libs-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-client-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-client-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-ad-dc-libs-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-ceph-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-ceph-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-dsdb-modules-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-devel-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-winbind-libs-4.15.13+git.736.b791be993ba-150300.3.96.1 *samba-libs-python3-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * libsamba-policy-python3-devel-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-gpupdate-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-libs-python3-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-ldb-ldap-4.15.13+git.736.b791be993ba-150300.3.96.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (x86_64) * samba-winbind-libs-32bit-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-client-libs-32bit-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-ad-dc-libs-32bit-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-client-libs-32bit-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-ad-dc-libs-32bit-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-devel-32bit-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-winbind-libs-32bit-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-libs-32bit-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-client-32bit-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-libs-32bit-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-client-32bit-4.15.13+git.736.b791be993ba-150300.3.96.1 * SUSE Linux Enterprise Server 15 SP3 LTSS (aarch64 ppc64le s390x x86_64) * samba-python3-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-debugsource-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-dsdb-modules-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-ldb-ldap-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-libs-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-python3-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-winbind-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-ad-dc-libs-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-client-libs-4.15.13+git.736.b791be993ba-150300.3.96.1 *samba-libs-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * libsamba-policy-devel-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-client-libs-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * libsamba-policy0-python3-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-tool-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-winbind-4.15.13+git.736.b791be993ba-150300.3.96.1 * libsamba-policy0-python3-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-winbind-libs-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-client-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-client-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-ad-dc-libs-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-dsdb-modules-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-devel-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-winbind-libs-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-libs-python3-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * libsamba-policy-python3-devel-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-gpupdate-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-libs-python3-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-ldb-ldap-4.15.13+git.736.b791be993ba-150300.3.96.1 * SUSE Linux Enterprise Server 15 SP3 LTSS (aarch64 x86_64) * samba-ceph-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-ceph-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * SUSE Linux Enterprise Server 15 SP3 LTSS (x86_64) * samba-winbind-libs-32bit-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-client-libs-32bit-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-ad-dc-libs-32bit-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-client-libs-32bit-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-ad-dc-libs-32bit-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 *samba-devel-32bit-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-winbind-libs-32bit-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-libs-32bit-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-client-32bit-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-libs-32bit-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-client-32bit-4.15.13+git.736.b791be993ba-150300.3.96.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * samba-python3-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-debugsource-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-dsdb-modules-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-ldb-ldap-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-libs-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-python3-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-winbind-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-ad-dc-libs-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-client-libs-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-libs-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * libsamba-policy-devel-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-client-libs-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * libsamba-policy0-python3-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-tool-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-winbind-4.15.13+git.736.b791be993ba-150300.3.96.1 * libsamba-policy0-python3-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-winbind-libs-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-client-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-client-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-ad-dc-libs-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-dsdb-modules-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 *samba-devel-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-winbind-libs-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-libs-python3-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * libsamba-policy-python3-devel-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-gpupdate-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-libs-python3-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-ldb-ldap-4.15.13+git.736.b791be993ba-150300.3.96.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (x86_64) * samba-winbind-libs-32bit-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-client-libs-32bit-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-ad-dc-libs-32bit-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-client-libs-32bit-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-ad-dc-libs-32bit-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-devel-32bit-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-ceph-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-winbind-libs-32bit-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-ceph-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-libs-32bit-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-client-32bit-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-libs-32bit-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-client-32bit-4.15.13+git.736.b791be993ba-150300.3.96.