SUSE-IU-2022:800-1 SUSE Image security@suse.de SUSE Security Team SUSE Image SUSE-IU-2022:800-1 Interim 1 1 2023-05-09T06:26:12Z current 2022-07-16T01:00:00Z 2022-07-16T01:00:00Z cve-database/bin/generate-cvrf-publiccloud.pl 2021-02-18T01:00:00Z Image update for SUSE-IU-2022:800-1 / google/sles-15-sp1-sap-byos-v20220716-x86-64 This image update for google/sles-15-sp1-sap-byos-v20220716-x86-64 contains the following changes: Package SAPHanaSR was updated: - Version bump to 0.155.0- Add systemd support for the resource agent to interact with the new SAP unit files for sapstartsrv. As the new version of the SAP Startup Framework will use systemd unit files to control the sapstartsrv process instead of the previous used SysV init script, we need to adapt the handling of sapstartsrv inside the resource agents to support both ways. (bsc#1189530, bsc#1189531) - The resource start and stop timeout is now configurable by increasing the timeout for the action 'start' and/or 'stop'. We will use 95% of this action timeouts to calculate the new resource start and stop timeout for the 'WaitforStarted' and 'WaitforStopped' functions. If the new, calculated timeout value is less than '3600', it will be set to '3600', so that we do not decrease this timeout by accident (bsc#1182545) - change promotion scoring during maintenance procedure to prevent that both sides have an equal promotion scoring after refresh which might result in a critical promotion of the secondary. (bsc#1174557) - update of man page SAPHanaSR.py.7 - correct the supported HANA version. (bsc#1182201) - if the $hdbState command fails to retrieve the current state of the System Replication, the resource agent now uses the system_replication/actual_mode attribute (if available) from the global.ini file as a fallback. This should prevent some confusing and misleading log messages during a takeover and solves the problem of a not working takeover back (after a successful first takeover) (bsc#1181765) - add dedicated logging of HANA_CALL problems. So it will be now possible to identify, if the called hana command or the needed su command throws the error and for further hints we log the stderr output. Additional it is possible to get regular log messages for the used commands, their return code and their stderr output by enabling the 'debug' mode of the resource agents. (bsc#1182774) Package aaa_base was updated: - fix (bsc#1194883) - aaa_base: Set net.ipv4.ping_group_range to allow ICMP ping - added patches + git-40-d004657a244d75b372a107c4f6097b42ba1992d5.patch - Port change from Thu Sep 30 08:51:55 UTC 2022 forword to current version which includes a rename of patch git-13-14003c19eaa863ae9d80a0ebb9b5cab6273a5a9e.patch to git-43-14003c19eaa863ae9d80a0ebb9b5cab6273a5a9e.patch as otherwise autopatch macro does not work anymore - Include all fixes and changes for systemwide inputrc to remove the 8 bit escape sequence which interfere with UTF-8 multi byte characters as well as support the vi mode of readline library. This is done with the patches * git-41-f00ca2600331602241954533a1b1610d1da57edf.patch * git-42-f39a8d18719c3b34373e0e36098f0f404121b5c5.patch before the changed patch git-13-14003c19eaa863ae9d80a0ebb9b5cab6273a5a9e.patch rename it to git-43-14003c19eaa863ae9d80a0ebb9b5cab6273a5a9e.patch and also add the patches * git-44-425f3e9b44ba9ead865d70ff6690d5f2869442dc.patch * git-45-bf0a31597d0ed3562bfc5e6be0ade2fe5dc1f7a1.patch Package augeas was updated: - add augeas-sysctl_parsing.patch (bsc#1197443) * backport original patch and rebase - support new chrony 4.1 options (jsc#SLE-17334) augeas-new_options_for_chrony.patch Package autofs was updated: - autofs-5.1.6-fix-quoted-string-length-calc-in-expand.patch Fix problem with quote handling (bsc#1181715) - 0005-autofs-5.1.4-fix-incorrect-locking-in-sss-lookup.patch Fix locking problem that causes deadlock when sss used. (bsc#1196485) - 0004-autofs-5.1.3-add-port-parameter-to-rpc_ping.patch Suppress portmap calls when port explicitly given (bsc#1195697) Package avahi was updated: - Downgrade python3-Twisted to a Recommends. It is not available on SLED or PackageHub, and it is only needed by avahi-bookmarks (bsc#1196282). - Add avahi-bookmarks-import-warning.patch: fix warning when twisted is not available. - Replace avahi-0.6.31-systemd-order.patch with avahi-add-resolv-conf-to-inotify.patch: re-read configuration when resolv.conf changes, per discussion on the bug (boo#1194561). - Have python3-avahi require python3-dbus-python, not the python 2 dbus-1-python package (bsc#1195614). - Reinstate avahi-0.6.31-systemd-order.patch (boo#1194561). This can probably go away if/when gh#lathiat/avahi#118 is fixed. - Drop avahi-0.6.32-suppress-resolv-conf-warning.patch: we should no longer need this given the above patch. - Move sftp-ssh and ssh services to the doc directory. They allow a host's up/down status to be easily discovered and should not be enabled by default (boo#1179060). Package bind was updated: - When using forwarders, bogus NS records supplied by, or via, those forwarders may be cached and used by named if it needs to recurse for any reason, causing it to obtain and pass on potentially incorrect answers. [CVE-2021-25220, bsc#1197135, bind-9.16.27-0001-CVE-2021-25220.patch] Package binutils was updated: - For building shim 15.6~rc1 (and later versions) aarch64 image, objcopy needs to support efi-app-aarch64 target. (bsc#1198458) Adds binutils-add-efi-aarch64-1.diff, binutils-add-efi-aarch64-2.diff, binutils-add-efi-aarch64-3.diff . - Add binutils-fix-keepdebug.diff for fix bsc#1191908, a problem in crash not accepting some of our .ko.debug files. - Add binutils-revert-rela.diff to revert back to old behaviour of not ignoring the in-section content of to be relocated fields on x86-64, even though that's a RELA architecture. Compatibility with buggy object files generated by old tools. [bsc#1198422] - Add binutils-add-z16-name.diff so that the now official name z16 for arch14 is recognized. [bsc#1198237] Package cifs-utils was updated: - CVE-2022-27239: mount.cifs: fix length check for ip option parsing; (bsc#1197216) (bso#15025); CVE-2022-27239. * add 0016-CVE-2022-27239-mount.cifs-fix-length-check-for-ip-op.patch Package cloud-regionsrv-client was updated: - Update to version 10.0.3 (bsc#1198389) - Descend into the extension tree even if top level module is recommended - Cache license state for AHB support to detect type switch - Properly clean suse.com credentials when switching from SCC to update infrastructure - New log message to indicate base product registration success - Update to version 10.0.2 + Fix name of logfile in error message + Fix variable scoping to properly detect registration error + Cleanup any artifacts on registration failure + Fix latent bug with /etc/hosts population + Do not throw error when attemting to unregister a system that is not registered + Skip extension registration if the extension is recommended by the baseproduct as it gets automatically installed - Update to version 10.0.1 (bsc#1197113) + Provide status feedback on registration, success or failure + Log warning message if data provider is configured but no data can be retrieved - Update -addon-azure to 1.0.3 follow up fix for (bsc#1195414, bsc#1195564) + The repo enablement timer cannot depend on guestregister.service - Update -addon-azure to 1.0.2 (bsc#1196305) + The is-registered() function expects a string of the update server FQDN. The regionsrv-enabler-azure passed an Object of type SMT. Fix the call in regionsrv-enabler-azure. - Update -plugin-azure to 2.0.0 (bsc#1196146) + Lower case the region hint to reduce issues with Azure region name case inconsistencies - Update to version 10.0.0 (bsc#1195414, bsc#1195564) + Refactor removes check_registration() function in utils implementation + Only start the registration service for PAYG images - addon-azure sub-package to version 1.0.1 Package cluster-glue was updated: - Requesting cluster-glue bugfix (bsc#1197681) * Add upstream patch: 0002-bugfix-for-comment-in-external-ec2.patch - (jsc#SLE-23490) (jsc#SLE-23491) (jsc#SLE-23492) (jsc#SLE-23494) IMDSv2 support in ec2 stonith agent * add upstream patch: 0001-Update-external-ec2-to-support-IMDSv2.patch Package containerd was updated: - Update to containerd v1.6.6 to fix CVE-2022-31030 and meet the requirements of Docker v20.10.17-ce. bsc#1200145 - Remove upstreamed patches: - bsc1200145-Limit-the-response-size-of-ExecSync.patch [ This patch was only released in SLES and Leap. ] - Backport patch to fix GHSA-5ffw-gxpp-mxpf CVE-2022-31030. bsc#1200145 + bsc1200145-Limit-the-response-size-of-ExecSync.patch - Update to containerd v1.5.12. Upstream release notes: &lt;https://github.com/containerd/containerd/releases/tag/v1.5.12&gt; - Update to containerd v1.5.11 to fix CVE-2022-24769. bsc#1197517 - Update to containerd v1.4.13 to fix CVE-2022-23648. bsc#1196441 - Remove upstreamed patch: - CVE-2022-23648.patch [ This patch was only released in SLES and Leap. ] - Add patch for CVE-2022-23648. bsc#1196441 + CVE-2022-23648.patch - Update to containerd v1.4.12 for Docker 20.10.11-ce. bsc#1192814 bsc#1193273 CVE-2021-41190 - Update to containerd v1.4.11, to fix CVE-2021-41103. bsc#1191355 - Switch to Go 1.16.x compiler, in line with upstream. Package coreutils was updated: - coreutils-df-fuse-portal-dummy.patch: df: Add &quot;/fuse.portal&quot;/ as a dummy file system (used in flatpak implementations). (bsc#1189152) Package crmsh was updated: - Update to version 4.3.1+20220505.cf4ab649: * Fix: hb_report: Read data in a save way, to avoid UnicodeDecodeError (bsc#1198180) * Dev: ocfs2: Fix running ocfs2 stage on cluster with diskless-sbd * Fix: ui_configure: Give a deprecated warning when using &quot;/ms&quot;/ subcommand (bsc#1194125) * Fix: xmlutil: Parse promotable clone correctly and also consider compatibility (bsc#1194125) * Fix: bootstrap: Change default transport type as udpu(unicast) (bsc#1132375) - Update to version 4.3.1+20220321.bd33abac: * Dev: Parametrize the log dir * medium: utils: update detect_cloud pattern for aws (bsc#1197351) * Fix: utils: Only raise exception when return code of systemctl command over ssh larger than 4 (bsc#1196726) * Fix: sbd: not overwrite SYSCONFIG_SBD and sbd-disk-metadata if input 'n'(bsc#1194870) * Fix: crash_test: Adjust help output of 'crm cluster crash_test -h'(bsc#1194615) * Fix: bootstrap: Change log info when need to change user login shell (bsc#1194026) Package cups was updated: - cups-2.2.7-CVE-2022-26691.patch fixes CVE-2022-26691 cups: authentication bypass and code execution (bsc#1199474) - SUSE_bsc_1189517.patch is https://github.com/apple/cups/commit/821b3cc956d46b811facd50986acc9f24f0e1c79 which belongs to https://github.com/apple/cups/issues/5288 that fixes bsc#1189517 &quot;/cups printservice takes much longer than before with a big number of printers&quot;/ see in particular https://github.com/apple/cups/issues/5288#issuecomment-921626381 - SUSE_bsc_1195115.patch is https://github.com/apple/cups/commit/ba9d68cc7467a7a47ef219071902b9e9eb6dbc44 which belongs to https://github.com/apple/cups/issues/5538 that fixes bsc#1195115 &quot;/CUPS PreserveJobHistory doesn't work with seconds&quot;/ Package cyrus-sasl was updated: - CVE-2022-24407: cyrus-sasl: SQL injection in sql_auxprop_store in plugins/sql.c (bsc#1196036) o add upstream patch: 0001-CVE-2022-24407-Escape-password-for-SQL-insert-update.patch Package cyrus-sasl-saslauthd was updated: - CVE-2022-24407: cyrus-sasl: SQL injection in sql_auxprop_store in plugins/sql.c (bsc#1196036) o add upstream patch: 0001-CVE-2022-24407-Escape-password-for-SQL-insert-update.patch