SUSE 5037 Published by

The following updates are available for openSUSE Leap and SUSE Linux Enterprise:

SUSE-SU-2024:0786-1: important: Security update for giflib
SUSE-SU-2024:0784-1: important: Security update for python39
SUSE-SU-2024:0769-1: critical: Security update for postgresql-jdbc
SUSE-SU-2024:0770-1: important: Security update for kernel-firmware-nvidia-gspx-G06, nvidia-open-driver-G06-signed
SUSE-SU-2024:0765-1: important: Security update for rubygem-rack
SUSE-SU-2024:0763-1: moderate: Security update for python-cryptography
SUSE-SU-2024:0764-1: important: Security update for wpa_supplicant
SUSE-SU-2024:0743-1: moderate: Security update for sendmail
SUSE-SU-2024:0728-1: important: Security update for nodejs16
SUSE-SU-2024:0729-1: important: Security update for nodejs16
SUSE-SU-2023:2760-2: moderate: Security update for dnsdist
SUSE-SU-2023:0174-1: low: Security update for glib2
SUSE-SU-2023:0488-1: important: Security update for the Linux-RT Kernel




SUSE-SU-2024:0786-1: important: Security update for giflib


# Security update for giflib

Announcement ID: SUSE-SU-2024:0786-1
Rating: important
References:

* bsc#1198880
* bsc#1200551
* bsc#1217390

Cross-References:

* CVE-2021-40633
* CVE-2022-28506
* CVE-2023-48161

CVSS scores:

* CVE-2021-40633 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
* CVE-2021-40633 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2022-28506 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
* CVE-2022-28506 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
* CVE-2023-48161 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
* CVE-2023-48161 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Affected Products:

* Basesystem Module 15-SP5
* openSUSE Leap 15.5
* SUSE Enterprise Storage 7.1
* SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4
* SUSE Linux Enterprise Desktop 15 SP5
* SUSE Linux Enterprise High Performance Computing 15 SP2
* SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP2
* SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP2
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3

An update that solves three vulnerabilities can now be installed.

## Description:

This update for giflib fixes the following issues:

Update to version 5.2.2

* Fixes for CVE-2023-48161 (bsc#1217390), CVE-2022-28506 (bsc#1198880)
* # 138 Documentation for obsolete utilities still installed

* # 139: Typo in "LZW image data" page ("110_2 = 4_10")

* # 140: Typo in "LZW image data" page ("LWZ")

* # 141: Typo in "Bits and bytes" page ("filed")

* Note as already fixed SF issue #143: cannot compile under mingw
* # 144: giflib-5.2.1 cannot be build on windows and other platforms using c89

* # 145: Remove manual pages installation for binaries that are not installed
too

* # 146: [PATCH] Limit installed man pages to binaries, move giflib to section
7

* # 147 [PATCH] Fixes to doc/whatsinagif/ content

* # 148: heap Out of Bound Read in gif2rgb.c:298 DumpScreen2RGB

* Declared no-info on SF issue #150: There is a denial of service
vulnerability in GIFLIB 5.2.1
* Declared Won't-fix on SF issue 149: Out of source builds no longer possible
* # 151: A heap-buffer-overflow in gif2rgb.c:294:45

* # 152: Fix some typos on the html documentation and man pages

* # 153: Fix segmentation faults due to non correct checking for args

* # 154: Recover the giffilter manual page

* # 155: Add gifsponge docs

* # 157: An OutofMemory-Exception or Memory Leak in gif2rgb

* # 158: There is a null pointer problem in gif2rgb

* # 159 A heap-buffer-overflow in GIFLIB5.2.1 DumpScreen2RGB() in
gif2rgb.c:298:45

* # 163: detected memory leaks in openbsd_reallocarray giflib/openbsd-
reallocarray.c

* # 164: detected memory leaks in GifMakeMapObject giflib/gifalloc.c

* # 166: a read zero page leads segment fault in getarg.c and memory leaks in
gif2rgb.c and gifmalloc.c

* # 167: Heap-Buffer Overflow during Image Saving in DumpScreen2RGB Function
at Line 321 of gif2rgb.c

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2024-786=1

* Basesystem Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2024-786=1

* SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2024-786=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2024-786=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-786=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-786=1

* SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4
zypper in -t patch SUSE-SLE-Product-SLED-15-SP4-LTSS-2024-786=1

* SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2024-786=1

* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3
zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2024-786=1

* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-786=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP2
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2024-786=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP3
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2024-786=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2024-786=1

* SUSE Manager Proxy 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2024-786=1

* SUSE Manager Retail Branch Server 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-
Server-4.3-2024-786=1

* SUSE Manager Server 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2024-786=1

* SUSE Enterprise Storage 7.1
zypper in -t patch SUSE-Storage-7.1-2024-786=1

## Package List:

* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
* giflib-debugsource-5.2.2-150000.4.13.1
* libgif7-debuginfo-5.2.2-150000.4.13.1
* libgif7-5.2.2-150000.4.13.1
* giflib-progs-5.2.2-150000.4.13.1
* giflib-progs-debuginfo-5.2.2-150000.4.13.1
* giflib-devel-5.2.2-150000.4.13.1
* openSUSE Leap 15.5 (x86_64)
* libgif7-32bit-5.2.2-150000.4.13.1
* giflib-devel-32bit-5.2.2-150000.4.13.1
* libgif7-32bit-debuginfo-5.2.2-150000.4.13.1
* Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* libgif7-5.2.2-150000.4.13.1
* giflib-debugsource-5.2.2-150000.4.13.1
* libgif7-debuginfo-5.2.2-150000.4.13.1
* giflib-devel-5.2.2-150000.4.13.1
* SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64
x86_64)
* libgif7-5.2.2-150000.4.13.1
* giflib-debugsource-5.2.2-150000.4.13.1
* libgif7-debuginfo-5.2.2-150000.4.13.1
* giflib-devel-5.2.2-150000.4.13.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64
x86_64)
* libgif7-5.2.2-150000.4.13.1
* giflib-debugsource-5.2.2-150000.4.13.1
* libgif7-debuginfo-5.2.2-150000.4.13.1
* giflib-devel-5.2.2-150000.4.13.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* libgif7-5.2.2-150000.4.13.1
* giflib-debugsource-5.2.2-150000.4.13.1
* libgif7-debuginfo-5.2.2-150000.4.13.1
* giflib-devel-5.2.2-150000.4.13.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* libgif7-5.2.2-150000.4.13.1
* giflib-debugsource-5.2.2-150000.4.13.1
* libgif7-debuginfo-5.2.2-150000.4.13.1
* giflib-devel-5.2.2-150000.4.13.1
* SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (x86_64)
* libgif7-5.2.2-150000.4.13.1
* giflib-debugsource-5.2.2-150000.4.13.1
* libgif7-debuginfo-5.2.2-150000.4.13.1
* giflib-devel-5.2.2-150000.4.13.1
* SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x
x86_64)
* libgif7-5.2.2-150000.4.13.1
* giflib-debugsource-5.2.2-150000.4.13.1
* libgif7-debuginfo-5.2.2-150000.4.13.1
* giflib-devel-5.2.2-150000.4.13.1
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x
x86_64)
* libgif7-5.2.2-150000.4.13.1
* giflib-debugsource-5.2.2-150000.4.13.1
* libgif7-debuginfo-5.2.2-150000.4.13.1
* giflib-devel-5.2.2-150000.4.13.1
* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (aarch64 ppc64le s390x
x86_64)
* libgif7-5.2.2-150000.4.13.1
* giflib-debugsource-5.2.2-150000.4.13.1
* libgif7-debuginfo-5.2.2-150000.4.13.1
* giflib-devel-5.2.2-150000.4.13.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64)
* libgif7-5.2.2-150000.4.13.1
* giflib-debugsource-5.2.2-150000.4.13.1
* libgif7-debuginfo-5.2.2-150000.4.13.1
* giflib-devel-5.2.2-150000.4.13.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64)
* libgif7-5.2.2-150000.4.13.1
* giflib-debugsource-5.2.2-150000.4.13.1
* libgif7-debuginfo-5.2.2-150000.4.13.1
* giflib-devel-5.2.2-150000.4.13.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* libgif7-5.2.2-150000.4.13.1
* giflib-debugsource-5.2.2-150000.4.13.1
* libgif7-debuginfo-5.2.2-150000.4.13.1
* giflib-devel-5.2.2-150000.4.13.1
* SUSE Manager Proxy 4.3 (x86_64)
* libgif7-5.2.2-150000.4.13.1
* giflib-debugsource-5.2.2-150000.4.13.1
* libgif7-debuginfo-5.2.2-150000.4.13.1
* giflib-devel-5.2.2-150000.4.13.1
* SUSE Manager Retail Branch Server 4.3 (x86_64)
* libgif7-5.2.2-150000.4.13.1
* giflib-debugsource-5.2.2-150000.4.13.1
* libgif7-debuginfo-5.2.2-150000.4.13.1
* giflib-devel-5.2.2-150000.4.13.1
* SUSE Manager Server 4.3 (ppc64le s390x x86_64)
* libgif7-5.2.2-150000.4.13.1
* giflib-debugsource-5.2.2-150000.4.13.1
* libgif7-debuginfo-5.2.2-150000.4.13.1
* giflib-devel-5.2.2-150000.4.13.1
* SUSE Enterprise Storage 7.1 (aarch64 x86_64)
* libgif7-5.2.2-150000.4.13.1
* giflib-debugsource-5.2.2-150000.4.13.1
* libgif7-debuginfo-5.2.2-150000.4.13.1
* giflib-devel-5.2.2-150000.4.13.1

## References:

* https://www.suse.com/security/cve/CVE-2021-40633.html
* https://www.suse.com/security/cve/CVE-2022-28506.html
* https://www.suse.com/security/cve/CVE-2023-48161.html
* https://bugzilla.suse.com/show_bug.cgi?id=1198880
* https://bugzilla.suse.com/show_bug.cgi?id=1200551
* https://bugzilla.suse.com/show_bug.cgi?id=1217390



SUSE-SU-2024:0784-1: important: Security update for python39


# Security update for python39

Announcement ID: SUSE-SU-2024:0784-1
Rating: important
References:

* bsc#1196025
* bsc#1210638
* bsc#1212015
* bsc#1214692
* bsc#1215454
* bsc#1219666
* jsc#PED-7886
* jsc#SLE-21253

Cross-References:

* CVE-2022-25236
* CVE-2023-27043
* CVE-2023-40217
* CVE-2023-6597

CVSS scores:

* CVE-2022-25236 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2022-25236 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-27043 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
* CVE-2023-27043 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
* CVE-2023-40217 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
* CVE-2023-40217 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
* CVE-2023-6597 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.3
* openSUSE Leap 15.5
* SUSE Enterprise Storage 7.1
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP3

An update that solves four vulnerabilities, contains two features and has two
security fixes can now be installed.

## Description:

This update for python39 fixes the following issues:

* CVE-2023-6597: Fixed symlink bug in cleanup of tempfile.TemporaryDirectory
(bsc#1219666).
* CVE-2023-27043: Fixed incorrect e-mqil parsing (bsc#1210638).
* CVE-2023-40217: Fixed a ssl.SSLSocket TLS bypass vulnerability where data is
sent unencrypted (bsc#1214692).
* CVE-2022-25236: Fixed an expat vulnerability by supporting expat >= 2.4.4
(bsc#1212015).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.3
zypper in -t patch SUSE-2024-784=1

* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2024-784=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2024-784=1

* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3
zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2024-784=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP3
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2024-784=1

* SUSE Enterprise Storage 7.1
zypper in -t patch SUSE-Storage-7.1-2024-784=1

## Package List:

* openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586)
* python39-core-debugsource-3.9.18-150300.4.38.1
* python39-tk-debuginfo-3.9.18-150300.4.38.1
* python39-debuginfo-3.9.18-150300.4.38.1
* python39-base-debuginfo-3.9.18-150300.4.38.1
* python39-devel-3.9.18-150300.4.38.1
* python39-curses-3.9.18-150300.4.38.1
* python39-doc-3.9.18-150300.4.38.1
* libpython3_9-1_0-debuginfo-3.9.18-150300.4.38.1
* python39-curses-debuginfo-3.9.18-150300.4.38.1
* python39-dbm-3.9.18-150300.4.38.1
* libpython3_9-1_0-3.9.18-150300.4.38.1
* python39-base-3.9.18-150300.4.38.1
* python39-tk-3.9.18-150300.4.38.1
* python39-idle-3.9.18-150300.4.38.1
* python39-3.9.18-150300.4.38.1
* python39-tools-3.9.18-150300.4.38.1
* python39-doc-devhelp-3.9.18-150300.4.38.1
* python39-testsuite-3.9.18-150300.4.38.1
* python39-debugsource-3.9.18-150300.4.38.1
* python39-dbm-debuginfo-3.9.18-150300.4.38.1
* python39-testsuite-debuginfo-3.9.18-150300.4.38.1
* openSUSE Leap 15.3 (x86_64)
* libpython3_9-1_0-32bit-debuginfo-3.9.18-150300.4.38.1
* python39-32bit-debuginfo-3.9.18-150300.4.38.1
* python39-base-32bit-debuginfo-3.9.18-150300.4.38.1
* python39-32bit-3.9.18-150300.4.38.1
* libpython3_9-1_0-32bit-3.9.18-150300.4.38.1
* python39-base-32bit-3.9.18-150300.4.38.1
* openSUSE Leap 15.3 (aarch64_ilp32)
* libpython3_9-1_0-64bit-debuginfo-3.9.18-150300.4.38.1
* python39-base-64bit-debuginfo-3.9.18-150300.4.38.1
* libpython3_9-1_0-64bit-3.9.18-150300.4.38.1
* python39-64bit-debuginfo-3.9.18-150300.4.38.1
* python39-base-64bit-3.9.18-150300.4.38.1
* python39-64bit-3.9.18-150300.4.38.1
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
* python39-core-debugsource-3.9.18-150300.4.38.1
* python39-tk-debuginfo-3.9.18-150300.4.38.1
* python39-debuginfo-3.9.18-150300.4.38.1
* python39-base-debuginfo-3.9.18-150300.4.38.1
* python39-devel-3.9.18-150300.4.38.1
* python39-curses-3.9.18-150300.4.38.1
* python39-doc-3.9.18-150300.4.38.1
* libpython3_9-1_0-debuginfo-3.9.18-150300.4.38.1
* python39-curses-debuginfo-3.9.18-150300.4.38.1
* python39-dbm-3.9.18-150300.4.38.1
* libpython3_9-1_0-3.9.18-150300.4.38.1
* python39-base-3.9.18-150300.4.38.1
* python39-tk-3.9.18-150300.4.38.1
* python39-idle-3.9.18-150300.4.38.1
* python39-3.9.18-150300.4.38.1
* python39-tools-3.9.18-150300.4.38.1
* python39-doc-devhelp-3.9.18-150300.4.38.1
* python39-testsuite-3.9.18-150300.4.38.1
* python39-debugsource-3.9.18-150300.4.38.1
* python39-dbm-debuginfo-3.9.18-150300.4.38.1
* python39-testsuite-debuginfo-3.9.18-150300.4.38.1
* openSUSE Leap 15.5 (x86_64)
* libpython3_9-1_0-32bit-debuginfo-3.9.18-150300.4.38.1
* python39-32bit-debuginfo-3.9.18-150300.4.38.1
* python39-base-32bit-debuginfo-3.9.18-150300.4.38.1
* python39-32bit-3.9.18-150300.4.38.1
* libpython3_9-1_0-32bit-3.9.18-150300.4.38.1
* python39-base-32bit-3.9.18-150300.4.38.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64
x86_64)
* python39-tk-3.9.18-150300.4.38.1
* python39-core-debugsource-3.9.18-150300.4.38.1
* python39-curses-3.9.18-150300.4.38.1
* python39-tk-debuginfo-3.9.18-150300.4.38.1
* python39-debuginfo-3.9.18-150300.4.38.1
* libpython3_9-1_0-debuginfo-3.9.18-150300.4.38.1
* python39-idle-3.9.18-150300.4.38.1
* python39-debugsource-3.9.18-150300.4.38.1
* python39-dbm-debuginfo-3.9.18-150300.4.38.1
* python39-3.9.18-150300.4.38.1
* python39-base-debuginfo-3.9.18-150300.4.38.1
* python39-curses-debuginfo-3.9.18-150300.4.38.1
* python39-devel-3.9.18-150300.4.38.1
* python39-dbm-3.9.18-150300.4.38.1
* libpython3_9-1_0-3.9.18-150300.4.38.1
* python39-base-3.9.18-150300.4.38.1
* python39-tools-3.9.18-150300.4.38.1
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x
x86_64)
* python39-tk-3.9.18-150300.4.38.1
* python39-core-debugsource-3.9.18-150300.4.38.1
* python39-curses-3.9.18-150300.4.38.1
* python39-tk-debuginfo-3.9.18-150300.4.38.1
* python39-debuginfo-3.9.18-150300.4.38.1
* libpython3_9-1_0-debuginfo-3.9.18-150300.4.38.1
* python39-idle-3.9.18-150300.4.38.1
* python39-debugsource-3.9.18-150300.4.38.1
* python39-dbm-debuginfo-3.9.18-150300.4.38.1
* python39-3.9.18-150300.4.38.1
* python39-base-debuginfo-3.9.18-150300.4.38.1
* python39-curses-debuginfo-3.9.18-150300.4.38.1
* python39-devel-3.9.18-150300.4.38.1
* python39-dbm-3.9.18-150300.4.38.1
* libpython3_9-1_0-3.9.18-150300.4.38.1
* python39-base-3.9.18-150300.4.38.1
* python39-tools-3.9.18-150300.4.38.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64)
* python39-tk-3.9.18-150300.4.38.1
* python39-core-debugsource-3.9.18-150300.4.38.1
* python39-curses-3.9.18-150300.4.38.1
* python39-tk-debuginfo-3.9.18-150300.4.38.1
* python39-debuginfo-3.9.18-150300.4.38.1
* libpython3_9-1_0-debuginfo-3.9.18-150300.4.38.1
* python39-idle-3.9.18-150300.4.38.1
* python39-debugsource-3.9.18-150300.4.38.1
* python39-dbm-debuginfo-3.9.18-150300.4.38.1
* python39-3.9.18-150300.4.38.1
* python39-base-debuginfo-3.9.18-150300.4.38.1
* python39-curses-debuginfo-3.9.18-150300.4.38.1
* python39-devel-3.9.18-150300.4.38.1
* python39-dbm-3.9.18-150300.4.38.1
* libpython3_9-1_0-3.9.18-150300.4.38.1
* python39-base-3.9.18-150300.4.38.1
* python39-tools-3.9.18-150300.4.38.1
* SUSE Enterprise Storage 7.1 (aarch64 x86_64)
* python39-tk-3.9.18-150300.4.38.1
* python39-core-debugsource-3.9.18-150300.4.38.1
* python39-curses-3.9.18-150300.4.38.1
* python39-tk-debuginfo-3.9.18-150300.4.38.1
* python39-debuginfo-3.9.18-150300.4.38.1
* libpython3_9-1_0-debuginfo-3.9.18-150300.4.38.1
* python39-idle-3.9.18-150300.4.38.1
* python39-debugsource-3.9.18-150300.4.38.1
* python39-dbm-debuginfo-3.9.18-150300.4.38.1
* python39-3.9.18-150300.4.38.1
* python39-base-debuginfo-3.9.18-150300.4.38.1
* python39-curses-debuginfo-3.9.18-150300.4.38.1
* python39-devel-3.9.18-150300.4.38.1
* python39-dbm-3.9.18-150300.4.38.1
* libpython3_9-1_0-3.9.18-150300.4.38.1
* python39-base-3.9.18-150300.4.38.1
* python39-tools-3.9.18-150300.4.38.1

## References:

* https://www.suse.com/security/cve/CVE-2022-25236.html
* https://www.suse.com/security/cve/CVE-2023-27043.html
* https://www.suse.com/security/cve/CVE-2023-40217.html
* https://www.suse.com/security/cve/CVE-2023-6597.html
* https://bugzilla.suse.com/show_bug.cgi?id=1196025
* https://bugzilla.suse.com/show_bug.cgi?id=1210638
* https://bugzilla.suse.com/show_bug.cgi?id=1212015
* https://bugzilla.suse.com/show_bug.cgi?id=1214692
* https://bugzilla.suse.com/show_bug.cgi?id=1215454
* https://bugzilla.suse.com/show_bug.cgi?id=1219666
* https://jira.suse.com/browse/PED-7886
* https://jira.suse.com/browse/SLE-21253



SUSE-SU-2024:0769-1: critical: Security update for postgresql-jdbc


# Security update for postgresql-jdbc

Announcement ID: SUSE-SU-2024:0769-1
Rating: critical
References:

* bsc#1220644

Cross-References:

* CVE-2024-1597

CVSS scores:

* CVE-2024-1597 ( SUSE ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.3
* SUSE Enterprise Storage 7.1
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP3

An update that solves one vulnerability can now be installed.

