Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 16 articles for you...
100
security advisorykernel patchimportantSUSE 15 SP3: 2025:0101-1 important: Kernel Live Patch Update
* bsc#1210619 * bsc#1218487 * bsc#1220145 * bsc#1220537 * bsc#1221302 . # Security update for the Linux Kernel (Live Patch 42 for SLE 15 SP3) Announcement ID: SUSE-SU-2025:0101-1 Release Date: 2025-01-14T17:04:00Z Rating: important References: * bsc#1210619 * bsc#1218487 * bsc#1220145 * bsc#1220537 * bsc#1221302 * bsc#1222685 * bsc#1223059 * bsc#1223363 * bsc#1223514 * bsc#1223683 * bsc#1225013 * bsc#1225202 * bsc#1225211 * bsc#1225302 * bsc#1225309 * bsc#1225310 * bsc#1225311 * bsc#1225312 * bsc#1225733 * bsc#1225819 * bsc#1226325 * bsc#1227471 * bsc#1227651 * bsc#1228573 * bsc#1229553 * bsc#1232637 * bsc#1233712 Cross-References: * CVE-2021-46955 * CVE-2021-47291 * CVE-2021-47378 * CVE-2021-47383 * CVE-2021-47402 * CVE-2021-47598 * CVE-2022-48651 * CVE-2022-48956 * CVE-2023-1829 * CVE-2023-52752 * CVE-2023-6531 * CVE-2023-6546 * CVE-2024-23307 * CVE-2024-26610 * CVE-2024-26828 * CVE-2024-26852 * CVE-2024-26923 * CVE-2024-27398 * CVE-2024-35861 * CVE-2024-35862 * CVE-2024-35864 * CVE-2024-35950 * CVE-2024-36904 * CVE-2024-36964 * CVE-2024-41059 * CVE-2024-43861 * CVE-2024-50264 CVSS scores: * CVE-2021-46955 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2021-46955 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2021-47291 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2021-47291 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2021-47378 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2021-47383 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2021-47402 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2021-47402 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2021-47598 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2021-47598 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48651 (SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48956 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48956 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1829 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1829 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-52752 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-52752 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-6531 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-6531 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-6546 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-6546 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-6546 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-23307 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-23307 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26610 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H * CVE-2024-26610 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26828 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H * CVE-2024-26828 ( NVD ): 6.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H * CVE-2024-26852 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26852 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26923 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-27398 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35861 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35861 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35862 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35862 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35864 ( SUSE ): 7.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35864 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35950 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-36904 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-36964 ( SUSE ): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41059 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-41059 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41059 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2024-43861 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-43861 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-50264 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-50264 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-50264 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.3 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise Live Patching 15-SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 An update that solves 27 vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.3.18-150300_59_153 fixes several issues. The following security issues were fixed: * CVE-2024-50264: vsock/virtio: Initialization of the dangling pointer occurring in vsk-> trans (bsc#1233712). * CVE-2022-48956: ipv6: avoid use-after-free in ip6_fragment() (bsc#1232637). * CVE-2024-36904: tcp: Use refcount_inc_not_zero() in tcp_twsk_unique() (bsc#1225733). * CVE-2024-43861: Fix memory leak for not ip packets (bsc#1229553). * CVE-2021-47598: sch_cake: do not call cake_destroy() from cake_init() (bsc#1227471). * CVE-2023-52752: smb: client: fixuse-after-free bug in cifs_debug_data_proc_show() (bsc#1225819). * CVE-2024-35862: Fixed potential UAF in smb2_is_network_name_deleted() (bsc#1225311). * CVE-2024-35864: Fixed potential UAF in smb2_is_valid_lease_break() (bsc#1225309). * CVE-2024-35861: Fixed potential UAF in cifs_signal_cifsd_for_reconnect() (bsc#1225312). * CVE-2021-47291: ipv6: fix another slab-out-of-bounds in fib6_nh_flush_exceptions (bsc#1227651). * CVE-2024-41059: hfsplus: fix uninit-value in copy_name (bsc#1228573). * CVE-2024-36964: fs/9p: only translate RWX permissions for plain 9P2000 (bsc#1226325). * CVE-2021-47402: Protect fl_walk() with rcu (bsc#1225301) * CVE-2021-47378: Destroy cm id before destroy qp to avoid use after free (bsc#1225202). * CVE-2024-27398: Fixed use-after-free bugs caused by sco_sock_timeout (bsc#1225013). * CVE-2024-35950: drm/client: Fully protect modes with dev-> mode_config.mutex (bsc#1225310). * CVE-2021-47383: Fixed out-of-bound vmalloc access in imageblit (bsc#1225211). * CVE-2024-26923: Fixed false-positive lockdep splat for spin_lock() in __unix_gc() (bsc#1223683). * CVE-2024-26828: Fixed underflow in parse_server_interfaces() (bsc#1223363). * CVE-2021-46955: Fixed an out-of-bounds read with openvswitch, when fragmenting IPv4 packets (bsc#1220537). * CVE-2024-23307: Fixed Integer Overflow or Wraparound vulnerability in x86 and ARM md, raid, raid5 modules (bsc#1220145). * CVE-2024-26852: Fixed use-after-free in ip6_route_mpath_notify() (bsc#1223059). * CVE-2024-26610: Fixed memory corruption in wifi/iwlwifi (bsc#1221302). * CVE-2022-48651: Fixed an out-of-bound bug in ipvlan caused by unset skb-> mac_header (bsc#1223514). * CVE-2023-6546: Fixed a race condition in the GSM 0710 tty multiplexor via the GSMIOC_SETCONF ioctl that could lead to local privilege escalation (bsc#1222685). * CVE-2023-6531: Fixed a use-after-free flaw due to a race problem in the unix garbage collector's deletion of SKBraces with unix_stream_read_generic()on the socket that the SKB is queued on (bsc#1218487). * CVE-2023-1829: Fixed a use-after-free vulnerability in the control index filter (tcindex) (bsc#1210619). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.3 zypper in -t patch SUSE-2025-101=1 * SUSE Linux Enterprise Live Patching 15-SP3 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2025-101=1 ## Package List: * openSUSE Leap 15.3 (ppc64le s390x x86_64) * kernel-livepatch-5_3_18-150300_59_153-default-11-150300.7.6.1 * kernel-livepatch-SLE15-SP3_Update_42-debugsource-11-150300.7.6.1 * kernel-livepatch-5_3_18-150300_59_153-default-debuginfo-11-150300.7.6.1 * openSUSE Leap 15.3 (x86_64) * kernel-livepatch-5_3_18-150300_59_153-preempt-debuginfo-11-150300.7.6.1 * kernel-livepatch-5_3_18-150300_59_153-preempt-11-150300.7.6.1 * SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64) * kernel-livepatch-5_3_18-150300_59_153-default-11-150300.7.6.1 ## References: * https://www.suse.com/security/cve/CVE-2021-46955.html * https://www.suse.com/security/cve/CVE-2021-47291.html * https://www.suse.com/security/cve/CVE-2021-47378.html * https://www.suse.com/security/cve/CVE-2021-47383.html * https://www.suse.com/security/cve/CVE-2021-47402.html * https://www.suse.com/security/cve/CVE-2021-47598.html * https://www.suse.com/security/cve/CVE-2022-48651.html * https://www.suse.com/security/cve/CVE-2022-48956.html * https://www.suse.com/security/cve/CVE-2023-1829.html * https://www.suse.com/security/cve/CVE-2023-52752.html * https://www.suse.com/security/cve/CVE-2023-6531.html * https://www.suse.com/security/cve/CVE-2023-6546.html * https://www.suse.com/security/cve/CVE-2024-23307.html * https://www.suse.com/security/cve/CVE-2024-26610.html *https://www.suse.com/security/cve/CVE-2024-26828.html * https://www.suse.com/security/cve/CVE-2024-26852.html * https://www.suse.com/security/cve/CVE-2024-26923.html * https://www.suse.com/security/cve/CVE-2024-27398.html * https://www.suse.com/security/cve/CVE-2024-35861.html * https://www.suse.com/security/cve/CVE-2024-35862.html * https://www.suse.com/security/cve/CVE-2024-35864.html * https://www.suse.com/security/cve/CVE-2024-35950.html * https://www.suse.com/security/cve/CVE-2024-36904.html * https://www.suse.com/security/cve/CVE-2024-36964.html * https://www.suse.com/security/cve/CVE-2024-41059.html * https://www.suse.com/security/cve/CVE-2024-43861.html * https://www.suse.com/security/cve/CVE-2024-50264.html * https://bugzilla.suse.com/show_bug.cgi?id=1210619 * https://bugzilla.suse.com/show_bug.cgi?id=1218487 * https://bugzilla.suse.com/show_bug.cgi?id=1220145 * https://bugzilla.suse.com/show_bug.cgi?id=1220537 * https://bugzilla.suse.com/show_bug.cgi?id=1221302 * https://bugzilla.suse.com/show_bug.cgi?id=1222685 * https://bugzilla.suse.com/show_bug.cgi?id=1223059 * https://bugzilla.suse.com/show_bug.cgi?id=1223363 * https://bugzilla.suse.com/show_bug.cgi?id=1223514 * https://bugzilla.suse.com/show_bug.cgi?id=1223683 * https://bugzilla.suse.com/show_bug.cgi?id=1225013 * https://bugzilla.suse.com/show_bug.cgi?id=1225202 * https://bugzilla.suse.com/show_bug.cgi?id=1225211 * https://bugzilla.suse.com/show_bug.cgi?id=1225302 * https://bugzilla.suse.com/show_bug.cgi?id=1225309 * https://bugzilla.suse.com/show_bug.cgi?id=1225310 * https://bugzilla.suse.com/show_bug.cgi?id=1225311 * https://bugzilla.suse.com/show_bug.cgi?id=1225312 * https://bugzilla.suse.com/show_bug.cgi?id=1225733 * https://bugzilla.suse.com/show_bug.cgi?id=1225819 * https://bugzilla.suse.com/show_bug.cgi?id=1226325 * https://bugzilla.suse.com/show_bug.cgi?id=1227471 * https://bugzilla.suse.com/show_bug.cgi?id=1227651 * https://bugzilla.suse.com/show_bug.cgi?id=1228573 * https://bugzilla.suse.com/show_bug.cgi?id=1229553 * https://bugzilla.suse.com/show_bug.cgi?id=1232637 * https://bugzilla.suse.com/show_bug.cgi?id=1233712 . Vital security patches for Fedora Linux Kernel address significant vulnerabilities with key enhancements and modifications.. SUSE Linux Enterprise, Kernel Patch, Security Updates, Live Patching, System Fixes. . Severity: Important. LinuxSecurity.com Team
