SUSE 5129 Published by

SUSE Linux has issued multiple security updates, which encompass rubygem-puma, unbound, etcd, libarchive, libnss_slurm, python310-pytest-html, haproxy, libnss, and php8:

SUSE-SU-2024:3644-1: moderate: Security update for rubygem-puma
SUSE-SU-2024:3643-1: important: Security update for the Linux Kernel (Live Patch 19 for SLE 15 SP4)
SUSE-SU-2024:3646-1: moderate: Security update for unbound
SUSE-SU-2024:3647-1: moderate: Security update for unbound
SUSE-SU-2024:3651-1: important: Security update for the Linux Kernel (Live Patch 42 for SLE 15 SP3)
SUSE-SU-2024:3652-1: important: Security update for the Linux Kernel (Live Patch 43 for SLE 15 SP3)
SUSE-SU-2024:3648-1: important: Security update for the Linux Kernel (Live Patch 41 for SLE 15 SP3)
SUSE-SU-2024:3656-1: moderate: Security update for etcd
SUSE-SU-2024:3655-1: important: Security update for the Linux Kernel (Live Patch 6 for SLE 15 SP5)
openSUSE-SU-2024:14404-1: moderate: libnss_slurm2-24.05.3-1.1 on GA media
openSUSE-SU-2024:14403-1: moderate: python310-pytest-html-4.1.1-2.1 on GA media
openSUSE-SU-2024:14402-1: moderate: haproxy-3.0.5+git0.8e879a52e-2.1 on GA media
SUSE-SU-2024:3675-1: important: Security update for libarchive
SUSE-SU-2024:3666-1: important: Security update for the Linux Kernel (Live Patch 0 for SLE 15 SP6)
SUSE-SU-2024:3670-1: important: Security update for the Linux Kernel (Live Patch 9 for SLE 15 SP5)
SUSE-SU-2024:3690-1: important: Security update for the Linux Kernel (Live Patch 40 for SLE 15 SP3)
SUSE-SU-2024:3685-1: important: Security update for the Linux Kernel (Live Patch 44 for SLE 15 SP3)
SUSE-SU-2024:3672-1: important: Security update for the Linux Kernel (Live Patch 27 for SLE 15 SP4)
SUSE-SU-2024:3679-1: important: Security update for the Linux Kernel (Live Patch 12 for SLE 15 SP5)
SUSE-SU-2024:3694-1: important: Security update for the Linux Kernel (Live Patch 10 for SLE 15 SP5)
SUSE-SU-2024:3680-1: important: Security update for the Linux Kernel (Live Patch 1 for SLE 15 SP6)
SUSE-SU-2024:3695-1: important: Security update for the Linux Kernel (Live Patch 24 for SLE 15 SP4)
SUSE-SU-2024:3696-1: important: Security update for the Linux Kernel (Live Patch 25 for SLE 15 SP4)
SUSE-SU-2024:3697-1: important: Security update for the Linux Kernel (Live Patch 11 for SLE 15 SP5)
SUSE-SU-2024:3701-1: important: Security update for the Linux Kernel (Live Patch 13 for SLE 15 SP5)
SUSE-SU-2024:3700-1: important: Security update for the Linux Kernel (Live Patch 26 for SLE 15 SP4)
SUSE-SU-2024:3702-1: important: Security update for the Linux Kernel (Live Patch 15 for SLE 15 SP5)
SUSE-SU-2024:3664-1: moderate: Security update for php8
SUSE-SU-2024:3661-1: important: Security update for the Linux Kernel (Live Patch 45 for SLE 15 SP3)




SUSE-SU-2024:3644-1: moderate: Security update for rubygem-puma


# Security update for rubygem-puma

Announcement ID: SUSE-SU-2024:3644-1
Release Date: 2024-10-16T06:55:19Z
Rating: moderate
References:

* bsc#1218638
* bsc#1230848

Cross-References:

* CVE-2024-21647
* CVE-2024-45614

CVSS scores:

* CVE-2024-21647 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2024-21647 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-45614 ( SUSE ): 6.3
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2024-45614 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
* CVE-2024-45614 ( NVD ): 5.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
* CVE-2024-45614 ( NVD ): 5.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N

Affected Products:

* openSUSE Leap 15.5
* SUSE Linux Enterprise High Availability Extension 15 SP2
* SUSE Linux Enterprise High Availability Extension 15 SP3
* SUSE Linux Enterprise High Availability Extension 15 SP4
* SUSE Linux Enterprise High Availability Extension 15 SP5
* SUSE Linux Enterprise High Performance Computing 15 SP2
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Server 15 SP2
* SUSE Linux Enterprise Server 15 SP2 Business Critical Linux 15-SP2
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server 15 SP3 Business Critical Linux 15-SP3
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP2
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Manager Proxy 4.1
* SUSE Manager Proxy 4.2
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.1
* SUSE Manager Retail Branch Server 4.2
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.1
* SUSE Manager Server 4.2
* SUSE Manager Server 4.3

An update that solves two vulnerabilities can now be installed.

## Description:

This update for rubygem-puma fixes the following issues:

* CVE-2024-45614: Prevent underscores from clobbering hyphen headers
(bsc#1230848).
* CVE-2024-21647: Fixed DoS when parsing chunked Transfer-Encoding bodies
(bsc#1218638).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2024-3644=1

* SUSE Linux Enterprise High Availability Extension 15 SP2
zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2024-3644=1

* SUSE Linux Enterprise High Availability Extension 15 SP3
zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2024-3644=1

* SUSE Linux Enterprise High Availability Extension 15 SP4
zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2024-3644=1

* SUSE Linux Enterprise High Availability Extension 15 SP5
zypper in -t patch SUSE-SLE-Product-HA-15-SP5-2024-3644=1

## Package List:

* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
* rubygem-puma-debugsource-4.3.12-150000.3.15.1
* ruby2.5-rubygem-puma-4.3.12-150000.3.15.1
* ruby2.5-rubygem-puma-doc-4.3.12-150000.3.15.1
* ruby2.5-rubygem-puma-debuginfo-4.3.12-150000.3.15.1
* SUSE Linux Enterprise High Availability Extension 15 SP2 (aarch64 ppc64le
s390x x86_64)
* ruby2.5-rubygem-puma-4.3.12-150000.3.15.1
* ruby2.5-rubygem-puma-debuginfo-4.3.12-150000.3.15.1
* SUSE Linux Enterprise High Availability Extension 15 SP3 (aarch64 ppc64le
s390x x86_64)
* rubygem-puma-debugsource-4.3.12-150000.3.15.1
* ruby2.5-rubygem-puma-4.3.12-150000.3.15.1
* ruby2.5-rubygem-puma-debuginfo-4.3.12-150000.3.15.1
* SUSE Linux Enterprise High Availability Extension 15 SP4 (aarch64 ppc64le
s390x x86_64)
* rubygem-puma-debugsource-4.3.12-150000.3.15.1
* ruby2.5-rubygem-puma-4.3.12-150000.3.15.1
* ruby2.5-rubygem-puma-debuginfo-4.3.12-150000.3.15.1
* SUSE Linux Enterprise High Availability Extension 15 SP5 (aarch64 ppc64le
s390x x86_64)
* rubygem-puma-debugsource-4.3.12-150000.3.15.1
* ruby2.5-rubygem-puma-4.3.12-150000.3.15.1
* ruby2.5-rubygem-puma-debuginfo-4.3.12-150000.3.15.1

## References:

* https://www.suse.com/security/cve/CVE-2024-21647.html
* https://www.suse.com/security/cve/CVE-2024-45614.html
* https://bugzilla.suse.com/show_bug.cgi?id=1218638
* https://bugzilla.suse.com/show_bug.cgi?id=1230848



SUSE-SU-2024:3643-1: important: Security update for the Linux Kernel (Live Patch 19 for SLE 15 SP4)


# Security update for the Linux Kernel (Live Patch 19 for SLE 15 SP4)

Announcement ID: SUSE-SU-2024:3643-1
Release Date: 2024-10-16T05:03:45Z
Rating: important
References:

* bsc#1225312
* bsc#1225739
* bsc#1226325
* bsc#1228573
* bsc#1228786

Cross-References:

* CVE-2024-35861
* CVE-2024-36899
* CVE-2024-36964
* CVE-2024-40954
* CVE-2024-41059

CVSS scores:

* CVE-2024-35861 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-36899 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-36964 ( SUSE ): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-40954 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-40954 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-41059 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-41059 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-41059 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Affected Products:

* openSUSE Leap 15.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise Live Patching 15-SP4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP4

An update that solves five vulnerabilities can now be installed.

## Description:

This update for the Linux Kernel 5.14.21-150400_24_92 fixes several issues.

The following security issues were fixed:

* CVE-2024-35861: Fixed potential UAF in cifs_signal_cifsd_for_reconnect()
(bsc#1225312).
* CVE-2024-36899: gpiolib: cdev: Fix use after free in lineinfo_changed_notify
(bsc#1225739).
* CVE-2024-40954: net: do not leave a dangling sk pointer, when socket
creation fails (bsc#1227808)
* CVE-2024-41059: hfsplus: fix uninit-value in copy_name (bsc#1228573).
* CVE-2024-36964: fs/9p: only translate RWX permissions for plain 9P2000
(bsc#1226325).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2024-3643=1

* SUSE Linux Enterprise Live Patching 15-SP4
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2024-3643=1

## Package List:

* openSUSE Leap 15.4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_92-default-debuginfo-13-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_19-debugsource-13-150400.2.1
* kernel-livepatch-5_14_21-150400_24_92-default-13-150400.2.1
* SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_92-default-debuginfo-13-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_19-debugsource-13-150400.2.1
* kernel-livepatch-5_14_21-150400_24_92-default-13-150400.2.1

## References:

* https://www.suse.com/security/cve/CVE-2024-35861.html
* https://www.suse.com/security/cve/CVE-2024-36899.html
* https://www.suse.com/security/cve/CVE-2024-36964.html
* https://www.suse.com/security/cve/CVE-2024-40954.html
* https://www.suse.com/security/cve/CVE-2024-41059.html
* https://bugzilla.suse.com/show_bug.cgi?id=1225312
* https://bugzilla.suse.com/show_bug.cgi?id=1225739
* https://bugzilla.suse.com/show_bug.cgi?id=1226325
* https://bugzilla.suse.com/show_bug.cgi?id=1228573
* https://bugzilla.suse.com/show_bug.cgi?id=1228786



SUSE-SU-2024:3646-1: moderate: Security update for unbound


# Security update for unbound

Announcement ID: SUSE-SU-2024:3646-1
Release Date: 2024-10-16T09:31:58Z
Rating: moderate
References:

* bsc#1231284

Cross-References:

* CVE-2024-8508

CVSS scores:

* CVE-2024-8508 ( SUSE ): 6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L
* CVE-2024-8508 ( SUSE ): 5.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
* CVE-2024-8508 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Affected Products:

* Basesystem Module 15-SP5
* openSUSE Leap 15.5
* SUSE Linux Enterprise Desktop 15 SP5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Package Hub 15 15-SP5

An update that solves one vulnerability can now be installed.

## Description:

This update for unbound fixes the following issues:

* CVE-2024-8508: Fixed unbounded name compression that could lead to denial of
service (bsc#1231284)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Package Hub 15 15-SP5
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2024-3646=1

* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2024-3646=1

* SUSE Linux Enterprise Micro 5.5
zypper in -t patch SUSE-SLE-Micro-5.5-2024-3646=1

* Basesystem Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2024-3646=1

## Package List:

* SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x x86_64)
* unbound-1.20.0-150100.10.19.1
* unbound-debugsource-1.20.0-150100.10.19.1
* unbound-python-1.20.0-150100.10.19.1
* unbound-python-debuginfo-1.20.0-150100.10.19.1
* unbound-debuginfo-1.20.0-150100.10.19.1
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
* unbound-devel-1.20.0-150100.10.19.1
* unbound-1.20.0-150100.10.19.1
* unbound-debugsource-1.20.0-150100.10.19.1
* unbound-python-1.20.0-150100.10.19.1
* libunbound8-1.20.0-150100.10.19.1
* unbound-python-debuginfo-1.20.0-150100.10.19.1
* unbound-debuginfo-1.20.0-150100.10.19.1
* libunbound8-debuginfo-1.20.0-150100.10.19.1
* unbound-anchor-1.20.0-150100.10.19.1
* unbound-anchor-debuginfo-1.20.0-150100.10.19.1
* openSUSE Leap 15.5 (noarch)
* unbound-munin-1.20.0-150100.10.19.1
* SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64)
* unbound-debugsource-1.20.0-150100.10.19.1
* libunbound8-1.20.0-150100.10.19.1
* unbound-debuginfo-1.20.0-150100.10.19.1
* libunbound8-debuginfo-1.20.0-150100.10.19.1
* unbound-anchor-1.20.0-150100.10.19.1
* Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* unbound-devel-1.20.0-150100.10.19.1
* unbound-debugsource-1.20.0-150100.10.19.1
* libunbound8-1.20.0-150100.10.19.1
* unbound-debuginfo-1.20.0-150100.10.19.1
* libunbound8-debuginfo-1.20.0-150100.10.19.1
* unbound-anchor-1.20.0-150100.10.19.1
* unbound-anchor-debuginfo-1.20.0-150100.10.19.1

## References:

* https://www.suse.com/security/cve/CVE-2024-8508.html
* https://bugzilla.suse.com/show_bug.cgi?id=1231284



SUSE-SU-2024:3647-1: moderate: Security update for unbound


# Security update for unbound

Announcement ID: SUSE-SU-2024:3647-1
Release Date: 2024-10-16T09:32:21Z
Rating: moderate
References:

* bsc#1231284

Cross-References:

* CVE-2024-8508

CVSS scores:

* CVE-2024-8508 ( SUSE ): 6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L
* CVE-2024-8508 ( SUSE ): 5.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
* CVE-2024-8508 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Affected Products:

* Basesystem Module 15-SP6
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Package Hub 15 15-SP6

An update that solves one vulnerability can now be installed.

## Description:

This update for unbound fixes the following issues:

* CVE-2024-8508: Fixed unbounded name compression that could lead to denial of
service (bsc#1231284)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2024-3647=1 openSUSE-SLE-15.6-2024-3647=1

* Basesystem Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2024-3647=1

* SUSE Package Hub 15 15-SP6
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2024-3647=1

## Package List:

* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
* libunbound-devel-mini-1.20.0-150600.23.9.1
* unbound-devel-1.20.0-150600.23.9.1
* libunbound-devel-mini-debuginfo-1.20.0-150600.23.9.1
* libunbound8-1.20.0-150600.23.9.1
* libunbound8-debuginfo-1.20.0-150600.23.9.1
* unbound-debugsource-1.20.0-150600.23.9.1
* unbound-debuginfo-1.20.0-150600.23.9.1
* unbound-anchor-1.20.0-150600.23.9.1
* libunbound-devel-mini-debugsource-1.20.0-150600.23.9.1
* unbound-1.20.0-150600.23.9.1
* unbound-anchor-debuginfo-1.20.0-150600.23.9.1
* unbound-python-debuginfo-1.20.0-150600.23.9.1
* unbound-python-1.20.0-150600.23.9.1
* openSUSE Leap 15.6 (noarch)
* unbound-munin-1.20.0-150600.23.9.1
* Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* unbound-devel-1.20.0-150600.23.9.1
* libunbound8-1.20.0-150600.23.9.1
* libunbound8-debuginfo-1.20.0-150600.23.9.1
* unbound-debugsource-1.20.0-150600.23.9.1
* unbound-debuginfo-1.20.0-150600.23.9.1
* unbound-anchor-1.20.0-150600.23.9.1
* unbound-anchor-debuginfo-1.20.0-150600.23.9.1
* SUSE Package Hub 15 15-SP6 (aarch64 ppc64le s390x x86_64)
* unbound-debugsource-1.20.0-150600.23.9.1
* unbound-debuginfo-1.20.0-150600.23.9.1
* unbound-1.20.0-150600.23.9.1
* unbound-python-debuginfo-1.20.0-150600.23.9.1
* unbound-python-1.20.0-150600.23.9.1

## References:

* https://www.suse.com/security/cve/CVE-2024-8508.html
* https://bugzilla.suse.com/show_bug.cgi?id=1231284



SUSE-SU-2024:3651-1: important: Security update for the Linux Kernel (Live Patch 42 for SLE 15 SP3)


# Security update for the Linux Kernel (Live Patch 42 for SLE 15 SP3)

Announcement ID: SUSE-SU-2024:3651-1
Release Date: 2024-10-16T10:04:05Z
Rating: important
References:

* bsc#1210619
* bsc#1218487
* bsc#1220145
* bsc#1220537
* bsc#1221302
* bsc#1222685
* bsc#1223059
* bsc#1223363
* bsc#1223514
* bsc#1223683
* bsc#1225013
* bsc#1225202
* bsc#1225211
* bsc#1225302
* bsc#1225310
* bsc#1225312
* bsc#1226325
* bsc#1227651
* bsc#1228573

Cross-References:

* CVE-2021-46955
* CVE-2021-47291
* CVE-2021-47378
* CVE-2021-47383
* CVE-2021-47402
* CVE-2022-48651
* CVE-2023-1829
* CVE-2023-6531
* CVE-2023-6546
* CVE-2024-23307
* CVE-2024-26610
* CVE-2024-26828
* CVE-2024-26852
* CVE-2024-26923
* CVE-2024-27398
* CVE-2024-35861
* CVE-2024-35950
* CVE-2024-36964
* CVE-2024-41059

CVSS scores:

* CVE-2021-46955 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2021-47291 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2021-47378 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2021-47383 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2021-47402 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2022-48651 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-1829 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-1829 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-6531 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-6531 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-6546 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-6546 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-6546 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-23307 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-23307 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-26610 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
* CVE-2024-26828 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H
* CVE-2024-26852 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-26923 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-27398 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35861 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35950 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-36964 ( SUSE ): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-41059 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-41059 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-41059 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Affected Products:

* openSUSE Leap 15.3
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise Live Patching 15-SP3
* SUSE Linux Enterprise Micro 5.1
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP3

An update that solves 19 vulnerabilities can now be installed.

## Description:

This update for the Linux Kernel 5.3.18-150300_59_153 fixes several issues.