Package dhcp was updated: Package docker was updated: - Update to Docker 20.10.17-ce. See upstream changelog online at &lt;https://docs.docker.com/engine/release-notes/#201017&gt;. bsc#1200145 - Rebase patches: * 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch * 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch * 0003-PRIVATE-REGISTRY-add-private-registry-mirror-support.patch * 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch * 0005-bsc1183855-btrfs-Do-not-disable-quota-on-cleanup.patch * 0006-bsc1193930-vendor-update-golang.org-x-crypto.patch - Add patch to update golang.org/x/crypto for CVE-2021-43565 and CVE-2022-27191. bsc#1193930 bsc#1197284 * 0006-bsc1193930-vendor-update-golang.org-x-crypto.patch - Rebase patches: * 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch * 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch * 0003-PRIVATE-REGISTRY-add-private-registry-mirror-support.patch * 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch * 0005-bsc1183855-btrfs-Do-not-disable-quota-on-cleanup.patch - Update to Docker 20.10.14-ce. See upstream changelog online at &lt;https://docs.docker.com/engine/release-notes/#201014&gt;. bsc#1197517 CVE-2022-24769 - Update to Docker 20.10.12-ce. See upstream changelog online at &lt;https://docs.docker.com/engine/release-notes/#201012&gt;. - Remove CHANGELOG.md. It hasn't been maintained since 2017, and all of the changelogs are currently only available online. - Update to Docker 20.10.11-ce. See upstream changelog online at &lt;https://docs.docker.com/engine/release-notes/#201011&gt;. bsc#1192814 bsc#1193273 CVE-2021-41190 - Rebase patches: * 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch * 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch * 0003-PRIVATE-REGISTRY-add-private-registry-mirror-support.patch * 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch * 0005-bsc1183855-btrfs-Do-not-disable-quota-on-cleanup.patch - Remove upstreamed patches: - 0006-bsc1190670-seccomp-add-support-for-clone3-syscall-in.patch - Update to Docker 20.10.9-ce. See upstream changelog online at &lt;https://docs.docker.com/engine/release-notes/#20109&gt;. bsc#1191355 CVE-2021-41089 bsc#1191015 CVE-2021-41091 bsc#1191434 CVE-2021-41092 bsc#1191334 CVE-2021-41103 bsc#1191121 - Update to Docker 20.10.6-ce. See upstream changelog online at &lt;https://docs.docker.com/engine/release-notes/#20106&gt;. bsc#1184768 - Update to Docker 20.10.5-ce. See upstream changelog online at &lt;https://docs.docker.com/engine/release-notes/#20105&gt;. bsc#1182947 Package dracut was updated: - fix kernel name parsing in purge-kernels script (bsc#1199453)- 95nfs: fix nfsroot option parsing (bsc#1003872) * add 0631-nfsroot-follow-ifcfg-settings-for-boot-protocol.patch * add 0632-95nfs-look-in-nfs-mount-options-for-nfs-server-ip-bs.patch - fix(shutdown): add timeout to umount calls (bsc#1178219) * add 0629-shutdown-sleep-a-little-if-a-process-was-killed.patch * add 0630-fix-shutdown-add-timeout-to-umount-calls.patch - fix setup errors in net-lib.sh due to premature did-setup in ifup.sh (bsc#1175102) * add 0628-ifup.sh-fix-did-setup-logic-and-dhcp-return-value.patch Package e2fsprogs was updated: - libext2fs-add-sanity-check-to-extent-manipulation.patch: libext2fs: add sanity check to extent manipulation (bsc#1198446 CVE-2022-1304) - libss-add-newer-libreadline.so.7-to-dlopen-path.patch: libss: Add support for libreadline.so.7 for Leap 15.3 (bsc#1196939) Package expat was updated: - Security fixes: * (CVE-2022-25236, bsc#1196784) [&gt;=2.4.5] Fix to CVE-2022-25236 breaks biboumi, ClairMeta, jxmlease, libwbxml, openleadr-python, rnv, xmltodict - Added expat-CVE-2022-25236-relax-fix.patch - Security fixes: * (CVE-2022-25236, bsc#1196025) Expat before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs - Added expat-CVE-2022-25236.patch * (CVE-2022-25235, bsc#1196026) xmltok_impl.c in Expat before 2.4.5 does not check whether a UTF-8 character is valid in a certain context. - Added expat-CVE-2022-25235.patch * (CVE-2022-25313, bsc#1196168) Stack exhaustion in build_model() via uncontrolled recursion - Added expat-CVE-2022-25313.patch - The fix upstream introduced a regression that was later amended in 2.4.6 version + Added expat-CVE-2022-25313-fix-regression.patch * (CVE-2022-25314, bsc#1196169) Integer overflow in copyString - Added expat-CVE-2022-25314.patch * (CVE-2022-25315, bsc#1196171) Integer overflow in storeRawNames - Added expat-CVE-2022-25315.patch - Security fix (CVE-2022-23852, bsc#1195054) * Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES * Add tests for CVE-2022-23852. * Added expat-CVE-2022-23852.patch - Security fix (CVE-2022-23990, bsc#1195217) * Fix unsigned integer overflow in function doProlog triggered by large content in element type declarations when there is an element declaration handler present (from a prior call to XML_SetElementDeclHandler). * Add expat-CVE-2022-23990.patch * Added expat-CVE-2022-22827.patch Package fence-agents was updated: - fence-agents-4.9.0+git.1624456340.8d746be9-150300.3.8.1 broken in GCP due to missing &quot;/--zone&quot;/ parameter (bsc#1198872) - Apply proposed patch 0001-fence_gce-Make-zone-optional-for-get_nodes_list-487.patch - (bsc#1196350) fence_gce updates pull from Clusterlabs repo - Apply proposed upstream patch 0001-fence_gce-Add-timeouts-and-failure-options-458.patch Package filesystem was updated: Package gcc11 was updated: - Update to the GCC 11.3.0 release. * includes SLS hardening backport on x86_64. [bsc#1195283] - Update to gcc-11 branch head (691af15031e00227ba6d5935c), git1635 * includes gcc11-pr104931.patch * includes fix for Firefox ICE [gcc#105256] - Add provides/conflicts to glibc crosses since only one GCC version for the same target can be installed at the same time. - Add provides/conflicts to libgccjit. - Update to gcc-11 branch head (6a1150d1524aeda3381b21717), git1406 * includes change to adjust gnats idea of the target, fixing the build of gprbuild. [bsc#1196861] - Add gcc11-pr104931.patch to fix miscompile of embedded premake in 0ad on i586. [bsc#1197065] - drop armv5tel, merge arm and armv6hl - use --with-cpu rather than specifying --with-arch/--with-tune - Add a list of Obsoletes to libstdc++6-pp-gcc11 so updates from packages provided by older GCC work. Add a requires from that package to the corresponding libstc++6 package to keep those at the same version. [bsc#1196107] - Add gcc11-PIE, similar to gcc-PIE but affecting gcc11 [bsc#1195628] - Put libstdc++6-pp Requires on the shared library and drop to Recoomends. - Remove sys/rseq.h from include-fixed - Update to gcc-11 branch head (d4a1d3c4b377f1d4acb), git1173 * Fix D memory corruption in -M output. * Fix ICE in is_this_parameter with coroutines. [boo#1193659] - Enable the cross compilers also on i586 - Enable some cross compilers also in rings - Remove cross compilers for i386 target - Update to gcc-11 branch head (7510c23c1ec53aa4a62705f03), git1018 * fixes issue with debug dumping together with -o /dev/null * fixes libgccjit issue showing up in emacs build [boo#1192951] - Package mwaitintrin.h - Remove spurious exit from change_spec. - Enable the full cross compiler, cross-aarch64-gcc11 and cross-riscv64-gcc11 now provide a fully hosted C (and C++) cross compiler, not just a freestanding one. I.e. with a cross glibc. They don't yet support the sanitizer libraries. Part of [jsc#OBS-124]. Package glibc was updated: - pthread-rwlock-trylock-stalls.patch: nptl: Fix pthread_rwlock_try*lock stalls (bsc#1195560, BZ #23844) - clnt-create-unix-overflow.patch: Buffer overflow in sunrpc clnt_create for &quot;/unix&quot;/ (CVE-2022-23219, bsc#1194768, BZ #22542) - svcunix-create-overflow.patch: Buffer overflow in sunrpc svcunix_create (CVE-2022-23218, bsc#1194770, BZ #28768) - getcwd-erange.patch: getcwd: Set errno to ERANGE for size == 1 (CVE-2021-3999, bsc#1194640, BZ #28769) - pop-fail-stack.patch: Assertion failure in pop_fail_stack when executing a malformed regexp (CVE-2015-8985, bsc#1193625, BZ #21163) Package google-guest-agent was updated: - Update to version 20220204.00 (bsc#1195437, bsc#1195438) * remove han from owners (#154) * Remove extra slash from metadata URL. (#151) - from version 20220104.00 * List IPv6 routes (#150) - from version 20211228.00 * add add or remove route integration test, utils (#147) - from version 20211214.00 * add malformed ssh key unit test (#142) - Update to version 20211116.00 (bsc#1193257, bsc#1193258) * dont duplicate logs (#146) * Add WantedBy network dependencies to google-guest-agent service (#136) * dont try dhcpv6 when not needed (#145) * Integration tests: instance setup (#143) * Integration test: test create and remove google user (#128) * handle comm errors in script runner (#140) * enforce script ordering (#138) * enable ipv6 on secondary interfaces (#133) - from version 20211103.00 * Integration tests: instance setup (#143) - from version 20211027.00 * Integration test: test create and remove google user (#128) - Update to version 20211019.00 * handle comm errors in script runner (#140) - from version 20211015.00 * enforce script ordering (#138) - from version 20211014.00 * enable ipv6 on secondary interfaces (#133) - from version 20211013.00 * dont open ssh tempfile exclusively (#137) - from version 20211011.00 * correct linux startup script order (#135) * Emit sshable attribute (#123) - from version 20210908.1 * restore line (#127) - from version 20210908.00 * New integ test (#124) - from version 20210901.00 * support enable-oslogin-sk key (#120) * match script logging to guest agent (#125) - from version 20210804.00 * Debug logging (#122) - Refresh patches for new version * dont_overwrite_ifcfg.patch - Build with go1.15 for reproducible build results (boo#1102408) - Update to version 20210707.00 * Use IP address for calling the metadata server. (#116) - from version 20210629.00 * use IP for MDS (#115) - Update to version 20210603.00 * systemd-notify in agentInit (#113) * dont check status (#112) - from version 20210524.00 * more granular service restarts (#111) - from version 20210414.00 * (no functional changes) Package google-guest-configs was updated: - Update to version 20220211.00 (bsc#1195437, bsc#1195438) * Set NVMe-PD IO timeout to 4294967295. (#32) - Add missing pkg-config dependency to BuildRequires for SLE-12 - Install modprobe configuration files into /etc again on SLE-15-SP2 and older since that's stil the default location on these distributions - Probe udev directory using the &quot;/udevdir&quot;/ pkg-config variable on SLE-15-SP2 and older since the variable got renamed to &quot;/udev_dir&quot;/ in later versions - Remove redundant pkgconfig(udev) from BuildRequires for SLE-12 - Update to version 20211116.00 (bsc#1193257, bsc#1193258) * GCE supports up to 24 NVMe local SSDs, but the regex in the PROGRAM field only looks for the last digit of the given string causing issues when there are &gt;= 10 local SSDs. Changed REGEX to get the last number of the string instead to support the up to 24 local SSDs. (#30) * chmod+x google_nvme_id on EL (#31) - Fix duplicate installation of google_optimize_local_ssd and google_set_multiqueue - Install google_nvme_id into /usr/lib/udev (bsc#1192652, bsc#1192653) - Update to version 20210916.00 * Revert &quot;/dont set IP in etc/hosts; remove rsyslog (#26)&quot;/ (#28) - from version 20210831.00 * restore rsyslog (#27) - from version 20210830.00 * Fix NVMe partition names (#25) - from version 20210824.00 * dont set IP in etc/hosts; remove rsyslog (#26) * update OWNERS - Use %_modprobedir for modprobe.d files (out of /etc) - Use %_sysctldir for