Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 580
Alerts This Week
Warning Icon 1 580

Stay Secure with the Latest Linux Advisories

Filter%20icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":100,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":0,"type":"x","order":2,"pct":0,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 153 articles for you...
100

SUSE Linux 15 SP6: 2025:02070-1 important: Linux Kernel RT security patch

* bsc#1232908 * bsc#1232927 * bsc#1232929 * bsc#1233245 * bsc#1233680 . # Security update for the Linux Kernel RT (Live Patch 2 for SLE 15 SP6) Announcement ID: SUSE-SU-2025:02070-1 Release Date: 2025-06-23T20:03:52Z Rating: important References: * bsc#1232908 * bsc#1232927 * bsc#1232929 * bsc#1233245 * bsc#1233680 * bsc#1233708 * bsc#1235062 * bsc#1235086 * bsc#1235129 * bsc#1235231 * bsc#1236244 Cross-References: * CVE-2024-50124 * CVE-2024-50125 * CVE-2024-50127 * CVE-2024-50257 * CVE-2024-50279 * CVE-2024-50301 * CVE-2024-53074 * CVE-2024-53208 * CVE-2024-56582 * CVE-2024-56601 * CVE-2024-56605 CVSS scores: * CVE-2024-50124 ( SUSE ): 7.5 CVSS:4.0/AV:A/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-50124 ( SUSE ): 7.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-50124 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-50124 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-50125 ( SUSE ): 7.5 CVSS:4.0/AV:A/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-50125 ( SUSE ): 7.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-50125 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-50125 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-50127 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-50127 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-50127 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-50127 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-50257 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-50257 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-50257 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-50257 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H *CVE-2024-50279 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H * CVE-2024-50279 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2024-50301 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2024-50301 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2024-53074 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2024-53074 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-53208 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-53208 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-53208 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-53208 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-56582 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-56582 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-56582 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-56582 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-56601 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-56601 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-56601 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-56601 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-56605 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-56605 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-56605 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-56605 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Live Patching 15-SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An updatethat solves 11 vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 6.4.0-150600_10_8 fixes several issues. The following security issues were fixed: * CVE-2024-56601: net: inet: do not leave a dangling sk pointer in inet_create() (bsc#1235231). * CVE-2024-50279: dm cache: fix out-of-bounds access to the dirty bitset when resizing (bsc#1233708). * CVE-2024-50301: security/keys: fix slab-out-of-bounds in key_task_permission (bsc#1233680). * CVE-2024-53074: wifi: iwlwifi: mvm: do not leak a link on AP removal (bsc#1235086). * CVE-2024-56582: btrfs: fix use-after-free in btrfs_encoded_read_endio() (bsc#1235129). * CVE-2024-53208: Bluetooth: MGMT: Fix slab-use-after-free Read in set_powered_sync (bsc#1236244). * CVE-2024-50257: netfilter: Fix use-after-free in get_info() (bsc#1233245). * CVE-2024-50127: net: sched: fix use-after-free in taprio_change() (bsc#1232908). * CVE-2024-56605: Bluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create() (bsc#1235062). * CVE-2024-50125: Bluetooth: SCO: Fix UAF on sco_sock_timeout (bsc#1232929). * CVE-2024-50124: Bluetooth: ISO: Fix UAF on iso_sock_timeout (bsc#1232927). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP6 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2025-2070=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP6 (x86_64) * kernel-livepatch-SLE15-SP6-RT_Update_2-debugsource-12-150600.2.1 * kernel-livepatch-6_4_0-150600_10_8-rt-debuginfo-12-150600.2.1 * kernel-livepatch-6_4_0-150600_10_8-rt-12-150600.2.1 ## References: * https://www.suse.com/security/cve/CVE-2024-50124.html * https://www.suse.com/security/cve/CVE-2024-50125.html * https://www.suse.com/security/cve/CVE-2024-50127.html *https://www.suse.com/security/cve/CVE-2024-50257.html * https://www.suse.com/security/cve/CVE-2024-50279.html * https://www.suse.com/security/cve/CVE-2024-50301.html * https://www.suse.com/security/cve/CVE-2024-53074.html * https://www.suse.com/security/cve/CVE-2024-53208.html * https://www.suse.com/security/cve/CVE-2024-56582.html * https://www.suse.com/security/cve/CVE-2024-56601.html * https://www.suse.com/security/cve/CVE-2024-56605.html * https://bugzilla.suse.com/show_bug.cgi?id=1232908 * https://bugzilla.suse.com/show_bug.cgi?id=1232927 * https://bugzilla.suse.com/show_bug.cgi?id=1232929 * https://bugzilla.suse.com/show_bug.cgi?id=1233245 * https://bugzilla.suse.com/show_bug.cgi?id=1233680 * https://bugzilla.suse.com/show_bug.cgi?id=1233708 * https://bugzilla.suse.com/show_bug.cgi?id=1235062 * https://bugzilla.suse.com/show_bug.cgi?id=1235086 * https://bugzilla.suse.com/show_bug.cgi?id=1235129 * https://bugzilla.suse.com/show_bug.cgi?id=1235231 * https://bugzilla.suse.com/show_bug.cgi?id=1236244 . Critical patch released for SUSE Linux Kernel RT resolves key vulnerabilities, enhances system robustness and efficiency.. SUSE, Linux Kernel, Security Update, Important Patch, Real Time Kernel. . LinuxSecurity.com Team