Jan 14, 2025
•Important
SuSE
89
security advisorykernel updateFedoraFedora 40: 6.8.5 Critical Advisory: Kernel Update Issues Resolved
The 6.8.5 stable kernel update contains a number of important fixes across the tree. . -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-6d35739db7 2024-04-13 03:40:51.150308 -------------------------------------------------------------------------------- Name : kernel Product : Fedora 40 Version : 6.8.5 Release : 301.fc40 URL : https://www.kernel.org/ Summary : The Linux kernel Description : The kernel meta package -------------------------------------------------------------------------------- Update Information: The 6.8.5 stable kernel update contains a number of important fixes across the tree. -------------------------------------------------------------------------------- ChangeLog: * Thu Apr 11 2024 Justin M. Forbes [6.8.5-301] - nouveau: fix devinit paths to only handle display on GSP. (Dave Airlie) - Add bluetooth bug to Bugsfixed for 6.8.6 (Justin M. Forbes) - Bluetooth: l2cap: Don't double set the HCI_CONN_MGMT_CONNECTED bit (Archie Pusaka) * Wed Apr 10 2024 Justin M. Forbes [6.8.5-0] - Set configs for SPECTRE_BHI (Justin M. Forbes) - Add AMD PMF bug (Justin M. Forbes) - redhat/configs: Enable CONFIG_AMDTEE for x86 (David Arcari) - Add CVE fix for 6.8.5 (Justin M. Forbes) - Linux v6.8.5 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2273968 - CVE-2024-26811 kernel: ksmbd: validate payload size in ipc response [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2273968 [ 2 ] Bug #2274047 - Bluetooth headset partially connects under some circumstances with blues 5.73-3.fc40.x86_64 https://bugzilla.redhat.com/show_bug.cgi?id=2274047 [ 3 ] Bug #2274069 - AMD-PMF driver fails to load on kernel- 6.8.4-300.fc40.x86_64. Resulting in GPU failing to use full gpu available watts. https://bugzilla.redhat.com/show_bug.cgi?id=2274069 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-6d35739db7' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Apr 13, 2024
•Critical
Fedora
89
security advisoryFedoracritical issuesFedora 38: FEDORA-2023-a4c606585e Critical: Xenstored Issues
xenstored: A transaction conflict can crash C Xenstored [XSA-440, CVE-2023-34323] x86/AMD: missing IOMMU TLB flushing [XSA-442, CVE-2023-34326] Multiple vulnerabilities in libfsimage disk handling [XSA-443, CVE-2023-34325] x86/AMD: Debug Mask handling [XSA-444, CVE-2023-34327, CVE-2023-34328]. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2023-a4c606585e 2023-10-26 01:50:50.421546 -------------------------------------------------------------------------------- Name : xen Product : Fedora 38 Version : 4.17.2 Release : 4.fc38 URL : https://xenproject.org/ Summary : Xen is a virtual machine monitor Description : This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor -------------------------------------------------------------------------------- Update Information: xenstored: A transaction conflict can crash C Xenstored [XSA-440, CVE-2023-34323] x86/AMD: missing IOMMU TLB flushing [XSA-442, CVE-2023-34326] Multiple vulnerabilities in libfsimage disk handling [XSA-443, CVE-2023-34325] x86/AMD: Debug Mask handling [XSA-444, CVE-2023-34327, CVE-2023-34328] -------------------------------------------------------------------------------- ChangeLog: * Tue Oct 10 2023 Michael Young - 4.17.2-4 - xenstored: A transaction conflict can crash C Xenstored [XSA-440, CVE-2023-34323] - x86/AMD: missing IOMMU TLB flushing [XSA-442, CVE-2023-34326] - Multiple vulnerabilities in libfsimage disk handling [XSA-443, CVE-2023-34325] - x86/AMD: Debug Mask handling [XSA-444, CVE-2023-34327, CVE-2023-34328] * Sun Oct 8 2023 Michael Young - 4.17.2-3 - rebuild (f40) for OCaml 5.1 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-a4c606585e' at the command line. For moreinformation, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
Oct 26, 2023
•Critical
Fedora
100
security advisoryvulnerabilityimportantSUSE: 2022:2351-1 Important: Python3 Command Injection Risk
An update that solves two vulnerabilities and has three fixes is now available. . SUSE Security Update: Security update for python3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2351-1 Rating: important References: #1186819 #1190566 #1192249 #1193179 #1198511 Cross-References: CVE-2015-20107 CVE-2021-3572 CVSS scores: CVE-2015-20107 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2015-20107 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L CVE-2021-3572 (NVD) : 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N CVE-2021-3572 (SUSE): 4.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Manager Proxy 4.1 SUSEManager Retail Branch Server 4.1 SUSE Manager Server 4.1 ______________________________________________________________________________ An update that solves two vulnerabilities and has three fixes is now available. Description: This update for python3 fixes the following issues: Security issues fixed: - CVE-2021-3572: Update bundled pip wheel to the latest SLE version (bsc#1186819) - CVE-2015-20107: avoid command injection in the mailcap module (bsc#1198511). Other bugs fixed: - Remove shebangs from from python-base libraries in _libdir (bsc#1193179, bsc#1192249). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-2351=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-2351=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-2351=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-2351=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-2351=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-2351=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-2351=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-2351=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-2351=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patchSUSE-SLE-Product-SLES-15-SP1-BCL-2022-2351=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-2351=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-2351=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-2351=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-2351=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-2351=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-2351=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2351=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2351=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-2351=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-2351=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Server 4.1 (ppc64le s390x x86_64): libpython3_6m1_0-3.6.15-150000.3.106.1 libpython3_6m1_0-debuginfo-3.6.15-150000.3.106.1 python3-3.6.15-150000.3.106.1 python3-base-3.6.15-150000.3.106.1 python3-curses-3.6.15-150000.3.106.1 python3-curses-debuginfo-3.6.15-150000.3.106.1 python3-dbm-3.6.15-150000.3.106.1 python3-dbm-debuginfo-3.6.15-150000.3.106.1 python3-debuginfo-3.6.15-150000.3.106.1 python3-debugsource-3.6.15-150000.3.106.1 python3-devel-3.6.15-150000.3.106.1 python3-devel-debuginfo-3.6.15-150000.3.106.1 python3-idle-3.6.15-150000.3.106.1 python3-tk-3.6.15-150000.3.106.1 python3-tk-debuginfo-3.6.15-150000.3.106.1 python3-tools-3.6.15-150000.3.106.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): libpython3_6m1_0-3.6.15-150000.3.106.1 libpython3_6m1_0-debuginfo-3.6.15-150000.3.106.1 python3-3.6.15-150000.3.106.1 python3-base-3.6.15-150000.3.106.1 python3-curses-3.6.15-150000.3.106.1 python3-curses-debuginfo-3.6.15-150000.3.106.1 python3-dbm-3.6.15-150000.3.106.1 python3-dbm-debuginfo-3.6.15-150000.3.106.1 python3-debuginfo-3.6.15-150000.3.106.1 python3-debugsource-3.6.15-150000.3.106.1 python3-devel-3.6.15-150000.3.106.1 python3-devel-debuginfo-3.6.15-150000.3.106.1 python3-idle-3.6.15-150000.3.106.1 python3-tk-3.6.15-150000.3.106.1 python3-tk-debuginfo-3.6.15-150000.3.106.1 python3-tools-3.6.15-150000.3.106.1 - SUSE Manager Proxy 4.1 (x86_64): libpython3_6m1_0-3.6.15-150000.3.106.1 libpython3_6m1_0-debuginfo-3.6.15-150000.3.106.1 python3-3.6.15-150000.3.106.1 python3-base-3.6.15-150000.3.106.1 python3-curses-3.6.15-150000.3.106.1 python3-curses-debuginfo-3.6.15-150000.3.106.1 python3-dbm-3.6.15-150000.3.106.1 python3-dbm-debuginfo-3.6.15-150000.3.106.1 python3-debuginfo-3.6.15-150000.3.106.1 python3-debugsource-3.6.15-150000.3.106.1 python3-devel-3.6.15-150000.3.106.1 python3-devel-debuginfo-3.6.15-150000.3.106.1 python3-idle-3.6.15-150000.3.106.1 python3-tk-3.6.15-150000.3.106.1 python3-tk-debuginfo-3.6.15-150000.3.106.1 python3-tools-3.6.15-150000.3.106.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): libpython3_6m1_0-3.6.15-150000.3.106.1 libpython3_6m1_0-debuginfo-3.6.15-150000.3.106.1 python3-3.6.15-150000.3.106.1 python3-base-3.6.15-150000.3.106.1 python3-curses-3.6.15-150000.3.106.1 python3-curses-debuginfo-3.6.15-150000.3.106.1 python3-dbm-3.6.15-150000.3.106.1 python3-dbm-debuginfo-3.6.15-150000.3.106.1 python3-debuginfo-3.6.15-150000.3.106.1 python3-debugsource-3.6.15-150000.3.106.1 python3-devel-3.6.15-150000.3.106.1 python3-devel-debuginfo-3.6.15-150000.3.106.1 python3-idle-3.6.15-150000.3.106.1 python3-tk-3.6.15-150000.3.106.1 python3-tk-debuginfo-3.6.15-150000.3.106.1 python3-tools-3.6.15-150000.3.106.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): libpython3_6m1_0-3.6.15-150000.3.106.1 libpython3_6m1_0-debuginfo-3.6.15-150000.3.106.1 python3-3.6.15-150000.3.106.1 python3-base-3.6.15-150000.3.106.1 python3-curses-3.6.15-150000.3.106.1 python3-curses-debuginfo-3.6.15-150000.3.106.1 python3-dbm-3.6.15-150000.3.106.1 python3-dbm-debuginfo-3.6.15-150000.3.106.1 python3-debuginfo-3.6.15-150000.3.106.1 python3-debugsource-3.6.15-150000.3.106.1 python3-devel-3.6.15-150000.3.106.1 python3-devel-debuginfo-3.6.15-150000.3.106.1 python3-idle-3.6.15-150000.3.106.1 python3-testsuite-3.6.15-150000.3.106.1 python3-tk-3.6.15-150000.3.106.1 python3-tk-debuginfo-3.6.15-150000.3.106.1 python3-tools-3.6.15-150000.3.106.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): libpython3_6m1_0-3.6.15-150000.3.106.1 libpython3_6m1_0-debuginfo-3.6.15-150000.3.106.1 python3-3.6.15-150000.3.106.1 python3-base-3.6.15-150000.3.106.1 python3-curses-3.6.15-150000.3.106.1 python3-curses-debuginfo-3.6.15-150000.3.106.1 python3-dbm-3.6.15-150000.3.106.1 python3-dbm-debuginfo-3.6.15-150000.3.106.1 python3-debuginfo-3.6.15-150000.3.106.1 python3-debugsource-3.6.15-150000.3.106.1 python3-devel-3.6.15-150000.3.106.1 python3-devel-debuginfo-3.6.15-150000.3.106.1 python3-idle-3.6.15-150000.3.106.1 python3-tk-3.6.15-150000.3.106.1 python3-tk-debuginfo-3.6.15-150000.3.106.1 python3-tools-3.6.15-150000.3.106.