sysctl.d files (out of /etc) - Update to version 20210702.00 * use grep for hostname check (#23) - from version 20210629.00 * address set_hostname vuln (#22) - from version 20210324.00 * dracut.conf wants spaces around values (#19) Package google-guest-oslogin was updated: - Update to version 20220205.00 (bsc#1195437, bsc#1195438) * Fix build for EL9. (#82) - from version 20211213.00 * Reauth error (#81) - Rename Source0 field to Source - Update URL in Source field to point to upstream tarball - Update to version 20211013.00 (bsc#1193257, bsc#1193258) * remove deprecated binary (#79) - from version 20211001.00 * no message if no groups (#78) - from version 20210907.00 * use sigaction for signals (#76) - from version 20210906.00 * include cstdlib for exit (#75) * catch SIGPIPE in authorized_keys (#73) - from version 20210805.00 * fix double free in ParseJsonToKey (#70) - from version 20210804.00 * fix packaging for authorized_keys_sk (#68) * add authorized_keys_sk (#66) - Add google_authorized_keys_sk to %files section - Remove google_oslogin_control from %files section Package google-osconfig-agent was updated: - Update to version 20220209.00 (bsc#1195437, bsc#1195438) * Update licences, remove deprecated centos-8 tests (#414) - Update to version 20220204.00 * Add DisableLocalLogging option (#413) - from version 20220107.00 * OS assignment example: Copy file from bucket - Update to version 20211117.00 (bsc#1193257, bsc#1193258) * Add retry logic for RegisterAgent (#404) - from version 20211111.01 * e2e_test: drop ubuntu 1604 image as its EOL (#403) - from version 20211111.00 * e2e_test: move to V1 api for OSPolicies (#397) - from version 20211102.00 * Fix context logging and fix label names (#400) - from version 20211028.00 * Add cloudops example for gcloud (#399) - Update to version 20211021.00 * Added patch report logging for Zypper. (#395) - from version 20211012.00 * Replace deprecated instance filters with the new filters (#394) - from version 20211006.00 * Added patch report log messages for Yum and Apt (#392) - from version 20210930.00 * Config: Add package info caching (#391) - from version 20210928.00 * Fixed the runWithPty function to set ctty to child's filedesc (#389) - from version 20210927.00 * e2e_tests: fix a test output mismatch (#390) - from version 20210924.00 * Fix some e2e test failures (#388) - from version 20210923.02 * Correctly check for folder existance in package upgrade (#387) - from version 20210923.01 * ReportInventory: Fix bug in deb/rpm inventory, reduce calls to append (#386) - from version 20210923.00 * Deprecate old config directory in favor of new cache directory (#385) - from version 20210922.02 * Fix rpm/deb package formating for inventory reporting (#384) - from version 20210922.01 * Add centos stream rocky linux and available package tests (#383) - from version 20210922.00 * Add more info logs, actually cleanup unmanaged repos (#382) - from version 20210901.00 * Add E2E tests for Windows Application (#379) * Return lower-case package name (#377) * Update Terraform scripts for multi-project deployments tutorial. (#378) - from version 20210811.00 * Support Windows Application Inventory (#371) - from version 20210723.00 * Send basic inventory with RegisterAgent (#373) - from version 20210722.1 * e2e_tests: move to manually generated osconfig library (#372) - from version 20210722.00 * Create OWNERS file for examples directory (#368) - from version 20210719.00 * Update Zypper patch info parsing (#370) - Build with go1.15 for reproducible build results (boo#1102408) - Update to version 20210712.1 * Skip getting patch info when no patches are found. (#369) - from version 20210712.00 * Add Terraform scripts for multi-project deployments (#367) - from version 20210709.00 * Add examples/Terraform directory. (#366) - from version 20210707.00 * Fix bug in printing packages to update, return error for zypper patch (#365) - from version 20210629.00 * Add CloudOps examples for CentOS (#364) - Update to version 20210621.00 * chore: Fixing a comment. (#363) - from version 20210617.00 * Use exec.CommandContext so that canceling the context also kills any running processes (#362) - from version 20210608.1 * e2e_tests: point to official osconfig client library (#359) - from version 20210608.00 * e2e_tests: deflake tests (#358) - from version 20210607.00 * Fix build on some architectures (#357) - from version 20210603.00 * Create win-validation-powershell.yaml (#356) - from version 20210602.00 * Agent efficiency improvements/bugfixes/logging updates (#355) * e2e_tests: add tests for ExecResource output (#354) - from version 20210525.00 * Run fieldalignment on all structs (#353) - from version 20210521.00 * Config Task: add error message and ExecResource output recording (#350) * e2e_tests: remove Windows server 1909 and add server 20h2 (#352) * Added a method for logging structured data (#349) Package grep was updated: Package grub2 was updated: - Security fixes and hardenings for boothole 3 / boothole 2022 (bsc#1198581) * 0001-video-Remove-trailing-whitespaces.patch * 0002-video-readers-jpeg-Test-for-an-invalid-next-marker-r.patch * 0003-video-readers-jpeg-Catch-files-with-unsupported-quan.patch * 0004-video-readers-jpeg-Catch-OOB-reads-writes-in-grub_jp.patch * 0005-video-readers-jpeg-Don-t-decode-data-before-start-of.patch * 0006-misc-Format-string-for-grub_error-should-be-a-litera.patch * 0007-loader-efi-chainloader-Simplify-the-loader-state.patch * 0008-commands-boot-Add-API-to-pass-context-to-loader.patch - Fix CVE-2022-28736 (bsc#1198496) * 0009-loader-efi-chainloader-Use-grub_loader_set_ex.patch * 0010-kern-file-Do-not-leak-device_name-on-error-in-grub_f.patch * 0011-video-readers-png-Abort-sooner-if-a-read-operation-f.patch * 0012-video-readers-png-Refuse-to-handle-multiple-image-he.patch - Fix CVE-2021-3695 (bsc#1191184) * 0013-video-readers-png-Drop-greyscale-support-to-fix-heap.patch - Fix CVE-2021-3696 (bsc#1191185) * 0014-video-readers-png-Avoid-heap-OOB-R-W-inserting-huff-.patch * 0015-video-readers-png-Sanity-check-some-huffman-codes.patch * 0016-video-readers-jpeg-Abort-sooner-if-a-read-operation-.patch * 0017-video-readers-jpeg-Do-not-reallocate-a-given-huff-ta.patch * 0018-video-readers-jpeg-Refuse-to-handle-multiple-start-o.patch - Fix CVE-2021-3697 (bsc#1191186) * 0019-video-readers-jpeg-Block-int-underflow-wild-pointer-.patch * 0020-normal-charset-Fix-array-out-of-bounds-formatting-un.patch - Fix CVE-2022-28733 (bsc#1198460) * 0021-net-ip-Do-IP-fragment-maths-safely.patch * 0022-net-netbuff-Block-overly-large-netbuff-allocs.patch * 0023-net-dns-Fix-double-free-addresses-on-corrupt-DNS-res.patch * 0024-net-dns-Don-t-read-past-the-end-of-the-string-we-re-.patch * 0025-net-tftp-Prevent-a-UAF-and-double-free-from-a-failed.patch * 0026-net-tftp-Avoid-a-trivial-UAF.patch * 0027-net-http-Do-not-tear-down-socket-if-it-s-already-bee.patch - Fix CVE-2022-28734 (bsc#1198493) * 0028-net-http-Fix-OOB-write-for-split-http-headers.patch - Fix CVE-2022-28734 (bsc#1198493) * 0029-net-http-Error-out-on-headers-with-LF-without-CR.patch * 0030-fs-btrfs-Fix-several-fuzz-issues-with-invalid-dir-it.patch * 0031-fs-btrfs-Fix-more-ASAN-and-SEGV-issues-found-with-fu.patch * 0032-fs-btrfs-Fix-more-fuzz-issues-related-to-chunks.patch * 0033-Use-grub_loader_set_ex-for-secureboot-chainloader.patch - Update SBAT security contact (boo#1193282) - Bump grub's SBAT generation to 2 Package gzip was updated: - Add hardening for zgrep (CVE-2022-1271, bsc#1198062) * bsc1198062-2.patch - Fix escaping of malicious filenames (CVE-2022-1271 bsc#1198062) * bsc1198062.patch - fix DFLTCC segfault [bsc#1177047] - added patches fix https://git.savannah.gnu.org/cgit/gzip.git/commit/?id=be0a534ba2b6e77da289de8da79e70843b1028cc + gzip-1.10-fix-DFLTCC-segfault.patch - gzip.spec: move %patch10 from the ifarch condition (mistake) - add gzip-1.10-fix_count_of_lines_to_skip.patch to fix count of lines to skip [bsc#1180713] Package icewm was updated: - Add icewm-build-with-glib2-ver-gt-2.67.3.patch: A later glib2 update will cause icewm failed to build by including gdk-pixbuf-xlib with extern &quot;/C&quot;/ annotation: https://gitlab.gnome.org/GNOME/glib/-/commit/51003d409bb4b6c9a8540f70b92f8045abc4f0c9?merge_request_iid=1715 The patch aims to remove the annotation caused the issue (bsc#1197729). Package icewm-theme-branding was updated: - Add fix-font-configuration.patch: Fix font configuration after google-droid-fonts update (boo#1195328 bsc#1196336) Package java-1_8_0-ibm was updated: - Update to Java 8.0 Service Refresh 7 Fix Pack 5 [bsc#1197126] * https://www.ibm.com/support/pages/java-sdk-security-vulnerabilities [bsc#1194927, CVE-2022-21366] [bsc#1194928, CVE-2022-21365] [bsc#1194929, CVE-2022-21360] [bsc#1196500, CVE-2022-21349] [bsc#1194941, CVE-2022-21341] [bsc#1194940, CVE-2022-21340] [bsc#1194939, CVE-2022-21305] [bsc#1194930, CVE-2022-21277] [bsc#1194931, CVE-2022-21299] [bsc#1194932, CVE-2022-21296] [bsc#1194933, CVE-2022-21282] [bsc#1194934, CVE-2022-21294] [bsc#1194935, CVE-2022-21293] [bsc#1194925, CVE-2022-21291] [bsc#1194937, CVE-2022-21283] [bsc#1194926, CVE-2022-21248] [CVE-2022-21271] - Fix a javaws broken symlink [bsc#1195146] Package kernel-default was updated: - x86/kexec: Disable RET on kexec (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit 8d500b6 - CVE Mitigation for CVE-2022-29900 and CVE-2022-29901 (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit 990c27e - x86/bugs: Do not enable IBPB-on-entry when IBPB is not supported (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit 88cae65 - x86/cpu/amd: Enumerate BTC_NO (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit 49afa38 - x86/common: Stamp out the stepping madness (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit d58a5f9 - x86/speculation: Remove x86_spec_ctrl_mask (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit 9d772ad - x86/speculation: Use cached host SPEC_CTRL value for guest entry/exit (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit 9aba172 - x86/speculation: Fix SPEC_CTRL write on SMT state change (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit c4b1320 - x86/speculation: Fix firmware entry SPEC_CTRL handling (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit 332556a - x86/cpu/amd: Add Spectral Chicken (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit ea6a39c - x86/bugs: Do IBPB fallback check only once (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit 706af70 - x86/bugs: Add retbleed=ibpb (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit 950f542 - intel_idle: Disable IBRS during long idle (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit 27f8099 - x86/bugs: Report Intel retbleed vulnerability (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit 7e307c4 - x86/bugs: Split spectre_v2_select_mitigation() and spectre_v2_user_select_mitigation() (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit 5046541 - x86/speculation: Add spectre_v2=ibrs option to support Kernel IBRS (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit fa5358c - x86/bugs: Optimize SPEC_CTRL MSR writes (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit d3f062a - x86/entry: Add kernel IBRS implementation (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit 8f092e0 - x86/bugs: Keep a per-CPU IA32_SPEC_CTRL value (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit b6e5484 - x86/bugs: Enable STIBP for JMP2RET (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit b304339 - x86/bugs: Add AMD retbleed= boot parameter (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - Update config files. - commit