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * samba-python3-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-debugsource-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-dsdb-modules-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-ldb-ldap-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-libs-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-python3-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-winbind-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-ad-dc-libs-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-client-libs-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-libs-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * libsamba-policy-devel-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-client-libs-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * libsamba-policy0-python3-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-tool-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-winbind-4.15.13+git.736.b791be993ba-150300.3.96.1 * libsamba-policy0-python3-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-winbind-libs-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-client-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-client-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-ad-dc-libs-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-ceph-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-ceph-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-dsdb-modules-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-devel-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-winbind-libs-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-libs-python3-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * ctdb-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * libsamba-policy-python3-devel-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-gpupdate-4.15.13+git.736.b791be993ba-150300.3.96.1 * ctdb-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-libs-python3-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-ldb-ldap-4.15.13+git.736.b791be993ba-150300.3.96.1 * SUSE Enterprise Storage 7.1 (x86_64) * samba-winbind-libs-32bit-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-client-libs-32bit-4.15.13+git.736.b791be993ba-150300.3.96.1 *samba-ad-dc-libs-32bit-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-client-libs-32bit-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-ad-dc-libs-32bit-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-devel-32bit-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-winbind-libs-32bit-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-libs-32bit-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-client-32bit-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-libs-32bit-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-client-32bit-4.15.13+git.736.b791be993ba-150300.3.96.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * samba-client-libs-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-client-libs-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-debugsource-4.15.13+git.736.b791be993ba-150300.3.96.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * samba-client-libs-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-client-libs-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-debugsource-4.15.13+git.736.b791be993ba-150300.3.96.1 ## References: * https://www.suse.com/security/cve/CVE-2025-10230.html * https://www.suse.com/security/cve/CVE-2025-9640.html * https://bugzilla.suse.com/show_bug.cgi?id=1251279 * https://bugzilla.suse.com/show_bug.cgi?id=1251280 . Critical security update for openSUSE fixing samba vulnerabilities related to command injection and memory safety.. openSUSE samba security update command injection memory safety. . Severity: Critical. LinuxSecurity.com Team
An update that solves seven vulnerabilities can now be installed.. # Security update for MozillaThunderbird Announcement ID: SUSE-SU-2025:1506-1 Release Date: 2025-05-07T12:13:22Z Rating: important References: * bsc#1241621 Cross-References: * CVE-2025-2817 * CVE-2025-4082 * CVE-2025-4083 * CVE-2025-4084 * CVE-2025-4087 * CVE-2025-4091 * CVE-2025-4093 CVSS scores: * CVE-2025-2817 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-2817 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-2817 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-4082 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-4082 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-4082 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2025-4083 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-4083 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-4083 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2025-4084 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-4084 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-4084 ( NVD ): 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N * CVE-2025-4087 ( SUSE ): 2.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2025-4087 ( SUSE ): 5.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2025-4087 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2025-4091 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-4091 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-4091 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2025-4093 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N *CVE-2025-4093 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-4093 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Workstation Extension 15 SP6 * SUSE Package Hub 15 15-SP6 An update that solves seven vulnerabilities can now be installed. ## Description: This update for MozillaThunderbird fixes the following issues: Mozilla Thunderbird ESR 128.10 update (bsc#1241621): * CVE-2025-4082: WebGL shader attribute memory corruption in Thunderbird for macOS. * CVE-2025-4087: Unsafe attribute access during XPath parsing. * CVE-2025-4093: Memory safety bug fixed in Firefox ESR 128.10 and Thunderbird. * CVE-2025-4091: Memory safety bugs fixed in Firefox 138, Thunderbird 138, Firefox ESR 128.10, and Thunderbird 128.10. * CVE-2025-4083: Process isolation bypass using "javascript:" URI links in cross-origin frames. * CVE-2025-4084: Potential local code execution in "copy as cURL" command. * CVE-2025-2817: Privilege escalation in Thunderbird Updater. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Workstation Extension 15 SP6 zypper in -t patch SUSE-SLE-Product-WE-15-SP6-2025-1506=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2025-1506=1 * SUSE Package Hub 15 15-SP6 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2025-1506=1 ## Package List: * SUSE Linux Enterprise Workstation Extension 15 SP6 (x86_64) * MozillaThunderbird-debugsource-128.10.0-150200.8.212.1 * MozillaThunderbird-128.10.0-150200.8.212.1 *MozillaThunderbird-translations-common-128.10.0-150200.8.212.1 * MozillaThunderbird-debuginfo-128.10.0-150200.8.212.1 * MozillaThunderbird-translations-other-128.10.0-150200.8.212.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * MozillaThunderbird-debugsource-128.10.0-150200.8.212.1 * MozillaThunderbird-128.10.0-150200.8.212.1 * MozillaThunderbird-translations-common-128.10.0-150200.8.212.1 * MozillaThunderbird-debuginfo-128.10.0-150200.8.212.1 * MozillaThunderbird-translations-other-128.10.0-150200.8.212.1 * SUSE Package Hub 15 15-SP6 (aarch64 ppc64le s390x) * MozillaThunderbird-debugsource-128.10.0-150200.8.212.1 * MozillaThunderbird-128.10.0-150200.8.212.1 * MozillaThunderbird-translations-common-128.10.0-150200.8.212.1 * MozillaThunderbird-debuginfo-128.10.0-150200.8.212.1 * MozillaThunderbird-translations-other-128.10.0-150200.8.212.1 ## References: * https://www.suse.com/security/cve/CVE-2025-2817.html * https://www.suse.com/security/cve/CVE-2025-4082.html * https://www.suse.com/security/cve/CVE-2025-4083.html * https://www.suse.com/security/cve/CVE-2025-4084.html * https://www.suse.com/security/cve/CVE-2025-4087.html * https://www.suse.com/security/cve/CVE-2025-4091.html * https://www.suse.com/security/cve/CVE-2025-4093.html * https://bugzilla.suse.com/show_bug.cgi?id=1241621 . An important patch for MozillaFirefox resolves several significant vulnerabilities concerning security on Fedora systems. Update without delay.. MozillaThunderbird Security Update, openSUSE Important Update, Memory Safety Issues, MozillaThunderbird Patch. . Severity: Important. LinuxSecurity.com Team