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): libpython3_6m1_0-3.6.15-150000.3.106.1 libpython3_6m1_0-debuginfo-3.6.15-150000.3.106.1 python3-3.6.15-150000.3.106.1 python3-base-3.6.15-150000.3.106.1 python3-curses-3.6.15-150000.3.106.1 python3-curses-debuginfo-3.6.15-150000.3.106.1 python3-dbm-3.6.15-150000.3.106.1 python3-dbm-debuginfo-3.6.15-150000.3.106.1 python3-debuginfo-3.6.15-150000.3.106.1 python3-debugsource-3.6.15-150000.3.106.1 python3-devel-3.6.15-150000.3.106.1 python3-devel-debuginfo-3.6.15-150000.3.106.1 python3-idle-3.6.15-150000.3.106.1 python3-tk-3.6.15-150000.3.106.1 python3-tk-debuginfo-3.6.15-150000.3.106.1 python3-tools-3.6.15-150000.3.106.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): libpython3_6m1_0-3.6.15-150000.3.106.1 libpython3_6m1_0-debuginfo-3.6.15-150000.3.106.1 python3-3.6.15-150000.3.106.1 python3-base-3.6.15-150000.3.106.1 python3-curses-3.6.15-150000.3.106.1 python3-curses-debuginfo-3.6.15-150000.3.106.1 python3-dbm-3.6.15-150000.3.106.1 python3-dbm-debuginfo-3.6.15-150000.3.106.1 python3-debuginfo-3.6.15-150000.3.106.1 python3-debugsource-3.6.15-150000.3.106.1 python3-devel-3.6.15-150000.3.106.1 python3-devel-debuginfo-3.6.15-150000.3.106.1 python3-idle-3.6.15-150000.3.106.1 python3-tk-3.6.15-150000.3.106.1 python3-tk-debuginfo-3.6.15-150000.3.106.1 python3-tools-3.6.15-150000.3.106.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): libpython3_6m1_0-3.6.15-150000.3.106.1 libpython3_6m1_0-debuginfo-3.6.15-150000.3.106.1 python3-3.6.15-150000.3.106.1 python3-base-3.6.15-150000.3.106.1 python3-curses-3.6.15-150000.3.106.1 python3-curses-debuginfo-3.6.15-150000.3.106.1 python3-dbm-3.6.15-150000.3.106.1 python3-dbm-debuginfo-3.6.15-150000.3.106.1 python3-debuginfo-3.6.15-150000.3.106.1 python3-debugsource-3.6.15-150000.3.106.1 python3-devel-3.6.15-150000.3.106.1 python3-devel-debuginfo-3.6.15-150000.3.106.1 python3-idle-3.6.15-150000.3.106.1 python3-testsuite-3.6.15-150000.3.106.1 python3-tk-3.6.15-150000.3.106.1 python3-tk-debuginfo-3.6.15-150000.3.106.1 python3-tools-3.6.15-150000.3.106.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): libpython3_6m1_0-3.6.15-150000.3.106.1 libpython3_6m1_0-debuginfo-3.6.15-150000.3.106.1 python3-3.6.15-150000.3.106.1 python3-base-3.6.15-150000.3.106.1 python3-curses-3.6.15-150000.3.106.1 python3-curses-debuginfo-3.6.15-150000.3.106.1 python3-dbm-3.6.15-150000.3.106.1 python3-dbm-debuginfo-3.6.15-150000.3.106.1 python3-debuginfo-3.6.15-150000.3.106.1 python3-debugsource-3.6.15-150000.3.106.1 python3-devel-3.6.15-150000.3.106.1 python3-devel-debuginfo-3.6.15-150000.3.106.1 python3-idle-3.6.15-150000.3.106.1 python3-testsuite-3.6.15-150000.3.106.1 python3-tk-3.6.15-150000.3.106.1 python3-tk-debuginfo-3.6.15-150000.3.106.1 python3-tools-3.6.15-150000.3.106.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): libpython3_6m1_0-3.6.15-150000.3.106.1 libpython3_6m1_0-debuginfo-3.6.15-150000.3.106.1 python3-3.6.15-150000.3.106.1 python3-base-3.6.15-150000.3.106.1 python3-curses-3.6.15-150000.3.106.1 python3-curses-debuginfo-3.6.15-150000.3.106.1 python3-dbm-3.6.15-150000.3.106.1 python3-dbm-debuginfo-3.6.15-150000.3.106.1 python3-debuginfo-3.6.15-150000.3.106.1 python3-debugsource-3.6.15-150000.3.106.1 python3-devel-3.6.15-150000.3.106.1 python3-devel-debuginfo-3.6.15-150000.3.106.1 python3-idle-3.6.15-150000.3.106.1 python3-tk-3.6.15-150000.3.106.1 python3-tk-debuginfo-3.6.15-150000.3.106.1 python3-tools-3.6.15-150000.3.106.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): libpython3_6m1_0-3.6.15-150000.3.106.1 libpython3_6m1_0-debuginfo-3.6.15-150000.3.106.1 python3-3.6.15-150000.3.106.1 python3-base-3.6.15-150000.3.106.1 python3-base-debuginfo-3.6.15-150000.3.106.1 python3-core-debugsource-3.6.15-150000.3.106.1 python3-debuginfo-3.6.15-150000.3.106.1 python3-debugsource-3.6.15-150000.3.106.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): libpython3_6m1_0-3.6.15-150000.3.106.1 libpython3_6m1_0-debuginfo-3.6.15-150000.3.106.1 python3-3.6.15-150000.3.106.1 python3-base-3.6.15-150000.3.106.1 python3-curses-3.6.15-150000.3.106.1 python3-curses-debuginfo-3.6.15-150000.3.106.1 python3-dbm-3.6.15-150000.3.106.1 python3-dbm-debuginfo-3.6.15-150000.3.106.1 python3-debuginfo-3.6.15-150000.3.106.1 python3-debugsource-3.6.15-150000.3.106.1 python3-devel-3.6.15-150000.3.106.1 python3-devel-debuginfo-3.6.15-150000.3.106.1 python3-idle-3.6.15-150000.3.106.1 python3-tk-3.6.15-150000.3.106.1 python3-tk-debuginfo-3.6.15-150000.3.106.1 python3-tools-3.6.15-150000.3.106.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): libpython3_6m1_0-3.6.15-150000.3.106.1 libpython3_6m1_0-debuginfo-3.6.15-150000.3.106.1 python3-3.6.15-150000.3.106.1 python3-base-3.6.15-150000.3.106.1 python3-curses-3.6.15-150000.3.106.1 python3-curses-debuginfo-3.6.15-150000.3.106.1 python3-dbm-3.6.15-150000.3.106.1 python3-dbm-debuginfo-3.6.15-150000.3.106.1 python3-debuginfo-3.6.15-150000.3.106.1 python3-debugsource-3.6.15-150000.3.106.1 python3-devel-3.6.15-150000.3.106.1 python3-devel-debuginfo-3.6.15-150000.3.106.1 python3-idle-3.6.15-150000.3.106.1 python3-tk-3.6.15-150000.3.106.1 python3-tk-debuginfo-3.6.15-150000.3.106.1 python3-tools-3.6.15-150000.3.106.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): libpython3_6m1_0-3.6.15-150000.3.106.1 libpython3_6m1_0-debuginfo-3.6.15-150000.3.106.1 python3-3.6.15-150000.3.106.1 python3-base-3.6.15-150000.3.106.1 python3-curses-3.6.15-150000.3.106.1 python3-curses-debuginfo-3.6.15-150000.3.106.1 python3-dbm-3.6.15-150000.3.106.1 python3-dbm-debuginfo-3.6.15-150000.3.106.1 python3-debuginfo-3.6.15-150000.3.106.1 python3-debugsource-3.6.15-150000.3.106.1 python3-devel-3.6.15-150000.3.106.1 python3-devel-debuginfo-3.6.15-150000.3.106.1 python3-idle-3.6.15-150000.3.106.1 python3-testsuite-3.6.15-150000.3.106.1 python3-tk-3.6.15-150000.3.106.1 python3-tk-debuginfo-3.6.15-150000.3.106.1 python3-tools-3.6.15-150000.3.106.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): libpython3_6m1_0-3.6.15-150000.3.106.1 libpython3_6m1_0-debuginfo-3.6.15-150000.3.106.1 python3-3.6.15-150000.3.106.1 python3-base-3.6.15-150000.3.106.1 python3-curses-3.6.15-150000.3.106.1 python3-curses-debuginfo-3.6.15-150000.3.106.1 python3-dbm-3.6.15-150000.3.106.1 python3-dbm-debuginfo-3.6.15-150000.3.106.1 python3-debuginfo-3.6.15-150000.3.106.1 python3-debugsource-3.6.15-150000.3.106.1 python3-devel-3.6.15-150000.3.106.1 python3-devel-debuginfo-3.6.15-150000.3.106.1 python3-idle-3.6.15-150000.3.106.1 python3-testsuite-3.6.15-150000.3.106.1 python3-tk-3.6.15-150000.3.106.1 python3-tk-debuginfo-3.6.15-150000.3.106.1 python3-tools-3.6.15-150000.3.106.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): libpython3_6m1_0-3.6.15-150000.3.106.1 libpython3_6m1_0-debuginfo-3.6.15-150000.3.106.1 python3-3.6.15-150000.3.106.1 python3-base-3.6.15-150000.3.106.1 python3-curses-3.6.15-150000.3.106.1 python3-curses-debuginfo-3.6.15-150000.3.106.1 python3-dbm-3.6.15-150000.3.106.1 python3-dbm-debuginfo-3.6.15-150000.3.106.1 python3-debuginfo-3.6.15-150000.3.106.1 python3-debugsource-3.6.15-150000.3.106.1 python3-devel-3.6.15-150000.3.106.1 python3-devel-debuginfo-3.6.15-150000.3.106.1 python3-idle-3.6.15-150000.3.106.1 python3-tk-3.6.15-150000.3.106.1 python3-tk-debuginfo-3.6.15-150000.3.106.1 python3-tools-3.6.15-150000.3.106.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): libpython3_6m1_0-3.6.15-150000.3.106.1 libpython3_6m1_0-debuginfo-3.6.15-150000.3.106.1 python3-3.6.15-150000.3.106.1 python3-base-3.6.15-150000.3.106.1 python3-curses-3.6.15-150000.3.106.1 python3-curses-debuginfo-3.6.15-150000.3.106.1 python3-dbm-3.6.15-150000.3.106.1 python3-dbm-debuginfo-3.6.15-150000.3.106.1 python3-debuginfo-3.6.15-150000.3.106.1 python3-debugsource-3.6.15-150000.3.106.1 python3-devel-3.6.15-150000.3.106.1 python3-devel-debuginfo-3.6.15-150000.3.106.1 python3-idle-3.6.15-150000.3.106.1 python3-tk-3.6.15-150000.3.106.1 python3-tk-debuginfo-3.6.15-150000.3.106.1 python3-tools-3.6.15-150000.3.106.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): libpython3_6m1_0-3.6.15-150000.3.106.1 libpython3_6m1_0-debuginfo-3.6.15-150000.3.106.1 python3-3.6.15-150000.3.106.1 python3-base-3.6.15-150000.3.106.1 python3-curses-3.6.15-150000.3.106.1 python3-curses-debuginfo-3.6.15-150000.3.106.1 python3-dbm-3.6.15-150000.3.106.1 python3-dbm-debuginfo-3.6.15-150000.3.106.1 python3-debuginfo-3.6.15-150000.3.106.1 python3-debugsource-3.6.15-150000.3.106.1 python3-devel-3.6.15-150000.3.106.1 python3-devel-debuginfo-3.6.15-150000.3.106.1 python3-idle-3.6.15-150000.3.106.1 python3-tk-3.6.15-150000.3.106.1 python3-tk-debuginfo-3.6.15-150000.3.106.1 python3-tools-3.6.15-150000.3.106.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): libpython3_6m1_0-3.6.15-150000.3.106.1 libpython3_6m1_0-debuginfo-3.6.15-150000.3.106.1 python3-3.6.15-150000.3.106.1 python3-base-3.6.15-150000.3.106.1 python3-curses-3.6.15-150000.3.106.1 python3-curses-debuginfo-3.6.15-150000.3.106.1 python3-dbm-3.6.15-150000.3.106.1 python3-dbm-debuginfo-3.6.15-150000.3.106.1 python3-debuginfo-3.6.15-150000.3.106.1 python3-debugsource-3.6.15-150000.3.106.1 python3-devel-3.6.15-150000.3.106.1 python3-devel-debuginfo-3.6.15-150000.3.106.1 python3-idle-3.6.15-150000.3.106.1 python3-testsuite-3.6.15-150000.3.106.1 python3-tk-3.6.15-150000.3.106.1 python3-tk-debuginfo-3.6.15-150000.3.106.1 python3-tools-3.6.15-150000.3.106.1 - SUSE CaaS Platform 4.0 (x86_64): libpython3_6m1_0-3.6.15-150000.3.106.1 libpython3_6m1_0-debuginfo-3.6.15-150000.3.106.1 python3-3.6.15-150000.3.106.1 python3-base-3.6.15-150000.3.106.1 python3-curses-3.6.15-150000.3.106.1 python3-curses-debuginfo-3.6.15-150000.3.106.1 python3-dbm-3.6.15-150000.3.106.1 python3-dbm-debuginfo-3.6.15-150000.3.106.1 python3-debuginfo-3.6.15-150000.3.106.1 python3-debugsource-3.6.15-150000.3.106.1 python3-devel-3.6.15-150000.3.106.1 python3-devel-debuginfo-3.6.15-150000.3.106.1 python3-idle-3.6.15-150000.3.106.1 python3-testsuite-3.6.15-150000.3.106.1 python3-tk-3.6.15-150000.3.106.1 python3-tk-debuginfo-3.6.15-150000.3.106.1 python3-tools-3.6.15-150000.3.106.1 References: https://www.suse.com/security/cve/CVE-2015-20107.html https://www.suse.com/security/cve/CVE-2021-3572.html https://bugzilla.suse.com/1186819 https://bugzilla.suse.com/1190566 https://bugzilla.suse.com/1192249 https://bugzilla.suse.com/1193179 https://bugzilla.suse.com/1198511 . SUSE has issued an important update for python3, addressing multiple vulnerabilities and enhancing system performance with essential patching instructions for users to follow. SUSE Python3 Update,SUSE Security Fixes,Python3 Vulnerabilities,SUSE Patch Instructions. . Severity: Important. LinuxSecurity.com Team
Jul 11, 2022
•Important
SuSE
100
security advisorykernel updateimportantSUSE Linux Enterprise 12-SP5: 2022:2080-1 Important: Kernel Update