c646fc1 - x86/bugs: Report AMD retbleed vulnerability (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit 5f29932 - x86: Add magic AMD return-thunk (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit f342d5f - x86: Use return-thunk in asm code (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit a59060d - x86/sev: Avoid using __x86_return_thunk (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit 76624c2 - x86/vsyscall_emu/64: Don't use RET in vsyscall emulation (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit d794a09 - x86/kvm: Fix SETcc emulation for return thunks (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit 0fb27b4 - x86: Undo return-thunk damage (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit 0c72f74 - x86/retpoline: Use -mfunction-return (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit eb2a592 - x86/cpufeatures: Move RETPOLINE flags to word 11 (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit 613a553 - x86: Add straight-line-speculation mitigation (bsc#1201050 CVE-2021-26341). - Update config files. - Refresh patches.suse/x86-speculation-rename-retpoline_amd-to-retpoline_lfence.patch. - commit 174d972 - x86: Prepare inline-asm for straight-line-speculation (bsc#1201050 CVE-2021-26341). - commit d7ff49d - x86: Prepare asm files for straight-line-speculation (bsc#1201050 CVE-2021-26341). - commit 54330c9 - x86/lib/atomic64_386_32: Rename things (bsc#1201050 CVE-2021-26341). - commit 69fe20b - net: Rename and export copy_skb_header (bsc#1200762, CVE-2022-33741, XSA-403). - commit 5e3ad99 - net: rose: fix UAF bugs caused by timer handler (CVE-2022-2318 bsc#1201251). - commit 6ad5c1f - xen/netfront: force data bouncing when backend is untrusted (bsc#1200762, CVE-2022-33741, XSA-403). - commit 459e62a - xen/netfront: fix leaking data in shared pages (bsc#1200762, CVE-2022-33740, XSA-403). - commit b225a00 - xen/blkfront: force data bouncing when backend is untrusted (bsc#1200762, CVE-2022-33742, XSA-403). - commit 8bcc9cd - xen/blkfront: fix leaking data in shared pages (bsc#1200762, CVE-2022-26365, XSA-403). - commit f3412de - sctp: handle kABI change in struct sctp_endpoint (CVE-2022-20154 bsc#1200599). - commit c46afe6 - sctp: use call_rcu to free endpoint (CVE-2022-20154 bsc#1200599). - commit 3cb182d - ath9k: fix use-after-free in ath9k_hif_usb_rx_cb (CVE-2022-1679 bsc#1199487). - commit 2c5abda - exec: Force single empty string when argv is empty (bsc#1200571). - commit 4ee3bdd - HID: holtek: fix mouse probing (CVE-2022-20132 bsc#1200619). - HID: add USB_HID dependancy to hid-prodikeys (CVE-2022-20132 bsc#1200619). - HID: add USB_HID dependancy to hid-chicony (CVE-2022-20132 bsc#1200619). - HID: add USB_HID dependancy on some USB HID drivers (CVE-2022-20132 bsc#1200619). - HID: check for valid USB device for many HID drivers (CVE-2022-20132 bsc#1200619). - HID: add hid_is_usb() function to make it simpler for USB detection (CVE-2022-20132 bsc#1200619). - HID: introduce hid_is_using_ll_driver (CVE-2022-20132 bsc#1200619). - commit fb86cdd - igmp: Add ip_mc_list lock in ip_check_mc_rcu (bsc#1200604 CVE-2022-20141). - commit 5040a6d - floppy: disable FDRAWCMD by default (bsc#1198866 CVE-2022-1836). - Update config files. - commit 9af4e3a - add mainline tag for a pci-hyperv change - commit ec21422 - btrfs: tree-checker: fix incorrect printk format (bsc#1200249). - commit 996513e - certs: Add EFI_CERT_X509_GUID support for dbx entries (bsc#1177282 CVE-2020-26541). - Update config files. - commit 8948ca7 - NFC: netlink: fix sleep in atomic bug when firmware download timeout (CVE-2022-1975 bsc#1200143). - commit a8211d8 - nfc: replace improper check device_is_registered() in netlink related functions (CVE-2022-1974 bsc#1200144). - commit d539b18 - KVM: x86/speculation: Disable Fill buffer clear within guests (bsc#1199650 CVE-2022-21166 CVE-2022-21127 CVE-2022-21123 CVE-2022-21125 CVE-2022-21180). - x86/bugs: Group MDS, TAA &amp; Processor MMIO Stale Data mitigations (bsc#1199650 CVE-2022-21166 CVE-2022-21127 CVE-2022-21123 CVE-2022-21125 CVE-2022-21180). - x86/speculation: Add a common function for MD_CLEAR mitigation update (bsc#1199650 CVE-2022-21166 CVE-2022-21127 CVE-2022-21123 CVE-2022-21125 CVE-2022-21180). - x86/speculation/mmio: Add mitigation for Processor MMIO Stale Data (bsc#1199650 CVE-2022-21166 CVE-2022-21127 CVE-2022-21123 CVE-2022-21125 CVE-2022-21180). - x86/speculation/mmio: Add sysfs reporting for Processor MMIO Stale Data (bsc#1199650 CVE-2022-21166 CVE-2022-21127 CVE-2022-21123 CVE-2022-21125 CVE-2022-21180). - x86/speculation/mmio: Enable CPU Fill buffer clearing on idle (bsc#1199650 CVE-2022-21166 CVE-2022-21127 CVE-2022-21123 CVE-2022-21125 CVE-2022-21180). - x86/speculation/mmio: Enumerate Processor MMIO Stale Data bug (bsc#1199650 CVE-2022-21166 CVE-2022-21127 CVE-2022-21123 CVE-2022-21125 CVE-2022-21180). - x86/speculation/mmio: Reuse SRBDS mitigation for SBDS (bsc#1199650 CVE-2022-21166 CVE-2022-21127 CVE-2022-21123 CVE-2022-21125 CVE-2022-21180). - x86/speculation/srbds: Update SRBDS mitigation selection (bsc#1199650 CVE-2022-21166 CVE-2022-21127 CVE-2022-21123 CVE-2022-21125 CVE-2022-21180). - Refresh patches.suse/powerpc-64s-flush-L1D-after-user-accesses.patch. - Refresh patches.suse/powerpc-64s-flush-L1D-on-kernel-entry.patch. - commit ce3858c - btrfs: extent-tree: kill the BUG_ON() in insert_inline_extent_backref() (CVE-2019-19377 bsc#1158266). - commit 7762823 - btrfs: extent-tree: kill BUG_ON() in __btrfs_free_extent() (CVE-2019-19377 bsc#1158266). - commit fa0dbe1 - perf: Fix sys_perf_event_open() race against self (CVE-2022-1729, bsc#1199507). - commit fc77f1c - ext4: avoid cycles in directory h-tree (bsc#1198577 CVE-2022-1184). - commit ec51c1b - ext4: verify dir block before splitting it (bsc#1198577 CVE-2022-1184). - commit 97bfb10 - debug: Lock down kgdb (bsc#1199426 CVE-2022-21499). - commit 1cd17a0 - Update patch reference for ACPI fix (CVE-2017-13695 bsc#1055710) - commit e74f546 - floppy: use a statically allocated error counter (bsc#1199063 CVE-2022-1652). - commit 7173277 - nfc: nfcmrvl: main: reorder destructive operations in nfcmrvl_nci_unregister_dev to avoid bugs (CVE-2022-1734 bsc#1199605). - commit d9ccce0 - btrfs: relocation: Only remove reloc rb_trees if reloc control has been initialized (bsc#1199399). - commit d95d9f9 - bpf: fix panic due to oob in bpf_prog_test_run_skb (bsc#1197219, CVE-2021-39711). - commit 51bae76 - ptrace: Check PTRACE_O_SUSPEND_SECCOMP permission on PTRACE_SEIZE (CVE-2022-30594 bsc#1199505 bsc#1198413). - commit 26d8e0b - NFSv4: nfs_atomic_open() can race when looking up a non-regular file (bsc#1195612 CVE-2022-24448). - commit dd7b1a9 - PCI: hv: Do not set PCI_COMMAND_MEMORY to reduce VM boot time (bsc#1199314). - commit 8ae9239 - Fix kernel-vanilla build issue Fix: [ 315s] CC [M] fs/fat/namei_vfat.o [ 315s] CC kernel/elfcore.o [ 315s] ../scripts/Makefile.build:302: recipe for target 'kernel/elfcore.o' failed [ 315s] Cannot find symbol for section 1: .text. [ 315s] kernel/elfcore.o: failed [ 315s] make[3]: *** [kernel/elfcore.o] Error 1 due to toolchain updates and the patch missing in the vanilla flavor. So move it there. - commit 23d6a8f - series.conf: cleanup - Move submitted patch to &quot;/sorted&quot;/ section patches.suse/0001-SUNRPC-change-locking-for-xs_swap_enable-disable.patch - commit be6432c - ixgbevf: add disable link state (bsc#1196426 CVE-2021-33061). - ixgbe: add improvement for MDD response functionality (bsc#1196426 CVE-2021-33061). - ixgbe: add the ability for the PF to disable VF link state (bsc#1196426 CVE-2021-33061). - commit 7ca9841 - net: mana: Remove unnecessary check of cqe_type in mana_process_rx_cqe() (bsc#1195651). - net: mana: Add handling of CQE_RX_TRUNCATED (bsc#1195651). - net: mana: Reuse XDP dropped page (bsc#1195651). - net: mana: Add counter for XDP_TX (bsc#1195651). - net: mana: Add counter for packet dropped by XDP (bsc#1195651). - net: mana: Use struct_size() helper in mana_gd_create_dma_region() (bsc#1195651). - commit 6d129df - net/x25: Fix null-ptr-deref caused by x25_disconnect (CVE-2022-1516 bsc#1199012). - commit 70361a9 - net: ena: Extract recurring driver reset code into a function (bsc#1198777). - net: ena: Change the name of bad_csum variable (bsc#1198777). - net: ena: Add debug prints for invalid req_id resets (bsc#1198777). - net: ena: Remove ena_calc_queue_size_ctx struct (bsc#1198777). - net: ena: Move reset completion print to the reset function (bsc#1198777). - net: ena: Remove redundant return code check (bsc#1198777). - net: ena: Change ENI stats support check to use capabilities field (bsc#1198777). - net: ena: Add capabilities field with support for ENI stats capability (bsc#1198777). - net: ena: Change return value of ena_calc_io_queue_size() to void (bsc#1198777). - net: ena: Fix error handling when calculating max IO queues number (bsc#1198777). - net: ena: Fix wrong rx request id by resetting device (bsc#1198777). - net: ena: Fix undefined state when tx request id is out of bounds (bsc#1198777). - ena: Remove rcu_read_lock() around XDP program invocation (bsc#1198777). - net: ena: make symbol 'ena_alloc_map_page' static (bsc#1198777). - net: ena: re-organize code to improve readability (bsc#1198777). - net: ena: Use dev_alloc() in RX buffer allocation (bsc#1198777). - net: ena: aggregate doorbell common operations into a function (bsc#1198777). - net: ena: Remove module param and change message severity (bsc#1198777). - net: ena: add jiffies of last napi call to stats (bsc#1198777). - net: ena: use build_skb() in RX path (bsc#1198777). - net: ena: Improve error logging in driver (bsc#1198777). - net: ena: Remove unused code (bsc#1198777). - net: ena: optimize data access in fast-path code (bsc#1198777). - net: ena: fix DMA mapping function issues in XDP (bsc#1198777). - net: ena: remove extra words from comments (bsc#1198777). - net: ena: fix inaccurate print type (bsc#1198777). - ethernet: amazon: ena: A typo fix in the file ena_com.h (bsc#1198777). - net: ena: Update XDP verdict upon failure (bsc#1198777). - net: ena: introduce ndo_xdp_xmit() function for XDP_REDIRECT (bsc#1198777). - net: ena: use xdp_return_frame() to free xdp frames (bsc#1198777). - net: ena: introduce XDP redirect implementation (bsc#1198777). - net: ena: use xdp_frame in XDP TX flow (bsc#1198777). - net: ena: aggregate stats increase into a function (bsc#1198777). - net: ena: fix coding style nits (bsc#1198777). - net: ena: store values in their appropriate variables types (bsc#1198777). - net: ena: add device distinct log prefix to files (bsc#1198777). - net: ena: use constant value for net_device allocation (bsc#1198777). - commit 88bd8e8 - net: ena: Use pci_sriov_configure_simple() to enable VFs (bsc#1198777). - Refresh patches.suse/net-ena-add-pci-shutdown-handler-to-allow-safe-kexec.patch. - commit f6aa8e4 - ovl: fix missing negative dentry check in ovl_rename() (CVE-2021-20321 bsc#1191647). - commit 3e23b63 - SUNRPC: change locking for xs_swap_enable/disable (bsc#1196367). - commit b075c9d - scsi: scsi_dh_alua: Avoid crash during alua_bus_detach() (bsc#1028340 bsc#1198825). - commit 539ea3d - net-sysfs: call dev_hold if kobject_init_and_add success (CVE-2019-20811 bsc#1172456). - commit 5de8a61 - Update patches.suse/net-usb-ax88179_178a-Fix-out-of-bounds-accesses-in-R.patch (bsc#1196018 CVE-2022-28748). - commit 25ea790 - Update patches.suse/floppy-Do-not-copy-a-kernel-pointer-to-user-memory-i.patch (bsc#1051510 bsc#1084513 CVE-2018-7755). - commit 371ca37 - drm/vmwgfx: Fix stale file descriptors on failed usercopy (CVE-2022-22942 bsc#1195065). - commit 