The following security issues were fixed:

* CVE-2024-35861: Fixed potential UAF in cifs_signal_cifsd_for_reconnect()
(bsc#1225312).
* CVE-2021-47291: ipv6: fix another slab-out-of-bounds in
fib6_nh_flush_exceptions (bsc#1227651).
* CVE-2024-41059: hfsplus: fix uninit-value in copy_name (bsc#1228573).
* CVE-2024-36964: fs/9p: only translate RWX permissions for plain 9P2000
(bsc#1226325).
* CVE-2021-47402: Protect fl_walk() with rcu (bsc#1225301)
* CVE-2021-47378: Destroy cm id before destroy qp to avoid use after free
(bsc#1225202).
* CVE-2024-27398: Fixed use-after-free bugs caused by sco_sock_timeout
(bsc#1225013).
* CVE-2024-35950: drm/client: Fully protect modes with dev->mode_config.mutex
(bsc#1225310).
* CVE-2021-47383: Fixed out-of-bound vmalloc access in imageblit
(bsc#1225211).
* CVE-2024-26923: Fixed false-positive lockdep splat for spin_lock() in
__unix_gc() (bsc#1223683).
* CVE-2024-26828: Fixed underflow in parse_server_interfaces() (bsc#1223363).
* CVE-2021-46955: Fixed an out-of-bounds read with openvswitch, when
fragmenting IPv4 packets (bsc#1220537).
* CVE-2024-23307: Fixed Integer Overflow or Wraparound vulnerability in x86
and ARM md, raid, raid5 modules (bsc#1220145).
* CVE-2024-26852: Fixed use-after-free in ip6_route_mpath_notify()
(bsc#1223059).
* CVE-2024-26610: Fixed memory corruption in wifi/iwlwifi (bsc#1221302).
* CVE-2022-48651: Fixed an out-of-bound bug in ipvlan caused by unset
skb->mac_header (bsc#1223514).
* CVE-2023-6546: Fixed a race condition in the GSM 0710 tty multiplexor via
the GSMIOC_SETCONF ioctl that could lead to local privilege escalation
(bsc#1222685).
* CVE-2023-6531: Fixed a use-after-free flaw due to a race problem in the unix
garbage collector's deletion of SKB races with unix_stream_read_generic()on
the socket that the SKB is queued on (bsc#1218487).
* CVE-2023-1829: Fixed a use-after-free vulnerability in the control index
filter (tcindex) (bsc#1210619).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.3
zypper in -t patch SUSE-2024-3651=1

* SUSE Linux Enterprise Live Patching 15-SP3
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2024-3651=1

## Package List:

* openSUSE Leap 15.3 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP3_Update_42-debugsource-8-150300.7.6.1
* kernel-livepatch-5_3_18-150300_59_153-default-8-150300.7.6.1
* kernel-livepatch-5_3_18-150300_59_153-default-debuginfo-8-150300.7.6.1
* openSUSE Leap 15.3 (x86_64)
* kernel-livepatch-5_3_18-150300_59_153-preempt-debuginfo-8-150300.7.6.1
* kernel-livepatch-5_3_18-150300_59_153-preempt-8-150300.7.6.1
* SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64)
* kernel-livepatch-5_3_18-150300_59_153-default-8-150300.7.6.1

## References:

* https://www.suse.com/security/cve/CVE-2021-46955.html
* https://www.suse.com/security/cve/CVE-2021-47291.html
* https://www.suse.com/security/cve/CVE-2021-47378.html
* https://www.suse.com/security/cve/CVE-2021-47383.html
* https://www.suse.com/security/cve/CVE-2021-47402.html
* https://www.suse.com/security/cve/CVE-2022-48651.html
* https://www.suse.com/security/cve/CVE-2023-1829.html
* https://www.suse.com/security/cve/CVE-2023-6531.html
* https://www.suse.com/security/cve/CVE-2023-6546.html
* https://www.suse.com/security/cve/CVE-2024-23307.html
* https://www.suse.com/security/cve/CVE-2024-26610.html
* https://www.suse.com/security/cve/CVE-2024-26828.html
* https://www.suse.com/security/cve/CVE-2024-26852.html
* https://www.suse.com/security/cve/CVE-2024-26923.html
* https://www.suse.com/security/cve/CVE-2024-27398.html
* https://www.suse.com/security/cve/CVE-2024-35861.html
* https://www.suse.com/security/cve/CVE-2024-35950.html
* https://www.suse.com/security/cve/CVE-2024-36964.html
* https://www.suse.com/security/cve/CVE-2024-41059.html
* https://bugzilla.suse.com/show_bug.cgi?id=1210619
* https://bugzilla.suse.com/show_bug.cgi?id=1218487
* https://bugzilla.suse.com/show_bug.cgi?id=1220145
* https://bugzilla.suse.com/show_bug.cgi?id=1220537
* https://bugzilla.suse.com/show_bug.cgi?id=1221302
* https://bugzilla.suse.com/show_bug.cgi?id=1222685
* https://bugzilla.suse.com/show_bug.cgi?id=1223059
* https://bugzilla.suse.com/show_bug.cgi?id=1223363
* https://bugzilla.suse.com/show_bug.cgi?id=1223514
* https://bugzilla.suse.com/show_bug.cgi?id=1223683
* https://bugzilla.suse.com/show_bug.cgi?id=1225013
* https://bugzilla.suse.com/show_bug.cgi?id=1225202
* https://bugzilla.suse.com/show_bug.cgi?id=1225211
* https://bugzilla.suse.com/show_bug.cgi?id=1225302
* https://bugzilla.suse.com/show_bug.cgi?id=1225310
* https://bugzilla.suse.com/show_bug.cgi?id=1225312
* https://bugzilla.suse.com/show_bug.cgi?id=1226325
* https://bugzilla.suse.com/show_bug.cgi?id=1227651
* https://bugzilla.suse.com/show_bug.cgi?id=1228573



SUSE-SU-2024:3652-1: important: Security update for the Linux Kernel (Live Patch 43 for SLE 15 SP3)


# Security update for the Linux Kernel (Live Patch 43 for SLE 15 SP3)

Announcement ID: SUSE-SU-2024:3652-1
Release Date: 2024-10-16T10:04:15Z
Rating: important
References:

* bsc#1210619
* bsc#1220145
* bsc#1220537
* bsc#1221302
* bsc#1223059
* bsc#1223363
* bsc#1223514
* bsc#1223683
* bsc#1225013
* bsc#1225202
* bsc#1225211
* bsc#1225302
* bsc#1225310
* bsc#1225312
* bsc#1226325
* bsc#1227651
* bsc#1228573

Cross-References:

* CVE-2021-46955
* CVE-2021-47291
* CVE-2021-47378
* CVE-2021-47383
* CVE-2021-47402
* CVE-2022-48651
* CVE-2023-1829
* CVE-2024-23307
* CVE-2024-26610
* CVE-2024-26828
* CVE-2024-26852
* CVE-2024-26923
* CVE-2024-27398
* CVE-2024-35861
* CVE-2024-35950
* CVE-2024-36964
* CVE-2024-41059

CVSS scores:

* CVE-2021-46955 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2021-47291 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2021-47378 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2021-47383 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2021-47402 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2022-48651 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-1829 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-1829 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-23307 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-23307 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-26610 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
* CVE-2024-26828 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H
* CVE-2024-26852 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-26923 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-27398 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35861 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35950 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-36964 ( SUSE ): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-41059 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-41059 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-41059 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Affected Products:

* openSUSE Leap 15.3
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise Live Patching 15-SP3
* SUSE Linux Enterprise Micro 5.1
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP3

An update that solves 17 vulnerabilities can now be installed.

## Description:

This update for the Linux Kernel 5.3.18-150300_59_158 fixes several issues.

The following security issues were fixed:

* CVE-2024-35861: Fixed potential UAF in cifs_signal_cifsd_for_reconnect()
(bsc#1225312).
* CVE-2021-47291: ipv6: fix another slab-out-of-bounds in
fib6_nh_flush_exceptions (bsc#1227651).
* CVE-2024-41059: hfsplus: fix uninit-value in copy_name (bsc#1228573).
* CVE-2024-36964: fs/9p: only translate RWX permissions for plain 9P2000
(bsc#1226325).
* CVE-2021-47402: Protect fl_walk() with rcu (bsc#1225301)
* CVE-2021-47378: Destroy cm id before destroy qp to avoid use after free
(bsc#1225202).
* CVE-2024-27398: Fixed use-after-free bugs caused by sco_sock_timeout
(bsc#1225013).
* CVE-2024-35950: drm/client: Fully protect modes with dev->mode_config.mutex
(bsc#1225310).
* CVE-2021-47383: Fixed out-of-bound vmalloc access in imageblit
(bsc#1225211).
* CVE-2024-26923: Fixed false-positive lockdep splat for spin_lock() in
__unix_gc() (bsc#1223683).
* CVE-2024-26828: Fixed underflow in parse_server_interfaces() (bsc#1223363).
* CVE-2021-46955: Fixed an out-of-bounds read with openvswitch, when
fragmenting IPv4 packets (bsc#1220537).
* CVE-2024-23307: Fixed Integer Overflow or Wraparound vulnerability in x86
and ARM md, raid, raid5 modules (bsc#1220145).
* CVE-2024-26852: Fixed use-after-free in ip6_route_mpath_notify()
(bsc#1223059).
* CVE-2024-26610: Fixed memory corruption in wifi/iwlwifi (bsc#1221302).
* CVE-2022-48651: Fixed an out-of-bound bug in ipvlan caused by unset
skb->mac_header (bsc#1223514).
* CVE-2023-1829: Fixed a use-after-free vulnerability in the control index
filter (tcindex) (bsc#1210619).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.3
zypper in -t patch SUSE-2024-3652=1

* SUSE Linux Enterprise Live Patching 15-SP3
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2024-3652=1

## Package List:

* openSUSE Leap 15.3 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP3_Update_43-debugsource-7-150300.7.6.1
* kernel-livepatch-5_3_18-150300_59_158-default-7-150300.7.6.1
* kernel-livepatch-5_3_18-150300_59_158-default-debuginfo-7-150300.7.6.1
* openSUSE Leap 15.3 (x86_64)
* kernel-livepatch-5_3_18-150300_59_158-preempt-7-150300.7.6.1
* kernel-livepatch-5_3_18-150300_59_158-preempt-debuginfo-7-150300.7.6.1
* SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64)
* kernel-livepatch-5_3_18-150300_59_158-default-7-150300.7.6.1

## References:

* https://www.suse.com/security/cve/CVE-2021-46955.html
* https://www.suse.com/security/cve/CVE-2021-47291.html
* https://www.suse.com/security/cve/CVE-2021-47378.html
* https://www.suse.com/security/cve/CVE-2021-47383.html
* https://www.suse.com/security/cve/CVE-2021-47402.html
* https://www.suse.com/security/cve/CVE-2022-48651.html
* https://www.suse.com/security/cve/CVE-2023-1829.html
* https://www.suse.com/security/cve/CVE-2024-23307.html
* https://www.suse.com/security/cve/CVE-2024-26610.html
* https://www.suse.com/security/cve/CVE-2024-26828.html
* https://www.suse.com/security/cve/CVE-2024-26852.html
* https://www.suse.com/security/cve/CVE-2024-26923.html
* https://www.suse.com/security/cve/CVE-2024-27398.html
* https://www.suse.com/security/cve/CVE-2024-35861.html
* https://www.suse.com/security/cve/CVE-2024-35950.html
* https://www.suse.com/security/cve/CVE-2024-36964.html
* https://www.suse.com/security/cve/CVE-2024-41059.html
* https://bugzilla.suse.com/show_bug.cgi?id=1210619
* https://bugzilla.suse.com/show_bug.cgi?id=1220145
* https://bugzilla.suse.com/show_bug.cgi?id=1220537
* https://bugzilla.suse.com/show_bug.cgi?id=1221302
* https://bugzilla.suse.com/show_bug.cgi?id=1223059
* https://bugzilla.suse.com/show_bug.cgi?id=1223363
* https://bugzilla.suse.com/show_bug.cgi?id=1223514
* https://bugzilla.suse.com/show_bug.cgi?id=1223683
* https://bugzilla.suse.com/show_bug.cgi?id=1225013
* https://bugzilla.suse.com/show_bug.cgi?id=1225202
* https://bugzilla.suse.com/show_bug.cgi?id=1225211
* https://bugzilla.suse.com/show_bug.cgi?id=1225302
* https://bugzilla.suse.com/show_bug.cgi?id=1225310
* https://bugzilla.suse.com/show_bug.cgi?id=1225312
* https://bugzilla.suse.com/show_bug.cgi?id=1226325
* https://bugzilla.suse.com/show_bug.cgi?id=1227651
* https://bugzilla.suse.com/show_bug.cgi?id=1228573



SUSE-SU-2024:3648-1: important: Security update for the Linux Kernel (Live Patch 41 for SLE 15 SP3)


# Security update for the Linux Kernel (Live Patch 41 for SLE 15 SP3)

Announcement ID: SUSE-SU-2024:3648-1
Release Date: 2024-10-16T10:03:55Z
Rating: important
References:

* bsc#1225312
* bsc#1226325
* bsc#1227651
* bsc#1228573

Cross-References:

* CVE-2021-47291
* CVE-2024-35861
* CVE-2024-36964
* CVE-2024-41059

CVSS scores:

* CVE-2021-47291 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35861 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-36964 ( SUSE ): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-41059 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-41059 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-41059 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Affected Products:

* openSUSE Leap 15.3
* SUSE Linux Enterprise High Performance Computing 15 SP2
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise Live Patching 15-SP2
* SUSE Linux Enterprise Live Patching 15-SP3
* SUSE Linux Enterprise Micro 5.1
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Server 15 SP2
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP2
* SUSE Linux Enterprise Server for SAP Applications 15 SP3

An update that solves four vulnerabilities can now be installed.

## Description:

This update for the Linux Kernel 5.3.18-150300_59_150 fixes several issues.

The following security issues were fixed:

* CVE-2024-35861: Fixed potential UAF in cifs_signal_cifsd_for_reconnect()
(bsc#1225312).
* CVE-2021-47291: ipv6: fix another slab-out-of-bounds in
fib6_nh_flush_exceptions (bsc#1227651).
* CVE-2024-41059: hfsplus: fix uninit-value in copy_name (bsc#1228573).
* CVE-2024-36964: fs/9p: only translate RWX permissions for plain 9P2000
(bsc#1226325).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Linux Enterprise Live Patching 15-SP2
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2024-3648=1

* openSUSE Leap 15.3
zypper in -t patch SUSE-2024-3650=1

* SUSE Linux Enterprise Live Patching 15-SP3
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2024-3650=1

## Package List:

* SUSE Linux Enterprise Live Patching 15-SP2 (ppc64le s390x x86_64)
* kernel-livepatch-5_3_18-150200_24_166-default-debuginfo-14-150200.2.1
* kernel-livepatch-SLE15-SP2_Update_41-debugsource-14-150200.2.1
* kernel-livepatch-5_3_18-150200_24_166-default-14-150200.2.1
* openSUSE Leap 15.3 (ppc64le s390x x86_64)
* kernel-livepatch-5_3_18-150300_59_150-default-11-150300.2.1
* kernel-livepatch-5_3_18-150300_59_150-default-debuginfo-11-150300.2.1
* kernel-livepatch-SLE15-SP3_Update_41-debugsource-11-150300.2.1
* openSUSE Leap 15.3 (x86_64)
* kernel-livepatch-5_3_18-150300_59_150-preempt-11-150300.2.1
* kernel-livepatch-5_3_18-150300_59_150-preempt-debuginfo-11-150300.2.1
* SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64)
* kernel-livepatch-5_3_18-150300_59_150-default-11-150300.2.1

## References:

* https://www.suse.com/security/cve/CVE-2021-47291.html
* https://www.suse.com/security/cve/CVE-2024-35861.html
* https://www.suse.com/security/cve/CVE-2024-36964.html
* https://www.suse.com/security/cve/CVE-2024-41059.html
* https://bugzilla.suse.com/show_bug.cgi?id=1225312
* https://bugzilla.suse.com/show_bug.cgi?id=1226325
* https://bugzilla.suse.com/show_bug.cgi?id=1227651
* https://bugzilla.suse.com/show_bug.cgi?id=1228573



SUSE-SU-2024:3656-1: moderate: Security update for etcd


# Security update for etcd

Announcement ID: SUSE-SU-2024:3656-1
Release Date: 2024-10-16T11:33:45Z
Rating: moderate
References:

* bsc#1095184
* bsc#1118897
* bsc#1118898
* bsc#1118899
* bsc#1121850
* bsc#1174951
* bsc#1181400
* bsc#1183703
* bsc#1199031
* bsc#1208270
* bsc#1208297
* bsc#1210138
* bsc#1213229
* bsc#1217070
* bsc#1217950
* bsc#1218150

Cross-References:

* CVE-2018-16873
* CVE-2018-16874
* CVE-2018-16875
* CVE-2018-16886
* CVE-2020-15106
* CVE-2020-15112
* CVE-2021-28235
* CVE-2022-41723
* CVE-2023-29406
* CVE-2023-47108
* CVE-2023-48795

CVSS scores:

* CVE-2018-16873 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2018-16873 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2018-16873 ( NVD ): 8.1 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2018-16874 ( SUSE ): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
* CVE-2018-16874 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2018-16874 ( NVD ): 8.1 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2018-16875 ( SUSE ): 5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2018-16875 ( NVD ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2018-16886 ( SUSE ): 6.8 CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2018-16886 ( NVD ): 8.1 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2020-15106 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2020-15106 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2020-15112 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2020-15112 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2021-28235 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2021-28235 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2022-41723 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2022-41723 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-29406 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
* CVE-2023-29406 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
* CVE-2023-47108 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-47108 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-48795 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
* CVE-2023-48795 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Affected Products:

* openSUSE Leap 15.5
* openSUSE Leap 15.6

An update that solves 11 vulnerabilities and has five security fixes can now be
installed.