An update that solves 18 vulnerabilities and has 27 fixes is now available. . SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2080-1 Rating: important References: #1024718 #1055117 #1061840 #1065729 #1129770 #1158266 #1162338 #1162369 #1173871 #1188885 #1194124 #1195612 #1195651 #1196426 #1196570 #1197219 #1197601 #1198438 #1198577 #1198899 #1198989 #1199035 #1199063 #1199237 #1199239 #1199314 #1199399 #1199426 #1199505 #1199507 #1199526 #1199602 #1199605 #1199606 #1199631 #1199650 #1199671 #1199839 #1200015 #1200045 #1200057 #1200143 #1200144 #1200173 #1200249 Cross-References: CVE-2019-19377 CVE-2021-33061 CVE-2021-39711 CVE-2022-1184 CVE-2022-1652 CVE-2022-1729 CVE-2022-1734 CVE-2022-1966 CVE-2022-1974 CVE-2022-1975 CVE-2022-21123 CVE-2022-21125 CVE-2022-21127 CVE-2022-21166 CVE-2022-21180 CVE-2022-21499 CVE-2022-24448 CVE-2022-30594 CVSS scores: CVE-2019-19377 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2019-19377 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-33061 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-33061 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-39711 (NVD) : 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N CVE-2021-39711 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-1184 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-1652 (NVD) : 7.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1652 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1729 (SUSE): 8.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H CVE-2022-1734 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1734 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-1966 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1974 (SUSE): 6.8 CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-1975 (SUSE): 4.5 CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2022-21123 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N CVE-2022-21125 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2022-21127 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-21166 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-21180 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-21499 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H CVE-2022-21499 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-24448 (NVD) : 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2022-24448 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-30594 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-30594 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that solves 18 vulnerabilities and has 27 fixes is now available. Description: The SUSE Linux Enterprise 12 SP5 kernel was updated. The following security bugs were fixed: - CVE-2019-19377: Fixed an user-after-free that could be triggered when an attacker mounts a crafted btrfs filesystem image. (bnc#1158266) - CVE-2022-1975: Fixed a sleep-in-atomic bug that allows attacker to crash linux kernel by simulating nfc device from user-space. (bsc#1200143) - CVE-2022-21127: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21123: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21125: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21180: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21166: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-1974: Fixed an use-after-free that could causes kernel crash by simulating an nfc device from user-space. (bsc#1200144) - CVE-2022-24448: Fixed an issue if an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a regular file is found, ENOTDIR should have occured, but the server instead returned uninitialized data in the file descriptor (bsc#1195612). - CVE-2022-1966: Fixed a use-after-free vulnerability in the Netfilter subsystem. This flaw allowed a local attacker with user access to cause a privilege escalation issue. (bnc#1200015) - CVE-2022-1729: Fixed a sys_perf_event_open() race condition against self (bsc#1199507). - CVE-2021-39711: In bpf_prog_test_run_skb of test_run.c, there is a possible out ofbounds read due to Incorrect Size Value. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation (bnc#1197219). - CVE-2022-1184: Fixed an use-after-free and memory errors in ext4 when mounting and operating on a corrupted image. (bsc#1198577) - CVE-2022-21499: Reinforce the kernel lockdown feature, until now it's been trivial to break out of it with kgdb or kdb. (bsc#1199426) - CVE-2022-1652: Fixed a statically allocated error counter inside the floppy kernel module (bsc#1199063). - CVE-2022-1734: Fixed a r/w use-after-free when non synchronized between cleanup routine and firmware download routine. (bnc#1199605) - CVE-2022-30594: Fixed restriction bypass on setting the PT_SUSPEND_SECCOMP flag (bnc#1199505). - CVE-2021-33061: Fixed insufficient control flow management for the Intel(R) 82599 Ethernet Controllers and Adapters that may have allowed an authenticated user to potentially enable denial of service via local access (bnc#1196426). The following non-security bugs were fixed: - ACPI: property: Release subnode properties with data nodes (git-fixes). - ARM: 9110/1: oabi-compat: fix oabi epoll sparse warning (bsc#1129770) - arm64: set plt* section addresses to 0x0 (git-fixes) - arm64: Add missing ISB after invalidating TLB in __primary_switch (git-fixes) - arm64: armv8_deprecated: Fix undef_hook mask for thumb setend (git-fixes) - arm64: avoid -Woverride-init warning (git-fixes) - arm64: berlin: Select DW_APB_TIMER_OF (git-fixes) Update arm64 default config too. - arm64: Clear OSDLR_EL1 on CPU boot (git-fixes) - arm64: clear_page() shouldn't use DC ZVA when DCZID_EL0.DZP == 1 (git-fixes). - arm64: compat: Allow single-byte watchpoints on all addresses (git-fixes) - arm64: compat: Reduce address limit (git-fixes) - arm64: cpufeature: Fix feature comparison for CTR_EL0.{CWG,ERG} (git-fixes) - arm64:cpufeature: Fix the type of no FP/SIMD capability (git-fixes) - arm64: cpufeature: Set the FP/SIMD compat HWCAP bits properly (git-fixes) - arm64: csum: Fix handling of bad packets (git-fixes) - arm64: debug: Do not propagate UNKNOWN FAR into si_code for debug (git-fixes) - arm64: debug: Ensure debug handlers check triggering exception level (git-fixes) - arm64: dts: marvell: Fix A37xx UART0 register size (git-fixes) - arm64: entry: SP Alignment Fault does not write to FAR_EL1 (git-fixes) - arm64: Extend workaround for erratum 1024718 to all versions of (git-fixes) - arm64: Fix HCR.TGE status for NMI contexts (git-fixes) - arm64: fix inline asm in load_unaligned_zeropad() (git-fixes) - arm64: Fix size of __early_cpu_boot_status (git-fixes) - arm64: fix the flush_icache_range arguments in machine_kexec (git-fixes) - arm64: futex: Avoid copying out uninitialised stack in failed (git-fixes) - arm64: futex: Bound number of LDXR/STXR loops in FUTEX_WAKE_OP (git-fixes) - arm64: futex: Fix FUTEX_WAKE_OP atomic ops with non-zero result value (git-fixes) - arm64: futex: Restore oldval initialization to work around buggy (git-fixes) - arm64: hibernate: check pgd table allocation (git-fixes) - arm64: hugetlb: avoid potential NULL dereference (git-fixes) - arm64: hw_breakpoint: Do not invoke overflow handler on uaccess (git-fixes) - arm64: kbuild: remove compressed images on 'make ARCH=arm64 (git-fixes) - arm64: kdump: update ppos when reading elfcorehdr (git-fixes) - arm64: kgdb: Fix single-step exception handling oops (git-fixes) - arm64: kprobes: Recover pstate.D in single-step exception handler (git-fixes) - arm64: module: remove (NOLOAD) from linker script (git-fixes) - arm64: perf: Report the PC value in REGS_ABI_32 mode (git-fixes) - arm64: ptrace: nofpsimd: Fail FP/SIMD regset operations (git-fixes) - arm64: ptrace: Override SPSR.SS when single-stepping is enabled (git-fixes) - arm64: RelaxGIC version check during early boot (git-fixes) - arm64: Save and restore OSDLR_EL1 across suspend/resume (git-fixes) - arm64: smp: fix crash_smp_send_stop() behaviour (git-fixes) - arm64: smp: fix smp_send_stop() behaviour (git-fixes) - arm64: uaccess: Ensure PAN is re-enabled after unhandled uaccess (git-fixes) - arm64: uprobe: Return EOPNOTSUPP for AARCH32 instruction probing (git-fixes) - arm64: handle non-remapped addresses in -> mmap and (git-fixes) - arm64: avoid fixmap race condition when create pud mapping (git-fixes) - bonding: pair enable_port with slave_arr_updates (git-fixes). - btrfs: relocation: Only remove reloc rb_trees if reloc control has been initialized (bsc#1199399). - btrfs: tree-checker: fix incorrect printk format (bsc#1200249). - cgroup/cpuset: Remove cpus_allowed/mems_allowed setup in cpuset_init_smp() (bsc#1199839). - cputime, cpuacct: Include guest time in user time in (git-fixes) - crypto: arm64/aes-neonbs - do not access already-freed walk.iv (git-fixes) - crypto: ixp4xx - dma_unmap the correct address (git-fixes). - crypto: qat - do not cast parameter in bit operations (git-fixes). - crypto: rsa-pkcs1pad - fix buffer overread in pkcs1pad_verify_complete() (bsc#1197601). - crypto: virtio - deal with unsupported input sizes (git-fixes). - crypto: virtio: Fix dest length calculation in __virtio_crypto_skcipher_do_req() (git-fixes). - drbd: fix an invalid memory access caused by incorrect use of list iterator (git-fixes). - drbd: Fix five use after free bugs in get_initial_state (git-fixes). - drivers: net: xgene: Fix regression in CRC stripping (git-fixes). - drm/fb-helper: Mark screen buffers in system memory with (bsc#1129770) - i40e: always propagate error value in i40e_set_vsi_promisc() (git-fixes). - i40e: Fix MAC address setting for a VF via Host/VM (git-fixes). - i40e: fix return of uninitialized aq_ret in i40e_set_vsi_promisc (git-fixes). - i40e: Fix theconditional for i40e_vc_validate_vqs_bitmaps (git-fixes). - i40e: Fix virtchnl_queue_select bitmap validation (git-fixes). - i40e: Refactoring VF MAC filters counting to make more reliable (git-fixes). - i40e: Remove scheduling while atomic possibility (git-fixes). - iavf: Fix incorrect adapter get in iavf_resume (git-fixes). - Input: aiptek - properly check endpoint type (git-fixes). - Input: appletouch - initialize work before device registration (git-fixes). - Input: elantench - fix misreporting trackpoint coordinates (git-fixes). - Input: spaceball - fix parsing of movement data packets (git-fixes). - Input: ti_am335x_tsc - fix STEPCONFIG setup for Z2 (git-fixes). - Input: ti_am335x_tsc - set ADCREFM for X configuration (git-fixes). - Input: xpad - add support for another USB ID of Nacon GC-100 (git-fixes). - KVM: arm64: Fix definition of PAGE_HYP_DEVICE (git-fixes) - KVM: PPC: Fix TCE handling for VFIO (bsc#1061840 git-fixes). - KVM: PPC: Propagate errors to the guest when failed instead of ignoring (bsc#1061840 git-fixes). - lpfc: drop driver update 14.2.0.x The amount of backport changes necessary for due to the refactoring is introducing to much code churn and is likely to introduce regressions. This ends the backport effort to keep the lpfc in sync with mainline. - lpfc: Set default protocol support to FCP