Stay Vigilant with Timely Linux Security Advisories

security advisoryFedoracritical update

Fedora 39 Advisory 2024-334b3be641 Critical: SELinux Policy Enhancements

New F39 selinux-policy build. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-334b3be641 2024-01-30 04:21:41.500079 -------------------------------------------------------------------------------- Name : selinux-policy Product : Fedora 39 Version : 39.4 Release : 1.fc39 URL : https://github.com/fedora-selinux/selinux-policy Summary : SELinux policy configuration Description : SELinux core policy package. Originally based off of reference policy, the policy has been adjusted to provide support for Fedora. -------------------------------------------------------------------------------- Update Information: New F39 selinux-policy build -------------------------------------------------------------------------------- ChangeLog: * Thu Jan 25 2024 Zdenek Pytela - 39.4-1 - Allow collectd read raw fixed disk device - Allow collectd read udev pid files - Allow httpd work with PrivateTmp - Allow certmonger read network sysctls - Allow systemd-sleep set attributes of efivarfs files - Allow spamd_update_t the sys_ptrace capability in user namespace - Allow alsa get attributes filesystems with extended attributes - Allow systemd-sleep send a message to syslog over a unix dgram socket -------------------------------------------------------------------------------- References: [ 1 ] Bug #2249960 - SELinux is preventing rm from getattr access on the filesystem /. https://bugzilla.redhat.com/show_bug.cgi?id=2249960 [ 2 ] Bug #2252484 - avc denials policykit_auth_t policykit_t spamd_update_t Fedora 39 https://bugzilla.redhat.com/show_bug.cgi?id=2252484 [ 3 ] Bug #2255693 - SELinux is preventing systemd-sleep from setattr access on the file /sys/firmware/efi/efivars/HibernateLocation-8cf2644b-4b0b-428f-9387-6d876050dc67. https://bugzilla.redhat.com/show_bug.cgi?id=2255693 [ 4 ] Bug #2258637 - [selinux] systemd cannot flush the privatetmp cache usedby php-fpm https://bugzilla.redhat.com/show_bug.cgi?id=2258637 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-334b3be641' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ Do not reply to spam, report it: . The Fedora 39 update brings an upgraded SELinux policy build, boosting both security measures and system capabilities.. Fedora Security Advisory, SELinux Policy Update, Systemd Enhancements. . Severity: Critical. LinuxSecurity.com Team

Jan 30, 2024 •Critical Fedora

security advisorysecurity issuekernel update

Fedora 38 FEDORA-2023-15deb2e32a critical kernel update overview of fixes

The 6.6.3 stable kernel update contains a number of important fixes across the tree.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2023-15deb2e32a 2023-12-04 01:50:38.988373 -------------------------------------------------------------------------------- Name : kernel Product : Fedora 38 Version : 6.6.3 Release : 100.fc38 URL : https://www.kernel.org/ Summary : The Linux kernel Description : The kernel meta package -------------------------------------------------------------------------------- Update Information: The 6.6.3 stable kernel update contains a number of important fixes across the tree. -------------------------------------------------------------------------------- ChangeLog: * Tue Nov 28 2023 Justin M. Forbes [6.6.3-0] - Add BugsFixed for 6.6.3 (Justin M. Forbes) - Update BugsFixed (Justin M. Forbes) - Turn on USB_DWC3 for Fedora (rhbz 2250955) (Justin M. Forbes) - Revert "netfilter: nf_tables: remove catchall element in GC sync path" (Justin M. Forbes) - More BugsFixed (Justin M. Forbes) - netfilter: nf_tables: remove catchall element in GC sync path (Pablo Neira Ayuso) - frop the build number back to 200 for fedora-srpm.sh (Justin M. Forbes) - ACPI: video: Use acpi_device_fix_up_power_children() (Hans de Goede) - ACPI: PM: Add acpi_device_fix_up_power_children() function (Hans de Goede) - Linux v6.6.3 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2250105 - CVE-2023-6111 kernel: netfilter: use-after-free when removing catchall element in GC sync path https://bugzilla.redhat.com/show_bug.cgi?id=2250105 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-15deb2e32a' at the command line. For more information, refer to the dnf documentation availableat https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ Do not reply to spam, report it: . A crucial kernel update for Fedora 38 brings critical fixes ensuring system stability and performance enhancements.. Fedora Kernel Update, Kernel Fixes, System Stability, Software Improvements. . Severity: Critical. LinuxSecurity.com Team

Dec 04, 2023 •Critical Fedora

security advisoryupdatebug fix

Rocky Linux 9 RLSA-2022:8057 Important Grafana Security Fix Overview

Important: grafana security, bug fix, and enhancement update. {"type":"TYPE_SECURITY","shortCode":"RL","name":"RLSA-2022:8057","synopsis":"Important: grafana security, bug fix, and enhancement update","severity":"SEVERITY_IMPORTANT","topic":"An update for grafana is now available for Rocky Linux 9.\nRocky Enterprise Software Foundation Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.","description":"Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. \nThe following packages have been upgraded to a later upstream version: grafana (7.5.15). (BZ#2055349)\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\nAdditional Changes:\nFor detailed information on changes in this release, see the Rocky Linux 9.1 Release Notes linked from the References section.","solution":null,"affectedProducts":["Rocky Linux 8"],"fixes":[{"ticket":"2044628","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2044628","description":"CVE-2022-21673 grafana: Forward OAuth Identity Token can allow users to access some data sources"},{"ticket":"2045880","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2045880","description":"CVE-2022-21698 prometheus\/client_golang: Denial of service using InstrumentHandlerCounter"},{"ticket":"2050648","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2050648","description":"CVE-2022-21702 grafana: XSS vulnerability in data source handling"},{"ticket":"2050742","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2050742","description":"CVE-2022-21703 grafana: CSRF vulnerability can leadto privilege escalation"},{"ticket":"2050743","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2050743","description":"CVE-2022-21713 grafana: IDOR vulnerability can lead to information disclosure"},{"ticket":"2055349","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2055349","description":"Rebase of Grafana in RHEL 9.1"},{"ticket":"2065290","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2065290","description":"CVE-2021-23648 sanitize-url: XSS due to improper sanitization in sanitizeUrl function"},{"ticket":"2104367","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2104367","description":"CVE-2022-31107 grafana: OAuth account takeover"},{"ticket":"2107342","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2107342","description":"CVE-2022-30631 golang: compress\/gzip: stack exhaustion in Reader.Read"},{"ticket":"2107371","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2107371","description":"CVE-2022-30630 golang: io\/fs: stack exhaustion in Glob"},{"ticket":"2107374","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2107374","description":"CVE-2022-1705 golang: net\/http: improper sanitization of Transfer-Encoding header"},{"ticket":"2107376","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2107376","description":"CVE-2022-1962 golang: go\/parser: stack exhaustion in all Parse* functions"},{"ticket":"2107383","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2107383","description":"CVE-2022-32148 golang: net\/http\/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working"},{"ticket":"2107386","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2107386","description":"CVE-2022-30632 golang: path\/filepath: stack exhaustion in Glob"},{"ticket":"2107388","sourceBy":"RedHat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2107388","description":"CVE-2022-30635 golang: encoding\/gob: stack exhaustion in Decoder.Decode"},{"ticket":"2107390","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2107390","description":"CVE-2022-28131 golang: encoding\/xml: stack exhaustion in Decoder.Skip"},{"ticket":"2107392","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2107392","description":"CVE-2022-30633 golang: encoding\/xml: stack exhaustion in Unmarshal"}],"cves":[{"name":"CVE-2022-1705","sourceBy":"Red Hat","sourceLink":"https:\/\/access.redhat.com\/hydra\/rest\/securitydata\/cve\/CVE-2022-1705.json","cvss3ScoringVector":"CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:L\/I:L\/A:N","cvss3BaseScore":"6.5","cwe":""},{"name":"CVE-2022-1962","sourceBy":"Red Hat","sourceLink":"https:\/\/access.redhat.com\/hydra\/rest\/securitydata\/cve\/CVE-2022-1962.json","cvss3ScoringVector":"CVSS:3.1\/AV:L\/AC:L\/PR:L\/UI:N\/S:U\/C:N\/I:N\/A:H","cvss3BaseScore":"5.5","cwe":"CWE-1325"},{"name":"CVE-2022-21698","sourceBy":"Red Hat","sourceLink":"https:\/\/access.redhat.com\/hydra\/rest\/securitydata\/cve\/CVE-2022-21698.json","cvss3ScoringVector":"CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:N\/I:N\/A:H","cvss3BaseScore":"7.5","cwe":"CWE-772"},{"name":"CVE-2022-28131","sourceBy":"Red Hat","sourceLink":"https:\/\/access.redhat.com\/hydra\/rest\/securitydata\/cve\/CVE-2022-28131.json","cvss3ScoringVector":"CVSS:3.1\/AV:L\/AC:L\/PR:N\/UI:N\/S:U\/C:L\/I:L\/A:H","cvss3BaseScore":"7.3","cwe":"CWE-1325"},{"name":"CVE-2022-30630","sourceBy":"Red Hat","sourceLink":"https:\/\/access.redhat.com\/hydra\/rest\/securitydata\/cve\/CVE-2022-30630.json","cvss3ScoringVector":"CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:N\/I:N\/A:H","cvss3BaseScore":"7.5","cwe":"CWE-1325"},{"name":"CVE-2022-30631","sourceBy":"RedHat","sourceLink":"https:\/\/access.redhat.com\/hydra\/rest\/securitydata\/cve\/CVE-2022-30631.json","cvss3ScoringVector":"CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:N\/I:N\/A:H","cvss3BaseScore":"7.5","cwe":"CWE-1325"},{"name":"CVE-2022-30632","sourceBy":"Red Hat","sourceLink":"https:\/\/access.redhat.com\/hydra\/rest\/securitydata\/cve\/CVE-2022-30632.json","cvss3ScoringVector":"CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:N\/I:N\/A:H","cvss3BaseScore":"7.5","cwe":"CWE-1325"},{"name":"CVE-2022-30633","sourceBy":"Red Hat","sourceLink":"https:\/\/access.redhat.com\/hydra\/rest\/securitydata\/cve\/CVE-2022-30633.json","cvss3ScoringVector":"CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:N\/I:N\/A:H","cvss3BaseScore":"7.5","cwe":"CWE-1325"},{"name":"CVE-2022-30635","sourceBy":"Red Hat","sourceLink":"https:\/\/access.redhat.com\/hydra\/rest\/securitydata\/cve\/CVE-2022-30635.json","cvss3ScoringVector":"CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:N\/I:N\/A:H","cvss3BaseScore":"7.5","cwe":"CWE-1325"},{"name":"CVE-2022-32148","sourceBy":"Red Hat","sourceLink":"https:\/\/access.redhat.com\/hydra\/rest\/securitydata\/cve\/CVE-2022-32148.json","cvss3ScoringVector":"CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:L\/I:N\/A:N","cvss3BaseScore":"5.3","cwe":""}],"references":[],"publishedAt":"2023-01-30T05:27:10.028150Z","rpms":{},"rebootSuggested":false,"buildReferences":[]}. A Grafana security patch has been released for Rocky Linux 9, addressing critical vulnerabilities and enhancing system integrity against threats. Grafana Security Update, Rocky Linux Patches, Important Security Fixes. . Severity: Important. LinuxSecurity.com Team