## Description:

This update for etcd fixes the following issues:

Update to version 3.5.12:

Security fixes:

* CVE-2018-16873: Fixed remote command execution in cmd/go (bsc#1118897)
* CVE-2018-16874: Fixed directory traversal in cmd/go (bsc#1118898)
* CVE-2018-16875: Fixed CPU denial of service in crypto/x509 (bsc#1118899)
* CVE-2018-16886: Fixed improper authentication issue when RBAC and client-
cert-auth is enabled (bsc#1121850)
* CVE-2020-15106: Fixed panic in decodeRecord method (bsc#1174951)
* CVE-2020-15112: Fixed improper checks in entry index (bsc#1174951)
* CVE-2021-28235: Fixed information discosure via debug function (bsc#1210138)
* CVE-2022-41723: Fixed quadratic complexity in HPACK decoding in net/http
(bsc#1208270, bsc#1208297)
* CVE-2023-29406: Fixed insufficient sanitization of Host header in go
net/http (bsc#1213229)
* CVE-2023-47108: Fixed DoS vulnerability in otelgrpc (bsc#1217070)
* CVE-2023-48795: Fixed prefix truncation breaking ssh channel integrity (aka
Terrapin Attack) in crypto/ssh (bsc#1217950, bsc#1218150)

Other changes:

* Added hardening to systemd service(s) (bsc#1181400)
* Fixed static /tmp file issue (bsc#1199031)
* Fixed systemd service not starting (bsc#1183703)

Full changelog:

https://github.com/etcd-io/etcd/compare/v3.3.1...v3.5.12

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2024-3656=1

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2024-3656=1

## Package List:

* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
* etcdctl-3.5.12-150000.7.6.1
* etcd-3.5.12-150000.7.6.1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* etcdctl-3.5.12-150000.7.6.1
* etcd-3.5.12-150000.7.6.1

## References:

* https://www.suse.com/security/cve/CVE-2018-16873.html
* https://www.suse.com/security/cve/CVE-2018-16874.html
* https://www.suse.com/security/cve/CVE-2018-16875.html
* https://www.suse.com/security/cve/CVE-2018-16886.html
* https://www.suse.com/security/cve/CVE-2020-15106.html
* https://www.suse.com/security/cve/CVE-2020-15112.html
* https://www.suse.com/security/cve/CVE-2021-28235.html
* https://www.suse.com/security/cve/CVE-2022-41723.html
* https://www.suse.com/security/cve/CVE-2023-29406.html
* https://www.suse.com/security/cve/CVE-2023-47108.html
* https://www.suse.com/security/cve/CVE-2023-48795.html
* https://bugzilla.suse.com/show_bug.cgi?id=1095184
* https://bugzilla.suse.com/show_bug.cgi?id=1118897
* https://bugzilla.suse.com/show_bug.cgi?id=1118898
* https://bugzilla.suse.com/show_bug.cgi?id=1118899
* https://bugzilla.suse.com/show_bug.cgi?id=1121850
* https://bugzilla.suse.com/show_bug.cgi?id=1174951
* https://bugzilla.suse.com/show_bug.cgi?id=1181400
* https://bugzilla.suse.com/show_bug.cgi?id=1183703
* https://bugzilla.suse.com/show_bug.cgi?id=1199031
* https://bugzilla.suse.com/show_bug.cgi?id=1208270
* https://bugzilla.suse.com/show_bug.cgi?id=1208297
* https://bugzilla.suse.com/show_bug.cgi?id=1210138
* https://bugzilla.suse.com/show_bug.cgi?id=1213229
* https://bugzilla.suse.com/show_bug.cgi?id=1217070
* https://bugzilla.suse.com/show_bug.cgi?id=1217950
* https://bugzilla.suse.com/show_bug.cgi?id=1218150



SUSE-SU-2024:3655-1: important: Security update for the Linux Kernel (Live Patch 6 for SLE 15 SP5)


# Security update for the Linux Kernel (Live Patch 6 for SLE 15 SP5)

Announcement ID: SUSE-SU-2024:3655-1
Release Date: 2024-10-16T11:33:28Z
Rating: important
References:

* bsc#1225312
* bsc#1225739
* bsc#1226325
* bsc#1228573
* bsc#1228786

Cross-References:

* CVE-2024-35861
* CVE-2024-36899
* CVE-2024-36964
* CVE-2024-40954
* CVE-2024-41059

CVSS scores:

* CVE-2024-35861 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-36899 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-36964 ( SUSE ): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-40954 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-40954 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-41059 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-41059 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-41059 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Affected Products:

* openSUSE Leap 15.5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Live Patching 15-SP5
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP5

An update that solves five vulnerabilities can now be installed.

## Description:

This update for the Linux Kernel 5.14.21-150500_55_31 fixes several issues.

The following security issues were fixed:

* CVE-2024-35861: Fixed potential UAF in cifs_signal_cifsd_for_reconnect()
(bsc#1225312).
* CVE-2024-36899: gpiolib: cdev: Fix use after free in lineinfo_changed_notify
(bsc#1225739).
* CVE-2024-40954: net: do not leave a dangling sk pointer, when socket
creation fails (bsc#1227808)
* CVE-2024-41059: hfsplus: fix uninit-value in copy_name (bsc#1228573).
* CVE-2024-36964: fs/9p: only translate RWX permissions for plain 9P2000
(bsc#1226325).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.5
zypper in -t patch SUSE-2024-3655=1

* SUSE Linux Enterprise Live Patching 15-SP5
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2024-3655=1

## Package List:

* openSUSE Leap 15.5 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP5_Update_6-debugsource-13-150500.2.1
* kernel-livepatch-5_14_21-150500_55_31-default-13-150500.2.1
* kernel-livepatch-5_14_21-150500_55_31-default-debuginfo-13-150500.2.1
* SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP5_Update_6-debugsource-13-150500.2.1
* kernel-livepatch-5_14_21-150500_55_31-default-13-150500.2.1
* kernel-livepatch-5_14_21-150500_55_31-default-debuginfo-13-150500.2.1

## References:

* https://www.suse.com/security/cve/CVE-2024-35861.html
* https://www.suse.com/security/cve/CVE-2024-36899.html
* https://www.suse.com/security/cve/CVE-2024-36964.html
* https://www.suse.com/security/cve/CVE-2024-40954.html
* https://www.suse.com/security/cve/CVE-2024-41059.html
* https://bugzilla.suse.com/show_bug.cgi?id=1225312
* https://bugzilla.suse.com/show_bug.cgi?id=1225739
* https://bugzilla.suse.com/show_bug.cgi?id=1226325
* https://bugzilla.suse.com/show_bug.cgi?id=1228573
* https://bugzilla.suse.com/show_bug.cgi?id=1228786



openSUSE-SU-2024:14404-1: moderate: libnss_slurm2-24.05.3-1.1 on GA media


# libnss_slurm2-24.05.3-1.1 on GA media

Announcement ID: openSUSE-SU-2024:14404-1
Rating: moderate

Cross-References:

* CVE-2024-42511

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the libnss_slurm2-24.05.3-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* libnss_slurm2 24.05.3-1.1
* libpmi0 24.05.3-1.1
* libslurm41 24.05.3-1.1
* perl-slurm 24.05.3-1.1
* slurm 24.05.3-1.1
* slurm-auth-none 24.05.3-1.1
* slurm-config 24.05.3-1.1
* slurm-config-man 24.05.3-1.1
* slurm-cray 24.05.3-1.1
* slurm-devel 24.05.3-1.1
* slurm-doc 24.05.3-1.1
* slurm-hdf5 24.05.3-1.1
* slurm-lua 24.05.3-1.1
* slurm-munge 24.05.3-1.1
* slurm-node 24.05.3-1.1
* slurm-openlava 24.05.3-1.1
* slurm-pam_slurm 24.05.3-1.1
* slurm-plugins 24.05.3-1.1
* slurm-rest 24.05.3-1.1
* slurm-seff 24.05.3-1.1
* slurm-sjstat 24.05.3-1.1
* slurm-slurmdbd 24.05.3-1.1
* slurm-sql 24.05.3-1.1
* slurm-sview 24.05.3-1.1
* slurm-testsuite 24.05.3-1.1
* slurm-torque 24.05.3-1.1
* slurm-webdoc 24.05.3-1.1

## References:

* https://www.suse.com/security/cve/CVE-2024-42511.html



openSUSE-SU-2024:14403-1: moderate: python310-pytest-html-4.1.1-2.1 on GA media


# python310-pytest-html-4.1.1-2.1 on GA media

Announcement ID: openSUSE-SU-2024:14403-1
Rating: moderate

Cross-References:

* CVE-2024-48949

CVSS scores:

* CVE-2024-48949 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
* CVE-2024-48949 ( SUSE ): 8.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the python310-pytest-html-4.1.1-2.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* python310-pytest-html 4.1.1-2.1
* python311-pytest-html 4.1.1-2.1
* python312-pytest-html 4.1.1-2.1

## References:

* https://www.suse.com/security/cve/CVE-2024-48949.html



openSUSE-SU-2024:14402-1: moderate: haproxy-3.0.5+git0.8e879a52e-2.1 on GA media


# haproxy-3.0.5+git0.8e879a52e-2.1 on GA media

Announcement ID: openSUSE-SU-2024:14402-1
Rating: moderate

Cross-References:

* CVE-2024-49214

CVSS scores:

* CVE-2024-49214 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the haproxy-3.0.5+git0.8e879a52e-2.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* haproxy 3.0.5+git0.8e879a52e-2.1

## References:

* https://www.suse.com/security/cve/CVE-2024-49214.html



SUSE-SU-2024:3675-1: important: Security update for libarchive


# Security update for libarchive

Announcement ID: SUSE-SU-2024:3675-1
Release Date: 2024-10-16T17:33:40Z
Rating: important
References:

* bsc#1231544

Cross-References:

* CVE-2024-48957

CVSS scores:

* CVE-2024-48957 ( SUSE ): 5.7
CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2024-48957 ( SUSE ): 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:H
* CVE-2024-48957 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2024-48957 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected Products:

* Basesystem Module 15-SP6
* Development Tools Module 15-SP6
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6

An update that solves one vulnerability can now be installed.

## Description:

This update for libarchive fixes the following issues:

* CVE-2024-48957: Fixed out-of-bounds access in execute_filter_audio in
archive_read_support_format_rar.c (bsc#1231544).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* Development Tools Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP6-2024-3675=1

* openSUSE Leap 15.6
zypper in -t patch SUSE-2024-3675=1 openSUSE-SLE-15.6-2024-3675=1

* Basesystem Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2024-3675=1

## Package List:

* Development Tools Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* bsdtar-debuginfo-3.7.2-150600.3.6.1
* libarchive-debugsource-3.7.2-150600.3.6.1
* bsdtar-3.7.2-150600.3.6.1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
* libarchive-devel-3.7.2-150600.3.6.1
* libarchive13-debuginfo-3.7.2-150600.3.6.1
* libarchive13-3.7.2-150600.3.6.1
* libarchive-debugsource-3.7.2-150600.3.6.1
* bsdtar-debuginfo-3.7.2-150600.3.6.1
* bsdtar-3.7.2-150600.3.6.1
* openSUSE Leap 15.6 (x86_64)
* libarchive13-32bit-debuginfo-3.7.2-150600.3.6.1
* libarchive13-32bit-3.7.2-150600.3.6.1
* openSUSE Leap 15.6 (aarch64_ilp32)
* libarchive13-64bit-debuginfo-3.7.2-150600.3.6.1
* libarchive13-64bit-3.7.2-150600.3.6.1
* Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* libarchive13-3.7.2-150600.3.6.1
* libarchive-devel-3.7.2-150600.3.6.1
* libarchive-debugsource-3.7.2-150600.3.6.1
* libarchive13-debuginfo-3.7.2-150600.3.6.1

## References:

* https://www.suse.com/security/cve/CVE-2024-48957.html
* https://bugzilla.suse.com/show_bug.cgi?id=1231544



SUSE-SU-2024:3666-1: important: Security update for the Linux Kernel (Live Patch 0 for SLE 15 SP6)


# Security update for the Linux Kernel (Live Patch 0 for SLE 15 SP6)

Announcement ID: SUSE-SU-2024:3666-1
Release Date: 2024-10-16T16:03:40Z
Rating: important
References:

* bsc#1225099
* bsc#1225312
* bsc#1225313
* bsc#1225739
* bsc#1226325
* bsc#1228786

Cross-References:

* CVE-2023-52846
* CVE-2024-35817
* CVE-2024-35861
* CVE-2024-36899
* CVE-2024-36964
* CVE-2024-40954

CVSS scores:

* CVE-2023-52846 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35817 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35861 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-36899 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-36964 ( SUSE ): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-40954 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-40954 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.6
* SUSE Linux Enterprise Live Patching 15-SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6

An update that solves six vulnerabilities can now be installed.

## Description:

This update for the Linux Kernel 6.4.0-150600_21 fixes several issues.

The following security issues were fixed:

* CVE-2023-52846: hsr: Prevent use after free in prp_create_tagged_frame()
(bsc#1225099).
* CVE-2024-35817: Set gtt bound flag in amdgpu_ttm_gart_bind (bsc#1225313).
* CVE-2024-35861: Fixed potential UAF in cifs_signal_cifsd_for_reconnect()
(bsc#1225312).
* CVE-2024-36899: gpiolib: cdev: Fix use after free in lineinfo_changed_notify
(bsc#1225739).
* CVE-2024-36964: fs/9p: only translate RWX permissions for plain 9P2000
(bsc#1226325).
* CVE-2024-40954: net: do not leave a dangling sk pointer, when socket
creation fails (bsc#1227808)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2024-3666=1

* SUSE Linux Enterprise Live Patching 15-SP6
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2024-3666=1

## Package List:

* openSUSE Leap 15.6 (ppc64le s390x x86_64)
* kernel-livepatch-6_4_0-150600_21-default-5-150600.1.1
* kernel-livepatch-6_4_0-150600_21-default-debuginfo-5-150600.1.1
* kernel-livepatch-SLE15-SP6_Update_0-debugsource-5-150600.1.1
* SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x x86_64)
* kernel-livepatch-6_4_0-150600_21-default-5-150600.1.1
* kernel-livepatch-6_4_0-150600_21-default-debuginfo-5-150600.1.1
* kernel-livepatch-SLE15-SP6_Update_0-debugsource-5-150600.1.1

## References:

* https://www.suse.com/security/cve/CVE-2023-52846.html
* https://www.suse.com/security/cve/CVE-2024-35817.html
* https://www.suse.com/security/cve/CVE-2024-35861.html
* https://www.suse.com/security/cve/CVE-2024-36899.html
* https://www.suse.com/security/cve/CVE-2024-36964.html
* https://www.suse.com/security/cve/CVE-2024-40954.html
* https://bugzilla.suse.com/show_bug.cgi?id=1225099
* https://bugzilla.suse.com/show_bug.cgi?id=1225312
* https://bugzilla.suse.com/show_bug.cgi?id=1225313
* https://bugzilla.suse.com/show_bug.cgi?id=1225739
* https://bugzilla.suse.com/show_bug.cgi?id=1226325
* https://bugzilla.suse.com/show_bug.cgi?id=1228786



SUSE-SU-2024:3670-1: important: Security update for the Linux Kernel (Live Patch 9 for SLE 15 SP5)


# Security update for the Linux Kernel (Live Patch 9 for SLE 15 SP5)

Announcement ID: SUSE-SU-2024:3670-1
Release Date: 2024-10-16T19:33:39Z
Rating: important
References:

* bsc#1225312
* bsc#1225739
* bsc#1226325
* bsc#1228573
* bsc#1228786

Cross-References:

* CVE-2024-35861
* CVE-2024-36899
* CVE-2024-36964
* CVE-2024-40954
* CVE-2024-41059

CVSS scores:

* CVE-2024-35861 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-36899 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-36964 ( SUSE ): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-40954 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-40954 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-41059 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-41059 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-41059 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Affected Products:

* openSUSE Leap 15.4
* openSUSE Leap 15.5
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Live Patching 15-SP4
* SUSE Linux Enterprise Live Patching 15-SP5
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5

An update that solves five vulnerabilities can now be installed.

## Description:

This update for the Linux Kernel 5.14.21-150500_55_44 fixes several issues.

The following security issues were fixed:

* CVE-2024-35861: Fixed potential UAF in cifs_signal_cifsd_for_reconnect()
(bsc#1225312).
* CVE-2024-36899: gpiolib: cdev: Fix use after free in lineinfo_changed_notify
(bsc#1225739).
* CVE-2024-40954: net: do not leave a dangling sk pointer, when socket
creation fails (bsc#1227808)
* CVE-2024-41059: hfsplus: fix uninit-value in copy_name (bsc#1228573).
* CVE-2024-36964: fs/9p: only translate RWX permissions for plain 9P2000
(bsc#1226325).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2024-3670=1 SUSE-2024-3699=1 SUSE-2024-3671=1

* SUSE Linux Enterprise Live Patching 15-SP4
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2024-3670=1 SUSE-SLE-
Module-Live-Patching-15-SP4-2024-3699=1 SUSE-SLE-Module-Live-
Patching-15-SP4-2024-3671=1

* openSUSE Leap 15.5
zypper in -t patch SUSE-2024-3689=1 SUSE-2024-3673=1 SUSE-2024-3688=1

* SUSE Linux Enterprise Live Patching 15-SP5
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2024-3689=1 SUSE-SLE-
Module-Live-Patching-15-SP5-2024-3673=1 SUSE-SLE-Module-Live-
Patching-15-SP5-2024-3688=1

## Package List:

* openSUSE Leap 15.4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_97-default-12-150400.2.1
* kernel-livepatch-5_14_21-150400_24_103-default-debuginfo-10-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_22-debugsource-10-150400.2.1
* kernel-livepatch-5_14_21-150400_24_103-default-10-150400.2.1
* kernel-livepatch-5_14_21-150400_24_97-default-debuginfo-12-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_21-debugsource-12-150400.2.1
* kernel-livepatch-5_14_21-150400_24_100-default-12-150400.2.1
* kernel-livepatch-5_14_21-150400_24_100-default-debuginfo-12-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_20-debugsource-12-150400.2.1
* SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_97-default-12-150400.2.1
* kernel-livepatch-5_14_21-150400_24_103-default-debuginfo-10-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_22-debugsource-10-150400.2.1
* kernel-livepatch-5_14_21-150400_24_103-default-10-150400.2.1
* kernel-livepatch-5_14_21-150400_24_97-default-debuginfo-12-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_21-debugsource-12-150400.2.1
* kernel-livepatch-5_14_21-150400_24_100-default-12-150400.2.1
* kernel-livepatch-5_14_21-150400_24_100-default-debuginfo-12-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_20-debugsource-12-150400.2.1
* openSUSE Leap 15.5 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150500_55_28-default-debuginfo-14-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_5-debugsource-14-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_8-debugsource-12-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_9-debugsource-11-150500.2.1
* kernel-livepatch-5_14_21-150500_55_44-default-debuginfo-11-150500.2.1
* kernel-livepatch-5_14_21-150500_55_39-default-debuginfo-12-150500.2.1
* kernel-livepatch-5_14_21-150500_55_39-default-12-150500.2.1
* kernel-livepatch-5_14_21-150500_55_44-default-11-150500.2.1
* kernel-livepatch-5_14_21-150500_55_28-default-14-150500.2.1
* SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150500_55_28-default-debuginfo-14-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_5-debugsource-14-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_8-debugsource-12-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_9-debugsource-11-150500.2.1
* kernel-livepatch-5_14_21-150500_55_44-default-debuginfo-11-150500.2.1
* kernel-livepatch-5_14_21-150500_55_39-default-debuginfo-12-150500.2.1
* kernel-livepatch-5_14_21-150500_55_39-default-12-150500.2.1
* kernel-livepatch-5_14_21-150500_55_44-default-11-150500.2.1
* kernel-livepatch-5_14_21-150500_55_28-default-14-150500.2.1

## References:

* https://www.suse.com/security/cve/CVE-2024-35861.html
* https://www.suse.com/security/cve/CVE-2024-36899.html
* https://www.suse.com/security/cve/CVE-2024-36964.html
* https://www.suse.com/security/cve/CVE-2024-40954.html
* https://www.suse.com/security/cve/CVE-2024-41059.html
* https://bugzilla.suse.com/show_bug.cgi?id=1225312
* https://bugzilla.suse.com/show_bug.cgi?id=1225739
* https://bugzilla.suse.com/show_bug.cgi?id=1226325
* https://bugzilla.suse.com/show_bug.cgi?id=1228573
* https://bugzilla.suse.com/show_bug.cgi?id=1228786



SUSE-SU-2024:3690-1: important: Security update for the Linux Kernel (Live Patch 40 for SLE 15 SP3)


# Security update for the Linux Kernel (Live Patch 40 for SLE 15 SP3)

Announcement ID: SUSE-SU-2024:3690-1
Release Date: 2024-10-16T19:04:01Z
Rating: important
References:

* bsc#1225312
* bsc#1226325
* bsc#1227651
* bsc#1228573

Cross-References:

* CVE-2021-47291
* CVE-2024-35861
* CVE-2024-36964
* CVE-2024-41059

CVSS scores:

* CVE-2021-47291 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35861 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-36964 ( SUSE ): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-41059 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-41059 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-41059 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Affected Products:

* openSUSE Leap 15.3
* SUSE Linux Enterprise High Performance Computing 15 SP2
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise Live Patching 15-SP2
* SUSE Linux Enterprise Live Patching 15-SP3
* SUSE Linux Enterprise Micro 5.1
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Server 15 SP2
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP2
* SUSE Linux Enterprise Server for SAP Applications 15 SP3

An update that solves four vulnerabilities can now be installed.