USN-7299-2 caused a regression in X.Org X Server.. ========================================================================== Ubuntu Security Notice USN-7299-3 March 12, 2025 xorg-server, xwayland regression ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: USN-7299-2 caused a regression in X.Org X Server. Software Description: - xorg-server: X.Org X11 server - xorg-server-hwe-18.04: X.Org X11 server - xorg-server-hwe-16.04: X.Org X11 server Details: USN-7299-2 fix vulnerabilities in X.Org X Server. This fix caused regression in Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. This update reverts it pending further investigation. Original advisory details: Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled certain memory operations. An attacker could use these issues to cause the X Server to crash, leading to a denial of service, or possibly execute arbitrary code. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS xserver-xorg-core 2:1.19.6-1ubuntu4.15+esm11 Available with Ubuntu Pro xserver-xorg-core-hwe-18.04 2:1.20.8-2ubuntu2.2~18.04.11+esm3 Available with Ubuntu Pro xwayland 2:1.19.6-1ubuntu4.15+esm11 Available with Ubuntu Pro xwayland-hwe-18.04 2:1.20.8-2ubuntu2.2~18.04.11+esm3 Available with Ubuntu Pro Ubuntu 16.04 LTS xserver-xorg-core 2:1.18.4-0ubuntu0.12+esm16 Available with Ubuntu Pro xserver-xorg-core-hwe-16.04 2:1.19.6-1ubuntu4.1~16.04.6+esm8 Available with Ubuntu Pro xwayland 2:1.18.4-0ubuntu0.12+esm16 Availablewith Ubuntu Pro xwayland-hwe-16.04 2:1.19.6-1ubuntu4.1~16.04.6+esm8 Available with Ubuntu Pro After a standard system update you need to reboot your computer to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7299-3 https://ubuntu.com/security/notices/USN-7299-2 https://ubuntu.com/security/notices/USN-7299-1 https://bugs.launchpad.net/ubuntu/+source/xorg-server/+bug/2101897 . Ubuntu Security Notice USN-7299-3 highlights a regression in the X.Org X Server affecting Ubuntu LTS releases, demanding urgent action.. usn-7299-2, caused, regression, server, ==================================================. . Severity: Critical. LinuxSecurity.com Team
Libxmltok could be made to crash if it opened a specially crafted file.. ========================================================================== Ubuntu Security Notice USN-7307-1 February 26, 2025 libxmltok vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 24.10 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS Summary: Libxmltok could be made to crash if it opened a specially crafted file. Software Description: - libxmltok: XML Parser Toolkit, developer libraries Details: Tim Boddy discovered that Expat, contained within the xmltok library, did not properly handle memory reallocation when processing XML files. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service by consuming excessive memory resources. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 24.10 libxmltok1t64 1.2-4.1ubuntu3.2 Ubuntu 24.04 LTS libxmltok1t64 1.2-4.1ubuntu2.24.0.4.1+esm3 Available with Ubuntu Pro Ubuntu 22.04 LTS libxmltok1 1.2-4ubuntu0.22.04.1~esm5 Available with Ubuntu Pro Ubuntu 20.04 LTS libxmltok1 1.2-4ubuntu0.20.04.1~esm5 Available with Ubuntu Pro Ubuntu 18.04 LTS libxmltok1 1.2-4ubuntu0.18.04.1~esm5 Available with Ubuntu Pro In general, a standard system update will make all thenecessary changes. References: https://ubuntu.com/security/notices/USN-7307-1 CVE-2012-1148 Package Information: https://launchpad.net/ubuntu/+source/libxmltok/1.2-4.1ubuntu3.2 . Ubuntu Security Advisory USN-7308-1 discusses vulnerabilities in libcurl that may expose systems to remote code execution risks.. libxmltok, denial of service, memory issues, Ubuntu updates, security advisory. . Severity: Critical. LinuxSecurity.com Team
* bsc#1229685 * bsc#1229822 * bsc#1230078 * bsc#1235695 * bsc#1236151 . # Security update for vim Announcement ID: SUSE-SU-2025:0724-1 Release Date: 2025-02-26T13:30:43Z Rating: moderate References: * bsc#1229685 * bsc#1229822 * bsc#1230078 * bsc#1235695 * bsc#1236151 * bsc#1237137 Cross-References: * CVE-2024-43790 * CVE-2024-43802 * CVE-2024-45306 * CVE-2025-1215 * CVE-2025-22134 * CVE-2025-24014 CVSS scores: * CVE-2024-43790 ( SUSE ): 2.0 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L * CVE-2024-43790 ( SUSE ): 4.5 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2024-43802 ( SUSE ): 4.6 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2024-43802 ( SUSE ): 4.5 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2024-45306 ( SUSE ): 4.1 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-45306 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H * CVE-2024-45306 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2024-45306 ( NVD ): 4.5 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2025-1215 ( SUSE ): 2.4 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-1215 ( SUSE ): 2.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L * CVE-2025-1215 ( NVD ): 2.4 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-1215 ( NVD ): 2.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L * CVE-2025-22134 ( SUSE ): 1.0 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2025-22134 ( SUSE ): 4.2 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L * CVE-2025-22134 ( NVD ): 4.2 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L * CVE-2025-24014 ( SUSE ): 1.0 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2025-24014 ( SUSE ): 4.2CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L * CVE-2025-24014 ( NVD ): 4.2 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L Affected Products: * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 An update that solves six vulnerabilities can now be installed. ## Description: This update for vim fixes the following issues: Update to version 9.1.1101: * CVE-2024-43790: possible out-of-bounds read when performing a search command (bsc#1229685). * CVE-2024-43802: heap buffer overflow due to incorrect flushing of the typeahead buffer (bsc#1229822). * CVE-2024-45306: heap buffer overflow when cursor position is invalid (bsc#1230078). * CVE-2025-22134: heap buffer overflow when switching to other buffers using the :all command with active visual mode (bsc#1235695). * CVE-2025-24014: NULL pointer dereference may lead to segmentation fault when in silent Ex mode (bsc#1236151). * CVE-2025-1215: memory corruption when manipulating the --log argument (bsc#1237137). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2025-724=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2025-724=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2025-724=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2025-724=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2025-724=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patchSUSE-SLE-Micro-5.4-2025-724=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2025-724=1 ## Package List: * SUSE Linux Enterprise Micro 5.2 (noarch) * vim-data-common-9.1.1101-150000.5.69.