Jan 30, 2023 •Important Rocky Linux

security advisorydenial of servicekernel update

SUSE 15-SP4: 2022:3844-1 Important: Kernel Denial of Service Fix

An update that solves 15 vulnerabilities, contains 12 features and has 33 fixes is now available. . SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3844-1 Rating: important References: #1185032 #1190497 #1194023 #1194869 #1195917 #1196444 #1196869 #1197659 #1198189 #1200288 #1200622 #1201309 #1201310 #1201987 #1202095 #1202960 #1203039 #1203066 #1203101 #1203197 #1203263 #1203338 #1203360 #1203361 #1203389 #1203410 #1203505 #1203552 #1203664 #1203693 #1203699 #1203767 #1203769 #1203770 #1203794 #1203798 #1203893 #1203902 #1203906 #1203908 #1203935 #1203939 #1203987 #1203992 #1204051 #1204059 #1204060 #1204125 PED-387 PED-529 PED-652 PED-664 PED-682 PED-688 PED-720 PED-729 PED-755 PED-763 SLE-19924 SLE-24814 Cross-References: CVE-2022-1263 CVE-2022-2586 CVE-2022-3202 CVE-2022-32296 CVE-2022-3239 CVE-2022-3303 CVE-2022-39189 CVE-2022-41218 CVE-2022-41674 CVE-2022-41848 CVE-2022-41849 CVE-2022-42719 CVE-2022-42720 CVE-2022-42721 CVE-2022-42722 CVSS scores: CVE-2022-1263 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-1263 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-2586 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-3202 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2022-3202 (SUSE): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2022-32296 (NVD) : 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2022-32296 (SUSE): 5.3CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-3239 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3239 (SUSE): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-3303 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3303 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2022-39189 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-39189 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-41218 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-41218 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-41674 (NVD) : 8.1 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H CVE-2022-41674 (SUSE): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-41848 (NVD) : 4.2 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-41848 (SUSE): 6.4 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-41849 (NVD) : 4.2 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-41849 (SUSE): 6.3 CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-42719 (NVD) : 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-42719 (SUSE): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-42720 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-42720 (SUSE): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-42721 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42721 (SUSE): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-42722 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42722 (SUSE): 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Availability 15-SP4 SUSE Linux Enterprise High Performance Computing SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Development Tools 15-SP4 SUSE Linux Enterprise Module for Legacy Software 15-SP4 SUSE Linux Enterprise Module for Live Patching 15-SP4 SUSE Linux Enterprise Server SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Workstation Extension 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves 15 vulnerabilities, contains 12 features and has 33 fixes is now available. Description: The SUSE Linux Enterprise 15 SP4 kernel was updated. The following security bugs were fixed: - CVE-2022-3303: Fixed a race condition in the sound subsystem due to improper locking (bnc#1203769). - CVE-2022-41218: Fixed an use-after-free caused by refcount races in drivers/media/dvb-core/dmxdev.c (bnc#1202960). - CVE-2022-3239: Fixed an use-after-free in the video4linux driver that could lead a local user to able to crash the system or escalate their privileges (bnc#1203552). - CVE-2022-41848: Fixed a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA devicewhile calling ioctl (bnc#1203987). - CVE-2022-41849: Fixed a race condition and resultant use-after-free if a physically proximate attacker removes a USB device while calling open (bnc#1203992). - CVE-2022-41674: Fixed a DoS issue where kernel can crash on the reception of specific WiFi Frames (bsc#1203770). - CVE-2022-1263: Fixed a NULL pointer dereference issue was found in KVM when releasing a vCPU with dirty ring support enabled. This flaw allowed an unprivileged local attacker on the host to issue specific ioctl calls, causing a kernel oops condition that results in a denial of service (bnc#1198189). - CVE-2022-32296: Fixed a bug which allowed TCP servers to identify clients by observing what source ports are used (bnc#1200288). - CVE-2022-3202: Fixed a NULL pointer dereference flaw in Journaled File System. This could allow a local attacker to crash the system or leak kernel internal information (bnc#1203389). - CVE-2022-39189: Fixed a bug in the x86 KVM subsystem which allows unprivileged guest users to compromise the guest kernel because TLB flush operations are mishandled (bnc#1203066). - CVE-2022-2586: Fixed a use-after-free which can be triggered when a nft table is deleted (bnc#1202095). - CVE-2022-42722: Fixed crash in beacon protection for P2P-device. (bsc#1204125) - CVE-2022-42719: Fixed MBSSID parsing use-after-free. (bsc#1204051) - CVE-2022-42721: Avoid nontransmitted BSS list corruption. (bsc#1204060) - CVE-2022-42720: Fixed BSS refcounting bugs. (bsc#1204059) The following non-security bugs were fixed: - ACPI / scan: Create platform device for CS35L41 (bsc#1203699). - ACPI: processor idle: Practically limit "Dummy wait" workaround to old Intel systems (bsc#1203767). - ACPI: resource: skip IRQ override on AMD Zen platforms (git-fixes). - ACPI: scan: Add CLSA0101 Laptop Support (bsc#1203699). - ACPI: utils: Add api to read _SUB from ACPI (bsc#1203699). - ALSA:aloop: Fix random zeros in capture data when using jiffies timer (git-fixes). - ALSA: core: Fix double-free at snd_card_new() (git-fixes). - ALSA: cs35l41: Check hw_config before using it (bsc#1203699). - ALSA: cs35l41: Enable Internal Boost in shared lib (bsc#1203699). - ALSA: cs35l41: Move cs35l41_gpio_config to shared lib (bsc#1203699). - ALSA: cs35l41: Unify hardware configuration (bsc#1203699). - ALSA: emu10k1: Fix out of bounds access in snd_emu10k1_pcm_channel_alloc() (git-fixes). - ALSA: hda: add Intel 5 Series / 3400 PCI DID (git-fixes). - ALSA: hda: cs35l41: Add Amp Name based on channel and index (bsc#1203699). - ALSA: hda: cs35l41: Add Boost type flag (bsc#1203699). - ALSA: hda: cs35l41: Add calls to newly added test key function (bsc#1203699). - ALSA: hda: cs35l41: Add defaulted values into dsp bypass config sequence (bsc#1203699). - ALSA: hda: cs35l41: Add initial DSP support and firmware loading (bsc#1203699). - ALSA: hda: cs35l41: Add missing default cases (bsc#1203699). - ALSA: hda: cs35l41: Add module parameter to control firmware load (bsc#1203699). - ALSA: hda: cs35l41: Add support for CS35L41 in HDA systems (bsc#1203699). - ALSA: hda: cs35l41: Add Support for Interrupts (bsc#1203699). - ALSA: hda: cs35l41: Allow compilation test on non-ACPI configurations (bsc#1203699). - ALSA: hda: cs35l41: Always configure the DAI (bsc#1203699). - ALSA: hda: cs35l41: Avoid overwriting register patch (bsc#1203699). - ALSA: hda: cs35l41: Clarify support for CSC3551 without _DSD Properties (bsc#1203699). - ALSA: hda: cs35l41: Consolidate selections under SND_HDA_SCODEC_CS35L41 (bsc#1203699). - ALSA: hda: cs35l41: Do not dereference fwnode handle (bsc#1203699). - ALSA: hda: cs35l41: Drop wrong use of ACPI_PTR() (bsc#1203699). - ALSA: hda: cs35l41: Enable GPIO2 Interrupt for CLSA0100 laptops (bsc#1203699). - ALSA: hda: cs35l41: Fix comments wrt serial-multi-instantiate reference (bsc#1203699). - ALSA: hda: cs35l41: fix double free on error in probe() (bsc#1203699). - ALSA: hda: cs35l41: Fix error in spi cs35l41 hda driver name (bsc#1203699). - ALSA: hda: cs35l41: Fix I2S params comments (bsc#1203699). - ALSA: hda: cs35l41: Handle all external boost setups the same way (bsc#1203699). - ALSA: hda: cs35l41: Improve dev_err_probe() messaging (bsc#1203699). - ALSA: hda: cs35l41: Make cs35l41_hda_remove() return void (bsc#1203699). - ALSA: hda: cs35l41: Make use of the helper function dev_err_probe() (bsc#1203699). - ALSA: hda: cs35l41: Move boost config to initialization code (bsc#1203699). - ALSA: hda: cs35l41: Move cs35l41* calls to its own symbol namespace (bsc#1203699). - ALSA: hda: cs35l41: Move external boost handling to lib for ASoC use (bsc#1203699). - ALSA: hda: cs35l41: Mute the device before shutdown (bsc#1203699). - ALSA: hda: cs35l41: Put the device into safe mode for external boost (bsc#1203699). - ALSA: hda: cs35l41: Read Speaker Calibration data from UEFI variables (bsc#1203699). - ALSA: hda: cs35l41: Remove cs35l41_hda_reg_sequence struct (bsc#1203699). - ALSA: hda: cs35l41: Remove Set Channel Map api from binding (bsc#1203699). - ALSA: hda: cs35l41: Reorganize log for playback actions (bsc#1203699). - ALSA: hda: cs35l41: Save codec object inside component struct (bsc#1203699). - ALSA: hda: cs35l41: Save Subsystem ID inside CS35L41 Driver (bsc#1203699). - ALSA: hda: cs35l41: Set Speaker Position for CLSA0100 Laptop (bsc#1203699). - ALSA: hda: cs35l41: Support CLSA0101 (bsc#1203699). - ALSA: hda: cs35l41: Support Firmware switching and reloading (bsc#1203699). - ALSA: hda: cs35l41: Support Hibernation during Suspend (bsc#1203699). - ALSA: hda: cs35l41: Support multiple load paths for firmware (bsc#1203699). - ALSA: hda: cs35l41: Support reading subsystem id from ACPI (bsc#1203699). - ALSA: hda: cs35l41: Support Speaker ID for laptops(bsc#1203699). - ALSA: hda: cs35l41: Tidyup code (bsc#1203699). - ALSA: hda: cs35l41: Use the CS35L41 HDA internal define (bsc#1203699). - ALSA: hda: Fix dependencies of CS35L41 on SPI/I2C buses (bsc#1203699). - ALSA: hda: Fix dependency on ASoC cs35l41 codec (bsc#1203699). - ALSA: hda: Fix hang at HD-audio codec unbinding due to refcount saturation (git-fixes). - ALSA: hda: Fix Nvidia dp infoframe (git-fixes). - ALSA: hda: hda_cs_dsp_ctl: Add apis to write the controls directly (bsc#1203699). - ALSA: hda: hda_cs_dsp_ctl: Add fw id strings (bsc#1203699). - ALSA: hda: hda_cs_dsp_ctl: Add Library to support CS_DSP ALSA controls (bsc#1203699). - ALSA: hda: intel-dsp-config: Add RaptorLake PCI IDs (jsc#PED-720). - ALSA: hda/cs8409: Add new Dolphin HW variants (bsc#1203699). - ALSA: hda/cs8409: Add Speaker Playback Switch for Cyborg (bsc#1203699). - ALSA: hda/cs8409: Add Speaker Playback Switch for Warlock (bsc#1203699). - ALSA: hda/cs8409: change cs8409_fixups v.pins initializers to static (bsc#1203699). - ALSA: hda/cs8409: Disable HSBIAS_SENSE_EN for Cyborg (bsc#1203699). - ALSA: hda/cs8409: Fix Full Scale Volume setting for all variants (bsc#1203699). - ALSA: hda/cs8409: Fix Warlock to use mono mic configuration (bsc#1203699). - ALSA: hda/cs8409: Re-order quirk table into ascending order (bsc#1203699). - ALSA: hda/cs8409: Support manual mode detection for CS42L42 (bsc#1203699). - ALSA: hda/cs8409: Support new Dolphin Variants (bsc#1203699). - ALSA: hda/cs8409: Support new Odin Variants (bsc#1203699). - ALSA: hda/cs8409: Support new Warlock MLK Variants (bsc#1203699). - ALSA: hda/cs8409: Use general cs42l42 include in cs8409 hda driver (bsc#1203699). - ALSA: hda/realtek: Add a quirk for HP OMEN 16 (8902) mute LED (git-fixes). - ALSA: hda/realtek: Add CS35L41 support for Thinkpad laptops (bsc#1203699). - ALSA: hda/realtek: Add mute and micmut LED support for Zbook Fury 17 G9 (bsc#1203699). - ALSA: hda/realtek: Add pincfg for ASUS G513 HP jack (git-fixes). - ALSA: hda/realtek: Add pincfg for ASUS G533Z HP jack (git-fixes). - ALSA: hda/realtek: Add quirk for ASUS GA503R laptop (git-fixes). - ALSA: hda/realtek: Add quirk for HP Zbook Firefly 14 G9 model (bsc#1203699). - ALSA: hda/realtek: Add quirk for Huawei WRT-WX9 (git-fixes). - ALSA: hda/realtek: Add quirk for Lenovo Yoga7 14IAL7 (bsc#1203699). - ALSA: hda/realtek: Add quirks for ASUS Zenbooks using CS35L41 (bsc#1203699). - ALSA: hda/realtek: Add support for HP Laptops (bsc#1203699). - ALSA: hda/realtek: Add support for Legion 7 16ACHg6 laptop (bsc#1203699). - ALSA: hda/realtek: Enable 4-speaker output Dell Precision 5530 laptop (git-fixes). - ALSA: hda/realtek: Enable 4-speaker output Dell Precision 5570 laptop (git-fixes). - ALSA: hda/realtek: Enable mute/micmute LEDs and limit mic boost on EliteBook 845/865 G9 (bsc#1203699). - ALSA: hda/realtek: Enable mute/micmute LEDs support for HP Laptops (bsc#1203699). - ALSA: hda/realtek: Enable speaker and mute LEDs for HP laptops (bsc#1203699). - ALSA: hda/realtek: Fix LED on Zbook Studio G9 (bsc#1203699). - ALSA: hda/realtek: Fix mute led issue on thinkpad with cs35l41 s-codec (bsc#1203699). - ALSA: hda/realtek: More robust component matching for CS35L41 (bsc#1203699). - ALSA: hda/realtek: Re-arrange quirk table entries (git-fixes). - ALSA: hda/sigmatel: Fix unused variable warning for beep power change (git-fixes). - ALSA: hda/tegra: Add Tegra234 hda driver support (git-fixes). - ALSA: hda/tegra: Align BDL entry to 4KB boundary (git-fixes). - ALSA: hda/tegra: set depop delay for tegra (git-fixes). - ALSA: hda/tegra: Update scratch reg. communication (git-fixes). - ALSA: pcm: oss: Fix race at SNDCTL_DSP_SYNC (git-fixes). - ALSA: usb-audio: Fix an out-of-bounds bug in __snd_usb_parse_audio_interface() (git-fixes). - ALSA: usb-audio: Inform the delayedregistration more properly (git-fixes). - ALSA: usb-audio: Register card again for iface over delayed_register option (git-fixes). - ALSA: usb-audio: Split endpoint setups for hw_params and prepare (git-fixes). - ARM: dts: am33xx: Fix MMCHS0 dma properties (git-fixes). - ARM: dts: imx: align SPI NOR node name with dtschema (git-fixes). - ARM: dts: imx6qdl-kontron-samx6i: fix spi-flash compatible (git-fixes). - arm64: dts: qcom: sm8350: fix UFS PHY serdes size (git-fixes). - arm64: dts: rockchip: Fix typo in lisense text for PX30.Core (git-fixes). - arm64: dts: rockchip: Pull up wlan wake# on Gru-Bob (git-fixes). - arm64: dts: rockchip: Remove 