only (bsc#1194124 bsc#1198899). - media: cpia2: fix control-message timeouts (git-fixes). - media: cx23885: Fix snd_card_free call on null card pointer (git-fixes). - media: dib0700: fix undefined behavior in tuner shutdown (git-fixes). - media: dmxdev: fix UAF when dvb_register_device() fails (git-fixes). - media: em28xx: fix control-message timeouts. - media: flexcop-usb: fix control-message timeouts (git-fixes). - media: mceusb: fix control-message timeouts (git-fixes). - media: mtk-vpu: Fix a resource leak in the error handling path of 'mtk_vpu_probe()' (git-fixes). - media: netup_unidvb:Do not leak SPI master in probe error path (git-fixes). - media: pvrusb2: fix control-message timeouts (git-fixes). - media: redrat3: fix control-message timeouts (git-fixes). - media: s2255: fix control-message timeouts (git-fixes). - media: stk1160: fix control-message timeouts (git-fixes). - media: vim2m: Remove surplus name initialization (git-fixes). - mm, page_alloc: fix build_zonerefs_node() (git-fixes). - net: bcmgenet: Do not claim WOL when its not available (git-fixes). - net: mana: Add counter for packet dropped by XDP (bsc#1195651). - net: mana: Add counter for XDP_TX (bsc#1195651). - net: mana: Add handling of CQE_RX_TRUNCATED (bsc#1195651). - net: mana: Remove unnecessary check of cqe_type in mana_process_rx_cqe() (bsc#1195651). - net: mana: Reuse XDP dropped page (bsc#1195651). - net: mana: Use struct_size() helper in mana_gd_create_dma_region() (bsc#1195651). - net: qlogic: check the return value of dma_alloc_coherent() in qed_vf_hw_prepare() (git-fixes). - net: sched: fixed barrier to prevent skbuff sticking in qdisc backlog (git-fixes). - netfilter: conntrack: connection timeout after re-register (bsc#1199035). - netfilter: conntrack: move synack init code to helper (bsc#1199035). - netfilter: conntrack: re-init state for retransmitted syn-ack (bsc#1199035). - netfilter: nf_conntrack_tcp: preserve liberal flag in tcp options (bsc#1199035). - netfilter: nf_conntrack_tcp: re-init for syn packets only (bsc#1199035). - netfilter: nf_tables: disallow non-stateful expression in sets earlier (bsc#1200015). - NFS: limit use of ACCESS cache for negative responses (bsc#1196570). - NFSv4: Do not invalidate inode attributes on delegation return (git-fixes). - PCI / ACPI: Mark expected switch fall-through (git-fixes). - PCI: Do not enable AtomicOps on VFs (bsc#1129770) - PCI: hv: Do not set PCI_COMMAND_MEMORY to reduce VM boot time (bsc#1199314). - powerpc: Enable the DAWR onPOWER9 DD2.3 and above (bsc#1055117 ltc#159753). - powerpc: Remove Power8 DD1 from cputable (bsc#1055117 ltc#159753). - powerpc/64s: Add CPU_FTRS_POWER9_DD2_2 to CPU_FTRS_ALWAYS mask (bsc#1061840 git-fixes). - powerpc/numa: Prefer node id queried from vphn (bsc#1199237 bsc#1200173 ltc#198329). - powerpc/powernv: Get L1D flush requirements from device-tree (bsc#1188885 ltc#193722 git-fixes). - powerpc/powernv: Get STF barrier requirements from device-tree (bsc#1188885 ltc#193722 git-fixes). - powerpc/powernv: Remove POWER9 PVR version check for entry and uaccess flushes (bsc#1188885 ltc#193722 git-fixes). - powerpc/xive: Add some error handling code to 'xive_spapr_init()' (git-fixes). - powerpc/xive: Fix refcount leak in xive_spapr_init (git-fixes). - qed: display VF trust config (git-fixes). - qed: return status of qed_iov_get_link (git-fixes). - qed: validate and restrict untrusted VFs vlan promisc mode (git-fixes). - revert scsi: qla2xxx: Changes to support FCP2 Target (bsc#1198438). - sched/core: Add __sched tag for io_schedule() (git-fixes) - sched/core: Fix comment regarding nr_iowait_cpu() and (git-fixes) - sched/debug: Remove mpol_get/put and task_lock/unlock from (git-fixes) - scsi: bnx2fc: Make bnx2fc_recv_frame() mp safe (git-fixes). - scsi: fnic: Fix a tracing statement (git-fixes). - scsi: fnic: Replace DMA mask of 64 bits with 47 bits (bsc#1199631). - scsi: hisi_sas: Change permission of parameter prot_mask (git-fixes). - scsi: pm8001: Fix abort all task initialization (git-fixes). - scsi: pm8001: Fix command initialization in pm8001_chip_ssp_tm_req() (git-fixes). - scsi: pm8001: Fix command initialization in pm80XX_send_read_log() (git-fixes). - scsi: pm8001: Fix le32 values handling in pm80xx_chip_sata_req() (git-fixes). - scsi: pm8001: Fix le32 values handling in pm80xx_chip_ssp_io_req() (git-fixes). - scsi: pm8001: Fix le32 values handling in pm80xx_set_sas_protocol_timer_config() (git-fixes). - scsi: pm8001: Fix NCQ NON DATA command completion handling (git-fixes). - scsi: pm8001: Fix NCQ NON DATA command task initialization (git-fixes). - scsi: pm8001: Fix payload initialization in pm80xx_encrypt_update() (git-fixes). - scsi: pm8001: Fix payload initialization in pm80xx_set_thermal_config() (git-fixes). - scsi: qla2xxx: edif: Remove unneeded variable (bsc#1200045). - scsi: qla2xxx: Fix missed DMA unmap for aborted commands (bsc#1200045). - scsi: qla2xxx: Remove free_sg command flag (bsc#1200045). - scsi: qla2xxx: Remove unneeded flush_workqueue() (bsc#1200045). - scsi: sr: Do not leak information in ioctl (git-fixes). - scsi: virtio-scsi: Eliminate anonymous module_init & module_exit (git-fixes). - scsi: zorro7xx: Fix a resource leak in zorro7xx_remove_one() (git-fixes). - smp: Fix offline cpu check in flush_smp_call_function_queue() (git-fixes). - SUNRPC: Ensure gss-proxy connects on setup (git-fixes). - SUNRPC: Ensure that the gssproxy client can start in a connected state (git-fixes). - timekeeping: Really make sure wall_to_monotonic isn't (git-fixes) - tpm: ibmvtpm: Correct the return value in tpm_ibmvtpm_probe() (bsc#1065729). - USB: cdc-wdm: fix reading stuck on device close (git-fixes). - USB: dwc3: core: Only handle soft-reset in DCTL (git-fixes). - USB: dwc3: gadget: Do not send unintended link state change (git-fixes). - USB: hub: Fix locking issues with address0_mutex (git-fixes). - USB: mtu3: fix USB 3.0 dual-role-switch from device to host (git-fixes). - USB: quirks: add a Realtek card reader (git-fixes). - USB: quirks: add STRING quirk for VCOM device (git-fixes). - USB: serial: cp210x: add PIDs for Kamstrup USB Meter Reader (git-fixes). - USB: serial: option: add Fibocom L610 modem (git-fixes). - USB: serial: option: add Fibocom MA510 modem (git-fixes). - USB: serial: option: add support for Cinterion MV32-WA/MV32-WB (git-fixes). - USB: serial: option: add Telit 0x1057, 0x1058, 0x1075 compositions (git-fixes). - USB: serial: pl2303: add device id for HP LM930 Display (git-fixes). - USB: serial: qcserial: add support for Sierra Wireless EM7590 (git-fixes). - USB: serial: whiteheat: fix heap overflow in WHITEHEAT_GET_DTR_RTS (git-fixes). - veth: Ensure eth header is in skb's linear part (git-fixes). - video: backlight: Drop maximum brightness override for brightness (bsc#1129770) - video: hyperv_fb: Fix validation of screen resolution (bsc#1129770) - vxlan: fix memleak of fdb (git-fixes). - xhci: stop polling roothubs after shutdown (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-2080=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (noarch): kernel-devel-azure-4.12.14-16.100.1 kernel-source-azure-4.12.14-16.100.1 - SUSE Linux Enterprise Server 12-SP5 (x86_64): kernel-azure-4.12.14-16.100.2 kernel-azure-base-4.12.14-16.100.2 kernel-azure-base-debuginfo-4.12.14-16.100.2 kernel-azure-debuginfo-4.12.14-16.100.2 kernel-azure-debugsource-4.12.14-16.100.2 kernel-azure-devel-4.12.14-16.100.2 kernel-syms-azure-4.12.14-16.100.1 References: https://www.suse.com/security/cve/CVE-2019-19377.html https://www.suse.com/security/cve/CVE-2021-33061.html https://www.suse.com/security/cve/CVE-2021-39711.html https://www.suse.com/security/cve/CVE-2022-1184.html https://www.suse.com/security/cve/CVE-2022-1652.html https://www.suse.com/security/cve/CVE-2022-1729.html https://www.suse.com/security/cve/CVE-2022-1734.html https://www.suse.com/security/cve/CVE-2022-1966.html https://www.suse.com/security/cve/CVE-2022-1974.html https://www.suse.com/security/cve/CVE-2022-1975.html https://www.suse.com/security/cve/CVE-2022-21123.html https://www.suse.com/security/cve/CVE-2022-21125.html https://www.suse.com/security/cve/CVE-2022-21127.html https://www.suse.com/security/cve/CVE-2022-21166.html https://www.suse.com/security/cve/CVE-2022-21180.html https://www.suse.com/security/cve/CVE-2022-21499.html https://www.suse.com/security/cve/CVE-2022-24448.html https://www.suse.com/security/cve/CVE-2022-30594.html https://bugzilla.suse.com/1024718 https://bugzilla.suse.com/1055117 https://bugzilla.suse.com/1061840 https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1129770 https://bugzilla.suse.com/1158266 https://bugzilla.suse.com/1162338 https://bugzilla.suse.com/1162369 https://bugzilla.suse.com/1173871 https://bugzilla.suse.com/1188885 https://bugzilla.suse.com/1194124 https://bugzilla.suse.com/1195612 https://bugzilla.suse.com/1195651 https://bugzilla.suse.com/1196426 https://bugzilla.suse.com/1196570 https://bugzilla.suse.com/1197219 https://bugzilla.suse.com/1197601 https://bugzilla.suse.com/1198438 https://bugzilla.suse.com/1198577 https://bugzilla.suse.com/1198899 https://bugzilla.suse.com/1198989 https://bugzilla.suse.com/1199035 https://bugzilla.suse.com/1199063 https://bugzilla.suse.com/1199237 https://bugzilla.suse.com/1199239 https://bugzilla.suse.com/1199314 https://bugzilla.suse.com/1199399 https://bugzilla.suse.com/1199426 https://bugzilla.suse.com/1199505 https://bugzilla.suse.com/1199507 https://bugzilla.suse.com/1199526 https://bugzilla.suse.com/1199602 https://bugzilla.suse.com/1199605 https://bugzilla.suse.com/1199606 https://bugzilla.suse.com/1199631 https://bugzilla.suse.com/1199650 https://bugzilla.suse.com/1199671 https://bugzilla.suse.com/1199839 https://bugzilla.suse.com/1200015 https://bugzilla.suse.com/1200045 https://bugzilla.suse.com/1200057 https://bugzilla.suse.com/1200143 https://bugzilla.suse.com/1200144 https://bugzilla.suse.com/1200173 https://bugzilla.suse.com/1200249 . Essential patches released for SUSE Linux Kernel, targeting various security vulnerabilities and enhancing system performance.. SUSE Linux Kernel Update, Security Fixes, Linux Security Advisory. . Severity: Important. LinuxSecurity.com Team
Jun 14, 2022
•Important
SuSE
89
security advisorymoderatefedoraFedora 36: 2022-8095b23575 Moderate Kernel Update: Critical Fixes