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * vim-debuginfo-9.1.1101-150000.5.69.1 * vim-small-debuginfo-9.1.1101-150000.5.69.1 * vim-small-9.1.1101-150000.5.69.1 * vim-debugsource-9.1.1101-150000.5.69.1 * xxd-9.1.1101-150000.5.69.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (noarch) * vim-data-common-9.1.1101-150000.5.69.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * vim-debuginfo-9.1.1101-150000.5.69.1 * vim-small-debuginfo-9.1.1101-150000.5.69.1 * vim-small-9.1.1101-150000.5.69.1 * vim-debugsource-9.1.1101-150000.5.69.1 * xxd-9.1.1101-150000.5.69.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (noarch) * vim-data-common-9.1.1101-150000.5.69.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * vim-debuginfo-9.1.1101-150000.5.69.1 * vim-small-debuginfo-9.1.1101-150000.5.69.1 * vim-small-9.1.1101-150000.5.69.1 * vim-debugsource-9.1.1101-150000.5.69.1 * xxd-9.1.1101-150000.5.69.1 * SUSE Linux Enterprise Micro 5.3 (noarch) * vim-data-common-9.1.1101-150000.5.69.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * vim-debuginfo-9.1.1101-150000.5.69.1 * vim-small-debuginfo-9.1.1101-150000.5.69.1 * vim-small-9.1.1101-150000.5.69.1 * vim-debugsource-9.1.1101-150000.5.69.1 * xxd-9.1.1101-150000.5.69.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (noarch) * vim-data-common-9.1.1101-150000.5.69.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * vim-debuginfo-9.1.1101-150000.5.69.1 * vim-small-debuginfo-9.1.1101-150000.5.69.1 * vim-small-9.1.1101-150000.5.69.1 * vim-debugsource-9.1.1101-150000.5.69.1 * xxd-9.1.1101-150000.5.69.1 * SUSE Linux Enterprise Micro 5.4(noarch) * vim-data-common-9.1.1101-150000.5.69.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * vim-debuginfo-9.1.1101-150000.5.69.1 * vim-small-debuginfo-9.1.1101-150000.5.69.1 * vim-small-9.1.1101-150000.5.69.1 * vim-debugsource-9.1.1101-150000.5.69.1 * xxd-9.1.1101-150000.5.69.1 * SUSE Linux Enterprise Micro 5.1 (noarch) * vim-data-common-9.1.1101-150000.5.69.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * vim-debuginfo-9.1.1101-150000.5.69.1 * vim-small-debuginfo-9.1.1101-150000.5.69.1 * vim-small-9.1.1101-150000.5.69.1 * vim-debugsource-9.1.1101-150000.5.69.1 * xxd-9.1.1101-150000.5.69.1 ## References: * https://www.suse.com/security/cve/CVE-2024-43790.html * https://www.suse.com/security/cve/CVE-2024-43802.html * https://www.suse.com/security/cve/CVE-2024-45306.html * https://www.suse.com/security/cve/CVE-2025-1215.html * https://www.suse.com/security/cve/CVE-2025-22134.html * https://www.suse.com/security/cve/CVE-2025-24014.html * https://bugzilla.suse.com/show_bug.cgi?id=1229685 * https://bugzilla.suse.com/show_bug.cgi?id=1229822 * https://bugzilla.suse.com/show_bug.cgi?id=1230078 * https://bugzilla.suse.com/show_bug.cgi?id=1235695 * https://bugzilla.suse.com/show_bug.cgi?id=1236151 * https://bugzilla.suse.com/show_bug.cgi?id=1237137 . Delve into the SUSE Linux Enterprise Micro 5 edition security patch for vim, tackling various vulnerabilities and improving overall robustness.. SUSE Linux, Security Update, vim, Heap Overflow, Memory Corruption. . LinuxSecurity.com Team
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2024-12780 http://linux.oracle.com/errata/ELSA-2024-12780.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: aarch64: kernel-uek-5.4.17-2136.336.5.1.el8uek.aarch64.rpm kernel-uek-debug-5.4.17-2136.336.5.1.el8uek.aarch64.rpm kernel-uek-debug-devel-5.4.17-2136.336.5.1.el8uek.aarch64.rpm kernel-uek-devel-5.4.17-2136.336.5.1.el8uek.aarch64.rpm kernel-uek-doc-5.4.17-2136.336.5.1.el8uek.noarch.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates//kernel-uek-5.4.17-2136.336.5.1.el8uek.src.rpm Related CVEs: CVE-2024-27397 CVE-2024-41012 CVE-2024-41015 CVE-2024-41017 CVE-2024-41020 CVE-2024-41042 CVE-2024-41059 CVE-2024-41063 CVE-2024-41064 CVE-2024-41065 CVE-2024-41068 CVE-2024-41070 CVE-2024-41072 CVE-2024-41081 CVE-2024-41090 CVE-2024-41091 CVE-2024-42131 CVE-2024-42259 CVE-2024-42265 CVE-2024-42271 CVE-2024-42276 CVE-2024-42280 CVE-2024-42281 CVE-2024-42283 CVE-2024-42284 CVE-2024-42285 CVE-2024-42286 CVE-2024-42287 CVE-2024-42288 CVE-2024-42289 CVE-2024-42290 CVE-2024-42292 CVE-2024-42295 CVE-2024-42297 CVE-2024-42301 CVE-2024-42304 CVE-2024-42305 CVE-2024-42306 CVE-2024-42308 CVE-2024-42309 CVE-2024-42310 CVE-2024-42311 CVE-2024-42313 CVE-2024-43829 CVE-2024-43830 CVE-2024-43839 CVE-2024-43841 CVE-2024-43846 CVE-2024-43856 CVE-2024-43858 CVE-2024-43860 CVE-2024-43861 CVE-2024-43867 CVE-2024-43871 CVE-2024-43879 CVE-2024-43880 CVE-2024-43882 CVE-2024-43883 CVE-2024-43890 CVE-2024-43893 CVE-2024-43894 CVE-2024-43908 CVE-2024-43914 CVE-2024-44935 CVE-2024-44944 CVE-2024-44948 CVE-2024-44954 CVE-2024-44960 CVE-2024-44965 CVE-2024-44968 CVE-2024-44969 CVE-2024-46738 Description of changes: [5.4.17-2136.336.5.1.el8uek] - vhost/scsi: null-ptr-dereference in vhost_scsi_get_req() (Haoran Zhang) [Orabug: 37138988] [5.4.17-2136.336.5.el8uek] - uek-rpm: Add skx_edac_common.ko to nano_modules (Sherry Yang) [Orabug:37030127] - EDAC, i10nm: make skx_common.o a separate module (Arnd Bergmann) [Orabug: 37030127] - uek-rpm: Integrating the container build in UEK6 (Jack Vogel) [Orabug: 37021061] - i40e: Change user notification of non-SFP module in i40e_get_module_info() (Andrii Staikov) [Orabug: 36988197] - xsigo: Use NAPI in UD/TX flows for xve (Alok Tiwari) [Orabug: 35180168] - xsigo: remove incorrect spin_unlock_irqrestore call in vhba_queuecommand (Alok Tiwari) [Orabug: 35180168] - xsigo: Fix slab-out-of-bounds in vhba_create (Alok Tiwari) [Orabug: 35180168] - xsigo: Fix memory free issue in dma mapping (Alok Tiwari) [Orabug: 35180168] - xsigo: Fix use-after-free n xsvbha for srb *sp (Alok Tiwari) [Orabug: 35180168] - xsigo: Fix mtu setting issue in xve netdev (Alok Tiwari) [Orabug: 35180168] - xsigo: Add struct ib_mad_send_buf to recv_handler (Alok Tiwari) [Orabug: 35180168] - xsigo: Remove tx_outstanding variable from xve xmit (Alok Tiwari) [Orabug: 35180168] - xsigo: Add extack argument to dev_change_flags() (Alok Tiwari) [Orabug: 35180168] - xsigo: Remove compare_data while calling ib_cm_listen() (Alok Tiwari) [Orabug: 35180168] - xsigo: Ignore the return value of "ib_destroy_cq" (Alok Tiwari) [Orabug: 35180168] - xsigo: Remove sif_verbs header (Alok Tiwari) [Orabug: 35180168] - xsigo: Replace setup_timer with the timer_setup (Alok Tiwari) [Orabug: 35180168] - xsigo: Use ib_ud_wr for xve_dev_priv instread of ib_send_wr (Alok Tiwari) [Orabug: 35180168] - xsigo: Remove return from register event handler (Alok Tiwari) [Orabug: 35180168] - xsigo: Add client_data for struct ib_client remove() (Alok Tiwari) [Orabug: 35180168] - xsigo: Replace dev-> trans_start update with helper netif_trans_update (Alok Tiwari) [Orabug: 35180168] - xsigo: Remove usage of net_device last_rx member from xsigo (Alok Tiwari) [Orabug: 35180168] - xsigo: Replace skb_frag page with bv_page in xve (Alok Tiwari) [Orabug: 35180168] - xsigo: Use sg_next() to get the next sg instead of SG_NEXT (Alok Tiwari) [Orabug: 35180168] -xsigo: Rename ib_init_ah_from_path to ib_init_ah_attr_from_path (Alok Tiwari) [Orabug: 35180168] - xsigo: remove pointer dereference for ib_fmr_pool_map_phys (Alok Tiwari) [Orabug: 35180168] - xsigo: ib_fmr_pool_map_phys does not need rargs (Alok Tiwari) [Orabug: 35180168] - xsigo: Remove ib_sg_dma_address() and ib_sg_dma_len() (Alok Tiwari) [Orabug: 35180168] - xsigo: Fix compiling error from xsvbha module (Alok Tiwari) [Orabug: 35180168] - xsigo: Remove sg_copy_buffer from vhba_align (Alok Tiwari) [Orabug: 35180168] - xsigo: Xve, replace .get_settings with ksettings() (Alok Tiwari) [Orabug: 