'enable-active-low' from rk3399-puma (git-fixes). - arm64: dts: rockchip: Set RK3399-Gru PCLK_EDP to 24 MHz (git-fixes). - arm64: errata: Add Cortex-A510 to the repeat tlbi list (git-fixes) Enable this errata fix configuration option to arm64/default. - arm64: kexec_file: use more system keyrings to verify kernel image signature (bsc#1196444). - arm64: lib: Import latest version of Arm Optimized Routines' strcmp (git-fixes) - arm64: select TRACE_IRQFLAGS_NMI_SUPPORT (git-fixes) - arm64: topology: fix possible overflow in amu_fie_setup() (git-fixes). - ASoC: cs35l41: Add ASP TX3/4 source to register patch (bsc#1203699). - ASoC: cs35l41: Add bindings for CS35L41 (bsc#1203699). - ASoC: cs35l41: Add common cs35l41 enter hibernate function (bsc#1203699). - ASoC: cs35l41: Add cs35l51/53 IDs (bsc#1203699). - ASoC: cs35l41: Add endianness flag in snd_soc_component_driver (bsc#1203699). - ASoC: cs35l41: Add one more variable in the debug log (bsc#1203699). - ASoC: cs35l41: Add one more variable in the debug log (bsc#1203699). - ASoC: cs35l41: Add support for CLSA3541 ACPI device ID (bsc#1203699). - ASoC: cs35l41: Add support for hibernate memory retention mode (bsc#1203699). - ASoC: cs35l41: Binding fixes (bsc#1203699). - ASoC: cs35l41: Change monitor widgets tosiggens (bsc#1203699). - ASoC: cs35l41: Combine adjacent register writes (bsc#1203699). - ASoC: cs35l41: Convert tables to shared source code (bsc#1203699). - ASoC: cs35l41: Correct DSP power down (bsc#1203699). - ASoC: cs35l41: Correct handling of some registers in the cache (bsc#1203699). - ASoC: cs35l41: Correct some control names (bsc#1203699). - ASoC: cs35l41: Create shared function for boost configuration (bsc#1203699). - ASoC: cs35l41: Create shared function for errata patches (bsc#1203699). - ASoC: cs35l41: Create shared function for setting channels (bsc#1203699). - ASoC: cs35l41: CS35L41 Boosted Smart Amplifier (bsc#1203699). - ASoC: cs35l41: Do not overwrite returned error code (bsc#1203699). - ASoC: cs35l41: Do not print error when waking from hibernation (bsc#1203699). - ASoC: cs35l41: Document CS35l41 External Boost (bsc#1203699). - ASoC: cs35l41: DSP Support (bsc#1203699). - ASoC: cs35l41: Fix a bunch of trivial code formating/style issues (bsc#1203699). - ASoC: cs35l41: Fix a shift-out-of-bounds warning found by UBSAN (bsc#1203699). - ASoC: cs35l41: Fix an out-of-bounds access in otp_packed_element_t (bsc#1203699). - ASoC: cs35l41: Fix DSP mbox start command and global enable order (bsc#1203699). - ASoC: cs35l41: Fix GPIO2 configuration (bsc#1203699). - ASoC: cs35l41: Fix link problem (bsc#1203699). - ASoC: cs35l41: Fix max number of TX channels (bsc#1203699). - ASoC: cs35l41: Fix undefined reference to core functions (bsc#1203699). - ASoC: cs35l41: Fix use of an uninitialised variable (bsc#1203699). - ASoC: cs35l41: Fixup the error messages (bsc#1203699). - ASoC: cs35l41: Make cs35l41_remove() return void (bsc#1203699). - ASoC: cs35l41: Move cs_dsp config struct into shared code (bsc#1203699). - ASoC: cs35l41: Move cs35l41 exit hibernate function into shared code (bsc#1203699). - ASoC: cs35l41: Move cs35l41 fs errata into shared code (bsc#1203699). - ASoC: cs35l41: Movecs35l41_otp_unpack to shared code (bsc#1203699). - ASoC: cs35l41: Move cs35l41_set_cspl_mbox_cmd to shared code (bsc#1203699). - ASoC: cs35l41: Move power initializations to reg_sequence (bsc#1203699). - ASoC: cs35l41: Read System Name from ACPI _SUB to identify firmware (bsc#1203699). - ASoC: cs35l41: Remove incorrect comment (bsc#1203699). - ASoC: cs35l41: Remove unnecessary param (bsc#1203699). - ASoC: cs35l41: Set the max SPI speed for the whole device (bsc#1203699). - ASoC: cs35l41: Support external boost (bsc#1203699). - ASoC: cs35l41: Update handling of test key registers (bsc#1203699). - ASoC: cs35l41: Use regmap_read_poll_timeout to wait for OTP boot (bsc#1203699). - ASoC: cs42l42: Add control for audio slow-start switch (bsc#1203699). - ASoC: cs42l42: Add warnings about DETECT_MODE and PLL_START (bsc#1203699). - ASoC: cs42l42: Allow time for HP/ADC to power-up after enable (bsc#1203699). - ASoC: cs42l42: Always enable TS_PLUG and TS_UNPLUG interrupts (bsc#1203699). - ASoC: cs42l42: Change jack_detect_mutex to a lock of all IRQ handling (bsc#1203699). - ASoC: cs42l42: Do not claim to support 192k (bsc#1203699). - ASoC: cs42l42: Do not reconfigure the PLL while it is running (bsc#1203699). - ASoC: cs42l42: Fix WARN in remove() if running without an interrupt (bsc#1203699). - ASoC: cs42l42: free_irq() before powering-down on probe() fail (bsc#1203699). - ASoC: cs42l42: Handle system suspend (bsc#1203699). - ASoC: cs42l42: Implement Manual Type detection as fallback (bsc#1203699). - ASoC: cs42l42: Mark OSC_SWITCH_STATUS register volatile (bsc#1203699). - ASoC: cs42l42: Minor fix all errors reported by checkpatch.pl script (bsc#1203699). - ASoC: cs42l42: Move CS42L42 register descriptions to general include (bsc#1203699). - ASoC: cs42l42: Only report button state if there was a button interrupt (git-fixes). - ASoC: cs42l42: Prevent NULL pointer deref in interrupthandler (bsc#1203699). - ASoC: cs42l42: Remove redundant pll_divout member (bsc#1203699). - ASoC: cs42l42: Remove redundant writes to DETECT_MODE (bsc#1203699). - ASoC: cs42l42: Remove redundant writes to RS_PLUG/RS_UNPLUG masks (bsc#1203699). - ASoC: cs42l42: Remove unused runtime_suspend/runtime_resume callbacks (bsc#1203699). - ASoC: cs42l42: Report full jack status when plug is detected (bsc#1203699). - ASoC: cs42l42: Report initial jack state (bsc#1203699). - ASoC: cs42l42: Reset and power-down on remove() and failed probe() (bsc#1203699). - ASoC: cs42l42: Set correct SRC MCLK (bsc#1203699). - ASoC: cs42l42: Simplify reporting of jack unplug (bsc#1203699). - ASoC: cs42l42: Use PLL for SCLK > 12.288MHz (bsc#1203699). - ASoC: cs42l42: Use two thresholds and increased wait time for manual type detection (bsc#1203699). - ASoC: dt-bindings: cs42l42: Convert binding to yaml (bsc#1203699). - ASoC: imx-card: Fix refcount issue with of_node_put (git-fixes). - ASoC: mchp-spdiftx: Fix clang -Wbitfield-constant-conversion (git-fixes). - ASoC: mchp-spdiftx: remove references to mchp_i2s_caps (git-fixes). - ASoC: nau8824: Fix semaphore unbalance at error paths (git-fixes). - ASoC: qcom: sm8250: add missing module owner (git-fixes). - ASoC: SOF: Intel: pci-tgl: add ADL-PS support (jsc#PED-720). - ASoC: SOF: Intel: pci-tgl: add RPL-P support (jsc#PED-720). - ASoC: SOF: Intel: pci-tgl: add RPL-S support (jsc#PED-652). - ASoC: tas2770: Reinit regcache on reset (git-fixes). - ASoC: wm_adsp: Add support for "toggle" preloaders (bsc#1203699). - ASoC: wm_adsp: Add trace caps to speaker protection FW (bsc#1203699). - ASoC: wm_adsp: Cancel ongoing work when removing controls (bsc#1203699). - ASoC: wm_adsp: Compressed stream DSP memory structs should be __packed (bsc#1203699). - ASoC: wm_adsp: Correct control read size when parsing compressed buffer (bsc#1203699). - ASoC: wm_adsp: Expand firmware loading searchoptions (bsc#1203699). - ASoC: wm_adsp: Fix event for preloader (bsc#1203699). - ASoC: wm_adsp: Introduce cs_dsp logging macros (bsc#1203699). - ASoC: wm_adsp: Make compressed buffers optional (bsc#1203699). - ASoC: wm_adsp: Minor clean and redundant code removal (bsc#1203699). - ASoC: wm_adsp: Move check for control existence (bsc#1203699). - ASoC: wm_adsp: Move check of dsp-> running to better place (bsc#1203699). - ASoC: wm_adsp: move firmware loading to client (bsc#1203699). - ASoC: wm_adsp: Move sys_config_size to wm_adsp (bsc#1203699). - ASoC: wm_adsp: Pass firmware names as parameters when starting DSP core (bsc#1203699). - ASoC: wm_adsp: remove a repeated including (bsc#1203699). - ASoC: wm_adsp: Remove pointless string comparison (bsc#1203699). - ASoC: wm_adsp: Remove the wmfw_add_ctl helper function (bsc#1203699). - ASoC: wm_adsp: Remove use of snd_ctl_elem_type_t (bsc#1203699). - ASoC: wm_adsp: Rename generic DSP support (bsc#1203699). - ASoC: wm_adsp: Separate generic cs_dsp_coeff_ctl handling (bsc#1203699). - ASoC: wm_adsp: Separate some ASoC and generic functions (bsc#1203699). - ASoC: wm_adsp: Separate wm_adsp specifics in cs_dsp_client_ops (bsc#1203699). - ASoC: wm_adsp: Split DSP power operations into helper functions (bsc#1203699). - ASoC: wm_adsp: Split out struct cs_dsp from struct wm_adsp (bsc#1203699). - ASoC: wm_adsp: Switch to using wm_coeff_read_ctrl for compressed buffers (bsc#1203699). - ASoC: wm_adsp: wm_adsp_control_add() error: uninitialized symbol 'ret' (bsc#1203699). - batman-adv: Fix hang up with small MTU hard-interface (git-fixes). - Bluetooth: btusb: mediatek: fix WMT failure during runtime suspend (git-fixes). - Bluetooth: hci_{ldisc,serdev}: check percpu_init_rwsem() failure (git-fixes). - Bluetooth: hci_core: Fix not handling link timeouts propertly (git-fixes). - bnx2x: fix built-in kernel driver load failure (git-fixes). - bnx2x: fix driver load frominitrd (git-fixes). - btrfs: fix relocation crash due to premature return from btrfs_commit_transaction() (bsc#1203360). - btrfs: fix space cache corruption and potential double allocations (bsc#1203361). - can: gs_usb: gs_can_open(): fix race dev-> can.state condition (git-fixes). - can: rx-offload: can_rx_offload_init_queue(): fix typo (git-fixes). - cgroup: Add missing cpus_read_lock() to cgroup_attach_task_all() (bsc#1196869). - cgroup: cgroup_get_from_id() must check the looked-up kn is a directory (bsc#1203906). - cgroup: Fix race condition at rebind_subsystems() (bsc#1203902). - cgroup: Fix threadgroup_rwsem cpus_read_lock() deadlock (bsc#1196869). - clk: bcm: rpi: Prevent out-of-bounds access (git-fixes). - clk: bcm: rpi: Use correct order for the parameters of devm_kcalloc() (git-fixes). - clk: imx: imx6sx: remove the SET_RATE_PARENT flag for QSPI clocks (git-fixes). - clk: ingenic-tcu: Properly enable registers before accessing timers (git-fixes). - clk: iproc: Do not rely on node name for correct PLL setup (git-fixes). - constraints: increase disk space for all architectures References: bsc#1203693 aarch64 is already suffering. SLE15-SP5 x86_64 stats show that it is very close to the limit. - crypto: arm64/gcm - Select AEAD for GHASH_ARM64_CE (git-fixes) - cs-dsp and serial-multi-instantiate enablement (bsc#1203699) - dmaengine: idxd: add helper for per interrupt handle drain (jsc#PED-682). - dmaengine: idxd: add knob for enqcmds retries (jsc#PED-755). - dmaengine: idxd: change MSIX allocation based on per wq activation (jsc#PED-664). - dmaengine: idxd: create locked version of idxd_quiesce() call (jsc#PED-682). - dmaengine: idxd: embed irq_entry in idxd_wq struct (jsc#PED-664). - dmaengine: idxd: fix descriptor flushing locking (jsc#PED-664). - dmaengine: idxd: fix retry value to be constant for duration of function call (git-fixes). - dmaengine: idxd: handleinterrupt handle revoked event (jsc#PED-682). - dmaengine: idxd: handle invalid interrupt handle descriptors (jsc#PED-682). - dmaengine: idxd: int handle management refactoring (jsc#PED-682). - dmaengine: idxd: match type for retries var in idxd_enqcmds() (git-fixes). - dmaengine: idxd: move interrupt handle assignment (jsc#PED-682). - dmaengine: idxd: rework descriptor free path on failure (jsc#PED-682). - dmaengine: idxd: set defaults for wq configs (jsc#PED-688). - dmaengine: idxd: update IAA definitions for user header (jsc#PED-763). - dmaengine: ti: k3-udma-private: Fix refcount leak bug in of_xudma_dev_get() (git-fixes). - docs: i2c: i2c-topology: fix incorrect heading (git-fixes). - dpaa2-ptp: Fix refcount leak in dpaa2_ptp_probe (git-fixes). - drm/amd/amdgpu: fixing read wrong pf2vf data in SRIOV (git-fixes). - drm/amd/amdgpu: skip ucode loading if ucode_size == 0 (git-fixes). - drm/amd/display: Limit user regamma to a valid value (git-fixes). - drm/amd/display: Mark dml30's UseMinimumDCFCLK() as noinline for stack usage (git-fixes). - drm/amd/display: Reduce number of arguments of dml31's CalculateFlipSchedule() (git-fixes). - drm/amd/display: Reduce number of arguments of dml31's CalculateWatermarksAndDRAMSpeedChangeSupport() (git-fixes). - drm/amd/pm: disable BACO entry/exit completely on several sienna cichlid cards (git-fixes). - drm/amdgpu: Check num_gfx_rings for gfx v9_0 rb setup (git-fixes). - drm/amdgpu: do not register a dirty callback for non-atomic (git-fixes). - drm/amdgpu: make sure to init common IP before gmc (git-fixes). - drm/amdgpu: mmVM_L2_CNTL3 register not initialized correctly (git-fixes). - drm/amdgpu: move nbio ih_doorbell_range() into ih code for vega (git-fixes). - drm/amdgpu: move nbio sdma_doorbell_range() into sdma code for vega (git-fixes). - drm/amdgpu: Move psp_xgmi_terminate call from amdgpu_xgmi_remove_device to psp_hw_fini (git-fixes). -drm/amdgpu: Separate vf2pf work item init from virt data exchange (git-fixes). - drm/amdgpu: use dirty framebuffer helper (git-fixes). - drm/bridge: display-connector: implement bus fmts callbacks (git-fixes). - drm/bridge: lt8912b: add vsync hsync (git-fixes). - drm/bridge: lt8912b: fix corrupted image output (git-fixes). - drm/bridge: lt8912b: set hdmi or dvi mode (git-fixes). - drm/gem: Fix GEM handle release errors (git-fixes). - drm/gma500: Fix BUG: sleeping function called from invalid context errors (git-fixes). - drm/i915: Implement WaEdpLinkRateDataReload (git-fixes). - drm/i915: Skip wm/ddb readout for disabled pipes (git-fixes). - drm/i915/glk: ECS Liva Q2 needs GLK HDMI port timing quirk (git-fixes). - drm/i915/gt: Restrict forced preemption to the active context (git-fixes). - drm/mediatek: dsi: Add atomic {destroy,duplicate}_state, reset callbacks (git-fixes). - drm/mediatek: dsi: Move mtk_dsi_stop() call back to mtk_dsi_poweroff() (git-fixes). - drm/meson: Correct OSD1 global alpha value (git-fixes). - drm/meson: Fix OSD1 RGB to YCbCr coefficient (git-fixes). - drm/msm/rd: Fix FIFO-full deadlock (git-fixes). - drm/panel: simple: Fix innolux_g121i1_l01 bus_format (git-fixes). - drm/panfrost: devfreq: set opp to the recommended one to configure regulator (git-fixes). - drm/radeon: add a force flush to delay work when radeon (git-fixes). - drm/rockchip: Fix return type of cdn_dp_connector_mode_valid (git-fixes). - drm/tegra: vic: Fix build warning when CONFIG_PM=n (git-fixes). - dt-bindings: hwmon: (mr75203) fix "intel,vm-map" property to be optional (git-fixes). - EDAC/dmc520: Do not print an error for each unconfigured interrupt line (bsc#1190497). - efi: capsule-loader: Fix use-after-free in efi_capsule_write (git-fixes). - efi: libstub: Disable struct randomization (git-fixes). - eth: alx: take rtnl_lock on resume (git-fixes). - eth: sun: cassini: remove dead code (git-fixes). - fbcon: Add option to enable legacy hardware acceleration (bsc#1152472) Backporting changes: * context fixes in other patch * update config - fbcon: Fix accelerated fbdev scrolling while logo is still shown (bsc#1152472) - fbdev: chipsfb: Add missing pci_disable_device() in chipsfb_pci_init() (git-fixes). - firmware: arm_scmi: Fix the asynchronous reset requests (git-fixes). - firmware: arm_scmi: Harden accesses to the reset domains (git-fixes). - firmware: cs_dsp: add driver to support firmware loading on Cirrus Logic DSPs (bsc#1203699). - firmware: cs_dsp: Add lockdep asserts to interface functions (bsc#1203699). - firmware: cs_dsp: Add memory chunk helpers (bsc#1203699). - firmware: cs_dsp: Add offset to cs_dsp read/write (bsc#1203699). - firmware: cs_dsp: Add pre_run callback (bsc#1203699). - firmware: cs_dsp: Add pre_stop callback (bsc#1203699). - firmware: cs_dsp: Add support for rev 2 coefficient files (bsc#1203699). - firmware: cs_dsp: Add version checks on coefficient loading (bsc#1203699). - firmware: cs_dsp: Allow creation of event controls (bsc#1203699). - firmware: cs_dsp: Clarify some kernel doc comments (bsc#1203699). - firmware: cs_dsp: Clear core reset for cache (bsc#1203699). - firmware: cs_dsp: Fix overrun of unterminated control name string (bsc#1203699). - firmware: cs_dsp: Move lockdep asserts to avoid potential null pointer (bsc#1203699). - firmware: cs_dsp: Perform NULL check in cs_dsp_coeff_write/read_ctrl (bsc#1203699). - firmware: cs_dsp: Print messages from bin files (bsc#1203699). - firmware: cs_dsp: tidy includes in cs_dsp.c and cs_dsp.h (bsc#1203699). - ftrace: Fix NULL pointer dereference in is_ftrace_trampoline when ftrace is dead (git-fixes). - fuse: Remove the control interface for virtio-fs (bsc#1203798). - gpio: mockup: fix NULL pointer dereference when removing debugfs (git-fixes). - gpio: mockup: remove gpio debugfs when remove device(git-fixes). - gpio: mpc8xxx: Fix support for IRQ_TYPE_LEVEL_LOW flow_type in mpc85xx (git-fixes). - gpio: mvebu: Fix check for pwm support on non-A8K platforms (git-fixes). - gpiolib: cdev: Set lineevent_state::irq after IRQ register successfully (git-fixes). - gve: Fix GFP flags when allocing pages (git-fixes). - hid: intel-ish-hid: ishtp: Fix ishtp client sending disordered message (git-fixes). - HID: ishtp-hid-clientHID: ishtp-hid-client: Fix comment typo (git-fixes). - hwmon: (gsc-hwmon) Call of_node_get() before of_find_xxx API (git-fixes). - hwmon: (mr75203) enable polling for all VM channels (git-fixes). - hwmon: (mr75203) fix multi-channel voltage reading (git-fixes). - hwmon: (mr75203) fix VM sensor allocation when "intel,vm-map" not defined (git-fixes). - hwmon: (mr75203) fix voltage equation for negative source input (git-fixes). - hwmon: (mr75203) update pvt-> v_num and vm_num to the actual number of used sensors (git-fixes). - hwmon: (pmbus/mp2888) Fix sensors readouts for MPS Multi-phase mp2888 controller (git-fixes). - hwmon: (tps23861) fix byte order in resistance register (git-fixes). - i2c: acpi: Add an i2c_acpi_client_count() helper function (bsc#1203699). - i2c: imx: If pm_runtime_get_sync() returned 1 device access is possible (git-fixes). - i2c: mlxbf: Fix frequency calculation (git-fixes). - i2c: mlxbf: incorrect base address passed during io write (git-fixes). - i2c: mlxbf: prevent stack overflow in mlxbf_i2c_smbus_start_transaction() (git-fixes). - i2c: mlxbf: support lock mechanism (git-fixes). - ice: Allow operation with reduced device MSI-X (bsc#1201987). - ice: arfs: fix use-after-free when freeing @rx_cpu_rmap (git-fixes). - ice: Do not skip not enabled queues in ice_vc_dis_qs_msg (git-fixes). - ice: fix crash when writing timestamp on RX rings (git-fixes). - ice: Fix KASAN error in LAG NETDEV_UNREGISTER handler (git-fixes). - ice: fix possible under reportingof ethtool Tx and Rx statistics (git-fixes). - ice: Fix race during aux device (un)plugging (git-fixes). - ice: Match on all profiles in slow-path (git-fixes). - ieee802154: cc2520: add rc code in cc2520_tx() (git-fixes). - igb: skip phy status check where unavailable (git-fixes). - Input: goodix - add compatible string for GT1158 (git-fixes). - Input: goodix - add support for GT1158 (git-fixes). - Input: iforce - add support for Boeder Force Feedback Wheel (git-fixes). - Input: iqs62x-keys - drop unused device node references (git-fixes). - Input: melfas_mip4 - fix return value check in mip4_probe() (git-fixes). - Input: snvs_pwrkey - fix SNVS_HPVIDR1 register address (git-fixes). - kABI workaround for spi changes (bsc#1203699). - kABI: Add back removed struct paca member (bsc#1203664 ltc#199236). - kABI: fix adding another field to scsi_device (bsc#1203039). - kABI: Fix kABI after SNP-Guest backport (jsc#SLE-19924, jsc#SLE-24814). - kbuild: disable header exports for UML in a straightforward way (git-fixes). - kexec, KEYS, s390: Make use of built-in and secondary keyring for signature verification (bsc#1196444). - kexec, KEYS: make the code in bzImage64_verify_sig generic (bsc#1196444). - kexec: clean up arch_kexec_kernel_verify_sig (bsc#1196444). - kexec: drop weak attribute from functions (bsc#1196444). - KVM: SVM: Create a separate mapping for the GHCB save area (jsc#SLE-19924, jsc#SLE-24814). - KVM: SVM: Create a separate mapping for the SEV-ES save area (jsc#SLE-19924, jsc#SLE-24814). - KVM: SVM: Define sev_features and VMPL field in the VMSA (jsc#SLE-19924, jsc#SLE-24814). - KVM: SVM: fix tsc scaling cache logic (bsc#1203263). - KVM: SVM: Update the SEV-ES save area mapping (jsc#SLE-19924, jsc#SLE-24814). - KVM: VMX: Heed the 'msr' argument in msr_write_intercepted() (git-fixes). - KVM: X86: Fix when shadow_root_level=5 and guest root_level 4 (git-fixes). - KVM: x86: hyper-v: Dropredundant 'ex' parameter from kvm_hv_send_ipi() (git-fixes). - KVM: x86: hyper-v: HVCALL_SEND_IPI_EX is an XMM fast hypercall (git-fixes). - KVM: x86: Move lookup of indexed CPUID leafs to helper (jsc#SLE-19924, jsc#SLE-24814). - libata: add ATA_HORKAGE_NOLPM for Pioneer BDR-207M and BDR-205 (git-fixes). - lockd: detect and reject lock arguments that overflow (git-fixes). - md-raid10: fix KASAN warning (git-fixes). - md: call __md_stop_writes in md_stop (git-fixes). - md: unlock mddev before reap sync_thread in action_store (bsc#1197659). - media: aspeed: Fix an error handling path in aspeed_video_probe() (git-fixes). - media: coda: Add more H264 levels for CODA960 (git-fixes). - media: coda: Fix reported H264 profile (git-fixes). - media: dvb_vb2: fix possible out of bound access (git-fixes). - media: exynos4-is: Change clk_disable to clk_disable_unprepare (git-fixes). - media: exynos4-is: Fix PM disable depth imbalance in fimc_is_probe (git-fixes). - media: flexcop-usb: fix endpoint type check (git-fixes). - media: imx-jpeg: Add pm-sleep support for imx-jpeg (git-fixes). - media: imx-jpeg: Correct some definition according specification (git-fixes). - media: imx-jpeg: Disable slot interrupt when frame done (git-fixes). - media: imx-jpeg: Fix potential array out of bounds in queue_setup (git-fixes). - media: imx-jpeg: Leave a blank space before the configuration data (git-fixes). - media: imx-jpeg: Refactor function mxc_jpeg_parse (git-fixes). - media: mceusb: Use new usb_control_msg_*() routines (git-fixes). - media: platform: mtk-mdp: Fix mdp_ipi_comm structure alignment. - media: rkvdec: Disable H.264 error detection (git-fixes). - media: st-delta: Fix PM disable depth imbalance in delta_probe (git-fixes). - media: vsp1: Fix offset calculation for plane cropping. - misc: cs35l41: Remove unused pdn variable (bsc#1203699). - mISDN: fix use-after-free bugs in l1oip timerhandlers (git-fixes). - mlxsw: i2c: Fix initialization error flow (git-fixes). - mm: Fix PASID use-after-free issue (bsc#1203908). - mmc: core: Fix inconsistent sd3_bus_mode at UHS-I SD voltage switch failure (git-fixes). - mmc: hsq: Fix data stomping during mmc recovery (git-fixes). - mmc: moxart: fix 4-bit bus width and remove 8-bit bus width (git-fixes). - mwifiex: fix sleep in atomic context bugs caused by dev_coredumpv (git-fixes). - net: axienet: fix RX ring refill allocation failure handling (git-fixes). - net: axienet: reset core on initialization prior to MDIO access (git-fixes). - net: bcmgenet: hide status block before TX timestamping (git-fixes). - net: bcmgenet: Revert "Use stronger register read/writes to assure ordering" (git-fixes). - net: cpsw: add missing of_node_put() in cpsw_probe_dt() (git-fixes). - net: dsa: bcm_sf2_cfp: fix an incorrect NULL check on list iterator (git-fixes). - net: dsa: bcm_sf2: Fix Wake-on-LAN with mac_link_down() (git-fixes). - net: dsa: felix: fix tagging protocol changes with multiple CPU ports (git-fixes). - net: dsa: felix: suppress -EPROBE_DEFER errors (git-fixes). - net: dsa: introduce helpers for iterating through ports using dp (git-fixes). - net: dsa: lantiq_gswip: Do not set GSWIP_MII_CFG_RMII_CLK (git-fixes). - net: dsa: lantiq_gswip: fix use after free in gswip_remove() (git-fixes). - net: dsa: microchip: fix bridging with more than two member ports (git-fixes). - net: dsa: mt7530: 1G can also support 1000BASE-X link mode (git-fixes). - net: dsa: mt7530: add missing of_node_put() in mt7530_setup() (git-fixes). - net: dsa: mv88e6xxx: Fix port_hidden_wait to account for port_base_addr (git-fixes). - net: dsa: mv88e6xxx: Fix refcount leak in mv88e6xxx_mdios_register (git-fixes). - net: dsa: restrict SMSC_LAN9303_I2C kconfig (git-fixes). - net: emaclite: Add error handling for of_address_to_resource() (git-fixes). - net:enetc: Use pci_release_region() to release some resources (git-fixes). - net: ethernet: mediatek: ppe: fix wrong size passed to memset() (git-fixes). - net: ethernet: mv643xx: Fix over zealous checking of_get_mac_address() (git-fixes). - net: ethernet: stmmac: fix altr_tse_pcs function when using a fixed-link (git-fixes). - net: ethernet: stmmac: fix write to sgmii_adapter_base (git-fixes). - net: fec: add missing of_node_put() in fec_enet_init_stop_mode() (git-fixes). - net: ftgmac100: access hardware register after clock ready (git-fixes). - net: hns3: add netdev reset check for hns3_set_tunable() (git-fixes). - net: hns3: fix the concurrency between functions reading debugfs (git-fixes). - net: ipa: get rid of a duplicate initialization (git-fixes). - net: ipa: kill ipa_cmd_pipeline_clear() (git-fixes). - net: ipa: record proper RX transaction count (git-fixes). - net: macb: Fix PTP one step sync support (git-fixes). - net: macb: Increment rx bd head after allocating skb and buffer (git-fixes). - net: mana: Add rmb after checking owner bits (git-fixes). - net: mana: Add support of XDP_REDIRECT action (bug#1201310, jsc#PED-529). - net: mana: Add the Linux MANA PF driver (bug#1201309, jsc#PED-529). - net: mdio: Fix ENOMEM return value in BCM6368 mux bus controller (git-fixes). - net: mscc: ocelot: avoid corrupting hardware counters when moving VCAP filters (git-fixes). - net: mscc: ocelot: fix all IP traffic getting trapped to CPU with PTP over IP (git-fixes). - net: mscc: ocelot: fix broken IP multicast flooding (git-fixes). - net: mscc: ocelot: fix last VCAP IS1/IS2 filter persisting in hardware when deleted (git-fixes). - net: mscc: ocelot: fix missing unlock on error in ocelot_hwstamp_set() (git-fixes). - net: mscc: ocelot: fix VCAP IS2 filters matching on both lookups (git-fixes). - net: mscc: ocelot: restrict tc-trap actions to VCAP IS2 lookup 0 (git-fixes). -net: phy: aquantia: wait for the suspend/resume operations to finish (git-fixes). - net: phy: at803x: move page selection fix to config_init (git-fixes). - net: phy: Do not WARN for PHY_UP state in mdio_bus_phy_resume() (git-fixes). - net: sparx5: depends on PTP_1588_CLOCK_OPTIONAL (git-fixes). - net: sparx5: uses, depends on BRIDGE or !BRIDGE (git-fixes). - net: stmmac: dwmac-qcom-ethqos: add platform level clocks management (git-fixes). - net: stmmac: dwmac-qcom-ethqos: Enable RGMII functional clock on resume (git-fixes). - net: stmmac: dwmac-sun8i: add missing of_node_put() in sun8i_dwmac_register_mdio_mux() (git-fixes). - net: stmmac: enhance XDP ZC driver level switching performance (git-fixes). - net: stmmac: fix out-of-bounds access in a selftest (git-fixes). - net: stmmac: Fix unset max_speed difference between DT and non-DT platforms (git-fixes). - net: stmmac: only enable DMA interrupts when ready (git-fixes). - net: stmmac: perserve TX and RX coalesce value during XDP setup (git-fixes). - net: stmmac: remove unused get_addr() callback (git-fixes). - net: stmmac: Use readl_poll_timeout_atomic() in atomic state (git-fixes). - net: systemport: Fix an error handling path in bcm_sysport_probe() (git-fixes). - net: thunderbolt: Enable DMA paths only after rings are enabled (git-fixes). - net: usb: qmi_wwan: add Quectel RM520N (git-fixes). - net: wwan: iosm: Call mutex_init before locking it (git-fixes). - net: wwan: iosm: remove pointless null check (git-fixes). - net/mlx5: CT: Fix header-rewrite re-use for tupels (git-fixes). - net/mlx5: Drain fw_reset when removing device (git-fixes). - net/mlx5e: Block rx-gro-hw feature in switchdev mode (git-fixes). - net/mlx5e: Properly block HW GRO when XDP is enabled (git-fixes). - net/mlx5e: Properly block LRO when XDP is enabled (git-fixes). - net/mlx5e: Remove HW-GRO from reported features (git-fixes). - net/mlx5e: TC NIC mode, fix tcchains miss table (git-fixes). - net/qla3xxx: Fix a test in ql_reset_work() (git-fixes). - net/sunrpc: fix potential memory leaks in rpc_sysfs_xprt_state_change() (git-fixes). - NFS: Do not decrease the value of seq_nr_highest_sent (git-fixes). - NFS: fix problems with __nfs42_ssc_open (git-fixes). - NFS: Fix races in the legacy idmapper upcall (git-fixes). - NFS: Fix WARN_ON due to unionization of nfs_inode.nrequests (git-fixes). - NFS: Handle NFS4ERR_DELAY replies to OP_SEQUENCE correctly (git-fixes). - NFS: LOOKUP_DIRECTORY is also ok with