## Description:

This update for postgresql-jdbc fixes the following issues:

* CVE-2024-1597: Fixed SQL Injection via line comment generation
(bsc#1220644).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.3
zypper in -t patch SUSE-2024-769=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2024-769=1

* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3
zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2024-769=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP3
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2024-769=1

* SUSE Enterprise Storage 7.1
zypper in -t patch SUSE-Storage-7.1-2024-769=1

## Package List:

* openSUSE Leap 15.3 (noarch)
* postgresql-jdbc-42.2.25-150300.3.14.1
* postgresql-jdbc-javadoc-42.2.25-150300.3.14.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch)
* postgresql-jdbc-42.2.25-150300.3.14.1
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch)
* postgresql-jdbc-42.2.25-150300.3.14.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch)
* postgresql-jdbc-42.2.25-150300.3.14.1
* SUSE Enterprise Storage 7.1 (noarch)
* postgresql-jdbc-42.2.25-150300.3.14.1

## References:

* https://www.suse.com/security/cve/CVE-2024-1597.html
* https://bugzilla.suse.com/show_bug.cgi?id=1220644



SUSE-SU-2024:0770-1: important: Security update for kernel-firmware-nvidia-gspx-G06, nvidia-open-driver-G06-signed


# Security update for kernel-firmware-nvidia-gspx-G06, nvidia-open-
driver-G06-signed

Announcement ID: SUSE-SU-2024:0770-1
Rating: important
References:

* bsc#1220552
* jsc#PED-7117

Cross-References:

* CVE-2022-42265
* CVE-2024-0074
* CVE-2024-0075

CVSS scores:

* CVE-2022-42265 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
* CVE-2022-42265 ( NVD ): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
* CVE-2024-0074 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
* CVE-2024-0075 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* openSUSE Leap 15.4
* SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro for Rancher 5.3
* SUSE Linux Enterprise Micro for Rancher 5.4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3

An update that solves three vulnerabilities and contains one feature can now be
installed.

## Description:

This update for kernel-firmware-nvidia-gspx-G06, nvidia-open-driver-G06-signed
fixes the following issues:

Update to 550.54.14

* Added vGPU Host and vGPU Guest support. For vGPU Host, please refer to the
README.vgpu packaged in the vGPU Host Package for more details.

Security issues fixed:

* CVE-2024-0074: A user could trigger a NULL ptr dereference.
* CVE-2024-0075: A user could overwrite the end of a buffer, leading to
crashes or code execution.
* CVE-2022-42265: A unprivileged user could trigger an integer overflow which
could lead to crashes or code execution.

* create /run/udev/static_node-tags/uaccess/nvidia${devid} symlinks also
during modprobing the nvidia module; this changes the issue of not having
access to /dev/nvidia${devid}, when gfxcard has been replaced by a different
gfx card after installing the driver

* provide nvidia-open-driver-G06-kmp (jsc#PED-7117)

* this makes it easy to replace the package from nVidia's CUDA repository with
this presigned package

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2024-770=1

* SUSE Linux Enterprise Micro 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2024-770=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-770=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-770=1

* SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4
zypper in -t patch SUSE-SLE-Product-SLED-15-SP4-LTSS-2024-770=1

* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-770=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2024-770=1

* SUSE Manager Proxy 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2024-770=1

* SUSE Manager Retail Branch Server 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-
Server-4.3-2024-770=1

* SUSE Manager Server 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2024-770=1

* openSUSE Leap 15.4
zypper in -t patch SUSE-2024-770=1

* SUSE Linux Enterprise Micro for Rancher 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2024-770=1

* SUSE Linux Enterprise Micro 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2024-770=1

## Package List:

* SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 nosrc x86_64)
* kernel-firmware-nvidia-gspx-G06-550.54.14-150400.9.21.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 x86_64)
* nvidia-open-driver-G06-signed-kmp-default-550.54.14_k5.14.21_150400.24.108-150400.9.50.1
* nvidia-open-driver-G06-signed-debugsource-550.54.14-150400.9.50.1
* nvidia-open-driver-G06-signed-kmp-default-debuginfo-550.54.14_k5.14.21_150400.24.108-150400.9.50.1
* SUSE Linux Enterprise Micro 5.4 (aarch64 nosrc x86_64)
* kernel-firmware-nvidia-gspx-G06-550.54.14-150400.9.21.1
* SUSE Linux Enterprise Micro 5.4 (aarch64 x86_64)
* nvidia-open-driver-G06-signed-kmp-default-550.54.14_k5.14.21_150400.24.108-150400.9.50.1
* nvidia-open-driver-G06-signed-debugsource-550.54.14-150400.9.50.1
* nvidia-open-driver-G06-signed-kmp-default-debuginfo-550.54.14_k5.14.21_150400.24.108-150400.9.50.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 nosrc
x86_64)
* kernel-firmware-nvidia-gspx-G06-550.54.14-150400.9.21.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64)
* nvidia-open-driver-G06-signed-kmp-64kb-debuginfo-550.54.14_k5.14.21_150400.24.108-150400.9.50.1
* nvidia-open-driver-G06-signed-64kb-devel-550.54.14-150400.9.50.1
* nvidia-open-driver-G06-signed-kmp-64kb-550.54.14_k5.14.21_150400.24.108-150400.9.50.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* nvidia-open-driver-G06-signed-kmp-default-550.54.14_k5.14.21_150400.24.108-150400.9.50.1
* nvidia-open-driver-G06-signed-debugsource-550.54.14-150400.9.50.1
* nvidia-open-driver-G06-signed-default-devel-550.54.14-150400.9.50.1
* nvidia-open-driver-G06-signed-kmp-default-debuginfo-550.54.14_k5.14.21_150400.24.108-150400.9.50.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 nosrc
x86_64)
* kernel-firmware-nvidia-gspx-G06-550.54.14-150400.9.21.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64)
* nvidia-open-driver-G06-signed-kmp-64kb-debuginfo-550.54.14_k5.14.21_150400.24.108-150400.9.50.1
* nvidia-open-driver-G06-signed-64kb-devel-550.54.14-150400.9.50.1
* nvidia-open-driver-G06-signed-kmp-64kb-550.54.14_k5.14.21_150400.24.108-150400.9.50.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* nvidia-open-driver-G06-signed-kmp-default-550.54.14_k5.14.21_150400.24.108-150400.9.50.1
* nvidia-open-driver-G06-signed-debugsource-550.54.14-150400.9.50.1
* nvidia-open-driver-G06-signed-default-devel-550.54.14-150400.9.50.1
* nvidia-open-driver-G06-signed-kmp-default-debuginfo-550.54.14_k5.14.21_150400.24.108-150400.9.50.1
* SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (nosrc x86_64)
* kernel-firmware-nvidia-gspx-G06-550.54.14-150400.9.21.1
* SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (x86_64)
* nvidia-open-driver-G06-signed-kmp-default-550.54.14_k5.14.21_150400.24.108-150400.9.50.1
* nvidia-open-driver-G06-signed-debugsource-550.54.14-150400.9.50.1
* nvidia-open-driver-G06-signed-default-devel-550.54.14-150400.9.50.1
* nvidia-open-driver-G06-signed-kmp-default-debuginfo-550.54.14_k5.14.21_150400.24.108-150400.9.50.1
* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (aarch64 nosrc x86_64)
* kernel-firmware-nvidia-gspx-G06-550.54.14-150400.9.21.1
* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (aarch64)
* nvidia-open-driver-G06-signed-kmp-64kb-debuginfo-550.54.14_k5.14.21_150400.24.108-150400.9.50.1
* nvidia-open-driver-G06-signed-64kb-devel-550.54.14-150400.9.50.1
* nvidia-open-driver-G06-signed-kmp-64kb-550.54.14_k5.14.21_150400.24.108-150400.9.50.1
* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (aarch64 x86_64)
* nvidia-open-driver-G06-signed-kmp-default-550.54.14_k5.14.21_150400.24.108-150400.9.50.1
* nvidia-open-driver-G06-signed-debugsource-550.54.14-150400.9.50.1
* nvidia-open-driver-G06-signed-default-devel-550.54.14-150400.9.50.1
* nvidia-open-driver-G06-signed-kmp-default-debuginfo-550.54.14_k5.14.21_150400.24.108-150400.9.50.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (nosrc x86_64)
* kernel-firmware-nvidia-gspx-G06-550.54.14-150400.9.21.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (x86_64)
* nvidia-open-driver-G06-signed-kmp-default-550.54.14_k5.14.21_150400.24.108-150400.9.50.1
* nvidia-open-driver-G06-signed-debugsource-550.54.14-150400.9.50.1
* nvidia-open-driver-G06-signed-default-devel-550.54.14-150400.9.50.1
* nvidia-open-driver-G06-signed-kmp-default-debuginfo-550.54.14_k5.14.21_150400.24.108-150400.9.50.1
* SUSE Manager Proxy 4.3 (nosrc x86_64)
* kernel-firmware-nvidia-gspx-G06-550.54.14-150400.9.21.1
* SUSE Manager Proxy 4.3 (x86_64)
* nvidia-open-driver-G06-signed-kmp-default-550.54.14_k5.14.21_150400.24.108-150400.9.50.1
* nvidia-open-driver-G06-signed-debugsource-550.54.14-150400.9.50.1
* nvidia-open-driver-G06-signed-default-devel-550.54.14-150400.9.50.1
* nvidia-open-driver-G06-signed-kmp-default-debuginfo-550.54.14_k5.14.21_150400.24.108-150400.9.50.1
* SUSE Manager Retail Branch Server 4.3 (nosrc x86_64)
* kernel-firmware-nvidia-gspx-G06-550.54.14-150400.9.21.1
* SUSE Manager Retail Branch Server 4.3 (x86_64)
* nvidia-open-driver-G06-signed-kmp-default-550.54.14_k5.14.21_150400.24.108-150400.9.50.1
* nvidia-open-driver-G06-signed-debugsource-550.54.14-150400.9.50.1
* nvidia-open-driver-G06-signed-default-devel-550.54.14-150400.9.50.1
* nvidia-open-driver-G06-signed-kmp-default-debuginfo-550.54.14_k5.14.21_150400.24.108-150400.9.50.1
* SUSE Manager Server 4.3 (nosrc x86_64)
* kernel-firmware-nvidia-gspx-G06-550.54.14-150400.9.21.1
* SUSE Manager Server 4.3 (x86_64)
* nvidia-open-driver-G06-signed-kmp-default-550.54.14_k5.14.21_150400.24.108-150400.9.50.1
* nvidia-open-driver-G06-signed-debugsource-550.54.14-150400.9.50.1
* nvidia-open-driver-G06-signed-default-devel-550.54.14-150400.9.50.1
* nvidia-open-driver-G06-signed-kmp-default-debuginfo-550.54.14_k5.14.21_150400.24.108-150400.9.50.1
* openSUSE Leap 15.4 (aarch64 nosrc x86_64)
* kernel-firmware-nvidia-gspx-G06-550.54.14-150400.9.21.1
* openSUSE Leap 15.4 (x86_64)
* nvidia-open-driver-G06-signed-kmp-azure-debuginfo-550.54.14_k5.14.21_150400.14.75-150400.9.50.1
* nvidia-open-driver-G06-signed-kmp-azure-550.54.14_k5.14.21_150400.14.75-150400.9.50.1
* nvidia-open-driver-G06-signed-azure-devel-550.54.14-150400.9.50.1
* openSUSE Leap 15.4 (aarch64 x86_64)
* nvidia-open-driver-G06-signed-kmp-default-550.54.14_k5.14.21_150400.24.108-150400.9.50.1
* nvidia-open-driver-G06-signed-debugsource-550.54.14-150400.9.50.1
* nvidia-open-driver-G06-signed-default-devel-550.54.14-150400.9.50.1
* nvidia-open-driver-G06-signed-kmp-default-debuginfo-550.54.14_k5.14.21_150400.24.108-150400.9.50.1
* openSUSE Leap 15.4 (aarch64)
* nvidia-open-driver-G06-signed-kmp-64kb-debuginfo-550.54.14_k5.14.21_150400.24.108-150400.9.50.1
* nvidia-open-driver-G06-signed-64kb-devel-550.54.14-150400.9.50.1
* nvidia-open-driver-G06-signed-kmp-64kb-550.54.14_k5.14.21_150400.24.108-150400.9.50.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 nosrc x86_64)
* kernel-firmware-nvidia-gspx-G06-550.54.14-150400.9.21.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 x86_64)
* nvidia-open-driver-G06-signed-kmp-default-550.54.14_k5.14.21_150400.24.108-150400.9.50.1
* nvidia-open-driver-G06-signed-debugsource-550.54.14-150400.9.50.1
* nvidia-open-driver-G06-signed-kmp-default-debuginfo-550.54.14_k5.14.21_150400.24.108-150400.9.50.1
* SUSE Linux Enterprise Micro 5.3 (aarch64 nosrc x86_64)
* kernel-firmware-nvidia-gspx-G06-550.54.14-150400.9.21.1
* SUSE Linux Enterprise Micro 5.3 (aarch64 x86_64)
* nvidia-open-driver-G06-signed-kmp-default-550.54.14_k5.14.21_150400.24.108-150400.9.50.1
* nvidia-open-driver-G06-signed-debugsource-550.54.14-150400.9.50.1
* nvidia-open-driver-G06-signed-kmp-default-debuginfo-550.54.14_k5.14.21_150400.24.108-150400.9.50.1

## References:

* https://www.suse.com/security/cve/CVE-2022-42265.html
* https://www.suse.com/security/cve/CVE-2024-0074.html
* https://www.suse.com/security/cve/CVE-2024-0075.html
* https://bugzilla.suse.com/show_bug.cgi?id=1220552
* https://jira.suse.com/browse/PED-7117



SUSE-SU-2024:0765-1: important: Security update for rubygem-rack


# Security update for rubygem-rack

Announcement ID: SUSE-SU-2024:0765-1
Rating: important
References:

* bsc#1220239
* bsc#1220242
* bsc#1220248

Cross-References:

* CVE-2024-25126
* CVE-2024-26141
* CVE-2024-26146

CVSS scores:

* CVE-2024-25126 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-26141 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-26146 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Affected Products:

* openSUSE Leap 15.5
* SUSE Linux Enterprise High Availability Extension 15 SP2
* SUSE Linux Enterprise High Availability Extension 15 SP3
* SUSE Linux Enterprise High Availability Extension 15 SP4
* SUSE Linux Enterprise High Availability Extension 15 SP5
* SUSE Linux Enterprise High Performance Computing 15 SP2
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Server 15 SP2
* SUSE Linux Enterprise Server 15 SP2 Business Critical Linux 15-SP2
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server 15 SP3 Business Critical Linux 15-SP3
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP2
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Manager Proxy 4.1
* SUSE Manager Proxy 4.2
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.1
* SUSE Manager Retail Branch Server 4.2
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.1
* SUSE Manager Server 4.2
* SUSE Manager Server 4.3

An update that solves three vulnerabilities can now be installed.

## Description:

This update for rubygem-rack fixes the following issues:

* CVE-2024-25126: Fixed a denial-of-service vulnerability in Rack Content-Type
parsing (bsc#1220239).
* CVE-2024-26141: Fixed a denial-of-service vulnerability in Range request
header parsing (bsc#1220242).
* CVE-2024-26146: Fixed a denial-of-service vulnerability in Rack headers
parsing routine (bsc#1220248).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2024-765=1

* SUSE Linux Enterprise High Availability Extension 15 SP2
zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2024-765=1

* SUSE Linux Enterprise High Availability Extension 15 SP3
zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2024-765=1

* SUSE Linux Enterprise High Availability Extension 15 SP4
zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2024-765=1

* SUSE Linux Enterprise High Availability Extension 15 SP5
zypper in -t patch SUSE-SLE-Product-HA-15-SP5-2024-765=1

## Package List:

* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
* ruby2.5-rubygem-rack-doc-2.0.8-150000.3.21.2
* ruby2.5-rubygem-rack-testsuite-2.0.8-150000.3.21.2
* ruby2.5-rubygem-rack-2.0.8-150000.3.21.2
* SUSE Linux Enterprise High Availability Extension 15 SP2 (aarch64 ppc64le
s390x x86_64)
* ruby2.5-rubygem-rack-2.0.8-150000.3.21.2
* SUSE Linux Enterprise High Availability Extension 15 SP3 (aarch64 ppc64le
s390x x86_64)
* ruby2.5-rubygem-rack-2.0.8-150000.3.21.2
* SUSE Linux Enterprise High Availability Extension 15 SP4 (aarch64 ppc64le
s390x x86_64)
* ruby2.5-rubygem-rack-2.0.8-150000.3.21.2
* SUSE Linux Enterprise High Availability Extension 15 SP5 (aarch64 ppc64le
s390x x86_64)
* ruby2.5-rubygem-rack-2.0.8-150000.3.21.2

## References:

* https://www.suse.com/security/cve/CVE-2024-25126.html
* https://www.suse.com/security/cve/CVE-2024-26141.html
* https://www.suse.com/security/cve/CVE-2024-26146.html
* https://bugzilla.suse.com/show_bug.cgi?id=1220239
* https://bugzilla.suse.com/show_bug.cgi?id=1220242
* https://bugzilla.suse.com/show_bug.cgi?id=1220248



SUSE-SU-2024:0763-1: moderate: Security update for python-cryptography


# Security update for python-cryptography

Announcement ID: SUSE-SU-2024:0763-1
Rating: moderate
References:

* bsc#1220210

Cross-References:

* CVE-2024-26130

CVSS scores:

* CVE-2024-26130 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* openSUSE Leap 15.4
* openSUSE Leap 15.5
* Python 3 Module 15-SP5
* SUSE Linux Enterprise Desktop 15 SP5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP5

An update that solves one vulnerability can now be installed.

## Description:

This update for python-cryptography fixes the following issues:

* CVE-2024-26130: Fixed NULL pointer dereference in
pkcs12.serialize_key_and_certificates() (bsc#1220210).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2024-763=1

* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2024-763=1

* Python 3 Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Python3-15-SP5-2024-763=1

## Package List:

* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
* python-cryptography-debugsource-41.0.3-150400.16.15.1
* python311-cryptography-debuginfo-41.0.3-150400.16.15.1
* python311-cryptography-41.0.3-150400.16.15.1
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
* python-cryptography-debugsource-41.0.3-150400.16.15.1
* python311-cryptography-debuginfo-41.0.3-150400.16.15.1
* python311-cryptography-41.0.3-150400.16.15.1
* Python 3 Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* python-cryptography-debugsource-41.0.3-150400.16.15.1
* python311-cryptography-debuginfo-41.0.3-150400.16.15.1
* python311-cryptography-41.0.3-150400.16.15.1

## References:

* https://www.suse.com/security/cve/CVE-2024-26130.html
* https://bugzilla.suse.com/show_bug.cgi?id=1220210



SUSE-SU-2024:0764-1: important: Security update for wpa_supplicant


# Security update for wpa_supplicant

Announcement ID: SUSE-SU-2024:0764-1
Rating: important
References:

* bsc#1219975

Cross-References:

* CVE-2023-52160

CVSS scores:

* CVE-2023-52160 ( SUSE ): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-52160 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Affected Products:

* Basesystem Module 15-SP5
* openSUSE Leap 15.5
* SUSE Linux Enterprise Desktop 15 SP5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP5

An update that solves one vulnerability can now be installed.