35180168] - xsigo: Remove LRO code from xve module (Alok Tiwari) [Orabug: 35180168] - xsigo: Xsvnic, replace .get_settings with ksettings() (Alok Tiwari) [Orabug: 35180168] - xsigo: Remove LRO code from xsvnic module (Alok Tiwari) [Orabug: 35180168] - xsigo: Change port number from u8 to u32 (Alok Tiwari) [Orabug: 35180168] - xsigo: Use frag-> bv_offset in place of page_offset (Alok Tiwari) [Orabug: 35180168] - xsigo: Rename skb_frag_t size to bv_len (Alok Tiwari) [Orabug: 35180168] - xsigo: Fix compiling error due to Constify of ib_cm_event (Alok Tiwari) [Orabug: 35180168] - xsigo: Add the $(srctree)/ prefix to xsigo Makefile (Alok Tiwari) [Orabug: 35180168] - xsigo: Assign IB_MGMT_BASE_VERSION for ib_create_send_mad (Alok Tiwari) [Orabug: 35180168] - xsigo: Assign rdma_ctxs and port_num for struct ib_qp_init_attr (Alok Tiwari) [Orabug: 35180168] - xsigo: Use struct ib_cq_init_attr for ib_create_cq() (Alok Tiwari) [Orabug: 35180168] - xsigo: Replace max_sge with max_send_sge for xscore_create_qp (Alok Tiwari) [Orabug: 35180168] - xsigo: Remove ib_get_dma_mr and ib_dereg_mr (Alok Tiwari) [Orabug: 35180168] - xsigo: Replace ib_query_device with callback "ops.query_device" (Alok Tiwari) [Orabug: 35180168] - xsigo: Replace ib_query_gid with rdma_query_gid (Alok Tiwari) [Orabug: 35180168] - xsigo: Replace ib_modify_cq with rdma_set_cq_moderation (Alok Tiwari) [Orabug: 35180168] - xsigo: Assign path recordtype rec_type for sa_path_rec (Alok Tiwari) [Orabug: 35180168] - xsigo: Rename ib_sa_path_rec to sa_path_rec (Alok Tiwari) [Orabug: 35180168] - xsigo: Use struct ib_ud_wr ud_wr instead of ib_send_wr (Alok Tiwari) [Orabug: 35180168] - xsigo: Replace struct ib_ah_attr with struct rdma_ah_attr (Alok Tiwari) [Orabug: 35180168] - xsigo: Rename ib_create_ah and ib_destroy_ah (Alok Tiwari) [Orabug: 35180168] - xsigo: Assign const argument for ib_post_send/recv() (Alok Tiwari) [Orabug: 35180168] - uek-rpm: add xsigo module in ol7 and ol8 config file (Alok Tiwari) [Orabug: 35180168] - Revert "RDMA/core/sa_query: Remove unused function" (Alok Tiwari) [Orabug: 35180168] - xve: arm ud tx cq to generate completion interrupts (Ajaykumar Hotchandani) [Orabug: 28267050] [Orabug: 35180168] - xscore: add dma address check (Zhu Yanjun) [Orabug: 27074085] [Orabug: 35180168] - xsigo: PCA 2.3.1 Compute Node panics in xve_create_arp+430 (Pradeep Gopanapalli) [Orabug: 26474000] [Orabug: 35180168] - xsigo: UEK4-master:poor performance discovering 256 FC LUNs w/4 paths per LUN (Pradeep Gopanapalli) [Orabug: 26199177] [Orabug: 35180168] - xsigo: Compute node crash on FC failover (Pradeep Gopanapalli) [Orabug: 25981973] [Orabug: 35180168] - xsigo: Fix spinlock release in case of error (Pradeep Gopanapalli) [Orabug: 25779803] [Orabug: 35180168] - xsigo: Optimize xsvnic module parameters for UEK4 (Pradeep Gopanapalli) [Orabug: 25779865] [Orabug: 35180168] - xsigo: Fix crash in accessing xve proc l2 entries (Pradeep Gopanapalli) [Orabug: 25165085] [Orabug: 35180168] - xsigo: Fix race in freeing aged Forwarding table entry (Pradeep Gopanapalli) [Orabug: 25129729] [Orabug: 35180168] - xsigo: Schedule while uninterruptible (Pradeep Gopanapalli) [Orabug: 25097469] [Orabug: 35180168] - xsigo: supported SGE's for LSO QP (Pradeep Gopanapalli) [Orabug: 25029868] [Orabug: 35180168] - xsigo: Hardening driver in handling remote QP failures (Pradeep Gopanapalli) [Orabug: 24929076] [Orabug: 35180168] - xsigo: send nack codes (PradeepGopanapalli) [Orabug: 24442792] [Orabug: 35180168] - xsigo: xve driver has excessive messages (Pradeep Gopanapalli) [Orabug: 24758335] [Orabug: 35180168] - xsigo: hard LOCKUP in freeing paths (Pradeep Gopanapalli) [Orabug: 24669507] [Orabug: 35180168] - xsigo: Crash in xscore_port_num (Pradeep Gopanapalli) [Orabug: 24760465] [Orabug: 35180168] - xsigo: Resize uVNIC/PVI CQ size (Pradeep Gopanapalli) [Orabug: 24765034] [Orabug: 35180168] - xsigo: Optimizing Transmit completions (Pradeep Gopanapalli) [Orabug: 24928865] [Orabug: 35180168] - xsigo: Implementing Jumbo MTU support (Pradeep Gopanapalli) [Orabug: 24928804] [Orabug: 35180168] - xsigo: EoiB QP support (Pradeep Gopanapalli) [Orabug: 24508359] [Orabug: 35180168] - xsigo: Send Heart Beat Lost Operational state (Pradeep Gopanapalli) [Orabug: 23032392] [Orabug: 35180168] - xsigo: SKB Frag cleanup (Pradeep Gopanapalli) [Orabug: 23514725] [Orabug: 35180168] - xsigo: Tx_tail goes outof bound (Pradeep Gopanapalli) [Orabug: 23514725] [Orabug: 35180168] - xsigo: Fixed Path locking issues (Pradeep Gopanapalli) [Orabug: 23514725] [Orabug: 35180168] - Fixed vnic issue after saturn reset (Pradeep Gopanapalli) [Orabug: 22862488] [Orabug: 35180168] - uvnic issues (Pradeep Gopanapalli) [Orabug: 22862488] [Orabug: 35180168] - Fixed wrongly checked return type Added Debug print (Pradeep Gopanapalli) [Orabug: 22862488] [Orabug: 35180168] - Integrate Uvnic functionality into uek-4.1 Revision 8008 (Pradeep Gopanapalli) [Orabug: 35180168] - 1) S_IRWXU causing kernel soft crash changing to 0644 (Pradeep Gopanapalli) [Orabug: 35180168] - 1) Support vnic for EDR based platform(uVnic) 2) Supported Types now Type 0 (Pradeep Gopanapalli) [Orabug: 35180168] - Add Oracle virtual Networking Drivers for uek4 kernel (Pradeep Gopanapalli) [Orabug: 35180168] [5.4.17-2136.336.4.el8uek] - igb: Fix not clearing TimeSync interrupts for 82580 (Daiwei Li) - VMCI: Fix use-after-free when removing resource in vmci_resource_remove() (David Fernandez Gonzalez) [Orabug: 37037205]{CVE-2024-46738} - x86/speculation: Basic IBRS is enabled with AMD Automatic IBRS (Alexandre Chartre) [Orabug: 37044540] [5.4.17-2136.336.3.el8uek] - Compiler Attributes: Add __uninitialized macro (Heiko Carstens) - filelock: Correct the filelock owner in fcntl_setlk/fcntl_setlk64 (Long Li) - ALSA: timer: Relax start tick time check for slave timer elements (Takashi Iwai) - ALSA: hda/realtek: Fix noise from speakers on Lenovo IdeaPad 3 15IAU7 (Parsa Poorshikhian) - LTS tag: v5.4.282 (Sherry Yang) - media: Revert "media: dvb-usb: Fix unexpected infinite loop in dvb_usb_read_remote_control()" (Sean Young) - ARM: dts: imx6qdl-kontron-samx6i: fix phy-mode (Michael Walle) - nvme/pci: Add APST quirk for Lenovo N60z laptop (WangYuli) - exec: Fix ToCToU between perm check and set-uid/gid usage (Kees Cook) [Orabug: 36984017] {CVE-2024-43882} - media: uvcvideo: Use entity get_cur in uvc_ctrl_set (Yunke Cao) - arm64: cpufeature: Fix the visibility of compat hwcaps (Amit Daniel Kachhap) - drm/i915/gem: Fix Virtual Memory mapping boundaries calculation (Andi Shyti) [Orabug: 36953969] {CVE-2024-42259} - netfilter: nf_tables: prefer nft_chain_validate (Florian Westphal) [Orabug: 36896846] {CVE-2024-41042} - netfilter: nf_tables: use timestamp to check for set element timeout (Pablo Neira Ayuso) [Orabug: 36630432] {CVE-2024-27397} - netfilter: nf_tables: set element extended ACK reporting support (Pablo Neira Ayuso) - kbuild: Fix '-S -c' in x86 stack protector scripts (Nathan Chancellor) - Fix gcc 4.9 build issue in 5.4.y (Jari Ruusu) - drm/mgag200: Set DDC timeout in milliseconds (Thomas Zimmermann) - drm/bridge: analogix_dp: properly handle zero sized AUX transactions (Lucas Stach) - x86/mtrr: Check if fixed MTRRs exist before saving them (Andi Kleen) [Orabug: 37028936] {CVE-2024-44948} - tracing: Fix overflow in get_free_elt() (Tze-nan Wu) [Orabug: 36992998] {CVE-2024-43890} - power: supply: axp288_charger: Round constant_charge_voltage writes down (Hans de Goede) - power: supply: axp288_charger: Fixconstant_charge_voltage writes (Hans de Goede) - genirq/irqdesc: Honor caller provided affinity in alloc_desc() (Shay Drory) - serial: core: check uartclk for zero to avoid divide by zero (George Kennedy) [Orabug: 36993009] {CVE-2024-43893} - scsi: mpt3sas: Avoid IOMMU page faults on REPORT ZONES (Damien Le Moal) - ntp: Safeguard against time_constant overflow (Justin Stitt) - ntp: Clamp maxerror and esterror to operating range (Justin Stitt) - tick/broadcast: Move per CPU pointer access into the atomic section (Thomas Gleixner) [Orabug: 37036032] {CVE-2024-44968} - scsi: ufs: core: Fix hba-> last_dme_cmd_tstamp timestamp updating logic (Vamshi Gajjela) - usb: gadget: core: Check for unset descriptor (Chris Wulff) [Orabug: 37028988] {CVE-2024-44960} - USB: serial: debug: do not echo input by default (Marek Marczykowski-Górecki) - usb: vhci-hcd: Do not drop references before new references are gained (Oliver Neukum) [Orabug: 36992971] {CVE-2024-43883} - ALSA: hda/hdmi: Yet more pin fix for HP EliteDesk 800 G4 (Takashi Iwai) - ALSA: hda: Add HP MP9 G4 Retail System AMS to force connect list (Steven 'Steve' Kendall) - ALSA: line6: Fix racy access to midibuf (Takashi Iwai) [Orabug: 37028957] {CVE-2024-44954} - drm/client: fix null pointer dereference in drm_client_modeset_probe (Ma Ke) [Orabug: 36993014] {CVE-2024-43894} - spi: spi-fsl-lpspi: Fix scldiv calculation (Stefan Wahren) - spi: fsl-lpspi: remove unneeded array (Oleksandr Suvorov) - bpf: kprobe: remove unused declaring of bpf_kprobe_override (Menglong Dong) - i2c: smbus: Send alert notifications to all devices if source not found (Guenter Roeck) - i2c: smbus: Improve handling of stuck alerts (Guenter Roeck) - i2c: smbus: Don't filter out duplicate alerts (Corey Minyard) - arm64: errata: Expand speculative SSBS workaround (again) (Mark Rutland) - arm64: cputype: Add Cortex-A725 definitions (Mark Rutland) - arm64: cputype: Add Cortex-X1C definitions (Mark Rutland) - arm64: errata: Expand speculative SSBS workaround (Mark Rutland) -arm64: errata: Unify speculative SSBS errata logic (Mark Rutland) - arm64: cputype: Add Cortex-X925 definitions (Mark Rutland) - arm64: cputype: Add Cortex-A720 definitions (Mark Rutland) - arm64: cputype: Add Cortex-X3 definitions (Mark Rutland) - arm64: errata: Add workaround for Arm errata 3194386 and 3312417 (Mark Rutland) - arm64: cputype: Add Neoverse-V3 definitions (Mark Rutland) - arm64: cputype: Add Cortex-X4 definitions (Mark Rutland) - arm64: Add Neoverse-V2 part (Besar Wicaksono) - arm64: cpufeature: Force HWCAP to be based on the sysreg visible to user-space (James Morse) - ext4: fix wrong unit use in ext4_mb_find_by_goal (Kemeng Shi) - SUNRPC: Fix a race to wake a sync task (Benjamin Coddington) - s390/sclp: Prevent release of buffer in I/O (Peter Oberparleiter) [Orabug: 37029020] {CVE-2024-44969} - jbd2: avoid memleak in jbd2_journal_write_metadata_buffer (Kemeng Shi) - media: uvcvideo: Fix the bandwdith quirk on USB 3.x (Michal Pecio) - media: uvcvideo: Ignore empty TS packets (Ricardo Ribalda) - drm/amdgpu: Fix the null pointer dereference to ras_manager (Ma Jun) [Orabug: 36993084] {CVE-2024-43908} - btrfs: fix bitmap leak when loading free space cache on duplicate entry (Filipe Manana) - wifi: nl80211: don't give key data to userspace (Johannes Berg) - udf: prevent integer overflow in udf_bitmap_free_blocks() (Roman Smirnov) - PCI: Add Edimax Vendor ID to pci_ids.h (FUJITA Tomonori) - selftests/bpf: Fix send_signal test with nested CONFIG_PARAVIRT (Yonghong Song) - ACPI: SBS: manage alarm sysfs attribute through psy core (Thomas WeiÃschuh) - ACPI: battery: create alarm sysfs attribute atomically (Thomas WeiÃschuh) - clocksource/drivers/sh_cmt: Address race condition for clock events (Niklas Söderlund) - md/raid5: avoid BUG_ON() while continue reshape after reassembling (Yu Kuai) [Orabug: 36993127] {CVE-2024-43914} - net: fec: Stop PPS on driver remove (Csókás, Bence) - Bluetooth: l2cap: always unlock channel in l2cap_conless_channel() (Dmitry Antipov) -net: linkwatch: use system_unbound_wq (Eric Dumazet) - net: usb: qmi_wwan: fix memory leak for not ip packets (Daniele Palmas) [Orabug: 36983959] {CVE-2024-43861} - sctp: Fix null-ptr-deref in reuseport_add_sock(). (Kuniyuki Iwashima) [Orabug: 36993147] {CVE-2024-44935} - sctp: move hlist_node and hashent out of sctp_ep_common (Xin Long) - x86/mm: Fix pti_clone_pgtable() alignment assumption (Peter Zijlstra) [Orabug: 37029012] {CVE-2024-44965} - irqchip/mbigen: Fix mbigen node address layout (Yipeng Zou) - genirq: Allow irq_chip registration functions to take a const irq_chip (Marc Zyngier) - netfilter: ipset: Add list flush to cancel_gc (Alexander Maltsev) - net: usb: sr9700: fix uninitialized variable use in sr_mdio_read (Ma Ke) - ALSA: usb-audio: Correct surround channels in UAC1 channel map (Takashi Iwai) - protect the fetch of -> fd[fd] in do_dup2() from mispredictions (Al Viro) [Orabug: 36963808] {CVE-2024-42265} - HID: wacom: Modify pen IDs (Tatsunosuke Tobita) - ipv6: fix ndisc_is_useropt() handling for PIO (Maciej Å»enczykowski) - net/mlx5e: Add a check for the return value from mlx5_port_set_eth_ptys (Shahar Shitrit) - net/iucv: fix use after free in iucv_sock_close() (Alexandra Winter) [Orabug: 36964006] {CVE-2024-42271} - drm/vmwgfx: Fix overlay when using Screen Targets (Ian Forbes) - drm/nouveau: prime: fix refcount underflow (Danilo Krummrich) [Orabug: 36983979] {CVE-2024-43867} - remoteproc: imx_rproc: Skip over memory region when node value is NULL (Aleksandr Mishin) [Orabug: 36964537] {CVE-2024-43860} - remoteproc: imx_rproc: Fix ignoring mapping vdev regions (Dong Aisheng) - remoteproc: imx_rproc: ignore mapping vdev regions (Peng Fan) - irqchip/imx-irqsteer: Handle runtime power management correctly (Shenwei Wang) [Orabug: 36964085] {CVE-2024-42290} - irqchip/imx-irqsteer: Add runtime PM support (Lucas Stach) - irqchip/imx-irqsteer: Constify irq_chip struct (Lucas Stach) - genirq: Allow the PM device to originate from irq domain (Marc Zyngier) - devres: Fix memory leakagecaused by driver API devm_free_percpu() (Zijun Hu) [Orabug: 36983991] {CVE-2024-43871} - driver core: Cast to (void *) with __force for __percpu pointer (Andy Shevchenko) - dev/parport: fix the array out-of-bounds risk (tuhaowen) [Orabug: 36964223] {CVE-2024-42301} - parport: Standardize use of printmode (Joe Perches) to pr_ ( (Joe Perches) - PCI: rockchip: Use GPIOD_OUT_LOW flag while requesting ep_gpio (Manivannan Sadhasivam) - PCI: rockchip: Make 'ep-gpios' DT property optional (Chen-Yu Tsai) - mm: avoid overflows in dirty throttling logic (Jan Kara) [Orabug: 36897803] {CVE-2024-42131} - nvme-pci: add missing condition check for existence of mapped data (Leon Romanovsky) [Orabug: 36964022] {CVE-2024-42276} - ASoC: Intel: use soc_intel_is_byt_cr() only when IOSF_MBI is reachable (Pierre-Louis Bossart) - ASoC: Intel: Move soc_intel_is_foo() helpers to a generic header (Hans de Goede) - ASoC: Intel: Convert to new X86 CPU match macros (Thomas Gleixner) - powerpc: fix a file leak in kvm_vcpu_ioctl_enable_cap() (Al Viro) - apparmor: Fix null pointer deref when receiving skb during sock creation (Xiao Liang) - mISDN: Fix a use after free in hfcmulti_tx() (Dan Carpenter) [Orabug: 36964032] {CVE-2024-42280} - bpf: Fix a segment issue when downgrading gso_size (Fred Li) [Orabug: 36964038] {CVE-2024-42281} - net: nexthop: Initialize all fields in dumped nexthops (Petr Machata) [Orabug: 36964044] {CVE-2024-42283} - tipc: Return non-zero value from tipc_udp_addr2str() on error (Shigeru Yoshida) [Orabug: 36964047] {CVE-2024-42284} - net: bonding: correctly annotate RCU in bond_should_notify_peers() (Johannes Berg) - ipv4: Fix incorrect source address in Record Route option (Ido Schimmel) - MIPS: SMP-CPS: Fix