Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 30 articles for you...
89
security advisoryunauthorized accessfedoraFedora 44 Minetest 5.15.2 Security Advisory - Luanti Exploits
5.15.2. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-b42cf3db3b 2026-04-25 01:21:36.173336+00:00 -------------------------------------------------------------------------------- Name : minetest Product : Fedora 44 Version : 5.15.2 Release : 1.fc44 URL : https://luanti.org Summary : Multiplayer infinite-world block sandbox with survival mode Description : Game of mining, crafting and building in the infinite world of cubic blocks with optional hostile creatures, features both single and the network multiplayer mode, mods. Public multiplayer servers are available. -------------------------------------------------------------------------------- Update Information: 5.15.2 -------------------------------------------------------------------------------- ChangeLog: * Thu Apr 16 2026 Gwyn Ciesla - 5.15.2-1 - 5.15.2 * Sun Mar 22 2026 Bjrn Esser - 5.15.1-2 - Rebuild (jsoncpp) -------------------------------------------------------------------------------- References: [ 1 ] Bug #2458512 - minetest-5.15.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=2458512 [ 2 ] Bug #2458908 - CVE-2026-40960 minetest: Luanti: Unauthorized access to insecure environment via crafted module [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2458908 [ 3 ] Bug #2458909 - CVE-2026-40959 minetest: Luanti: Lua sandbox escape via crafted mod [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2458909 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-b42cf3db3b' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/keys -------------------------------------------------------------------------------- . Fedora 44 Security Update: Minetest 5.15.2 fixes unauthorized access and Lua sandbox escape vulnerabilities.. minetest security update,Fedora Linux vulnerabilities,Lua sandbox security. . Severity: Important. LinuxSecurity.com Team
Apr 25, 2026
•Important
Fedora
202
security advisoryimportantheap overflowopenSUSE Leap 15.2: Kernel Important Update CVE-2021-33200
An update that solves 12 vulnerabilities and has 23 fixes is now available.. openSUSE Security Update: Security update for the Linux Kernel =5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F= =5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F= =5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F= =5F=5F=5F Announcement ID: openSUSE-SU-2021:0843-1 Rating: important References: #1087082 #1133021 #1152457 #1152489 #1155518 #1156395 #1164648 #1177666 #1178418 #1179519 #1179827 #1179851 #1182378 #1182999 #1183346 #1183976 #1184259 #1185428 #1185495 #1185589 #1185645 #1185703 #1185725 #1185758 #1185861 #1185863 #1185911 #1185938 #1185982 #1186320 #1186416 #1186439 #1186460 #1186484 #1186573 Cross-References: CVE-2020-24586 CVE-2020-24587 CVE-2020-24588 CVE-2020-26139 CVE-2020-26141 CVE-2020-26145 CVE-2020-26147 CVE-2021-23134 CVE-2021-32399 CVE-2021-33034 CVE-2021-33200 CVE-2021-3491 CVSS scores: CVE-2020-24586 (NVD) : 3.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:R= /S:U/C:L/I:N/A:N CVE-2020-24586 (SUSE): 4.7 CVSS:3.1/AV:A/AC:H/PR:N/UI:N= /S:C/C:L/I:L/A:N CVE-2020-24587 (NVD) : 2.6 CVSS:3.1/AV:A/AC:H/PR:N/UI:R= /S:U/C:L/I:N/A:N CVE-2020-24587 (SUSE): 4.2 CVSS:3.1/AV:A/AC:H/PR:N/UI:N= /S:U/C:L/I:L/A:N CVE-2020-24588 (NVD) : 3.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:R= /S:U/C:N/I:L/A:N CVE-2020-24588 (SUSE): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N= /S:U/C:N/I:H/A:N CVE-2020-26139 (NVD) : 5.3 CVSS:3.1/AV:A/AC:H/PR:N/UI:N= /S:U/C:N/I:N/A:H CVE-2020-26139 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N= /S:U/C:L/I:N/A:N CVE-2020-26141 (SUSE): 4.2CVSS:3.1/AV:A/AC:H/PR:N/UI:N= /S:U/C:L/I:L/A:N CVE-2020-26145 (SUSE): 5.4 CVSS:3.1/AV:A/AC:L/PR:N/UI:N= /S:U/C:L/I:L/A:N CVE-2020-26147 (NVD) : 5.4 CVSS:3.1/AV:A/AC:H/PR:N/UI:R= /S:U/C:L/I:H/A:N CVE-2021-23134 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N= /S:U/C:H/I:H/A:H CVE-2021-23134 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N= /S:U/C:H/I:H/A:H CVE-2021-32399 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S= :U/C:H/I:H/A:H CVE-2021-32399 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N= /S:U/C:H/I:H/A:H CVE-2021-33034 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N= /S:U/C:N/I:H/A:N CVE-2021-33034 (SUSE): 7.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N= /S:U/C:N/I:H/A:H CVE-2021-33200 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N= /S:U/C:H/I:H/A:H CVE-2021-33200 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N= /S:U/C:H/I:H/A:H CVE-2021-3491 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/= S:U/C:H/I:H/A:H Affected Products: openSUSE Leap 15.2 =5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F= =5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F= =5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F= =5F=5F=5F An update that solves 12 vulnerabilities and has 23 fixes is now available. Description: The openSUSE Leap 15.2 kernel was updated to receive various security an= d bugfixes. The following security bugs were fixed: - CVE-2021-33200: Enforcing incorrect limits for pointer arithmetic operations by the BPF verifier could be abused to perform out-of-bound= s reads and writes in kernel memory (bsc#1186484). - CVE-2021-33034: Fixed a use-after-free when destroying an hci=5Fchan. = This could lead to writing an arbitrary values. (bsc#1186111) - CVE-2020-26139: Fixed a denial-of-service when an Access Point (AP) forwards EAPOL frames to other clients even though the sender has not yet successfully authenticated to the AP. (bnc#1186062) - CVE-2021-23134: A Use After Free vulnerability in nfc sockets allowed local attackers to elevate their privileges. (bnc#1186060) - CVE-2021-3491: Fixed a potential heap overflow in mem=5Frw(). This vulnerability is related to the PROVIDE=5FBUFFERS operation, which all= owed the MAX=5FRW=5FCOUNT limit to be bypassed (bsc#1185642). - CVE-2021-32399: Fixed a race condition when removing the HCI controlle= r (bnc#1184611). - CVE-2020-24586: The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn'= t require that received fragments be cleared from memory after (re)connecting to a network. Under the right circumstances this can be abused to inject arbitrary network packets and/or exfiltrate user data (bnc#1185859). - CVE-2020-24587: The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn'= t require that all fragments of a frame are encrypted under the same key= . An adversary can abuse this to decrypt selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP encryption k= ey is periodically renewed (bnc#1185859 