The 5.17.11 stable kernel update contains a number of important fixes across the tree.. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2022-8095b23575 2022-05-28 01:13:38.361017 --------------------------------------------------------------------------------Name : kernel Product : Fedora 36 Version : 5.17.11 Release : 300.fc36 URL : https://www.kernel.org/ Summary : The Linux kernel Description : The kernel meta package --------------------------------------------------------------------------------Update Information: The 5.17.11 stable kernel update contains a number of important fixes across the tree. --------------------------------------------------------------------------------ChangeLog: * Wed May 25 2022 Justin M. Forbes [5.17.11-0] - Linux v5.17.11 (Justin M. Forbes) * Wed May 25 2022 Justin M. Forbes [5.17.11-0] - Linux v5.17.11 * Wed May 25 2022 Justin M. Forbes [5.17.10-0] - fedora: Re-enable efifb and vesafb drivers (Javier Martinez Canillas) - drivers/firmware: skip simpledrm if nvidia-drm.modeset=1 is set (Javier Martinez Canillas) --------------------------------------------------------------------------------References: [ 1 ] Bug #2086753 - CVE-2022-1729 kernel: race condition in perf_event_open leads to privilege escalation https://bugzilla.redhat.com/show_bug.cgi?id=2086753 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-8095b23575' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
May 27, 2022
•Important
Fedora
89
security advisorycriticalFedoraFedora 35: FEDORA-2022-fd85148be2 Critical Kernel Update Notice
The 5.17.6 stable kernel updates contain a number of important fixes across the tree.. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2022-fd85148be2 2022-05-11 01:22:59.731881 --------------------------------------------------------------------------------Name : kernel Product : Fedora 35 Version : 5.17.6 Release : 200.fc35 URL : https://www.kernel.org/ Summary : The Linux kernel Description : The kernel meta package --------------------------------------------------------------------------------Update Information: The 5.17.6 stable kernel updates contain a number of important fixes across the tree. --------------------------------------------------------------------------------ChangeLog: * Mon May 9 2022 Justin M. Forbes [5.17.6-0] - fedora: arm: Enable new Rockchip 356x series drivers (Peter Robinson) - fedora: arm: enable DRM_I2C_NXP_TDA998X on aarch64 (Peter Robinson) - Add config entry for CONFIG_BLK_DEV_FD_RAWCMD (Justin M. Forbes) - Update changelog (Justin M. Forbes) --------------------------------------------------------------------------------References: [ 1 ] Bug #2080330 - kernel: Concurrency use-after-free in floppy's raw_cmd https://bugzilla.redhat.com/show_bug.cgi?id=2080330 [ 2 ] Bug #2080940 - CVE-2022-29968 kernel: io_rw_init_file in fs/io_uring.c lacks initialization of kiocb-> private https://bugzilla.redhat.com/show_bug.cgi?id=2080940 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-fd85148be2' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
May 10, 2022
•Critical
Fedora
202
security advisorydenial of servicesecurity updateopenSUSE 15.3, 15.4 Important: Linux Kernel Security Update (DoS)
An update that solves 22 vulnerabilities and has 22 fixes is now available. . openSUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: openSUSE-SU-2022:1039-1 Rating: important References: #1176447 #1176774 #1178134 #1179439 #1181147 #1191428 #1192273 #1193731 #1193787 #1193864 #1194463 #1194516 #1194943 #1195051 #1195211 #1195254 #1195353 #1195403 #1195612 #1195897 #1195905 #1195939 #1195949 #1195987 #1196079 #1196095 #1196130 #1196132 #1196155 #1196299 #1196301 #1196433 #1196468 #1196472 #1196488 #1196627 #1196723 #1196779 #1196830 #1196836 #1196866 #1196868 #1196956 #1196959 Cross-References: CVE-2021-0920 CVE-2021-39657 CVE-2021-39698 CVE-2021-44879 CVE-2021-45402 CVE-2022-0487 CVE-2022-0617 CVE-2022-0644 CVE-2022-23036 CVE-2022-23037 CVE-2022-23038 CVE-2022-23039 CVE-2022-23040 CVE-2022-23041 CVE-2022-23042 CVE-2022-24448 CVE-2022-24958 CVE-2022-24959 CVE-2022-25258 CVE-2022-25636 CVE-2022-26490 CVE-2022-26966 CVSS scores: CVE-2021-0920 (NVD) : 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-0920 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-39657 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2021-39698 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-39698 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-44879 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-44879 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-45402 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-45402 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L CVE-2022-0487 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-0487 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-0617 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-0617 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-0644 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-23036 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-23036 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2022-23037 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-23037 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2022-23038 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-23038 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2022-23039 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-23039 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2022-23040 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-23040 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2022-23041 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-23041 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2022-23042 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-23042 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2022-24448 (NVD) : 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2022-24448 (SUSE): 5.5CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-24958 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-24958 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-24959 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-24959 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-25258 (NVD) : 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-25258 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-25636 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-25636 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-26490 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-26490 (SUSE): 6.8 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H CVE-2022-26966 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-26966 (SUSE): 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves 22 vulnerabilities and has 22 fixes is now available. Description: The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-25636: Fixed an issue which allowed a local users to gain privileges because of a heap out-of-bounds write in nf_dup_netdev.c, related to nf_tables_offload (bsc#1196299). - CVE-2022-26490: Fixed a buffer overflow in the st21nfca driver. An attacker with adjacent NFC access could trigger crash the system or corrupt system memory (bsc#1196830). - CVE-2022-0487: A use-after-free vulnerability was found in rtsx_usb_ms_drv_remove()in drivers/memstick/host/rtsx_usb_ms.c (bsc#1194516). - CVE-2022-24448: Fixed an issue if an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a regular file is found, ENOTDIR should have occured, but the server instead returned uninitialized data in the file descriptor (bsc#1195612). - CVE-2022-0617: Fixed a null pointer dereference in UDF file system functionality. A local user could crash the system by triggering udf_file_write_iter() via a malicious UDF image. (bsc#1196079) - CVE-2022-0644: Fixed a denial of service by a local user. A assertion failure could be triggered in kernel_read_file_from_fd(). (bsc#1196155) - CVE-2022-25258: The USB Gadget subsystem lacked certain validation of interface OS descriptor requests, which could have lead to memory corruption (bsc#1196096). - CVE-2022-24958: drivers/usb/gadget/legacy/inode.c mishandled dev-> buf release (bsc#1195905). - CVE-2022-24959: Fixed a memory leak in yam_siocdevprivate() in drivers/net/hamradio/yam.c (bsc#1195897). - CVE-2021-44879: In gc_data_segment() in fs/f2fs/gc.c, special files were not considered, which lead to a move_data_page NULL pointer dereference (bsc#1195987). - CVE-2021-0920: Fixed a local privilege escalation due to a use-after-free vulnerability in unix_scm_to_skb of af_unix (bsc#1193731). - CVE-2021-39657: Fixed an information leak in the Universal Flash Storage subsystem (bsc#1193864). - CVE-2022-26966: Fixed an issue in drivers/net/usb/sr9700.c, which allowed attackers to obtain sensitive information from heap memory via crafted frame lengths from a device (bsc#1196836). - CVE-2021-39698: Fixed a possible memory corruption due to a use after free in aio_poll_complete_work. This could lead to local escalation of privilege with no additional execution privileges needed. (bsc#1196956) - CVE-2021-45402: The check_alu_op functionin kernel/bpf/verifier.c did not properly update bounds while handling the mov32 instruction, which allowed local users to obtain potentially sensitive address information (bsc#1196130). - CVE-2022-23036,CVE-2022-23037,CVE-2022-23038,CVE-2022-23039,CVE-2022-23040, CVE-2022-23041,CVE-2022-23042: Fixed multiple issues which could have lead to read/write access to memory pages or denial of service. These issues are related to the Xen PV device frontend drivers. (bsc#1196488) The following non-security bugs were fixed: - ALSA: intel_hdmi: Fix reference to PCM buffer address (git-fixes). - ARM: 9182/1: mmu: fix returns from early_param() and __setup() functions (git-fixes). - ARM: Fix kgdb breakpoint for Thumb2 (git-fixes). - ASoC: cs4265: Fix the duplicated control name (git-fixes). - ASoC: ops: Shift tested values in snd_soc_put_volsw() by +min (git-fixes). - ASoC: rt5668: do not block workqueue if card is unbound (git-fixes). - ASoC: rt5682: do not block workqueue if card is unbound (git-fixes). - Bluetooth: btusb: Add missing Chicony device for Realtek RTL8723BE (bsc#1196779). - EDAC/altera: Fix deferred probing (bsc#1178134). - EDAC: Fix calculation of returned address and next offset in edac_align_ptr() (bsc#1178134). - HID: add mapping for KEY_ALL_APPLICATIONS (git-fixes). - HID: add mapping for KEY_DICTATE (git-fixes). - Hand over the maintainership to SLE15-SP3 maintainers - IB/hfi1: Correct guard on eager buffer deallocation (git-fixes). - IB/hfi1: Fix early init panic (git-fixes). - IB/hfi1: Fix leak of rcvhdrtail_dummy_kvaddr (git-fixes). - IB/hfi1: Insure use of smp_processor_id() is preempt disabled (git-fixes). - IB/rdmavt: Validate remote_addr during loopback atomic tests (git-fixes). - Input: clear BTN_RIGHT/MIDDLE on buttonpads (git-fixes). - Input: elan_i2c - fix regulator enable count imbalance after suspend/resume (git-fixes). - Input: elan_i2c - moveregulator_[en|dis]able() out of elan_[en|dis]able_power() (git-fixes). - NFC: port100: fix use-after-free in port100_send_complete (git-fixes). - RDMA/bnxt_re: Scan the whole bitmap when checking if "disabling RCFW with pending cmd-bit" (git-fixes). - RDMA/cma: Do not change route.addr.src_addr outside state checks (bsc#1181147). - RDMA/cma: Let cma_resolve_ib_dev() continue search