05bcda4 - drm/vgem: Close use-after-free race in vgem_gem_create (CVE-2022-1419 bsc#1198742) - commit c2b5f0e - isdn: cpai: check ctr-&gt;cnr to avoid array index out of bound (bsc#1191958 CVE-2021-43389). - commit 6296574 - nfc: fix NULL ptr dereference in llcp_sock_getname() after failed connect (CVE-2021-38208 bsc#1187055). - commit 54aed86 - powerpc/pseries: Fix use after free in remove_phb_dynamic() (bsc#1065729 bsc#1198660 ltc#197803). - commit dfdc4e2 - af_key: add __GFP_ZERO flag for compose_sadb_supported in function pfkey_register (CVE-2022-1353 bsc#1198516). - commit ffb367f - Update patches.suse/x86-pm-save-the-msr-validity-status-at-context-setup.patch (bsc#1198400). - Update patches.suse/x86-speculation-restore-speculation-related-msrs-during-s3-resume.patch (bsc#1198400). - commit b81f481 - drm/ttm/nouveau: don't call tt destroy callback on alloc failure (CVE-2021-20292 bsc#1183723). - commit f1a5fa2 - x86/speculation: Restore speculation related MSRs during S3 resume (bsc#1114648). - commit 46f1ca5 - fuse: handle kABI change in struct fuse_req (bsc#1197343 CVE-2022-1011). - fuse: fix pipe buffer lifetime for direct_io (bsc#1197343 CVE-2022-1011). - commit e67cd7e - x86/pm: Save the MSR validity status at context setup (bsc#1114648). - commit 87c5893 - livepatch: Don't block removal of patches that are safe to unload (bsc#1071995). - commit c1aba4b - fix parallelism for rpc tasks (bsc#1197663). - Make the xprtiod workqueue unbounded (bsc#1197663). - commit 179a9b9 - Refresh patches.suse/net-sched-use-Qdisc-rcu-API-instead-of-relying-on-rt.patch. Fix missplaced qdisc_put() - commit 883b3be - Update patches.suse/llc-fix-netdevice-reference-leaks-in-llc_ui_bind.patch references (add CVE-2022-28356 bsc#1197391). - commit 923d4a9 - netfilter: nf_tables: initialize registers in nft_do_chain() (CVE-2022-1016 bsc#1197227). - commit 4726ea9 - llc: fix netdevice reference leaks in llc_ui_bind() (git-fixes). - commit caaa7d4 - can: mcba_usb: mcba_usb_start_xmit(): fix double dev_kfree_skb in error path (CVE-2022-28389 bsc#1198033). - can: usb_8dev: usb_8dev_start_xmit(): fix double dev_kfree_skb() in error path (CVE-2022-28388 bsc#1198032). - can: ems_usb: ems_usb_start_xmit(): fix double dev_kfree_skb() in error path (CVE-2022-28390 bsc#1198031). - commit 2396928 - xprtrdma: fix incorrect header size calculations (CVE-2022-0812 bsc#1196639). - commit 19d5b1d - ALSA: pcm: Fix potential AB/BA lock with buffer_mutex and mmap_lock (CVE-2022-1048 bsc#1197331). - Refresh patches.kabi/ALSA-kABI-workaround-for-snd_pcm_runtime-changes.patch. - commit 5ef2c78 - ALSA: pcm: Fix potential AB/BA lock with buffer_mutex and mmap_lock (CVE-2022-1048 bsc#1197331). - Refresh patches.kabi/ALSA-kABI-workaround-for-snd_pcm_runtime-changes.patch. - commit 62bc950 - ext4: fix kernel infoleak via ext4_extent_header (bsc#1189562 bsc#1196761 CVE-2022-0850). - commit 8570e10 - Update patches.suse/sr9700-sanity-check-for-packet-length.patch (bsc#1196836 CVE-2022-26966). fixed typo in References - commit e04f4f1 - esp: Fix possible buffer overflow in ESP transformation (bsc#1197131 CVE-2022-0886). - commit d9e58bc - Refresh patches.suse/xfrm-fix-mtu-regression.patch. - commit 0ee241b - quota: check block number when reading the block in quota file (bsc#1197366 CVE-2021-45868). - commit b7d9616 - ALSA: kABI workaround for snd_pcm_runtime changes (CVE-2022-1048 bsc#1197331). - Refresh patches.kabi/ALSA-pcm-oss-rw_ref-kabi-fix.patch. - commit f284bec - Fixing a series_sort.py issue for a patch The patch: blk-mq-move-_blk_mq_update_nr_hw_queues-synchronize_rcu-call was placed at the end of the sorted section by series_insert.py at one time, but now series_sort.py is complaining. So move this patch to later in series.conf, outside of the sorted section, making series_sort.py happy. - commit a65cae5 - ALSA: kABI workaround for snd_pcm_runtime changes (CVE-2022-1048 bsc#1197331). - commit 86d43c7 - ALSA: pcm: Fix races among concurrent prealloc proc writes (CVE-2022-1048 bsc#1197331). - ALSA: pcm: Fix races among concurrent prepare and hw_params/hw_free calls (CVE-2022-1048 bsc#1197331). - ALSA: pcm: Fix races among concurrent read/write and buffer changes (CVE-2022-1048 bsc#1197331). - ALSA: pcm: Fix races among concurrent hw_params and hw_free calls (CVE-2022-1048 bsc#1197331). - commit e5bbf41 - ALSA: pcm: Fix races among concurrent prealloc proc writes (CVE-2022-1048 bsc#1197331). - ALSA: pcm: Fix races among concurrent prepare and hw_params/hw_free calls (CVE-2022-1048 bsc#1197331). - ALSA: pcm: Fix races among concurrent read/write and buffer changes (CVE-2022-1048 bsc#1197331). - ALSA: pcm: Fix races among concurrent hw_params and hw_free calls (CVE-2022-1048 bsc#1197331). - commit 0f72275 - macros.kernel-source: Fix conditional expansion. Fixes: bb95fef3cf19 (&quot;/rpm: Use bash for %() expansion (jsc#SLE-18234).&quot;/) - commit 7e857f7 - rpm: Use bash for %() expansion (jsc#SLE-18234). Since 15.4 alternatives for /bin/sh are provided by packages &lt;something&gt;-sh. While the interpreter for the build script can be selected the interpreter for %() cannot. The kernel spec files use bashisms in %(). While this could technically be fixed there is more serious underlying problem: neither bash nor any of the alternatives are 100% POSIX compliant nor bug-free. It is not my intent to maintain bug compatibility with any number of shells for shell scripts embedded in the kernel spec file. The spec file syntax is not documented so embedding the shell script in it causes some unspecified transformation to be applied to it. That means that ultimately any changes must be tested by building the kernel, n times if n shells are supported. To reduce maintenance effort require that bash is used for kernel build always. - commit bb95fef - net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup (bsc#1196018). - commit 95d7e2c - net: usb: ax88179_178a: fix packet alignment padding (bsc#1196018). - commit 065384f - ax88179_178a: Merge memcpy + le32_to_cpus to get_unaligned_le32 (bsc#1196018). - commit f59903f - Update patches.suse/sr9700-sanity-check-for-packet-length.patch (bac#1196836 CVE-2022-26966). added CVE number - commit 7e940d6 - rpm: Run external scriptlets on uninstall only when available (bsc#1196514 bsc#1196114 bsc#1196942). When dependency cycles are encountered package dependencies may not be fulfilled during zypper transaction at the time scriptlets are run. This is a problem for kernel scriptlets provided by suse-module-tools when migrating to a SLE release that provides these scriptlets only as part of LTSS. The suse-module-tools that provides kernel scriptlets may be removed early causing migration to fail. - commit ab8dd2d - Delete patches.suse/net-tipc-validate-domain-record-count-on-input.patch. Change included in patches.suse/tipc-improve-size-validations-for-received-domain-re.patch - commit 064907e - rpm: SC2006: Use $(...) notation instead of legacy backticked `...`. - commit f0d0e90 - powerpc/64: Fix kernel stack 16-byte alignment (bsc#1196999 ltc#196609S git-fixes). - commit d50eef3 - rpm/kernel-source.spec.in: call fdupes per subpackage It is a waste of time to do a global fdupes when we have subpackages. - commit 1da8439 - powerpc/64: Interrupts save PPR on stack rather than thread_struct (bsc#1196999 ltc#196609). - commit 6b0ae7c - net: sched: use Qdisc rcu API instead of relying on rtnl lock (bsc#1196973 CVE-2021-39713). - net: sched: add helper function to take reference to Qdisc (bsc#1196973 CVE-2021-39713). - net: sched: extend Qdisc with rcu (bsc#1196973 CVE-2021-39713). - net: sched: rename qdisc_destroy() to qdisc_put() (bsc#1196973 CVE-2021-39713). - net: core: netlink: add helper refcount dec and lock function (bsc#1196973 CVE-2021-39713). - commit a22ecb0 - xen/netfront: react properly to failing gnttab_end_foreign_access_ref() (bsc#1196488, XSA-396, CVE-2022-23042). - commit 2b38f30 - xen/gnttab: fix gnttab_end_foreign_access() without page specified (bsc#1196488, XSA-396, CVE-2022-23041). - commit 7149843 - xen/9p: use alloc/free_pages_exact() (bsc#1196488, XSA-396, CVE-2022-23041). - commit a920e1c - xen/usb: don't use gnttab_end_foreign_access() in xenhcd_gnttab_done() (bsc#1196488, XSA-396). - commit e8ca175 - xen/gntalloc: don't use gnttab_query_foreign_access() (bsc#1196488, XSA-396, CVE-2022-23039). - commit 02e08de - xen/scsifront: don't use gnttab_query_foreign_access() for mapped status (bsc#1196488, XSA-396, CVE-2022-23038). - commit 78fd62a - xen/netfront: don't use gnttab_query_foreign_access() for mapped status (bsc#1196488, XSA-396, CVE-2022-23037). - commit 335a138 - xen/blkfront: don't use gnttab_query_foreign_access() for mapped status (bsc#1196488, XSA-396, CVE-2022-23036). - commit 69cc608 - xen/grant-table: add gnttab_try_end_foreign_access() (bsc#1196488, XSA-396, CVE-2022-23036, CVE-2022-23038). - commit d8d4a06 - xen/xenbus: don't let xenbus_grant_ring() remove grants in error case (bsc#1196488, XSA-396, CVE-2022-23040). - commit 9eb0e70 - genirq: Use rcu in kstat_irqs_usr() (bsc#1193738). - commit 520b1bb - rpm/arch-symbols,guards,*driver: Replace Novell with SUSE. - commit 174a64f - usb: host: xen-hcd: add missing unlock in error path (git-fixes). - commit af60176 - Refresh patches.suse/0002-usb-Introduce-Xen-pvUSB-frontend-xen-hcd.patch. - commit ee8e3fd - Refresh patches.suse/0001-usb-Add-Xen-pvUSB-protocol-description.patch. - commit 29bb7f5 - rpm/kernel-docs.spec.in: use %%license for license declarations Limited to SLE15+ to avoid compatibility nightmares. - commit 73d560e - rpm/*.spec.in: Use https:// urls - commit 77b5f8e - kabi/severities: Ignore NPU DMA functions (bsc#1196433 ltc#196449). These cannot be supported anymore after the following changes. These were removed upstream in 5.3 because they were never used. - commit f1f926b - kABI: Add back some NPU related structure members (bsc#1196433 ltc#196449). - commit cc295da - Move kABI patches to kABI section. - commit 9b9f67a - powerpc/powernv: remove unused NPU DMA code (bsc#1196433 ltc#196449). - commit ba1f3b7 - sr9700: sanity check for packet length (bsc#1196836). - commit 7ac3395 - nfc: st21nfca: Fix potential buffer overflows in EVT_TRANSACTION (CVE-2022-26490 bsc#1196830). - commit 47ae8c5 - Update patch reference for iov security fix (CVE-2022-0847 bsc#1196584) - commit 43f0d0b - net/mlx5e: Fix page DMA map/unmap attributes (bsc#1196468). - commit 936ea82 - kernel-binary.spec: Also exclude the kernel signing key from devel package. There is a check in OBS that fails when it is included. Also the key is not reproducible. Fixes: bb988d4625a3 (&quot;/kernel-binary: Do not include sourcedir in certificate path.