symlinks (git-fixes). - NFS: RECLAIM_COMPLETE must handle EACCES (git-fixes). - NFS: Turn off open-by-filehandle and NFS re-export for NFSv4.0 (git-fixes). - NFS: Update mode bits after ALLOCATE and DEALLOCATE (git-fixes). - NFSD: Clean up the show_nf_flags() macro (git-fixes). - NFSD: eliminate the NFSD_FILE_BREAK_* flags (git-fixes). - NFSD: Fix offset type in I/O trace points (git-fixes). - NFSD: Report RDMA connection errors to the server (git-fixes). - NFSD: restore EINVAL error translation in nfsd_commit() (git-fixes). - of/device: Fix up of_dma_configure_id() stub (git-fixes). - of/fdt: fix off-by-one error in unflatten_dt_nodes() (git-fixes). - parisc/sticon: fix reverse colors (bsc#1152489) - parisc/stifb: Fix fb_is_primary_device() only available with (bsc#1152489) - parisc/stifb: Implement fb_is_primary_device() (bsc#1152489) - parisc/stifb: Keep track of hardware path of graphics card (bsc#1152489) - PCI: Correct misspelled words (git-fixes). - PCI: Disable MSI for Tegra234 Root Ports (git-fixes). - PCI: Prefer 'unsigned int' over bare 'unsigned' (git-fixes). - PCI/ASPM: Make Intel DG2 L1 acceptable latency unlimited (jsc#PED-387). - pinctrl: qcom: sc8180x: Fix gpio_wakeirq_map (git-fixes). - pinctrl: qcom: sc8180x: Fix wrong pin numbers (git-fixes). - pinctrl: sunxi: Fix name for A100 R_PIO (git-fixes). - platform/surface: aggregator_registry: Add supportfor Surface Laptop Go 2 (git-fixes). - platform/x86: acer-wmi: Acer Aspire One AOD270/Packard Bell Dot keymap fixes (git-fixes). - platform/x86: i2c-multi-instantiate: Rename it for a generic serial driver name (bsc#1203699). - platform/x86: serial-multi-instantiate: Add CLSA0101 Laptop (bsc#1203699). - platform/x86: serial-multi-instantiate: Add SPI support (bsc#1203699). - platform/x86: serial-multi-instantiate: Reorganize I2C functions (bsc#1203699). - powerpc/pseries/vas: Pass hw_cpu_id to node associativity HCALL (bsc#1194869). - ppc64/kdump: Limit kdump base to 512MB (bsc#1203410 ltc#199904). - regulator: core: Clean up on enable failure (git-fixes). - regulator: pfuze100: Fix the global-out-of-bounds access in pfuze100_regulator_probe() (git-fixes). - regulator: qcom_rpm: Fix circular deferral regression (git-fixes). - reset: imx7: Fix the iMX8MP PCIe PHY PERST support (git-fixes). - s390: fix double free of GS and RI CBs on fork() failure (bsc#1203197 LTC#199895). - s390/boot: fix absolute zero lowcore corruption on boot (git-fixes). - scsi: core: Add BLIST_NO_ASK_VPD_SIZE for some VDASD (bsc#1203039). - scsi: lpfc: Add missing destroy_workqueue() in error path (bsc#1203939). - scsi: lpfc: Add missing free iocb and nlp kref put for early return VMID cases (bsc#1203939). - scsi: lpfc: Add reporting capability for Link Degrade Signaling (bsc#1203939). - scsi: lpfc: Fix FLOGI ACC with wrong SID in PT2PT topology (bsc#1203939). - scsi: lpfc: Fix mbuf pool resource detected as busy at driver unload (bsc#1203939). - scsi: lpfc: Fix multiple NVMe remoteport registration calls for the same NPort ID (bsc#1203939). - scsi: lpfc: Fix prli_fc4_req checks in PRLI handling (bsc#1203939). - scsi: lpfc: Fix various issues reported by tools (bsc#1203939). - scsi: lpfc: Move scsi_host_template outside dynamically allocated/freed phba (bsc#1185032 bsc#1203939). - scsi: lpfc: Remove theunneeded result variable (bsc#1203939). - scsi: lpfc: Remove unneeded result variable (bsc#1203939). - scsi: lpfc: Rename mp/bmp dma buffers to rq/rsp in lpfc_fdmi_cmd (bsc#1203939). - scsi: lpfc: Return DID_TRANSPORT_DISRUPTED instead of DID_REQUEUE (bsc#1203939). - scsi: lpfc: Rework FDMI attribute registration for unintential padding (bsc#1203939). - scsi: lpfc: Rework lpfc_fdmi_cmd() routine for cleanup and consistency (bsc#1203939). - scsi: lpfc: Update congestion mode logging for Emulex SAN Manager application (bsc#1203939). - scsi: lpfc: Update lpfc version to 14.2.0.7 (bsc#1203939). - scsi: mpt3sas: Fix use-after-free warning (git-fixes). - scsi: qla2xxx: Add debugfs create/delete helpers (bsc#1203935). - scsi: qla2xxx: Add NVMe parameters support in Auxiliary Image Status (bsc#1203935). - scsi: qla2xxx: Always wait for qlt_sess_work_fn() from qlt_stop_phase1() (bsc#1203935). - scsi: qla2xxx: Avoid flush_scheduled_work() usage (bsc#1203935). - scsi: qla2xxx: Define static symbols (bsc#1203935). - scsi: qla2xxx: Disable ATIO interrupt coalesce for quad port ISP27XX (bsc#1203935). - scsi: qla2xxx: Drop DID_TARGET_FAILURE use (bsc#1203935). - scsi: qla2xxx: Enhance driver tracing with separate tunable and more (bsc#1203935). - scsi: qla2xxx: Fix disk failure to rediscover (git-fixes). - scsi: qla2xxx: Fix memory leak in __qlt_24xx_handle_abts() (bsc#1203935). - scsi: qla2xxx: Fix response queue handler reading stale packets (bsc#1203935). - scsi: qla2xxx: Fix spelling mistake "definiton" "definition" (bsc#1203935). - scsi: qla2xxx: Log message "skipping scsi_scan_host()" as informational (bsc#1203935). - scsi: qla2xxx: Remove unused declarations for qla2xxx (bsc#1203935). - scsi: qla2xxx: Remove unused del_sess_list field (bsc#1203935). - scsi: qla2xxx: Remove unused qlt_tmr_work() (bsc#1203935). - scsi: qla2xxx: Revert "scsi: qla2xxx: Fix response queue handler reading stale packets" (bsc#1203935). - scsi: qla2xxx: Update version to 10.02.07.900-k (bsc#1203935). - scsi: Revert "scsi: qla2xxx: Fix disk failure to rediscover" (git-fixes). - scsi: smartpqi: Add module param to disable managed ints (bsc#1203893). - scsi: smartpqi: Shorten drive visibility after removal (bsc#1200622). - selftests: Fix the if conditions of in test_extra_filter() (git-fixes). - selftests: forwarding: add shebang for sch_red.sh (git-fixes). - selftests: forwarding: Fix failing tests with old libnet (git-fixes). - serial: atmel: remove redundant assignment in rs485_config (git-fixes). - serial: Create uart_xmit_advance() (git-fixes). - serial: fsl_lpuart: Reset prior to registration (git-fixes). - serial: tegra-tcu: Use uart_xmit_advance(), fixes icount.tx accounting (git-fixes). - serial: tegra: Use uart_xmit_advance(), fixes icount.tx accounting (git-fixes). - soc: sunxi: sram: Actually claim SRAM regions (git-fixes). - soc: sunxi: sram: Fix debugfs info for A64 SRAM C (git-fixes). - soc: sunxi: sram: Prevent the driver from being unbound (git-fixes). - spi: Add API to count spi acpi resources (bsc#1203699). - spi: Create helper API to lookup ACPI info for spi device (bsc#1203699). - spi: dw: Fix PM disable depth imbalance in dw_spi_bt1_probe (git-fixes). - spi: meson-spicc: do not rely on busy flag in pow2 clk ops (git-fixes). - spi: mt7621: Fix an error message in mt7621_spi_probe() (git-fixes). - spi: propagate error code to the caller of acpi_spi_device_alloc() (bsc#1203699). - spi: qup: add missing clk_disable_unprepare on error in spi_qup_pm_resume_runtime() (git-fixes). - spi: qup: add missing clk_disable_unprepare on error in spi_qup_resume() (git-fixes). - spi: Return deferred probe error when controller isn't yet available (bsc#1203699). - spi: s3c64xx: Fix large transfers with DMA (git-fixes). - spi: Support selection of the index of the ACPI Spi Resource before alloc(bsc#1203699). - spi/omap100k:Fix PM disable depth imbalance in omap1_spi100k_probe (git-fixes). - struct ehci_hcd: hide new element going into a hole (git-fixes). - struct xhci_hcd: restore member now dynamically allocated (git-fixes). - SUNRPC: Do not call connect() more than once on a TCP socket (git-fixes). - SUNRPC: Do not leak sockets in xs_local_connect() (git-fixes). - SUNRPC: fix expiry of auth creds (git-fixes). - SUNRPC: Fix xdr_encode_bool() (git-fixes). - SUNRPC: Reinitialise the backchannel request buffers before reuse (git-fixes). - SUNRPC: RPC level errors should set task-> tk_rpc_status (git-fixes). - thunderbolt: Add support for Intel Maple Ridge single port controller (git-fixes). - tracing: hold caller_addr to hardirq_{enable,disable}_ip (git-fixes). - tty: serial: atmel: Preserve previous USART mode if RS485 disabled (git-fixes). - USB: Add ignore-residue quirk for NXP PN7462AU (git-fixes). - USB: add quirks for Lenovo OneLink+ Dock (git-fixes). - USB: cdc-acm: Add Icom PMR F3400 support (0c26:0020) (git-fixes). - USB: core: Fix RST error in hub.c (git-fixes). - USB: core: Prevent nested device-reset calls (git-fixes). - USB: Drop commas after SoC match table sentinels (git-fixes). - USB: dwc3: core: leave default DMA if the controller does not support 64-bit DMA (git-fixes). - USB: dwc3: disable USB core PHY management (git-fixes). - USB: dwc3: gadget: Avoid starting DWC3 gadget during UDC unbind (git-fixes). - USB: dwc3: gadget: Do not modify GEVNTCOUNT in pullup() (git-fixes). - USB: dwc3: gadget: Refactor pullup() (git-fixes). - USB: dwc3: pci: Add support for Intel Raptor Lake (git-fixes). - USB: Fix ehci infinite suspend-resume loop issue in zhaoxin (git-fixes). - USB: Fix memory leak in usbnet_disconnect() (git-fixes). - USB: host: xhci: fix a comment typo in xhci_mem_init() (git-fixes). - USB: host: xhci: use ffs() in xhci_mem_init() (git-fixes). - USB: hub: avoid warmport reset during USB3 disconnect (git-fixes). - USB: serial: cp210x: add Decagon UCA device id (git-fixes). - USB: serial: ftdi_sio: add Omron CS1W-CIF31 device id (git-fixes). - USB: serial: option: add Quectel BG95 0x0203 composition (git-fixes). - USB: serial: option: add Quectel EM060K modem (git-fixes). - USB: serial: option: add Quectel RM520N (git-fixes). - USB: serial: option: add support for Cinterion MV32-WA/WB RmNet mode (git-fixes). - USB: serial: option: add support for OPPO R11 diag port (git-fixes). - USB: storage: Add ASUS 0x0b05:0x1932 to IGNORE_UAS (git-fixes). - USB: struct usb_device: hide new member (git-fixes). - USB: typec: intel_pmc_mux: Add new ACPI ID for Meteor Lake IOM device (git-fixes). - USB: typec: tipd: Add an additional overflow check (git-fixes). - USB: typec: tipd: Do not read/write more bytes than required (git-fixes). - USB: typec: ucsi: Remove incorrect warning (git-fixes). - USB: xhci-mtk: relax TT periodic bandwidth allocation (git-fixes). - vfio/type1: Unpin zero pages (git-fixes). - vhost/vsock: Use kvmalloc/kvfree for larger packets (git-fixes). - video: fbdev: i740fb: Error out if 'pixclock' equals zero (git-fixes). - video: fbdev: pxa3xx-gcu: Fix integer overflow in pxa3xx_gcu_write (git-fixes). - virt: Add SEV-SNP guest driver (jsc#SLE-19924, jsc#SLE-24814). - virt: sevguest: Add documentation for SEV-SNP CPUID Enforcement (jsc#SLE-19924, jsc#SLE-24814). - virt: sevguest: Add support to derive key (jsc#SLE-19924, jsc#SLE-24814). - virt: sevguest: Add support to get extended report (jsc#SLE-19924, jsc#SLE-24814). - virt: sevguest: Fix bool function returning negative value (jsc#SLE-19924, jsc#SLE-24814). - virt: sevguest: Fix return value check in alloc_shared_pages() (jsc#SLE-19924, jsc#SLE-24814). - vrf: fix packet sniffing for traffic originating from ip tunnels (git-fixes). - vt: Clear selection before changing the font (git-fixes). -watchdog: wdat_wdt: Set the min and max timeout values properly (bsc#1194023). - wifi: ath10k: add peer map clean up for peer delete in ath10k_sta_state() (git-fixes). - wifi: ath11k: fix number of VHT beamformee spatial streams (git-fixes). - wifi: iwlegacy: 4965: corrected fix for potential off-by-one overflow in il4965_rs_fill_link_cmd() (git-fixes). - wifi: mac80211_hwsim: check length for virtio packets (git-fixes). - wifi: mac80211: allow bw change during channel switch in mesh (git-fixes). - wifi: mac80211: fix regression with non-QoS drivers (git-fixes). - wifi: mac80211: Fix UAF in ieee80211_scan_rx() (git-fixes). - wifi: mt76: fix reading current per-tid starting sequence number for aggregation (git-fixes). - wifi: mt76: mt7615: add mt7615_mutex_acquire/release in mt7615_sta_set_decap_offload (git-fixes). - wifi: mt76: mt7915: do not check state before configuring implicit beamform (git-fixes). - wifi: mt76: sdio: fix transmitting packet hangs (git-fixes). - wifi: rtl8xxxu: Fix AIFS written to REG_EDCA_*_PARAM (git-fixes). - wifi: rtl8xxxu: Fix skb misuse in TX queue selection (git-fixes). - wifi: rtl8xxxu: gen2: Fix mistake in path B IQ calibration (git-fixes). - wifi: rtl8xxxu: Improve rtl8xxxu_queue_select (git-fixes). - wifi: rtl8xxxu: Remove copy-paste leftover in gen2_update_rate_mask (git-fixes). - wifi: rtl8xxxu: tighten bounds checking in rtl8xxxu_read_efuse() (git-fixes). - wifi: rtlwifi: 8192de: correct checking of IQK reload (git-fixes). - wifi: rtw88: add missing destroy_workqueue() on error path in rtw_core_init() (git-fixes). - workqueue: do not skip lockdep work dependency in cancel_work_sync() (git-fixes). - x86/boot: Add a pointer to Confidential Computing blob in bootparams (jsc#SLE-19924, jsc#SLE-24814). - x86/boot: Add Confidential Computing type to setup_data (jsc#SLE-19924, jsc#SLE-24814). - x86/boot: Introduce helpers for MSR reads/writes(jsc#SLE-19924, jsc#SLE-24814). - x86/boot: Put globals that are accessed early into the .data section (jsc#SLE-19924, jsc#SLE-24814). - x86/boot: Use MSR read/write helpers instead of inline assembly (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed: Add helper for validating pages in the decompression stage (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed: Add SEV-SNP feature detection/setup (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed: Export and rename add_identity_map() (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed: Register GHCB memory when SEV-SNP is active (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed: Use firmware-validated CPUID leaves for SEV-SNP guests (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed/64: Add identity mapping for Confidential Computing blob (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed/64: Add support for SEV-SNP CPUID table in #VC handlers (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed/64: Detect/setup SEV/SME features earlier during boot (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed/acpi: Move EFI config table lookup to helper (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed/acpi: Move EFI detection to helper (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed/acpi: Move EFI kexec handling into common code (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed/acpi: Move EFI system table lookup to helper (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed/acpi: Move EFI vendor table lookup to helper (jsc#SLE-19924, jsc#SLE-24814). - x86/head/64: Re-enable stack protection (jsc#SLE-19924, jsc#SLE-24814). - x86/ibt,ftrace: Make function-graph play nice (bsc#1203969). - x86/kernel: Mark the .bss..decrypted section as shared in the RMP table (jsc#SLE-19924, jsc#SLE-24814). - x86/kernel: Validate ROM memory before accessing when SEV-SNP is active (jsc#SLE-19924, jsc#SLE-24814). - x86/kexec: fix memory leak of elf header buffer(bsc#1196444). - x86/mm: Extend cc_attr to include AMD SEV-SNP (jsc#SLE-19924, jsc#SLE-24814). - x86/mm: Validate memory when changing the C-bit (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Add a helper for the PVALIDATE instruction (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Add a sev= cmdline option (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Add helper for validating pages in early enc attribute changes (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Add missing __init annotations to SEV init routines (jsc#SLE-19924 jsc#SLE-24814). - x86/sev: Add SEV-SNP feature detection/setup (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Check SEV-SNP features support (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Check the VMPL level (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Detect/setup SEV/SME features earlier in boot (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Get the AP jump table address from secrets page (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Move MSR-based VMGEXITs for CPUID to helper (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Provide support for SNP guest request NAEs (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Register GHCB memory when SEV-SNP is active (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Register SEV-SNP guest request platform device (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Use firmware-validated CPUID for SEV-SNP guests (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Use SEV-SNP AP creation to start secondary CPUs (jsc#SLE-19924, jsc#SLE-24814). - x86/xen: Remove undefined behavior in setup_features() (git-fixes). - xen-blkback: Advertise feature-persistent as user requested (git-fixes). - xen-blkback: Apply 'feature_persistent' parameter when connect (git-fixes). - xen-blkback: fix persistent grants negotiation (git-fixes). - xen-blkfront: Advertise feature-persistent as user requested (git-fixes). - xen-blkfront: Apply 'feature_persistent' parameter when connect (git-fixes). - xen-blkfront: Cache feature_persistent value before advertisement (git-fixes). - xen-blkfront: Handle NULL gendisk (git-fixes). - xen-netback: only remove 'hotplug-status' when the vif is actually destroyed (git-fixes). - xen/gntdev: Avoid blocking in unmap_grant_pages() (git-fixes). - xen/gntdev: Ignore failure to unmap INVALID_GRANT_HANDLE (git-fixes). - xen/grants: prevent integer overflow in gnttab_dma_alloc_pages() (git-fixes). - xen/usb: do not use arbitrary_virt_to_machine() (git-fixes). - xhci: Allocate separate command structures for each LPM command (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3844=1 - SUSE Linux Enterprise Workstation Extension 15-SP4: zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2022-3844=1 - SUSE Linux Enterprise Module for Live Patching 15-SP4: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2022-3844=1 Please note that this is the initial kernel livepatch without fixes itself, this livepatch package is later updated by seperate standalone livepatch updates. - SUSE Linux Enterprise Module for Legacy Software 15-SP4: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP4-2022-3844=1 - SUSE Linux Enterprise Module for Development Tools 15-SP4: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-3844=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-3844=1 - SUSE Linux Enterprise Micro 5.3: zypper in -t patch SUSE-SLE-Micro-5.3-2022-3844=1 - SUSE Linux Enterprise High Availability 15-SP4: zypper in -tpatch SUSE-SLE-Product-HA-15-SP4-2022-3844=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): cluster-md-kmp-default-5.14.21-150400.24.28.1 cluster-md-kmp-default-debuginfo-5.14.21-150400.24.28.1 dlm-kmp-default-5.14.21-150400.24.28.1 dlm-kmp-default-debuginfo-5.14.21-150400.24.28.1 gfs2-kmp-default-5.14.21-150400.24.28.1 gfs2-kmp-default-debuginfo-5.14.21-150400.24.28.1 kernel-default-5.14.21-150400.24.28.1 kernel-default-base-5.14.21-150400.24.28.1.150400.24.9.5 kernel-default-base-rebuild-5.14.21-150400.24.28.1.150400.24.9.5 kernel-default-debuginfo-5.14.21-150400.24.28.1 kernel-default-debugsource-5.14.21-150400.24.28.1 kernel-default-devel-5.14.21-150400.24.28.1 kernel-default-devel-debuginfo-5.14.21-150400.24.28.1 kernel-default-extra-5.14.21-150400.24.28.1 kernel-default-extra-debuginfo-5.14.21-150400.24.28.1 kernel-default-livepatch-5.14.21-150400.24.28.1 kernel-default-livepatch-devel-5.14.21-150400.24.28.1 kernel-default-optional-5.14.21-150400.24.28.1 kernel-default-optional-debuginfo-5.14.21-150400.24.28.1 kernel-obs-build-5.14.21-150400.24.28.1 kernel-obs-build-debugsource-5.14.21-150400.24.28.1 kernel-obs-qa-5.14.21-150400.24.28.1 kernel-syms-5.14.21-150400.24.28.1 kselftests-kmp-default-5.14.21-150400.24.28.1 kselftests-kmp-default-debuginfo-5.14.21-150400.24.28.1 ocfs2-kmp-default-5.14.21-150400.24.28.1 ocfs2-kmp-default-debuginfo-5.14.21-150400.24.28.1 reiserfs-kmp-default-5.14.21-150400.24.28.1 reiserfs-kmp-default-debuginfo-5.14.21-150400.24.28.1 - openSUSE Leap 15.4 (aarch64 ppc64le x86_64): kernel-kvmsmall-5.14.21-150400.24.28.1 kernel-kvmsmall-debuginfo-5.14.21-150400.24.28.1 kernel-kvmsmall-debugsource-5.14.21-150400.24.28.1 kernel-kvmsmall-devel-5.14.21-150400.24.28.1 kernel-kvmsmall-devel-debuginfo-5.14.21-150400.24.28.1 kernel-kvmsmall-livepatch-devel-5.14.21-150400.24.28.1 - openSUSE Leap 15.4 (ppc64le x86_64): kernel-debug-5.14.21-150400.24.28.1 kernel-debug-debuginfo-5.14.21-150400.24.28.1 kernel-debug-debugsource-5.14.21-150400.24.28.1 kernel-debug-devel-5.14.21-150400.24.28.1 kernel-debug-devel-debuginfo-5.14.21-150400.24.28.1 kernel-debug-livepatch-devel-5.14.21-150400.24.28.1 - openSUSE Leap 15.4 (aarch64): cluster-md-kmp-64kb-5.14.21-150400.24.28.1 cluster-md-kmp-64kb-debuginfo-5.14.21-150400.24.28.1 dlm-kmp-64kb-5.14.21-150400.24.28.1 dlm-kmp-64kb-debuginfo-5.14.21-150400.24.28.1 dtb-allwinner-5.14.21-150400.24.28.1 dtb-altera-5.14.21-150400.24.28.1 dtb-amazon-5.14.21-150400.24.28.1 dtb-amd-5.14.21-150400.24.28.1 dtb-amlogic-5.14.21-150400.24.28.1 dtb-apm-5.14.21-150400.24.28.1 dtb-apple-5.14.21-150400.24.28.1 dtb-arm-5.14.21-150400.24.28.1 dtb-broadcom-5.14.21-150400.24.28.1 dtb-cavium-5.14.21-150400.24.28.1 dtb-exynos-5.14.21-150400.24.28.1 dtb-freescale-5.14.21-150400.24.28.1 dtb-hisilicon-5.14.21-150400.24.28.1 dtb-lg-5.14.21-150400.24.28.1 dtb-marvell-5.14.21-150400.24.28.1 dtb-mediatek-5.14.21-150400.24.28.1 dtb-nvidia-5.14.21-150400.24.28.1 dtb-qcom-5.14.21-150400.24.28.1 dtb-renesas-5.14.21-150400.24.28.1 dtb-rockchip-5.14.21-150400.24.28.1 dtb-socionext-5.14.21-150400.24.28.1 dtb-sprd-5.14.21-150400.24.28.1 dtb-xilinx-5.14.21-150400.24.28.1 gfs2-kmp-64kb-5.14.21-150400.24.28.1 gfs2-kmp-64kb-debuginfo-5.14.21-150400.24.28.1 kernel-64kb-5.14.21-150400.24.28.1 kernel-64kb-debuginfo-5.14.21-150400.24.28.1 kernel-64kb-debugsource-5.14.21-150400.24.28.1 kernel-64kb-devel-5.14.21-150400.24.28.1 kernel-64kb-devel-debuginfo-5.14.21-150400.24.28.1 kernel-64kb-extra-5.14.21-150400.24.28.1 kernel-64kb-extra-debuginfo-5.14.21-150400.24.28.1 kernel-64kb-livepatch-devel-5.14.21-150400.24.28.1 kernel-64kb-optional-5.14.21-150400.24.28.1 kernel-64kb-optional-debuginfo-5.14.21-150400.24.28.1 kselftests-kmp-64kb-5.14.21-150400.24.28.1 kselftests-kmp-64kb-debuginfo-5.14.21-150400.24.28.1 ocfs2-kmp-64kb-5.14.21-150400.24.28.1 ocfs2-kmp-64kb-debuginfo-5.14.21-150400.24.28.1 reiserfs-kmp-64kb-5.14.21-150400.24.28.1 reiserfs-kmp-64kb-debuginfo-5.14.21-150400.24.28.1 - openSUSE Leap 15.4 (noarch): kernel-devel-5.14.21-150400.24.28.1 kernel-docs-5.14.21-150400.24.28.1 kernel-docs-html-5.14.21-150400.24.28.1 kernel-macros-5.14.21-150400.24.28.1 kernel-source-5.14.21-150400.24.28.1 kernel-source-vanilla-5.14.21-150400.24.28.1 - openSUSE Leap 15.4 (s390x): kernel-zfcpdump-5.14.21-150400.24.28.1 kernel-zfcpdump-debuginfo-5.14.21-150400.24.28.1 kernel-zfcpdump-debugsource-5.14.21-150400.24.28.1 - SUSE Linux Enterprise Workstation Extension 15-SP4 (x86_64): kernel-default-debuginfo-5.14.21-150400.24.28.1 kernel-default-debugsource-5.14.21-150400.24.28.1 kernel-default-extra-5.14.21-150400.24.28.1 kernel-default-extra-debuginfo-5.14.21-150400.24.28.1 - SUSE Linux Enterprise Module for Live Patching 15-SP4 (ppc64le s390x x86_64): kernel-default-debuginfo-5.14.21-150400.24.28.1 kernel-default-debugsource-5.14.21-150400.24.28.1 kernel-default-livepatch-5.14.21-150400.24.28.1 kernel-default-livepatch-devel-5.14.21-150400.24.28.1 kernel-livepatch-5_14_21-150400_24_28-default-1-150400.9.3.5 kernel-livepatch-5_14_21-150400_24_28-default-debuginfo-1-150400.9.3.5 kernel-livepatch-SLE15-SP4_Update_4-debugsource-1-150400.9.3.5 - SUSE Linux Enterprise Module for Legacy Software 15-SP4 (aarch64 ppc64le s390x x86_64): kernel-default-debuginfo-5.14.21-150400.24.28.1 kernel-default-debugsource-5.14.21-150400.24.28.1 reiserfs-kmp-default-5.14.21-150400.24.28.1 reiserfs-kmp-default-debuginfo-5.14.21-150400.24.28.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 ppc64le s390x x86_64): kernel-obs-build-5.14.21-150400.24.28.1 kernel-obs-build-debugsource-5.14.21-150400.24.28.1 kernel-syms-5.14.21-150400.24.28.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (noarch): kernel-docs-5.14.21-150400.24.28.1 kernel-source-5.14.21-150400.24.28.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): kernel-default-5.14.21-150400.24.28.1 kernel-default-base-5.14.21-150400.24.28.1.150400.24.9.5 kernel-default-debuginfo-5.14.21-150400.24.28.1 kernel-default-debugsource-5.14.21-150400.24.28.1 kernel-default-devel-5.14.21-150400.24.28.1 kernel-default-devel-debuginfo-5.14.21-150400.24.28.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64): kernel-64kb-5.14.21-150400.24.28.1 kernel-64kb-debuginfo-5.14.21-150400.24.28.1 kernel-64kb-debugsource-5.14.21-150400.24.28.1 kernel-64kb-devel-5.14.21-150400.24.28.1 kernel-64kb-devel-debuginfo-5.14.21-150400.24.28.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch): kernel-devel-5.14.21-150400.24.28.1 kernel-macros-5.14.21-150400.24.28.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (s390x): kernel-zfcpdump-5.14.21-150400.24.28.1 kernel-zfcpdump-debuginfo-5.14.21-150400.24.28.1 kernel-zfcpdump-debugsource-5.14.21-150400.24.28.1 - SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64): kernel-default-5.14.21-150400.24.28.1 kernel-default-base-5.14.21-150400.24.28.1.150400.24.9.5 kernel-default-debuginfo-5.14.21-150400.24.28.1 kernel-default-debugsource-5.14.21-150400.24.28.1 - SUSE Linux Enterprise High Availability 15-SP4 (aarch64 ppc64le s390x x86_64): cluster-md-kmp-default-5.14.21-150400.24.28.1 cluster-md-kmp-default-debuginfo-5.14.21-150400.24.28.1 dlm-kmp-default-5.14.21-150400.24.28.1 dlm-kmp-default-debuginfo-5.14.21-150400.24.28.1 gfs2-kmp-default-5.14.21-150400.24.28.1 gfs2-kmp-default-debuginfo-5.14.21-150400.24.28.1 kernel-default-debuginfo-5.14.21-150400.24.28.1 kernel-default-debugsource-5.14.21-150400.24.28.1 ocfs2-kmp-default-5.14.21-150400.24.28.1 ocfs2-kmp-default-debuginfo-5.14.21-150400.24.28.1 References: https://www.suse.com/security/cve/CVE-2022-1263.html https://www.suse.com/security/cve/CVE-2022-2586.html https://www.suse.com/security/cve/CVE-2022-3202.html https://www.suse.com/security/cve/CVE-2022-32296.html https://www.suse.com/security/cve/CVE-2022-3239.html https://www.suse.com/security/cve/CVE-2022-3303.html https://www.suse.com/security/cve/CVE-2022-39189.html https://www.suse.com/security/cve/CVE-2022-41218.html https://www.suse.com/security/cve/CVE-2022-41674.html https://www.suse.com/security/cve/CVE-2022-41848.html https://www.suse.com/security/cve/CVE-2022-41849.html https://www.suse.com/security/cve/CVE-2022-42719.html https://www.suse.com/security/cve/CVE-2022-42720.html https://www.suse.com/security/cve/CVE-2022-42721.html https://www.suse.com/security/cve/CVE-2022-42722.html https://bugzilla.suse.com/1185032 https://bugzilla.suse.com/1190497 https://bugzilla.suse.com/1194023 https://bugzilla.suse.com/1194869 https://bugzilla.suse.com/1195917 https://bugzilla.suse.com/1196444 https://bugzilla.suse.com/1196869 https://bugzilla.suse.com/1197659 https://bugzilla.suse.com/1198189 https://bugzilla.suse.com/1200288 https://bugzilla.suse.com/1200622 https://bugzilla.suse.com/1201309 https://bugzilla.suse.com/1201310 https://bugzilla.suse.com/1201987 https://bugzilla.suse.com/1202095 https://bugzilla.suse.com/1202960 https://bugzilla.suse.com/1203039 https://bugzilla.suse.com/1203066 https://bugzilla.suse.com/1203101 https://bugzilla.suse.com/1203197 https://bugzilla.suse.com/1203263 https://bugzilla.suse.com/1203338 https://bugzilla.suse.com/1203360 https://bugzilla.suse.com/1203361 https://bugzilla.suse.com/1203389 https://bugzilla.suse.com/1203410 https://bugzilla.suse.com/1203505 https://bugzilla.suse.com/1203552 https://bugzilla.suse.com/1203664 https://bugzilla.suse.com/1203693 https://bugzilla.suse.com/1203699 https://bugzilla.suse.com/1203767 https://bugzilla.suse.com/1203769 https://bugzilla.suse.com/1203770 https://bugzilla.suse.com/1203794 https://bugzilla.suse.com/1203798 https://bugzilla.suse.com/1203893 https://bugzilla.suse.com/1203902 https://bugzilla.suse.com/1203906 https://bugzilla.suse.com/1203908 https://bugzilla.suse.com/1203935 https://bugzilla.suse.com/1203939 https://bugzilla.suse.com/1203987 https://bugzilla.suse.com/1203992 https://bugzilla.suse.com/1204051 https://bugzilla.suse.com/1204059 https://bugzilla.suse.com/1204060 https://bugzilla.suse.com/1204125 . SUSE Linux Kernel updates crucial security patches for vulnerabilities with significant enhancements. Keep secure!. SUSE Linux Kernel, kernel security, SUSE updates, Linux advisories. . Severity: Important. LinuxSecurity.com Team