Calendar%202 Jun 24, 2025 SuSE
217

Oracle Linux 9 ELSA-2025-20152 critical: Kernel Security Update

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2025-20152 http://linux.oracle.com/errata/ELSA-2025-20152.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: aarch64: bpftool-5.15.0-306.177.4.el9uek.aarch64.rpm kernel-uek-5.15.0-306.177.4.el9uek.aarch64.rpm kernel-uek-container-5.15.0-306.177.4.el9uek.aarch64.rpm kernel-uek-container-debug-5.15.0-306.177.4.el9uek.aarch64.rpm kernel-uek-core-5.15.0-306.177.4.el9uek.aarch64.rpm kernel-uek-debug-5.15.0-306.177.4.el9uek.aarch64.rpm kernel-uek-debug-core-5.15.0-306.177.4.el9uek.aarch64.rpm kernel-uek-debug-devel-5.15.0-306.177.4.el9uek.aarch64.rpm kernel-uek-debug-modules-5.15.0-306.177.4.el9uek.aarch64.rpm kernel-uek-debug-modules-extra-5.15.0-306.177.4.el9uek.aarch64.rpm kernel-uek-devel-5.15.0-306.177.4.el9uek.aarch64.rpm kernel-uek-doc-5.15.0-306.177.4.el9uek.noarch.rpm kernel-uek-modules-5.15.0-306.177.4.el9uek.aarch64.rpm kernel-uek-modules-extra-5.15.0-306.177.4.el9uek.aarch64.rpm SRPMS: https://oss.oracle.com:443/ol9/SRPMS-updates//kernel-uek-5.15.0-306.177.4.el9uek.src.rpm Related CVEs: CVE-2024-36899 CVE-2024-47687 CVE-2024-47707 CVE-2024-53110 CVE-2024-53124 CVE-2024-53162 CVE-2024-56631 CVE-2024-56672 CVE-2024-57804 Description of changes: [5.15.0-306.177.4.el9uek] - Revert "usb: gadget: u_serial: Disable ep before setting port to null to fix the crash caused by port being null" (Greg Kroah-Hartman) - drm/v3d: Assign job pointer to NULL before signaling the fence (Maíra Canal) - scsi: mpi3mr: Fix corrupt config pages PHY state is switched in sysfs (Ranjan Kumar) [Orabug: 37472354] {CVE-2024-57804} [5.15.0-306.177.3.el9uek] - uek-rpm: Update network stress testing options for embedded2 (Joe Dobosenski) [Orabug: 37530219] - mm, madvise: fix potential workingset node list_lru leaks (Kairui Song) [Orabug: 37464586] - crypto: qat/qat_4xxx - fix off by one in uof_get_name() (Dan Carpenter) [Orabug: 37427536] {CVE-2024-53162} - vdpa/mlx5: Fix error path during device add (Dragos Tatulea) [Orabug: 37296163] - vp_vdpa: fix id_table array not null terminated error (Xiaoguang Wang) [Orabug: 37296163] {CVE-2024-53110} - vdpa/mlx5: Postpone MR deletion (Dragos Tatulea) [Orabug: 37296163] - vdpa/mlx5: Introduce init/destroy for MR resources (Dragos Tatulea) [Orabug: 37296163] - vdpa/mlx5: Rename mr_mtx -> lock (Dragos Tatulea) [Orabug: 37296163] - vdpa/mlx5: Extract mr members in own resource struct (Dragos Tatulea) [Orabug: 37296163] - vdpa/mlx5: Rename function (Dragos Tatulea) [Orabug: 37296163] - vdpa/mlx5: Delete direct MKEYs in parallel (Dragos Tatulea) [Orabug: 37296163] - vdpa/mlx5: Create direct MKEYs in parallel (Dragos Tatulea) [Orabug: 37296163] - vdpa/mlx5: Parallelize VQ suspend/resume for CVQ MQ command (Dragos Tatulea) [Orabug: 37296163] - vdpa/mlx5: Small improvement for change_num_qps() (Dragos Tatulea) [Orabug: 37296163] - vdpa/mlx5: Keep notifiers during suspend but ignore (Dragos Tatulea) [Orabug: 37296163] - vdpa/mlx5: Parallelize device resume (Dragos Tatulea) [Orabug: 37296163] - vdpa/mlx5: Parallelize device suspend (Dragos Tatulea) [Orabug: 37296163] - vdpa/mlx5: Use async API for vq modify commands (Dragos Tatulea) [Orabug: 37296163] - vdpa/mlx5: Use async API for vq query command (Dragos Tatulea) [Orabug: 37296163] - vdpa/mlx5: Introduce async fw command wrapper (Dragos Tatulea) [Orabug: 37296163] - vdpa/mlx5: Introduce error logging function (Dragos Tatulea) [Orabug: 37296163] - net/mlx5: Support throttled commands from async API (Dragos Tatulea) [Orabug: 37296163] - vdpa/mlx5: Add the support of set mac address (Cindy Lu) [Orabug: 37296163] - vdpa_sim_net: Add the support of set mac address (Cindy Lu) [Orabug: 37296163] - vdpa: support set mac address from vdpa tool (Cindy Lu) [Orabug: 37296163] - vdpa/mlx5: Fix invalid mr resource destroy (Dragos Tatulea) [Orabug: 37296163] {CVE-2024-47687} - vdpa/mlx5: Don't enable non-active VQs in .set_vq_ready()(Dragos Tatulea) [Orabug: 37296163] - vdpa/mlx5: Don't reset VQs more than necessary (Dragos Tatulea) [Orabug: 37296163] - vdpa/mlx5: Re-create HW VQs under certain conditions (Dragos Tatulea) [Orabug: 37296163] - vdpa/mlx5: Pre-create hardware VQs at vdpa .dev_add time (Dragos Tatulea) [Orabug: 37296163] - vdpa/mlx5: Use suspend/resume during VQP change (Dragos