address for GCR_ACCESS register for CM3 and later (Gregory CLEMENT) - dma: fix call order in dmam_free_coherent (Lance Richardson) [Orabug: 36964523] {CVE-2024-43856} - libbpf: Fix no-args func prototype BTF dumping syntax (Andrii Nakryiko) - um: time-travel: fix time-travel-start option (Johannes Berg) - jfs: Fix array-index-out-of-bounds in diFree (Jeongjun Park) [Orabug: 36964530] {CVE-2024-43858} - kdb: address -Wformat-security warnings (Arnd Bergmann) - nilfs2: handle inconsistent state in nilfs_btnode_create_block() (Ryusuke Konishi) [Orabug: 36964203] {CVE-2024-42295} - Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x13d3:0x3591 (WangYuli) - Bluetooth: btusb: Add RTL8852BE device 0489:e125 to device tables (Hilda Wu) - rbd: don't assume RBD_LOCK_STATE_LOCKED for exclusive mappings (Ilya Dryomov) - rbd: rename RBD_LOCK_STATE_RELEASING and releasing_wait (Ilya Dryomov) - drm/panfrost: Mark simple_ondemand governor as softdep (Dragan Simic) - rbd: don't assume rbd_is_lock_owner() for exclusive mappings (Ilya Dryomov) - selftests/sigaltstack: Fix ppc64 GCC build (Michael Ellerman) - RDMA/iwcm: Fix a use-after-free related to destroying CM IDs (Bart Van Assche) [Orabug: 36964054] {CVE-2024-42285} - platform: mips: cpu_hwmon: Disable driver on unsupported hardware (Jiaxun Yang) - watchdog/perf: properly initialize the turbo mode timestamp and rearm counter (Thomas Gleixner) - rtc: isl1208: Fix return value of nvmem callbacks (Joy Chakraborty) - perf/x86/intel/pt: Fix a topa_entry base address calculation (Adrian Hunter) - perf/x86/intel/pt: Fix topa_entry base length (Marco Cavenati) - scsi: qla2xxx: validate nvme_local_port correctly (Nilesh Javali) [Orabug: 36964059] {CVE-2024-42286} - scsi: qla2xxx: Complete command early within lock (Shreyas Deodhar) [Orabug: 36964065] {CVE-2024-42287} - scsi: qla2xxx: Fix for possible memory corruption (Shreyas Deodhar) [Orabug: 36964070] {CVE-2024-42288} - scsi: qla2xxx: During vport delete send async logout explicitly (Manish Rangankar) [Orabug: 36964080] {CVE-2024-42289} - rtc: cmos: Fix return value of nvmem callbacks (Joy Chakraborty) - kobject_uevent: Fix OOB access within zap_modalias_env() (Zijun Hu) [Orabug: 36964092] {CVE-2024-42292} - decompress_bunzip2: fix rare decompression failure (Ross Lagerwall) - ubi: eba: properly rollback insideself_check_eba (Fedor Pchelkin) - clk: davinci: da8xx-cfgchip: Initialize clk_init_data before use (Bastien Curutchet) - f2fs: fix to don't dirty inode for readonly filesystem (Chao Yu) [Orabug: 36964213] {CVE-2024-42297} - scsi: qla2xxx: Return ENOBUFS if sg_cnt is more than one for ELS cmds (Saurav Kashyap) - binder: fix hang of unregistered readers (Carlos Llamas) - PCI: hv: Return zero, not garbage, when reading PCI_INTERRUPT_PIN (Wei Liu) - hwrng: amd - Convert PCIBIOS_* return codes to errnos (Ilpo Järvinen) - tools/memory-model: Fix bug in lock.cat (Alan Stern) - leds: ss4200: Convert PCIBIOS_* return codes to errnos (Ilpo Järvinen) - wifi: mwifiex: Fix interface type change (Rafael Beims) - ext4: make sure the first directory block is not a hole (Baokun Li) [Orabug: 36964232] {CVE-2024-42304} - ext4: check dot and dotdot of dx_root before making dir indexed (Baokun Li) [Orabug: 36964237] {CVE-2024-42305} - m68k: amiga: Turn off Warp1260 interrupts during boot (Paolo Pisati) - udf: Avoid using corrupted block bitmap buffer (Jan Kara) [Orabug: 36964242] {CVE-2024-42306} - drm/amd/display: Check for NULL pointer (Sung Joon Kim) [Orabug: 36964247] {CVE-2024-42308} - drm/gma500: fix null pointer dereference in psb_intel_lvds_get_modes (Ma Ke) [Orabug: 36964253] {CVE-2024-42309} - drm/gma500: fix null pointer dereference in cdv_intel_lvds_get_modes (Ma Ke) [Orabug: 36964260] {CVE-2024-42310} - hfs: fix to initialize fields of hfs_inode_info after hfs_alloc_inode() (Chao Yu) [Orabug: 36964265] {CVE-2024-42311} - media: venus: fix use after free in vdec_close (Dikshita Agarwal) [Orabug: 36964275] {CVE-2024-42313} - char: tpm: Fix possible memory leak in tpm_bios_measurements_open() (Joe Hattori) - ipv6: take care of scope when choosing the src addr (Nicolas Dichtel) - af_packet: Handle outgoing VLAN packets without hardware offloading (Chengen Du) - net: netconsole: Disable target before netpoll cleanup (Breno Leitao) - tick/broadcast: Make takeover of broadcast hrtimer reliable (Yu Liao) -rtc: interface: Add RTC offset to alarm after fix-up (Csókás, Bence) - nilfs2: avoid undefined behavior in nilfs_cnt32_ge macro (Ryusuke Konishi) - fs/nilfs2: remove some unused macros to tame gcc (Alex Shi) - pinctrl: freescale: mxs: Fix refcount of child (Peng Fan) - netfilter: ctnetlink: use helper function to calculate expect ID (Pablo Neira Ayuso) [Orabug: 37013755] {CVE-2024-44944} - bnxt_re: Fix imm_data endianness (Jack Wang) - macintosh/therm_windtunnel: fix module unload. (Nick Bowler) - powerpc/xmon: Fix disassembly CPU feature checks (Michael Ellerman) - Input: elan_i2c - do not leave interrupt disabled on suspend failure (Dmitry Torokhov) - RDMA/device: Return error earlier if port in not valid (Leon Romanovsky) - mtd: make mtd_test.c a separate module (Arnd Bergmann) - ASoC: max98088: Check for clk_prepare_enable() error (Chen Ni) - RDMA/rxe: Don't set BTH_ACK_MASK for UC or UD QPs (Honggang LI) - RDMA/mlx4: Fix truncated output warning in alias_GUID.c (Leon Romanovsky) - RDMA/mlx4: Fix truncated output warning in mad.c (Leon Romanovsky) - Input: qt1050 - handle CHIP_ID reading error (Andrei Lalaev) - PCI: Fix resource double counting on remove & rescan (Ilpo Järvinen) - SUNRPC: Fixup gss_status tracepoint error output (Benjamin Coddington) - sparc64: Fix incorrect function signature and add prototype for prom_cif_init (Andreas Larsson) - ext4: avoid writing unitialized memory to disk in EA inodes (Jan Kara) - SUNRPC: avoid soft lockup when transmitting UDP to reachable server. (NeilBrown) - mfd: omap-usb-tll: Use struct_size to allocate tll (Javier Carrasco) - drm/qxl: Add check for drm_cvt_mode (Chen Ni) [Orabug: 36964456] {CVE-2024-43829} - drm/etnaviv: fix DMA direction handling for cached RW buffers (Lucas Stach) - perf report: Fix condition in sort__sym_cmp() (Namhyung Kim) - leds: trigger: Unregister sysfs attributes before calling deactivate() (Hans de Goede) [Orabug: 36964459] {CVE-2024-43830} - media: renesas: vsp1: Store RPF partition configuration per RPFinstance (Laurent Pinchart) - media: renesas: vsp1: Fix _irqsave and _irq mix (Laurent Pinchart) - media: uvcvideo: Override default flags (Daniel Schaefer) - media: uvcvideo: Allow entity-defined get_info and get_cur (Ricardo Ribalda) - saa7134: Unchecked i2c_transfer function result fixed (Aleksandr Burakov) - media: imon: Fix race getting ictx-> lock (Ricardo Ribalda) - media: dvb-usb: Fix unexpected infinite loop in dvb_usb_read_remote_control() (Zheng Yejian) - USB: move snd_usb_pipe_sanity_check into the USB core (Greg Kroah-Hartman) - selftests: forwarding: devlink_lib: Wait for udev events after reloading (Amit Cohen) - bna: adjust 'name' buf size of bna_tcb and bna_ccb structures (Alexey Kodanev) [Orabug: 36964480] {CVE-2024-43839} - wifi: virt_wifi: don't use strlen() in const context (Johannes Berg) - gss_krb5: Fix the error handling path for crypto_sync_skcipher_setkey (Gaosheng Cui) - wifi: virt_wifi: avoid reporting connection success with wrong SSID (En-Wei Wu) [Orabug: 36964487] {CVE-2024-43841} - qed: Improve the stack space of filter_config() (Shai Malin) - perf: Prevent passing zero nr_pages to rb_alloc_aux() (Adrian Hunter) - perf: Fix perf_aux_size() for greater-than 32-bit size (Adrian Hunter) - perf/x86/intel/pt: Fix