bnc#1185862). - CVE-2020-24588: The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn'= t require that the A-MSDU flag in the plaintext QoS header field is authenticated. Against devices that support receiving non-SSP A-MSDU frames (which is mandatory as part of 802.11n), an adversary can abuse this to inject arbitrary network packets. (bnc#1185861) - CVE-2020-26147: The WEP, WPA, WPA2, and WPA3 implementations reassembl= e fragments, even though some of them were sent in plaintext. This vulnerability can be abused to injectpackets and/or exfiltrate select= ed fragments when another device sends fragmented frames and the WEP, CCM= P, or GCMP data-confidentiality protocol is used (bnc#1185859). - CVE-2020-26145: An issue was discovered with Samsung Galaxy S3 i9305 4.4.4 devices. The WEP, WPA, WPA2, and WPA3 implementations accept second (or subsequent) broadcast fragments even when sent in plaintext and process them as full unfragmented frames. An adversary can abuse this to inject arbitrary network packets independent of the network configuration. (bnc#1185860) - CVE-2020-26141: An issue was discovered in the ALFA driver for AWUS036= H, where the Message Integrity Check (authenticity) of fragmented TKIP frames was not verified. An adversary can abuse this to inject and possibly decrypt packets in WPA or WPA2 networks that support the TKIP data-confidentiality protocol. (bnc#1185987) The following non-security bugs were fixed: - ACPI / hotplug / PCI: Fix reference count leak in enable=5Fslot() (git-fixes). - ACPI: GTDT: Do not corrupt interrupt mappings on watchdow probe failur= e (git-fixes). - ACPI: custom=5Fmethod: fix a possible memory leak (git-fixes). - ACPI: custom=5Fmethod: fix potential use-after-free issue (git-fixes). - ALSA: bebob/oxfw: fix Kconfig entry for Mackie d.2 Pro (git-fixes). - ALSA: bebob: enable to deliver MIDI messages for multiple ports (git-fixes). - ALSA: dice: fix stream format at middle sampling rate for Alesis iO 26 (git-fixes). - ALSA: dice: fix stream format for TC Electronic Konnekt Live at high sampling transfer frequency (git-fixes). - ALSA: firewire-lib: fix calculation for size of IR context payload (git-fixes). - ALSA: firewire-lib: fix check for the size of isochronous packet paylo= ad (git-fixes). - ALSA: hda/conexant: Re-order CX5066 quirk table entries (git-fixes). - ALSA: hda/realtek: ALC285 Thinkpad jack pin quirk is unreachable (git-fixes). -ALSA: hda/realtek: Add some CLOVE SSIDs of ALC293 (git-fixes). - ALSA: hda/realtek: Headphone volume is controlled by Front mixer (git-fixes). - ALSA: hda/realtek: reset eapd coeff to default value for alc287 (git-fixes). - ALSA: hda: fixup headset for ASUS GU502 laptop (git-fixes). - ALSA: hda: generic: change the DAC ctl name for LO+SPK or LO+HP (git-fixes). - ALSA: hdsp: do not disable if not enabled (git-fixes). - ALSA: hdspm: do not disable if not enabled (git-fixes). - ALSA: intel8x0: Do not update period unless prepared (git-fixes). - ALSA: line6: Fix racy initialization of LINE6 MIDI (git-fixes). - ALSA: rme9652: do not disable if not enabled (git-fixes). - ALSA: usb-audio: Validate MS endpoint descriptors (git-fixes). - ALSA: usb-audio: fix control-request direction (git-fixes). - ALSA: usb-audio: scarlett2: Fix device hang with ehci-pci (git-fixes). - ALSA: usb-audio: scarlett2: Improve driver startup messages (git-fixes= ). - ALSA: usb-audio: scarlett2: snd=5Fscarlett=5Fgen2=5Fcontrols=5Fcreate(= ) can be static (git-fixes). - ARM64: vdso32: Install vdso32 from vdso=5Finstall (git-fixes). - ASoC: Intel: bytcr=5Frt5640: Add quirk for the Chuwi Hi8 tablet (git-fixes). - ASoC: Intel: bytcr=5Frt5640: Enable jack-detect support on Asus T100TA= F (git-fixes). - ASoC: cs35l33: fix an error code in probe() (git-fixes). - ASoC: cs42l42: Regmap must use=5Fsingle=5Fread/write (git-fixes). - ASoC: rsnd: call rsnd=5Fssi=5Fmaster=5Fclk=5Fstart() from rsnd=5Fssi= =5Finit() (git-fixes). - ASoC: rsnd: core: Check convert rate in rsnd=5Fhw=5Fparams (git-fixes)= . - ASoC: rt286: Generalize support for ALC3263 codec (git-fixes). - ASoC: rt286: Make RT286=5FSET=5FGPIO=5F* readable and writable (git-fi= xes). - Bluetooth: L2CAP: Fix handling LE modes by L2CAP=5FOPTIONS (git-fixes)= . - Bluetooth: SMP: Fail if remote and local public keys are identical (git-fixes). - Bluetooth: Set CONF=5FNOT=5FCOMPLETE asl2cap=5Fchan default (git-fixe= s). - Bluetooth: check for zapped sk before connecting (git-fixes). - Bluetooth: initialize skb=5Fqueue=5Fhead at l2cap=5Fchan=5Fcreate() (g= it-fixes). - Drivers: hv: vmbus: Fix Suspend-to-Idle for Generation-2 VM (git-fixes= ). - Drivers: hv: vmbus: Increase wait time for VMbus unload (bsc#1185725). - Drivers: hv: vmbus: Initialize unload=5Fevent statically (bsc#1185725)= . - Drivers: hv: vmbus: Use after free in =5F=5Fvmbus=5Fopen() (git-fixes)= . - Input: elants=5Fi2c - do not bind to i2c-hid compatible ACPI instantia= ted devices (git-fixes). - Input: silead - add workaround for x86 BIOS-es which bring the chip up in a stuck state (git-fixes). - KVM: s390: fix guarded storage control register handling (bsc#1133021)= . - Move upstreamed media fixes into sorted section - NFC: nci: fix memory leak in nci=5Fallocate=5Fdevice (git-fixes). - PCI/RCEC: Fix RCiEP device to RCEC association (git-fixes). - PCI: Allow VPD access for QLogic ISP2722 (git-fixes). - PCI: PM: Do not read power state in pci=5Fenable=5Fdevice=5Fflags() (git-fixes). - PCI: Release OF node in pci=5Fscan=5Fdevice()'s error path (git-fixes)= . - PCI: endpoint: Fix missing destroy=5Fworkqueue() (git-fixes). - PCI: iproc: Fix return value of iproc=5Fmsi=5Firq=5Fdomain=5Falloc() (= git-fixes). - PCI: thunder: Fix compile testing (git-fixes). - PM / devfreq: Use more accurate returned new=5Ffreq as resume=5Ffreq (git-fixes). - RDMA/addr: create addr=5Fwq with WQ=5FMEM=5FRECLAIM flag (bsc#1183346)= . - RDMA/core: create ib=5Fcm with WQ=5FMEM=5FRECLAIM flag (bsc#1183346). - RDMA/hns: Delete redundant abnormal interrupt status (git-fixes). - RDMA/hns: Delete redundant condition judgment related to eq (git-fixes= ). - RDMA/qedr: Fix error return code in qedr=5Fiw=5Fconnect() (jsc#SLE-821= 5). - RDMA/srpt: Fix error return code in srpt=5Fcm=5Freq=5Frecv() (git-fixe= s). - Revert "arm64: vdso: Fix compilation with clang olderthan 8" (git-fixes). - Revert "gdrom: fix a memory leak bug" (git-fixes). - Revert "i3c master: fix missing destroy=5Fworkqueue() on error in i3c=5Fmaster=5Fregister" (git-fixes). - Revert "leds: lp5523: fix a missing check of return value of lp55xx=5Fread" (git-fixes). - Revert 337f13046ff0 ("futex: Allow FUTEX=5FCLOCK=5FREALTIME with FUTEX= =5FWAIT op") (git-fixes). - SUNRPC in case of backlog, hand free slots directly to waiting task (bsc#1185428). - SUNRPC: More fixes