even after empty entry (git-fixes). - RDMA/cma: Remove open coding of overflow checking for private_data_len (git-fixes). - RDMA/core: Do not infoleak GRH fields (git-fixes). - RDMA/core: Let ib_find_gid() continue search even after empty entry (git-fixes). - RDMA/cxgb4: Set queue pair state when being queried (git-fixes). - RDMA/hns: Validate the pkey index (git-fixes). - RDMA/ib_srp: Fix a deadlock (git-fixes). - RDMA/mlx4: Do not continue event handler after memory allocation failure (git-fixes). - RDMA/rtrs-clt: Fix possible double free in error case (jsc#SLE-15176). - RDMA/rxe: Fix a typo in opcode name (git-fixes). - RDMA/siw: Fix broken RDMA Read Fence/Resume logic (git-fixes). - RDMA/uverbs: Check for null return of kmalloc_array (git-fixes). - RDMA/uverbs: Remove the unnecessary assignment (git-fixes). - Revert "USB: serial: ch341: add new Product ID for CH341A" (git-fixes). - SUNRPC: avoid race between mod_timer() and del_timer_sync() (bnc#1195403). - USB: gadget: validate endpoint index for xilinx udc (git-fixes). - USB: gadget: validate interface OS descriptor requests (git-fixes). - USB: hub: Clean up use of port initialization schemes and retries (git-fixes). - USB: serial: option: add Telit LE910R1 compositions (git-fixes). - USB: serial: option: add support for DW5829e (git-fixes). - USB: zaurus: support another broken Zaurus (git-fixes). - arm64: dts: rockchip: Switch RK3399-Gru DP to SPDIF output (git-fixes). - asix: fix uninit-value in asix_mdio_read() (git-fixes). - ata: pata_hpt37x: disableprimary channel on HPT371 (git-fixes). - ax25: Fix NULL pointer dereference in ax25_kill_by_device (git-fixes). - batman-adv: Do not expect inter-netns unique iflink indices (git-fixes). - batman-adv: Request iflink once in batadv-on-batadv check (git-fixes). - batman-adv: Request iflink once in batadv_get_real_netdevice (git-fixes). - blk-mq: do not free tags if the tag_set is used by other device in queue initialztion (bsc#1193787). - bnxt_en: Fix active FEC reporting to ethtool (jsc#SLE-16649). - bnxt_en: Fix incorrect multicast rx mask setting when not requested (git-fixes). - bnxt_en: Fix occasional ethtool -t loopback test failures (git-fixes). - bnxt_en: Fix offline ethtool selftest with RDMA enabled (git-fixes). - bonding: force carrier update when releasing slave (git-fixes). - build initrd without systemd This reduces the size of the initrd by over 25%, which improves startup time of the virtual machine by 0.5-0.6s on very fast machines, more on slower ones. - can: gs_usb: change active_channels's type from atomic_t to u8 (git-fixes). - cgroup-v1: Correct privileges check in release_agent writes (bsc#1196723). - cgroup/cpuset: Fix "suspicious RCU usage" lockdep warning (bsc#1196868). - clk: jz4725b: fix mmc0 clock gating (git-fixes). - constraints: Also adjust disk requirement for x86 and s390. - constraints: Increase disk space for aarch64 - cpufreq: schedutil: Use kobject release() method to free (git-fixes) - cpuset: Fix the bug that subpart_cpus updated wrongly in update_cpumask() (bsc#1196866). - cputime, cpuacct: Include guest time in user time in (git-fixes) - dma-direct: Fix potential NULL pointer dereference (bsc#1196472 ltc#192278). - dma-mapping: Allow mixing bypass and mapped DMA operation (bsc#1196472 ltc#192278). - dmaengine: shdma: Fix runtime PM imbalance on error (git-fixes). - drm/amdgpu: disable MMHUB PG for Picasso (git-fixes). - drm/edid: Always set RGB444(git-fixes). - drm/i915/dg1: Wait for pcode/uncore handshake at startup (bsc#1195211). - drm/i915/gen11+: Only load DRAM information from pcode (bsc#1195211). - drm/i915: Nuke not needed members of dram_info (bsc#1195211). - drm/i915: Remove memory frequency calculation (bsc#1195211). - drm/i915: Rename is_16gb_dimm to wm_lv_0_adjust_needed (bsc#1195211). - drm/sun4i: mixer: Fix P010 and P210 format numbers (git-fixes). - efivars: Respect "block" flag in efivar_entry_set_safe() (git-fixes). - exfat: fix i_blocks for files truncated over 4 GiB (git-fixes). - exfat: fix incorrect loading of i_blocks for large files (git-fixes). - firmware: arm_scmi: Remove space in MODULE_ALIAS name (git-fixes). - fix rpm build warning tumbleweed rpm is adding these warnings to the log: It's not recommended to have unversioned Obsoletes: Obsoletes: microcode_ctl - gianfar: ethtool: Fix refcount leak in gfar_get_ts_info (git-fixes). - gpio: rockchip: Reset int_bothedge when changing trigger (git-fixes). - gpio: tegra186: Fix chip_data type confusion (git-fixes). - gpio: ts4900: Do not set DAT and OE together (git-fixes). - gpiolib: acpi: Convert ACPI value of debounce to microseconds (git-fixes). - gtp: remove useless rcu_read_lock() (git-fixes). - hamradio: fix macro redefine warning (git-fixes). - i2c: bcm2835: Avoid clock stretching timeouts (git-fixes). - iavf: Fix missing check for running netdev (git-fixes). - ice: initialize local variable 'tlv' (jsc#SLE-12878). - igc: igc_read_phy_reg_gpy: drop premature return (git-fixes). - igc: igc_write_phy_reg_gpy: drop premature return (git-fixes). - iio: Fix error handling for PM (git-fixes). - iio: adc: ad7124: fix mask used for setting AIN_BUFP & AIN_BUFM bits (git-fixes). - iio: adc: men_z188_adc: Fix a resource leak in an error handling path (git-fixes). - ixgbe: xsk: change !netif_carrier_ok() handling in ixgbe_xmit_zc() (git-fixes). - kernel-binary.spec.in: Move20-kernel-default-extra.conf to the correctr directory (bsc#1195051). - kernel-binary.spec: Also exclude the kernel signing key from devel package. There is a check in OBS that fails when it is included. Also the key is not reproducible. Fixes: bb988d4625a3 ("kernel-binary: Do not include sourcedir in certificate path.") - kernel-binary.spec: Do not use the default certificate path (bsc#1194943). Using the the default path is broken since Linux 5.17 - kernel-binary: Do not include sourcedir in certificate path. The certs macro runs before build directory is set up so it creates the aggregate of supplied certificates in the source directory. Using this file directly as the certificate in kernel config works but embeds the source directory path in the kernel config. To avoid this symlink the certificate to the build directory and use relative path to refer to it. Also fabricate a certificate in the same location in build directory when none is provided. - kernel-obs-build: include 9p (boo#1195353) To be able to share files between host and the qemu vm of the build script, the 9p and 9p_virtio kernel modules need to be included in the initrd of kernel-obs-build. - mac80211: fix forwarded mesh frames AC & queue selection (git-fixes). - mac80211_hwsim: initialize ieee80211_tx_info at hw_scan_work (git-fixes). - mac80211_hwsim: report NOACK frames in tx_status (git-fixes). - mask out added spinlock in rndis_params (git-fixes). - mmc: meson: Fix usage of meson_mmc_post_req() (git-fixes). - net/mlx5: Fix possible deadlock on rule deletion (git-fixes). - net/mlx5: Fix wrong limitation of metadata match on ecpf (git-fixes). - net/mlx5: Update the list of the PCI supported devices (git-fixes). - net/mlx5: Update the list of the PCI supported devices (git-fixes). - net/mlx5e: Fix modify header actions memory leak (git-fixes). - net/mlx5e: Fix page DMA map/unmap attributes (bsc#1196468). - net/mlx5e: Fixwrong return value on ioctl EEPROM query failure (git-fixes). - net/mlx5e: TC, Reject rules with drop and modify hdr action (git-fixes). - net/mlx5e: TC, Reject rules with forward and drop actions (git-fixes). - net/mlx5e: kTLS, Use CHECKSUM_UNNECESSARY for device-offloaded packets (jsc#SLE-15172). - net/sched: act_ct: Fix flow table lookup after ct clear or switching zones (jsc#SLE-15172). - net: dsa: mv88e6xxx: MV88E6097 does not support jumbo configuration (git-fixes). - net: ethernet: ti: cpsw: disable PTPv1 hw timestamping advertisement (git-fixes). - net: fix up skbs delta_truesize in UDP GRO frag_list (bsc#1176447). - net: hns3: Clear the CMDQ registers before unmapping BAR region (git-fixes). - net: phy: DP83822: clear MISR2 register to disable interrupts (git-fixes). - net: sfc: Replace in_interrupt() usage (git-fixes). - net: tipc: validate domain record count on input (bsc#1195254). - net: usb: cdc_mbim: avoid altsetting toggling for Telit FN990 (git-fixes). - netfilter: nf_tables: fix memory leak during stateful obj update (bsc#1176447). - netsec: ignore 'phy-mode' device property on ACPI systems (git-fixes). - nfp: flower: Fix a potential leak in nfp_tunnel_add_shared_mac() (git-fixes). - nl80211: Handle nla_memdup failures in handle_nan_filter (git-fixes). - ntb: intel: fix port config status offset for SPR (git-fixes). - nvme-multipath: use vmalloc for ANA log buffer (bsc#1193787). - nvme-rdma: fix possible use-after-free in transport error_recovery work (git-fixes). - nvme-tcp: fix possible use-after-free in transport error_recovery work (git-fixes). - nvme: fix a possible use-after-free in controller reset during load (git-fixes). - powerpc/dma: Fallback to dma_ops when persistent memory present (bsc#1196472 ltc#192278). Update config files. - powerpc/fadump: register for fadump as early as possible (bsc#1179439 ltc#190038). - powerpc/mm: Removedcache flush from memory remove (bsc#1196433 ltc#196449). - powerpc/powernv/memtrace: Fix dcache flushing (bsc#1196433 ltc#196449). - powerpc/pseries/iommu: Fix window size for direct mapping with pmem (bsc#1196472 ltc#192278). - rpm/*.spec.in: Use https:// urls - rpm/arch-symbols,guards,*driver: Replace Novell with SUSE. - rpm/check-for-config-changes: Ignore PAHOLE_VERSION. - rpm/kernel-docs.spec.in: use %%license for license declarations Limited to SLE15+ to avoid compatibility nightmares. - rpm/kernel-source.spec.in: call fdupes per subpackage It is a waste of time to do a global fdupes when we have subpackages. - rpm: SC2006: Use $(...) notation instead of legacy backticked `...