Tatulea) [Orabug: 37296163] - vdpa/mlx5: Forward error in suspend/resume device (Dragos Tatulea) [Orabug: 37296163] - vdpa/mlx5: Consolidate all VQ modify to Ready to use resume_vq() (Dragos Tatulea) [Orabug: 37296163] - vdpa/mlx5: Add error code for suspend/resume VQ (Dragos Tatulea) [Orabug: 37296163] - vdpa/mlx5: Accept Init -> Ready VQ transition in resume_vq() (Dragos Tatulea) [Orabug: 37296163] - vdpa/mlx5: Allow creation of blank VQs (Dragos Tatulea) [Orabug: 37296163] - vdpa/mlx5: Set mkey modified flags on all VQs (Dragos Tatulea) [Orabug: 37296163] - vdpa/mlx5: Start off rqt_size with max VQPs (Dragos Tatulea) [Orabug: 37296163] - vdpa/mlx5: Set an initial size on the VQ (Dragos Tatulea) [Orabug: 37296163] - vdpa/mlx5: Add support for modifying the VQ features field (Dragos Tatulea) [Orabug: 37296163] - vdpa/mlx5: Add support for modifying the virtio_version VQ field (Dragos Tatulea) [Orabug: 37296163] - vdpa/mlx5: Rename init_mvqs (Dragos Tatulea) [Orabug: 37296163] - vdpa/mlx5: Clear and reinitialize software VQ data on reset (Dragos Tatulea) [Orabug: 37296163] - vdpa/mlx5: Initialize and reset device with one queue pair (Dragos Tatulea) [Orabug: 37296163] - vdpa/mlx5: Remove duplicate suspend code (Dragos Tatulea) [Orabug: 37296163] - vdpa/mlx5: Iterate over active VQs during suspend/resume (Dragos Tatulea) [Orabug: 37296163] - vdpa/mlx5: Drop redundant check in teardown_virtqueues() (Dragos Tatulea) [Orabug: 37296163] - vdpa/mlx5: Drop redundant code (Dragos Tatulea) [Orabug: 37296163] - vdpa/mlx5: Make setup/teardown_vq_resources() symmetrical (Dragos Tatulea) [Orabug: 37296163] - vdpa/mlx5: Clarify meaning thoroughfunction rename (Dragos Tatulea) [Orabug: 37296163] - vhost-vdpa: Remove usage of the deprecated ida_simple_xx() API (Christophe JAILLET) [Orabug: 37296163] - vp_vdpa: don't allocate unused msix vectors (Yuxue Liu) [Orabug: 37296163] - vdpa: Convert sprintf/snprintf to sysfs_emit (Li Zhijian) [Orabug: 37296163] - vp_vdpa: Fix return value check vp_vdpa_request_irq (Yuxue Liu) [Orabug: 37296163] - vhost-vdpa: change ioctl # for VDPA_GET_VRING_SIZE (Michael S. Tsirkin) [Orabug: 37296163] - virtio_vdpa: create vqs with the actual size (Zhu Lingshan) [Orabug: 37296163] - vdpa_sim: implement vdpa_config_ops.get_vq_size for vDPA simulator (Zhu Lingshan) [Orabug: 37296163] - vp_vdpa: implement vdpa_config_ops.get_vq_size (Zhu Lingshan) [Orabug: 37296163] - vDPA: introduce get_vq_size to vdpa_config_ops (Zhu Lingshan) [Orabug: 37296163] - vhost-vdpa: uapi to support reporting per vq size (Zhu Lingshan) [Orabug: 37296163] - vdpa: skip suspend/resume ops if not DRIVER_OK (Steve Sistare) [Orabug: 37296163] - vdpa_sim: reset must not run (Steve Sistare) [Orabug: 37296163] - vdpa: Block vq property changes in DRIVER_OK (Dragos Tatulea) [Orabug: 37296163] - vdpa: Track device suspended state (Dragos Tatulea) [Orabug: 37296163] - vdpa: Remove usage of the deprecated ida_simple_xx() API (Christophe JAILLET) [Orabug: 37296163] - SUNRPC: do not retry on EKEYEXPIRED when user TGT ticket expired (Dai Ngo) [Orabug: 34162493] [5.15.0-306.177.2.el9uek] - LTS version: v5.15.177 (Vijayendra Suman) - Partial revert of xhci: use pm_ptr() instead #ifdef for CONFIG_PM conditionals (Ron Economos) - xhci: use pm_ptr() instead of #ifdef for CONFIG_PM conditionals (Arnd Bergmann) - net: fix data-races around sk-> sk_forward_alloc (Wang Liang) [Orabug: 37388795] {CVE-2024-53124} - scsi: sg: Fix slab-use-after-free read in sg_release() (Suraj Sonawane) [Orabug: 37434117] {CVE-2024-56631} - x86/xen: fix SLS mitigation in xen_hypercall_iret() (Juergen Gross) - nfsd: add list_head nf_gc to struct nfsd_file (Youzhong Yang) - ipv6:avoid possible NULL deref in rt6_uncached_list_flush_dev() (Eric Dumazet) [Orabug: 37200706] {CVE-2024-47707} - vsock/virtio: discard packets if the transport changes (Stefano Garzarella) - blk-cgroup: Fix UAF in blkcg_unpin_online() (Tejun Heo) [Orabug: 37434276] {CVE-2024-56672} - iio: adc: rockchip_saradc: fix information leak in triggered buffer (Javier Carrasco) - iio: imu: inv_icm42600: fix timestamps after suspend if sensor is on (Jean-Baptiste Maneyrol) - iio: imu: inv_icm42600: fix spi burst write not supported (Jean-Baptiste Maneyrol) - drm/i915/fb: Relax clear color alignment to 64 bytes (Ville Syrjälä) - irqchip/gic-v3: Handle CPU_PM_ENTER_FAILED correctly (Yogesh