## Description:

This update for the Linux Kernel 5.3.18-150300_59_147 fixes several issues.

The following security issues were fixed:

* CVE-2024-35861: Fixed potential UAF in cifs_signal_cifsd_for_reconnect()
(bsc#1225312).
* CVE-2021-47291: ipv6: fix another slab-out-of-bounds in
fib6_nh_flush_exceptions (bsc#1227651).
* CVE-2024-41059: hfsplus: fix uninit-value in copy_name (bsc#1228573).
* CVE-2024-36964: fs/9p: only translate RWX permissions for plain 9P2000
(bsc#1226325).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Linux Enterprise Live Patching 15-SP2
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2024-3684=1 SUSE-SLE-
Module-Live-Patching-15-SP2-2024-3691=1 SUSE-SLE-Module-Live-
Patching-15-SP2-2024-3667=1 SUSE-SLE-Module-Live-Patching-15-SP2-2024-3690=1

* openSUSE Leap 15.3
zypper in -t patch SUSE-2024-3692=1 SUSE-2024-3668=1 SUSE-2024-3677=1
SUSE-2024-3686=1 SUSE-2024-3693=1

* SUSE Linux Enterprise Live Patching 15-SP3
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2024-3692=1 SUSE-SLE-
Module-Live-Patching-15-SP3-2024-3668=1 SUSE-SLE-Module-Live-
Patching-15-SP3-2024-3677=1 SUSE-SLE-Module-Live-Patching-15-SP3-2024-3686=1
SUSE-SLE-Module-Live-Patching-15-SP3-2024-3693=1

## Package List:

* SUSE Linux Enterprise Live Patching 15-SP2 (ppc64le s390x x86_64)
* kernel-livepatch-5_3_18-150200_24_163-default-14-150200.2.1
* kernel-livepatch-SLE15-SP2_Update_43-debugsource-12-150200.2.1
* kernel-livepatch-SLE15-SP2_Update_44-debugsource-13-150200.2.1
* kernel-livepatch-5_3_18-150200_24_172-default-12-150200.2.1
* kernel-livepatch-5_3_18-150200_24_172-default-debuginfo-12-150200.2.1
* kernel-livepatch-5_3_18-150200_24_175-default-debuginfo-13-150200.2.1
* kernel-livepatch-SLE15-SP2_Update_40-debugsource-14-150200.2.1
* kernel-livepatch-5_3_18-150200_24_163-default-debuginfo-14-150200.2.1
* kernel-livepatch-SLE15-SP2_Update_42-debugsource-14-150200.2.1
* kernel-livepatch-5_3_18-150200_24_169-default-debuginfo-14-150200.2.1
* kernel-livepatch-5_3_18-150200_24_175-default-13-150200.2.1
* kernel-livepatch-5_3_18-150200_24_169-default-14-150200.2.1
* openSUSE Leap 15.3 (ppc64le s390x x86_64)
* kernel-livepatch-5_3_18-150300_59_144-default-debuginfo-12-150300.2.1
* kernel-livepatch-5_3_18-150300_59_138-default-14-150300.2.1
* kernel-livepatch-5_3_18-150300_59_133-default-debuginfo-14-150300.2.1
* kernel-livepatch-SLE15-SP3_Update_39-debugsource-12-150300.2.1
* kernel-livepatch-SLE15-SP3_Update_38-debugsource-13-150300.2.1
* kernel-livepatch-5_3_18-150300_59_144-default-12-150300.2.1
* kernel-livepatch-5_3_18-150300_59_147-default-12-150300.2.1
* kernel-livepatch-SLE15-SP3_Update_36-debugsource-14-150300.2.1
* kernel-livepatch-SLE15-SP3_Update_37-debugsource-14-150300.2.1
* kernel-livepatch-5_3_18-150300_59_147-default-debuginfo-12-150300.2.1
* kernel-livepatch-5_3_18-150300_59_138-default-debuginfo-14-150300.2.1
* kernel-livepatch-5_3_18-150300_59_141-default-13-150300.2.1
* kernel-livepatch-5_3_18-150300_59_141-default-debuginfo-13-150300.2.1
* kernel-livepatch-SLE15-SP3_Update_40-debugsource-12-150300.2.1
* kernel-livepatch-5_3_18-150300_59_133-default-14-150300.2.1
* openSUSE Leap 15.3 (x86_64)
* kernel-livepatch-5_3_18-150300_59_133-preempt-14-150300.2.1
* kernel-livepatch-5_3_18-150300_59_141-preempt-debuginfo-13-150300.2.1
* kernel-livepatch-5_3_18-150300_59_138-preempt-debuginfo-14-150300.2.1
* kernel-livepatch-5_3_18-150300_59_133-preempt-debuginfo-14-150300.2.1
* kernel-livepatch-5_3_18-150300_59_144-preempt-debuginfo-12-150300.2.1
* kernel-livepatch-5_3_18-150300_59_141-preempt-13-150300.2.1
* kernel-livepatch-5_3_18-150300_59_144-preempt-12-150300.2.1
* kernel-livepatch-5_3_18-150300_59_147-preempt-12-150300.2.1
* kernel-livepatch-5_3_18-150300_59_147-preempt-debuginfo-12-150300.2.1
* kernel-livepatch-5_3_18-150300_59_138-preempt-14-150300.2.1
* SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64)
* kernel-livepatch-5_3_18-150300_59_138-default-14-150300.2.1
* kernel-livepatch-5_3_18-150300_59_144-default-12-150300.2.1
* kernel-livepatch-5_3_18-150300_59_147-default-12-150300.2.1
* kernel-livepatch-5_3_18-150300_59_141-default-13-150300.2.1
* kernel-livepatch-5_3_18-150300_59_133-default-14-150300.2.1

## References:

* https://www.suse.com/security/cve/CVE-2021-47291.html
* https://www.suse.com/security/cve/CVE-2024-35861.html
* https://www.suse.com/security/cve/CVE-2024-36964.html
* https://www.suse.com/security/cve/CVE-2024-41059.html
* https://bugzilla.suse.com/show_bug.cgi?id=1225312
* https://bugzilla.suse.com/show_bug.cgi?id=1226325
* https://bugzilla.suse.com/show_bug.cgi?id=1227651
* https://bugzilla.suse.com/show_bug.cgi?id=1228573



SUSE-SU-2024:3685-1: important: Security update for the Linux Kernel (Live Patch 44 for SLE 15 SP3)


# Security update for the Linux Kernel (Live Patch 44 for SLE 15 SP3)

Announcement ID: SUSE-SU-2024:3685-1
Release Date: 2024-10-16T18:04:02Z
Rating: important
References:

* bsc#1210619
* bsc#1223363
* bsc#1223683
* bsc#1225013
* bsc#1225202
* bsc#1225211
* bsc#1225302
* bsc#1225310
* bsc#1225312
* bsc#1226325
* bsc#1227651
* bsc#1228573

Cross-References:

* CVE-2021-47291
* CVE-2021-47378
* CVE-2021-47383
* CVE-2021-47402
* CVE-2023-1829
* CVE-2024-26828
* CVE-2024-26923
* CVE-2024-27398
* CVE-2024-35861
* CVE-2024-35950
* CVE-2024-36964
* CVE-2024-41059

CVSS scores:

* CVE-2021-47291 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2021-47378 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2021-47383 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2021-47402 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-1829 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-1829 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-26828 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H
* CVE-2024-26923 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-27398 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35861 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35950 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-36964 ( SUSE ): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-41059 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-41059 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-41059 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Affected Products:

* openSUSE Leap 15.3
* SUSE Linux Enterprise High Performance Computing 15 SP2
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise Live Patching 15-SP2
* SUSE Linux Enterprise Live Patching 15-SP3
* SUSE Linux Enterprise Micro 5.1
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Server 15 SP2
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP2
* SUSE Linux Enterprise Server for SAP Applications 15 SP3

An update that solves 12 vulnerabilities can now be installed.

## Description:

This update for the Linux Kernel 5.3.18-150300_59_161 fixes several issues.

The following security issues were fixed:

* CVE-2024-35861: Fixed potential UAF in cifs_signal_cifsd_for_reconnect()
(bsc#1225312).
* CVE-2021-47291: ipv6: fix another slab-out-of-bounds in
fib6_nh_flush_exceptions (bsc#1227651).
* CVE-2024-41059: hfsplus: fix uninit-value in copy_name (bsc#1228573).
* CVE-2024-36964: fs/9p: only translate RWX permissions for plain 9P2000
(bsc#1226325).
* CVE-2021-47402: Protect fl_walk() with rcu (bsc#1225301)
* CVE-2021-47378: Destroy cm id before destroy qp to avoid use after free
(bsc#1225202).
* CVE-2024-27398: Fixed use-after-free bugs caused by sco_sock_timeout
(bsc#1225013).
* CVE-2024-35950: drm/client: Fully protect modes with dev->mode_config.mutex
(bsc#1225310).
* CVE-2021-47383: Fixed out-of-bound vmalloc access in imageblit
(bsc#1225211).
* CVE-2024-26923: Fixed false-positive lockdep splat for spin_lock() in
__unix_gc() (bsc#1223683).
* CVE-2024-26828: Fixed underflow in parse_server_interfaces() (bsc#1223363).
* CVE-2023-1829: Fixed a use-after-free vulnerability in the control index
filter (tcindex) (bsc#1210619).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Linux Enterprise Live Patching 15-SP2
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2024-3685=1

* openSUSE Leap 15.3
zypper in -t patch SUSE-2024-3669=1

* SUSE Linux Enterprise Live Patching 15-SP3
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2024-3669=1

## Package List:

* SUSE Linux Enterprise Live Patching 15-SP2 (ppc64le s390x x86_64)
* kernel-livepatch-5_3_18-150200_24_191-default-6-150200.5.6.1
* kernel-livepatch-5_3_18-150200_24_191-default-debuginfo-6-150200.5.6.1
* kernel-livepatch-SLE15-SP2_Update_48-debugsource-6-150200.5.6.1
* openSUSE Leap 15.3 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP3_Update_44-debugsource-6-150300.7.6.1
* kernel-livepatch-5_3_18-150300_59_161-default-debuginfo-6-150300.7.6.1
* kernel-livepatch-5_3_18-150300_59_161-default-6-150300.7.6.1
* openSUSE Leap 15.3 (x86_64)
* kernel-livepatch-5_3_18-150300_59_161-preempt-6-150300.7.6.1
* kernel-livepatch-5_3_18-150300_59_161-preempt-debuginfo-6-150300.7.6.1
* SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64)
* kernel-livepatch-5_3_18-150300_59_161-default-6-150300.7.6.1

## References:

* https://www.suse.com/security/cve/CVE-2021-47291.html
* https://www.suse.com/security/cve/CVE-2021-47378.html
* https://www.suse.com/security/cve/CVE-2021-47383.html
* https://www.suse.com/security/cve/CVE-2021-47402.html
* https://www.suse.com/security/cve/CVE-2023-1829.html
* https://www.suse.com/security/cve/CVE-2024-26828.html
* https://www.suse.com/security/cve/CVE-2024-26923.html
* https://www.suse.com/security/cve/CVE-2024-27398.html
* https://www.suse.com/security/cve/CVE-2024-35861.html
* https://www.suse.com/security/cve/CVE-2024-35950.html
* https://www.suse.com/security/cve/CVE-2024-36964.html
* https://www.suse.com/security/cve/CVE-2024-41059.html
* https://bugzilla.suse.com/show_bug.cgi?id=1210619
* https://bugzilla.suse.com/show_bug.cgi?id=1223363
* https://bugzilla.suse.com/show_bug.cgi?id=1223683
* https://bugzilla.suse.com/show_bug.cgi?id=1225013
* https://bugzilla.suse.com/show_bug.cgi?id=1225202
* https://bugzilla.suse.com/show_bug.cgi?id=1225211
* https://bugzilla.suse.com/show_bug.cgi?id=1225302
* https://bugzilla.suse.com/show_bug.cgi?id=1225310
* https://bugzilla.suse.com/show_bug.cgi?id=1225312
* https://bugzilla.suse.com/show_bug.cgi?id=1226325
* https://bugzilla.suse.com/show_bug.cgi?id=1227651
* https://bugzilla.suse.com/show_bug.cgi?id=1228573



SUSE-SU-2024:3672-1: important: Security update for the Linux Kernel (Live Patch 27 for SLE 15 SP4)


# Security update for the Linux Kernel (Live Patch 27 for SLE 15 SP4)

Announcement ID: SUSE-SU-2024:3672-1
Release Date: 2024-10-16T16:34:16Z
Rating: important
References:

* bsc#1223683
* bsc#1225099
* bsc#1225310
* bsc#1225312
* bsc#1225739
* bsc#1226325
* bsc#1228573
* bsc#1228786

Cross-References:

* CVE-2023-52846
* CVE-2024-26923
* CVE-2024-35861
* CVE-2024-35950
* CVE-2024-36899
* CVE-2024-36964
* CVE-2024-40954
* CVE-2024-41059

CVSS scores:

* CVE-2023-52846 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-26923 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35861 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35950 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-36899 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-36964 ( SUSE ): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-40954 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-40954 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-41059 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-41059 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-41059 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Affected Products:

* openSUSE Leap 15.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise Live Patching 15-SP4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP4

An update that solves eight vulnerabilities can now be installed.

## Description:

This update for the Linux Kernel 5.14.21-150400_24_122 fixes several issues.

The following security issues were fixed:

* CVE-2024-35861: Fixed potential UAF in cifs_signal_cifsd_for_reconnect()
(bsc#1225312).
* CVE-2024-36899: gpiolib: cdev: Fix use after free in lineinfo_changed_notify
(bsc#1225739).
* CVE-2024-40954: net: do not leave a dangling sk pointer, when socket
creation fails (bsc#1227808)
* CVE-2024-41059: hfsplus: fix uninit-value in copy_name (bsc#1228573).
* CVE-2024-36964: fs/9p: only translate RWX permissions for plain 9P2000
(bsc#1226325).
* CVE-2023-52846: hsr: Prevent use after free in prp_create_tagged_frame()
(bsc#1225099).
* CVE-2024-26923: Fixed false-positive lockdep splat for spin_lock() in
__unix_gc() (bsc#1223683).
* CVE-2024-35950: drm/client: Fully protect modes with dev->mode_config.mutex
(bsc#1225310).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2024-3672=1

* SUSE Linux Enterprise Live Patching 15-SP4
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2024-3672=1

## Package List:

* openSUSE Leap 15.4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_122-default-debuginfo-4-150400.9.6.1
* kernel-livepatch-SLE15-SP4_Update_27-debugsource-4-150400.9.6.1
* kernel-livepatch-5_14_21-150400_24_122-default-4-150400.9.6.1
* SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_122-default-debuginfo-4-150400.9.6.1
* kernel-livepatch-SLE15-SP4_Update_27-debugsource-4-150400.9.6.1
* kernel-livepatch-5_14_21-150400_24_122-default-4-150400.9.6.1

## References:

* https://www.suse.com/security/cve/CVE-2023-52846.html
* https://www.suse.com/security/cve/CVE-2024-26923.html
* https://www.suse.com/security/cve/CVE-2024-35861.html
* https://www.suse.com/security/cve/CVE-2024-35950.html
* https://www.suse.com/security/cve/CVE-2024-36899.html
* https://www.suse.com/security/cve/CVE-2024-36964.html
* https://www.suse.com/security/cve/CVE-2024-40954.html
* https://www.suse.com/security/cve/CVE-2024-41059.html
* https://bugzilla.suse.com/show_bug.cgi?id=1223683
* https://bugzilla.suse.com/show_bug.cgi?id=1225099
* https://bugzilla.suse.com/show_bug.cgi?id=1225310
* https://bugzilla.suse.com/show_bug.cgi?id=1225312
* https://bugzilla.suse.com/show_bug.cgi?id=1225739
* https://bugzilla.suse.com/show_bug.cgi?id=1226325
* https://bugzilla.suse.com/show_bug.cgi?id=1228573
* https://bugzilla.suse.com/show_bug.cgi?id=1228786



SUSE-SU-2024:3679-1: important: Security update for the Linux Kernel (Live Patch 12 for SLE 15 SP5)


# Security update for the Linux Kernel (Live Patch 12 for SLE 15 SP5)

Announcement ID: SUSE-SU-2024:3679-1
Release Date: 2024-10-16T17:34:15Z
Rating: important
References:

* bsc#1221302
* bsc#1223059
* bsc#1223363
* bsc#1223514
* bsc#1223521
* bsc#1223683
* bsc#1225013
* bsc#1225099
* bsc#1225310
* bsc#1225312
* bsc#1225739
* bsc#1226325
* bsc#1228573
* bsc#1228786

Cross-References:

* CVE-2022-48651
* CVE-2022-48662
* CVE-2023-52846
* CVE-2024-26610
* CVE-2024-26828
* CVE-2024-26852
* CVE-2024-26923
* CVE-2024-27398
* CVE-2024-35861
* CVE-2024-35950
* CVE-2024-36899
* CVE-2024-36964
* CVE-2024-40954
* CVE-2024-41059

CVSS scores:

* CVE-2022-48651 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2022-48662 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2022-48662 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-52846 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-26610 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
* CVE-2024-26828 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H
* CVE-2024-26852 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-26923 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-27398 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35861 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35950 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-36899 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-36964 ( SUSE ): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-40954 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-40954 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-41059 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-41059 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-41059 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Affected Products:

* openSUSE Leap 15.5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Live Patching 15-SP5
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP5

An update that solves 14 vulnerabilities can now be installed.

## Description:

This update for the Linux Kernel 5.14.21-150500_55_59 fixes several issues.