## Description:

This update for wpa_supplicant fixes the following issues:

* CVE-2023-52160: Bypassing WiFi Authentication (bsc#1219975).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* Basesystem Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2024-764=1

* openSUSE Leap 15.5
zypper in -t patch SUSE-2024-764=1 openSUSE-SLE-15.5-2024-764=1

* SUSE Linux Enterprise Micro 5.5
zypper in -t patch SUSE-SLE-Micro-5.5-2024-764=1

## Package List:

* Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* wpa_supplicant-2.10-150500.3.3.1
* wpa_supplicant-debugsource-2.10-150500.3.3.1
* wpa_supplicant-debuginfo-2.10-150500.3.3.1
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586)
* wpa_supplicant-debugsource-2.10-150500.3.3.1
* wpa_supplicant-gui-2.10-150500.3.3.1
* wpa_supplicant-gui-debuginfo-2.10-150500.3.3.1
* wpa_supplicant-2.10-150500.3.3.1
* wpa_supplicant-debuginfo-2.10-150500.3.3.1
* SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64)
* wpa_supplicant-2.10-150500.3.3.1
* wpa_supplicant-debugsource-2.10-150500.3.3.1
* wpa_supplicant-debuginfo-2.10-150500.3.3.1

## References:

* https://www.suse.com/security/cve/CVE-2023-52160.html
* https://bugzilla.suse.com/show_bug.cgi?id=1219975



SUSE-SU-2024:0743-1: moderate: Security update for sendmail


# Security update for sendmail

Announcement ID: SUSE-SU-2024:0743-1
Rating: moderate
References:

* bsc#1218351

Cross-References:

* CVE-2023-51765

CVSS scores:

* CVE-2023-51765 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
* CVE-2023-51765 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Affected Products:

* Basesystem Module 15-SP5
* openSUSE Leap 15.5
* SUSE Linux Enterprise Desktop 15 SP5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Package Hub 15 15-SP5

An update that solves one vulnerability can now be installed.

## Description:

This update for sendmail fixes the following issues:

* CVE-2023-51765: Fixed new SMTP smuggling attack. (bsc#1218351)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2024-743=1

* Basesystem Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2024-743=1

* SUSE Package Hub 15 15-SP5
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2024-743=1

## Package List:

* openSUSE Leap 15.5 (noarch)
* sendmail-starttls-8.15.2-150000.8.12.1
* libmilter-doc-8.15.2-150000.8.12.1
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
* sendmail-devel-8.15.2-150000.8.12.1
* rmail-debuginfo-8.15.2-150000.8.12.1
* libmilter1_0-debuginfo-8.15.2-150000.8.12.1
* libmilter1_0-8.15.2-150000.8.12.1
* sendmail-8.15.2-150000.8.12.1
* sendmail-debuginfo-8.15.2-150000.8.12.1
* rmail-8.15.2-150000.8.12.1
* sendmail-debugsource-8.15.2-150000.8.12.1
* Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* libmilter1_0-debuginfo-8.15.2-150000.8.12.1
* sendmail-debugsource-8.15.2-150000.8.12.1
* sendmail-debuginfo-8.15.2-150000.8.12.1
* libmilter1_0-8.15.2-150000.8.12.1
* SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x x86_64)
* rmail-debuginfo-8.15.2-150000.8.12.1
* sendmail-debugsource-8.15.2-150000.8.12.1
* rmail-8.15.2-150000.8.12.1
* sendmail-debuginfo-8.15.2-150000.8.12.1

## References:

* https://www.suse.com/security/cve/CVE-2023-51765.html
* https://bugzilla.suse.com/show_bug.cgi?id=1218351



SUSE-SU-2024:0728-1: important: Security update for nodejs16


# Security update for nodejs16

Announcement ID: SUSE-SU-2024:0728-1
Rating: important
References:

* bsc#1219993
* bsc#1219997
* bsc#1220014
* bsc#1220017
* bsc#1220053

Cross-References:

* CVE-2023-46809
* CVE-2024-22019
* CVE-2024-22025
* CVE-2024-24758
* CVE-2024-24806

CVSS scores:

* CVE-2023-46809 ( SUSE ): 6.8 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2024-22019 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-24758 ( SUSE ): 3.9 CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L
* CVE-2024-24806 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2024-24806 ( NVD ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Affected Products:

* openSUSE Leap 15.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Manager Server 4.3

An update that solves five vulnerabilities can now be installed.

## Description:

This update for nodejs16 fixes the following issues:

Security issues fixed:

* CVE-2023-46809: Node.js is vulnerable to the Marvin Attack (timing variant
of the Bleichenbacher attack against PKCS#1 v1.5 padding) (bsc#1219997).
* CVE-2024-22019: http: Reading unprocessed HTTP request with unbounded chunk
extension allows DoS attacks (bsc#1219993).
* CVE-2024-22025: Denial of Service by resource exhaustion in fetch() brotli
decoding (bsc#1220014).
* CVE-2024-24758: ignore proxy-authorization header (bsc#1220017).
* CVE-2024-24806: fix improper domain lookup that potentially leads to SSRF
attacks (bsc#1219724).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2024-728=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-728=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-728=1

* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-728=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2024-728=1

* SUSE Manager Server 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2024-728=1

## Package List:

* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
* nodejs16-debugsource-16.20.2-150400.3.30.1
* nodejs16-16.20.2-150400.3.30.1
* npm16-16.20.2-150400.3.30.1
* nodejs16-debuginfo-16.20.2-150400.3.30.1
* nodejs16-devel-16.20.2-150400.3.30.1
* corepack16-16.20.2-150400.3.30.1
* openSUSE Leap 15.4 (noarch)
* nodejs16-docs-16.20.2-150400.3.30.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* nodejs16-debugsource-16.20.2-150400.3.30.1
* nodejs16-16.20.2-150400.3.30.1
* npm16-16.20.2-150400.3.30.1
* nodejs16-debuginfo-16.20.2-150400.3.30.1
* nodejs16-devel-16.20.2-150400.3.30.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch)
* nodejs16-docs-16.20.2-150400.3.30.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* nodejs16-debugsource-16.20.2-150400.3.30.1
* nodejs16-16.20.2-150400.3.30.1
* npm16-16.20.2-150400.3.30.1
* nodejs16-debuginfo-16.20.2-150400.3.30.1
* nodejs16-devel-16.20.2-150400.3.30.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch)
* nodejs16-docs-16.20.2-150400.3.30.1
* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (aarch64 ppc64le s390x
x86_64)
* nodejs16-debugsource-16.20.2-150400.3.30.1
* nodejs16-16.20.2-150400.3.30.1
* npm16-16.20.2-150400.3.30.1
* nodejs16-debuginfo-16.20.2-150400.3.30.1
* nodejs16-devel-16.20.2-150400.3.30.1
* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (noarch)
* nodejs16-docs-16.20.2-150400.3.30.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* nodejs16-debugsource-16.20.2-150400.3.30.1
* nodejs16-16.20.2-150400.3.30.1
* npm16-16.20.2-150400.3.30.1
* nodejs16-debuginfo-16.20.2-150400.3.30.1
* nodejs16-devel-16.20.2-150400.3.30.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch)
* nodejs16-docs-16.20.2-150400.3.30.1
* SUSE Manager Server 4.3 (ppc64le s390x x86_64)
* nodejs16-debugsource-16.20.2-150400.3.30.1
* nodejs16-16.20.2-150400.3.30.1
* npm16-16.20.2-150400.3.30.1
* nodejs16-debuginfo-16.20.2-150400.3.30.1
* nodejs16-devel-16.20.2-150400.3.30.1
* SUSE Manager Server 4.3 (noarch)
* nodejs16-docs-16.20.2-150400.3.30.1

## References:

* https://www.suse.com/security/cve/CVE-2023-46809.html
* https://www.suse.com/security/cve/CVE-2024-22019.html
* https://www.suse.com/security/cve/CVE-2024-22025.html
* https://www.suse.com/security/cve/CVE-2024-24758.html
* https://www.suse.com/security/cve/CVE-2024-24806.html
* https://bugzilla.suse.com/show_bug.cgi?id=1219993
* https://bugzilla.suse.com/show_bug.cgi?id=1219997
* https://bugzilla.suse.com/show_bug.cgi?id=1220014
* https://bugzilla.suse.com/show_bug.cgi?id=1220017
* https://bugzilla.suse.com/show_bug.cgi?id=1220053



SUSE-SU-2024:0729-1: important: Security update for nodejs16


# Security update for nodejs16

Announcement ID: SUSE-SU-2024:0729-1
Rating: important
References:

* bsc#1219993
* bsc#1219997
* bsc#1220014
* bsc#1220017
* bsc#1220053

Cross-References:

* CVE-2023-46809
* CVE-2024-22019
* CVE-2024-22025
* CVE-2024-24758
* CVE-2024-24806

CVSS scores:

* CVE-2023-46809 ( SUSE ): 6.8 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2024-22019 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-24758 ( SUSE ): 3.9 CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L
* CVE-2024-24806 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2024-24806 ( NVD ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Affected Products:

* openSUSE Leap 15.3
* SUSE Enterprise Storage 7.1
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP3

An update that solves five vulnerabilities can now be installed.

## Description:

This update for nodejs16 fixes the following issues:

Security issues fixed:

* CVE-2023-46809: Node.js is vulnerable to the Marvin Attack (timing variant
of the Bleichenbacher attack against PKCS#1 v1.5 padding) (bsc#1219997).
* CVE-2024-22019: http: Reading unprocessed HTTP request with unbounded chunk
extension allows DoS attacks (bsc#1219993).
* CVE-2024-22025: Denial of Service by resource exhaustion in fetch() brotli
decoding (bsc#1220014).
* CVE-2024-24758: ignore proxy-authorization header (bsc#1220017).
* CVE-2024-24806: fix improper domain lookup that potentially leads to SSRF
attacks (bsc#1219724).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.3
zypper in -t patch SUSE-2024-729=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2024-729=1

* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3
zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2024-729=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP3
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2024-729=1

* SUSE Enterprise Storage 7.1
zypper in -t patch SUSE-Storage-7.1-2024-729=1

## Package List:

* openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586)
* corepack16-16.20.2-150300.7.33.1
* npm16-16.20.2-150300.7.33.1
* nodejs16-debugsource-16.20.2-150300.7.33.1
* nodejs16-devel-16.20.2-150300.7.33.1
* nodejs16-debuginfo-16.20.2-150300.7.33.1
* nodejs16-16.20.2-150300.7.33.1
* openSUSE Leap 15.3 (noarch)
* nodejs16-docs-16.20.2-150300.7.33.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64
x86_64)
* npm16-16.20.2-150300.7.33.1
* nodejs16-debugsource-16.20.2-150300.7.33.1
* nodejs16-devel-16.20.2-150300.7.33.1
* nodejs16-debuginfo-16.20.2-150300.7.33.1
* nodejs16-16.20.2-150300.7.33.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch)
* nodejs16-docs-16.20.2-150300.7.33.1
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x
x86_64)
* npm16-16.20.2-150300.7.33.1
* nodejs16-debugsource-16.20.2-150300.7.33.1
* nodejs16-devel-16.20.2-150300.7.33.1
* nodejs16-debuginfo-16.20.2-150300.7.33.1
* nodejs16-16.20.2-150300.7.33.1
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch)
* nodejs16-docs-16.20.2-150300.7.33.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64)
* npm16-16.20.2-150300.7.33.1
* nodejs16-debugsource-16.20.2-150300.7.33.1
* nodejs16-devel-16.20.2-150300.7.33.1
* nodejs16-debuginfo-16.20.2-150300.7.33.1
* nodejs16-16.20.2-150300.7.33.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch)
* nodejs16-docs-16.20.2-150300.7.33.1
* SUSE Enterprise Storage 7.1 (aarch64 x86_64)
* npm16-16.20.2-150300.7.33.1
* nodejs16-debugsource-16.20.2-150300.7.33.1
* nodejs16-devel-16.20.2-150300.7.33.1
* nodejs16-debuginfo-16.20.2-150300.7.33.1
* nodejs16-16.20.2-150300.7.33.1
* SUSE Enterprise Storage 7.1 (noarch)
* nodejs16-docs-16.20.2-150300.7.33.1

## References:

* https://www.suse.com/security/cve/CVE-2023-46809.html
* https://www.suse.com/security/cve/CVE-2024-22019.html
* https://www.suse.com/security/cve/CVE-2024-22025.html
* https://www.suse.com/security/cve/CVE-2024-24758.html
* https://www.suse.com/security/cve/CVE-2024-24806.html
* https://bugzilla.suse.com/show_bug.cgi?id=1219993
* https://bugzilla.suse.com/show_bug.cgi?id=1219997
* https://bugzilla.suse.com/show_bug.cgi?id=1220014
* https://bugzilla.suse.com/show_bug.cgi?id=1220017
* https://bugzilla.suse.com/show_bug.cgi?id=1220053



SUSE-SU-2023:2760-2: moderate: Security update for dnsdist


# Security update for dnsdist

Announcement ID: SUSE-SU-2023:2760-2
Rating: moderate
References:

* bsc#1054799
* bsc#1054802
* bsc#1114511

Cross-References:

* CVE-2016-7069
* CVE-2017-7557
* CVE-2018-14663

CVSS scores:

* CVE-2016-7069 ( NVD ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2017-7557 ( NVD ): 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2018-14663 ( NVD ): 5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Affected Products:

* Basesystem Module 15-SP5
* openSUSE Leap 15.4
* openSUSE Leap 15.5
* SUSE Linux Enterprise Desktop 15 SP5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP5

An update that solves three vulnerabilities can now be installed.

## Description:

This update for dnsdist fixes the following issues:

* update to 1.8.0
* Implements dnsdist in SLE15 (jsc#PED-3402)
* Security fix: fixes a possible record smugging with a crafted DNS query with
trailing data (CVE-2018-14663, bsc#1114511)

* update to 1.2.0 (bsc#1054799, bsc#1054802) This release also addresses two
security issues of low severity, CVE-2016-7069 and CVE-2017-7557. The first
issue can lead to a denial of service on 32-bit if a backend sends crafted
answers, and the second to an alteration of dnsdist’s ACL if the API is
enabled, writable and an authenticated user is tricked into visiting a
crafted website.

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* Basesystem Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-2760=1

* openSUSE Leap 15.4
zypper in -t patch openSUSE-SLE-15.4-2023-2760=1

* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2023-2760=1

## Package List:

* Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* libluajit-5_1-2-2.1.0~beta3+git.1624618403.e9577376-150400.4.2.1
* dnsdist-debugsource-1.8.0-150400.9.3.1
* dnsdist-debuginfo-1.8.0-150400.9.3.1
* dnsdist-1.8.0-150400.9.3.1
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64)
* libluajit-5_1-2-2.1.0~beta3+git.1624618403.e9577376-150400.4.2.1
* dnsdist-debugsource-1.8.0-150400.9.3.1
* luajit-2.1.0~beta3+git.1624618403.e9577376-150400.4.2.1
* luajit-debugsource-2.1.0~beta3+git.1624618403.e9577376-150400.4.2.1
* libluajit-5_1-2-debuginfo-2.1.0~beta3+git.1624618403.e9577376-150400.4.2.1
* dnsdist-debuginfo-1.8.0-150400.9.3.1
* luajit-debuginfo-2.1.0~beta3+git.1624618403.e9577376-150400.4.2.1
* luajit-devel-2.1.0~beta3+git.1624618403.e9577376-150400.4.2.1
* dnsdist-1.8.0-150400.9.3.1
* openSUSE Leap 15.4 (x86_64)
* libluajit-5_1-2-32bit-2.1.0~beta3+git.1624618403.e9577376-150400.4.2.1
* libluajit-5_1-2-32bit-debuginfo-2.1.0~beta3+git.1624618403.e9577376-150400.4.2.1
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
* libluajit-5_1-2-2.1.0~beta3+git.1624618403.e9577376-150400.4.2.1
* dnsdist-debugsource-1.8.0-150400.9.3.1
* luajit-2.1.0~beta3+git.1624618403.e9577376-150400.4.2.1
* luajit-debugsource-2.1.0~beta3+git.1624618403.e9577376-150400.4.2.1
* libluajit-5_1-2-debuginfo-2.1.0~beta3+git.1624618403.e9577376-150400.4.2.1
* dnsdist-debuginfo-1.8.0-150400.9.3.1
* luajit-debuginfo-2.1.0~beta3+git.1624618403.e9577376-150400.4.2.1
* luajit-devel-2.1.0~beta3+git.1624618403.e9577376-150400.4.2.1
* dnsdist-1.8.0-150400.9.3.1
* openSUSE Leap 15.5 (x86_64)
* libluajit-5_1-2-32bit-2.1.0~beta3+git.1624618403.e9577376-150400.4.2.1
* libluajit-5_1-2-32bit-debuginfo-2.1.0~beta3+git.1624618403.e9577376-150400.4.2.1

## References:

* https://www.suse.com/security/cve/CVE-2016-7069.html
* https://www.suse.com/security/cve/CVE-2017-7557.html
* https://www.suse.com/security/cve/CVE-2018-14663.html
* https://bugzilla.suse.com/show_bug.cgi?id=1054799
* https://bugzilla.suse.com/show_bug.cgi?id=1054802
* https://bugzilla.suse.com/show_bug.cgi?id=1114511



SUSE-SU-2023:0174-1: low: Security update for glib2


# Security update for glib2

Announcement ID: SUSE-SU-2023:0174-1
Rating: low
References:

* bsc#1183533

Cross-References:

* CVE-2021-28153

CVSS scores:

* CVE-2021-28153 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
* CVE-2021-28153 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Affected Products:

* openSUSE Leap 15.4
* SUSE Enterprise Storage 7
* SUSE Enterprise Storage 7.1
* SUSE Linux Enterprise High Performance Computing 15 SP2
* SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
* SUSE Linux Enterprise Micro 5.1
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Micro for Rancher 5.2
* SUSE Linux Enterprise Real Time 15 SP3
* SUSE Linux Enterprise Server 15 SP2
* SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP2
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
* SUSE Manager Proxy 4.2
* SUSE Manager Retail Branch Server 4.2
* SUSE Manager Server 4.2

An update that solves one vulnerability can now be installed.