Lal) - gpiolib: cdev: Fix use after free in lineinfo_changed_notify (Zhongqiu Han) [Orabug: 36683269] {CVE-2024-36899} - fs/proc: fix softlockup in __read_vmcore (part 2) (Rik van Riel) - filemap: avoid truncating 64-bit offset to 32 bits (Marco Nelissen) - vsock: prevent null-ptr-deref in vsock_*[has_data|has_space] (Stefano Garzarella) - vsock: reset socket state when de-assigning the transport (Stefano Garzarella) - vsock/virtio: cancel close work in the destructor (Stefano Garzarella) - net: ethernet: xgbe: re-add aneg to supported features in PHY quirks (Heiner Kallweit) - nvmet: propagate npwg topology (Luis Chamberlain) - poll_wait: add mb() to fix theoretical race between waitqueue_active() and .poll() (Oleg Nesterov) - ACPI: resource: acpi_dev_irq_override(): Check DMI match last (Hans de Goede) - kheaders: Ignore silly-rename files (David Howells) - fs: fix missing declaration of init_files (Zhang Kunbo) - hfs: Sanity check the root record (Leo Stone) - mac802154: check local interfaces before deleting sdata list (Lizhi Xu) - i2c: rcar: fix NACK handling when being a target (Wolfram Sang) - i2c: mux: demux-pinctrl: check initial mux selection, too (Wolfram Sang) - drm/v3d: Ensure job pointer is set to NULL after job completion (Maíra Canal) - net/mlx5: Fix RDMA TX steering prio (Patrisious Haddad) - net: xilinx: axienet:Fix IRQ coalescing packet count overflow (Sean Anderson) - nfp: bpf: prevent integer overflow in nfp_bpf_event_output() (Dan Carpenter) - pktgen: Avoid out-of-bounds access in get_imix_entries (Artem Chernyshev) - bpf: Fix bpf_sk_select_reuseport() memory leak (Michal Luczaj) - net: ethernet: ti: cpsw_ale: Fix cpsw_ale_get_field() (Sudheer Kumar Doredla) - phy: usb: Fix clock imbalance for suspend/resume (Justin Chen) - phy: usb: Use slow clock for wake enabled suspend (Justin Chen) - mptcp: fix TCP options overflow. (Paolo Abeni) - mptcp: drop port parameter of mptcp_pm_add_addr_signal (Geliang Tang) - ocfs2: fix slab-use-after-free due to dangling pointer dqi_priv (Dennis Lam) - ocfs2: correct return value of ocfs2_local_free_info() (Joseph Qi) - phy: usb: Toggle the PHY power during init (Justin Chen) - phy: usb: Add "wake on" functionality for newer Synopsis XHCI controllers (Al Cooper) - of: address: Preserve the flags portion on 1:1 dma-ranges mapping (Andrea della Porta) - of: address: Store number of bus flag cells rather than bool (Rob Herring) - of: address: Remove duplicated functions (Herve Codina) - of: address: Fix address translation when address-size is greater than 2 (Herve Codina) - of/address: Add support for 3 address cell bus (Rob Herring) - of: unittest: Add bus address range parsing tests (Rob Herring) - arm64: dts: rockchip: add hevc power domain clock to rk3328 (Peter Geis) - block, bfq: fix waker_bfqq UAF after bfq_split_bfqq() (Yu Kuai) - iio: adc: ad7124: Disable all channels at probe time (Uwe Kleine-König) - iio: inkern: call iio_device_put() only on mapped devices (Joe Hattori) - iio: adc: at91: call input_free_device() on allocated iio_dev (Joe Hattori) - iio: adc: ti-ads124s08: Use gpiod_set_value_cansleep() (Fabio Estevam) - iio: gyro: fxas21002c: Fix missing data update in trigger handler (Carlos Song) - iio: adc: ti-ads8688: fix information leak in triggered buffer (Javier Carrasco) - iio: imu: kmx61: fix information leak in triggered buffer (Javier Carrasco) - iio: light:vcnl4035: fix information leak in triggered buffer (Javier Carrasco) - iio: dummy: iio_simply_dummy_buffer: fix information leak in triggered buffer (Javier Carrasco) - iio: pressure: zpa2326: fix information leak in triggered buffer (Javier Carrasco) - usb: gadget: f_fs: Remove WARN_ON in functionfs_bind (Akash M) - usb: gadget: f_uac2: Fix incorrect setting of bNumEndpoints (Prashanth K) - usb: fix reference leak in usb_new_device() (Ma Ke) - USB: core: Disable LPM only for non-suspended ports (Kai-Heng Feng) - USB: usblp: return error when setting unsupported protocol (Jun Yan) - usb: gadget: u_serial: Disable ep before setting port to null to fix the crash caused by port being null (Lianqin Hu) - topology: Keep the cpumask unchanged when printing cpumap (Li Huafei) - usb: dwc3: gadget: fix writing NYET threshold (André Draszik) - USB: serial: cp210x: add Phoenix Contact UPS Device (Johan Hovold) - usb-storage: Add max sectors quirk for Nokia 208 (Lubomir