for backlog congestion (bsc#1185428). - USB: Add LPM quirk for Lenovo ThinkPad USB-C Dock Gen2 Ethernet (git-fixes). - USB: Add reset-resume quirk for WD19's Realtek Hub (git-fixes). - USB: serial: pl2303: add support for PL2303HXN (bsc#1186320). - USB: serial: pl2303: fix line-speed handling on newer chips (bsc#1186320). - USB: serial: ti=5Fusb=5F3410=5F5052: fix TIOCSSERIAL permission check (git-fixes). - USB: trancevibrator: fix control-request direction (git-fixes). - amdgpu: avoid incorrect %hu format string (git-fixes). - arm64/mm: Fix pfn=5Fvalid() for ZONE=5FDEVICE based memory (git-fixes)= . - arm64: Add missing ISB after invalidating TLB in =5F=5Fprimary=5Fswitc= h (git-fixes). - arm64: avoid -Woverride-init warning (git-fixes). - arm64: kasan: fix page=5Falloc tagging with DEBUG=5FVIRTUAL (git-fixes= ). - arm64: kdump: update ppos when reading elfcorehdr (git-fixes). - arm64: kexec=5Ffile: fix memory leakage in create=5Fdtb() when fdt=5Fopen=5Finto() fails (git-fixes). - arm64: link with -z norelro for LLD or aarch64-elf (git-fixes). - arm64: link with -z norelro regardless of CONFIG=5FRELOCATABLE (git-fi= xes). - arm64: ptrace: Fix seccomp of traced syscall -1 (NO=5FSYSCALL) (git-fi= xes). - arm64: ptrace: Use NO=5FSYSCALL instead of -1 in syscall=5Ftrace=5Fent= er() (git-fixes). - arm64: vdso32: make vdso32 install conditional (git-fixes). - arm: mm: use =5F=5Fpfn=5Fto=5Fsection() to get mem=5Fsection(git-fixe= s). - ata: ahci: Disable SXS for Hisilicon Kunpeng920 (git-fixes). - blk-iocost: ioc=5Fpd=5Ffree() shouldn't assume irq disabled (git-fixes= ). - blk-mq: Swap two calls in blk=5Fmq=5Fexit=5Fqueue() (git-fixes). - block/genhd: use atomic=5Ft for disk=5Fevent-> block (bsc#1185497). - block: Fix three kernel-doc warnings (git-fixes). - block: fix get=5Fmax=5Fio=5Fsize() (git-fixes). - bnxt=5Fen: Fix RX consumer index logic in the error path (git-fixes). - bnxt=5Fen: fix ternary sign extension bug in bnxt=5Fshow=5Ftemp() (git= -fixes). - bpf: Fix leakage of uninitialized bpf stack under speculation (bsc#1155518). - bpf: Fix masking negation logic upon negative dst register (bsc#115551= 8). - btrfs: fix race between transaction aborts and fsyncs leading to use-after-free (bsc#1186441). - btrfs: fix race when picking most recent mod log operation for an old root (bsc#1186439). - cdc-wdm: untangle a circular dependency between callback and softint (git-fixes). - cdrom: gdrom: deallocate struct gdrom=5Funit fields in remove=5Fgdrom (git-fixes). - cdrom: gdrom: initialize global variable at init time (git-fixes). - ceph: do not clobber i=5Fsnap=5Fcaps on non-I=5FNEW inode (bsc#1186501= ). - ceph: fix inode leak on getattr error in =5F=5Ffh=5Fto=5Fdentry (bsc#1= 186501). - ceph: fix up error handling with snapdirs (bsc#1186501). - ceph: only check pool permissions for regular files (bsc#1186501). - cfg80211: scan: drop entry from hidden=5Flist on overflow (git-fixes). - clk: socfpga: arria10: Fix memory leak of socfpga=5Fclk on error retur= n (git-fixes). - cpufreq: intel=5Fpstate: Add Icelake servers support in no-HWP mode (bsc#1185758). - crypto: api - check for ERR pointers in crypto=5Fdestroy=5Ftfm() (git-= fixes). - crypto: mips/poly1305 - enable for all MIPS processors (git-fixes). - crypto: qat - ADF=5FSTATUS=5FPF=5FRUNNING should be set after adf=5Fde= v=5Finit (git-fixes). - crypto: qat- Fix a double free in adf=5Fcreate=5Fring (git-fixes). - crypto: qat - do not release uninitialized resources (git-fixes). - crypto: qat - fix error path in adf=5Fisr=5Fresource=5Falloc() (git-fi= xes). - crypto: qat - fix unmap invalid dma address (git-fixes). - crypto: stm32/cryp - Fix PM reference leak on stm32-cryp.c (git-fixes)= . - crypto: stm32/hash - Fix PM reference leak on stm32-hash.c (git-fixes)= . - cxgb4: Fix unintentional sign extension issues (git-fixes). - dm: avoid filesystem lookup in dm=5Fget=5Fdev=5Ft() (git-fixes). - dmaengine: dw-edma: Fix crash on loading/unloading driver (git-fixes). - docs: kernel-parameters: Add gpio=5Fmockup=5Fnamed=5Flines (git-fixes)= . - docs: kernel-parameters: Move gpio-mockup for alphabetic order (git-fixes). - drivers: hv: Fix whitespace errors (bsc#1185725). - drm/amd/display: Fix UBSAN warning for not a valid value for type '=5FBool' (git-fixes). - drm/amd/display: Fix two cursor duplication when using overlay (git-fixes). - drm/amd/display: Force vsync flip when reconfiguring MPCC (git-fixes). - drm/amd/display: Reject non-zero src=5Fy and src=5Fx for video planes (git-fixes). - drm/amd/display: fix dml prefetch validation (git-fixes). - drm/amd/display: fixed divide by zero kernel crash during dsc enableme= nt (git-fixes). - drm/amdgpu : Fix asic reset regression issue introduce by 8f211fe8ac7c= 4f (git-fixes). - drm/amdgpu: disable 3DCGCG on picasso/raven1 to avoid compute hang (git-fixes). - drm/amdgpu: fix NULL pointer dereference (git-fixes). - drm/amdgpu: mask the xgmi number of hops reported from psp to kfd (git-fixes). - drm/amdkfd: Fix cat debugfs hang=5Fhws file causes system crash bug (git-fixes). - drm/i915: Avoid div-by-zero on gen2 (git-fixes). - drm/meson: fix shutdown crash when component not probed (git-fixes). - drm/msm/mdp5: Configure PP=5FSYNC=5FHEIGHT to double the vtotal (git-f= ixes). - drm/msm/mdp5: Do notmultiply vclk line count by 100 (git-fixes). - drm/radeon/dpm: Disable sclk switching on Oland when two 4K 60Hz monitors are connected (git-fixes). - drm/radeon: Avoid power table parsing memory leaks (git-fixes). - drm/radeon: Fix off-by-one power=5Fstate index heap overwrite (git-fix= es). - drm/vkms: fix misuse of WARN=5FON (git-fixes). - drm: Added orientation quirk for OneGX1 Pro (git-fixes). - ethernet:enic: Fix a use after free bug in enic=5Fhard=5Fstart=5Fxmit (git-fixes). - extcon: arizona: Fix some issues when HPDET IRQ fires after the jack h= as been unplugged (git-fixes). - extcon: arizona: Fix various races on driver unbind (git-fixes). - fbdev: zero-fill colormap in fbcmap.c (git-fixes). - firmware: arm=5Fscpi: Prevent the ternary sign expansion bug (git-fixe= s). - fs/epoll: restore waking from ep=5Fdone=5Fscan() (bsc#1183868). - ftrace: Handle commands when closing set=5Fftrace=5Ffilter file (git-f= ixes). - futex: Change utime parameter to be 'const ... *' (git-fixes). - futex: Do not apply time namespace adjustment on FUTEX=5FLOCK=5FPI (bsc#1164648). - futex: Get rid of the val2 conditional dance (git-fixes). - futex: Make syscall entry points less convoluted (git-fixes). - genirq/irqdomain: Do not try to free an interrupt that has no (git-fix= es) - genirq: Disable interrupts for force threaded handlers (git-fixes) - genirq: Reduce irqdebug cacheline bouncing (bsc#1185703 ltc#192641). - gpio: xilinx: Correct kernel doc for xgpio=5Fprobe() (git-fixes). - gpiolib: acpi: Add quirk to ignore EC wakeups on Dell Venue 10 Pro 505= 5 (git-fixes). - hrtimer: Update softirq=5Fexpires=5Fnext correctly after (git-fixes) - hwmon: (occ) Fix poll rate limiting (git-fixes). - i2c: Add I2C=5FAQ=5FNO=5FREP=5FSTART adapter quirk (git-fixes). - i2c: bail out early when RDWR parameters are wrong (git-fixes). - i2c: i801: Do not generate an interrupt on bus reset (git-fixes). - i2c: s3c2410: fix possible NULLpointer deref on read message after write (git-fixes). - i2c: sh=5Fmobile: Use new clock calculation formulas for RZ/G2E (git-fixes). - i40e: Fix PHY type identifiers for 2.5G and 5G adapters (git-fixes). - i40e: Fix use-after-free in i40e=5Fclient=5Fsubtask() (git-fixes). - i40e: fix broken XDP support (git-fixes). - i40e: fix the restart auto-negotiation after FEC modified (git-fixes). - ibmvfc: Avoid move login if fast fail is enabled (bsc#1185938 ltc#192043). - ibmvfc: Handle move login failure (bsc#1185938 ltc#192043). - ibmvfc: Reinit target retries (bsc#1185938 ltc#192043). - ibmvnic: remove default label from to=5Fstring switch (bsc#1152457 ltc#174432 git-fixes). - ics932s401: fix broken handling of errors when word reading fails (git-fixes). - iio: adc: ad7124: Fix missbalanced regulator enable / disable on error (git-fixes). - iio: adc: ad7124: Fix potential overflow due to non sequential channel numbers (git-fixes). - iio: adc: ad7768-1: Fix too small buffer passed to iio=5Fpush=5Fto=5Fbuffers=5Fwith=5Ftimestamp() (git-fixes). - iio: adc: ad7793: Add missing error code in ad7793=5Fsetup() (git-fixe= s). - iio: gyro: fxas21002c: balance runtime power in error path (git-fixes)= . - iio: gyro: mpu3050: Fix reported temperature value (git-fixes). - iio: proximity: pulsedlight: Fix rumtime PM imbalance on error (git-fixes). - iio: tsl2583: Fix division by a zero lux=5Fval (git-fixes). - intel=5Fth: Consistency and off-by-one fix (git-fixes). - iommu/amd: Add support for map/unmap=5Fresource (jsc#ECO-3482). - ipc/mqueue, msg, sem: Avoid relying on a stack reference past its expi= ry (bsc#1185988). - ipmi/watchdog: Stop watchdog timer when the current action is 'none' (bsc#1184855). - kernel-docs.spec.in: Build using an utf-8 locale. Sphinx cannot handle UTF-8 input in non-UTF-8 locale. - leds: lp5523: check return value of lp5xx=5Fread and jump to cleanup c= ode (git-fixes). - lpfc: Decouple port=5Ftemplate and vport=5Ftemplate (bsc#185032). - mac80211: clear the beacon's CRC after channel switch (git-fixes). - md-cluster: fix use-after-free issue when removing rdev (bsc#1184082). - md/raid1: properly indicate failure when ending a failed write request (bsc#1185680). - md: do not flush workqueue unconditionally in md=5Fopen (bsc#1184081). - md: factor out a mddev=5Ffind=5Flocked helper from mddev=5Ffind (bsc#1= 184081). - md: md=5Fopen returns -EBUSY when entering racing area (bsc#1184081). - md: split mddev=5Ffind (bsc#1184081). - media: adv7604: fix possible use-after-free in adv76xx=5Fremove() (git-fixes). - media: drivers: media: pci: sta2x11: fix Kconfig dependency on GPIOLIB (git-fixes). - media: dvb-usb: fix memory leak in dvb=5Fusb=5Fadapter=5Finit (git-fix= es). - media: em28xx: fix memory leak (git-fixes). - media: gspca/sq905.c: fix uninitialized variable (git-fixes). - media: i2c: adv7511-v4l2: fix possible use-after-free in adv7511=5Fremove() (git-fixes). - media: i2c: adv7842: fix possible use-after-free in adv7842=5Fremove() (git-fixes). - media: i2c: tda1997: Fix possible use-after-free in tda1997x=5Fremove(= ) (git-fixes). - media: imx: capture: Return -EPIPE from =5F=5Fcapture=5Flegacy=5Ftry= =5Ffmt() (git-fixes). - media: ite-cir: check for receive overflow (git-fixes). - media: media/saa7164: fix saa7164=5Fencoder=5Fregister() memory leak b= ugs (git-fixes). - media: platform: sti: Fix runtime PM imbalance in regs=5Fshow (git-fix= es). - media: tc358743: fix possible use-after-free in tc358743=5Fremove() (git-fixes). - mfd: arizona: Fix rumtime PM imbalance on error (git-fixes). - misc/uss720: fix memory leak in uss720=5Fprobe (git-fixes). - mlxsw: spectrum=5Fmr: Update egress RIF list before route's action (git-fixes). - mmc: block: Update ext=5Fcsd.cache=5Fctrl if it was written (git-fixes= ). - mmc: core: Do a power cyclewhen the CMD11 fails (git-fixes). - mmc: core: Set read only for SD cards with permanent write protect bit (git-fixes). - mmc: sdhci-pci-gli: increase 1.8V regulator wait (git-fixes). - mmc: sdhci-pci: Add PCI IDs for Intel LKF (git-fixes). - mmc: sdhci-pci: Fix initialization of some SD cards for Intel BYT-base= d controllers (git-fixes). - mmc: sdhci: Check for reset prior to DMA address unmap (git-fixes). - net, xdp: Update pkt=5Ftype if generic XDP changes unicast MAC (git-fi= xes). - net: enetc: fix link error again (git-fixes). - net: hns3: Fix for geneve tx checksum bug (git-fixes). - net: hns3: add check for HNS3=5FNIC=5FSTATE=5FINITED in hns3=5Freset=5Fnotify=5Fup=5Fenet() (git-fixes). - net: hns3: clear unnecessary reset request in hclge=5Freset=5Frebuild (git-fixes). - net: hns3: disable phy loopback setting in hclge=5Fmac=5Fstart=5Fphy (git-fixes). - net: hns3: fix for vxlan gpe tx checksum bug (git-fixes). - net: hns3: fix incorrect configuration for igu=5Fegu=5Fhw=5Ferr (git-f= ixes). - net: hns3: initialize the message content in hclge=5Fget=5Flink=5Fmode= () (git-fixes). - net: hns3: use netif=5Ftx=5Fdisable to stop the transmit queue (git-fi= xes). - net: thunderx: Fix unintentional sign extension issue (git-fixes). - net: usb: fix memory leak in smsc75xx=5Fbind (git-fixes). - netdevice: Add missing IFF=5FPHONY=5FHEADROOM self-definition (git-fix= es). - netfilter: conntrack: add new sysctl to disable RST check (bsc#1183947 bsc#1185950). - netfilter: conntrack: avoid misleading 'invalid' in log message (bsc#1183947 bsc#1185950). - netfilter: conntrack: improve RST handling when tuple is re-used (bsc#1183947 bsc#1185950). - nvme-core: add cancel tagset helpers (bsc#1183976). - nvme-fabrics: decode host pathing error for connect (bsc#1179827). - nvme-fc: check sgl supported by target (bsc#1179827). - nvme-fc: clear q=5Flive at beginning of association teardown (bsc#1186= 479). - nvme-fc: return NVME=5FSC=5FHOST=5FABORTED=5FCMD when a command has be= en aborted (bsc#1184259). - nvme-fc: set NVME=5FREQ=5FCANCELLED in nvme=5Ffc=5Fterminate=5Fexchang= e() (bsc#1184259). - nvme-fc: short-circuit reconnect retries (bsc#1179827). - nvme-multipath: fix double initialization of ANA state (bsc#1178612, bsc#1184259). - nvme-pci: Remove tag from process cq (git-fixes). - nvme-pci: Remove two-pass completions (git-fixes). - nvme-pci: Simplify nvme=5Fpoll=5Firqdisable (git-fixes). - nvme-pci: align io queue count with allocted nvme=5Fqueue in (git-fixe= s). - nvme-pci: avoid race between nvme=5Freap=5Fpending=5Fcqes() and nvme= =5Fpoll() (git-fixes). - nvme-pci: dma read memory barrier for completions (git-fixes). - nvme-pci: fix "slimmer CQ head update" (git-fixes). - nvme-pci: make sure write/poll=5Fqueues less or equal then cpu (git-fi= xes). - nvme-pci: remove last=5Fsq=5Ftail (git-fixes). - nvme-pci: remove volatile cqes (git-fixes). - nvme-pci: slimmer CQ head update (git-fixes). - nvme-pci: use simple suspend when a HMB is enabled (git-fixes). - nvme-tcp: Fix possible race of io=5Fwork and direct send (git-fixes). - nvme-tcp: Fix warning with CONFIG=5FDEBUG=5FPREEMPT (git-fixes). - nvme-tcp: add clean action for failed reconnection (bsc#1183976). - nvme-tcp: fix kconfig dependency warning when !CRYPTO (git-fixes). - nvme-tcp: fix misuse of =5F=5Fsmp=5Fprocessor=5Fid with preemption (gi= t-fixes). - nvme-tcp: fix possible hang waiting for icresp response (bsc#1179519). - nvme-tcp: use cancel tagset helper for tear down (bsc#1183976). - nvme: Fix NULL dereference for pci nvme controllers (bsc#1182378). - nvme: add NVME=5FREQ=5FCANCELLED flag in nvme=5Fcancel=5Frequest() (bs= c#1184259). - nvme: define constants for identification values (git-fixes). - nvme: do not intialize hwmon for discovery controllers (bsc#1184259). - nvme: do not intialize hwmon for discovery controllers (git-fixes). -nvme: document nvme controller states (git-fixes). - nvme: explicitly update mpath disk capacity on revalidation (git-fixes= ). - nvme: expose reconnect=5Fdelay and ctrl=5Floss=5Ftmo via sysfs (bsc#11= 82378). - nvme: fix controller instance leak (git-fixes). - nvme: fix deadlock in disconnect during scan=5Fwork and/or ana=5Fwork (git-fixes). - nvme: fix possible deadlock when I/O is blocked (git-fixes). - nvme: remove superfluous else in nvme=5Fctrl=5Floss=5Ftmo=5Fstore (bsc= #1182378). - nvme: retrigger ANA log update if group descriptor isn't found (git-fixes) - nvme: simplify error logic in nvme=5Fvalidate=5Fns() (bsc#1184259). - nvmet: fix a memory leak (git-fixes). - nvmet: seset ns-> file when open fails (bsc#1183873). - nvmet: use new ana=5Flog=5Fsize instead the old one (bsc#1184259). - nxp-i2c: restore includes for kABI (bsc#1185589). - nxp-nci: add NXP1002 id (bsc#1185589). - phy: phy-twl4030-usb: Fix possible use-after-free in twl4030=5Fusb=5Fremove() (git-fixes). - pinctrl: ingenic: Improve unreachable code generation (git-fixes). - pinctrl: samsung: use 'int' for register masks in Exynos (git-fixes). - platform/mellanox: mlxbf-tmfifo: Fix a memory barrier issue (git-fixes= ). - platform/x86: intel=5Fpmc=5Fcore: Do not use global pmcdev in quirks (git-fixes). - platform/x86: thinkpad=5Facpi: Correct thermal sensor allocation (git-fixes). - posix-timers: Preserve return value in clock=5Fadjtime32() (git-fixes) - power: supply: Use IRQF=5FONESHOT (git-fixes). - power: supply: generic-adc-battery: fix possible use-after-free in gab=5Fremove() (git-fixes). - power: supply: s3c=5Fadc=5Fbattery: fix possible use-after-free in s3c=5Fadc=5Fbat=5Fremove() (git-fixes). - powerpc/64s: Fix crashes when toggling entry flush barrier (bsc#117766= 6 git-fixes). - powerpc/64s: Fix crashes when toggling stf barrier (bsc#1087082 git-fixes). - qtnfmac: Fix possible buffer overflow inqtnf=5Fevent=5Fhandle=5Fexter= nal=5Fauth (git-fixes). - rtc: pcf2127: handle timestamp interrupts (bsc#1185495). - s390/dasd: fix hanging DASD driver unbind (bsc#1183932 LTC#192153). - s390/entry: save the caller of psw=5Fidle (bsc#1185677). - s390/kdump: fix out-of-memory with PCI (bsc#1182257 LTC#191375). - sched/eas: Do not update misfit status if the task is pinned (git-fixe= s) - sched/fair: Avoid stale CPU util=5Fest value for schedutil in (git-fix= es) - sched/fair: Fix unfairness caused by missing load decay (git-fixes) - scripts/git=5Fsort/git=5Fsort.py: add bpf git repo - scsi: core: Run queue in case of I/O resource contention failure (bsc#1186416). - scsi: fnic: Kill 'exclude=5Fid' argument to fnic=5Fcleanup=5Fio() (bsc#1179851). - scsi: libfc: Avoid invoking response handler twice if ep is already completed (bsc#1186573). - scsi: lpfc: Add a option to enable interlocked ABTS before job completion (bsc#1186451). - scsi: lpfc: Add ndlp kref accounting for resume RPI path (bsc#1186451)= . - scsi: lpfc: Fix "Unexpected timeout" error in direct attach topology (bsc#1186451). - scsi: lpfc: Fix Node recovery when driver is handling simultaneous PLOGIs (bsc#1186451). - scsi: lpfc: Fix bad memory access during VPD DUMP mailbox command (bsc#1186451). - scsi: lpfc: Fix crash when lpfc=5Fsli4=5Fhba=5Fsetup() fails to initia= lize the SGLs (bsc#1186451). - scsi: lpfc: Fix node handling for Fabric Controller and Domain Controller (bsc#1186451). - scsi: lpfc: Fix non-optimized ERSP handling (bsc#1186451). - scsi: lpfc: Fix unreleased RPIs when NPIV ports are created (bsc#1186451). - scsi: lpfc: Ignore GID-FT response that may be received after a link flip (bsc#1186451). - scsi: lpfc: Reregister FPIN types if ELS=5FRDF is received from fabric controller (bsc#1186451). - scsi: lpfc: Update lpfc version to 12.8.0.10 (bsc#1186451). - sctp: delay auto=5Fasconf init until binding thefirst addr ( ). - serial: core: fix suspicious security=5Flocked=5Fdown() call (git-fixe= s). - serial: core: return early on unsupported ioctls (git-fixes). - serial: sh-sci: Fix off-by-one error in FIFO threshold register settin= g (git-fixes). - serial: stm32: fix incorrect characters on console (git-fixes). - serial: stm32: fix tx=5Fempty condition (git-fixes). - serial: tegra: Fix a mask operation that is always true (git-fixes). - smc: disallow TCP=5FULP in smc=5Fsetsockopt() (git-fixes). - spi: ath79: always call chipselect function (git-fixes). - spi: ath79: remove spi-master setup and cleanup assignment (git-fixes)= . - spi: dln2: Fix reference leak to master (git-fixes). - spi: omap-100k: Fix reference leak to master (git-fixes). - spi: qup: fix PM reference leak in spi=5Fqup=5Fremove() (git-fixes). - spi: spi-fsl-dspi: Fix a resource leak in an error handling path (git-fixes). - staging: emxx=5Fudc: fix loop in =5Fnbu2ss=5Fnuke() (git-fixes). - staging: iio: cdc: ad7746: avoid overwrite of num=5Fchannels (git-fixe= s). - tcp: fix to update snd=5Fwl1 in bulk receiver fast path ( ). - thermal/drivers/ti-soc-thermal/bandgap Remove unused variable 'val' (git-fixes). - thunderbolt: dma=5Fport: Fix NVM read buffer bounds and offset issue (git-fixes). - tracing: Map all PIDs to command lines (git-fixes). - tty: amiserial: fix TIOCSSERIAL permission check (git-fixes). - tty: fix memory leak in vc=5Fdeallocate (git-fixes). - tty: moxa: fix TIOCSSERIAL jiffies conversions (git-fixes). - tty: moxa: fix TIOCSSERIAL permission check (git-fixes). - uio: uio=5Fhv=5Fgeneric: use