## Description:

This update for glib2 fixes the following issues:

* CVE-2021-28153: Fixed an issue where symlink targets would be incorrectly
created as empty files (bsc#1183533).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch openSUSE-SLE-15.4-2023-174=1

* SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-174=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-174=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-174=1

* SUSE Linux Enterprise Real Time 15 SP3
zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-174=1

* SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-174=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP2
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-174=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP3
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-174=1

* SUSE Manager Proxy 4.2
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-174=1

* SUSE Manager Retail Branch Server 4.2
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-
Server-4.2-2023-174=1

* SUSE Manager Server 4.2
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-174=1

* SUSE Enterprise Storage 7.1
zypper in -t patch SUSE-Storage-7.1-2023-174=1

* SUSE Enterprise Storage 7
zypper in -t patch SUSE-Storage-7-2023-174=1

* SUSE Linux Enterprise Micro 5.1
zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-174=1

* SUSE Linux Enterprise Micro 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-174=1

* SUSE Linux Enterprise Micro for Rancher 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-174=1

## Package List:

* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64)
* glib2-tests-debuginfo-2.62.6-150200.3.10.1
* glib2-tests-2.62.6-150200.3.10.1
* libgio-fam-debuginfo-2.62.6-150200.3.10.1
* libgio-fam-2.62.6-150200.3.10.1
* openSUSE Leap 15.4 (x86_64)
* libgio-fam-32bit-2.62.6-150200.3.10.1
* libgio-fam-32bit-debuginfo-2.62.6-150200.3.10.1
* SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64
x86_64)
* libgobject-2_0-0-debuginfo-2.62.6-150200.3.10.1
* glib2-tools-2.62.6-150200.3.10.1
* libgmodule-2_0-0-debuginfo-2.62.6-150200.3.10.1
* libgthread-2_0-0-debuginfo-2.62.6-150200.3.10.1
* libglib-2_0-0-2.62.6-150200.3.10.1
* glib2-debugsource-2.62.6-150200.3.10.1
* libgmodule-2_0-0-2.62.6-150200.3.10.1
* libgio-2_0-0-debuginfo-2.62.6-150200.3.10.1
* libgthread-2_0-0-2.62.6-150200.3.10.1
* libgio-2_0-0-2.62.6-150200.3.10.1
* libglib-2_0-0-debuginfo-2.62.6-150200.3.10.1
* libgobject-2_0-0-2.62.6-150200.3.10.1
* glib2-devel-2.62.6-150200.3.10.1
* glib2-tools-debuginfo-2.62.6-150200.3.10.1
* glib2-devel-debuginfo-2.62.6-150200.3.10.1
* SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch)
* glib2-lang-2.62.6-150200.3.10.1
* SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (x86_64)
* libglib-2_0-0-32bit-debuginfo-2.62.6-150200.3.10.1
* libgmodule-2_0-0-32bit-debuginfo-2.62.6-150200.3.10.1
* libgio-2_0-0-32bit-debuginfo-2.62.6-150200.3.10.1
* libgobject-2_0-0-32bit-2.62.6-150200.3.10.1
* libglib-2_0-0-32bit-2.62.6-150200.3.10.1
* libgmodule-2_0-0-32bit-2.62.6-150200.3.10.1
* libgio-2_0-0-32bit-2.62.6-150200.3.10.1
* libgobject-2_0-0-32bit-debuginfo-2.62.6-150200.3.10.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64
x86_64)
* libgobject-2_0-0-debuginfo-2.62.6-150200.3.10.1
* glib2-tools-2.62.6-150200.3.10.1
* libgmodule-2_0-0-debuginfo-2.62.6-150200.3.10.1
* libgthread-2_0-0-debuginfo-2.62.6-150200.3.10.1
* libglib-2_0-0-2.62.6-150200.3.10.1
* glib2-debugsource-2.62.6-150200.3.10.1
* libgmodule-2_0-0-2.62.6-150200.3.10.1
* libgio-2_0-0-debuginfo-2.62.6-150200.3.10.1
* libgthread-2_0-0-2.62.6-150200.3.10.1
* libgio-2_0-0-2.62.6-150200.3.10.1
* libglib-2_0-0-debuginfo-2.62.6-150200.3.10.1
* libgobject-2_0-0-2.62.6-150200.3.10.1
* glib2-devel-2.62.6-150200.3.10.1
* glib2-tools-debuginfo-2.62.6-150200.3.10.1
* glib2-devel-debuginfo-2.62.6-150200.3.10.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch)
* glib2-lang-2.62.6-150200.3.10.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (x86_64)
* libgio-2_0-0-32bit-debuginfo-2.62.6-150200.3.10.1
* libglib-2_0-0-32bit-debuginfo-2.62.6-150200.3.10.1
* libgmodule-2_0-0-32bit-debuginfo-2.62.6-150200.3.10.1
* libgobject-2_0-0-32bit-2.62.6-150200.3.10.1
* libglib-2_0-0-32bit-2.62.6-150200.3.10.1
* libgmodule-2_0-0-32bit-2.62.6-150200.3.10.1
* libgio-2_0-0-32bit-2.62.6-150200.3.10.1
* libgobject-2_0-0-32bit-debuginfo-2.62.6-150200.3.10.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64
x86_64)
* libgobject-2_0-0-debuginfo-2.62.6-150200.3.10.1
* glib2-tools-2.62.6-150200.3.10.1
* libgmodule-2_0-0-debuginfo-2.62.6-150200.3.10.1
* libgthread-2_0-0-debuginfo-2.62.6-150200.3.10.1
* libglib-2_0-0-2.62.6-150200.3.10.1
* glib2-debugsource-2.62.6-150200.3.10.1
* libgmodule-2_0-0-2.62.6-150200.3.10.1
* libgio-2_0-0-debuginfo-2.62.6-150200.3.10.1
* libgthread-2_0-0-2.62.6-150200.3.10.1
* libgio-2_0-0-2.62.6-150200.3.10.1
* libglib-2_0-0-debuginfo-2.62.6-150200.3.10.1
* libgobject-2_0-0-2.62.6-150200.3.10.1
* glib2-devel-2.62.6-150200.3.10.1
* glib2-tools-debuginfo-2.62.6-150200.3.10.1
* glib2-devel-debuginfo-2.62.6-150200.3.10.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch)
* glib2-lang-2.62.6-150200.3.10.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (x86_64)
* libgio-2_0-0-32bit-debuginfo-2.62.6-150200.3.10.1
* libglib-2_0-0-32bit-debuginfo-2.62.6-150200.3.10.1
* libgmodule-2_0-0-32bit-debuginfo-2.62.6-150200.3.10.1
* libgobject-2_0-0-32bit-2.62.6-150200.3.10.1
* libglib-2_0-0-32bit-2.62.6-150200.3.10.1
* libgmodule-2_0-0-32bit-2.62.6-150200.3.10.1
* libgio-2_0-0-32bit-2.62.6-150200.3.10.1
* libgobject-2_0-0-32bit-debuginfo-2.62.6-150200.3.10.1
* SUSE Linux Enterprise Real Time 15 SP3 (x86_64)
* glib2-tools-2.62.6-150200.3.10.1
* libgio-2_0-0-32bit-debuginfo-2.62.6-150200.3.10.1
* libgobject-2_0-0-32bit-2.62.6-150200.3.10.1
* libgobject-2_0-0-2.62.6-150200.3.10.1
* libgthread-2_0-0-2.62.6-150200.3.10.1
* libgio-2_0-0-2.62.6-150200.3.10.1
* libgmodule-2_0-0-32bit-2.62.6-150200.3.10.1
* glib2-devel-debuginfo-2.62.6-150200.3.10.1
* libgmodule-2_0-0-debuginfo-2.62.6-150200.3.10.1
* libgthread-2_0-0-debuginfo-2.62.6-150200.3.10.1
* libglib-2_0-0-2.62.6-150200.3.10.1
* libgobject-2_0-0-32bit-debuginfo-2.62.6-150200.3.10.1
* glib2-debugsource-2.62.6-150200.3.10.1
* libglib-2_0-0-debuginfo-2.62.6-150200.3.10.1
* libgobject-2_0-0-debuginfo-2.62.6-150200.3.10.1
* libglib-2_0-0-32bit-debuginfo-2.62.6-150200.3.10.1
* libgmodule-2_0-0-32bit-debuginfo-2.62.6-150200.3.10.1
* libgmodule-2_0-0-2.62.6-150200.3.10.1
* libglib-2_0-0-32bit-2.62.6-150200.3.10.1
* libgio-2_0-0-debuginfo-2.62.6-150200.3.10.1
* glib2-devel-2.62.6-150200.3.10.1
* glib2-tools-debuginfo-2.62.6-150200.3.10.1
* libgio-2_0-0-32bit-2.62.6-150200.3.10.1
* SUSE Linux Enterprise Real Time 15 SP3 (noarch)
* glib2-lang-2.62.6-150200.3.10.1
* SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x
x86_64)
* libgobject-2_0-0-debuginfo-2.62.6-150200.3.10.1
* glib2-tools-2.62.6-150200.3.10.1
* libgmodule-2_0-0-debuginfo-2.62.6-150200.3.10.1
* libgthread-2_0-0-debuginfo-2.62.6-150200.3.10.1
* libglib-2_0-0-2.62.6-150200.3.10.1
* glib2-debugsource-2.62.6-150200.3.10.1
* libgmodule-2_0-0-2.62.6-150200.3.10.1
* libgio-2_0-0-debuginfo-2.62.6-150200.3.10.1
* libgthread-2_0-0-2.62.6-150200.3.10.1
* libgio-2_0-0-2.62.6-150200.3.10.1
* libglib-2_0-0-debuginfo-2.62.6-150200.3.10.1
* libgobject-2_0-0-2.62.6-150200.3.10.1
* glib2-devel-2.62.6-150200.3.10.1
* glib2-tools-debuginfo-2.62.6-150200.3.10.1
* glib2-devel-debuginfo-2.62.6-150200.3.10.1
* SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch)
* glib2-lang-2.62.6-150200.3.10.1
* SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (x86_64)
* libglib-2_0-0-32bit-debuginfo-2.62.6-150200.3.10.1
* libgmodule-2_0-0-32bit-debuginfo-2.62.6-150200.3.10.1
* libgio-2_0-0-32bit-debuginfo-2.62.6-150200.3.10.1
* libgobject-2_0-0-32bit-2.62.6-150200.3.10.1
* libglib-2_0-0-32bit-2.62.6-150200.3.10.1
* libgmodule-2_0-0-32bit-2.62.6-150200.3.10.1
* libgio-2_0-0-32bit-2.62.6-150200.3.10.1
* libgobject-2_0-0-32bit-debuginfo-2.62.6-150200.3.10.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64)
* libgobject-2_0-0-debuginfo-2.62.6-150200.3.10.1
* glib2-tools-2.62.6-150200.3.10.1
* libgmodule-2_0-0-debuginfo-2.62.6-150200.3.10.1
* libgthread-2_0-0-debuginfo-2.62.6-150200.3.10.1
* libglib-2_0-0-2.62.6-150200.3.10.1
* glib2-debugsource-2.62.6-150200.3.10.1
* libgmodule-2_0-0-2.62.6-150200.3.10.1
* libgio-2_0-0-debuginfo-2.62.6-150200.3.10.1
* libgthread-2_0-0-2.62.6-150200.3.10.1
* libgio-2_0-0-2.62.6-150200.3.10.1
* libglib-2_0-0-debuginfo-2.62.6-150200.3.10.1
* libgobject-2_0-0-2.62.6-150200.3.10.1
* glib2-devel-2.62.6-150200.3.10.1
* glib2-tools-debuginfo-2.62.6-150200.3.10.1
* glib2-devel-debuginfo-2.62.6-150200.3.10.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch)
* glib2-lang-2.62.6-150200.3.10.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP2 (x86_64)
* libglib-2_0-0-32bit-debuginfo-2.62.6-150200.3.10.1
* libgmodule-2_0-0-32bit-debuginfo-2.62.6-150200.3.10.1
* libgio-2_0-0-32bit-debuginfo-2.62.6-150200.3.10.1
* libgobject-2_0-0-32bit-2.62.6-150200.3.10.1
* libglib-2_0-0-32bit-2.62.6-150200.3.10.1
* libgmodule-2_0-0-32bit-2.62.6-150200.3.10.1
* libgio-2_0-0-32bit-2.62.6-150200.3.10.1
* libgobject-2_0-0-32bit-debuginfo-2.62.6-150200.3.10.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64)
* libgobject-2_0-0-debuginfo-2.62.6-150200.3.10.1
* glib2-tools-2.62.6-150200.3.10.1
* libgmodule-2_0-0-debuginfo-2.62.6-150200.3.10.1
* libgthread-2_0-0-debuginfo-2.62.6-150200.3.10.1
* libglib-2_0-0-2.62.6-150200.3.10.1
* glib2-debugsource-2.62.6-150200.3.10.1
* libgmodule-2_0-0-2.62.6-150200.3.10.1
* libgio-2_0-0-debuginfo-2.62.6-150200.3.10.1
* libgthread-2_0-0-2.62.6-150200.3.10.1
* libgio-2_0-0-2.62.6-150200.3.10.1
* libglib-2_0-0-debuginfo-2.62.6-150200.3.10.1
* libgobject-2_0-0-2.62.6-150200.3.10.1
* glib2-devel-2.62.6-150200.3.10.1
* glib2-tools-debuginfo-2.62.6-150200.3.10.1
* glib2-devel-debuginfo-2.62.6-150200.3.10.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch)
* glib2-lang-2.62.6-150200.3.10.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (x86_64)
* libgio-2_0-0-32bit-debuginfo-2.62.6-150200.3.10.1
* libglib-2_0-0-32bit-debuginfo-2.62.6-150200.3.10.1
* libgmodule-2_0-0-32bit-debuginfo-2.62.6-150200.3.10.1
* libgobject-2_0-0-32bit-2.62.6-150200.3.10.1
* libglib-2_0-0-32bit-2.62.6-150200.3.10.1
* libgmodule-2_0-0-32bit-2.62.6-150200.3.10.1
* libgio-2_0-0-32bit-2.62.6-150200.3.10.1
* libgobject-2_0-0-32bit-debuginfo-2.62.6-150200.3.10.1
* SUSE Manager Proxy 4.2 (x86_64)
* glib2-tools-2.62.6-150200.3.10.1
* libgio-2_0-0-32bit-debuginfo-2.62.6-150200.3.10.1
* libgobject-2_0-0-32bit-2.62.6-150200.3.10.1
* libgobject-2_0-0-2.62.6-150200.3.10.1
* libgthread-2_0-0-2.62.6-150200.3.10.1
* libgio-2_0-0-2.62.6-150200.3.10.1
* libgmodule-2_0-0-32bit-2.62.6-150200.3.10.1
* glib2-devel-debuginfo-2.62.6-150200.3.10.1
* libgmodule-2_0-0-debuginfo-2.62.6-150200.3.10.1
* libgthread-2_0-0-debuginfo-2.62.6-150200.3.10.1
* libglib-2_0-0-2.62.6-150200.3.10.1
* libgobject-2_0-0-32bit-debuginfo-2.62.6-150200.3.10.1
* glib2-debugsource-2.62.6-150200.3.10.1
* libglib-2_0-0-debuginfo-2.62.6-150200.3.10.1
* libgobject-2_0-0-debuginfo-2.62.6-150200.3.10.1
* libglib-2_0-0-32bit-debuginfo-2.62.6-150200.3.10.1
* libgmodule-2_0-0-32bit-debuginfo-2.62.6-150200.3.10.1
* libgmodule-2_0-0-2.62.6-150200.3.10.1
* libglib-2_0-0-32bit-2.62.6-150200.3.10.1
* libgio-2_0-0-debuginfo-2.62.6-150200.3.10.1
* glib2-devel-2.62.6-150200.3.10.1
* glib2-tools-debuginfo-2.62.6-150200.3.10.1
* libgio-2_0-0-32bit-2.62.6-150200.3.10.1
* SUSE Manager Proxy 4.2 (noarch)
* glib2-lang-2.62.6-150200.3.10.1
* SUSE Manager Retail Branch Server 4.2 (x86_64)
* glib2-tools-2.62.6-150200.3.10.1
* libgio-2_0-0-32bit-debuginfo-2.62.6-150200.3.10.1
* libgobject-2_0-0-32bit-2.62.6-150200.3.10.1
* libgobject-2_0-0-2.62.6-150200.3.10.1
* libgthread-2_0-0-2.62.6-150200.3.10.1
* libgio-2_0-0-2.62.6-150200.3.10.1
* libgmodule-2_0-0-32bit-2.62.6-150200.3.10.1
* glib2-devel-debuginfo-2.62.6-150200.3.10.1
* libgmodule-2_0-0-debuginfo-2.62.6-150200.3.10.1
* libgthread-2_0-0-debuginfo-2.62.6-150200.3.10.1
* libglib-2_0-0-2.62.6-150200.3.10.1
* libgobject-2_0-0-32bit-debuginfo-2.62.6-150200.3.10.1
* glib2-debugsource-2.62.6-150200.3.10.1
* libglib-2_0-0-debuginfo-2.62.6-150200.3.10.1
* libgobject-2_0-0-debuginfo-2.62.6-150200.3.10.1
* libglib-2_0-0-32bit-debuginfo-2.62.6-150200.3.10.1
* libgmodule-2_0-0-32bit-debuginfo-2.62.6-150200.3.10.1
* libgmodule-2_0-0-2.62.6-150200.3.10.1
* libglib-2_0-0-32bit-2.62.6-150200.3.10.1
* libgio-2_0-0-debuginfo-2.62.6-150200.3.10.1
* glib2-devel-2.62.6-150200.3.10.1
* glib2-tools-debuginfo-2.62.6-150200.3.10.1
* libgio-2_0-0-32bit-2.62.6-150200.3.10.1
* SUSE Manager Retail Branch Server 4.2 (noarch)
* glib2-lang-2.62.6-150200.3.10.1
* SUSE Manager Server 4.2 (ppc64le s390x x86_64)
* libgobject-2_0-0-debuginfo-2.62.6-150200.3.10.1
* glib2-tools-2.62.6-150200.3.10.1
* libgmodule-2_0-0-debuginfo-2.62.6-150200.3.10.1
* libgthread-2_0-0-debuginfo-2.62.6-150200.3.10.1
* libglib-2_0-0-2.62.6-150200.3.10.1
* glib2-debugsource-2.62.6-150200.3.10.1
* libgmodule-2_0-0-2.62.6-150200.3.10.1
* libgio-2_0-0-debuginfo-2.62.6-150200.3.10.1
* libgthread-2_0-0-2.62.6-150200.3.10.1
* libgio-2_0-0-2.62.6-150200.3.10.1
* libglib-2_0-0-debuginfo-2.62.6-150200.3.10.1
* libgobject-2_0-0-2.62.6-150200.3.10.1
* glib2-devel-2.62.6-150200.3.10.1
* glib2-tools-debuginfo-2.62.6-150200.3.10.1
* glib2-devel-debuginfo-2.62.6-150200.3.10.1
* SUSE Manager Server 4.2 (noarch)
* glib2-lang-2.62.6-150200.3.10.1
* SUSE Manager Server 4.2 (x86_64)
* libgio-2_0-0-32bit-debuginfo-2.62.6-150200.3.10.1
* libglib-2_0-0-32bit-debuginfo-2.62.6-150200.3.10.1
* libgmodule-2_0-0-32bit-debuginfo-2.62.6-150200.3.10.1
* libgobject-2_0-0-32bit-2.62.6-150200.3.10.1
* libglib-2_0-0-32bit-2.62.6-150200.3.10.1
* libgmodule-2_0-0-32bit-2.62.6-150200.3.10.1
* libgio-2_0-0-32bit-2.62.6-150200.3.10.1
* libgobject-2_0-0-32bit-debuginfo-2.62.6-150200.3.10.1
* SUSE Enterprise Storage 7.1 (aarch64 x86_64)
* libgobject-2_0-0-debuginfo-2.62.6-150200.3.10.1
* glib2-tools-2.62.6-150200.3.10.1
* libgmodule-2_0-0-debuginfo-2.62.6-150200.3.10.1
* libgthread-2_0-0-debuginfo-2.62.6-150200.3.10.1
* libglib-2_0-0-2.62.6-150200.3.10.1
* glib2-debugsource-2.62.6-150200.3.10.1
* libgmodule-2_0-0-2.62.6-150200.3.10.1
* libgio-2_0-0-debuginfo-2.62.6-150200.3.10.1
* libgthread-2_0-0-2.62.6-150200.3.10.1
* libgio-2_0-0-2.62.6-150200.3.10.1
* libglib-2_0-0-debuginfo-2.62.6-150200.3.10.1
* libgobject-2_0-0-2.62.6-150200.3.10.1
* glib2-devel-2.62.6-150200.3.10.1
* glib2-tools-debuginfo-2.62.6-150200.3.10.1
* glib2-devel-debuginfo-2.62.6-150200.3.10.1
* SUSE Enterprise Storage 7.1 (noarch)
* glib2-lang-2.62.6-150200.3.10.1
* SUSE Enterprise Storage 7.1 (x86_64)
* libgio-2_0-0-32bit-debuginfo-2.62.6-150200.3.10.1
* libglib-2_0-0-32bit-debuginfo-2.62.6-150200.3.10.1
* libgmodule-2_0-0-32bit-debuginfo-2.62.6-150200.3.10.1
* libgobject-2_0-0-32bit-2.62.6-150200.3.10.1
* libglib-2_0-0-32bit-2.62.6-150200.3.10.1
* libgmodule-2_0-0-32bit-2.62.6-150200.3.10.1
* libgio-2_0-0-32bit-2.62.6-150200.3.10.1
* libgobject-2_0-0-32bit-debuginfo-2.62.6-150200.3.10.1
* SUSE Enterprise Storage 7 (aarch64 x86_64)
* libgobject-2_0-0-debuginfo-2.62.6-150200.3.10.1
* glib2-tools-2.62.6-150200.3.10.1
* libgmodule-2_0-0-debuginfo-2.62.6-150200.3.10.1
* libgthread-2_0-0-debuginfo-2.62.6-150200.3.10.1
* libglib-2_0-0-2.62.6-150200.3.10.1
* glib2-debugsource-2.62.6-150200.3.10.1
* libgmodule-2_0-0-2.62.6-150200.3.10.1
* libgio-2_0-0-debuginfo-2.62.6-150200.3.10.1
* libgthread-2_0-0-2.62.6-150200.3.10.1
* libgio-2_0-0-2.62.6-150200.3.10.1
* libglib-2_0-0-debuginfo-2.62.6-150200.3.10.1
* libgobject-2_0-0-2.62.6-150200.3.10.1
* glib2-devel-2.62.6-150200.3.10.1
* glib2-tools-debuginfo-2.62.6-150200.3.10.1
* glib2-devel-debuginfo-2.62.6-150200.3.10.1
* SUSE Enterprise Storage 7 (noarch)
* glib2-lang-2.62.6-150200.3.10.1
* SUSE Enterprise Storage 7 (x86_64)
* libglib-2_0-0-32bit-debuginfo-2.62.6-150200.3.10.1
* libgmodule-2_0-0-32bit-debuginfo-2.62.6-150200.3.10.1
* libgio-2_0-0-32bit-debuginfo-2.62.6-150200.3.10.1
* libgobject-2_0-0-32bit-2.62.6-150200.3.10.1
* libglib-2_0-0-32bit-2.62.6-150200.3.10.1
* libgmodule-2_0-0-32bit-2.62.6-150200.3.10.1
* libgio-2_0-0-32bit-2.62.6-150200.3.10.1
* libgobject-2_0-0-32bit-debuginfo-2.62.6-150200.3.10.1
* SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64)
* libgobject-2_0-0-debuginfo-2.62.6-150200.3.10.1
* glib2-tools-2.62.6-150200.3.10.1
* libgmodule-2_0-0-debuginfo-2.62.6-150200.3.10.1
* libglib-2_0-0-2.62.6-150200.3.10.1
* glib2-debugsource-2.62.6-150200.3.10.1
* libgmodule-2_0-0-2.62.6-150200.3.10.1
* libgio-2_0-0-debuginfo-2.62.6-150200.3.10.1
* libglib-2_0-0-debuginfo-2.62.6-150200.3.10.1
* libgobject-2_0-0-2.62.6-150200.3.10.1
* libgio-2_0-0-2.62.6-150200.3.10.1
* glib2-tools-debuginfo-2.62.6-150200.3.10.1
* SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64)
* libgobject-2_0-0-debuginfo-2.62.6-150200.3.10.1
* glib2-tools-2.62.6-150200.3.10.1
* libgmodule-2_0-0-debuginfo-2.62.6-150200.3.10.1
* libglib-2_0-0-2.62.6-150200.3.10.1
* glib2-debugsource-2.62.6-150200.3.10.1
* libgmodule-2_0-0-2.62.6-150200.3.10.1
* libgio-2_0-0-debuginfo-2.62.6-150200.3.10.1
* libglib-2_0-0-debuginfo-2.62.6-150200.3.10.1
* libgobject-2_0-0-2.62.6-150200.3.10.1
* libgio-2_0-0-2.62.6-150200.3.10.1
* glib2-tools-debuginfo-2.62.6-150200.3.10.1
* SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64)
* libgobject-2_0-0-debuginfo-2.62.6-150200.3.10.1
* glib2-tools-2.62.6-150200.3.10.1
* libgmodule-2_0-0-debuginfo-2.62.6-150200.3.10.1
* libglib-2_0-0-2.62.6-150200.3.10.1
* glib2-debugsource-2.62.6-150200.3.10.1
* libgmodule-2_0-0-2.62.6-150200.3.10.1
* libgio-2_0-0-debuginfo-2.62.6-150200.3.10.1
* libglib-2_0-0-debuginfo-2.62.6-150200.3.10.1
* libgobject-2_0-0-2.62.6-150200.3.10.1
* libgio-2_0-0-2.62.6-150200.3.10.1
* glib2-tools-debuginfo-2.62.6-150200.3.10.1