&quot;/) - commit 68fa069 - gve: Recording rx queue before sending to napi (jsc#SLE-23652). - gve: fix the wrong AdminQ buffer queue index check (jsc#SLE-23652). - gve: Fix GFP flags when allocing pages (jsc#SLE-23652). - gve: Add consumed counts to ethtool stats (jsc#SLE-23652). - gve: Implement suspend/resume/shutdown (jsc#SLE-23652). - gve: Add optional metadata descriptor type GVE_TXD_MTD (jsc#SLE-23652). - gve: remove memory barrier around seqno (jsc#SLE-23652). - gve: Update gve_free_queue_page_list signature (jsc#SLE-23652). - gve: Move the irq db indexes out of the ntfy block struct (jsc#SLE-23652). - gve: Correct order of processing device options (jsc#SLE-23652). - gve: fix for null pointer dereference (jsc#SLE-23652). - gve: fix unmatched u64_stats_update_end() (jsc#SLE-23652). - gve: Add a jumbo-frame device option (jsc#SLE-23652). - gve: Implement packet continuation for RX (jsc#SLE-23652). - gve: Add RX context (jsc#SLE-23652). - gve: Track RX buffer allocation failures (jsc#SLE-23652). - gve: Allow pageflips on larger pages (jsc#SLE-23652). - gve: Add netif_set_xps_queue call (jsc#SLE-23652). - gve: Do lazy cleanup in TX path (jsc#SLE-23652). - gve: Add rx buffer pagecnt bias (jsc#SLE-23652). - gve: Switch to use napi_complete_done (jsc#SLE-23652). - gve: Use kvcalloc() instead of kvzalloc() (jsc#SLE-23652). - gve: DQO: avoid unused variable warnings (jsc#SLE-23652). - gve: report 64bit tx_bytes counter from gve_handle_report_stats() (jsc#SLE-23652). - gve: fix gve_get_stats() (jsc#SLE-23652). - gve: Properly handle errors in gve_assign_qpl (jsc#SLE-23652). - gve: Avoid freeing NULL pointer (jsc#SLE-23652). - gve: Correct available tx qpl check (jsc#SLE-23652). - gve: fix the wrong AdminQ buffer overflow check (jsc#SLE-23652). - gve: DQO: Remove incorrect prefetch (jsc#SLE-23652). - gve: Simplify code and axe the use of a deprecated API (jsc#SLE-23652). - gve: Propagate error codes to caller (jsc#SLE-23652). - gve: Fix an error handling path in 'gve_probe()' (jsc#SLE-23652). - gve: Fix swapped vars when fetching max queues (jsc#SLE-23652). - gve: DQO: Fix off by one in gve_rx_dqo() (jsc#SLE-23652). - gve: Fix warnings reported for DQO patchset (jsc#SLE-23652). - gve: DQO: Add RX path (jsc#SLE-23652). - gve: DQO: Add TX path (jsc#SLE-23652). - gve: DQO: Configure interrupts on device up (jsc#SLE-23652). - gve: DQO: Add ring allocation and initialization (jsc#SLE-23652). - gve: DQO: Add core netdev features (jsc#SLE-23652). - gve: Update adminq commands to support DQO queues (jsc#SLE-23652). - gve: Add DQO fields for core data structures (jsc#SLE-23652). - gve: Add dqo descriptors (jsc#SLE-23652). - gve: Add support for DQO RX PTYPE map (jsc#SLE-23652). - gve: adminq: DQO specific device descriptor logic (jsc#SLE-23652). - gve: Introduce per netdev `enum gve_queue_format` (jsc#SLE-23652). - gve: Introduce a new model for device options (jsc#SLE-23652). - gve: Make gve_rx_slot_page_info.page_offset an absolute offset (jsc#SLE-23652). - gve: gve_rx_copy: Move padding to an argument (jsc#SLE-23652). - gve: Move some static functions to a common file (jsc#SLE-23652). - gve: Correct SKB queue index validation (jsc#SLE-23652). - gve: Upgrade memory barrier in poll routine (jsc#SLE-23652). - gve: Add NULL pointer checks when freeing irqs (jsc#SLE-23652). - gve: Update mgmt_msix_idx if num_ntfy changes (jsc#SLE-23652). - gve: Check TX QPL was actually assigned (jsc#SLE-23652). - net: gve: remove duplicated allowed (jsc#SLE-23652). - net: gve: convert strlcpy to strscpy (jsc#SLE-23652). - gve: Add support for raw addressing in the tx path (jsc#SLE-23652). - gve: Rx Buffer Recycling (jsc#SLE-23652). - gve: Add support for raw addressing to the rx path (jsc#SLE-23652). - gve: Add support for raw addressing device option (jsc#SLE-23652). - gve: Replace zero-length array with flexible-array member (jsc#SLE-23652). - gve: Enable Link Speed Reporting in the driver (jsc#SLE-23652). - gve: Use link status register to report link status (jsc#SLE-23652). - gve: Batch AQ commands for creating and destroying queues (jsc#SLE-23652). - gve: NIC stats for report-stats and for ethtool (jsc#SLE-23652). - gve: Add Gvnic stats AQ command and ethtool show/set-priv-flags (jsc#SLE-23652). - gve: Use dev_info/err instead of netif_info/err (jsc#SLE-23652). - gve: Add stats for gve (jsc#SLE-23652). - gve: Get and set Rx copybreak via ethtool (jsc#SLE-23652). - net: Google gve: Remove dma_wmb() before ringing doorbell (jsc#SLE-23652). - gve: Fix the queue page list allocated pages count (jsc#SLE-23652). - gve: fix dma sync bug where not all pages synced (jsc#SLE-23652). - commit 11aa9c5 - rpm/check-for-config-changes: Ignore PAHOLE_VERSION. - commit 88ba5ec - x86/speculation: Use generic retpoline by default on AMD (bsc#1191580 CVE-2022-0001 CVE-2022-0002). - commit 7feede3 - x86/speculation: Include unprivileged eBPF status in Spectre v2 mitigation reporting (bsc#1191580 CVE-2022-0001 CVE-2022-0002). - Refresh patches.suse/x86-speculation-add-special-register-buffer-data-sampling-srbds-mitigation.patch. - commit 37b834c - Documentation/hw-vuln: Update spectre doc (bsc#1191580 CVE-2022-0001 CVE-2022-0002). - Refresh patches.suse/0001-x86-speculation-Add-basic-IBRS-support-infrastructur.patch. - commit ae4f20a - x86/speculation: Add eIBRS + Retpoline options (bsc#1191580 CVE-2022-0001 CVE-2022-0002). - Refresh patches.suse/0001-x86-speculation-Add-basic-IBRS-support-infrastructur.patch. - Refresh patches.suse/IBRS-forbid-shooting-in-foot.patch. - commit d60f0e7 - x86/speculation: Rename RETPOLINE_AMD to RETPOLINE_LFENCE (bsc#1191580 CVE-2022-0001 CVE-2022-0002). - Refresh patches.suse/0001-x86-speculation-Add-basic-IBRS-support-infrastructur.patch. - commit f84ba7f - Refresh patches.suse/0001-x86-speculation-Add-basic-IBRS-support-infrastructur.patch. - Delete patches.suse/do-not-default-to-ibrs-on-skl.patch. Remove a statement which cancels itself out with the following patch which removes it anyway. - commit 0b79d59 - lib/iov_iter: initialize &quot;/flags&quot;/ in new pipe_buffer (bsc#1196584). - commit 589ad87 - x86,bugs: Unconditionally allow spectre_v2=retpoline,amd (bsc#1191580 CVE-2022-0001 CVE-2022-0002). - commit 0bae9af - x86/speculation: Merge one test in spectre_v2_user_select_mitigation() (bsc#1191580 CVE-2022-0001 CVE-2022-0002). - commit 7500cb0 - cpu/SMT: create and export cpu_smt_possible() (bsc#1191580 CVE-2022-0001 CVE-2022-0002). - commit 4ca375f - crypto: af_alg - get_page upon reassignment to TX SGL (bsc#1195840). - commit f9977fb - powerpc/mm: Remove dcache flush from memory remove (bsc#1196433 ltc#196449). - powerpc: Don't flush caches when adding memory (bsc#1196433 ltc#196449). - commit 23c9b78 - udf: Restore i_lenAlloc when inode expansion fails (bsc#1196079 CVE-2022-0617). - commit 2533a5b - udf: Fix NULL ptr deref when converting from inline format (bsc#1196079 CVE-2022-0617). - commit 87d491f - Update patch reference for vfs fix (CVE-2022-0644 bsc#1196155) - commit 4656612 - f2fs: fix to do sanity check on inode type during garbage collection (CVE-2021-44879 bsc#1195987). - commit e8b60dc - Update patches.suse/0001-PCI-hv-Use-expected-affinity-when-unmasking-IRQ.patch (bsc#1185973, bsc#1195536). - commit 7617851 - tipc: improve size validations for received domain records (bsc#1195254, CVE-2022-0435). - commit daaae48 - yam: fix a memory leak in yam_siocdevprivate() (CVE-2022-24959 bsc#1195897). - commit 2b51111 - Update patches.suse/0001-mmc-moxart_remove-Fix-UAF.patch (bsc#1194516 CVE-2022-0487). - commit b3ff0d9 - kernel-binary: Do not include sourcedir in certificate path. The certs macro runs before build directory is set up so it creates the aggregate of supplied certificates in the source directory. Using this file directly as the certificate in kernel config works but embeds the source directory path in the kernel config. To avoid this symlink the certificate to the build directory and use relative path to refer to it. Also fabricate a certificate in the same location in build directory when none is provided. - commit bb988d4 - constraints: Also adjust disk requirement for x86 and s390. - commit 9719db0 - constraints: Increase disk space for aarch64 - commit 09c2882 - cgroup-v1: Require capabilities to set release_agent (bsc#1195543 CVE-2022-0492). - commit 25a96a7 - NFSv4: Handle case where the lookup of a directory fails (bsc#1195612 CVE-2022-24448). - commit fe40712 - kernel-obs-build: include 9p (boo#1195353) To be able to share files between host and the qemu vm of the build script, the 9p and 9p_virtio kernel modules need to be included in the initrd of kernel-obs-build. - commit 0cfe67a - Update patch reference for BT fix (CVE-2021-3564 bsc#1186207) - commit ea7857c - Bluetooth: fix the erroneous flush_work() order (git-fixes). - commit 9b1f0b0 - net: tipc: validate domain record count on input (bsc#1195254). - commit eaeeffc - phonet: refcount leak in pep_sock_accep (bsc#1193867, CVE-2021-45095). - commit 413134f - xfrm: fix MTU regression (bsc#1185377, bsc#1194048). - Delete patches.suse/xfrm-xfrm_state_mtu-should-return-at-least-1280-for-.patch. which caused a regression (bsc#1194048). - Replace with an alternative fix for bsc#1185377 - commit 3800186 - Update patches.suse/IPv6-reply-ICMP-error-if-the-first-fragment-don-t-in.patch (bsc#1191241 bsc#1195166). - Update patches.suse/net-ipv6-discard-next-hop-mtu-less-than-minimum-link.patch (bsc#1191241 bsc#1195166). - commit 1d741e6 - bpf: Verifer, adjust_scalar_min_max_vals to always call update_reg_bounds() (bsc#1194227). - commit c098fc7 - scsi: ufs: Correct the LUN used in eh_device_reset_handler() callback (bsc#1193864 CVE-2021-39657). - commit 39c5f8e - usb: gadget: configfs: Fix use-after-free issue with udc_name (bsc#1193861 CVE-2021-39648). - commit 9ec119b - net: mana: Add RX fencing (bsc#1193506). - commit 4af8516 - net: mana: Add XDP support (bsc#1193506). - commit c395dbf - net: mana: Fix spelling mistake &quot;/calledd&quot;/ -&gt; &quot;/called&quot;/ (bsc#1193506). - commit 781000a - net: mana: Support hibernation and kexec (bsc#1193506). - commit c664fb6 - net: mana: Improve the HWC error handling (bsc#1193506). - commit be607da - net: mana: Fix the netdev_err()'s vPort argument in mana_init_port() (bsc#1193506). - commit 4301039 - net: mana: Allow setting the number of queues while the NIC is down (bsc#1193506). - commit ed46d20 - net: mana: Use kcalloc() instead of kzalloc() (bsc#1193506). - commit 2e3aed9 - hv_netvsc: Set needed_headroom according to VF (bsc#1193506). - commit e6c57eb - net, xdp: Introduce xdp_prepare_buff utility routine (bsc#1193506). - net, xdp: Introduce xdp_init_buff utility routine (bsc#1193506). - commit 69356ad - fget: clarify and improve __fget_files() implementation (bsc#1193727). - commit 3ce5a50 - tee: handle lookup of shm with reference count 0 (bsc#1193767 CVE-2021-44733). - commit 10b0db6 - kernel-binary.spec.in: Move 20-kernel-default-extra.conf to the correctr directory (bsc#1195051). - commit c80b5de - drm/i915: Flush TLBs before releasing backing store (CVE-2022-0330 bsc#1194880). - commit bd11976 - kabi/severities: Add a kabi exception for drivers/tee/tee According to the partner modules database, the structs of this driver are not used by anything external so make a kABI exception for them. Do that on purpose so that any external module using this fails to load instead of causing a potential memory corruption due to a kabi workaround which would use the same offset but for a different thing: - struct dma_buf *dmabuf; + refcount_t refcount; See upstream commit dfd0743f1d9e (&quot;/tee: handle lookup of shm with reference count 0&quot;/) - commit ac7feb6 - sctp: account stream padding length for reconf chunk (bsc#1194985 CVE-2022-0322). - commit f5ee3ee - vfs: check fd has read access in kernel_read_file_from_fd() (bsc#1194888). - commit b248150 - kernel-binary.spec: Do not use the default certificate path (bsc#1194943). Using the the default path is broken since Linux 5.17 - commit 68b36f0 - moxart: fix potential use-after-free on remove path (bsc#1194516). - commit 5a3dfcb - memstick: rtsx_usb_ms: fix UAF (bsc#1194516). - commit 9692e25 - livepatch: Avoid CPU hogging with cond_resched (bsc#1071995). - commit 90dede7 - cgroup: Use open-time credentials for process migraton perm checks (bsc#1194302 CVE-2021-4197). - commit b76ad03 - NFC: add NCI_UNREG flag to eliminate the race (CVE-2021-4202 bsc#1194529). - NFC: reorder the logic in nfc_{un,}register_device (CVE-2021-4202 bsc#1194529). - NFC: reorganize the functions in nci_request (CVE-2021-4202 bsc#1194529). - commit 