devm=5Fkzalloc() for private data alloc (git-fixes). - uio=5Fhv=5Fgeneric: Fix a memory leak in error handling paths (git-fix= es). - uio=5Fhv=5Fgeneric: Fix another memory leak in error handling paths (git-fixes). - uio=5Fhv=5Fgeneric: add missed sysfs=5Fremove=5Fbin=5Ffile (git-fixes)= . - usb: core: hub: Fix PMreference leak in usb=5Fport=5Fresume() (git-fi= xes). - usb: core: hub: fix race condition about TRSMRCY of resume (git-fixes)= . - usb: dwc2: Fix gadget DMA unmap direction (git-fixes). - usb: dwc3: gadget: Enable suspend events (git-fixes). - usb: dwc3: gadget: Return success always for kick transfer in ep queue (git-fixes). - usb: dwc3: omap: improve extcon initialization (git-fixes). - usb: dwc3: pci: Enable usb2-gadget-lpm-disable for Intel Merrifield (git-fixes). - usb: fotg210-hcd: Fix an error message (git-fixes). - usb: gadget/function/f=5Ffs string table fix for multiple languages (git-fixes). - usb: gadget: dummy=5Fhcd: fix gpf in gadget=5Fsetup (git-fixes). - usb: gadget: f=5Fuac1: validate input parameters (git-fixes). - usb: gadget: f=5Fuac2: validate input parameters (git-fixes). - usb: gadget: udc: renesas=5Fusb3: Fix a race in usb3=5Fstart=5Fpipen() (git-fixes). - usb: gadget: uvc: add bInterval checking for HS mode (git-fixes). - usb: musb: fix PM reference leak in musb=5Firq=5Fwork() (git-fixes). - usb: sl811-hcd: improve misleading indentation (git-fixes). - usb: webcam: Invalid size of Processing Unit Descriptor (git-fixes). - usb: xhci: Fix port minor revision (git-fixes). - usb: xhci: Increase timeout for HC halt (git-fixes). - vgacon: Record video mode changes with VT=5FRESIZEX (git-fixes). - video: hyperv=5Ffb: Add ratelimit on error message (bsc#1185725). - vrf: fix a comment about loopback device (git-fixes). - watchdog/softlockup: Remove obsolete check of last reported task (bsc#1185982). - watchdog/softlockup: report the overall time of softlockups (bsc#1185982). - watchdog: explicitly update timestamp when reporting softlockup (bsc#1185982). - watchdog: rename =5F=5Ftouch=5Fwatchdog() to a better descriptive name (bsc#1185982). - whitespace cleanup - wl3501=5Fcs: Fix out-of-bounds warnings in wl3501=5Fmgmt=5Fjoin (git-f= ixes). - wl3501=5Fcs: Fix out-of-boundswarnings in wl3501=5Fsend=5Fpkt (git-fi= xes). - workqueue: Minor follow-ups to the rescuer destruction change (bsc#1185911). - workqueue: more destroy=5Fworkqueue() fixes (bsc#1185911). - x86/cpu: Initialize MSR=5FTSC=5FAUX if RDTSCP *or* RDPID is supported (bsc#1152489). - xhci: Do not use GFP=5FKERNEL in (potentially) atomic context (git-fix= es). - xhci: check control context is valid before dereferencing it (git-fixe= s). - xhci: fix potential array out of bounds with several interrupters (git-fixes). - xsk: Respect device's headroom and tailroom on generic xmit path (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended instal= lation methods like YaST online=5Fupdate or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.2: zypper in -t patch openSUSE-2021-843=3D1 Package List: - openSUSE Leap 15.2 (noarch): kernel-devel-5.3.18-lp152.78.1 kernel-docs-5.3.18-lp152.78.1 kernel-docs-html-5.3.18-lp152.78.1 kernel-macros-5.3.18-lp152.78.1 kernel-source-5.3.18-lp152.78.1 kernel-source-vanilla-5.3.18-lp152.78.1 - openSUSE Leap 15.2 (x86=5F64): kernel-debug-5.3.18-lp152.78.1 kernel-debug-debuginfo-5.3.18-lp152.78.1 kernel-debug-debugsource-5.3.18-lp152.78.1 kernel-debug-devel-5.3.18-lp152.78.1 kernel-debug-devel-debuginfo-5.3.18-lp152.78.1 kernel-default-5.3.18-lp152.78.1 kernel-default-base-5.3.18-lp152.78.1.lp152.8.34.1 kernel-default-base-rebuild-5.3.18-lp152.78.1.lp152.8.34.1 kernel-default-debuginfo-5.3.18-lp152.78.1 kernel-default-debugsource-5.3.18-lp152.78.1 kernel-default-devel-5.3.18-lp152.78.1 kernel-default-devel-debuginfo-5.3.18-lp152.78.1 kernel-kvmsmall-5.3.18-lp152.78.1 kernel-kvmsmall-debuginfo-5.3.18-lp152.78.1 kernel-kvmsmall-debugsource-5.3.18-lp152.78.1 kernel-kvmsmall-devel-5.3.18-lp152.78.1 kernel-kvmsmall-devel-debuginfo-5.3.18-lp152.78.1 kernel-obs-build-5.3.18-lp152.78.1 kernel-obs-build-debugsource-5.3.18-lp152.78.1 kernel-obs-qa-5.3.18-lp152.78.1 kernel-preempt-5.3.18-lp152.78.1 kernel-preempt-debuginfo-5.3.18-lp152.78.1 kernel-preempt-debugsource-5.3.18-lp152.78.1 kernel-preempt-devel-5.3.18-lp152.78.1 kernel-preempt-devel-debuginfo-5.3.18-lp152.78.1 kernel-syms-5.3.18-lp152.78.1 References: https://www.suse.com/security/cve/CVE-2020-24586.html https://www.suse.com/security/cve/CVE-2020-24587.html https://www.suse.com/security/cve/CVE-2020-24588.html https://www.suse.com/security/cve/CVE-2020-26139.html https://www.suse.com/security/cve/CVE-2020-26141.html https://www.suse.com/security/cve/CVE-2020-26145.html https://www.suse.com/security/cve/CVE-2020-26147.html https://www.suse.com/security/cve/CVE-2021-23134.html https://www.suse.com/security/cve/CVE-2021-32399.html https://www.suse.com/security/cve/CVE-2021-33034.html https://www.suse.com/security/cve/CVE-2021-33200.html https://www.suse.com/security/cve/CVE-2021-3491.html https://bugzilla.suse.com/1087082 https://bugzilla.suse.com/1133021 https://bugzilla.suse.com/1152457 https://bugzilla.suse.com/1152489 https://bugzilla.suse.com/1155518 https://bugzilla.suse.com/1156395 https://bugzilla.suse.com/1164648 https://bugzilla.suse.com/1177666 https://bugzilla.suse.com/1178418 https://bugzilla.suse.com/1179519 https://bugzilla.suse.com/1179827 https://bugzilla.suse.com/1179851 https://bugzilla.suse.com/1182378 https://bugzilla.suse.com/1182999 https://bugzilla.suse.com/1183346 https://bugzilla.suse.com/1183976 https://bugzilla.suse.com/1184259 https://bugzilla.suse.com/1185428 https://bugzilla.suse.com/1185495 https://bugzilla.suse.com/1185589 https://bugzilla.suse.com/1185645 https://bugzilla.suse.com/1185703 https://bugzilla.suse.com/1185725 https://bugzilla.suse.com/1185758 https://bugzilla.suse.com/1185861 https://bugzilla.suse.com/1185863 https://bugzilla.suse.com/1185911 https://bugzilla.suse.com/1185938 https://bugzilla.suse.com/1185982 https://bugzilla.suse.com/1186320 https://bugzilla.suse.com/1186416 https://bugzilla.suse.com/1186439 https://bugzilla.suse.com/1186460 https://bugzilla.suse.com/1186484 https://bugzilla.suse.com/1186573 . A critical patch for Fedora has been released to resolve various security issues. Prompt updates are advised to ensure system protection.. openSUSE security update, kernel patch, important vulnerabilities. . Severity: Important. LinuxSecurity.com Team
Sep 26, 2025
•Important
OpenSUSE
172
security advisorycode executionremote accessUbuntu 16.04 LTS USN-7043-3: cups-filters remote access risk