The following security issues were fixed:

* CVE-2024-35861: Fixed potential UAF in cifs_signal_cifsd_for_reconnect()
(bsc#1225312).
* CVE-2024-36899: gpiolib: cdev: Fix use after free in lineinfo_changed_notify
(bsc#1225739).
* CVE-2024-40954: net: do not leave a dangling sk pointer, when socket
creation fails (bsc#1227808)
* CVE-2024-41059: hfsplus: fix uninit-value in copy_name (bsc#1228573).
* CVE-2024-36964: fs/9p: only translate RWX permissions for plain 9P2000
(bsc#1226325).
* CVE-2023-52846: hsr: Prevent use after free in prp_create_tagged_frame()
(bsc#1225099).
* CVE-2022-48662: Fixed a general protection fault (GPF) in
i915_perf_open_ioctl (bsc#1223521).
* CVE-2024-27398: Fixed use-after-free bugs caused by sco_sock_timeout
(bsc#1225013).
* CVE-2024-35950: drm/client: Fully protect modes with dev->mode_config.mutex
(bsc#1225310).
* CVE-2024-26923: Fixed false-positive lockdep splat for spin_lock() in
__unix_gc() (bsc#1223683).
* CVE-2024-26828: Fixed underflow in parse_server_interfaces() (bsc#1223363).
* CVE-2024-26852: Fixed use-after-free in ip6_route_mpath_notify()
(bsc#1223059).
* CVE-2024-26610: Fixed memory corruption in wifi/iwlwifi (bsc#1221302).
* CVE-2022-48651: Fixed an out-of-bound bug in ipvlan caused by unset
skb->mac_header (bsc#1223514).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.5
zypper in -t patch SUSE-2024-3679=1

* SUSE Linux Enterprise Live Patching 15-SP5
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2024-3679=1

## Package List:

* openSUSE Leap 15.5 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150500_55_59-default-7-150500.11.10.1
* kernel-livepatch-5_14_21-150500_55_59-default-debuginfo-7-150500.11.10.1
* kernel-livepatch-SLE15-SP5_Update_12-debugsource-7-150500.11.10.1
* SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150500_55_59-default-7-150500.11.10.1
* kernel-livepatch-5_14_21-150500_55_59-default-debuginfo-7-150500.11.10.1
* kernel-livepatch-SLE15-SP5_Update_12-debugsource-7-150500.11.10.1

## References:

* https://www.suse.com/security/cve/CVE-2022-48651.html
* https://www.suse.com/security/cve/CVE-2022-48662.html
* https://www.suse.com/security/cve/CVE-2023-52846.html
* https://www.suse.com/security/cve/CVE-2024-26610.html
* https://www.suse.com/security/cve/CVE-2024-26828.html
* https://www.suse.com/security/cve/CVE-2024-26852.html
* https://www.suse.com/security/cve/CVE-2024-26923.html
* https://www.suse.com/security/cve/CVE-2024-27398.html
* https://www.suse.com/security/cve/CVE-2024-35861.html
* https://www.suse.com/security/cve/CVE-2024-35950.html
* https://www.suse.com/security/cve/CVE-2024-36899.html
* https://www.suse.com/security/cve/CVE-2024-36964.html
* https://www.suse.com/security/cve/CVE-2024-40954.html
* https://www.suse.com/security/cve/CVE-2024-41059.html
* https://bugzilla.suse.com/show_bug.cgi?id=1221302
* https://bugzilla.suse.com/show_bug.cgi?id=1223059
* https://bugzilla.suse.com/show_bug.cgi?id=1223363
* https://bugzilla.suse.com/show_bug.cgi?id=1223514
* https://bugzilla.suse.com/show_bug.cgi?id=1223521
* https://bugzilla.suse.com/show_bug.cgi?id=1223683
* https://bugzilla.suse.com/show_bug.cgi?id=1225013
* https://bugzilla.suse.com/show_bug.cgi?id=1225099
* https://bugzilla.suse.com/show_bug.cgi?id=1225310
* https://bugzilla.suse.com/show_bug.cgi?id=1225312
* https://bugzilla.suse.com/show_bug.cgi?id=1225739
* https://bugzilla.suse.com/show_bug.cgi?id=1226325
* https://bugzilla.suse.com/show_bug.cgi?id=1228573
* https://bugzilla.suse.com/show_bug.cgi?id=1228786



SUSE-SU-2024:3694-1: important: Security update for the Linux Kernel (Live Patch 10 for SLE 15 SP5)


# Security update for the Linux Kernel (Live Patch 10 for SLE 15 SP5)

Announcement ID: SUSE-SU-2024:3694-1
Release Date: 2024-10-16T19:04:10Z
Rating: important
References:

* bsc#1219296
* bsc#1220145
* bsc#1220211
* bsc#1220828
* bsc#1220832
* bsc#1221302
* bsc#1222685
* bsc#1222882
* bsc#1223059
* bsc#1223363
* bsc#1223514
* bsc#1223521
* bsc#1223681
* bsc#1223683
* bsc#1225013
* bsc#1225099
* bsc#1225310
* bsc#1225312
* bsc#1225313
* bsc#1225739
* bsc#1226325
* bsc#1228573
* bsc#1228786

Cross-References:

* CVE-2022-48651
* CVE-2022-48662
* CVE-2023-52340
* CVE-2023-52502
* CVE-2023-52846
* CVE-2023-6546
* CVE-2024-23307
* CVE-2024-26585
* CVE-2024-26610
* CVE-2024-26622
* CVE-2024-26766
* CVE-2024-26828
* CVE-2024-26852
* CVE-2024-26923
* CVE-2024-26930
* CVE-2024-27398
* CVE-2024-35817
* CVE-2024-35861
* CVE-2024-35950
* CVE-2024-36899
* CVE-2024-36964
* CVE-2024-40954
* CVE-2024-41059

CVSS scores:

* CVE-2022-48651 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2022-48662 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2022-48662 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-52340 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52340 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52502 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-52846 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-6546 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-6546 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-6546 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-23307 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-23307 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-26585 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-26585 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-26610 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
* CVE-2024-26622 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-26766 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-26828 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H
* CVE-2024-26852 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-26923 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-26930 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-26930 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-27398 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35817 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35861 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35950 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-36899 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-36964 ( SUSE ): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-40954 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-40954 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-41059 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-41059 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-41059 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Affected Products:

* openSUSE Leap 15.4
* openSUSE Leap 15.5
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Live Patching 15-SP4
* SUSE Linux Enterprise Live Patching 15-SP5
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5

An update that solves 23 vulnerabilities can now be installed.

## Description:

This update for the Linux Kernel 5.14.21-150500_55_49 fixes several issues.

The following security issues were fixed:

* CVE-2024-35861: Fixed potential UAF in cifs_signal_cifsd_for_reconnect()
(bsc#1225312).
* CVE-2024-36899: gpiolib: cdev: Fix use after free in lineinfo_changed_notify
(bsc#1225739).
* CVE-2024-40954: net: do not leave a dangling sk pointer, when socket
creation fails (bsc#1227808)
* CVE-2024-41059: hfsplus: fix uninit-value in copy_name (bsc#1228573).
* CVE-2024-36964: fs/9p: only translate RWX permissions for plain 9P2000
(bsc#1226325).
* CVE-2023-52846: hsr: Prevent use after free in prp_create_tagged_frame()
(bsc#1225099).
* CVE-2022-48662: Fixed a general protection fault (GPF) in
i915_perf_open_ioctl (bsc#1223521).
* CVE-2024-35817: Set gtt bound flag in amdgpu_ttm_gart_bind (bsc#1225313).
* CVE-2024-27398: Fixed use-after-free bugs caused by sco_sock_timeout
(bsc#1225013).
* CVE-2024-35950: drm/client: Fully protect modes with dev->mode_config.mutex
(bsc#1225310).
* CVE-2024-26923: Fixed false-positive lockdep splat for spin_lock() in
__unix_gc() (bsc#1223683).
* CVE-2024-26930: Fixed double free of the ha->vp_map pointer (bsc#1223681).
* CVE-2024-26828: Fixed underflow in parse_server_interfaces() (bsc#1223363).
* CVE-2024-23307: Fixed Integer Overflow or Wraparound vulnerability in x86
and ARM md, raid, raid5 modules (bsc#1220145).
* CVE-2024-26852: Fixed use-after-free in ip6_route_mpath_notify()
(bsc#1223059).
* CVE-2024-26610: Fixed memory corruption in wifi/iwlwifi (bsc#1221302).
* CVE-2022-48651: Fixed an out-of-bound bug in ipvlan caused by unset
skb->mac_header (bsc#1223514).
* CVE-2024-26766: Fixed SDMA off-by-one error in _pad_sdma_tx_descs()
(bsc#1222882).
* CVE-2023-52502: Fixed a race condition in nfc_llcp_sock_get() and
nfc_llcp_sock_get_sn() (bsc#1220832).
* CVE-2024-26585: Fixed race between tx work scheduling and socket close
(bsc#1220211).
* CVE-2023-6546: Fixed a race condition in the GSM 0710 tty multiplexor via
the GSMIOC_SETCONF ioctl that could lead to local privilege escalation
(bsc#1222685).
* CVE-2024-26622: Fixed UAF write bug in tomoyo_write_control() (bsc#1220828).
* CVE-2023-52340: Fixed a denial of service related to ICMPv6 'Packet Too Big'
packets (bsc#1219296).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2024-3694=1

* SUSE Linux Enterprise Live Patching 15-SP4
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2024-3694=1

* openSUSE Leap 15.5
zypper in -t patch SUSE-2024-3678=1

* SUSE Linux Enterprise Live Patching 15-SP5
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2024-3678=1

## Package List:

* openSUSE Leap 15.4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_108-default-debuginfo-9-150400.9.8.1
* kernel-livepatch-SLE15-SP4_Update_23-debugsource-9-150400.9.8.1
* kernel-livepatch-5_14_21-150400_24_108-default-9-150400.9.8.1
* SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_108-default-debuginfo-9-150400.9.8.1
* kernel-livepatch-SLE15-SP4_Update_23-debugsource-9-150400.9.8.1
* kernel-livepatch-5_14_21-150400_24_108-default-9-150400.9.8.1
* openSUSE Leap 15.5 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150500_55_49-default-9-150500.11.8.1
* kernel-livepatch-SLE15-SP5_Update_10-debugsource-9-150500.11.8.1
* kernel-livepatch-5_14_21-150500_55_49-default-debuginfo-9-150500.11.8.1
* SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150500_55_49-default-9-150500.11.8.1
* kernel-livepatch-SLE15-SP5_Update_10-debugsource-9-150500.11.8.1
* kernel-livepatch-5_14_21-150500_55_49-default-debuginfo-9-150500.11.8.1

## References:

* https://www.suse.com/security/cve/CVE-2022-48651.html
* https://www.suse.com/security/cve/CVE-2022-48662.html
* https://www.suse.com/security/cve/CVE-2023-52340.html
* https://www.suse.com/security/cve/CVE-2023-52502.html
* https://www.suse.com/security/cve/CVE-2023-52846.html
* https://www.suse.com/security/cve/CVE-2023-6546.html
* https://www.suse.com/security/cve/CVE-2024-23307.html
* https://www.suse.com/security/cve/CVE-2024-26585.html
* https://www.suse.com/security/cve/CVE-2024-26610.html
* https://www.suse.com/security/cve/CVE-2024-26622.html
* https://www.suse.com/security/cve/CVE-2024-26766.html
* https://www.suse.com/security/cve/CVE-2024-26828.html
* https://www.suse.com/security/cve/CVE-2024-26852.html
* https://www.suse.com/security/cve/CVE-2024-26923.html
* https://www.suse.com/security/cve/CVE-2024-26930.html
* https://www.suse.com/security/cve/CVE-2024-27398.html
* https://www.suse.com/security/cve/CVE-2024-35817.html
* https://www.suse.com/security/cve/CVE-2024-35861.html
* https://www.suse.com/security/cve/CVE-2024-35950.html
* https://www.suse.com/security/cve/CVE-2024-36899.html
* https://www.suse.com/security/cve/CVE-2024-36964.html
* https://www.suse.com/security/cve/CVE-2024-40954.html
* https://www.suse.com/security/cve/CVE-2024-41059.html
* https://bugzilla.suse.com/show_bug.cgi?id=1219296
* https://bugzilla.suse.com/show_bug.cgi?id=1220145
* https://bugzilla.suse.com/show_bug.cgi?id=1220211
* https://bugzilla.suse.com/show_bug.cgi?id=1220828
* https://bugzilla.suse.com/show_bug.cgi?id=1220832
* https://bugzilla.suse.com/show_bug.cgi?id=1221302
* https://bugzilla.suse.com/show_bug.cgi?id=1222685
* https://bugzilla.suse.com/show_bug.cgi?id=1222882
* https://bugzilla.suse.com/show_bug.cgi?id=1223059
* https://bugzilla.suse.com/show_bug.cgi?id=1223363
* https://bugzilla.suse.com/show_bug.cgi?id=1223514
* https://bugzilla.suse.com/show_bug.cgi?id=1223521
* https://bugzilla.suse.com/show_bug.cgi?id=1223681
* https://bugzilla.suse.com/show_bug.cgi?id=1223683
* https://bugzilla.suse.com/show_bug.cgi?id=1225013
* https://bugzilla.suse.com/show_bug.cgi?id=1225099
* https://bugzilla.suse.com/show_bug.cgi?id=1225310
* https://bugzilla.suse.com/show_bug.cgi?id=1225312
* https://bugzilla.suse.com/show_bug.cgi?id=1225313
* https://bugzilla.suse.com/show_bug.cgi?id=1225739
* https://bugzilla.suse.com/show_bug.cgi?id=1226325
* https://bugzilla.suse.com/show_bug.cgi?id=1228573
* https://bugzilla.suse.com/show_bug.cgi?id=1228786



SUSE-SU-2024:3680-1: important: Security update for the Linux Kernel (Live Patch 1 for SLE 15 SP6)


# Security update for the Linux Kernel (Live Patch 1 for SLE 15 SP6)

Announcement ID: SUSE-SU-2024:3680-1
Release Date: 2024-10-16T17:34:24Z
Rating: important
References:

* bsc#1225739
* bsc#1228786

Cross-References:

* CVE-2024-36899
* CVE-2024-40954

CVSS scores:

* CVE-2024-36899 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-40954 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-40954 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.6
* SUSE Linux Enterprise Live Patching 15-SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6

An update that solves two vulnerabilities can now be installed.

## Description:

This update for the Linux Kernel 6.4.0-150600_23_7 fixes several issues.

The following security issues were fixed:

* CVE-2024-36899: gpiolib: cdev: Fix use after free in lineinfo_changed_notify
(bsc#1225739).
* CVE-2024-40954: net: do not leave a dangling sk pointer, when socket
creation fails (bsc#1227808)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2024-3680=1

* SUSE Linux Enterprise Live Patching 15-SP6
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2024-3680=1

## Package List:

* openSUSE Leap 15.6 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP6_Update_1-debugsource-3-150600.13.6.1
* kernel-livepatch-6_4_0-150600_23_7-default-debuginfo-3-150600.13.6.1
* kernel-livepatch-6_4_0-150600_23_7-default-3-150600.13.6.1
* SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP6_Update_1-debugsource-3-150600.13.6.1
* kernel-livepatch-6_4_0-150600_23_7-default-debuginfo-3-150600.13.6.1
* kernel-livepatch-6_4_0-150600_23_7-default-3-150600.13.6.1

## References:

* https://www.suse.com/security/cve/CVE-2024-36899.html
* https://www.suse.com/security/cve/CVE-2024-40954.html
* https://bugzilla.suse.com/show_bug.cgi?id=1225739
* https://bugzilla.suse.com/show_bug.cgi?id=1228786



SUSE-SU-2024:3695-1: important: Security update for the Linux Kernel (Live Patch 24 for SLE 15 SP4)


# Security update for the Linux Kernel (Live Patch 24 for SLE 15 SP4)

Announcement ID: SUSE-SU-2024:3695-1
Release Date: 2024-10-16T19:04:20Z
Rating: important
References:

* bsc#1220145
* bsc#1220832
* bsc#1221302
* bsc#1222685
* bsc#1222882
* bsc#1223059
* bsc#1223363
* bsc#1223514
* bsc#1223521
* bsc#1223681
* bsc#1223683
* bsc#1225013
* bsc#1225099
* bsc#1225310
* bsc#1225312
* bsc#1225313
* bsc#1225739
* bsc#1226325
* bsc#1228573
* bsc#1228786

Cross-References:

* CVE-2022-48651
* CVE-2022-48662
* CVE-2023-52502
* CVE-2023-52846
* CVE-2023-6546
* CVE-2024-23307
* CVE-2024-26610
* CVE-2024-26766
* CVE-2024-26828
* CVE-2024-26852
* CVE-2024-26923
* CVE-2024-26930
* CVE-2024-27398
* CVE-2024-35817
* CVE-2024-35861
* CVE-2024-35950
* CVE-2024-36899
* CVE-2024-36964
* CVE-2024-40954
* CVE-2024-41059

CVSS scores:

* CVE-2022-48651 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2022-48662 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2022-48662 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-52502 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-52846 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-6546 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-6546 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-6546 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-23307 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-23307 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-26610 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
* CVE-2024-26766 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-26828 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H
* CVE-2024-26852 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-26923 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-26930 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-26930 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-27398 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35817 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35861 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35950 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-36899 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-36964 ( SUSE ): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-40954 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-40954 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-41059 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-41059 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-41059 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Affected Products:

* openSUSE Leap 15.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise Live Patching 15-SP4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP4

An update that solves 20 vulnerabilities can now be installed.

## Description:

This update for the Linux Kernel 5.14.21-150400_24_111 fixes several issues.