pt_topa_entry_for_page() address calculation (Adrian Hunter) - netfilter: nf_tables: rise cap on SELinux secmark context (Pablo Neira Ayuso) - net: fec: Fix FEC_ECR_EN1588 being cleared on link-down (Csókás, Bence) - net: fec: Refactor: #define magic constants (Csókás Bence) - wifi: cfg80211: handle 2x996 RU allocation in cfg80211_calculate_bitrate_he() (Baochen Qiang) [Orabug: 36984010] {CVE-2024-43879} - wifi: cfg80211: fix typo in cfg80211_calculate_bitrate_he() (Baochen Qiang) - mlxsw: spectrum_acl_erp: Fix object nesting warning (Ido Schimmel) [Orabug: 36984013] {CVE-2024-43880} - lib: objagg: Fix general protection fault (Ido Schimmel) [Orabug: 36964495] {CVE-2024-43846} - selftests/bpf: Check length of recv in test_sockmap (Geliang Tang) - net/smc: set rmb's SG_MAX_SINGLE_ALLOC limitation only when CONFIG_ARCH_NO_SG_CHAIN is defined (Guangguan Wang) - net/smc: Allow SMC-D 1MB DMB allocations (Stefan Raspl) - wifi: brcmsmac: LCN PHY code is used for BCM4313 2G-only device (Samasth Norway Ananda) - firmware: turris-mox-rwtm: Initialize completion before mailbox (Marek Behún) - firmware: turris-mox-rwtm: Fix checking return value of wait_for_completion_timeout() (Marek Behún) - m68k: cmpxchg: Fix return value for default case in __arch_xchg() (Thorsten Blum) - x86/xen: Convert comma to semicolon (Chen Ni) - m68k: atari: Fix TT bootup freeze / unexpected (SCU) interrupt messages (Eero Tamminen) - arm64: dts: amlogic: gx: correct hdmi clocks (Jerome Brunet) - arm64: dts: mediatek: mt7622: fix "emmc" pinctrl mux (RafaÅ MiÅecki) - ARM: dts: imx6qdl-kontron-samx6i: fix PCIe reset polarity (Michael Walle) - ARM: dts: imx6qdl-kontron-samx6i: fix board reset (Michael Walle) - ARM: dts: imx6qdl-kontron-samx6i: fix PHY reset (Michael Walle) - ARM: dts: imx6qdl-kontron-samx6i: move phy reset into phy-node (Marco Felsch) - arm64: dts: rockchip: Increase VOP clk rate on RK3328 (Jonas Karlman) - arm64: dts: qcom: msm8996: specify UFS core_clk frequencies (Dmitry Baryshkov) - arm64: dts: qcom: sdm845: add power-domain to UFS PHY (Dmitry Baryshkov) - hwmon: (max6697) Fix swapped temp{1,8} critical alarms (Guenter Roeck) - hwmon: (max6697) Fix underflow when writing limit attributes (Guenter Roeck) - pwm: stm32: Always do lazy disabling (Uwe Kleine-König) - hwmon: (adt7475) Fix default duty on fan is disabled (Wayne Tung) - x86/platform/iosf_mbi: Convert PCIBIOS_* return codes to errnos (Ilpo Järvinen) - x86/pci/xen: Fix PCIBIOS_* return code handling (Ilpo Järvinen) - x86/pci/intel_mid_pci: Fix PCIBIOS_* return code handling (Ilpo Järvinen) - x86/of: Return consistent error type from x86_of_pci_irq_enable() (Ilpo Järvinen) - hfsplus: fix to avoid false alarm of circular locking (Chao Yu) - platform/chrome:cros_ec_debugfs: fix wrong EC message version (Tzung-Bi Shih) - LTS tag: v5.4.281 (Sherry Yang) - tap: add missing verification for short frame (Si-Wei Liu) [Orabug: 36660755] {CVE-2024-41090} - tun: add missing verification for short frame (Dongli Zhang) [Orabug: 36660755] {CVE-2024-41091} - filelock: Fix fcntl/close race recovery compat path (Jann Horn) [Orabug: 36896789] {CVE-2024-41020} {CVE-2024-41012} - ALSA: hda/realtek: Enable headset mic on Positivo SU C1400 (Edson Juliano Drosdeck) - jfs: don't walk off the end of ealist (lei lu) [Orabug: 36891667] {CVE-2024-41017} - ocfs2: add bounds checking to ocfs2_check_dir_entry() (lei lu) [Orabug: 36891655] {CVE-2024-41015} - ACPI: processor_idle: Fix invalid comparison with insertion sort for latency (Kuan-Wei Chiu) - ARM: 9324/1: fix get_user() broken with veneer (Masahiro Yamada) - hfsplus: fix uninit-value in copy_name (Edward Adam Davis) [Orabug: 36896969] {CVE-2024-41059} - selftests/vDSO: fix clang build errors and warnings (John Hubbard) - spi: imx: Don't expect DMA for i.MX{25,35,50,51,53} cspi devices (Uwe Kleine-König) - fs: better handle deep ancestor chains in is_subdir() (Christian Brauner) - Bluetooth: hci_core: cancel all works upon hci_unregister_dev() (Tetsuo Handa) [Orabug: 36896994] {CVE-2024-41063} - scsi: libsas: Fix exp-attached device scan after probe failure scanned in again after probe failed (Xingui Yang) - powerpc/eeh: avoid possible crash when edev-> pdev changes (Ganesh Goudar) [Orabug: 36897003] {CVE-2024-41064} - powerpc/pseries: Whitelist dtl slub object for copying to userspace (Anjali K) [Orabug: 36897009] {CVE-2024-41065} - net: mac802154: Fix racy device stats updates by DEV_STATS_INC() and DEV_STATS_ADD() (Yunshui Jiang) - net: usb: qmi_wwan: add Telit FN912 compositions (Daniele Palmas) - ALSA: dmaengine_pcm: terminate dmaengine before synchronize (Shengjiu Wang) - s390/sclp: Fix sclp_init() cleanup on failure (Heiko Carstens) [Orabug: 36897032] {CVE-2024-41068} - can: kvaser_usb: fix return value forhif_usb_send_regout (Chen Ni) - ASoC: ti: omap-hdmi: Fix too long driver name (Primoz Fiser) - ASoC: ti: davinci-mcasp: Set min period size using FIFO config (Jai Luthra) - bytcr_rt5640 : inverse jack detect for Archos 101 cesium (Thomas GENTY) - Input: elantech - fix touchpad state on resume for Lenovo N24 (Jonathan Denose) - mips: fix compat_sys_lseek syscall (Arnd Bergmann) - ALSA: hda/realtek: Add more codec ID to no shutup pins list (Kailang Yang) - KVM: PPC: Book3S HV: Prevent UAF in kvm_spapr_tce_attach_iommu_group() (Michael Ellerman) [Orabug: 36897048] {CVE-2024-41070} - wifi: cfg80211: wext: add extra SIOCSIWSCAN data check (Dmitry Antipov) [Orabug: 36897312] {CVE-2024-41072} - mei: demote client disconnect warning on suspend to debug (Alexander Usyskin) - fs/file: fix the check in find_next_fd() (Yuntao Wang) - kconfig: remove wrong expr_trans_bool() (Masahiro Yamada) - kconfig: gconf: give a proper initial state to the Save button (Masahiro Yamada) - ila: block BH in ila_output() (Eric Dumazet) [Orabug: 36897360] {CVE-2024-41081} - Input: silead - Always support 10 fingers (Hans de Goede) - wifi: mac80211: fix UBSAN noise in ieee80211_prep_hw_scan() (Dmitry Antipov) - wifi: mac80211: mesh: init nonpeer_pm to active by default in mesh sdata (Nicolas Escande) - ACPI: EC: Avoid returning AE_OK on errors in address space handler (Armin Wolf) - ACPI: EC: Abort address space access upon error (Armin Wolf) - scsi: qedf: Set qed_slowpath_params to zero before use (Saurav Kashyap) - filelock: Remove locks reliably when fcntl/close race is detected (Jann Horn) [Orabug: 36874758] {CVE-2024-41012} {CVE-2024-41020} - gcc-plugins: Rename last_stmt() for GCC 14+ (Kees Cook) [5.4.17-2136.336.2.el8uek] - mm: Only enable HVO under UEK6 for Exadata system (Jane Chu) [Orabug: 36990830] - mm: delete redundent old PageCompound() macro (Jane Chu) [Orabug: 36990830] [5.4.17-2136.336.1.el8uek] - mm/hwpoison: put page in already hwpoisoned case with MF_COUNT_INCREASED (Naoya Horiguchi) [Orabug:36947110] - mm/memory-failure: send SIGBUS in the event of thp split fail (Jane Chu) [Orabug: 36947110] - mm/memory-failure: move hwpoison_filter() higher up (Jane Chu) [Orabug: 36947110] - mm/memory-failure: improve memory failure action_result messages (Jane Chu) [Orabug: 36947110] - mm/madvise: add MF_ACTION_REQUIRED to madvise(MADV_HWPOISON) (Jane Chu) [Orabug: 36947110] - mm/memory-failure: try to send SIGBUS even if unmap failed (Jane Chu) [Orabug: 36947110] - mm: memory-failure: cleanup try_to_split_thp_page() (Kefeng Wang) [Orabug: 36947110] - mm,hwpoison: introduce MF_MSG_UNSPLIT_THP (Naoya Horiguchi) [Orabug: 36947110] - KVM/x86: Do not clear SIPI while in SMM (Boris Ostrovsky) [Orabug: 36401960] _______________________________________________ El-errata mailing list
Get the latest Linux and open source security news straight to your inbox.