cups-filters could be made to run programs if it received specially crafted network traffic.. ========================================================================== Ubuntu Security Notice USN-7043-3 October 07, 2024 cups-filters vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 LTS Summary: cups-filters could be made to run programs if it received specially crafted network traffic. Software Description: - cups-filters: OpenPrinting CUPS Filters Details: USN-7043-1 fixed a vulnerability in cups-filters. This update provides the corresponding update for Ubuntu 16.04 LTS Original advisory details: Simone Margaritelli discovered that the cups-filters cups-browsed component could be used to create arbitrary printers from outside the local network. In combination with issues in other printing components, a remote attacker could possibly use this issue to connect to a system, created manipulated PPD files, and execute arbitrary code when a printer is used. This update disables support for the legacy CUPS printer discovery protocol. (CVE-2024-47176) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS cups-browsed 1.8.3-2ubuntu3.5+esm2 Available with Ubuntu Pro cups-filters 1.8.3-2ubuntu3.5+esm2 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7043-3 https://ubuntu.com/security/notices/USN-7043-2 https://ubuntu.com/security/notices/USN-7043-1 CVE-2024-47176 . Stay informed on Ubuntu Security Notice USN-7043-3 regarding cups-filters vulnerabilities and risks of remote execution.. cups-filters security, Ubuntu updates, network exploits, remote code execution. . Severity:Important. LinuxSecurity.com Team
Oct 07, 2024
•Important
Ubuntu
172
security advisoryremote code executionUbuntuUbuntu 24.04 LTS USN-7041-1 moderate: cups remote code execution
CUPS could be made to crash or run programs if it received specially crafted network traffic.. ========================================================================== Ubuntu Security Notice USN-7041-1 September 26, 2024 cups vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS Summary: CUPS could be made to crash or run programs if it received specially crafted network traffic. Software Description: - cups: Common UNIX Printing System(tm) Details: Simone Margaritelli discovered that CUPS incorrectly sanitized IPP data when creating PPD files. A remote attacker could possibly use this issue to manipulate PPD files and execute arbitrary code when a printer is used. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 24.04 LTS cups 2.4.7-1.2ubuntu7.3 Ubuntu 22.04 LTS cups 2.4.1op1-1ubuntu4.11 Ubuntu 20.04 LTS cups 2.3.1-9ubuntu1.9 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7041-1 CVE-2024-47175 Package Information: https://launchpad.net/ubuntu/+source/cups/2.4.7-1.2ubuntu7.3 https://launchpad.net/ubuntu/+source/cups/2.3.1-9ubuntu1.9 . The DPDK flaw highlighted in Debian Security Advisory DSA-5023-1 outlines vital patches for impacted versions.. cups Vulnerability, Ubuntu Security Notice, Network Exploit, Remote Code Exec. . LinuxSecurity.com Team
Sep 26, 2024
Ubuntu
172
security advisorycriticalcode executionUbuntu 16.04 LTS USN-6981-1 Critical: Drupal Network Exploit
Drupal could be made to crash or run programs if it received specially crafted network traffic.. ========================================================================== Ubuntu Security Notice USN-6981-1 August 27, 2024 drupal7 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 LTS Summary: Drupal could be made to crash or run programs if it received specially crafted network traffic. Software Description: - drupal7: fully-featured content management framework Details: It was discovered that Drupal incorrectly sanitized uploaded filenames. A remote attacker could possibly use this issue to execute arbitrary code. (CVE-2020-13671) It was discovered that Drupal incorrectly sanitized archived filenames. A remote attacker could possibly use this issue to overwrite arbitrary files, or execute arbitrary code. (CVE-2020-28948, CVE-2020-28949) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS drupal7 7.44-1ubuntu1~16.04.0+esm2 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-6981-1 CVE-2020-13671, CVE-2020-28948, CVE-2020-28949 . Security flaws in Drupal could allow remote adversaries to compromise the system, potentially leading to crashes or unauthorized program execution through specially designed network packets.. Drupal Security, Remote Code Execution, Ubuntu Advisory. . Severity: Critical. LinuxSecurity.com Team
Aug 27, 2024
•Critical
Ubuntu
172
security advisorydenial of serviceubuntuUbuntu 18.04 LTS USN-6674-2 Critical Django DoS Advisory
Django could be made to consume resources or crash if it received specially crafted network traffic.. ========================================================================== Ubuntu Security Notice USN-6674-2 March 04, 2024 python-django vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.04 LTS (Available with Ubuntu Pro) Summary: Django could be made to consume resources or crash if it received specially crafted network traffic. Software Description: - python-django: High-level Python web development framework Details: USN-6674-1 fixed a vulnerability in Django. This update provides the corresponding update for Ubuntu 18.04 LTS. Original advisory details: Seokchan Yoon discovered that the Django Truncator function incorrectly handled very long HTML input. A remote attacker could possibly use this issue to cause Django to consume resources, leading to a denial of service. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS (Available with Ubuntu Pro): python-django 1:1.11.11-1ubuntu1.21+esm4 python3-django 1:1.11.11-1ubuntu1.21+esm4 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-6674-2 https://ubuntu.com/security/notices/USN-6674-1 CVE-2024-27351 . Node.js might encounter instability or deplete system resources due to carefully designed network requests. Ensure Fedora is updated for safety measures.. Django Network Exploit, Denial of Service Issue, Ubuntu Security Notice. . Severity: Critical. LinuxSecurity.com Team
Mar 04, 2024
•Critical
Ubuntu
202
security advisoryupdatemoderate severityopenSUSE: 2023:4907-1 Moderate: mariadb Network Exploit Fix