Rintel) - staging: iio: ad9832: Correct phase range check (Zicheng Qu) - staging: iio: ad9834: Correct phase range check (Zicheng Qu) - USB: serial: option: add Neoway N723-EA support (Michal Hrusecky) - USB: serial: option: add MeiG Smart SRM815 (Chukun Pan) - md/raid5: fix atomicity violation in raid5_cache_count (Gui-Dong Han) - scripts/sorttable: fix orc_sort_cmp() to maintain symmetry and transitivity (Kuan-Wei Chiu) - drm/amd/display: increase MAX_SURFACES to the value supported by hw (Melissa Wen) - ACPI: resource: Add Asus Vivobook X1504VAP to irq1_level_low_skip_override[] (Hans de Goede) - ACPI: resource: Add TongFang GM5HG0A to irq1_edge_low_force_override[] (Hans de Goede) - riscv: Fix sleeping in invalid context in die() (Nam Cao) - drm/amd/display: Add check for granularity in dml ceil/floor helpers (Roman Li) - sctp: sysctl: plpmtud_probe_interval: avoid using current-> nsproxy (Matthieu Baerts (NGI0)) - sctp: sysctl: udp_port: avoid using current-> nsproxy (Matthieu Baerts (NGI0)) - sctp: sysctl: auth_enable: avoid using current-> nsproxy(Matthieu Baerts (NGI0)) - sctp: sysctl: rto_min/max: avoid using current-> nsproxy (Matthieu Baerts (NGI0)) - sctp: sysctl: cookie_hmac_alg: avoid using current-> nsproxy (Matthieu Baerts (NGI0)) - dm-ebs: don't set the flag DM_TARGET_PASSES_INTEGRITY (Mikulas Patocka) - dm thin: make get_first_thin use rcu-safe list first function (Krister Johansen) - afs: Fix the maximum cell name length (David Howells) - ksmbd: fix a missing return value check bug (Wentao Liang) - drm/mediatek: Add support for 180-degree rotation in the display driver (Jason-JH.Lin) - netfilter: conntrack: clamp maximum hashtable size to INT_MAX (Pablo Neira Ayuso) - netfilter: nf_tables: imbalance in flowtable binding (Pablo Neira Ayuso) - tls: Fix tls_sw_sendmsg error handling (Benjamin Coddington) - cxgb4: Avoid removal of uninserted tid (Anumula Murali Mohan Reddy) - bnxt_en: Fix possible memory leak when hwrm_req_replace fails (Kalesh AP) - net_sched: cls_flow: validate TCA_FLOW_RSHIFT attribute (Eric Dumazet) - tcp/dccp: allow a connection when sk_max_ack_backlog is zero (Zhongqiu Duan) - tcp/dccp: complete lockless accesses to sk-> sk_max_ack_backlog (Jason Xing) - net: 802: LLC+SNAP OID:PID lookup on start of skb data (Antonio Pastor) - ieee802154: ca8210: Add missing check for kfifo_alloc() in ca8210_probe() (Keisuke Nishimura) - ASoC: mediatek: disable buffer pre-allocation (Chen-Yu Tsai) - exfat: fix the infinite loop in __exfat_free_cluster() (Yuezhang Mo) - exfat: fix the infinite loop in exfat_readdir() (Yuezhang Mo) - dm array: fix cursor index when skipping across block boundaries (Ming-Hung Tsai) - dm array: fix unreleased btree blocks on closing a faulty array cursor (Ming-Hung Tsai) - dm array: fix releasing a faulty array block twice in dm_array_cursor_end (Ming-Hung Tsai) - jbd2: flush filesystem device before updating tail sequence (Zhang Yi) - ceph: give up on paths longer than PATH_MAX (Max Kellermann) [5.15.0-306.176.1.el9uek] - mm/page_alloc: fix min_free_kbytes calculation regarding ZONE_MOVABLE (liuq) [Orabug:37503579] - mm: Limit warning message in vmemmap_verify() to once (Ma Wupeng) [Orabug: 37503579] - assoc_array: fix the return value in assoc_array_insert_mid_shortcut() (Roman Smirnov) [Orabug: 37503579] - assoc_array: Avoid open coded arithmetic in allocator arguments (Len Baker) [Orabug: 37503579] - mm/page_alloc: use accumulated load when building node fallback list (Krupa Ramakrishnan) [Orabug: 37503525] - mm/page_alloc: print node fallback order (Bharata B Rao) [Orabug: 37503525] - PCI: Support BAR sizes up to 8TB (Dongdong Liu) [Orabug: 37503525] - uek-rpm: Enable USB_XHCI_PCI_RENESAS as a module for aarch64 platforms (Harshit Mogalapalli) [Orabug: 37552080] - cifs: use correct lock type in cifs_reconnect() (Paulo Alcantara) [Orabug: 37535421] - cifs: fix NULL ptr dereference in refresh_mounts() (Paulo Alcantara) [Orabug: 37535421] _______________________________________________ El-errata mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. https://oss.oracle.com/mailman/listinfo/el-errata . Oracle Linux Security Notice ELSA-2025-20153 announces essential kernel enhancements that tackle significant vulnerabilities.. Oracle Linux Security Advisory, kernel updates, ELSA-2025-20152, important security updates. . LinuxSecurity.com Team