68b4b42 - Update patches.suse/tcp-fix-a-race-in-inet_diag_dump_icsk.patch (networking-stable-19_01_04 bsc#1186222). Fix bsc#1186222 by using proper atomic helper. - commit bd29e90 - fget: check that the fd still exists after getting a ref to it (bsc#1193727 CVE-2021-4083). - commit 5441599 - kprobes: Limit max data_size of the kretprobe instances (bsc#1193669). - commit 3600b27 - btrfs: unlock newly allocated extent buffer after error (bsc#1194001, CVE-2021-4149). - commit 0a8af05 - netdevsim: Zero-initialize memory for new map's value in function nsim_bpf_map_alloc (bsc#1193927 CVE-2021-4135). - commit 27d280b - inet: use bigger hash table for IP ID generation (CVE-2021-45486 bsc#1194087). - commit 0387442 - fix rpm build warning tumbleweed rpm is adding these warnings to the log: It's not recommended to have unversioned Obsoletes: Obsoletes: microcode_ctl - commit 3ba8941 - recordmcount.pl: fix typo in s390 mcount regex (bsc#1192267). - commit b8b1ef9 - recordmcount.pl: look for jgnop instruction as well as bcrl on s390 (bsc#1192267). - Delete patches.suse/ftrace-recordmcount-binutils.patch. - commit 9b6815f - Update config files. - commit f87a32f - af_unix: fix garbage collect vs MSG_PEEK (CVE-2021-0920 bsc#1193731). - commit 167f0fb - net: split out functions related to registering inflight socket files (CVE-2021-0920 bsc#1193731). - commit 8ec3ad8 - build initrd without systemd This reduces the size of the initrd by over 25%, which improves startup time of the virtual machine by 0.5-0.6s on very fast machines, more on slower ones. - commit ef4c569 - xen/netback: don't queue unlimited number of packages (CVE-2021-28715 XSA-392 bsc#1193442). - commit a67e40b - xen/netback: fix rx queue stall detection (CVE-2021-28714 XSA-392 bsc#1193442). - commit aa10f67 - xen/console: harden hvc_xen against event channel storms (CVE-2021-28713 XSA-391 bsc#1193440). - commit f9f6563 - xen/netfront: harden netfront against event channel storms (CVE-2021-28712 XSA-391 bsc#1193440). - commit 785c1f2 - xen/blkfront: harden blkfront against event channel storms (CVE-2021-28711 XSA-391 bsc#1193440). - commit adb747c - tty: hvc: replace BUG_ON() with negative return value (git-fixes). - commit 24773f9 - xen/netfront: don't trust the backend response data blindly (git-fixes). - commit 61f473d - xen/netfront: disentangle tx_skb_freelist (git-fixes). - commit a27eb85 - xen/netfront: don't read data from request on the ring page (git-fixes). - commit d843191 - xen/netfront: read response from backend only once (git-fixes). - commit 10c97f1 - xen/blkfront: don't trust the backend response data blindly (git-fixes). - commit 8238939 - xen/blkfront: don't take local copy of a request from the ring page (git-fixes). - commit 0c42763 - xen/blkfront: read response from backend only once (git-fixes). - commit 7b30def - xen: sync include/xen/interface/io/ring.h with Xen's newest version (git-fixes). - commit 0df7133 - kernel-obs-build: remove duplicated/unused parameters lbs=0 - this parameters is just giving &quot;/unused parameter&quot;/ and it looks like I can not find any version that implemented this. rd.driver.pre=binfmt_misc is not needed when setup_obs is used, it alread loads the kernel module. quiet and panic=1 will now be also always added by OBS, so we don't have to set it here anymore. - commit 972c692 - ring-buffer: Protect ring_buffer_reset() from reentrancy (CVE-2020-27825 bsc#1179960). - commit 432ad3d - Update patches.suse/bpf-fix-truncated-jump-targets-on-heavy-expansions.patch (bsc#1109837 bsc#1193575 CVE-2018-25020). - commit 0de083e - bpf: fix truncated jump targets on heavy expansions (bsc#1193575 CVE-2018-25020). - commit bf19161 - Revert &quot;/- rpm/*build: use buildroot macro instead of env variable&quot;/ buildroot macro is not being expanded inside a shell script. go back to the environment variable usage. This reverts parts of commit e2f60269b9330d7225b2547e057ef0859ccec155. - commit fe85f96 - kernel-obs-build: include the preferred kernel parameters Currently the Open Build Service hardcodes the kernel boot parameters globally. Recently functionality was added to control the parameters by the kernel-obs-build package, so make use of that. parameters here will overwrite what is used by OBS otherwise. - commit a631240 - kABI compatibility for struct l2tp_tunnel (bsc#1192032 CVE-2021-0935). - commit 237dc6f - l2tp: fix races with ipv4-mapped ipv6 addresses (bsc#1192032 CVE-2021-0935). - commit 3f8483b - kernel-obs-build: inform build service about virtio-serial Inform the build worker code that this kernel supports virtio-serial, which improves performance and relability of logging. - commit 301a3a7 - rpm/*.spec.in: use buildroot macro instead of env variable The RPM_BUILD_ROOT variable is considered deprecated over a buildroot macro. future proof the spec files. - commit e2f6026 - kernel-binary.spec: Fix kernel-default-base scriptlets after packaging merge. - commit 275c61a - nouveau: Suppress sysfs bind (CVE-2020-27820 bsc#1179599). - commit c2489c9 - hugetlbfs: flush TLBs correctly after huge_pmd_unshare (bsc#1192946 (CVE-2021-4002)). - commit c355959 - atlantic: Fix OOB read and write in hw_atl_utils_fw_rpc_wait (bsc#1192845 CVE-2021-43975). - commit c3c1eae - rpm/kernel-binary.spec.in: don't strip vmlinux again (bsc#1193306) After usrmerge, vmlinux file is not named vmlinux-&lt;version&gt;, but simply vmlinux. And this is not reflected in STRIP_KEEP_SYMTAB we set. So fix this by removing the dash... - commit 83af88d - ixgbe: fix large MTU request from VF (bsc#1192877 CVE-2021-33098). - commit 56240b9 - Move upstreamed BT patch into sorted section - commit a0f930a - mwifiex: Fix skb_over_panic in mwifiex_usb_recv() (CVE-2021-43976 bsc#1192847). - commit c14a908 - brcmfmac: add CLM download support (bsc#1167162 CVE-2019-15126). - commit 7737eec - constraints: Build aarch64 on recent ARMv8.1 builders. Request asimdrdm feature which is available only on recent ARMv8.1 CPUs. This should prevent scheduling the kernel on an older slower builder. - commit 60fc53f - objtool: Support Clang non-section symbols in ORC generation (bsc#1169514). - commit 5ab2439 - elfcore: fix building with clang (bsc#1169514). - commit b91821c - x86/xen: Mark cpu_bringup_and_idle() as dead_end_function (bsc#1169514). - commit cf74b00 - kernel-source.spec: install-kernel-tools also required on 15.4 - commit 6cefb55 - kernel-*-subpackage: Add dependency on kernel scriptlets (bsc#1192740). - commit a133bf4 - Fix problem with missing installkernel on Tumbleweed. - commit 2ed6686 - net: ipv6: Discard next-hop MTU less than minimum link MTU (bsc#1191241). - commit 3a21ecb - ipv6/netfilter: Discard first fragment not including all headers (bsc#1191241 bsc#1195166). - commit 9602abb - IPv6: reply ICMP error if the first fragment don't include all headers (bsc#1191241). - commit d34d458 - ICMPv6: Add ICMPv6 Parameter Problem, code 3 definition (bsc#1191241 bsc#1195166). - commit 0aed272 - rpm/kernel-obs-build.spec.in: move to zstd for the initrd Newer distros have capability to decompress zstd, which provides a 2-5% better compression ratio at very similar cpu overhead. Plus this tests the zstd codepaths now as well. - commit 3d53a5b - rpm/kernel-obs-build.spec.in: reduce initrd functionality For building in OBS, we always build inside a virtual machine that gets a new, freshly created scratch filesystem image. So we do not need to handle fscks because that ain't gonna happen, as well as not we do not need to handle microcode update in the initrd as these only can be run on the host system anyway. We can also strip and hardlink as an additional optimisation that should not significantly hurt. - commit c72c6fc - kernel-spec-macros: Since rpm 4.17 %verbose is unusable (bsc#1191229). The semantic changed in an incompatible way so invoking the macro now causes a build failure. - commit 3e55f55 - rpm: use _rpmmacrodir (boo#1191384) - commit e350c14 - kernel-binary.spec: Do not sign kernel when no key provided (bsc#1187167). - commit 6c24533 - kernel-binary.spec: suse-kernel-rpm-scriptlets required for uninstall as well. Fixes: e98096d5cf85 (&quot;/rpm: Abolish scritplet templating (bsc#1189841).&quot;/) - commit e082fbf - kernel-binary.spec: Check for no kernel signing certificates. Also remove unused variable. - commit bdc323e - Revert &quot;/rpm/kernel-binary.spec: Use only non-empty certificates.&quot;/ This reverts commit 30360abfb58aec2c9ee7b6a27edebe875c90029d. - commit 413e05b - rpm/kernel-binary.spec: Use only non-empty certificates. - commit 30360ab - fixup &quot;/rpm: support gz and zst compression methods&quot;/ once more (bsc#1190428, bsc#1190358) Fixes: 3b8c4d9bcc24 (&quot;/rpm: support gz and zst compression methods&quot;/) Fixes: 23510fce36ec (&quot;/fixup &quot;/rpm: support gz and zst compression methods&quot;/&quot;/) - commit 165378a - fixup &quot;/rpm: support gz and zst compression methods&quot;/ once more Fixes: 3b8c4d9bcc24 (&quot;/rpm: support gz and zst compression methods&quot;/) Fixes: 23510fce36ec (&quot;/fixup &quot;/rpm: support gz and zst compression methods&quot;/&quot;/) - commit 34e68f4 - fixup &quot;/rpm: support gz and zst compression methods&quot;/ Fixes: 3b8c4d9bcc24 (&quot;/rpm: support gz and zst compression methods&quot;/) - commit 23510fc - kernel-cert-subpackage: Fix certificate location in scriptlets (bsc#1189841). Fixes: d9a1357edd73 (&quot;/rpm: Define $certs as rpm macro (bsc#1189841).&quot;/) - commit 8684de8 - kernel-binary.spec.in Stop templating the scriptlets for subpackages (bsc#1190358). The script part for base package case is completely separate from the part for subpackages. Remove the part for subpackages from the base package script and use the KMP scripts for subpackages instead. - commit 5d1f677 - kernel-binary.spec: Do not fail silently when KMP is empty (bsc#1190358). Copy the code from kernel-module-subpackage that deals with empty KMPs. - commit d7d2e6e - rpm/kernel-source.spec.in: do some more for vanilla_only Make sure: * sources are NOT executable * env is not used as interpreter * timestamps are correct We do all this for normal kernel builds, but not for vanilla_only kernels (linux-next and vanilla). - commit b41e4fd - rpm: Fold kernel-devel and kernel-source scriptlets into spec files (bsc#1189841). These are unchanged since 2011 when they were introduced. No need to track them separately. - commit 692d38b - rpm: Abolish image suffix (bsc#1189841). This is used only with vanilla kernel which is not supported in any way. The only effect is has is that the image and initrd symlinks are created with this suffix. These symlinks are not used except on s390 where the unsuffixed symlinks are used by zipl. There is no reason why a vanilla kernel could not be used with zipl as well as it's quite unexpected to not be able to boot when only a vanilla kernel is installed. Finally we now have a backup zipl kernel so if the vanilla kernel is indeed unsuitable the backup kernel can be used. - commit e2f37db - kernel-binary.spec: Define $image as rpm macro (bsc#1189841). - commit e602b0f - rpm: Define $certs as rpm macro (bsc#1189841). Also pass around only the shortened hash rather than full filename. As has been discussed in bsc#1124431 comment 51 https://bugzilla.suse.com/show_bug.cgi?id=1124431#c51 the placement of the certificates is an API which cannot be changed unless we can ensure that no two kernels that use different certificate location can be built with the same certificate. - commit d9a1357 - rpm: Abolish scritplet templating (bsc#1189841). Outsource kernel-binary and KMP scriptlets to suse-module-tools. This