The following security issues were fixed:

* CVE-2024-35861: Fixed potential UAF in cifs_signal_cifsd_for_reconnect()
(bsc#1225312).
* CVE-2024-36899: gpiolib: cdev: Fix use after free in lineinfo_changed_notify
(bsc#1225739).
* CVE-2024-40954: net: do not leave a dangling sk pointer, when socket
creation fails (bsc#1227808)
* CVE-2024-41059: hfsplus: fix uninit-value in copy_name (bsc#1228573).
* CVE-2024-36964: fs/9p: only translate RWX permissions for plain 9P2000
(bsc#1226325).
* CVE-2023-52846: hsr: Prevent use after free in prp_create_tagged_frame()
(bsc#1225099).
* CVE-2022-48662: Fixed a general protection fault (GPF) in
i915_perf_open_ioctl (bsc#1223521).
* CVE-2024-35817: Set gtt bound flag in amdgpu_ttm_gart_bind (bsc#1225313).
* CVE-2024-27398: Fixed use-after-free bugs caused by sco_sock_timeout
(bsc#1225013).
* CVE-2024-35950: drm/client: Fully protect modes with dev->mode_config.mutex
(bsc#1225310).
* CVE-2024-26923: Fixed false-positive lockdep splat for spin_lock() in
__unix_gc() (bsc#1223683).
* CVE-2024-26930: Fixed double free of the ha->vp_map pointer (bsc#1223681).
* CVE-2024-26828: Fixed underflow in parse_server_interfaces() (bsc#1223363).
* CVE-2024-23307: Fixed Integer Overflow or Wraparound vulnerability in x86
and ARM md, raid, raid5 modules (bsc#1220145).
* CVE-2024-26852: Fixed use-after-free in ip6_route_mpath_notify()
(bsc#1223059).
* CVE-2024-26610: Fixed memory corruption in wifi/iwlwifi (bsc#1221302).
* CVE-2022-48651: Fixed an out-of-bound bug in ipvlan caused by unset
skb->mac_header (bsc#1223514).
* CVE-2024-26766: Fixed SDMA off-by-one error in _pad_sdma_tx_descs()
(bsc#1222882).
* CVE-2023-52502: Fixed a race condition in nfc_llcp_sock_get() and
nfc_llcp_sock_get_sn() (bsc#1220832).
* CVE-2023-6546: Fixed a race condition in the GSM 0710 tty multiplexor via
the GSMIOC_SETCONF ioctl that could lead to local privilege escalation
(bsc#1222685).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2024-3695=1

* SUSE Linux Enterprise Live Patching 15-SP4
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2024-3695=1

## Package List:

* openSUSE Leap 15.4 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP4_Update_24-debugsource-7-150400.9.6.1
* kernel-livepatch-5_14_21-150400_24_111-default-debuginfo-7-150400.9.6.1
* kernel-livepatch-5_14_21-150400_24_111-default-7-150400.9.6.1
* SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP4_Update_24-debugsource-7-150400.9.6.1
* kernel-livepatch-5_14_21-150400_24_111-default-debuginfo-7-150400.9.6.1
* kernel-livepatch-5_14_21-150400_24_111-default-7-150400.9.6.1

## References:

* https://www.suse.com/security/cve/CVE-2022-48651.html
* https://www.suse.com/security/cve/CVE-2022-48662.html
* https://www.suse.com/security/cve/CVE-2023-52502.html
* https://www.suse.com/security/cve/CVE-2023-52846.html
* https://www.suse.com/security/cve/CVE-2023-6546.html
* https://www.suse.com/security/cve/CVE-2024-23307.html
* https://www.suse.com/security/cve/CVE-2024-26610.html
* https://www.suse.com/security/cve/CVE-2024-26766.html
* https://www.suse.com/security/cve/CVE-2024-26828.html
* https://www.suse.com/security/cve/CVE-2024-26852.html
* https://www.suse.com/security/cve/CVE-2024-26923.html
* https://www.suse.com/security/cve/CVE-2024-26930.html
* https://www.suse.com/security/cve/CVE-2024-27398.html
* https://www.suse.com/security/cve/CVE-2024-35817.html
* https://www.suse.com/security/cve/CVE-2024-35861.html
* https://www.suse.com/security/cve/CVE-2024-35950.html
* https://www.suse.com/security/cve/CVE-2024-36899.html
* https://www.suse.com/security/cve/CVE-2024-36964.html
* https://www.suse.com/security/cve/CVE-2024-40954.html
* https://www.suse.com/security/cve/CVE-2024-41059.html
* https://bugzilla.suse.com/show_bug.cgi?id=1220145
* https://bugzilla.suse.com/show_bug.cgi?id=1220832
* https://bugzilla.suse.com/show_bug.cgi?id=1221302
* https://bugzilla.suse.com/show_bug.cgi?id=1222685
* https://bugzilla.suse.com/show_bug.cgi?id=1222882
* https://bugzilla.suse.com/show_bug.cgi?id=1223059
* https://bugzilla.suse.com/show_bug.cgi?id=1223363
* https://bugzilla.suse.com/show_bug.cgi?id=1223514
* https://bugzilla.suse.com/show_bug.cgi?id=1223521
* https://bugzilla.suse.com/show_bug.cgi?id=1223681
* https://bugzilla.suse.com/show_bug.cgi?id=1223683
* https://bugzilla.suse.com/show_bug.cgi?id=1225013
* https://bugzilla.suse.com/show_bug.cgi?id=1225099
* https://bugzilla.suse.com/show_bug.cgi?id=1225310
* https://bugzilla.suse.com/show_bug.cgi?id=1225312
* https://bugzilla.suse.com/show_bug.cgi?id=1225313
* https://bugzilla.suse.com/show_bug.cgi?id=1225739
* https://bugzilla.suse.com/show_bug.cgi?id=1226325
* https://bugzilla.suse.com/show_bug.cgi?id=1228573
* https://bugzilla.suse.com/show_bug.cgi?id=1228786



SUSE-SU-2024:3696-1: important: Security update for the Linux Kernel (Live Patch 25 for SLE 15 SP4)


# Security update for the Linux Kernel (Live Patch 25 for SLE 15 SP4)

Announcement ID: SUSE-SU-2024:3696-1
Release Date: 2024-10-16T19:04:30Z
Rating: important
References:

* bsc#1220145
* bsc#1221302
* bsc#1222882
* bsc#1223059
* bsc#1223363
* bsc#1223514
* bsc#1223521
* bsc#1223681
* bsc#1223683
* bsc#1225013
* bsc#1225099
* bsc#1225310
* bsc#1225312
* bsc#1225313
* bsc#1225739
* bsc#1226325
* bsc#1228573
* bsc#1228786

Cross-References:

* CVE-2022-48651
* CVE-2022-48662
* CVE-2023-52846
* CVE-2024-23307
* CVE-2024-26610
* CVE-2024-26766
* CVE-2024-26828
* CVE-2024-26852
* CVE-2024-26923
* CVE-2024-26930
* CVE-2024-27398
* CVE-2024-35817
* CVE-2024-35861
* CVE-2024-35950
* CVE-2024-36899
* CVE-2024-36964
* CVE-2024-40954
* CVE-2024-41059

CVSS scores:

* CVE-2022-48651 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2022-48662 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2022-48662 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-52846 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-23307 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-23307 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-26610 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
* CVE-2024-26766 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-26828 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H
* CVE-2024-26852 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-26923 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-26930 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-26930 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-27398 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35817 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35861 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35950 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-36899 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-36964 ( SUSE ): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-40954 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-40954 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-41059 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-41059 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-41059 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Affected Products:

* openSUSE Leap 15.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise Live Patching 15-SP4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP4

An update that solves 18 vulnerabilities can now be installed.

## Description:

This update for the Linux Kernel 5.14.21-150400_24_116 fixes several issues.

The following security issues were fixed:

* CVE-2024-35861: Fixed potential UAF in cifs_signal_cifsd_for_reconnect()
(bsc#1225312).
* CVE-2024-36899: gpiolib: cdev: Fix use after free in lineinfo_changed_notify
(bsc#1225739).
* CVE-2024-40954: net: do not leave a dangling sk pointer, when socket
creation fails (bsc#1227808)
* CVE-2024-41059: hfsplus: fix uninit-value in copy_name (bsc#1228573).
* CVE-2024-36964: fs/9p: only translate RWX permissions for plain 9P2000
(bsc#1226325).
* CVE-2023-52846: hsr: Prevent use after free in prp_create_tagged_frame()
(bsc#1225099).
* CVE-2022-48662: Fixed a general protection fault (GPF) in
i915_perf_open_ioctl (bsc#1223521).
* CVE-2024-35817: Set gtt bound flag in amdgpu_ttm_gart_bind (bsc#1225313).
* CVE-2024-27398: Fixed use-after-free bugs caused by sco_sock_timeout
(bsc#1225013).
* CVE-2024-35950: drm/client: Fully protect modes with dev->mode_config.mutex
(bsc#1225310).
* CVE-2024-26923: Fixed false-positive lockdep splat for spin_lock() in
__unix_gc() (bsc#1223683).
* CVE-2024-26930: Fixed double free of the ha->vp_map pointer (bsc#1223681).
* CVE-2024-26828: Fixed underflow in parse_server_interfaces() (bsc#1223363).
* CVE-2024-23307: Fixed Integer Overflow or Wraparound vulnerability in x86
and ARM md, raid, raid5 modules (bsc#1220145).
* CVE-2024-26852: Fixed use-after-free in ip6_route_mpath_notify()
(bsc#1223059).
* CVE-2024-26610: Fixed memory corruption in wifi/iwlwifi (bsc#1221302).
* CVE-2022-48651: Fixed an out-of-bound bug in ipvlan caused by unset
skb->mac_header (bsc#1223514).
* CVE-2024-26766: Fixed SDMA off-by-one error in _pad_sdma_tx_descs()
(bsc#1222882).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2024-3696=1

* SUSE Linux Enterprise Live Patching 15-SP4
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2024-3696=1

## Package List:

* openSUSE Leap 15.4 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP4_Update_25-debugsource-7-150400.9.8.1
* kernel-livepatch-5_14_21-150400_24_116-default-7-150400.9.8.1
* kernel-livepatch-5_14_21-150400_24_116-default-debuginfo-7-150400.9.8.1
* SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP4_Update_25-debugsource-7-150400.9.8.1
* kernel-livepatch-5_14_21-150400_24_116-default-7-150400.9.8.1
* kernel-livepatch-5_14_21-150400_24_116-default-debuginfo-7-150400.9.8.1

## References:

* https://www.suse.com/security/cve/CVE-2022-48651.html
* https://www.suse.com/security/cve/CVE-2022-48662.html
* https://www.suse.com/security/cve/CVE-2023-52846.html
* https://www.suse.com/security/cve/CVE-2024-23307.html
* https://www.suse.com/security/cve/CVE-2024-26610.html
* https://www.suse.com/security/cve/CVE-2024-26766.html
* https://www.suse.com/security/cve/CVE-2024-26828.html
* https://www.suse.com/security/cve/CVE-2024-26852.html
* https://www.suse.com/security/cve/CVE-2024-26923.html
* https://www.suse.com/security/cve/CVE-2024-26930.html
* https://www.suse.com/security/cve/CVE-2024-27398.html
* https://www.suse.com/security/cve/CVE-2024-35817.html
* https://www.suse.com/security/cve/CVE-2024-35861.html
* https://www.suse.com/security/cve/CVE-2024-35950.html
* https://www.suse.com/security/cve/CVE-2024-36899.html
* https://www.suse.com/security/cve/CVE-2024-36964.html
* https://www.suse.com/security/cve/CVE-2024-40954.html
* https://www.suse.com/security/cve/CVE-2024-41059.html
* https://bugzilla.suse.com/show_bug.cgi?id=1220145
* https://bugzilla.suse.com/show_bug.cgi?id=1221302
* https://bugzilla.suse.com/show_bug.cgi?id=1222882
* https://bugzilla.suse.com/show_bug.cgi?id=1223059
* https://bugzilla.suse.com/show_bug.cgi?id=1223363
* https://bugzilla.suse.com/show_bug.cgi?id=1223514
* https://bugzilla.suse.com/show_bug.cgi?id=1223521
* https://bugzilla.suse.com/show_bug.cgi?id=1223681
* https://bugzilla.suse.com/show_bug.cgi?id=1223683
* https://bugzilla.suse.com/show_bug.cgi?id=1225013
* https://bugzilla.suse.com/show_bug.cgi?id=1225099
* https://bugzilla.suse.com/show_bug.cgi?id=1225310
* https://bugzilla.suse.com/show_bug.cgi?id=1225312
* https://bugzilla.suse.com/show_bug.cgi?id=1225313
* https://bugzilla.suse.com/show_bug.cgi?id=1225739
* https://bugzilla.suse.com/show_bug.cgi?id=1226325
* https://bugzilla.suse.com/show_bug.cgi?id=1228573
* https://bugzilla.suse.com/show_bug.cgi?id=1228786



SUSE-SU-2024:3697-1: important: Security update for the Linux Kernel (Live Patch 11 for SLE 15 SP5)


# Security update for the Linux Kernel (Live Patch 11 for SLE 15 SP5)

Announcement ID: SUSE-SU-2024:3697-1
Release Date: 2024-10-16T19:04:40Z
Rating: important
References:

* bsc#1220145
* bsc#1220832
* bsc#1221302
* bsc#1222685
* bsc#1223059
* bsc#1223363
* bsc#1223514
* bsc#1223521
* bsc#1223681
* bsc#1223683
* bsc#1225013
* bsc#1225099
* bsc#1225310
* bsc#1225312
* bsc#1225313
* bsc#1225739
* bsc#1226325
* bsc#1228573
* bsc#1228786

Cross-References:

* CVE-2022-48651
* CVE-2022-48662
* CVE-2023-52502
* CVE-2023-52846
* CVE-2023-6546
* CVE-2024-23307
* CVE-2024-26610
* CVE-2024-26828
* CVE-2024-26852
* CVE-2024-26923
* CVE-2024-26930
* CVE-2024-27398
* CVE-2024-35817
* CVE-2024-35861
* CVE-2024-35950
* CVE-2024-36899
* CVE-2024-36964
* CVE-2024-40954
* CVE-2024-41059

CVSS scores:

* CVE-2022-48651 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2022-48662 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2022-48662 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-52502 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-52846 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-6546 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-6546 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-6546 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-23307 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-23307 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-26610 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
* CVE-2024-26828 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H
* CVE-2024-26852 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-26923 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-26930 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-26930 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-27398 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35817 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35861 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35950 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-36899 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-36964 ( SUSE ): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-40954 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-40954 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-41059 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-41059 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-41059 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Affected Products:

* openSUSE Leap 15.5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Live Patching 15-SP5
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP5

An update that solves 19 vulnerabilities can now be installed.

## Description:

This update for the Linux Kernel 5.14.21-150500_55_52 fixes several issues.

The following security issues were fixed:

* CVE-2024-35861: Fixed potential UAF in cifs_signal_cifsd_for_reconnect()
(bsc#1225312).
* CVE-2024-36899: gpiolib: cdev: Fix use after free in lineinfo_changed_notify
(bsc#1225739).
* CVE-2024-40954: net: do not leave a dangling sk pointer, when socket
creation fails (bsc#1227808)
* CVE-2024-41059: hfsplus: fix uninit-value in copy_name (bsc#1228573).
* CVE-2024-36964: fs/9p: only translate RWX permissions for plain 9P2000
(bsc#1226325).
* CVE-2023-52846: hsr: Prevent use after free in prp_create_tagged_frame()
(bsc#1225099).
* CVE-2022-48662: Fixed a general protection fault (GPF) in
i915_perf_open_ioctl (bsc#1223521).
* CVE-2024-35817: Set gtt bound flag in amdgpu_ttm_gart_bind (bsc#1225313).
* CVE-2024-27398: Fixed use-after-free bugs caused by sco_sock_timeout
(bsc#1225013).
* CVE-2024-35950: drm/client: Fully protect modes with dev->mode_config.mutex
(bsc#1225310).
* CVE-2024-26923: Fixed false-positive lockdep splat for spin_lock() in
__unix_gc() (bsc#1223683).
* CVE-2024-26930: Fixed double free of the ha->vp_map pointer (bsc#1223681).
* CVE-2024-26828: Fixed underflow in parse_server_interfaces() (bsc#1223363).
* CVE-2024-23307: Fixed Integer Overflow or Wraparound vulnerability in x86
and ARM md, raid, raid5 modules (bsc#1220145).
* CVE-2024-26852: Fixed use-after-free in ip6_route_mpath_notify()
(bsc#1223059).
* CVE-2024-26610: Fixed memory corruption in wifi/iwlwifi (bsc#1221302).
* CVE-2022-48651: Fixed an out-of-bound bug in ipvlan caused by unset
skb->mac_header (bsc#1223514).
* CVE-2023-52502: Fixed a race condition in nfc_llcp_sock_get() and
nfc_llcp_sock_get_sn() (bsc#1220832).
* CVE-2023-6546: Fixed a race condition in the GSM 0710 tty multiplexor via
the GSMIOC_SETCONF ioctl that could lead to local privilege escalation
(bsc#1222685).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Linux Enterprise Live Patching 15-SP5
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2024-3697=1

* openSUSE Leap 15.5
zypper in -t patch SUSE-2024-3697=1

## Package List:

* SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP5_Update_11-debugsource-7-150500.11.6.1
* kernel-livepatch-5_14_21-150500_55_52-default-7-150500.11.6.1
* kernel-livepatch-5_14_21-150500_55_52-default-debuginfo-7-150500.11.6.1
* openSUSE Leap 15.5 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP5_Update_11-debugsource-7-150500.11.6.1
* kernel-livepatch-5_14_21-150500_55_52-default-7-150500.11.6.1
* kernel-livepatch-5_14_21-150500_55_52-default-debuginfo-7-150500.11.6.1

## References:

* https://www.suse.com/security/cve/CVE-2022-48651.html
* https://www.suse.com/security/cve/CVE-2022-48662.html
* https://www.suse.com/security/cve/CVE-2023-52502.html
* https://www.suse.com/security/cve/CVE-2023-52846.html
* https://www.suse.com/security/cve/CVE-2023-6546.html
* https://www.suse.com/security/cve/CVE-2024-23307.html
* https://www.suse.com/security/cve/CVE-2024-26610.html
* https://www.suse.com/security/cve/CVE-2024-26828.html
* https://www.suse.com/security/cve/CVE-2024-26852.html
* https://www.suse.com/security/cve/CVE-2024-26923.html
* https://www.suse.com/security/cve/CVE-2024-26930.html
* https://www.suse.com/security/cve/CVE-2024-27398.html
* https://www.suse.com/security/cve/CVE-2024-35817.html
* https://www.suse.com/security/cve/CVE-2024-35861.html
* https://www.suse.com/security/cve/CVE-2024-35950.html
* https://www.suse.com/security/cve/CVE-2024-36899.html
* https://www.suse.com/security/cve/CVE-2024-36964.html
* https://www.suse.com/security/cve/CVE-2024-40954.html
* https://www.suse.com/security/cve/CVE-2024-41059.html
* https://bugzilla.suse.com/show_bug.cgi?id=1220145
* https://bugzilla.suse.com/show_bug.cgi?id=1220832
* https://bugzilla.suse.com/show_bug.cgi?id=1221302
* https://bugzilla.suse.com/show_bug.cgi?id=1222685
* https://bugzilla.suse.com/show_bug.cgi?id=1223059
* https://bugzilla.suse.com/show_bug.cgi?id=1223363
* https://bugzilla.suse.com/show_bug.cgi?id=1223514
* https://bugzilla.suse.com/show_bug.cgi?id=1223521
* https://bugzilla.suse.com/show_bug.cgi?id=1223681
* https://bugzilla.suse.com/show_bug.cgi?id=1223683
* https://bugzilla.suse.com/show_bug.cgi?id=1225013
* https://bugzilla.suse.com/show_bug.cgi?id=1225099
* https://bugzilla.suse.com/show_bug.cgi?id=1225310
* https://bugzilla.suse.com/show_bug.cgi?id=1225312
* https://bugzilla.suse.com/show_bug.cgi?id=1225313
* https://bugzilla.suse.com/show_bug.cgi?id=1225739
* https://bugzilla.suse.com/show_bug.cgi?id=1226325
* https://bugzilla.suse.com/show_bug.cgi?id=1228573
* https://bugzilla.suse.com/show_bug.cgi?id=1228786



SUSE-SU-2024:3701-1: important: Security update for the Linux Kernel (Live Patch 13 for SLE 15 SP5)


# Security update for the Linux Kernel (Live Patch 13 for SLE 15 SP5)

Announcement ID: SUSE-SU-2024:3701-1
Release Date: 2024-10-16T19:34:00Z
Rating: important
References:

* bsc#1223363
* bsc#1223683
* bsc#1225013
* bsc#1225099
* bsc#1225312
* bsc#1225739
* bsc#1226325
* bsc#1228573
* bsc#1228786

Cross-References:

* CVE-2023-52846
* CVE-2024-26828
* CVE-2024-26923
* CVE-2024-27398
* CVE-2024-35861
* CVE-2024-36899
* CVE-2024-36964
* CVE-2024-40954
* CVE-2024-41059

CVSS scores:

* CVE-2023-52846 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-26828 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H
* CVE-2024-26923 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-27398 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35861 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-36899 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-36964 ( SUSE ): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-40954 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-40954 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-41059 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-41059 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-41059 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Affected Products:

* openSUSE Leap 15.5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Live Patching 15-SP5
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP5

An update that solves nine vulnerabilities can now be installed.