## References:

* https://www.suse.com/security/cve/CVE-2021-28153.html
* https://bugzilla.suse.com/show_bug.cgi?id=1183533



SUSE-SU-2023:0488-1: important: Security update for the Linux-RT Kernel


# Security update for the Linux-RT Kernel

Announcement ID: SUSE-SU-2023:0488-1
Rating: important
References:

* bsc#1166486
* bsc#1185861
* bsc#1185863
* bsc#1186449
* bsc#1191256
* bsc#1192868
* bsc#1193629
* bsc#1194869
* bsc#1195175
* bsc#1195655
* bsc#1196058
* bsc#1199701
* bsc#1203332
* bsc#1204063
* bsc#1204356
* bsc#1204662
* bsc#1205495
* bsc#1206006
* bsc#1206036
* bsc#1206056
* bsc#1206057
* bsc#1206224
* bsc#1206258
* bsc#1206363
* bsc#1206459
* bsc#1206616
* bsc#1206640
* bsc#1206677
* bsc#1206784
* bsc#1206876
* bsc#1206877
* bsc#1206878
* bsc#1206880
* bsc#1206881
* bsc#1206882
* bsc#1206883
* bsc#1206884
* bsc#1206885
* bsc#1206886
* bsc#1206887
* bsc#1206888
* bsc#1206889
* bsc#1206890
* bsc#1206893
* bsc#1206894
* bsc#1207010
* bsc#1207034
* bsc#1207036
* bsc#1207050
* bsc#1207125
* bsc#1207134
* bsc#1207149
* bsc#1207158
* bsc#1207184
* bsc#1207186
* bsc#1207188
* bsc#1207189
* bsc#1207190
* bsc#1207237
* bsc#1207263
* bsc#1207269
* bsc#1207328
* bsc#1207497
* bsc#1207500
* bsc#1207501
* bsc#1207506
* bsc#1207507
* bsc#1207588
* bsc#1207589
* bsc#1207590
* bsc#1207591
* bsc#1207592
* bsc#1207593
* bsc#1207594
* bsc#1207602
* bsc#1207603
* bsc#1207605
* bsc#1207606
* bsc#1207607
* bsc#1207608
* bsc#1207609
* bsc#1207610
* bsc#1207611
* bsc#1207612
* bsc#1207613
* bsc#1207614
* bsc#1207615
* bsc#1207616
* bsc#1207617
* bsc#1207618
* bsc#1207619
* bsc#1207620
* bsc#1207621
* bsc#1207622
* bsc#1207623
* bsc#1207624
* bsc#1207625
* bsc#1207626
* bsc#1207627
* bsc#1207628
* bsc#1207629
* bsc#1207630
* bsc#1207631
* bsc#1207632
* bsc#1207633
* bsc#1207634
* bsc#1207635
* bsc#1207636
* bsc#1207637
* bsc#1207638
* bsc#1207639
* bsc#1207640
* bsc#1207641
* bsc#1207642
* bsc#1207643
* bsc#1207644
* bsc#1207645
* bsc#1207646
* bsc#1207647
* bsc#1207648
* bsc#1207649
* bsc#1207650
* bsc#1207651
* bsc#1207652
* bsc#1207653
* bsc#1207734
* bsc#1207768
* bsc#1207769
* bsc#1207770
* bsc#1207771
* bsc#1207773
* bsc#1207795
* bsc#1207842
* bsc#1207875
* bsc#1207878
* bsc#1207933
* bsc#1208030
* bsc#1208044
* bsc#1208085
* bsc#1208149
* bsc#1208153
* bsc#1208183
* bsc#1208428
* bsc#1208429
* jsc#PED-3210
* jsc#SLE-21132

Cross-References:

* CVE-2020-24588
* CVE-2022-36280
* CVE-2022-4382
* CVE-2022-47929
* CVE-2023-0045
* CVE-2023-0122
* CVE-2023-0179
* CVE-2023-0266
* CVE-2023-0590
* CVE-2023-23454
* CVE-2023-23455

CVSS scores:

* CVE-2020-24588 ( SUSE ): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
* CVE-2020-24588 ( NVD ): 3.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
* CVE-2022-36280 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2022-36280 ( NVD ): 6.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:H
* CVE-2022-4382 ( SUSE ): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2022-4382 ( NVD ): 6.4 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2022-47929 ( SUSE ): 4.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H
* CVE-2022-47929 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-0045 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
* CVE-2023-0045 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
* CVE-2023-0122 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-0122 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-0179 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-0179 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-0266 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-0266 ( NVD ): 7.9 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:H
* CVE-2023-0590 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-0590 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-23454 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-23454 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-23455 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-23455 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* openSUSE Leap 15.4
* openSUSE Leap Micro 5.3
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise Live Patching 15-SP4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro for Rancher 5.3
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Real Time Module 15-SP4

An update that solves 11 vulnerabilities, contains two features and has 133
security fixes can now be installed.

## Description:

The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various
security and bugfixes.

The following security bugs were fixed:

* CVE-2022-36280: Fixed an out-of-bounds memory access vulnerability that was
found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_kms.c (bnc#1203332).
* CVE-2023-0045: Fixed flush IBP in ib_prctl_set() (bsc#1207773).
* CVE-2023-0590: Fixed race condition in qdisc_graft() (bsc#1207795).
* CVE-2023-0122: Fixed a NULL pointer dereference vulnerability in
nvmet_setup_auth(), that allowed an attacker to perform a Pre-Auth Denial of
Service (DoS) attack on a remote machine (bnc#1207050).
* CVE-2023-23455: Fixed a denial of service inside atm_tc_enqueue in
net/sched/sch_atm.c because of type confusion (non-negative numbers can
sometimes indicate a TC_ACT_SHOT condition rather than valid classification
results) (bsc#1207125).
* CVE-2023-23454: Fixed denial or service in cbq_classify in
net/sched/sch_cbq.c (bnc#1207036).
* CVE-2020-24588: Fixed injection of arbitrary network packets against devices
that support receiving non-SSP A-MSDU frames (which is mandatory as part of
802.11n) (bsc#1199701).
* CVE-2023-0179: Fixed incorrect arithmetics when fetching VLAN header bits
(bsc#1207034).
* CVE-2022-4382: Fixed a use-after-free flaw that was caused by a race
condition among the superblock operations inside the gadgetfs code
(bsc#1206258).
* CVE-2023-0266: Fixed a use-after-free vulnerability inside the ALSA PCM
package. SNDRV_CTL_IOCTL_ELEM_{READ|WRITE}32 was missing locks that could
have been used in a use-after-free that could have resulted in a priviledge
escalation to gain ring0 access from the system user (bsc#1207134).
* CVE-2022-47929: Fixed NULL pointer dereference bug in the traffic control
subsystem (bnc#1207237).

The following non-security bugs were fixed:

* ACPI: EC: Fix EC address space handler unregistration (bsc#1207149).
* ACPI: EC: Fix ECDT probe ordering issues (bsc#1207149).
* ACPI: PM: s2idle: Add support for upcoming AMD uPEP HID AMDI008
(bsc#1206224).
* ACPI: PM: s2idle: Use LPS0 idle if ACPI_FADT_LOW_POWER_S0 is unset
(bsc#1206224).
* ACPI: PRM: Check whether EFI runtime is available (git-fixes).
* ACPI: x86: s2idle: Add a quirk for ASUS ROG Zephyrus G14 (bsc#1206224).
* ACPI: x86: s2idle: Add a quirk for ASUS TUF Gaming A17 FA707RE
(bsc#1206224).
* ACPI: x86: s2idle: Add a quirk for ASUSTeK COMPUTER INC. ROG Flow X13
(bsc#1206224).
* ACPI: x86: s2idle: Add a quirk for Lenovo Slim 7 Pro 14ARH7 (bsc#1206224).
* ACPI: x86: s2idle: Add another ID to s2idle_dmi_table (bsc#1206224).
* ACPI: x86: s2idle: Add module parameter to prefer Microsoft GUID
(bsc#1206224).
* ACPI: x86: s2idle: Fix a NULL pointer dereference (bsc#1206224).
* ACPI: x86: s2idle: Force AMD GUID/_REV 2 on HP Elitebook 865 (bsc#1206224).
* ACPI: x86: s2idle: If a new AMD _HID is missing assume Rembrandt
(bsc#1206224).
* ACPI: x86: s2idle: Move _HID handling for AMD systems into structures
(bsc#1206224).
* ACPI: x86: s2idle: Stop using AMD specific codepath for Rembrandt+
(bsc#1206224).
* ACPICA: Allow address_space_handler Install and _REG execution as 2 separate
steps (bsc#1207149).
* ACPICA: include/acpi/acpixf.h: Fix indentation (bsc#1207149).
* ALSA: emux: Avoid potential array out-of-bound in snd_emux_xg_control()
(git-fixes).
* ALSA: hda/realtek: Add Acer Predator PH315-54 (git-fixes).
* ALSA: hda/realtek: Add Positivo N14KP6-TG (git-fixes).
* ALSA: hda/realtek: Add quirk for ASUS UM3402 using CS35L41 (git-fixes).
* ALSA: hda/realtek: Enable mute/micmute LEDs on HP Elitebook, 645 G9 (git-
fixes).
* ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy Book2 Pro 360
(git-fixes).
* ALSA: hda/realtek: fix mute/micmute LEDs do not work for a HP platform (git-
fixes).
* ALSA: hda/realtek: fix mute/micmute LEDs, speaker do not work for a HP
platform (git-fixes).
* ALSA: hda/via: Avoid potential array out-of-bound in add_secret_dac_path()
(git-fixes).
* ALSA: pci: lx6464es: fix a debug loop (git-fixes).
* ARM: dts: at91: sam9x60: fix the ddr clock for sam9x60 (git-fixes).
* ARM: dts: imx6qdl-gw560x: Remove incorrect 'uart-has-rtscts' (git-fixes).
* ARM: dts: imx6ul-pico-dwarf: Use 'clock-frequency' (git-fixes).
* ARM: dts: imx7d-pico: Use 'clock-frequency' (git-fixes).
* ARM: dts: imx: Fix pca9547 i2c-mux node name (git-fixes).
* ARM: dts: vf610: Fix pca9548 i2c-mux node names (git-fixes).
* ARM: imx: add missing of_node_put() (git-fixes).
* ASoC: Intel: boards: fix spelling in comments (git-fixes).
* ASoC: Intel: bytcht_es8316: Drop reference count of ACPI device after use
(git-fixes).
* ASoC: Intel: bytcht_es8316: move comment to the right place (git-fixes).
* ASoC: Intel: bytcr_rt5651: Drop reference count of ACPI device after use
(git-fixes).
* ASoC: Intel: bytcr_wm5102: Drop reference count of ACPI device after use
(git-fixes).
* ASoC: fsl-asoc-card: Fix naming of AC'97 CODEC widgets (git-fixes).
* ASoC: fsl_micfil: Correct the number of steps on SX controls (git-fixes).
* ASoC: fsl_ssi: Rename AC'97 streams to avoid collisions with AC'97 CODEC
(git-fixes).
* ASoC: topology: Return -ENOMEM on memory allocation failure (git-fixes).
* Bluetooth: Fix possible deadlock in rfcomm_sk_state_change (git-fixes).
* Bluetooth: hci_qca: Fix driver shutdown on closed serdev (git-fixes).
* Fix page corruption caused by racy check in __free_pages (bsc#1208149).
* HID: betop: check shape of output reports (git-fixes).
* HID: betop: check shape of output reports (git-fixes, bsc#1207186).
* HID: check empty report_list in bigben_probe() (git-fixes).
* HID: check empty report_list in hid_validate_values() (git-fixes).
* HID: check empty report_list in hid_validate_values() (git-fixes,
bsc#1206784).
* HID: intel_ish-hid: Add check for ishtp_dma_tx_map (git-fixes).
* HID: playstation: sanity check DualSense calibration data (git-fixes).
* HID: revert CHERRY_MOUSE_000C quirk (git-fixes).
* IB/IPoIB: Fix legacy IPoIB due to wrong number of queues (git-fixes)
* IB/hfi1: Fix expected receive setup error exit issues (git-fixes)
* IB/hfi1: Immediately remove invalid memory from hardware (git-fixes)
* IB/hfi1: Reject a zero-length user expected buffer (git-fixes)
* IB/hfi1: Remove user expected buffer invalidate race (git-fixes)
* IB/hfi1: Reserve user expected TIDs (git-fixes)
* IB/hfi1: Restore allocated resources on failed copyout (git-fixes)
* IB/mad: Do not call to function that might sleep while in atomic context
(git-fixes).
* KVM: x86: Check for existing Hyper-V vCPU in kvm_hv_vcpu_init()
(bsc#1206616).
* Move upstreamed net patch into sorted section
* PCI/PM: Define pci_restore_standard_config() only for CONFIG_PM_SLEEP
(bsc#1207269).
* PM: AVS: qcom-cpr: Fix an error handling path in cpr_probe() (git-fixes).
* RDMA/core: Fix ib block iterator counter overflow (bsc#1207878).
* RDMA/core: Fix ib block iterator counter overflow (git-fixes)
* RDMA/irdma: Fix potential NULL-ptr-dereference (git-fixes)
* RDMA/mlx5: Fix mlx5_ib_get_hw_stats when used for device (git-fixes)
* RDMA/mlx5: Fix validation of max_rd_atomic caps for DC (git-fixes)
* RDMA/rxe: Prevent faulty rkey generation (git-fixes)
* RDMA/srp: Move large values to a new enum for gcc13 (git-fixes)
* RDMA/usnic: use iommu_map_atomic() under spin_lock() (git-fixes)
* Remove duplicate Git-commit tag in patch file
* Revert "ARM: dts: armada-38x: Fix compatible string for gpios" (git-fixes).
* Revert "ARM: dts: armada-39x: Fix compatible string for gpios" (git-fixes).
* Revert "Input: synaptics - switch touchpad on HP Laptop 15-da3001TU to RMI
mode" (git-fixes).
* Revert "Revert "block, bfq: honor already-setup queue merges"" (git-fixes).
* Revert "arm64: dts: meson-sm1-odroid-hc4: disable unused USB PHY0" (git-
fixes).
* Revert "wifi: mac80211: fix memory leak in ieee80211_if_add()" (git-fixes).
* SUNRPC: Do not dereference xprt->snd_task if it's a cookie (git-fixes).
* SUNRPC: Use BIT() macro in rpc_show_xprt_state() (git-fixes).
* USB: gadget: Fix use-after-free during usb config switch (git-fixes).
* USB: misc: iowarrior: fix up header size for USB_DEVICE_ID_CODEMERCS_IOW100
(git-fixes).
* USB: serial: cp210x: add SCALANCE LPE-9000 device id (git-fixes).
* USB: serial: option: add Quectel EC200U modem (git-fixes).
* USB: serial: option: add Quectel EM05-G (CS) modem (git-fixes).
* USB: serial: option: add Quectel EM05-G (GR) modem (git-fixes).
* USB: serial: option: add Quectel EM05-G (RS) modem (git-fixes).
* USB: serial: option: add Quectel EM05CN (SG) modem (git-fixes).
* USB: serial: option: add Quectel EM05CN modem (git-fixes).
* arm64: Fix Freescale LPUART dependency (boo#1204063).
* arm64: atomics: format whitespace consistently (git-fixes).
* arm64: dts: imx8mm-beacon: Fix ecspi2 pinmux (git-fixes).
* arm64: dts: imx8mm-venice-gw7901: fix USB2 controller OC polarity (git-
fixes).
* arm64: dts: imx8mm: Fix pad control for UART1_DTE_RX (git-fixes).
* arm64: dts: imx8mq-thor96: fix no-mmc property for SDHCI (git-fixes).
* arm64: dts: meson-axg: Make mmc host controller interrupts level-sensitive
(git-fixes).
* arm64: dts: meson-g12-common: Make mmc host controller interrupts level-
sensitive (git-fixes).
* arm64: dts: meson-gx: Make mmc host controller interrupts level-sensitive
(git-fixes).
* arm64: dts: qcom: msm8992-libra: Add CPU regulators (git-fixes).
* arm64: dts: qcom: msm8992-libra: Fix the memory map (git-fixes).
* arm64: dts: qcom: msm8992: Do not use sfpb mutex (git-fixes).
* arm64: efi: Execute runtime services from a dedicated stack (git-fixes).
* ata: libata: Fix sata_down_spd_limit() when no link speed is reported (git-
fixes).
* ath11k: Fix unexpected return buffer manager error for QCA6390 (git-fixes).
* bcache: fix set_at_max_writeback_rate() for multiple attached devices (git-
fixes).
* bfq: fix use-after-free in bfq_dispatch_request (git-fixes).
* bfq: fix waker_bfqq inconsistency crash (git-fixes).
* blk-cgroup: fix missing pd_online_fn() while activating policy (git-fixes).
* blk-mq: fix possible memleak when register 'hctx' failed (git-fixes).
* blk-throttle: prevent overflow while calculating wait time (git-fixes).
* blk-wbt: fix that 'rwb->wc' is always set to 1 in wbt_init() (git-fixes).
* blktrace: Fix output non-blktrace event when blk_classic option enabled
(git-fixes).
* block, bfq: do not move oom_bfqq (git-fixes).
* block, bfq: fix null pointer dereference in bfq_bio_bfqg() (git-fixes).
* block, bfq: fix possible uaf for 'bfqq->bic' (git-fixes).
* block, bfq: fix uaf for bfqq in bfq_exit_icq_bfqq (git-fixes).
* block, bfq: fix uaf for bfqq in bic_set_bfqq() (git-fixes).
* block, bfq: protect 'bfqd->queued' by 'bfqd->lock' (git-fixes).
* block/bfq-iosched.c: use "false" rather than "BLK_RW_ASYNC" (git-fixes).
* block/bfq_wf2q: correct weight to ioprio (git-fixes).
* block/bio: remove duplicate append pages code (git-fixes).
* block: check minor range in device_add_disk() (git-fixes).
* block: clear ->slave_dir when dropping the main slave_dir reference (git-
fixes).
* block: do not allow splitting of a REQ_NOWAIT bio (git-fixes).
* block: ensure iov_iter advances for added pages (git-fixes).
* block: fix and cleanup bio_check_ro (git-fixes).
* block: fix infinite loop for invalid zone append (git-fixes).
* block: mq-deadline: Do not break sequential write streams to zoned HDDs
(git-fixes).
* block: mq-deadline: Fix dd_finish_request() for zoned devices (git-fixes).
* block: mq-deadline: Rename deadline_is_seq_writes() (git-fixes).
* block: use bdev_get_queue() in bio.c (git-fixes).
* bnx2x: fix pci device refcount leak in bnx2x_vf_is_pcie_pending() (git-
fixes).
* bnxt_en: Fix possible crash in bnxt_hwrm_set_coal() (git-fixes).
* bnxt_en: Remove debugfs when pci_register_driver failed (git-fixes).
* bnxt_en: add dynamic debug support for HWRM messages (git-fixes).
* bnxt_en: fix potentially incorrect return value for ndo_rx_flow_steer (git-
fixes).
* bnxt_en: fix the handling of PCIE-AER (git-fixes).
* bnxt_en: refactor bnxt_cancel_reservations() (git-fixes).
* bpf: Fix a possible task gone issue with bpf_send_signal_thread helpers
(git-fixes).
* bpf: Skip task with pid=1 in send_signal_common() (git-fixes).
* btrfs: add helper to delete a dir entry from a log tree (bsc#1207263).
* btrfs: avoid inode logging during rename and link when possible
(bsc#1207263).
* btrfs: avoid logging all directory changes during renames (bsc#1207263).
* btrfs: backport recent fixes for send/receive into SLE15 SP4/SP5
(bsc#1206036 bsc#1207500 ltc#201363).
* btrfs: do not log unnecessary boundary keys when logging directory
(bsc#1207263).
* btrfs: fix assertion failure when logging directory key range item
(bsc#1207263).
* btrfs: fix processing of delayed data refs during backref walking
(bsc#1206056 bsc#1207507 ltc#201367).
* btrfs: fix processing of delayed tree block refs during backref walking
(bsc#1206057 bsc#1207506 ltc#201368).
* btrfs: fix race between quota enable and quota rescan ioctl (bsc#1207158).
* btrfs: fix race between quota rescan and disable leading to NULL pointer
deref (bsc#1207158).
* btrfs: fix trace event name typo for FLUSH_DELAYED_REFS (git-fixes).
* btrfs: join running log transaction when logging new name (bsc#1207263).
* btrfs: move QUOTA_ENABLED check to rescan_should_stop from
btrfs_qgroup_rescan_worker (bsc#1207158).
* btrfs: pass the dentry to btrfs_log_new_name() instead of the inode
(bsc#1207263).
* btrfs: prepare extents to be logged before locking a log tree path
(bsc#1207263).
* btrfs: put initial index value of a directory in a constant (bsc#1207263).
* btrfs: qgroup: remove duplicated check in adding qgroup relations
(bsc#1207158).
* btrfs: qgroup: remove outdated TODO comments (bsc#1207158).
* btrfs: remove unnecessary NULL check for the new inode during rename
exchange (bsc#1207263).
* btrfs: remove useless path release in the fast fsync path (bsc#1207263).
* btrfs: remove write and wait of struct walk_control (bsc#1207263).
* btrfs: stop copying old dir items when logging a directory (bsc#1207263).
* btrfs: stop doing unnecessary log updates during a rename (bsc#1207263).
* btrfs: stop trying to log subdirectories created in past transactions
(bsc#1207263).
* btrfs: use single variable to track return value at btrfs_log_inode()
(bsc#1207263).
* bus: sunxi-rsb: Fix error handling in sunxi_rsb_init() (git-fixes).
* can: j1939: do not wait 250 ms if the same addr was already claimed (git-
fixes).
* can: j1939: fix errant WARN_ON_ONCE in j1939_session_deactivate (git-fixes).
* ceph: flush cap releases when the session is flushed (bsc#1208428).
* cifs: Fix uninitialized memory read for smb311 posix symlink create (git-
fixes).
* cifs: avoid re-lookups in dfs_cache_find() (bsc#1193629).
* cifs: do not include page data when checking signature (git-fixes).
* cifs: do not query ifaces on smb1 mounts (git-fixes).
* cifs: do not take exclusive lock for updating target hints (bsc#1193629).
* cifs: fix double free on failed kerberos auth (git-fixes).
* cifs: fix file info setting in cifs_open_file() (git-fixes).
* cifs: fix file info setting in cifs_query_path_info() (git-fixes).
* cifs: fix potential memory leaks in session setup (bsc#1193629).
* cifs: fix race in assemble_neg_contexts() (bsc#1193629).
* cifs: fix return of uninitialized rc in dfs_cache_update_tgthint()
(bsc#1193629).
* cifs: handle cache lookup errors different than -ENOENT (bsc#1193629).
* cifs: ignore ipc reconnect failures during dfs failover (bsc#1193629).
* cifs: protect access of TCP_Server_Info::{dstaddr,hostname} (bsc#1193629).
* cifs: remove duplicate code in __refresh_tcon() (bsc#1193629).
* cifs: remove redundant assignment to the variable match (bsc#1193629).
* cifs: remove unused function (bsc#1193629).
* comedi: adv_pci1760: Fix PWM instruction handling (git-fixes).
* cpufreq: Add Tegra234 to cpufreq-dt-platdev blocklist (git-fixes).
* cpufreq: armada-37xx: stop using 0 as NULL pointer (git-fixes).
* crypto: fixed DH and ECDH implemention for FIPS PCT
(jsc#SLE-21132,bsc#1191256,bsc#1207184).
* dm btree: add a defensive bounds check to insert_at() (git-fixes).
* dm cache: Fix ABBA deadlock between shrink_slab and dm_cache_metadata_abort
(git-fixes).
* dm cache: Fix UAF in destroy() (git-fixes).
* dm cache: set needs_check flag after aborting metadata (git-fixes).
* dm clone: Fix UAF in clone_dtr() (git-fixes).
* dm integrity: Fix UAF in dm_integrity_dtr() (git-fixes).
* dm integrity: clear the journal on suspend (git-fixes).
* dm integrity: flush the journal on suspend (git-fixes).
* dm ioctl: fix misbehavior if list_versions races with module loading (git-
fixes).
* dm ioctl: prevent potential spectre v1 gadget (git-fixes).
* dm raid: fix address sanitizer warning in raid_resume (git-fixes).
* dm raid: fix address sanitizer warning in raid_status (git-fixes).
* dm space map common: add bounds check to sm_ll_lookup_bitmap() (git-fixes).
* dm thin: Fix ABBA deadlock between shrink_slab and dm_pool_abort_metadata
(git-fixes).
* dm thin: Fix UAF in run_timer_softirq() (git-fixes).
* dm thin: Use last transaction's pmd->root when commit failed (git-fixes).
* dm thin: resume even if in FAIL mode (git-fixes).
* dm writecache: set a default MAX_WRITEBACK_JOBS (git-fixes).
* dm: fix alloc_dax error handling in alloc_dev (git-fixes).
* dm: requeue IO if mapping table not yet available (git-fixes).
* dmaengine: Fix double increment of client_count in dma_chan_get() (git-
fixes).
* dmaengine: idxd: Do not call DMX TX callbacks during workqueue disable (git-
fixes).
* dmaengine: idxd: Let probe fail when workqueue cannot be enabled (git-
fixes).
* dmaengine: imx-sdma: Fix a possible memory leak in sdma_transfer_init (git-
fixes).
* dmaengine: lgm: Move DT parsing after initialization (git-fixes).
* dmaengine: tegra210-adma: fix global intr clear (git-fixes).
* dmaengine: ti: k3-udma: Do conditional decrement of
UDMA_CHAN_RT_PEER_BCNT_REG (git-fixes).
* dmaengine: xilinx_dma: call of_node_put() when breaking out of
for_each_child_of_node() (git-fixes).
* docs: Fix the docs build with Sphinx 6.0 (git-fixes).
* driver core: Fix test_async_probe_init saves device in wrong array (git-
fixes).
* drivers/md/md-bitmap: check the return value of md_bitmap_get_counter()
(git-fixes).
* drivers: net: xgene: disable napi when register irq failed in
xgene_enet_open() (git-fixes).
* drivers:md:fix a potential use-after-free bug (git-fixes).
* drm/amd/display: Calculate output_color_space after pixel encoding
adjustment (git-fixes).
* drm/amd/display: Fail atomic_check early on normalize_zpos error (git-
fixes).
* drm/amd/display: Fix COLOR_SPACE_YCBCR2020_TYPE matrix (git-fixes).
* drm/amd/display: Fix set scaling doesn's work (git-fixes).
* drm/amd/display: Fix timing not changning when freesync video is enabled
(git-fixes).
* drm/amd/display: Take emulated dc_sink into account for HDCP (bsc#1207734).
* drm/amd/display: fix issues with driver unload (git-fixes).
* drm/amdgpu/fence: Fix oops due to non-matching drm_sched init/fini (git-
fixes).
* drm/amdgpu: complete gfxoff allow signal during suspend without delay (git-
fixes).
* drm/amdgpu: disable runtime pm on several sienna cichlid cards(v2) (git-
fixes).
* drm/amdgpu: drop experimental flag on aldebaran (git-fixes).
* drm/hyperv: Add error message for fb size greater than allocated (git-
fixes).
* drm/i915/adlp: Fix typo for reference clock (git-fixes).
* drm/i915/display: Check source height is > 0 (git-fixes).
* drm/i915/gt: Reset twice (git-fixes).
* drm/i915/selftest: fix intel_selftest_modify_policy argument types (git-
fixes).
* drm/i915: Fix VBT DSI DVO port handling (git-fixes).
* drm/i915: Fix potential bit_17 double-free (git-fixes).
* drm/i915: Initialize the obj flags for shmem objects (git-fixes).
* drm/i915: re-disable RC6p on Sandy Bridge (git-fixes).
* drm/panfrost: fix GENERIC_ATOMIC64 dependency (git-fixes).
* drm/vc4: hdmi: make CEC adapter name unique (git-fixes).
* drm/virtio: exbuf->fence_fd unmodified on interrupted wait (git-fixes).
* drm: Add orientation quirk for Lenovo ideapad D330-10IGL (git-fixes).
* efi: Accept version 2 of memory attributes table (git-fixes).
* efi: fix potential NULL deref in efi_mem_reserve_persistent (git-fixes).
* efi: rt-wrapper: Add missing include (git-fixes).
* efi: tpm: Avoid READ_ONCE() for accessing the event log (git-fixes).
* exit: Add and use make_task_dead (bsc#1207328).
* exit: Allow oops_limit to be disabled (bsc#1207328).
* exit: Guarantee make_task_dead leaks the tsk when calling do_task_exit
(bsc#1207328).
* exit: Move force_uaccess back into do_exit (bsc#1207328).
* exit: Move oops specific logic from do_exit into make_task_dead
(bsc#1207328).
* exit: Put an upper limit on how often we can oops (bsc#1207328).
* exit: Stop poorly open coding do_task_dead in make_task_dead (bsc#1207328).
* exit: Use READ_ONCE() for all oops/warn limit reads (bsc#1207328).
* ext4,f2fs: fix readahead of verity data (bsc#1207648).
* ext4: Fixup pages without buffers (bsc#1205495).
* ext4: add EXT4_IGET_BAD flag to prevent unexpected bad inode (bsc#1207619).
* ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h (bsc#1206878).
* ext4: add helper to check quota inums (bsc#1207618).
* ext4: add inode table check in __ext4_get_inode_loc to aovid possible
infinite loop (bsc#1207617).
* ext4: add missing validation of fast-commit record lengths (bsc#1207626).
* ext4: allocate extended attribute value in vmalloc area (bsc#1207635).
* ext4: avoid crash when inline data creation follows DIO write (bsc#1206883).
* ext4: avoid resizing to a partial cluster size (bsc#1206880).
* ext4: avoid unaccounted block allocation when expanding inode (bsc#1207634).
* ext4: continue to expand file system when the target size does not reach
(bsc#1206882).
* ext4: correct cluster len and clusters changed accounting in ext4_mb_mark_bb
(bsc#1207592).
* ext4: correct max_inline_xattr_value_size computing (bsc#1206878).
* ext4: correct the misjudgment in ext4_iget_extra_inode (bsc#1206878).
* ext4: disable fast-commit of encrypted dir operations (bsc#1207623).
* ext4: do not allow journal inode to have encrypt flag (bsc#1207621).
* ext4: do not increase iversion counter for ea_inodes (bsc#1207605).
* ext4: do not run ext4lazyinit for read-only filesystems (bsc#1207603).
* ext4: do not set up encryption key during jbd2 transaction (bsc#1207624).
* ext4: drop ineligible txn start stop APIs (bsc#1207588).
* ext4: ext4_read_bh_lock() should submit IO if the buffer isn't uptodate
(bsc#1207606).
* ext4: factor out ext4_fc_get_tl() (bsc#1207615).
* ext4: fast commit may miss file actions (bsc#1207591).
* ext4: fast commit may not fallback for ineligible commit (bsc#1207590).
* ext4: fix BUG_ON() when directory entry has invalid rec_len (bsc#1206886).
* ext4: fix bug in extents parsing when eh_entries == 0 and eh_depth > 0
(bsc#1206881).
* ext4: fix bug_on in __es_tree_search caused by bad boot loader inode
(bsc#1207620).
* ext4: fix bug_on in start_this_handle during umount filesystem
(bsc#1207594).
* ext4: fix deadlock due to mbcache entry corruption (bsc#1207653).
* ext4: fix delayed allocation bug in ext4_clu_mapped for bigalloc + inline
(bsc#1207631).
* ext4: fix dir corruption when ext4_dx_add_entry() fails (bsc#1207608).
* ext4: fix error code return to user-space in ext4_get_branch()
(bsc#1207630).
* ext4: fix ext4_mb_mark_bb() with flex_bg with fast_commit (bsc#1207593).
* ext4: fix extent status tree race in writeback error recovery path
(bsc#1206877).
* ext4: fix inode leak in ext4_xattr_inode_create() on an error path
(bsc#1207636).
* ext4: fix kernel BUG in 'ext4_write_inline_data_end()' (bsc#1206894).
* ext4: fix leaking uninitialized memory in fast-commit journal (bsc#1207625).
* ext4: fix miss release buffer head in ext4_fc_write_inode (bsc#1207609).
* ext4: fix null-ptr-deref in ext4_write_info (bsc#1206884).
* ext4: fix off-by-one errors in fast-commit block filling (bsc#1207628).
* ext4: fix potential memory leak in ext4_fc_record_modified_inode()
(bsc#1207611).
* ext4: fix potential memory leak in ext4_fc_record_regions() (bsc#1207612).
* ext4: fix potential out of bound read in ext4_fc_replay_scan()
(bsc#1207616).
* ext4: fix reserved cluster accounting in __es_remove_extent() (bsc#1207637).
* ext4: fix unaligned memory access in ext4_fc_reserve_space() (bsc#1207627).
* ext4: fix undefined behavior in bit shift for ext4_check_flag_values
(bsc#1206890).
* ext4: fix uninititialized value in 'ext4_evict_inode' (bsc#1206893).
* ext4: fix use-after-free in ext4_ext_shift_extents (bsc#1206888).
* ext4: fix use-after-free in ext4_orphan_cleanup (bsc#1207622).
* ext4: fix use-after-free in ext4_xattr_set_entry (bsc#1206878).
* ext4: fix warning in 'ext4_da_release_space' (bsc#1206887).
* ext4: goto right label 'failed_mount3a' (bsc#1207610).
* ext4: init quota for 'old.inode' in 'ext4_rename' (bsc#1207629).
* ext4: initialize quota before expanding inode in setproject ioctl
(bsc#1207633).
* ext4: introduce EXT4_FC_TAG_BASE_LEN helper (bsc#1207614).
* ext4: limit the number of retries after discarding preallocations blocks
(bsc#1207602).
* ext4: make ext4_lazyinit_thread freezable (bsc#1206885).
* ext4: place buffer head allocation before handle start (bsc#1207607).
* ext4: silence the warning when evicting inode with dioread_nolock
(bsc#1206889).
* ext4: simplify updating of fast commit stats (bsc#1207589).
* ext4: update 'state->fc_regions_size' after successful memory allocation
(bsc#1207613).
* ext4: update s_overhead_clusters in the superblock during an on-line resize
(bsc#1206876).
* extcon: usbc-tusb320: fix kernel-doc warning (git-fixes).
* fbcon: Check font dimension limits (git-fixes).
* fbdev: omapfb: avoid stack overflow warning (git-fixes).
* fbdev: smscufx: fix error handling code in ufx_usb_probe (git-fixes).
* firewire: fix memory leak for payload of request subaction to IEC 61883-1
FCP region (git-fixes).
* firmware: arm_scmi: Harden shared memory access in fetch_notification (git-