This update for mariadb fixes the following issues: CVE-2023-22084: Fixed an easily exploitable vulnerability that allowed high privileged attacker with network access via multiple protocols to compromise. # Security update for mariadb Announcement ID: SUSE-SU-2023:4907-1 Rating: moderate References: * bsc#1217405 Cross-References: * CVE-2023-22084 CVSS scores: * CVE-2023-22084 ( SUSE ): 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2023-22084 ( NVD ): 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H Affected Products: * Galera for Ericsson 15 SP3 * openSUSE Leap 15.3 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 An update that solves one vulnerability can now be installed. ## Description: This update for mariadb fixes the following issues: * CVE-2023-22084: Fixed an easily exploitable vulnerability that allowed high privileged attacker with network access via multiple protocols to compromise MySQL Server (bsc#1217405). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.3 zypper in -t patch SUSE-2023-4907=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4907=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4907=1 * Galera for Ericsson 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-ERICSSON-2023-4907=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4907=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4907=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4907=1 ## Package List: * openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586) * mariadb-test-debuginfo-10.5.23-150300.3.38.1 * mariadb-10.5.23-150300.3.38.1 * mariadb-test-10.5.23-150300.3.38.1 * mariadb-client-10.5.23-150300.3.38.1 * libmariadbd-devel-10.5.23-150300.3.38.1 * mariadb-debuginfo-10.5.23-150300.3.38.1 * mariadb-rpm-macros-10.5.23-150300.3.38.1 * libmariadbd19-10.5.23-150300.3.38.1 * mariadb-tools-debuginfo-10.5.23-150300.3.38.1 * mariadb-bench-debuginfo-10.5.23-150300.3.38.1 * mariadb-bench-10.5.23-150300.3.38.1 * libmariadbd19-debuginfo-10.5.23-150300.3.38.1 * mariadb-client-debuginfo-10.5.23-150300.3.38.1 * mariadb-debugsource-10.5.23-150300.3.38.1 * mariadb-tools-10.5.23-150300.3.38.1 * mariadb-galera-10.5.23-150300.3.38.1 * openSUSE Leap 15.3 (noarch) * mariadb-errormessages-10.5.23-150300.3.38.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * mariadb-10.5.23-150300.3.38.1 * mariadb-tools-debuginfo-10.5.23-150300.3.38.1 * mariadb-client-10.5.23-150300.3.38.1 * libmariadbd-devel-10.5.23-150300.3.38.1 * mariadb-debuginfo-10.5.23-150300.3.38.1 * libmariadbd19-10.5.23-150300.3.38.1 * libmariadbd19-debuginfo-10.5.23-150300.3.38.1 * mariadb-client-debuginfo-10.5.23-150300.3.38.1 * mariadb-debugsource-10.5.23-150300.3.38.1 * mariadb-tools-10.5.23-150300.3.38.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * mariadb-errormessages-10.5.23-150300.3.38.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * mariadb-10.5.23-150300.3.38.1 * mariadb-tools-debuginfo-10.5.23-150300.3.38.1 *mariadb-client-10.5.23-150300.3.38.1 * libmariadbd-devel-10.5.23-150300.3.38.1 * mariadb-debuginfo-10.5.23-150300.3.38.1 * libmariadbd19-10.5.23-150300.3.38.1 * libmariadbd19-debuginfo-10.5.23-150300.3.38.1 * mariadb-client-debuginfo-10.5.23-150300.3.38.1 * mariadb-debugsource-10.5.23-150300.3.38.1 * mariadb-tools-10.5.23-150300.3.38.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * mariadb-errormessages-10.5.23-150300.3.38.1 * Galera for Ericsson 15 SP3 (x86_64) * mariadb-galera-10.5.23-150300.3.38.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * mariadb-10.5.23-150300.3.38.1 * mariadb-tools-debuginfo-10.5.23-150300.3.38.1 * mariadb-client-10.5.23-150300.3.38.1 * libmariadbd-devel-10.5.23-150300.3.38.1 * mariadb-debuginfo-10.5.23-150300.3.38.1 * libmariadbd19-10.5.23-150300.3.38.1 * libmariadbd19-debuginfo-10.5.23-150300.3.38.1 * mariadb-client-debuginfo-10.5.23-150300.3.38.1 * mariadb-debugsource-10.5.23-150300.3.38.1 * mariadb-tools-10.5.23-150300.3.38.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * mariadb-errormessages-10.5.23-150300.3.38.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * mariadb-10.5.23-150300.3.38.1 * mariadb-tools-debuginfo-10.5.23-150300.3.38.1 * mariadb-client-10.5.23-150300.3.38.1 * libmariadbd-devel-10.5.23-150300.3.38.1 * mariadb-debuginfo-10.5.23-150300.3.38.1 * libmariadbd19-10.5.23-150300.3.38.1 * libmariadbd19-debuginfo-10.5.23-150300.3.38.1 * mariadb-client-debuginfo-10.5.23-150300.3.38.1 * mariadb-debugsource-10.5.23-150300.3.38.1 * mariadb-tools-10.5.23-150300.3.38.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * mariadb-errormessages-10.5.23-150300.3.38.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * mariadb-10.5.23-150300.3.38.1 * mariadb-tools-debuginfo-10.5.23-150300.3.38.1 *mariadb-client-10.5.23-150300.3.38.1 * libmariadbd-devel-10.5.23-150300.3.38.1 * mariadb-debuginfo-10.5.23-150300.3.38.1 * libmariadbd19-10.5.23-150300.3.38.1 * libmariadbd19-debuginfo-10.5.23-150300.3.38.1 * mariadb-client-debuginfo-10.5.23-150300.3.38.1 * mariadb-debugsource-10.5.23-150300.3.38.1 * mariadb-tools-10.5.23-150300.3.38.1 * SUSE Enterprise Storage 7.1 (noarch) * mariadb-errormessages-10.5.23-150300.3.38.1 ## References: * https://www.suse.com/security/cve/CVE-2023-22084.html * https://bugzilla.suse.com/show_bug.cgi?id=1217405 . The recent update addressing CVE-2023-22084 vulnerability in mariadb boosts security protocols for openSUSE, enhancing user data safety and system integrity. openSUSE Update,mariadb Security Advisory,network exploit fix. . LinuxSecurity.com Team
Dec 20, 2023
OpenSUSE
172
security advisorydenial of serviceUbuntuUbuntu 23.04 USN-6168-1 Critical: libx11 Denial of Service
libx11 could be made to crash if it received specially crafted network traffic.. =========================================================================Ubuntu Security Notice USN-6168-1 June 15, 2023 libx11 vulnerability ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 23.04 - Ubuntu 22.10 - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS Summary: libx11 could be made to crash if it received specially crafted network traffic. Software Description: - libx11: X11 client-side library Details: Gregory James Duck discovered that libx11 incorrectly handled certain Request, Event, or Error IDs. If a user were tricked into connecting to a malicious X Server, a remote attacker could possibly use this issue to cause libx11 to crash, resulting in a denial of service. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 23.04: libx11-6 2:1.8.4-2ubuntu0.2 Ubuntu 22.10: libx11-6 2:1.8.1-2ubuntu0.2 Ubuntu 22.04 LTS: libx11-6 2:1.7.5-1ubuntu0.2 Ubuntu 20.04 LTS: libx11-6 2:1.6.9-2ubuntu1.5 After a standard system update you need to reboot your computer to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-6168-1 CVE-2023-3138 Package Information: https://launchpad.net/ubuntu/+source/libx11/2:1.8.4-2ubuntu0.2 https://launchpad.net/ubuntu/+source/libx11/2:1.8.1-2ubuntu0.2 https://launchpad.net/ubuntu/+source/libx11/2:1.7.5-1ubuntu0.2 https://launchpad.net/ubuntu/+source/libx11/2:1.6.9-2ubuntu1.5 . An urgent vulnerability in the libx11 library on Ubuntu may lead to system instability when exposed to specially designed network packets. Immediate patching necessary.. libx11 Exploit, Ubuntu Security Notice, Denial of Service Issue. . Severity:Critical. LinuxSecurity.com Team
Jun 15, 2023
•Critical
Ubuntu
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!