## Description:

This update for the Linux Kernel 5.14.21-150500_55_62 fixes several issues.

The following security issues were fixed:

* CVE-2024-35861: Fixed potential UAF in cifs_signal_cifsd_for_reconnect()
(bsc#1225312).
* CVE-2024-36899: gpiolib: cdev: Fix use after free in lineinfo_changed_notify
(bsc#1225739).
* CVE-2024-40954: net: do not leave a dangling sk pointer, when socket
creation fails (bsc#1227808)
* CVE-2024-41059: hfsplus: fix uninit-value in copy_name (bsc#1228573).
* CVE-2024-36964: fs/9p: only translate RWX permissions for plain 9P2000
(bsc#1226325).
* CVE-2023-52846: hsr: Prevent use after free in prp_create_tagged_frame()
(bsc#1225099).
* CVE-2024-27398: Fixed use-after-free bugs caused by sco_sock_timeout
(bsc#1225013).
* CVE-2024-26923: Fixed false-positive lockdep splat for spin_lock() in
__unix_gc() (bsc#1223683).
* CVE-2024-26828: Fixed underflow in parse_server_interfaces() (bsc#1223363).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.5
zypper in -t patch SUSE-2024-3701=1

* SUSE Linux Enterprise Live Patching 15-SP5
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2024-3701=1

## Package List:

* openSUSE Leap 15.5 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150500_55_62-default-5-150500.11.6.1
* kernel-livepatch-5_14_21-150500_55_62-default-debuginfo-5-150500.11.6.1
* kernel-livepatch-SLE15-SP5_Update_13-debugsource-5-150500.11.6.1
* SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150500_55_62-default-5-150500.11.6.1
* kernel-livepatch-5_14_21-150500_55_62-default-debuginfo-5-150500.11.6.1
* kernel-livepatch-SLE15-SP5_Update_13-debugsource-5-150500.11.6.1

## References:

* https://www.suse.com/security/cve/CVE-2023-52846.html
* https://www.suse.com/security/cve/CVE-2024-26828.html
* https://www.suse.com/security/cve/CVE-2024-26923.html
* https://www.suse.com/security/cve/CVE-2024-27398.html
* https://www.suse.com/security/cve/CVE-2024-35861.html
* https://www.suse.com/security/cve/CVE-2024-36899.html
* https://www.suse.com/security/cve/CVE-2024-36964.html
* https://www.suse.com/security/cve/CVE-2024-40954.html
* https://www.suse.com/security/cve/CVE-2024-41059.html
* https://bugzilla.suse.com/show_bug.cgi?id=1223363
* https://bugzilla.suse.com/show_bug.cgi?id=1223683
* https://bugzilla.suse.com/show_bug.cgi?id=1225013
* https://bugzilla.suse.com/show_bug.cgi?id=1225099
* https://bugzilla.suse.com/show_bug.cgi?id=1225312
* https://bugzilla.suse.com/show_bug.cgi?id=1225739
* https://bugzilla.suse.com/show_bug.cgi?id=1226325
* https://bugzilla.suse.com/show_bug.cgi?id=1228573
* https://bugzilla.suse.com/show_bug.cgi?id=1228786



SUSE-SU-2024:3700-1: important: Security update for the Linux Kernel (Live Patch 26 for SLE 15 SP4)


# Security update for the Linux Kernel (Live Patch 26 for SLE 15 SP4)

Announcement ID: SUSE-SU-2024:3700-1
Release Date: 2024-10-16T19:33:49Z
Rating: important
References:

* bsc#1223059
* bsc#1223363
* bsc#1223681
* bsc#1223683
* bsc#1225013
* bsc#1225099
* bsc#1225310
* bsc#1225312
* bsc#1225313
* bsc#1225739
* bsc#1226325
* bsc#1228573
* bsc#1228786

Cross-References:

* CVE-2023-52846
* CVE-2024-26828
* CVE-2024-26852
* CVE-2024-26923
* CVE-2024-26930
* CVE-2024-27398
* CVE-2024-35817
* CVE-2024-35861
* CVE-2024-35950
* CVE-2024-36899
* CVE-2024-36964
* CVE-2024-40954
* CVE-2024-41059

CVSS scores:

* CVE-2023-52846 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-26828 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H
* CVE-2024-26852 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-26923 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-26930 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-26930 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-27398 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35817 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35861 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35950 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-36899 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-36964 ( SUSE ): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-40954 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-40954 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-41059 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-41059 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-41059 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Affected Products:

* openSUSE Leap 15.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise Live Patching 15-SP4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP4

An update that solves 13 vulnerabilities can now be installed.

## Description:

This update for the Linux Kernel 5.14.21-150400_24_119 fixes several issues.

The following security issues were fixed:

* CVE-2024-35861: Fixed potential UAF in cifs_signal_cifsd_for_reconnect()
(bsc#1225312).
* CVE-2024-36899: gpiolib: cdev: Fix use after free in lineinfo_changed_notify
(bsc#1225739).
* CVE-2024-40954: net: do not leave a dangling sk pointer, when socket
creation fails (bsc#1227808)
* CVE-2024-41059: hfsplus: fix uninit-value in copy_name (bsc#1228573).
* CVE-2024-36964: fs/9p: only translate RWX permissions for plain 9P2000
(bsc#1226325).
* CVE-2023-52846: hsr: Prevent use after free in prp_create_tagged_frame()
(bsc#1225099).
* CVE-2024-35817: Set gtt bound flag in amdgpu_ttm_gart_bind (bsc#1225313).
* CVE-2024-27398: Fixed use-after-free bugs caused by sco_sock_timeout
(bsc#1225013).
* CVE-2024-35950: drm/client: Fully protect modes with dev->mode_config.mutex
(bsc#1225310).
* CVE-2024-26923: Fixed false-positive lockdep splat for spin_lock() in
__unix_gc() (bsc#1223683).
* CVE-2024-26930: Fixed double free of the ha->vp_map pointer (bsc#1223681).
* CVE-2024-26828: Fixed underflow in parse_server_interfaces() (bsc#1223363).
* CVE-2024-26852: Fixed use-after-free in ip6_route_mpath_notify()
(bsc#1223059).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2024-3700=1

* SUSE Linux Enterprise Live Patching 15-SP4
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2024-3700=1

## Package List:

* openSUSE Leap 15.4 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP4_Update_26-debugsource-6-150400.9.6.1
* kernel-livepatch-5_14_21-150400_24_119-default-debuginfo-6-150400.9.6.1
* kernel-livepatch-5_14_21-150400_24_119-default-6-150400.9.6.1
* SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP4_Update_26-debugsource-6-150400.9.6.1
* kernel-livepatch-5_14_21-150400_24_119-default-debuginfo-6-150400.9.6.1
* kernel-livepatch-5_14_21-150400_24_119-default-6-150400.9.6.1

## References:

* https://www.suse.com/security/cve/CVE-2023-52846.html
* https://www.suse.com/security/cve/CVE-2024-26828.html
* https://www.suse.com/security/cve/CVE-2024-26852.html
* https://www.suse.com/security/cve/CVE-2024-26923.html
* https://www.suse.com/security/cve/CVE-2024-26930.html
* https://www.suse.com/security/cve/CVE-2024-27398.html
* https://www.suse.com/security/cve/CVE-2024-35817.html
* https://www.suse.com/security/cve/CVE-2024-35861.html
* https://www.suse.com/security/cve/CVE-2024-35950.html
* https://www.suse.com/security/cve/CVE-2024-36899.html
* https://www.suse.com/security/cve/CVE-2024-36964.html
* https://www.suse.com/security/cve/CVE-2024-40954.html
* https://www.suse.com/security/cve/CVE-2024-41059.html
* https://bugzilla.suse.com/show_bug.cgi?id=1223059
* https://bugzilla.suse.com/show_bug.cgi?id=1223363
* https://bugzilla.suse.com/show_bug.cgi?id=1223681
* https://bugzilla.suse.com/show_bug.cgi?id=1223683
* https://bugzilla.suse.com/show_bug.cgi?id=1225013
* https://bugzilla.suse.com/show_bug.cgi?id=1225099
* https://bugzilla.suse.com/show_bug.cgi?id=1225310
* https://bugzilla.suse.com/show_bug.cgi?id=1225312
* https://bugzilla.suse.com/show_bug.cgi?id=1225313
* https://bugzilla.suse.com/show_bug.cgi?id=1225739
* https://bugzilla.suse.com/show_bug.cgi?id=1226325
* https://bugzilla.suse.com/show_bug.cgi?id=1228573
* https://bugzilla.suse.com/show_bug.cgi?id=1228786



SUSE-SU-2024:3702-1: important: Security update for the Linux Kernel (Live Patch 15 for SLE 15 SP5)


# Security update for the Linux Kernel (Live Patch 15 for SLE 15 SP5)

Announcement ID: SUSE-SU-2024:3702-1
Release Date: 2024-10-16T19:34:10Z
Rating: important
References:

* bsc#1223683
* bsc#1225099
* bsc#1225739
* bsc#1228349
* bsc#1228573
* bsc#1228786

Cross-References:

* CVE-2023-52846
* CVE-2024-26923
* CVE-2024-36899
* CVE-2024-40909
* CVE-2024-40954
* CVE-2024-41059

CVSS scores:

* CVE-2023-52846 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-26923 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-36899 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-40909 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-40909 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-40954 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-40954 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-41059 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-41059 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-41059 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Affected Products:

* openSUSE Leap 15.5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Live Patching 15-SP5
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP5

An update that solves six vulnerabilities can now be installed.

## Description:

This update for the Linux Kernel 5.14.21-150500_55_68 fixes several issues.

The following security issues were fixed:

* CVE-2024-36899: gpiolib: cdev: Fix use after free in lineinfo_changed_notify
(bsc#1225739).
* CVE-2024-40954: net: do not leave a dangling sk pointer, when socket
creation fails (bsc#1227808)
* CVE-2024-41059: hfsplus: fix uninit-value in copy_name (bsc#1228573).
* CVE-2024-40909: bpf: Fix a potential use-after-free in bpf_link_free()
(bsc#1228349).
* CVE-2023-52846: hsr: Prevent use after free in prp_create_tagged_frame()
(bsc#1225099).
* CVE-2024-26923: Fixed false-positive lockdep splat for spin_lock() in
__unix_gc() (bsc#1223683).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.5
zypper in -t patch SUSE-2024-3702=1

* SUSE Linux Enterprise Live Patching 15-SP5
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2024-3702=1

## Package List:

* openSUSE Leap 15.5 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP5_Update_15-debugsource-4-150500.11.6.1
* kernel-livepatch-5_14_21-150500_55_68-default-debuginfo-4-150500.11.6.1
* kernel-livepatch-5_14_21-150500_55_68-default-4-150500.11.6.1
* SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP5_Update_15-debugsource-4-150500.11.6.1
* kernel-livepatch-5_14_21-150500_55_68-default-debuginfo-4-150500.11.6.1
* kernel-livepatch-5_14_21-150500_55_68-default-4-150500.11.6.1

## References:

* https://www.suse.com/security/cve/CVE-2023-52846.html
* https://www.suse.com/security/cve/CVE-2024-26923.html
* https://www.suse.com/security/cve/CVE-2024-36899.html
* https://www.suse.com/security/cve/CVE-2024-40909.html
* https://www.suse.com/security/cve/CVE-2024-40954.html
* https://www.suse.com/security/cve/CVE-2024-41059.html
* https://bugzilla.suse.com/show_bug.cgi?id=1223683
* https://bugzilla.suse.com/show_bug.cgi?id=1225099
* https://bugzilla.suse.com/show_bug.cgi?id=1225739
* https://bugzilla.suse.com/show_bug.cgi?id=1228349
* https://bugzilla.suse.com/show_bug.cgi?id=1228573
* https://bugzilla.suse.com/show_bug.cgi?id=1228786



SUSE-SU-2024:3664-1: moderate: Security update for php8


# Security update for php8

Announcement ID: SUSE-SU-2024:3664-1
Release Date: 2024-10-16T14:28:54Z
Rating: moderate
References:

* bsc#1231358
* bsc#1231360
* bsc#1231382

Cross-References:

* CVE-2024-8925
* CVE-2024-8927
* CVE-2024-9026

CVSS scores:

* CVE-2024-8925 ( SUSE ): 6.3
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2024-8925 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
* CVE-2024-8925 ( NVD ): 3.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
* CVE-2024-8927 ( SUSE ): 6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2024-8927 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
* CVE-2024-8927 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2024-9026 ( SUSE ): 4.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2024-9026 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
* CVE-2024-9026 ( NVD ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Affected Products:

* openSUSE Leap 15.4
* openSUSE Leap 15.5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* Web and Scripting Module 15-SP5

An update that solves three vulnerabilities can now be installed.

## Description:

This update for php8 fixes the following issues:

* CVE-2024-8925: Fixed erroneous parsing of multipart form data in HTTP POST
requests leads to legitimate data not being processed (bsc#1231360)
* CVE-2024-8927: Fixed cgi.force_redirect configuration is bypassable due to
an environment variable collision (bsc#1231358)
* CVE-2024-9026: Fixed pollution of worker output logs in PHP-FPM
(bsc#1231382)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2024-3664=1

* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2024-3664=1

* Web and Scripting Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP5-2024-3664=1