fixes).
* firmware: arm_scmi: Harden shared memory access in fetch_response (git-
fixes).
* fpga: stratix10-soc: Fix return value check in s10_ops_write_init() (git-
fixes).
* fs: ext4: initialize fsdata in pagecache_write() (bsc#1207632).
* fs: remove __sync_filesystem (git-fixes).
* fscache_cookie_enabled: check cookie is valid before accessing it
(bsc#1208429).
* ftrace/x86: Add back ftrace_expected for ftrace bug reports (git-fixes).
* ftrace: Clean comments related to FTRACE_OPS_FL_PER_CPU (git-fixes).
* genirq: Provide new interfaces for affinity hints (bsc#1208153).
* git_sort: add usb-linus branch for gregkh/usb
* gsmi: fix null-deref in gsmi_get_variable (git-fixes).
* hv_netvsc: Fix missed pagebuf entries in netvsc_dma_map/unmap() (git-fixes).
* i2c: designware-pci: Add new PCI IDs for AMD NAVI GPU (git-fixes).
* i2c: mv64xxx: Add atomic_xfer method to driver (git-fixes).
* i2c: mv64xxx: Remove shutdown method from driver (git-fixes).
* i2c: mxs: suppress probe-deferral error message (git-fixes).
* i2c: rk3x: fix a bunch of kernel-doc warnings (git-fixes).
* i40e: Disallow ip4 and ip6 l4_4_bytes (git-fixes).
* i40e: Fix error handling in i40e_init_module() (git-fixes).
* i40e: Fix not setting default xps_cpus after reset (git-fixes).
* igb: Allocate MSI-X vector when testing (git-fixes).
* iio: adc: berlin2-adc: Add missing of_node_put() in error path (git-fixes).
* iio: adc: stm32-dfsdm: fill module aliases (git-fixes).
* iio: hid: fix the retval in accel_3d_capture_sample (git-fixes).
* iio: hid: fix the retval in gyro_3d_capture_sample (git-fixes).
* iio: imu: fxos8700: fix ACCEL measurement range selection (git-fixes).
* iio: imu: fxos8700: fix IMU data bits returned to user space (git-fixes).
* iio: imu: fxos8700: fix MAGN sensor scale and unit (git-fixes).
* iio: imu: fxos8700: fix failed initialization ODR mode assignment (git-
fixes).
* iio: imu: fxos8700: fix incomplete ACCEL and MAGN channels readback (git-
fixes).
* iio: imu: fxos8700: fix incorrect ODR mode readback (git-fixes).
* iio: imu: fxos8700: fix map label of channel type to MAGN sensor (git-
fixes).
* iio: imu: fxos8700: fix swapped ACCEL and MAGN channels readback (git-
fixes).
* iio: imu: fxos8700: remove definition FXOS8700_CTRL_ODR_MIN (git-fixes).
* iio:adc:twl6030: Enable measurement of VAC (git-fixes).
* iio:adc:twl6030: Enable measurements of VUSB, VBAT and others (git-fixes).
* ipmi:ssif: Add 60ms time internal between write retries (bsc#1206459).
* ipmi:ssif: Add a timer between request retries (bsc#1206459).
* ipmi:ssif: Increase the message retry time (bsc#1206459).
* ipmi:ssif: Remove rtc_us_timer (bsc#1206459).
* ipmi:ssif: resend_msg() cannot fail (bsc#1206459).
* ipmi_ssif: Rename idle state and check (bsc#1206459).
* ipv6: addrlabel: fix infoleak when sending struct ifaddrlblmsg to network
(git-fixes).
* ixgbevf: Fix resource leak in ixgbevf_init_module() (git-fixes).
* jbd2: Fix up kABI of ext4 fast commit interface (bsc#1207590).
* jbd2: add miss release buffer head in fc_do_one_pass() (bsc#1207646).
* jbd2: fix a potential race while discarding reserved buffers after an abort
(bsc#1207641).
* jbd2: fix potential buffer head reference count leak (bsc#1207644).
* jbd2: fix potential use-after-free in jbd2_fc_wait_bufs (bsc#1207645).
* jbd2: use the correct print format (git-fixes).
* jbd2: wake up journal waiters in FIFO order, not LIFO (bsc#1207643).
* kABI workaround for struct acpi_ec (bsc#1207149).
* kABI: Preserve TRACE_EVENT_FL values (git-fixes).
* kabi/severities: add mlx5 internal symbols
* kasan: no need to unset panic_on_warn in end_report() (bsc#1207328).
* l2tp: Do not sleep and disable BH under writer-side sk_callback_lock (git-
fixes).
* loop: Fix the max_loop commandline argument treatment when it is set to 0
(git-fixes).
* mbcache: Avoid nesting of cache->c_list_lock under bit locks (bsc#1207647).
* mbcache: Fixup kABI of mb_cache_entry (bsc#1207653).
* md/bitmap: Fix bitmap chunk size overflow issues (git-fixes).
* md/raid1: stop mdx_raid1 thread when raid1 array run failed (git-fixes).
* md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d (git-fixes).
* md: Flush workqueue md_rdev_misc_wq in md_alloc() (git-fixes).
* md: Notify sysfs sync_completed in md_reap_sync_thread() (git-fixes).
* md: fix a crash in mempool_free (git-fixes).
* md: protect md_unregister_thread from reentrancy (git-fixes).
* mei: me: add meteor lake point M DID (git-fixes).
* memory: atmel-sdramc: Fix missing clk_disable_unprepare in
atmel_ramc_probe() (git-fixes).
* memory: mvebu-devbus: Fix missing clk_disable_unprepare in
mvebu_devbus_probe() (git-fixes).
* memory: tegra: Remove clients SID override programming (git-fixes).
* misc: fastrpc: Do not remove map on creater_process and device_release (git-
fixes).
* misc: fastrpc: Fix use-after-free race condition for maps (git-fixes).
* mm: /proc/pid/smaps_rollup: fix no vma's null-deref (bsc#1207769).
* mm: compaction: kABI: avoid pglist_data kABI breakage (bsc#1207010).
* mm: compaction: support triggering of proactive compaction by user
(bsc#1207010).
* mmc: sdhci-esdhc-imx: correct the tuning start tap and step setting (git-
fixes).
* mmc: sunxi-mmc: Fix clock refcount imbalance during unbind (git-fixes).
* module: Do not wait for GOING modules (bsc#1196058, bsc#1186449,
bsc#1204356, bsc#1204662).
* mt76: fix use-after-free by removing a non-RCU wcid pointer (git-fixes).
* mt76: mt7921: avoid unnecessary spin_lock/spin_unlock in
mt7921_mcu_tx_done_event (git-fixes).
* nbd: Fix hung on disconnect request if socket is closed before (git-fixes).
* nbd: Fix hung when signal interrupts nbd_start_device_ioctl() (git-fixes).
* nbd: call genl_unregister_family() first in nbd_cleanup() (git-fixes).
* nbd: fix io hung while disconnecting device (git-fixes).
* nbd: fix race between nbd_alloc_config() and module removal (git-fixes).
* net/mlx4: Check retval of mlx4_bitmap_init (git-fixes).
* net/mlx5: Dynamically resize flow counters query buffer (bsc#1195175).
* net/tg3: resolve deadlock in tg3_reset_task() during EEH (bsc#1207842).
* net/usb: kalmia: Do not pass act_len in usb_bulk_msg error path (git-fixes).
* net/x25: Fix to not accept on connected socket (git-fixes).
* net: USB: Fix wrong-direction WARNING in plusb.c (git-fixes).
* net: cxgb3_main: disable napi when bind qsets failed in cxgb_up() (git-
fixes).
* net: ena: Fix error handling in ena_init() (git-fixes).
* net: liquidio: release resources when liquidio driver open failed (git-
fixes).
* net: liquidio: simplify if expression (git-fixes).
* net: macvlan: Use built-in RCU list checking (git-fixes).
* net: macvlan: fix memory leaks of macvlan_common_newlink (git-fixes).
* net: mana: Assign interrupts to CPUs based on NUMA nodes (bsc#1208153).
* net: mana: Fix IRQ name - add PCI and queue number (bsc#1207875).
* net: mana: Fix accessing freed irq affinity_hint (bsc#1208153).
* net: mdio: validate parameter addr in mdiobus_get_phy() (git-fixes).
* net: nfc: Fix use-after-free in local_cleanup() (git-fixes).
* net: openvswitch: fix possible memory leak in ovs_meter_cmd_set() (git-
fixes).
* net: phy: dp83822: Fix null pointer access on DP83825/DP83826 devices (git-
fixes).
* net: phy: meson-gxl: Add generic dummy stubs for MMD register access (git-
fixes).
* net: phy: meson-gxl: use MMD access dummy stubs for GXL, internal PHY (git-
fixes).
* net: tun: Fix memory leaks of napi_get_frags (git-fixes).
* net: tun: Fix use-after-free in tun_detach() (git-fixes).
* net: tun: call napi_schedule_prep() to ensure we own a napi (git-fixes).
* net: usb: cdc_ether: add support for Thales Cinterion PLS62-W modem (git-
fixes).
* net: usb: sr9700: Handle negative len (git-fixes).
* net: wan: Add checks for NULL for utdm in undo_uhdlc_init and unmap_si_regs
(git-fixes).
* netrom: Fix use-after-free caused by accept on already connected socket
(git-fixes).
* netrom: Fix use-after-free of a listening socket (git-fixes).
* nilfs2: fix general protection fault in nilfs_btree_insert() (git-fixes).
* null_blk: fix ida error handling in null_add_dev() (git-fixes).
* nvdimm: disable namespace on error (bsc#1166486).
* objtool: Add a missing comma to avoid string concatenation (bsc#1207328).
* ocfs2: clear dinode links count in case of error (bsc#1207650).
* ocfs2: fix BUG when iput after ocfs2_mknod fails (bsc#1207649).
* ocfs2: fix crash when mount with quota enabled (bsc#1207640).
* ocfs2: fix memory leak in ocfs2_mount_volume() (bsc#1207652).
* ocfs2: fix memory leak in ocfs2_stack_glue_init() (bsc#1207651).
* ocfs2: ocfs2_mount_volume does cleanup job before return error
(bsc#1207770).
* ocfs2: quota_local: fix possible uninitialized-variable access in
ocfs2_local_read_info() (bsc#1207768).
* ocfs2: rewrite error handling of ocfs2_fill_super (bsc#1207771).
* octeontx2-af: Fix reference count issue in rvu_sdp_init() (jsc#SLE-24682).
* octeontx2-af: debugsfs: fix pci device refcount leak (git-fixes).
* octeontx2-pf: Add check for devm_kcalloc (git-fixes).
* octeontx2-pf: Fix potential memory leak in otx2_init_tc() (jsc#SLE-24682).
* of/address: Return an error when no valid dma-ranges are found (git-fixes).
* panic: Consolidate open-coded panic_on_warn checks (bsc#1207328).
* panic: Introduce warn_limit (bsc#1207328).
* panic: unset panic_on_warn inside panic() (bsc#1207328).
* phy: Revert "phy: qualcomm: usb28nm: Add MDM9607 init sequence" (git-fixes).
* phy: phy-can-transceiver: Skip warning if no "max-bitrate" (git-fixes).
* phy: rockchip-inno-usb2: Fix missing clk_disable_unprepare() in
rockchip_usb2phy_power_on() (git-fixes).
* phy: ti: fix Kconfig warning and operator precedence (git-fixes).
* pinctrl: amd: Add dynamic debugging for active GPIOs (git-fixes).
* pinctrl: aspeed: Fix confusing types in return value (git-fixes).
* pinctrl: intel: Restore the pins that used to be in Direct IRQ mode (git-
fixes).
* pinctrl: mediatek: Fix the drive register definition of some Pins (git-
fixes).
* pinctrl: rockchip: fix mux route data for rk3568 (git-fixes).
* pinctrl: single: fix potential NULL dereference (git-fixes).
* platform/x86: asus-nb-wmi: Add alternate mapping for KEY_SCREENLOCK (git-
fixes).
* platform/x86: dell-wmi: Add a keymap for KEY_MUTE in type 0x0010 table (git-
fixes).
* platform/x86: gigabyte-wmi: add support for B450M DS3H WIFI-CF (git-fixes).
* platform/x86: touchscreen_dmi: Add info for the CSL Panther Tab HD (git-
fixes).
* powerpc/64s/radix: Fix RWX mapping with relocated kernel (bsc#1194869).
* powerpc/64s/radix: Fix crash with unaligned relocated kernel (bsc#1194869).
* powerpc/64s: Fix local irq disable when PMIs are disabled (bsc#1195655
ltc#1195655 git-fixes).
* powerpc/kexec_file: Count hot-pluggable memory in FDT estimate
(bsc#1194869).
* powerpc/kexec_file: Fix division by zero in extra size estimation
(bsc#1194869).
* powerpc/vmlinux.lds: Add an explicit symbol for the SRWX boundary
(bsc#1194869).
* powerpc/vmlinux.lds: Ensure STRICT_ALIGN_SIZE is at least page aligned
(bsc#1194869).
* powerpc: move __end_rodata to cover arch read-only sections (bsc#1194869).
* qlcnic: fix sleep-in-atomic-context bugs caused by msleep (git-fixes).
* quota: Check next/prev free block number after reading from quota file
(bsc#1206640).
* quota: Prevent memory allocation recursion while holding dq_lock
(bsc#1207639).
* r8152: add vendor/device ID pair for Microsoft Devkit (git-fixes).
* r8169: move rtl_wol_enable_rx() and rtl_prepare_power_down() (git-fixes).
* regulator: da9211: Use irq handler when ready (git-fixes).
* rpm/mkspec-dtb: add riscv64 dtb-renesas subpackage
* s390/qeth: fix various format strings (git-fixes).
* sched, cpuset: Fix dl_cpu_busy() panic due to empty (git-fixes)
* sched/core: Fix arch_scale_freq_tick() on tickless systems (git-fixes)
* sched/core: Introduce sched_asym_cpucap_active() (git-fixes)
* sched/deadline: Merge dl_task_can_attach() and dl_cpu_busy() (git-fixes)
* sched/tracing: Report TASK_RTLOCK_WAIT tasks as (git-fixes)
* sched/uclamp: Make asym_fits_capacity() use util_fits_cpu() (git-fixes)
* sched: Avoid double preemption in __cond_resched_ _lock_ () (git-fixes)
* scsi: Revert "scsi: core: map PQ=1, PDT=other values to
SCSI_SCAN_TARGET_PRESENT" (git-fixes).
* scsi: core: Fix a race between scsi_done() and scsi_timeout() (git-fixes).
* scsi: efct: Fix possible memleak in efct_device_init() (git-fixes).
* scsi: elx: libefc: Fix second parameter type in state callbacks (git-fixes).
* scsi: fcoe: Fix possible name leak when device_register() fails (git-fixes).
* scsi: fcoe: Fix transport not deattached when fcoe_if_init() fails (git-
fixes).
* scsi: hpsa: Fix allocation size for scsi_host_alloc() (git-fixes).
* scsi: hpsa: Fix error handling in hpsa_add_sas_host() (git-fixes).
* scsi: hpsa: Fix possible memory leak in hpsa_add_sas_device() (git-fixes).
* scsi: hpsa: Fix possible memory leak in hpsa_init_one() (git-fixes).
* scsi: ipr: Fix WARNING in ipr_init() (git-fixes).
* scsi: mpi3mr: Refer CONFIG_SCSI_MPI3MR in Makefile (git-fixes).
* scsi: mpt3sas: Fix possible resource leaks in mpt3sas_transport_port_add()
(git-fixes).
* scsi: mpt3sas: Remove scsi_dma_map() error messages (git-fixes).
* scsi: scsi_debug: Fix a warning in resp_report_zones() (git-fixes).
* scsi: scsi_debug: Fix a warning in resp_verify() (git-fixes).
* scsi: scsi_debug: Fix a warning in resp_write_scat() (git-fixes).
* scsi: scsi_debug: Fix possible name leak in sdebug_add_host_helper() (git-
fixes).
* scsi: snic: Fix possible UAF in snic_tgt_create() (git-fixes).
* scsi: storvsc: Correct reporting of Hyper-V I/O size limits (git-fixes).
* scsi: storvsc: Fix swiotlb bounce buffer leak in confidential VM
(bsc#1206006).
* scsi: tracing: Fix compile error in trace_array calls when TRACING is
disabled (git-fixes).
* scsi: ufs: Stop using the clock scaling lock in the error handler (git-
fixes).
* scsi: ufs: core: Enable link lost interrupt (git-fixes).
* sctp: fail if no bound addresses can be used for a given scope
(bsc#1206677).
* selftests/vm: remove ARRAY_SIZE define from individual tests (git-fixes).
* selftests: Provide local define of __cpuid_count() (git-fixes).
* selftests: forwarding: lib: quote the sysctl values (git-fixes).
* selftests: net: udpgso_bench: Fix racing bug between the rx/tx programs
(git-fixes).
* selftests: net: udpgso_bench_rx/tx: Stop when wrong CLI args are provided
(git-fixes).
* selftests: net: udpgso_bench_rx: Fix 'used uninitialized' compiler warning
(git-fixes).
* selftests: net: udpgso_bench_tx: Cater for pending datagrams zerocopy
benchmarking (git-fixes).
* serial: 8250_dma: Fix DMA Rx rearm race (git-fixes).
* serial: atmel: fix incorrect baudrate setup (git-fixes).
* serial: pch_uart: Pass correct sg to dma_unmap_sg() (git-fixes).
* sfc: fix potential memleak in __ef100_hard_start_xmit() (git-fixes).
* signal/vm86_32: Properly send SIGSEGV when the vm86 state cannot be saved
(git-fixes).
* soc: imx8m: Fix incorrect check for of_clk_get_by_name() (git-fixes).
* spi: dw: Fix wrong FIFO level setting for long xfers (git-fixes).
* spi: spidev: remove debug messages that access spidev->spi without locking
(git-fixes).
* staging: mt7621-dts: change some node hex addresses to lower case (git-
fixes).
* staging: vchiq_arm: fix enum vchiq_status return types (git-fixes).
* swim3: add missing major.h include (git-fixes).
* sysctl: add a new register_sysctl_init() interface (bsc#1207328).
* tcp: prohibit TCP_REPAIR_OPTIONS if data was already sent (git-fixes).
* thermal/core: Remove duplicate information when an error occurs (git-fixes).
* thunderbolt: Do not call PM runtime functions in tb_retimer_scan() (git-
fixes).
* thunderbolt: Do not report errors if on-board retimers are found (git-
fixes).
* thunderbolt: Use correct function to calculate maximum USB3 link rate (git-
fixes).
* tick/nohz: Use WARN_ON_ONCE() to prevent console saturation.
* tick/sched: Fix non-kernel-doc comment (git-fixes).
* tomoyo: fix broken dependency on *.conf.default (git-fixes).
* tools: fix ARRAY_SIZE defines in tools and selftests hdrs (git-fixes).
* trace_events_hist: add check for return value of 'create_hist_field' (git-
fixes).
* tracing/hist: Fix issue of losting command info in error_log (git-fixes).
* tracing/hist: Fix out-of-bound write on 'action_data.var_ref_idx' (git-
fixes).
* tracing/hist: Fix wrong return value in parse_action_params() (git-fixes).
* tracing/osnoise: Make osnoise_main to sleep for microseconds (git-fixes).
* tracing/perf: Avoid -Warray-bounds warning for __rel_loc macro (git-fixes).
* tracing/probes: Handle system names with hyphens (git-fixes).
* tracing: Add '__rel_loc' using trace event macros (git-fixes).
* tracing: Add DYNAMIC flag for dynamic events (git-fixes).
* tracing: Add trace_event helper macros __string_len() and __assign_str_len()
(git-fixes).
* tracing: Avoid -Warray-bounds warning for __rel_loc macro (git-fixes).
* tracing: Do not use out-of-sync va_list in event printing (git-fixes).
* tracing: Ensure trace buffer is at least 4096 bytes large (git-fixes).
* tracing: Fix a kmemleak false positive in tracing_map (git-fixes).
* tracing: Fix complicated dependency of CONFIG_TRACER_MAX_TRACE (git-fixes).
* tracing: Fix infinite loop in tracing_read_pipe on overflowed
print_trace_line (git-fixes).
* tracing: Fix issue of missing one synthetic field (git-fixes).
* tracing: Fix mismatched comment in __string_len (git-fixes).
* tracing: Fix poll() and select() do not work on per_cpu trace_pipe and
trace_pipe_raw (git-fixes).
* tracing: Fix possible memory leak in __create_synth_event() error path (git-
fixes).
* tracing: Fix race where histograms can be called before the event (git-
fixes).
* tracing: Fix sleeping function called from invalid context on RT kernel
(git-fixes).
* tracing: Fix tp_printk option related with tp_printk_stop_on_boot (git-
fixes).
* tracing: Fix warning on variable 'struct trace_array' (git-fixes).
* tracing: Have TRACE_DEFINE_ENUM affect trace event types as well (git-
fixes).
* tracing: Have syscall trace events use trace_event_buffer_lock_reserve()
(git-fixes).
* tracing: Have type enum modifications copy the strings (git-fixes).
* tracing: Make sure trace_printk() can output as soon as it can be used (git-
fixes).
* tracing: Make tp_printk work on syscall tracepoints (git-fixes).
* tracing: Use alignof__(struct {type b;}) instead of offsetof() (git-fixes).
* tracing: incorrect isolate_mote_t cast in mm_vmscan_lru_isolate (git-fixes).
* tty: fix possible null-ptr-defer in spk_ttyio_release (git-fixes).
* tty: serial: qcom-geni-serial: fix slab-out-of-bounds on RX FIFO buffer
(git-fixes).
* ubsan: no need to unset panic_on_warn in ubsan_epilogue() (bsc#1207328).
* usb-storage: apply IGNORE_UAS only for HIKSEMI MD202 on RTL9210 (git-fixes).
* usb: acpi: add helper to check port lpm capability using acpi _DSM (git-
fixes).
* usb: cdns3: remove fetched trb from cache before dequeuing (git-fixes).
* usb: core: add quirk for Alcor Link AK9563 smartcard reader (git-fixes).
* usb: core: hub: disable autosuspend for TI TUSB8041 (git-fixes).
* usb: dwc3: qcom: enable vbus override when in OTG dr-mode (git-fixes).
* usb: fotg210-udc: Fix ages old endianness issues (git-fixes).
* usb: gadget: f_fs: Ensure ep0req is dequeued before free_request (git-
fixes).
* usb: gadget: f_fs: Fix unbalanced spinlock in __ffs_ep0_queue_wait (git-
fixes).
* usb: gadget: f_fs: Prevent race during ffs_ep0_queue_wait (git-fixes).
* usb: gadget: f_hid: fix f_hidg lifetime vs cdev (git-fixes).
* usb: gadget: f_hid: fix refcount leak on error path (git-fixes).
* usb: gadget: f_ncm: fix potential NULL ptr deref in ncm_bitrate() (git-
fixes).
* usb: gadget: f_uac2: Fix incorrect increment of bNumEndpoints (git-fixes).
* usb: gadget: g_webcam: Send color matching descriptor per frame (git-fixes).
* usb: gadget: udc: core: Print error code in usb_gadget_probe_driver() (git-
fixes).
* usb: gadget: udc: core: Revise comments for USB ep enable/disable (git-
fixes).
* usb: gadget: udc: core: Use pr_fmt() to prefix messages (git-fixes).
* usb: gadget: udc: core: remove usage of list iterator past the loop body
(git-fixes).
* usb: host: ehci-fsl: Fix module alias (git-fixes).
* usb: typec: altmodes/displayport: Add pin assignment helper (git-fixes).
* usb: typec: altmodes/displayport: Fix pin assignment calculation (git-
fixes).
* usb: typec: altmodes/displayport: Fix probe pin assign check (git-fixes).
* usb: typec: tcpm: Fix altmode re-registration causes sysfs create fail (git-
fixes).
* usb: xhci: Check endpoint is valid before dereferencing it (git-fixes).
* vc_screen: move load of struct vc_data pointer in vcs_read() to avoid UAF
(git-fixes).
* vfs: Check the truncate maximum size in inode_newsize_ok() (bsc#1207642).
* vfs: make sync_filesystem return errors from ->sync_fs (git-fixes).
* virtio-blk: modify the value type of num in virtio_queue_rq() (git-fixes).
* virtio-net: correctly enable callback during start_xmit (git-fixes).
* virtio_pci: modify ENOENT to EINVAL (git-fixes).
* w1: fix WARNING after calling w1_process() (git-fixes).
* w1: fix deadloop in __w1_remove_master_device() (git-fixes).
* wait: Fix __wait_event_hrtimeout for RT/DL tasks (git-fixes)
* watchdog-diag288_wdt-fix-__diag288-inline-assembly.patch
* watchdog/hpwdt: Enable HP_WATCHDOG for ARM64 systems. (jsc#PED-3210)
* watchdog: diag288_wdt: do not use stack buffers for hardware data
(bsc#1207497).
* watchdog: diag288_wdt: fix __diag288() inline assembly (bsc#1207497).
* wifi: brcmfmac: fix regression for Broadcom PCIe wifi devices (git-fixes).
* wifi: mac80211: sdata can be NULL during AMPDU start (git-fixes).
* wifi: mt76: mt7921: add mt7921_mutex_acquire at mt7921_sta_set_decap_offload
(git-fixes).
* wifi: mt76: mt7921e: fix race issue between reset and suspend/resume (git-
fixes).
* wifi: mt76: sdio: fix the deadlock caused by sdio->stat_work (git-fixes).
* wifi: mt76: sdio: poll sta stat when device transmits data (git-fixes).
* wifi: rndis_wlan: Prevent buffer overflow in rndis_query_oid (git-fixes).
* writeback: avoid use-after-free after removing device (bsc#1207638).
* x86/MCE/AMD: Clear DFR errors found in THR handler (git-fixes).
* x86/asm: Fix an assembler warning with current binutils (git-fixes).
* x86/boot: Avoid using Intel mnemonics in AT&T syntax asm (git-fixes).
* x86/hyperv: Remove unregister syscore call from Hyper-V cleanup (git-fixes).
* x86/hyperv: Restore VP assist page after cpu offlining/onlining (git-fixes).
* x86/kprobes: Fix kprobes instruction boudary check with CONFIG_RETHUNK (git-
fixes).
* x86/kprobes: Fix optprobe optimization check with CONFIG_RETHUNK (git-
fixes).
* x86/kvm: Remove unused virt to phys translation in kvm_guest_cpu_init()
(git-fixes).
* x86/microcode/intel: Do not retry microcode reloading on the APs (git-
fixes).
* x86: ACPI: cstate: Optimize C3 entry on AMD CPUs (git-fixes).
* xfs: Fix unreferenced object reported by kmemleak in xfs_sysfs_init() (git-
fixes).
* xfs: estimate post-merge refcounts correctly (bsc#1208183).
* xfs: fix incorrect error-out in xfs_remove (git-fixes).
* xfs: fix incorrect i_nlink caused by inode racing (git-fixes).
* xfs: fix maxlevels comparisons in the btree staging code (git-fixes).
* xfs: fix memory leak in xfs_errortag_init (git-fixes).
* xfs: get rid of assert from xfs_btree_islastblock (git-fixes).
* xfs: get root inode correctly at bulkstat (git-fixes).
* xfs: hoist refcount record merge predicates (bsc#1208183).
* xfs: initialize the check_owner object fully (git-fixes).
* xfs: prevent a WARN_ONCE() in xfs_ioc_attr_list() (git-fixes).
* xfs: reject crazy array sizes being fed to XFS_IOC_GETBMAP* (git-fixes).
* xfs: return errors in xfs_fs_sync_fs (git-fixes).
* xfs: xfstest fails with error missing kernel patch (git-fixes bsc#1207501
ltc#201370).
* xhci-pci: set the dma max_seg_size (git-fixes).
* xhci: Fix null pointer dereference when host dies (git-fixes).
* zram: Delete patch for regression addressed (bsc#1207933).
* zram: do not lookup algorithm in backends table (git-fixes).