`. - sched/core: Mitigate race (git-fixes) - scsi: bnx2fc: Flush destroy_work queue before calling bnx2fc_interface_put() (git-fixes). - scsi: bnx2fc: Make bnx2fc_recv_frame() mp safe (git-fixes). - scsi: lpfc: Terminate string in lpfc_debugfs_nvmeio_trc_write() (git-fixes). - scsi: nsp_cs: Check of ioremap return value (git-fixes). - scsi: qedf: Fix potential dereference of NULL pointer (git-fixes). - scsi: smartpqi: Add PCI IDs (bsc#1196627). - scsi: ufs: Fix race conditions related to driver data (git-fixes). - selftests: mlxsw: tc_police_scale: Make test more robust (bsc#1176774). - soc: fsl: Correct MAINTAINERS database (QUICC ENGINE LIBRARY) (git-fixes). - soc: fsl: Correct MAINTAINERS database (SOC) (git-fixes). - soc: fsl: qe: Check of ioremap return value (git-fixes). - spi: spi-zynq-qspi: Fix a NULL pointer dereference in zynq_qspi_exec_mem_op() (git-fixes). - sr9700: sanity check for packet length (bsc#1196836). - staging: gdm724x: fix use after free in gdm_lte_rx() (git-fixes). - tracing: Fix return value of __setup handlers (git-fixes). - tty: n_gsm: fix encoding of control signal octet bit DV (git-fixes). - tty: n_gsm: fix proper link termination after failed open (git-fixes). - usb: dwc2: FixStalling a Non-Isochronous OUT EP (git-fixes). - usb: dwc2: gadget: Fix GOUTNAK flow for Slave mode (git-fixes). - usb: dwc2: gadget: Fix kill_all_requests race (git-fixes). - usb: dwc2: use well defined macros for power_down (git-fixes). - usb: dwc3: gadget: Let the interrupt handler disable bottom halves (git-fixes). - usb: dwc3: meson-g12a: Disable the regulator in the error handling path of the probe (git-fixes). - usb: dwc3: pci: Fix Bay Trail phy GPIO mappings (git-fixes). - usb: gadget: rndis: add spinlock for rndis response list (git-fixes). - usb: host: xen-hcd: add missing unlock in error path (git-fixes). - usb: hub: Fix locking issues with address0_mutex (git-fixes). - usb: hub: Fix usb enumeration issue due to address0 race (git-fixes). - vrf: Fix fast path output packet handling with async Netfilter rules (git-fixes). - xen/usb: do not use gnttab_end_foreign_access() in xenhcd_gnttab_done() (bsc#1196488, XSA-396). - xhci: Prevent futile URB re-submissions due to incorrect return value (git-fixes). - xhci: re-initialize the HC during resume if HCE was set (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1039=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1039=1 Package List: - openSUSE Leap 15.4 (aarch64 x86_64): cluster-md-kmp-preempt-5.3.18-150300.59.60.4 cluster-md-kmp-preempt-debuginfo-5.3.18-150300.59.60.4 dlm-kmp-preempt-5.3.18-150300.59.60.4 dlm-kmp-preempt-debuginfo-5.3.18-150300.59.60.4 gfs2-kmp-preempt-5.3.18-150300.59.60.4 gfs2-kmp-preempt-debuginfo-5.3.18-150300.59.60.4 kernel-preempt-5.3.18-150300.59.60.4 kernel-preempt-debuginfo-5.3.18-150300.59.60.4 kernel-preempt-debugsource-5.3.18-150300.59.60.4 kernel-preempt-devel-5.3.18-150300.59.60.4 kernel-preempt-devel-debuginfo-5.3.18-150300.59.60.4 kernel-preempt-extra-5.3.18-150300.59.60.4 kernel-preempt-extra-debuginfo-5.3.18-150300.59.60.4 kernel-preempt-livepatch-devel-5.3.18-150300.59.60.4 kernel-preempt-optional-5.3.18-150300.59.60.4 kernel-preempt-optional-debuginfo-5.3.18-150300.59.60.4 kselftests-kmp-preempt-5.3.18-150300.59.60.4 kselftests-kmp-preempt-debuginfo-5.3.18-150300.59.60.4 ocfs2-kmp-preempt-5.3.18-150300.59.60.4 ocfs2-kmp-preempt-debuginfo-5.3.18-150300.59.60.4 reiserfs-kmp-preempt-5.3.18-150300.59.60.4 reiserfs-kmp-preempt-debuginfo-5.3.18-150300.59.60.4 - openSUSE Leap 15.4 (aarch64): dtb-al-5.3.18-150300.59.60.4 dtb-zte-5.3.18-150300.59.60.4 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): cluster-md-kmp-default-5.3.18-150300.59.60.4 cluster-md-kmp-default-debuginfo-5.3.18-150300.59.60.4 dlm-kmp-default-5.3.18-150300.59.60.4 dlm-kmp-default-debuginfo-5.3.18-150300.59.60.4 gfs2-kmp-default-5.3.18-150300.59.60.4 gfs2-kmp-default-debuginfo-5.3.18-150300.59.60.4 kernel-default-5.3.18-150300.59.60.4 kernel-default-base-5.3.18-150300.59.60.4.150300.18.37.5 kernel-default-base-rebuild-5.3.18-150300.59.60.4.150300.18.37.5 kernel-default-debuginfo-5.3.18-150300.59.60.4 kernel-default-debugsource-5.3.18-150300.59.60.4 kernel-default-devel-5.3.18-150300.59.60.4 kernel-default-devel-debuginfo-5.3.18-150300.59.60.4 kernel-default-extra-5.3.18-150300.59.60.4 kernel-default-extra-debuginfo-5.3.18-150300.59.60.4 kernel-default-livepatch-5.3.18-150300.59.60.4 kernel-default-livepatch-devel-5.3.18-150300.59.60.4 kernel-default-optional-5.3.18-150300.59.60.4 kernel-default-optional-debuginfo-5.3.18-150300.59.60.4 kernel-obs-build-5.3.18-150300.59.60.4 kernel-obs-build-debugsource-5.3.18-150300.59.60.4 kernel-obs-qa-5.3.18-150300.59.60.4 kernel-syms-5.3.18-150300.59.60.4 kselftests-kmp-default-5.3.18-150300.59.60.4 kselftests-kmp-default-debuginfo-5.3.18-150300.59.60.4 ocfs2-kmp-default-5.3.18-150300.59.60.4 ocfs2-kmp-default-debuginfo-5.3.18-150300.59.60.4 reiserfs-kmp-default-5.3.18-150300.59.60.4 reiserfs-kmp-default-debuginfo-5.3.18-150300.59.60.4 - openSUSE Leap 15.3 (ppc64le x86_64): kernel-debug-5.3.18-150300.59.60.4 kernel-debug-debuginfo-5.3.18-150300.59.60.4 kernel-debug-debugsource-5.3.18-150300.59.60.4 kernel-debug-devel-5.3.18-150300.59.60.4 kernel-debug-devel-debuginfo-5.3.18-150300.59.60.4 kernel-debug-livepatch-devel-5.3.18-150300.59.60.4 kernel-kvmsmall-5.3.18-150300.59.60.4 kernel-kvmsmall-debuginfo-5.3.18-150300.59.60.4 kernel-kvmsmall-debugsource-5.3.18-150300.59.60.4 kernel-kvmsmall-devel-5.3.18-150300.59.60.4 kernel-kvmsmall-devel-debuginfo-5.3.18-150300.59.60.4 kernel-kvmsmall-livepatch-devel-5.3.18-150300.59.60.4 - openSUSE Leap 15.3 (aarch64 x86_64): cluster-md-kmp-preempt-5.3.18-150300.59.60.4 cluster-md-kmp-preempt-debuginfo-5.3.18-150300.59.60.4 dlm-kmp-preempt-5.3.18-150300.59.60.4 dlm-kmp-preempt-debuginfo-5.3.18-150300.59.60.4 gfs2-kmp-preempt-5.3.18-150300.59.60.4 gfs2-kmp-preempt-debuginfo-5.3.18-150300.59.60.4 kernel-preempt-5.3.18-150300.59.60.4 kernel-preempt-debuginfo-5.3.18-150300.59.60.4 kernel-preempt-debugsource-5.3.18-150300.59.60.4 kernel-preempt-devel-5.3.18-150300.59.60.4 kernel-preempt-devel-debuginfo-5.3.18-150300.59.60.4 kernel-preempt-extra-5.3.18-150300.59.60.4 kernel-preempt-extra-debuginfo-5.3.18-150300.59.60.4 kernel-preempt-livepatch-devel-5.3.18-150300.59.60.4 kernel-preempt-optional-5.3.18-150300.59.60.4 kernel-preempt-optional-debuginfo-5.3.18-150300.59.60.4 kselftests-kmp-preempt-5.3.18-150300.59.60.4 kselftests-kmp-preempt-debuginfo-5.3.18-150300.59.60.4 ocfs2-kmp-preempt-5.3.18-150300.59.60.4 ocfs2-kmp-preempt-debuginfo-5.3.18-150300.59.60.4 reiserfs-kmp-preempt-5.3.18-150300.59.60.4 reiserfs-kmp-preempt-debuginfo-5.3.18-150300.59.60.4 - openSUSE Leap 15.3 (aarch64): cluster-md-kmp-64kb-5.3.18-150300.59.60.4 cluster-md-kmp-64kb-debuginfo-5.3.18-150300.59.60.4 dlm-kmp-64kb-5.3.18-150300.59.60.4 dlm-kmp-64kb-debuginfo-5.3.18-150300.59.60.4 dtb-al-5.3.18-150300.59.60.4 dtb-allwinner-5.3.18-150300.59.60.4 dtb-altera-5.3.18-150300.59.60.4 dtb-amd-5.3.18-150300.59.60.4 dtb-amlogic-5.3.18-150300.59.60.4 dtb-apm-5.3.18-150300.59.60.4 dtb-arm-5.3.18-150300.59.60.4 dtb-broadcom-5.3.18-150300.59.60.4 dtb-cavium-5.3.18-150300.59.60.4 dtb-exynos-5.3.18-150300.59.60.4 dtb-freescale-5.3.18-150300.59.60.4 dtb-hisilicon-5.3.18-150300.59.60.4 dtb-lg-5.3.18-150300.59.60.4 dtb-marvell-5.3.18-150300.59.60.4 dtb-mediatek-5.3.18-150300.59.60.4 dtb-nvidia-5.3.18-150300.59.60.4 dtb-qcom-5.3.18-150300.59.60.4 dtb-renesas-5.3.18-150300.59.60.4 dtb-rockchip-5.3.18-150300.59.60.4 dtb-socionext-5.3.18-150300.59.60.4 dtb-sprd-5.3.18-150300.59.60.4 dtb-xilinx-5.3.18-150300.59.60.4 dtb-zte-5.3.18-150300.59.60.4 gfs2-kmp-64kb-5.3.18-150300.59.60.4 gfs2-kmp-64kb-debuginfo-5.3.18-150300.59.60.4 kernel-64kb-5.3.18-150300.59.60.4 kernel-64kb-debuginfo-5.3.18-150300.59.60.4 kernel-64kb-debugsource-5.3.18-150300.59.60.4 kernel-64kb-devel-5.3.18-150300.59.60.4 kernel-64kb-devel-debuginfo-5.3.18-150300.59.60.4 kernel-64kb-extra-5.3.18-150300.59.60.4 kernel-64kb-extra-debuginfo-5.3.18-150300.59.60.4 kernel-64kb-livepatch-devel-5.3.18-150300.59.60.4 kernel-64kb-optional-5.3.18-150300.59.60.4 kernel-64kb-optional-debuginfo-5.3.18-150300.59.60.4 kselftests-kmp-64kb-5.3.18-150300.59.60.4 kselftests-kmp-64kb-debuginfo-5.3.18-150300.59.60.4 ocfs2-kmp-64kb-5.3.18-150300.59.60.4 ocfs2-kmp-64kb-debuginfo-5.3.18-150300.59.60.4 reiserfs-kmp-64kb-5.3.18-150300.59.60.4 reiserfs-kmp-64kb-debuginfo-5.3.18-150300.59.60.4 - openSUSE Leap 15.3 (noarch): kernel-devel-5.3.18-150300.59.60.4 kernel-docs-5.3.18-150300.59.60.4 kernel-docs-html-5.3.18-150300.59.60.4 kernel-macros-5.3.18-150300.59.60.4 kernel-source-5.3.18-150300.59.60.4 kernel-source-vanilla-5.3.18-150300.59.60.4 - openSUSE Leap 15.3 (s390x): kernel-zfcpdump-5.3.18-150300.59.60.4 kernel-zfcpdump-debuginfo-5.3.18-150300.59.60.4 kernel-zfcpdump-debugsource-5.3.18-150300.59.60.4 References: https://www.suse.com/security/cve/CVE-2021-0920.html https://www.suse.com/security/cve/CVE-2021-39657.html https://www.suse.com/security/cve/CVE-2021-39698.html https://www.suse.com/security/cve/CVE-2021-44879.html https://www.suse.com/security/cve/CVE-2021-45402.html https://www.suse.com/security/cve/CVE-2022-0487.html https://www.suse.com/security/cve/CVE-2022-0617.html https://www.suse.com/security/cve/CVE-2022-0644.html https://www.suse.com/security/cve/CVE-2022-23036.html https://www.suse.com/security/cve/CVE-2022-23037.html https://www.suse.com/security/cve/CVE-2022-23038.html https://www.suse.com/security/cve/CVE-2022-23039.html https://www.suse.com/security/cve/CVE-2022-23040.html https://www.suse.com/security/cve/CVE-2022-23041.html https://www.suse.com/security/cve/CVE-2022-23042.html https://www.suse.com/security/cve/CVE-2022-24448.html https://www.suse.com/security/cve/CVE-2022-24958.html https://www.suse.com/security/cve/CVE-2022-24959.html https://www.suse.com/security/cve/CVE-2022-25258.html https://www.suse.com/security/cve/CVE-2022-25636.html https://www.suse.com/security/cve/CVE-2022-26490.html https://www.suse.com/security/cve/CVE-2022-26966.html https://bugzilla.suse.com/1176447 https://bugzilla.suse.com/1176774 https://bugzilla.suse.com/1178134 https://bugzilla.suse.com/1179439 https://bugzilla.suse.com/1181147 https://bugzilla.suse.com/1191428 https://bugzilla.suse.com/1192273 https://bugzilla.suse.com/1193731 https://bugzilla.suse.com/1193787 https://bugzilla.suse.com/1193864 https://bugzilla.suse.com/1194463 https://bugzilla.suse.com/1194516 https://bugzilla.suse.com/1194943 https://bugzilla.suse.com/1195051 https://bugzilla.suse.com/1195211 https://bugzilla.suse.com/1195254 https://bugzilla.suse.com/1195353 https://bugzilla.suse.com/1195403 https://bugzilla.suse.com/1195612 https://bugzilla.suse.com/1195897 https://bugzilla.suse.com/1195905 https://bugzilla.suse.com/1195939 https://bugzilla.suse.com/1195949 https://bugzilla.suse.com/1195987 https://bugzilla.suse.com/1196079 https://bugzilla.suse.com/1196095 https://bugzilla.suse.com/1196130 https://bugzilla.suse.com/1196132 https://bugzilla.suse.com/1196155 https://bugzilla.suse.com/1196299 https://bugzilla.suse.com/1196301 https://bugzilla.suse.com/1196433 https://bugzilla.suse.com/1196468 https://bugzilla.suse.com/1196472 https://bugzilla.suse.com/1196488 https://bugzilla.suse.com/1196627 https://bugzilla.suse.com/1196723 https://bugzilla.suse.com/1196779 https://bugzilla.suse.com/1196830 https://bugzilla.suse.com/1196836 https://bugzilla.suse.com/1196866 https://bugzilla.suse.com/1196868 https://bugzilla.suse.com/1196956 https://bugzilla.suse.com/1196959 . Essential openSUSE patch targeting various weaknesses in the Linux Kernel, delivering crucial security enhancements.. Linux Kernel, openSUSE Update, Security Fixes, System Vulnerabilities, Denial of Service. . Severity: Important.LinuxSecurity.com Team
Mar 30, 2022
•Important
OpenSUSE
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!