## Package List:

* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
* php8-cli-debuginfo-8.0.30-150400.4.46.1
* php8-ftp-8.0.30-150400.4.46.1
* php8-tokenizer-8.0.30-150400.4.46.1
* php8-test-8.0.30-150400.4.46.1
* php8-bz2-8.0.30-150400.4.46.1
* php8-fileinfo-8.0.30-150400.4.46.1
* php8-curl-8.0.30-150400.4.46.1
* php8-gettext-debuginfo-8.0.30-150400.4.46.1
* php8-calendar-8.0.30-150400.4.46.1
* php8-fpm-debugsource-8.0.30-150400.4.46.1
* php8-xmlreader-debuginfo-8.0.30-150400.4.46.1
* php8-bcmath-debuginfo-8.0.30-150400.4.46.1
* php8-xmlwriter-8.0.30-150400.4.46.1
* php8-sqlite-debuginfo-8.0.30-150400.4.46.1
* php8-shmop-debuginfo-8.0.30-150400.4.46.1
* php8-debuginfo-8.0.30-150400.4.46.1
* php8-odbc-debuginfo-8.0.30-150400.4.46.1
* php8-pdo-8.0.30-150400.4.46.1
* php8-zip-debuginfo-8.0.30-150400.4.46.1
* php8-sysvmsg-8.0.30-150400.4.46.1
* php8-8.0.30-150400.4.46.1
* php8-bz2-debuginfo-8.0.30-150400.4.46.1
* php8-openssl-8.0.30-150400.4.46.1
* php8-embed-debuginfo-8.0.30-150400.4.46.1
* php8-gd-8.0.30-150400.4.46.1
* php8-tidy-8.0.30-150400.4.46.1
* php8-pcntl-debuginfo-8.0.30-150400.4.46.1
* php8-sysvsem-8.0.30-150400.4.46.1
* php8-odbc-8.0.30-150400.4.46.1
* php8-ctype-debuginfo-8.0.30-150400.4.46.1
* php8-gd-debuginfo-8.0.30-150400.4.46.1
* php8-embed-debugsource-8.0.30-150400.4.46.1
* php8-sysvmsg-debuginfo-8.0.30-150400.4.46.1
* php8-zlib-8.0.30-150400.4.46.1
* php8-dom-8.0.30-150400.4.46.1
* php8-mbstring-debuginfo-8.0.30-150400.4.46.1
* php8-readline-8.0.30-150400.4.46.1
* php8-fileinfo-debuginfo-8.0.30-150400.4.46.1
* php8-sqlite-8.0.30-150400.4.46.1
* php8-soap-8.0.30-150400.4.46.1
* php8-pdo-debuginfo-8.0.30-150400.4.46.1
* php8-iconv-debuginfo-8.0.30-150400.4.46.1
* php8-mysql-8.0.30-150400.4.46.1
* php8-cli-8.0.30-150400.4.46.1
* php8-ftp-debuginfo-8.0.30-150400.4.46.1
* php8-devel-8.0.30-150400.4.46.1
* php8-debugsource-8.0.30-150400.4.46.1
* php8-intl-debuginfo-8.0.30-150400.4.46.1
* apache2-mod_php8-debuginfo-8.0.30-150400.4.46.1
* php8-posix-8.0.30-150400.4.46.1
* php8-xmlwriter-debuginfo-8.0.30-150400.4.46.1
* php8-phar-8.0.30-150400.4.46.1
* php8-dom-debuginfo-8.0.30-150400.4.46.1
* php8-sodium-debuginfo-8.0.30-150400.4.46.1
* php8-soap-debuginfo-8.0.30-150400.4.46.1
* php8-intl-8.0.30-150400.4.46.1
* php8-pgsql-debuginfo-8.0.30-150400.4.46.1
* php8-iconv-8.0.30-150400.4.46.1
* php8-gmp-debuginfo-8.0.30-150400.4.46.1
* php8-dba-debuginfo-8.0.30-150400.4.46.1
* php8-calendar-debuginfo-8.0.30-150400.4.46.1
* php8-fastcgi-debugsource-8.0.30-150400.4.46.1
* php8-zlib-debuginfo-8.0.30-150400.4.46.1
* php8-xsl-8.0.30-150400.4.46.1
* php8-exif-debuginfo-8.0.30-150400.4.46.1
* apache2-mod_php8-8.0.30-150400.4.46.1
* php8-mysql-debuginfo-8.0.30-150400.4.46.1
* php8-opcache-8.0.30-150400.4.46.1
* php8-curl-debuginfo-8.0.30-150400.4.46.1
* php8-fastcgi-debuginfo-8.0.30-150400.4.46.1
* php8-sockets-8.0.30-150400.4.46.1
* php8-tidy-debuginfo-8.0.30-150400.4.46.1
* php8-exif-8.0.30-150400.4.46.1
* php8-xsl-debuginfo-8.0.30-150400.4.46.1
* php8-zip-8.0.30-150400.4.46.1
* php8-enchant-8.0.30-150400.4.46.1
* php8-sysvshm-debuginfo-8.0.30-150400.4.46.1
* php8-sysvsem-debuginfo-8.0.30-150400.4.46.1
* php8-readline-debuginfo-8.0.30-150400.4.46.1
* php8-pcntl-8.0.30-150400.4.46.1
* php8-ctype-8.0.30-150400.4.46.1
* php8-dba-8.0.30-150400.4.46.1
* php8-ldap-8.0.30-150400.4.46.1
* php8-bcmath-8.0.30-150400.4.46.1
* php8-posix-debuginfo-8.0.30-150400.4.46.1
* php8-mbstring-8.0.30-150400.4.46.1
* apache2-mod_php8-debugsource-8.0.30-150400.4.46.1
* php8-phar-debuginfo-8.0.30-150400.4.46.1
* php8-opcache-debuginfo-8.0.30-150400.4.46.1
* php8-gmp-8.0.30-150400.4.46.1
* php8-sysvshm-8.0.30-150400.4.46.1
* php8-fastcgi-8.0.30-150400.4.46.1
* php8-gettext-8.0.30-150400.4.46.1
* php8-sodium-8.0.30-150400.4.46.1
* php8-enchant-debuginfo-8.0.30-150400.4.46.1
* php8-shmop-8.0.30-150400.4.46.1
* php8-fpm-debuginfo-8.0.30-150400.4.46.1
* php8-snmp-debuginfo-8.0.30-150400.4.46.1
* php8-sockets-debuginfo-8.0.30-150400.4.46.1
* php8-pgsql-8.0.30-150400.4.46.1
* php8-fpm-8.0.30-150400.4.46.1
* php8-xmlreader-8.0.30-150400.4.46.1
* php8-tokenizer-debuginfo-8.0.30-150400.4.46.1
* php8-ldap-debuginfo-8.0.30-150400.4.46.1
* php8-openssl-debuginfo-8.0.30-150400.4.46.1
* php8-snmp-8.0.30-150400.4.46.1
* php8-embed-8.0.30-150400.4.46.1
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
* php8-cli-debuginfo-8.0.30-150400.4.46.1
* php8-ftp-8.0.30-150400.4.46.1
* php8-tokenizer-8.0.30-150400.4.46.1
* php8-test-8.0.30-150400.4.46.1
* php8-bz2-8.0.30-150400.4.46.1
* php8-fileinfo-8.0.30-150400.4.46.1
* php8-curl-8.0.30-150400.4.46.1
* php8-fpm-debugsource-8.0.30-150400.4.46.1
* php8-calendar-8.0.30-150400.4.46.1
* php8-gettext-debuginfo-8.0.30-150400.4.46.1
* php8-xmlreader-debuginfo-8.0.30-150400.4.46.1
* php8-bcmath-debuginfo-8.0.30-150400.4.46.1
* php8-xmlwriter-8.0.30-150400.4.46.1
* php8-sqlite-debuginfo-8.0.30-150400.4.46.1
* php8-shmop-debuginfo-8.0.30-150400.4.46.1
* php8-debuginfo-8.0.30-150400.4.46.1
* php8-odbc-debuginfo-8.0.30-150400.4.46.1
* php8-pdo-8.0.30-150400.4.46.1
* php8-zip-debuginfo-8.0.30-150400.4.46.1
* php8-sysvmsg-8.0.30-150400.4.46.1
* php8-bz2-debuginfo-8.0.30-150400.4.46.1
* php8-8.0.30-150400.4.46.1
* php8-embed-debuginfo-8.0.30-150400.4.46.1
* php8-openssl-8.0.30-150400.4.46.1
* php8-gd-8.0.30-150400.4.46.1
* php8-tidy-8.0.30-150400.4.46.1
* php8-pcntl-debuginfo-8.0.30-150400.4.46.1
* php8-sysvsem-8.0.30-150400.4.46.1
* php8-odbc-8.0.30-150400.4.46.1
* php8-ctype-debuginfo-8.0.30-150400.4.46.1
* php8-embed-debugsource-8.0.30-150400.4.46.1
* php8-gd-debuginfo-8.0.30-150400.4.46.1
* php8-sysvmsg-debuginfo-8.0.30-150400.4.46.1
* php8-zlib-8.0.30-150400.4.46.1
* php8-dom-8.0.30-150400.4.46.1
* php8-mbstring-debuginfo-8.0.30-150400.4.46.1
* php8-readline-8.0.30-150400.4.46.1
* php8-fileinfo-debuginfo-8.0.30-150400.4.46.1
* php8-sqlite-8.0.30-150400.4.46.1
* php8-soap-8.0.30-150400.4.46.1
* php8-pdo-debuginfo-8.0.30-150400.4.46.1
* php8-iconv-debuginfo-8.0.30-150400.4.46.1
* php8-mysql-8.0.30-150400.4.46.1
* php8-cli-8.0.30-150400.4.46.1
* php8-ftp-debuginfo-8.0.30-150400.4.46.1
* php8-devel-8.0.30-150400.4.46.1
* php8-debugsource-8.0.30-150400.4.46.1
* php8-intl-debuginfo-8.0.30-150400.4.46.1
* apache2-mod_php8-debuginfo-8.0.30-150400.4.46.1
* php8-posix-8.0.30-150400.4.46.1
* php8-xmlwriter-debuginfo-8.0.30-150400.4.46.1
* php8-phar-8.0.30-150400.4.46.1
* php8-dom-debuginfo-8.0.30-150400.4.46.1
* php8-sodium-debuginfo-8.0.30-150400.4.46.1
* php8-soap-debuginfo-8.0.30-150400.4.46.1
* php8-intl-8.0.30-150400.4.46.1
* php8-pgsql-debuginfo-8.0.30-150400.4.46.1
* php8-iconv-8.0.30-150400.4.46.1
* php8-gmp-debuginfo-8.0.30-150400.4.46.1
* php8-dba-debuginfo-8.0.30-150400.4.46.1
* php8-calendar-debuginfo-8.0.30-150400.4.46.1
* php8-fastcgi-debugsource-8.0.30-150400.4.46.1
* php8-zlib-debuginfo-8.0.30-150400.4.46.1
* php8-xsl-8.0.30-150400.4.46.1
* apache2-mod_php8-8.0.30-150400.4.46.1
* php8-exif-debuginfo-8.0.30-150400.4.46.1
* php8-mysql-debuginfo-8.0.30-150400.4.46.1
* php8-opcache-8.0.30-150400.4.46.1
* php8-curl-debuginfo-8.0.30-150400.4.46.1
* php8-fastcgi-debuginfo-8.0.30-150400.4.46.1
* php8-sockets-8.0.30-150400.4.46.1
* php8-tidy-debuginfo-8.0.30-150400.4.46.1
* php8-exif-8.0.30-150400.4.46.1
* php8-xsl-debuginfo-8.0.30-150400.4.46.1
* php8-zip-8.0.30-150400.4.46.1
* php8-enchant-8.0.30-150400.4.46.1
* php8-sysvshm-debuginfo-8.0.30-150400.4.46.1
* php8-sysvsem-debuginfo-8.0.30-150400.4.46.1
* php8-readline-debuginfo-8.0.30-150400.4.46.1
* php8-pcntl-8.0.30-150400.4.46.1
* php8-ctype-8.0.30-150400.4.46.1
* php8-dba-8.0.30-150400.4.46.1
* php8-ldap-8.0.30-150400.4.46.1
* php8-bcmath-8.0.30-150400.4.46.1
* php8-posix-debuginfo-8.0.30-150400.4.46.1
* php8-mbstring-8.0.30-150400.4.46.1
* apache2-mod_php8-debugsource-8.0.30-150400.4.46.1
* php8-phar-debuginfo-8.0.30-150400.4.46.1
* php8-opcache-debuginfo-8.0.30-150400.4.46.1
* php8-gmp-8.0.30-150400.4.46.1
* php8-sysvshm-8.0.30-150400.4.46.1
* php8-fastcgi-8.0.30-150400.4.46.1
* php8-gettext-8.0.30-150400.4.46.1
* php8-sodium-8.0.30-150400.4.46.1
* php8-enchant-debuginfo-8.0.30-150400.4.46.1
* php8-shmop-8.0.30-150400.4.46.1
* php8-fpm-debuginfo-8.0.30-150400.4.46.1
* php8-snmp-debuginfo-8.0.30-150400.4.46.1
* php8-sockets-debuginfo-8.0.30-150400.4.46.1
* php8-fpm-8.0.30-150400.4.46.1
* php8-pgsql-8.0.30-150400.4.46.1
* php8-xmlreader-8.0.30-150400.4.46.1
* php8-tokenizer-debuginfo-8.0.30-150400.4.46.1
* php8-ldap-debuginfo-8.0.30-150400.4.46.1
* php8-openssl-debuginfo-8.0.30-150400.4.46.1
* php8-embed-8.0.30-150400.4.46.1
* php8-snmp-8.0.30-150400.4.46.1
* Web and Scripting Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* php8-cli-debuginfo-8.0.30-150400.4.46.1
* php8-ftp-8.0.30-150400.4.46.1
* php8-tokenizer-8.0.30-150400.4.46.1
* php8-test-8.0.30-150400.4.46.1
* php8-bz2-8.0.30-150400.4.46.1
* php8-fileinfo-8.0.30-150400.4.46.1
* php8-curl-8.0.30-150400.4.46.1
* php8-fpm-debugsource-8.0.30-150400.4.46.1
* php8-calendar-8.0.30-150400.4.46.1
* php8-gettext-debuginfo-8.0.30-150400.4.46.1
* php8-xmlreader-debuginfo-8.0.30-150400.4.46.1
* php8-bcmath-debuginfo-8.0.30-150400.4.46.1
* php8-xmlwriter-8.0.30-150400.4.46.1
* php8-sqlite-debuginfo-8.0.30-150400.4.46.1
* php8-shmop-debuginfo-8.0.30-150400.4.46.1
* php8-debuginfo-8.0.30-150400.4.46.1
* php8-odbc-debuginfo-8.0.30-150400.4.46.1
* php8-pdo-8.0.30-150400.4.46.1
* php8-zip-debuginfo-8.0.30-150400.4.46.1
* php8-sysvmsg-8.0.30-150400.4.46.1
* php8-bz2-debuginfo-8.0.30-150400.4.46.1
* php8-8.0.30-150400.4.46.1
* php8-embed-debuginfo-8.0.30-150400.4.46.1
* php8-openssl-8.0.30-150400.4.46.1
* php8-gd-8.0.30-150400.4.46.1
* php8-tidy-8.0.30-150400.4.46.1
* php8-pcntl-debuginfo-8.0.30-150400.4.46.1
* php8-sysvsem-8.0.30-150400.4.46.1
* php8-odbc-8.0.30-150400.4.46.1
* php8-ctype-debuginfo-8.0.30-150400.4.46.1
* php8-embed-debugsource-8.0.30-150400.4.46.1
* php8-gd-debuginfo-8.0.30-150400.4.46.1
* php8-sysvmsg-debuginfo-8.0.30-150400.4.46.1
* php8-zlib-8.0.30-150400.4.46.1
* php8-dom-8.0.30-150400.4.46.1
* php8-mbstring-debuginfo-8.0.30-150400.4.46.1
* php8-readline-8.0.30-150400.4.46.1
* php8-fileinfo-debuginfo-8.0.30-150400.4.46.1
* php8-sqlite-8.0.30-150400.4.46.1
* php8-soap-8.0.30-150400.4.46.1
* php8-pdo-debuginfo-8.0.30-150400.4.46.1
* php8-iconv-debuginfo-8.0.30-150400.4.46.1
* php8-mysql-8.0.30-150400.4.46.1
* php8-cli-8.0.30-150400.4.46.1
* php8-ftp-debuginfo-8.0.30-150400.4.46.1
* php8-devel-8.0.30-150400.4.46.1
* php8-debugsource-8.0.30-150400.4.46.1
* php8-intl-debuginfo-8.0.30-150400.4.46.1
* apache2-mod_php8-debuginfo-8.0.30-150400.4.46.1
* php8-posix-8.0.30-150400.4.46.1
* php8-xmlwriter-debuginfo-8.0.30-150400.4.46.1
* php8-phar-8.0.30-150400.4.46.1
* php8-dom-debuginfo-8.0.30-150400.4.46.1
* php8-sodium-debuginfo-8.0.30-150400.4.46.1
* php8-soap-debuginfo-8.0.30-150400.4.46.1
* php8-intl-8.0.30-150400.4.46.1
* php8-pgsql-debuginfo-8.0.30-150400.4.46.1
* php8-iconv-8.0.30-150400.4.46.1
* php8-gmp-debuginfo-8.0.30-150400.4.46.1
* php8-dba-debuginfo-8.0.30-150400.4.46.1
* php8-calendar-debuginfo-8.0.30-150400.4.46.1
* php8-fastcgi-debugsource-8.0.30-150400.4.46.1
* php8-zlib-debuginfo-8.0.30-150400.4.46.1
* php8-xsl-8.0.30-150400.4.46.1
* apache2-mod_php8-8.0.30-150400.4.46.1
* php8-exif-debuginfo-8.0.30-150400.4.46.1
* php8-mysql-debuginfo-8.0.30-150400.4.46.1
* php8-opcache-8.0.30-150400.4.46.1
* php8-curl-debuginfo-8.0.30-150400.4.46.1
* php8-fastcgi-debuginfo-8.0.30-150400.4.46.1
* php8-sockets-8.0.30-150400.4.46.1
* php8-tidy-debuginfo-8.0.30-150400.4.46.1
* php8-exif-8.0.30-150400.4.46.1
* php8-xsl-debuginfo-8.0.30-150400.4.46.1
* php8-zip-8.0.30-150400.4.46.1
* php8-enchant-8.0.30-150400.4.46.1
* php8-sysvshm-debuginfo-8.0.30-150400.4.46.1
* php8-sysvsem-debuginfo-8.0.30-150400.4.46.1
* php8-readline-debuginfo-8.0.30-150400.4.46.1
* php8-pcntl-8.0.30-150400.4.46.1
* php8-ctype-8.0.30-150400.4.46.1
* php8-dba-8.0.30-150400.4.46.1
* php8-ldap-8.0.30-150400.4.46.1
* php8-bcmath-8.0.30-150400.4.46.1
* php8-posix-debuginfo-8.0.30-150400.4.46.1
* php8-mbstring-8.0.30-150400.4.46.1
* apache2-mod_php8-debugsource-8.0.30-150400.4.46.1
* php8-phar-debuginfo-8.0.30-150400.4.46.1
* php8-opcache-debuginfo-8.0.30-150400.4.46.1
* php8-gmp-8.0.30-150400.4.46.1
* php8-sysvshm-8.0.30-150400.4.46.1
* php8-fastcgi-8.0.30-150400.4.46.1
* php8-gettext-8.0.30-150400.4.46.1
* php8-sodium-8.0.30-150400.4.46.1
* php8-enchant-debuginfo-8.0.30-150400.4.46.1
* php8-shmop-8.0.30-150400.4.46.1
* php8-fpm-debuginfo-8.0.30-150400.4.46.1
* php8-snmp-debuginfo-8.0.30-150400.4.46.1
* php8-sockets-debuginfo-8.0.30-150400.4.46.1
* php8-fpm-8.0.30-150400.4.46.1
* php8-pgsql-8.0.30-150400.4.46.1
* php8-xmlreader-8.0.30-150400.4.46.1
* php8-tokenizer-debuginfo-8.0.30-150400.4.46.1
* php8-ldap-debuginfo-8.0.30-150400.4.46.1
* php8-openssl-debuginfo-8.0.30-150400.4.46.1
* php8-embed-8.0.30-150400.4.46.1
* php8-snmp-8.0.30-150400.4.46.1

## References:

* https://www.suse.com/security/cve/CVE-2024-8925.html
* https://www.suse.com/security/cve/CVE-2024-8927.html
* https://www.suse.com/security/cve/CVE-2024-9026.html
* https://bugzilla.suse.com/show_bug.cgi?id=1231358
* https://bugzilla.suse.com/show_bug.cgi?id=1231360
* https://bugzilla.suse.com/show_bug.cgi?id=1231382



SUSE-SU-2024:3661-1: important: Security update for the Linux Kernel (Live Patch 45 for SLE 15 SP3)


# Security update for the Linux Kernel (Live Patch 45 for SLE 15 SP3)

Announcement ID: SUSE-SU-2024:3661-1
Release Date: 2024-10-16T13:33:42Z
Rating: important
References:

* bsc#1223683
* bsc#1225310
* bsc#1225312
* bsc#1226325
* bsc#1227651
* bsc#1228573

Cross-References:

* CVE-2021-47291
* CVE-2024-26923
* CVE-2024-35861
* CVE-2024-35950
* CVE-2024-36964
* CVE-2024-41059

CVSS scores:

* CVE-2021-47291 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-26923 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35861 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35950 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-36964 ( SUSE ): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-41059 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-41059 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-41059 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Affected Products:

* openSUSE Leap 15.3
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise Live Patching 15-SP3
* SUSE Linux Enterprise Micro 5.1
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP3

An update that solves six vulnerabilities can now be installed.

## Description:

This update for the Linux Kernel 5.3.18-150300_59_164 fixes several issues.

The following security issues were fixed:

* CVE-2024-35861: Fixed potential UAF in cifs_signal_cifsd_for_reconnect()
(bsc#1225312).
* CVE-2021-47291: ipv6: fix another slab-out-of-bounds in
fib6_nh_flush_exceptions (bsc#1227651).
* CVE-2024-41059: hfsplus: fix uninit-value in copy_name (bsc#1228573).
* CVE-2024-36964: fs/9p: only translate RWX permissions for plain 9P2000
(bsc#1226325).
* CVE-2024-26923: Fixed false-positive lockdep splat for spin_lock() in
__unix_gc() (bsc#1223683).
* CVE-2024-35950: drm/client: Fully protect modes with dev->mode_config.mutex
(bsc#1225310).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.3
zypper in -t patch SUSE-2024-3661=1

* SUSE Linux Enterprise Live Patching 15-SP3
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2024-3661=1

## Package List:

* openSUSE Leap 15.3 (ppc64le s390x x86_64)
* kernel-livepatch-5_3_18-150300_59_164-default-debuginfo-3-150300.7.6.1
* kernel-livepatch-SLE15-SP3_Update_45-debugsource-3-150300.7.6.1
* kernel-livepatch-5_3_18-150300_59_164-default-3-150300.7.6.1
* openSUSE Leap 15.3 (x86_64)
* kernel-livepatch-5_3_18-150300_59_164-preempt-debuginfo-3-150300.7.6.1
* kernel-livepatch-5_3_18-150300_59_164-preempt-3-150300.7.6.1
* SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64)
* kernel-livepatch-5_3_18-150300_59_164-default-3-150300.7.6.1

## References:

* https://www.suse.com/security/cve/CVE-2021-47291.html
* https://www.suse.com/security/cve/CVE-2024-26923.html
* https://www.suse.com/security/cve/CVE-2024-35861.html
* https://www.suse.com/security/cve/CVE-2024-35950.html
* https://www.suse.com/security/cve/CVE-2024-36964.html
* https://www.suse.com/security/cve/CVE-2024-41059.html
* https://bugzilla.suse.com/show_bug.cgi?id=1223683
* https://bugzilla.suse.com/show_bug.cgi?id=1225310
* https://bugzilla.suse.com/show_bug.cgi?id=1225312
* https://bugzilla.suse.com/show_bug.cgi?id=1226325
* https://bugzilla.suse.com/show_bug.cgi?id=1227651
* https://bugzilla.suse.com/show_bug.cgi?id=1228573