Nov 01, 2022 •Important SuSE

security advisoryfedoramoderate severity

Fedora 36: FEDORA-2022-e3a794b591 Moderate: ET Stability Improvements

Several security and stability improvements. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2022-e3a794b591 2022-05-16 01:07:38.483117 --------------------------------------------------------------------------------Name : et Product : Fedora 36 Version : 6.2.1 Release : 2.fc36 URL : https://eternalterminal.dev/ Summary : Remote shell that survives IP roaming and disconnect Description : Eternal Terminal (ET) is a remote shell that automatically reconnects without interrupting the session. --------------------------------------------------------------------------------Update Information: Several security and stability improvements --------------------------------------------------------------------------------ChangeLog: * Fri May 6 2022 Michel Alexandre Salim 6.2.1-2 - Fix %cmake invocation to make it work on Rawhide * Fri May 6 2022 Michel Alexandre Salim 6.2.1-1 - Update to 6.2.1 --------------------------------------------------------------------------------References: [ 1 ] Bug #2029239 - [abrt] et: el::base::utils::abort(): et killed by SIGABRT https://bugzilla.redhat.com/show_bug.cgi?id=2029239 [ 2 ] Bug #2039118 - et-6.2.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2039118 [ 3 ] Bug #2045358 - et: FTBFS in Fedora rawhide/f36 https://bugzilla.redhat.com/show_bug.cgi?id=2045358 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-e3a794b591' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure . Explore the latest advancements in Fedora 36, including critical security patches and improved stability for the Forever Terminal.. Fedora Update, ET Security Fixes, Remote Shell Improvements, System Stability Enhancements. . LinuxSecurity.com Team

May 15, 2022 Fedora

security advisorymoderatesecurity issue

SUSE: 2022:426-1 Moderate: Bci/Nodejs Security Patch Overview

The container bci/nodejs was updated. The following patches have been included in this update:. SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:426-1 Container Tags : bci/node:14 , bci/node:14-16.32 , bci/nodejs:14 , bci/nodejs:14-16.32 Container Release : 16.32 Severity : moderate Type : security References : 1186819 1196275 1196406 CVE-2021-3572 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:936-1 Released: Tue Mar 22 18:10:17 2022 Summary: Recommended update for filesystem and systemd-rpm-macros Type: recommended Severity: moderate References: 1196275,1196406 This update for filesystem and systemd-rpm-macros fixes the following issues: filesystem: - Add path /lib/modprobe.d (bsc#1196275, jsc#SLE-20639) systemd-rpm-macros: - Make %_modprobedir point to /lib/modprobe.d (bsc#1196275, bsc#1196406) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:942-1 Released: Thu Mar 24 10:30:15 2022 Summary: Security update for python3 Type: security Severity: moderate References: 1186819,CVE-2021-3572 This update for python3 fixes the following issues: - CVE-2021-3572: Fixed an improper handling of unicode characters in pip (bsc#1186819). The following package changes have been done: - filesystem-15.0-11.8.1 updated - libpython3_6m1_0-3.6.15-150300.10.21.1 updated - python3-base-3.6.15-150300.10.21.1 updated - container:sles15-image-15.0.0-17.11.13 updated . The latest security enhancement for bci/nodejs containers addresses vulnerabilities and introduces system optimizations.. bci/nodejs security update, container advisory, SUSE patches. . LinuxSecurity.com Team

Mar 29, 2022 SuSE

security advisorymoderatesecurity update

openSUSE Leap 15.2 Security Update: froxlor Vulnerability Detected

An update that solves one vulnerability and has three fixes is now available. . openSUSE Security Update: Security update for froxlor ______________________________________________________________________________ Announcement ID: openSUSE-SU-2021:0415-1 Rating: moderate References: #1025193 #1082318 #846355 #958100 Cross-References: CVE-2016-5100 CVSS scores: CVE-2016-5100 (NVD) : 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: openSUSE Leap 15.2 ______________________________________________________________________________ An update that solves one vulnerability and has three fixes is now available. Description: This update for froxlor fixes the following issues: - Upstream upgrade to version 0.10.23 (boo#846355) - Upstream upgrade to version 0.10.22 (boo#846355) - BuildRequire cron as this contains now the cron directories - Use %license for COPYING file instead of %doc [boo#1082318] Upstream upgrade to version 0.9.40.1 (boo#846355) new features besides API that found their way in: - 2FA / TwoFactor Authentication for accounts - MySQL8 compatibility - new implementation of Let's Encrypt (acme.sh) - customizable error/access log handling for webserver (format, level, pipe-to-script, etc.) - lots and lots of bugfixes and small enhancements Upstream upgrade to version 0.9.39.5 (boo#846355) - PHP rand function for random number generation fixed in previous version (boo#1025193) CVE-2016-5100 - upstream upgrade to version 0.9.39 (boo#846355) - Add and change of froxlor config files and manual - Change Requires to enable use with php7 Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.2: zypper in -t patch openSUSE-2021-415=1 Package List: - openSUSE Leap 15.2 (noarch): froxlor-0.10.23-lp152.4.3.1 References: https://www.suse.com/security/cve/CVE-2016-5100.html https://bugzilla.suse.com/1025193 https://bugzilla.suse.com/1082318 https://bugzilla.suse.com/846355 https://bugzilla.suse.com/958100 . openSUSE has released a security update for froxlor addressing one medium vulnerability. This update includes improvements along with detailed patching guidelines.. openSUSE,froxlor updates,security fixes,system enhancements,authentication solutions. . LinuxSecurity.com Team