## Special Instructions and Notes:

* Please reboot the system after installing this update.

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap Micro 5.3
zypper in -t patch openSUSE-Leap-Micro-5.3-2023-488=1

* openSUSE Leap 15.4
zypper in -t patch openSUSE-SLE-15.4-2023-488=1

* SUSE Linux Enterprise Micro for Rancher 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2023-488=1

* SUSE Linux Enterprise Micro 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2023-488=1

* SUSE Linux Enterprise Live Patching 15-SP4
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2023-488=1

* SUSE Real Time Module 15-SP4
zypper in -t patch SUSE-SLE-Module-RT-15-SP4-2023-488=1

## Package List:

* openSUSE Leap Micro 5.3 (nosrc x86_64)
* kernel-rt-5.14.21-150400.15.11.1
* openSUSE Leap Micro 5.3 (x86_64)
* kernel-rt-debuginfo-5.14.21-150400.15.11.1
* kernel-rt-debugsource-5.14.21-150400.15.11.1
* openSUSE Leap 15.4 (x86_64)
* kernel-rt_debug-debugsource-5.14.21-150400.15.11.1
* kernel-rt-debugsource-5.14.21-150400.15.11.1
* kernel-rt-devel-debuginfo-5.14.21-150400.15.11.1
* ocfs2-kmp-rt-debuginfo-5.14.21-150400.15.11.1
* kernel-rt_debug-devel-5.14.21-150400.15.11.1
* kernel-rt-devel-5.14.21-150400.15.11.1
* dlm-kmp-rt-debuginfo-5.14.21-150400.15.11.1
* kernel-rt_debug-debuginfo-5.14.21-150400.15.11.1
* kernel-rt_debug-devel-debuginfo-5.14.21-150400.15.11.1
* dlm-kmp-rt-5.14.21-150400.15.11.1
* kernel-rt-debuginfo-5.14.21-150400.15.11.1
* kernel-syms-rt-5.14.21-150400.15.11.1
* ocfs2-kmp-rt-5.14.21-150400.15.11.1
* gfs2-kmp-rt-5.14.21-150400.15.11.1
* cluster-md-kmp-rt-5.14.21-150400.15.11.1
* gfs2-kmp-rt-debuginfo-5.14.21-150400.15.11.1
* cluster-md-kmp-rt-debuginfo-5.14.21-150400.15.11.1
* openSUSE Leap 15.4 (noarch)
* kernel-devel-rt-5.14.21-150400.15.11.1
* kernel-source-rt-5.14.21-150400.15.11.1
* openSUSE Leap 15.4 (nosrc x86_64)
* kernel-rt-5.14.21-150400.15.11.1
* kernel-rt_debug-5.14.21-150400.15.11.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (nosrc x86_64)
* kernel-rt-5.14.21-150400.15.11.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (x86_64)
* kernel-rt-debuginfo-5.14.21-150400.15.11.1
* kernel-rt-debugsource-5.14.21-150400.15.11.1
* SUSE Linux Enterprise Micro 5.3 (nosrc x86_64)
* kernel-rt-5.14.21-150400.15.11.1
* SUSE Linux Enterprise Micro 5.3 (x86_64)
* kernel-rt-debuginfo-5.14.21-150400.15.11.1
* kernel-rt-debugsource-5.14.21-150400.15.11.1
* SUSE Linux Enterprise Live Patching 15-SP4 (x86_64)
* kernel-livepatch-5_14_21-150400_15_11-rt-1-150400.1.3.1
* kernel-livepatch-SLE15-SP4-RT_Update_3-debugsource-1-150400.1.3.1
* kernel-livepatch-5_14_21-150400_15_11-rt-debuginfo-1-150400.1.3.1
* SUSE Real Time Module 15-SP4 (x86_64)
* kernel-rt_debug-debugsource-5.14.21-150400.15.11.1
* kernel-rt-debugsource-5.14.21-150400.15.11.1
* kernel-rt-devel-debuginfo-5.14.21-150400.15.11.1
* ocfs2-kmp-rt-debuginfo-5.14.21-150400.15.11.1
* kernel-rt_debug-devel-5.14.21-150400.15.11.1
* kernel-rt-devel-5.14.21-150400.15.11.1
* dlm-kmp-rt-debuginfo-5.14.21-150400.15.11.1
* kernel-rt_debug-debuginfo-5.14.21-150400.15.11.1
* kernel-rt_debug-devel-debuginfo-5.14.21-150400.15.11.1
* dlm-kmp-rt-5.14.21-150400.15.11.1
* kernel-rt-debuginfo-5.14.21-150400.15.11.1
* kernel-syms-rt-5.14.21-150400.15.11.1
* ocfs2-kmp-rt-5.14.21-150400.15.11.1
* gfs2-kmp-rt-5.14.21-150400.15.11.1
* cluster-md-kmp-rt-5.14.21-150400.15.11.1
* gfs2-kmp-rt-debuginfo-5.14.21-150400.15.11.1
* cluster-md-kmp-rt-debuginfo-5.14.21-150400.15.11.1
* SUSE Real Time Module 15-SP4 (noarch)
* kernel-devel-rt-5.14.21-150400.15.11.1
* kernel-source-rt-5.14.21-150400.15.11.1
* SUSE Real Time Module 15-SP4 (nosrc x86_64)
* kernel-rt-5.14.21-150400.15.11.1
* kernel-rt_debug-5.14.21-150400.15.11.1

## References:

* https://www.suse.com/security/cve/CVE-2020-24588.html
* https://www.suse.com/security/cve/CVE-2022-36280.html
* https://www.suse.com/security/cve/CVE-2022-4382.html
* https://www.suse.com/security/cve/CVE-2022-47929.html
* https://www.suse.com/security/cve/CVE-2023-0045.html
* https://www.suse.com/security/cve/CVE-2023-0122.html
* https://www.suse.com/security/cve/CVE-2023-0179.html
* https://www.suse.com/security/cve/CVE-2023-0266.html
* https://www.suse.com/security/cve/CVE-2023-0590.html
* https://www.suse.com/security/cve/CVE-2023-23454.html
* https://www.suse.com/security/cve/CVE-2023-23455.html
* https://bugzilla.suse.com/show_bug.cgi?id=1166486
* https://bugzilla.suse.com/show_bug.cgi?id=1185861
* https://bugzilla.suse.com/show_bug.cgi?id=1185863
* https://bugzilla.suse.com/show_bug.cgi?id=1186449
* https://bugzilla.suse.com/show_bug.cgi?id=1191256
* https://bugzilla.suse.com/show_bug.cgi?id=1192868
* https://bugzilla.suse.com/show_bug.cgi?id=1193629
* https://bugzilla.suse.com/show_bug.cgi?id=1194869
* https://bugzilla.suse.com/show_bug.cgi?id=1195175
* https://bugzilla.suse.com/show_bug.cgi?id=1195655
* https://bugzilla.suse.com/show_bug.cgi?id=1196058
* https://bugzilla.suse.com/show_bug.cgi?id=1199701
* https://bugzilla.suse.com/show_bug.cgi?id=1203332
* https://bugzilla.suse.com/show_bug.cgi?id=1204063
* https://bugzilla.suse.com/show_bug.cgi?id=1204356
* https://bugzilla.suse.com/show_bug.cgi?id=1204662
* https://bugzilla.suse.com/show_bug.cgi?id=1205495
* https://bugzilla.suse.com/show_bug.cgi?id=1206006
* https://bugzilla.suse.com/show_bug.cgi?id=1206036
* https://bugzilla.suse.com/show_bug.cgi?id=1206056
* https://bugzilla.suse.com/show_bug.cgi?id=1206057
* https://bugzilla.suse.com/show_bug.cgi?id=1206224
* https://bugzilla.suse.com/show_bug.cgi?id=1206258
* https://bugzilla.suse.com/show_bug.cgi?id=1206363
* https://bugzilla.suse.com/show_bug.cgi?id=1206459
* https://bugzilla.suse.com/show_bug.cgi?id=1206616
* https://bugzilla.suse.com/show_bug.cgi?id=1206640
* https://bugzilla.suse.com/show_bug.cgi?id=1206677
* https://bugzilla.suse.com/show_bug.cgi?id=1206784
* https://bugzilla.suse.com/show_bug.cgi?id=1206876
* https://bugzilla.suse.com/show_bug.cgi?id=1206877
* https://bugzilla.suse.com/show_bug.cgi?id=1206878
* https://bugzilla.suse.com/show_bug.cgi?id=1206880
* https://bugzilla.suse.com/show_bug.cgi?id=1206881
* https://bugzilla.suse.com/show_bug.cgi?id=1206882
* https://bugzilla.suse.com/show_bug.cgi?id=1206883
* https://bugzilla.suse.com/show_bug.cgi?id=1206884
* https://bugzilla.suse.com/show_bug.cgi?id=1206885
* https://bugzilla.suse.com/show_bug.cgi?id=1206886
* https://bugzilla.suse.com/show_bug.cgi?id=1206887
* https://bugzilla.suse.com/show_bug.cgi?id=1206888
* https://bugzilla.suse.com/show_bug.cgi?id=1206889
* https://bugzilla.suse.com/show_bug.cgi?id=1206890
* https://bugzilla.suse.com/show_bug.cgi?id=1206893
* https://bugzilla.suse.com/show_bug.cgi?id=1206894
* https://bugzilla.suse.com/show_bug.cgi?id=1207010
* https://bugzilla.suse.com/show_bug.cgi?id=1207034
* https://bugzilla.suse.com/show_bug.cgi?id=1207036
* https://bugzilla.suse.com/show_bug.cgi?id=1207050
* https://bugzilla.suse.com/show_bug.cgi?id=1207125
* https://bugzilla.suse.com/show_bug.cgi?id=1207134
* https://bugzilla.suse.com/show_bug.cgi?id=1207149
* https://bugzilla.suse.com/show_bug.cgi?id=1207158
* https://bugzilla.suse.com/show_bug.cgi?id=1207184
* https://bugzilla.suse.com/show_bug.cgi?id=1207186
* https://bugzilla.suse.com/show_bug.cgi?id=1207188
* https://bugzilla.suse.com/show_bug.cgi?id=1207189
* https://bugzilla.suse.com/show_bug.cgi?id=1207190
* https://bugzilla.suse.com/show_bug.cgi?id=1207237
* https://bugzilla.suse.com/show_bug.cgi?id=1207263
* https://bugzilla.suse.com/show_bug.cgi?id=1207269
* https://bugzilla.suse.com/show_bug.cgi?id=1207328
* https://bugzilla.suse.com/show_bug.cgi?id=1207497
* https://bugzilla.suse.com/show_bug.cgi?id=1207500
* https://bugzilla.suse.com/show_bug.cgi?id=1207501
* https://bugzilla.suse.com/show_bug.cgi?id=1207506
* https://bugzilla.suse.com/show_bug.cgi?id=1207507
* https://bugzilla.suse.com/show_bug.cgi?id=1207588
* https://bugzilla.suse.com/show_bug.cgi?id=1207589
* https://bugzilla.suse.com/show_bug.cgi?id=1207590
* https://bugzilla.suse.com/show_bug.cgi?id=1207591
* https://bugzilla.suse.com/show_bug.cgi?id=1207592
* https://bugzilla.suse.com/show_bug.cgi?id=1207593
* https://bugzilla.suse.com/show_bug.cgi?id=1207594
* https://bugzilla.suse.com/show_bug.cgi?id=1207602
* https://bugzilla.suse.com/show_bug.cgi?id=1207603
* https://bugzilla.suse.com/show_bug.cgi?id=1207605
* https://bugzilla.suse.com/show_bug.cgi?id=1207606
* https://bugzilla.suse.com/show_bug.cgi?id=1207607
* https://bugzilla.suse.com/show_bug.cgi?id=1207608
* https://bugzilla.suse.com/show_bug.cgi?id=1207609
* https://bugzilla.suse.com/show_bug.cgi?id=1207610
* https://bugzilla.suse.com/show_bug.cgi?id=1207611
* https://bugzilla.suse.com/show_bug.cgi?id=1207612
* https://bugzilla.suse.com/show_bug.cgi?id=1207613
* https://bugzilla.suse.com/show_bug.cgi?id=1207614
* https://bugzilla.suse.com/show_bug.cgi?id=1207615
* https://bugzilla.suse.com/show_bug.cgi?id=1207616
* https://bugzilla.suse.com/show_bug.cgi?id=1207617
* https://bugzilla.suse.com/show_bug.cgi?id=1207618
* https://bugzilla.suse.com/show_bug.cgi?id=1207619
* https://bugzilla.suse.com/show_bug.cgi?id=1207620
* https://bugzilla.suse.com/show_bug.cgi?id=1207621
* https://bugzilla.suse.com/show_bug.cgi?id=1207622
* https://bugzilla.suse.com/show_bug.cgi?id=1207623
* https://bugzilla.suse.com/show_bug.cgi?id=1207624
* https://bugzilla.suse.com/show_bug.cgi?id=1207625
* https://bugzilla.suse.com/show_bug.cgi?id=1207626
* https://bugzilla.suse.com/show_bug.cgi?id=1207627
* https://bugzilla.suse.com/show_bug.cgi?id=1207628
* https://bugzilla.suse.com/show_bug.cgi?id=1207629
* https://bugzilla.suse.com/show_bug.cgi?id=1207630
* https://bugzilla.suse.com/show_bug.cgi?id=1207631
* https://bugzilla.suse.com/show_bug.cgi?id=1207632
* https://bugzilla.suse.com/show_bug.cgi?id=1207633
* https://bugzilla.suse.com/show_bug.cgi?id=1207634
* https://bugzilla.suse.com/show_bug.cgi?id=1207635
* https://bugzilla.suse.com/show_bug.cgi?id=1207636
* https://bugzilla.suse.com/show_bug.cgi?id=1207637
* https://bugzilla.suse.com/show_bug.cgi?id=1207638
* https://bugzilla.suse.com/show_bug.cgi?id=1207639
* https://bugzilla.suse.com/show_bug.cgi?id=1207640
* https://bugzilla.suse.com/show_bug.cgi?id=1207641
* https://bugzilla.suse.com/show_bug.cgi?id=1207642
* https://bugzilla.suse.com/show_bug.cgi?id=1207643
* https://bugzilla.suse.com/show_bug.cgi?id=1207644
* https://bugzilla.suse.com/show_bug.cgi?id=1207645
* https://bugzilla.suse.com/show_bug.cgi?id=1207646
* https://bugzilla.suse.com/show_bug.cgi?id=1207647
* https://bugzilla.suse.com/show_bug.cgi?id=1207648
* https://bugzilla.suse.com/show_bug.cgi?id=1207649
* https://bugzilla.suse.com/show_bug.cgi?id=1207650
* https://bugzilla.suse.com/show_bug.cgi?id=1207651
* https://bugzilla.suse.com/show_bug.cgi?id=1207652
* https://bugzilla.suse.com/show_bug.cgi?id=1207653
* https://bugzilla.suse.com/show_bug.cgi?id=1207734
* https://bugzilla.suse.com/show_bug.cgi?id=1207768
* https://bugzilla.suse.com/show_bug.cgi?id=1207769
* https://bugzilla.suse.com/show_bug.cgi?id=1207770
* https://bugzilla.suse.com/show_bug.cgi?id=1207771
* https://bugzilla.suse.com/show_bug.cgi?id=1207773
* https://bugzilla.suse.com/show_bug.cgi?id=1207795
* https://bugzilla.suse.com/show_bug.cgi?id=1207842
* https://bugzilla.suse.com/show_bug.cgi?id=1207875
* https://bugzilla.suse.com/show_bug.cgi?id=1207878
* https://bugzilla.suse.com/show_bug.cgi?id=1207933
* https://bugzilla.suse.com/show_bug.cgi?id=1208030
* https://bugzilla.suse.com/show_bug.cgi?id=1208044
* https://bugzilla.suse.com/show_bug.cgi?id=1208085
* https://bugzilla.suse.com/show_bug.cgi?id=1208149
* https://bugzilla.suse.com/show_bug.cgi?id=1208153
* https://bugzilla.suse.com/show_bug.cgi?id=1208183
* https://bugzilla.suse.com/show_bug.cgi?id=1208428
* https://bugzilla.suse.com/show_bug.cgi?id=1208429
* https://jira.suse.com/browse/PED-3210
* https://jira.suse.com/browse/SLE-21132