Calendar%202 Mar 11, 2025 Oracle
100

SUSE 16.74: SUSE-CU-2023:4336-1 moderate: 389-DS update

The container suse/389-ds was updated. The following patches have been included in this update:. SUSE Container Update Advisory: suse/389-ds ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4336-1 Container Tags : suse/389-ds:2.2 , suse/389-ds:2.2-16.74 , suse/389-ds:latest Container Release : 16.74 Severity : moderate Type : security References : 1030253 1095425 1103893 1112183 1146907 1158955 1159131 1161007 1162882 1166844 1167603 1182252 1182645 1192935 1193951 1217354 1217479 354372 437293 824262 CVE-2020-10531 CVE-2020-21913 ----------------------------------------------------------------- The container suse/389-ds was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3563-1 Released: Fri Sep 8 15:28:17 2023 Summary: Security update for icu73_2 Type: security Severity: moderate References: 1030253,1095425,1103893,1112183,1146907,1158955,1159131,1161007,1162882,1166844,1167603,1182252,1182645,1192935,1193951,354372,437293,824262,CVE-2020-10531,CVE-2020-21913 This update for icu73_2 fixes the following issues: - Update to release 73.2 * CLDR extends the support for “short” Chinese sort orders to cover some additional, required characters for Level 2. This is carried over into ICU collation. * ICU has a modified character conversion table, mapping some GB18030 characters to Unicode characters that were encoded after GB18030-2005. - fixes builds where UCHAR_TYPE is re-defined such as libqt5-qtwebengine - Update to release 73.1 * Improved Japanese and Korean short-text line breaking * Reduction of C++ memory use in date formatting - Update to release 72.1 * Support for Unicode 15, including new characters, scripts, emoji, and corresponding API constants. * Support for CLDR 42 localedata with various additions and corrections. * Shift to tzdb 2022e. Pre-1970 data for a number of timezones has been removed. - bump library packagename to libicu71 to match the version. - update to 71.1: * updates to CLDR 41 locale data with various additions and corrections. * phrase-based line breaking for Japanese. Existing line breaking methods follow standards and conventions for body text but do not work well for short Japanese text, such as in titles and headings. This new feature is optimized for these use cases. * support for Hindi written in Latin letters (hi_Latn). The CLDR data for this increasingly popular locale has been significantly revised and expanded. Note that based on user expectations, hi_Latn incorporates a large amount of English, and can also be referred to as “Hinglish”. * time zone data updated to version 2022a. Note that pre-1970 data for a number of time zones has been removed, as has been the case in the upstream tzdata release since 2021b. - ICU-21793 Fix ucptrietest golden diff [bsc#1192935] - Update to release 70.1: * Unicode 14 (new characters, scripts, emoji, and API constants) * CLDR 40 (many additions and corrections) * Fixes for measurement unit formatting * Can now be built with up to C++20 compilers - ICU-21613 Fix undefined behaviour in ComplexUnitsConverter::applyRounder - Update to release 69.1 * CLDR 39 * For Norwegian, 'no' is back to being the canonical code, with 'nb' treated as equivalent. This aligns handling of Norwegian with other macro language codes. * Binary prefixes in measurement units (KiB, MiB, etc.) * Time zone offsets from local time: New APIs BasicTimeZone::getOffsetFromLocal() (C++) and ucal_getTimeZoneOffsetFromLocal() - Backport ICU-21366 (bsc#1182645) - Update to release 68.2 * Fix memory problem in FormattedStringBuilder * Fix assertion when setKeywordValue w/ long value. * Fix UBSan breakage on 8bit of rbbi * fix int32_t overflow inlistFormat * Fix memory handling in MemoryPool::operator=() * Fix memory leak in AliasReplacer - Add back icu.keyring, see https://unicode-org.atlassian.net/browse/ICU-21361 - Update to release 68.1 * CLDR 38 * Measurement unit preferences * PluralRules selection for ranges of numbers * Locale ID canonicalization now conforms to the CLDR spec including edge cases * DateIntervalFormat supports output options such as capitalization * Measurement units are normalized in skeleton string output * Time zone data (tzdata) version 2020d - Add the provides for libicu to Make .Net core can install successfully. (bsc#1167603, bsc#1161007) - Update to version 67.1 * Unicode 13 (ICU-20893, same as in ICU 66) + Total of 5930 new characters + 4 new scripts + 55 new emoji characters, plus additional new sequences + New CJK extension, first characters in plane 3: U+30000..U+3134A * CLDR 37 + New language at Modern coverage: Nigerian Pidgin + New languages at Basic coverage: Fulah (Adlam), Maithili, Manipuri, Santali, Sindhi (Devanagari), Sundanese + Region containment: EU no longer includes GB + Unicode 13 root collation data and Chinese data for collation and transliteration * DateTimePatternGenerator now obeys the 'hc' preference in the locale identifier (ICU-20442) * Various other improvements for ECMA-402 conformance * Number skeletons have a new 'concise' form that can be used in MessageFormat strings (ICU-20418) * Currency formatting options for formal and other currency display name variants (ICU-20854) * ListFormatter: new public API to select the style & type (ICU-12863) * ListFormatter now selects the proper “and”/“or” form for Spanish & Hebrew (ICU-21016) * Locale ID canonicalization upgraded to implement the complete CLDR spec (ICU-20834, ICU-20272) * LocaleMatcher: New option to ignore one-way matches (ICU-20936), and other tweaks to the code (ICU-20916, ICU-20917) and data (from CLDR) *acceptLanguage() reimplemented via LocaleMatcher (ICU-20700) * Data build tool: tzdbNames.res moved from the 'zone_tree' category to the 'zone_supplemental' category (ICU-21073) * Fixed uses of u8'literals' broken by the C++20 introduction of the incompatible char8_t type (ICU-20972), * and added a few API overloads to reduce the need for reinterpret_cast (ICU-20984). * Support for manipulating CLDR 37 unit identifiers in MeasureUnit. * Fix potential integer overflow in UnicodeString:doAppend (bsc#1166844, CVE-2020-10531). - Update to version 66.1 * Unicode 13 support * Fix uses of u8'literals' broken by C++20 introduction of incompatible char8_t type. (ICU-20972) * use LocalMemory for cmd to prevent use after free (bsc#1193951 CVE-2020-21913). - Remove /usr/lib(64)/icu/current [bsc#1158955]. - Update to release 65.1 (jsc#SLE-11118). * Updated to CLDR 36 locale data with many additions and corrections, and some new measurement units. * The Java LocaleMatcher API is improved, and ported to C++. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4970-1 Released: Mon Dec 25 09:48:21 2023 Summary: Recommended update for icu73_2 Type: recommended Severity: moderate References: 1217354,1217479 This update for icu73_2 fixes the following issue: - ships 32bit icu library on SLES 15 SP3 to complement the ICU 69 32bit libraries. The following package changes have been done: - libicu73_2-ledata-73.2-150000.1.7.1 added - libicu73_2-73.2-150000.1.7.1 added - libsvrcore0-2.2.8~git51.3688d68-150500.3.14.1 updated - lib389-2.2.8~git51.3688d68-150500.3.14.1 updated - 389-ds-2.2.8~git51.3688d68-150500.3.14.1 updated - libicu-suse65_1-65.1-150200.4.10.1 removed - libicu65_1-ledata-65.1-150200.4.10.1 removed . The Red Hat notice for rhel/ldap-server highlights severe security flaws requiring immediate measures to mitigate threats.. SUSE Container Update, SUSE 389-DS, Security Patches, Software Maintenance. . LinuxSecurity.com Team