Mar 16, 2021 OpenSUSE

security advisorymoderateupdate

openSUSE Leap 15.2: 2021:0046-1 Moderate: Cobbler Update

An update that solves 6 vulnerabilities and has 58 fixes is now available. . openSUSE Security Update: Security update for cobbler ______________________________________________________________________________ Announcement ID: openSUSE-SU-2021:0046-1 Rating: moderate References: #1020376 #1029276 #1048183 #1074594 #1075014 #1081714 #1081739 #1090205 #1097733 #1101670 #1104189 #1104190 #1104287 #1105440 #1105442 #1113747 #1128754 #1128926 #1130658 #1134588 #1149075 #1151875 #1156574 #1159010 #1169207 #1169553 #1169779 #1170462 #660126 #671212 #672471 #682665 #687891 #695955 #714618 #722443 #722445 #757062 #763610 #783671 #790545 #796773 #811025 #812948 #842699 #846580 #869371 #884051 #924118 #952844 #956264 #966622 #966841 #967523 #968406 #969538 #969541 #973413 #973418 #976826 #980577 #984998 #986978 #988889 Cross-References: CVE-2011-4953 CVE-2012-2395 CVE-2017-1000469 CVE-2018-1000225 CVE-2018-1000226 CVE-2018-10931 Affected Products: openSUSE Leap 15.2 ______________________________________________________________________________ An update that solves 6 vulnerabilities and has 58 fixes is now available. Description: This update for cobbler fixes the following issues: - Add cobbler-tests subpackage for unit testing for openSUSE/SLE - Adds LoadModule definitions for openSUSE/SLE - Switch to new refactored auth module. - use systemctl to restart cobblerd on logfile rotation (boo#1169207) Mainline logrotate conf file uses already /sbin/service instead of outdated: /etc/init.d/cobblerd - Fix cobbler sync for DHCP or DNS (boo#1169553) Fixed mainline by commit 2d6cfe42da - Signatures file now uses "default_autoinstall" which fixes import problemhappening with some distributions (boo#1159010) - Fix for kernel and initrd detection (boo#1159010) - New: * For the distro there is now a parameter remote_boot_initrd and remote_boot_kernel () * For the profile there is now a parameter filename for DHCP. (#2280) * Signatures for ESXi 6 and 7 (#2308) * The hardlink command is now detected more dynamically and thus more error resistant (#2297) * HTTPBoot will now work in some cases out of the bug. (#2295) * Additional DNS query for a case where the wrong record was queried in the nsupdate system case (#2285) - Changes: * Enabled a lot of tests, removed some and implemented new. (#2202) * Removed not used files from the codebase. (#2302) * Exchanged mkisofs to xorrisofs. (#2296) * Removed duplicate code. (#2224) * Removed unreachable code. (#2223) * Snippet creation and deletion now works again via xmlrpc. (#2244) * Replace createrepo with createrepo_c. (#2266) * Enable Kerberos through having a case sensitive users.conf. (#2272) - Bugfixes: * General various Bugfixes (#2331, ) * Makefile usage and commands. (#2344, #2304) * Fix the dhcp template. (#2314) * Creation of the management classes and gPXE. (#2310) * Fix the scm_track module. (#2275, #2279) * Fix passing the netdevice parameter correctly to the linuxrc. (#2263) * powerstatus from cobbler now works thanks to a wrapper for ipmitool. (#2267) * In case the LDAP is used for auth, it now works with ADs. (#2274) * Fix passthru authentication. (#2271) - Other: * Add Codecov. (#2229) * Documentation updates. (#2333, #2326, #2305, #2249, #2268) * Buildprocess: * Recreation and cleanup of Grub2. (#2278) * Fix small errors for openSUSE Leap. (#2233) * Fix rpmlint errors. (#2237) * Maximum compatibility for debbuild package creation. (#2255, #2292, #2242, #2300) * Fixes related to our CI Pipeline (#2254,#2269) * Internal Code cleanup (#2273, #2270) - Breaking Changes: * Hash handling in users.digest file. (#2299) - Updated to version 3.1.1. * Introduce new packaging from upstream * Changelog see below - New: * We are now having a cross-distro specfile which can be build in the OBS (#2220) - before rewritten it was improved by #2144 & #2174 * Grub Submenu for net-booting machines (#2217) * Building the Cent-OS RPMs in Docker (#2190 #2189) * Reintroduced manpage build in setup.py (#2185) * mgmt_parameters are now passed to the dhcp template (#2182) * Using the standard Pyhton3 logger instead of a custom one (#2160 #2139 #2151) * Script for converting the settings file from 3.0.0 to 3.0.1 (#2154) * Docs now inside the repo instead of cobbler.github.io and improved with sphinx (#2117) - Changes: * The default tftpboot directory is now /var/lib/tftpboot instead of previously /srv/tftpboot (#2220) * Distro signatures were adjusted where necessary (#2219 #2134) * Removed requirements.txt and placed the requirements in setup.py (#2204) * Display only entries in grub which are from the same arch (#2191 #2216) * Change the name of the cobbler manpage form cobbler-cli to cobbler back and move it to section 8 (#2188 #2186) - Bugfixes: * Incremented Version to 3.1.1 from 3.0.1 * S390 Support was cleaned up (#2207 #2178) * PowerPC Support was cleaned up (#2178) * Added a missing import while importing a distro with cobbler import (#2201) * Fixed a case where a stacktrace would be produced so pass none instead (#2203) * Rename of suse_kopts_textmode_overwrite to kops_overwrite to utils (#2143 #2200) * Fix rsync subprocess call (#2199 #2179) * Fixed an error where the template rendering did not work (#2176) * Fixed some cobbler import errors (#2172) * Wrong shebang in various scripts (#2148) * Fix some importswhich fixes errors introduced by the remodularization (#2150 #2153) - Other: * Issue Templates for Github (#2187) - Update to latest git HEAD code base This version (from mainline so for quite a while already) also includes fixes for "boo#1149075" and boo#1151875 - Fix for cobbler import and buildiso (boo#1156574) - Adjusted manpage creation (needs sphinx as BuildRequires) - Fix cobbler sync for dhcp and dns enabled due to latest module renaming patches - Update to latest git HEAD - Fixes permission denied in apache2 context when trying to write cobbler log - Fixes a bad import in import_signature (item) - Fixes bad shebang bash path in mkgrub.sh (used in post section) - Now track Github master branch WARNING: This release contains breaking changes for your settings file! * Notable changes: - Now using standard python logger - Updated dhcpd.template - Removed fix_shebang.patch: now in upstream. - added -s parameter to fdupes call to prevent hardlink across partititons - Update to latest v3.0.0 cobbler release - Add previouly added patch: exclude_get-loaders_command.patch to the list of patches to apply. - Fix log file world readable (as suggested by Matthias Gerstner) and change file attributes via attr in spec file - Do not allow get-loaders command (download of third party provided network boot loaders we do not trust) - Mainline fixes: 3172d1df9b9cc8 Add missing help text in redhat_management_key field c8f5490e507a72 Set default interface if cobbler system add has no --interface= param 31a1aa31d26c4a Remove apache IfVersion tags from apache configs - Integrated fixes that came in from mainline from other products (to calm down obs regression checker): CVE-2011-4953, fate#312397, boo#660126, boo#671212, boo#672471, boo#682665 boo#687891, boo#695955, boo#722443, boo#722445, boo#757062, boo#763610 boo#783671, boo#790545,boo#796773, boo#811025, boo#812948, boo#842699 boo#846580, boo#869371, boo#884051, boo#976826, boo#984998 Some older bugs need boo# references as well: boo#660126, boo#671212, boo#672471, boo#682665 boo#687891, boo#695955, boo#722443, boo#722445, boo#757062, boo#763610 boo#783671, boo#790545, boo#796773, boo#811025, boo#812948, boo#842699 boo#846580, boo#869371, boo#884051 - Fix for redhat_management_key not being listed as a choice during profile rename (boo#1134588) - Added: * rhn-mngmnt-key-field-fix.diff - Fixes distribution detection in setup.py for SLESo - Added: * changes-detection-to-distro-like-for-suse-distributions.diff - Moving to pytest and adding Docker test integration - Added: * add-docker-integration-testing.diff * refactor-unittest-to-pytest.diff - Additional compatability changes for old Koan versions. - Modified: * renamed-methods-alias-part2.patch - Old Koan versions not only need method aliases, but also need compatible responses - Added: * renamed-methods-alias-part2.patch - Add the redhat_managment_* fields again to enable templating in SUMA. - Added: * revert-redhat-management-removal.patch - Changes return of last_modified_time RPC to float - Added: * changes-return-to-float.diff - provide old name aliases for all renamed methods: - get_distro_for_koan => get_distro_as_rendered - get_profile_for_koan => get_profile_as_rendered - get_system_for_koan => get_system_as_rendered - get_repo_for_koan => get_repo_as_rendered - get_image_for_koan => get_image_as_rendered - get_mgmtclass_for_koan => get_mgmtclass_as_rendered - get_package_for_koan => get_package_as_rendered - get_file_for_koan => get_file_as_rendered - Renamed: get_system_for_koan.patch => renamed-methods-alias.patch - provide renamed method "get_system_for_koan" under old name for old clients. -Added: * get_system_for_koan.patch - Bring back power_system method in the XML-RPC API - Changed lanplus option to lanplus=true in fence_ipmitool.template - Added: * power_system_xmlrpc_api.patch - Changed: * fence_ipmitool.template - Disables nsupdate_enabled by default - Added: * disable_nsupdate_enabled_by_default.diff - Fixes issue in distribution detection with "lower" function call. - Modified: * remodeled-distro-detection.diff - Adds imporoved distribution detection. Since now all base products get detected correctly, we no longer need the SUSE Manager patch. - Added: * remodeled-distro-detection.diff - fix grub directory layout - Added: * create-system-directory-at-the-correct-place.patch - fix HTTP status code of XMLRPC service - Added: * fix-http-status-code.patch - touch /etc/genders when it not exists (boo#1128926) - Add patches to fix logging - Added: * return-the-name-of-the-unknown-method.patch * call-with-logger-where-possible.patch - Switching version schema from 3.0 to 3.0.0 - Fixes case where distribution detection returns None (boo#1130658) - Added: * fixes-distro-none-case.diff - Removes newline from token, which caused authentication error (boo#1128754) - Added: * remove-newline-from-token.diff - Added a patch which fixes an exception when login in with a non-root user. - Added: * fix-login-error.patch - Added a patch which fixes an exception when login in with a non-root user. - Added: * fix-login-error.patch - Remove patch merged at upstream: * 0001-return-token-as-string.patch - change grub2-x86_64-efi dependency to Recommends - grub2-i386pc is not really required. Changed to recommended to allow building for architectures other than x86_64 - Use cdrtools starting with SLE-15 and Leap-15 again. (boo#1081739) - Update cobbler loaders server hostname (boo#980577) - Update outdatedapache config (boo#956264) - Replace builddate with changelog date to fix build-compare (boo#969538) - LOCKFILE usage removed on openSUSE (boo#714618) - Power management subsystem completely re-worked to prevent command-injection (CVE-2012-2395) - Removed patch merged at upstream: * cobblerd_needs_apache2_service_started.patch - Checking bug fixes of released products are in latest develop pkg: - remove fix-nameserver-search.fix; bug is invalid (boo#1029276) -> not needed anymore - fix cobbler yaboot handling (boo#968406, boo#966622) -> no yaboot support anymore - support UEFI boot with cobbler generated tftp tree (boo#1020376) -> upstream - Enabling PXE grub2 support for PowerPC (boo#986978) -> We have grub2 support for ppc64le - (boo#1048183) fix missing args and location for xen -> is in - no koan support anymore: boo#969541, boo#924118, boo#967523 - not installed (boo#966841) works. - These still have to be looked at: SUSE system as systemd only (boo#952844) handle list value for kernel options correctly (boo#973413) entry in pxe menu (boo#988889) - This still has to be switched off (at least in internal cobbler versions): Disabling 'get-loaders' command and 'check' fixed. boo#973418 - Add explicity require to tftp, so it is used for both SLE and openSUSE (originally from This email address is being protected from spambots. You need JavaScript enabled to view it.) - Moved Recommends according to spec_cleaner - Require latest apache2-mod_wsgi-python3 package This fixes interface to ... - Use latest github cobbler/cobbler master branch in _service file - cobblerd_needs_apache2_service_started.patch reverted, that is mainline now: - Only recommend grub2-arm and grub2-ppc packages or we might not be able to build on factory where arm/ppc might not be built - Remove genders package requires. A genders file is generated, but we do not need/use the genders package. - Update to latest cobbler version 3.0 mainline gitHEAD version and remove already integrated or not needed anymore patches. - Serial console support added, did some testing already Things should start to work as expected - Add general grub2 support - Put mkgrub.* into mkgrub.sh - Add git date and commit to version string for now - Add grub2 mkimage scripts: mkgrub.i386-pc mkgrub.powerpc-ieee1275 mkgrub.x86_64-efi mkgrub.arm64-efi and generate grub executables with them in the %post section - build server wants explicite package in BuildRequires; use tftp - require tftp(server) instead of atftp - cleanup: cobbler is noarch, so arch specific requires do not make sense - SLES15 is using /etc/os-release instead of /etc/SuSE-release, use this one for checking also - add sles15 distro profile (boo#1090205) - fix signature for SLES15 (boo#1075014) - fix signature for SLES15 (boo#1075014) - fix koan wait parameter initialization - Fix koan shebang - Escape shell parameters provided by the user for the reposync action (CVE-2017-1000469) (boo#1074594) - detect if there is already another instance of "cobbler sync" running and exit with failure if so (boo#1081714) - do not try to hardlink to a symlink. The result will be a dangling symlink in the general case (boo#1097733) - fix service restart after logrotate for cobblerd (boo#1113747) - rotate cobbler logs at higher frequency to prevent disk fillup (boo#1113747) - Forbid exposure of private methods in the API (CVE-2018-10931) (CVE-2018-1000225) (boo#1104287) (boo#1104189) (boo#1105442) - Check access token when calling 'modify_setting' API endpoint (boo#1104190) (boo#1105440) (CVE-2018-1000226) Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.2: zypper in -t patch openSUSE-2021-46=1 PackageList: - openSUSE Leap 15.2 (noarch): cobbler-3.1.2-lp152.6.3.1 cobbler-tests-3.1.2-lp152.6.3.1 cobbler-web-3.1.2-lp152.6.3.1 References: https://www.suse.com/security/cve/CVE-2011-4953.html https://www.suse.com/security/cve/CVE-2012-2395.html https://www.suse.com/security/cve/CVE-2017-1000469.html https://www.suse.com/security/cve/CVE-2018-1000225.html https://www.suse.com/security/cve/CVE-2018-1000226.html https://www.suse.com/security/cve/CVE-2018-10931.html https://bugzilla.suse.com/1020376 https://bugzilla.suse.com/1029276 https://bugzilla.suse.com/1048183 https://bugzilla.suse.com/1074594 https://bugzilla.suse.com/1075014 https://bugzilla.suse.com/1081714 https://bugzilla.suse.com/1081739 https://bugzilla.suse.com/1090205 https://bugzilla.suse.com/1097733 https://bugzilla.suse.com/1101670 https://bugzilla.suse.com/1104189 https://bugzilla.suse.com/1104190 https://bugzilla.suse.com/1104287 https://bugzilla.suse.com/1105440 https://bugzilla.suse.com/1105442 https://bugzilla.suse.com/1113747 https://bugzilla.suse.com/1128754 https://bugzilla.suse.com/1128926 https://bugzilla.suse.com/1130658 https://bugzilla.suse.com/1134588 https://bugzilla.suse.com/1149075 https://bugzilla.suse.com/1151875 https://bugzilla.suse.com/1156574 https://bugzilla.suse.com/1159010 https://bugzilla.suse.com/1169207 https://bugzilla.suse.com/1169553 https://bugzilla.suse.com/1169779 https://bugzilla.suse.com/1170462 https://bugzilla.suse.com/660126 https://bugzilla.suse.com/671212 https://bugzilla.suse.com/672471 https://bugzilla.suse.com/682665 https://bugzilla.suse.com/687891 https://bugzilla.suse.com/695955 https://bugzilla.suse.com/714618 https://bugzilla.suse.com/722443 https://bugzilla.suse.com/722445 https://bugzilla.suse.com/757062 https://bugzilla.suse.com/763610 https://bugzilla.suse.com/783671 https://bugzilla.suse.com/790545 https://bugzilla.suse.com/796773 https://bugzilla.suse.com/811025 https://bugzilla.suse.com/812948 https://bugzilla.suse.com/842699 https://bugzilla.suse.com/846580 https://bugzilla.suse.com/869371 https://bugzilla.suse.com/884051 https://bugzilla.suse.com/924118 https://bugzilla.suse.com/952844 https://bugzilla.suse.com/956264 https://bugzilla.suse.com/966622 https://bugzilla.suse.com/966841 https://bugzilla.suse.com/967523 https://bugzilla.suse.com/968406 https://bugzilla.suse.com/969538 https://bugzilla.suse.com/969541 https://bugzilla.suse.com/973413 https://bugzilla.suse.com/973418 https://bugzilla.suse.com/976826 https://bugzilla.suse.com/980577 https://bugzilla.suse.com/984998 https://bugzilla.suse.com/986978 https://bugzilla.suse.com/988889 . The latest update addresses various concerns within the cobbler system, improving its capabilities with additional functionalities while phasing out obsolete components.. openSUSE Security Update,cobbler fixes,moderate security update,system enhancements. . LinuxSecurity.com Team

Jan 11, 2021 OpenSUSE

Community Poll

More Polls

Stay Secure with the Latest Linux Advisories

Fedora 44 Transmission 4.1.2 Important Clickjacking Fix CVE-2026-38978

Fedora 44 libre 4.8.1 Critical Update Details for Real-Time Communication

Fedora 44 NextCloud Update Denial of Service JSON Tampering 2026-30881a5be7

Fedora 44 python-starlette Security Fix for CVE-2026-48710

Fedora 44 perl-Cpanel-JSON-XS Moderate Denial of Service CVE-2026-9516

Fedora 44 rubygem-yard High Path Traversal Fix Vuln 2026-acefc1fe48

Fedora 44 Rust Sequoia Sop Low-Severity Fix Advisory 2026-5c5f4f40a4

Fedora 44 rust-sequoia-sq Low Threat Security Advisory 2026-5c5f4f40a4

Fedora 44 rust-sequoia-wot Low Severity Security Fix 2026-5c5f4f40a4

Refine advisories

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending News

Ubuntu 25.10 kmod Critical Algif_aead Privilege Escalation USN-8226-1

Ubuntu 26.04 LTS nginx Critical Denial of Service 2026-42945

Ubuntu 26.04 Docker Critical Security Threats USN-8230-1 CVE-2026-33747

Debian OpenSSH Critical DSA-6204-1 CVE-2026-3497 Remote DoS Execution

Explore Latest Linux Security advisories

Fedora 39 Advisory 2024-334b3be641 Critical: SELinux Policy Enhancements

Fedora 38 FEDORA-2023-15deb2e32a critical kernel update overview of fixes

Rocky Linux 9 RLSA-2022:8057 Important Grafana Security Fix Overview

SUSE 15-SP4: 2022:3844-1 Important: Kernel Denial of Service Fix

Fedora 36: FEDORA-2022-e3a794b591 Moderate: ET Stability Improvements

SUSE: 2022:426-1 Moderate: Bci/Nodejs Security Patch Overview

openSUSE Leap 15.2 Security Update: froxlor Vulnerability Detected

openSUSE Leap 15.2: 2021:0046-1 Moderate: Cobbler Update

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending News

Ubuntu 25.10 kmod Critical Algif_aead Privilege Escalation USN-8226-1

Ubuntu 26.04 LTS nginx Critical Denial of Service 2026-42945

Ubuntu 26.04 Docker Critical Security Threats USN-8230-1 CVE-2026-33747

Debian OpenSSH Critical DSA-6204-1 CVE-2026-3497 Remote DoS Execution

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Stay Secure with the Latest Linux Advisories

Fedora 44 Transmission 4.1.2 Important Clickjacking Fix CVE-2026-38978

Fedora 44 libre 4.8.1 Critical Update Details for Real-Time Communication

Fedora 44 NextCloud Update Denial of Service JSON Tampering 2026-30881a5be7

Fedora 44 python-starlette Security Fix for CVE-2026-48710

Fedora 44 perl-Cpanel-JSON-XS Moderate Denial of Service CVE-2026-9516

Fedora 44 rubygem-yard High Path Traversal Fix Vuln 2026-acefc1fe48

Fedora 44 Rust Sequoia Sop Low-Severity Fix Advisory 2026-5c5f4f40a4

Fedora 44 rust-sequoia-sq Low Threat Security Advisory 2026-5c5f4f40a4

Fedora 44 rust-sequoia-wot Low Severity Security Fix 2026-5c5f4f40a4

Refine advisories

severity

Topics

Distro

Published Date

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending News

Explore Latest Linux Security advisories

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending News

Search Topics

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!