Calendar%202 Dec 30, 2023 SuSE
100

SUSE: 2023:4168-1 important: suse/sle15 container security update

The container suse/sle15 was updated. The following patches have been included in this update:. SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4168-1 Container Tags : bci/bci-base:15.5 , bci/bci-base:15.5.36.5.66 , suse/sle15:15.5 , suse/sle15:15.5.36.5.66 Container Release : 36.5.66 Severity : important Type : security References : 1212475 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4807-1 Released: Wed Dec 13 18:07:37 2023 Summary: Security update for container-suseconnect Type: security Severity: important References: 1212475 This update of container-suseconnect fixes the following issues: - rebuild the package with the go 1.21 security release (bsc#1212475). The following package changes have been done: - container-suseconnect-2.4.0-150000.4.46.1 updated . An updated image has been launched to address severe security flaws in suse/sle15, providing essential patching measures; implement these changes immediately.. SUSE Container Update, Security Patch, Advisory ID. . LinuxSecurity.com Team

Calendar%202 Dec 14, 2023 SuSE
100

SUSE: 2023:3767-1 Important: Bci/Dotnet-Runtime Security Advisory

The container bci/dotnet-runtime was updated. The following patches have been included in this update:. SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3767-1 Container Tags : bci/dotnet-runtime:6.0 , bci/dotnet-runtime:6.0-16.10 , bci/dotnet-runtime:6.0.24 , bci/dotnet-runtime:6.0.24-16.10 Container Release : 16.10 Severity : important Type : security References : 1206480 1206684 1210557 1211427 1212101 1213915 1214052 1214460 1215427 1216664 CVE-2023-4039 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4458-1 Released: Thu Nov 16 14:38:48 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,1215427,1216664,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc-13, CXX=g++-13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issueson aarch64 with variable length stack allocations. (bsc#1214052) - Work around third party app crash during C++ standard library initialization. [bsc#1216664] - Fixed that GCC13 fails to compile some packages with error: unrecognizable insn (bsc#1215427) - Bump included newlib to version 4.3.0. - Update to GCC trunk head (r13-5254-g05b9868b182bb9) - Redo floatn fixinclude pick-up to simply keep what is there. - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN crosscompiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. The following package changes have been done: - libgcc_s1-13.2.1+git7813-150000.1.6.1 updated - libstdc++6-13.2.1+git7813-150000.1.6.1 updated - container:sles15-image-15.0.0-36.5.54 updated . The latest SUSE container advisory for bci/dotnet-runtime addresses critical security vulnerabilities fixed via gcc13 updates, stressing the need for updated software to prevent threats. SUSE Container Update, Bci/Dotnet-Runtime, gcc Security Fix. . LinuxSecurity.com Team

Calendar%202 Nov 18, 2023 SuSE
100

SUSE: 2023:3758-1 Important Security Update for bci/rust Container

The container bci/rust was updated. The following patches have been included in this update:. SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3758-1 Container Tags : bci/rust:1.72 , bci/rust:1.72-2.2.23 , bci/rust:oldstable , bci/rust:oldstable-2.2.23 Container Release : 2.23 Severity : important Type : security References : 1206480 1206684 1210557 1211427 1212101 1213915 1214052 1214460 1215427 1216664 CVE-2023-4039 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4458-1 Released: Thu Nov 16 14:38:48 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,1215427,1216664,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc-13, CXX=g++-13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Work around third party app crash during C++ standard library initialization. [bsc#1216664] - Fixed that GCC13 fails to compile some packages with error: unrecognizable insn (bsc#1215427) - Bump included newlib to version 4.3.0. - Update to GCC trunk head (r13-5254-g05b9868b182bb9) - Redo floatn fixinclude pick-up to simply keep what is there. - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 -Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. The following package changes have been done: - libgcc_s1-13.2.1+git7813-150000.1.6.1 updated - libstdc++6-13.2.1+git7813-150000.1.6.1 updated - libasan8-13.2.1+git7813-150000.1.6.1 updated - libatomic1-13.2.1+git7813-150000.1.6.1 updated - libgomp1-13.2.1+git7813-150000.1.6.1 updated - libitm1-13.2.1+git7813-150000.1.6.1 updated - liblsan0-13.2.1+git7813-150000.1.6.1 updated - libtsan2-13.2.1+git7813-150000.1.6.1 updated - libubsan1-13.2.1+git7813-150000.1.6.1 updated - container:sles15-image-15.0.0-36.5.54 updated . A crucial security patch has been rolled out for the SUSE bci/rust container, tackling severe vulnerabilities and reinforcing overall system reliability.. SUSE Containers,bci rust,security update,container advisory. . LinuxSecurity.com Team

Calendar%202 Nov 17, 2023 SuSE
100

SUSE: 2023:3750-1 Important: suse/pcp Container Security Update

The container suse/pcp was updated. The following patches have been included in this update:. SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3750-1 Container Tags : suse/pcp:5 , suse/pcp:5-15.58 , suse/pcp:5.2 , suse/pcp:5.2-15.58 , suse/pcp:5.2.5 , suse/pcp:5.2.5-15.58 , suse/pcp:latest Container Release : 15.58 Severity : important Type : security References : 1206480 1206684 1210557 1211427 1212101 1213915 1214052 1214460 1215427 1216664 CVE-2023-4039 ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4458-1 Released: Thu Nov 16 14:38:48 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,1215427,1216664,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc-13, CXX=g++-13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 withvariable length stack allocations. (bsc#1214052) - Work around third party app crash during C++ standard library initialization. [bsc#1216664] - Fixed that GCC13 fails to compile some packages with error: unrecognizable insn (bsc#1215427) - Bump included newlib to version 4.3.0. - Update to GCC trunk head (r13-5254-g05b9868b182bb9) - Redo floatn fixinclude pick-up to simply keep what is there. - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. -Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. The following package changes have been done: - libgcc_s1-13.2.1+git7813-150000.1.6.1 updated - libstdc++6-13.2.1+git7813-150000.1.6.1 updated - container:bci-bci-init-15.5-15.5-10.33 updated . SUSE releases for suse/pcp container vulnerabilities involve critical updates and notices aimed at mitigating detected threats.. suse updates, container security patch, gcc security fixes. . LinuxSecurity.com Team

Calendar%202 Nov 17, 2023 SuSE
100

UBUNTU: 2023:4832-7 Critical: Docker Security Patch for Images

The container suse/nginx was updated. The following patches have been included in this update:. SUSE Container Update Advisory: suse/nginx ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3744-1 Container Tags : suse/nginx:1.21 , suse/nginx:1.21-5.33 , suse/nginx:latest Container Release : 5.33 Severity : important Type : security References : 1206480 1206684 1210557 1211427 1212101 1213915 1214052 1214460 1215427 1216664 CVE-2023-4039 ----------------------------------------------------------------- The container suse/nginx was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4458-1 Released: Thu Nov 16 14:38:48 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,1215427,1216664,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc-13, CXX=g++-13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Workaround third party app crash during C++ standard library initialization. [bsc#1216664] - Fixed that GCC13 fails to compile some packages with error: unrecognizable insn (bsc#1215427) - Bump included newlib to version 4.3.0. - Update to GCC trunk head (r13-5254-g05b9868b182bb9) - Redo floatn fixinclude pick-up to simply keep what is there. - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allowcross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. The following package changes have been done: - libgcc_s1-13.2.1+git7813-150000.1.6.1 updated - libstdc++6-13.2.1+git7813-150000.1.6.1 updated - container:sles15-image-15.0.0-36.5.54 updated . SUSE Container Security Update: suse/apache launched featuring critical fixes for CVE-2023-4082 among other vulnerabilities.. Suse/Nginx, Security Advisory, Important Patches. . LinuxSecurity.com Team

Calendar%202 Nov 17, 2023 SuSE
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":100,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":0,"type":"x","order":2,"pct":0,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200