allows fixing bugs in the scriptlets as well as defining initrd regeneration policy independent of the kernel packages. - commit e98096d - rpm/kernel-binary.spec.in: Use kmod-zstd provide. This makes it possible to use kmod with ZSTD support on non-Tumbleweed. - commit 357f09a - rpm/kernel-binary.spec.in: avoid conflicting suse-release suse-release has arbitrary values in staging, we can't use it for dependencies. The filesystem one has to be enough (boo#1184804). - commit 56f2cba - rpm: fix kmp install path - commit 22ec560 - post.sh: detect /usr mountpoint too - commit c7b3d74 - kernel-binary.spec.in: make sure zstd is supported by kmod if used - commit f36412b - kernel-binary.spec.in: add zstd to BuildRequires if used - commit aa61dba - rpm: support gz and zst compression methods Extend commit 18fcdff43a00 (&quot;/rpm: support compressed modules&quot;/) for compression methods other than xz. - commit 3b8c4d9 - kernel-binary.spec: Require dwarves for kernel-binary-devel when BTF is enabled (jsc#SLE-17288). About the pahole version: v1.18 should be bare mnimum, v1.22 should be fully functional, for now we ship git snapshot with fixes on top of v1.21. - commit 8ba3382 - README: Modernize build instructions. - commit 8cc5c28 - rpm/kernel-obs-build.spec.in: make builds reproducible (bsc#1189305) - commit 7f9ade7 - Fix filesystem requirement and suse-release requires Reduce filesystem conflict to anything less than 16 to allow pulling the change into the next major stable version. Don't require suse-release as that's not technically required. Conflict with a too old one instead. - commit 913f755 - rpm/kernel-source.rpmlintrc: ignore new include/config files In 5.13, since 0e0345b77ac4, config files have no longer .h suffix. Adapt the zero-length check. Based on Martin Liska's change. - commit b6f021b - gve: Add basic driver framework for Compute Engine Virtual NIC (jsc#SLE-23652). - gve: Add ethtool support (jsc#SLE-23652). - gve: Add workqueue and reset support (jsc#SLE-23652). - gve: Copy and paste bug in gve_get_stats() (jsc#SLE-23652). - gve: Fix case where desc_cnt and data_cnt can get out of sync (jsc#SLE-23652). - gve: Fix error return code in gve_alloc_qpls() (jsc#SLE-23652). - gve: Fix u64_stats_sync to initialize start (jsc#SLE-23652). - gve: Fixes DMA synchronization (jsc#SLE-23652). - gve: Remove the exporting of gve_probe (jsc#SLE-23652). - gve: fix -ENOMEM null check on a page allocation (jsc#SLE-23652). - gve: fix unused variable/label warnings (jsc#SLE-23652). - gve: replace kfree with kvfree (jsc#SLE-23652). Replaced single commit gve driver add commit with all its upstream commits. This is done in a single commit to keep bisectability. - commit 461f4aa - pNFS/flexfiles: fix incorrect size check in decode_nfs_fh() (git-fixes CVE-2021-4157 bnc#1194013). - commit 957ab2c - Add obsolete_rebuilds_subpackage (boo#1172073 bsc#1191731). - commit f037781 - powerpc/pseries: extract host bridge from pci_bus prior to bus removal (bsc#1182171 ltc#190900 bsc#1198660 ltc#197803). - commit 1c27431 Package libinput was updated: - Add libinput-CVE_2022-1215.patch: strip the device name of format directives (boo#1198111 CVE-2022-1215). Package libpsl was updated: - fix [bsc#1197771] - FTBFS: libpsl won't compile on SP4- added patches https://github.com/rockdaboot/libpsl/commit/f364cea73e351ce62e0b337fd1fbc21e70b52d56 + libpsl-fix-test-data.patch Package libqb was updated: - IPC: server: avoid temporary channel priority loss, up to deadlock-worth (gh#ClusterLabs/libqb#352, rh#1718773, bsc#1188212) * bsc#1188212-0001-IPC-server-avoid-temporary-channel-priority-loss-up-.patch Package libsolv was updated: - reworked choice rule generation to cover more usecases- support SOLVABLE_PREREQ_IGNOREINST in the ordering code [bsc#1196514] - support parsing of Debian's Multi-Arch indicator - bump version to 0.7.22 - fix segfault on conflict resolution when using bindings - fix split provides not working if the update includes a forbidden vendor change - support strict repository priorities new solver flag: SOLVER_FLAG_STRICT_REPO_PRIORITY - support zstd compressed control files in debian packages - add an ifdef allowing to rename Solvable dependency members (&quot;/requires&quot;/ is a keyword in C++20) - support setting/reading userdata in solv files new functions: repowriter_set_userdata, solv_read_userdata - support queying of the custom vendor check function new function: pool_get_custom_vendorcheck - support solv files with an idarray block - allow accessing the toolversion at runtime - bump version to 0.7.21 Package libtirpc was updated: - fix memory leak in client protocol version 2 code (bsc#1193805) - update: 0001-rpcb_clnt.c-config-to-try-protocolversion-2-first.patch Package libxml2 was updated: - Security fix: [bsc#1199132, CVE-2022-29824] * Integer overflow leading to out-of-bounds write in buf.c (xmlBuf*) and tree.c (xmlBuffer*) * Add libxml2-CVE-2022-29824.patch - Security fix: [bsc#1196490, CVE-2022-23308] * Use-after-free of ID and IDREF attributes. * Add libxml2-CVE-2022-23308.patch * Add libxml2-CVE-2021-3541.patch Package libzypp was updated: - ZConfig: Update solver settings if target changes (bsc#1196368)- version 17.30.0 (22) - Fix possible hang in singletrans mode (bsc#1197134) - Do 2 retries if mount is still busy. - version 17.29.7 (22) - Fix package signature check (bsc#1184501) Pay attention that header and payload are secured by a valid signature and report more detailed which signature is missing. - Retry umount if device is busy (bsc#1196061, closes #381) A previously released ISO image may need a bit more time to release it's loop device. So we wait a bit and retry. - Fix serializing/deserializing type mismatch in zypp-rpm protocol (bsc#1196925) - Fix handling of ISO media in releaseAll (bsc#1196061) - Hint on common ptf resolver conflicts (bsc#1194848) - version 17.29.6 (22) - Hint on ptf&lt;&gt;patch resolver conflicts (bsc#1194848) - version 17.29.5 (22) - Fix handling of redirected command in-/output (bsc#1195326) This fixes delays at the end of zypper operations, where zypper unintentionally waits for appdata plugin scripts to complete. - version 17.29.4 (22) - Public header files on older distros must use c++11 (bsc#1194597) - Fix exception handling when reading or writing credentials (bsc#1194898) - version 17.29.3 (22) - Fix Legacy include (bsc#1194597) - version 17.29.2 (22) - Fix broken install path for parser compat headers (fixes #372, bsc#1194597) - RepoManager: remember exec errors in exception history (bsc#1193007) - version 17.29.1 (22) Package mlocate was updated: - require apparmor-abstractions, because apparmor.service fails with Could not open 'tunables/global' error otherwise (bsc#1195144) Package mozilla-nss was updated: - Mozilla NSS 3.68.3 (bsc#1197903) This release improves the stability of NSS when used in a multi-threaded environment. In particular, it fixes memory safety violations that can occur when PKCS#11 tokens are removed while in use (CVE-2022-1097). We presume that with enough effort these memory safety violations are exploitable. * Remove token member from NSSSlot struct (bmo#1756271). * Hold tokensLock through nssToken_GetSlot calls in nssTrustDomain_GetActiveSlots (bmo#1755555). * Check return value of PK11Slot_GetNSSToken (bmo#1370866). Package net-snmp was updated: - Decouple snmp-mibs from net-snmp version to allow major version upgrade (bsc#1196955). Package nfs-utils was updated: - Add 0023-cache.c-removed-a-couple-warning.patch Fix compilation with new glibc (SLE15-SP4) (bsc#1197788) - Add 0021-mount.nfs-insert-sloppy-at-beginning-of-the-options.patch Add 0022-mount.nfs-Fix-the-sloppy-option-processing.patch Ensure &quot;/sloppy&quot;/ is added correctly for newer kernels. Particularly required for kernels since 5.6 (so SLE15-SP4), and safe for all kernels. (boo#1197297) - Add 0020-mountd-Initialize-logging-early.patch If an error or warning message is produced before closeall() is called, mountd gets confused and doesn't work. (bsc#1194661) Package ocfs2-tools was updated: - fsck.ocfs2: do not try locking after replaying journals if -F is given (bsc#1196705) + fsck.ocfs2-do-not-try-locking-after-replaying-journa.patch Package openldap2 was updated: - bsc#1199240 - CVE-2022-29155 - Resolve sql injection in back-sql * 0242-ITS-9815-slapd-sql-escape-filter-values.patch - bsc#1191157 - Correct version specification in ppolicy to allow submission to SP3 for TLS1.3 - bsc#1191157 - allow specification of max/min TLS version with TLS1.3 * 0239-ITS-9422-Update-for-TLS-v1.3.patch * 0240-ITS-9518-add-LDAP_OPT_X_TLS_PROTOCOL_MAX-option.patch * 0241-TLS-set-protocol-version.patch - bsc#1197004 - libldap was able to be out of step with openldap in some cases which could cause incorrect installations and symbol resolution failures. openldap2 and libldap now are locked to their related release versions. - jsc#PM-3288 - restore CLDAP functionality in CLI tools - Revert jsc#PM-3288 - CLDAP ( -DLDAP_CONNECTIONLESS ) due to regression reporting is bsc#1197004 causing SSSD to have faults. - jsc#PM-3288 - restore CLDAP functionality in CLI tools Package openssl-1_1 was updated: - Encrypt the sixteen bytes that were unencrypted in some circumstances on 32-bit x86 platforms. * [bsc#1201099, CVE-2022-2097] * added openssl-CVE-2022-2097.patch - Added openssl-1_1-Fix-file-operations-in-c_rehash.patch * bsc#1200550 * CVE-2022-2068 * Fixed more shell code injection issues in c_rehash - Added openssl-update_expired_certificates.patch * Openssl failed tests because of expired certificates. * bsc#1185637 * Sourced from https://github.com/openssl/openssl/pull/18446/commits - Security fix: [bsc#1199166, CVE-2022-1292] * Added: openssl-CVE-2022-1292.patch * properly sanitise shell metacharacters in c_rehash script. - Security Fix: [bsc#1196877, CVE-2022-0778] * Infinite loop in BN_mod_sqrt() reachable when parsing certificates * Add openssl-CVE-2022-0778.patch Package p11-kit was updated: - CVE-2020-29362: Fixed a 4 byte overread (bsc#1180065) Added p11-kit-CVE-2020-29362.patch: Package pacemaker was updated: - attrd: check election status upon loss of a voter to prevent unexpected pending (bsc#1191676) * bsc#1191676-0001-Fix-attrd-check-election-status-upon-loss-of-a-voter.patch - stonith-ng's function cannot be blocked with CIB updates forever (bsc#1188212) * bsc#1188212-0001-Low-mainloop-make-it-possible-to-specify-server-s-pr.patch * bsc#1188212-0002-High-stonith-ng-s-function-cannot-be-blocked-with-CI.patch Package pam was updated: - Do not include obsolete libselinux header files flask.h and av_permissions.h. [bsc#1197794, pam-bsc1197794-do-not-include-obsolete-header-files.patch] - Between allocating the variable &quot;/ai&quot;/ and free'ing them, there are two &quot;/return NO&quot;/ were we don't free this variable. This patch inserts freaddrinfo() calls before the &quot;/return NO;&quot;/s. [bsc#1197024, pam-bsc1197024-free-addrinfo-before-return.patch] - Define _pam_vendordir as &quot;//%{_sysconfdir}/pam.d&quot;/ The variable is needed by systemd and others. [bsc#1196093, macros.pam] Package pam-modules was updated: - Do not include &lt;selinux/flask.h&gt; it does not exist any more in newer libselinux versions and is not required in older ones. [bsc#1197795, pam-bsc1197795-do-not-include-obsolete-header-files.patch] Package patch was updated: - fix-swapping-fake-lines-in-pch_swap.patch: Fix swapping fake lines in pch_swap. This bug was causing a double free leading to a crash (boo#1080985 CVE-2018-6952). - abort-when-cleaning-up-fails.patch: Abort when cleaning up fails. This bug could cause an infinite loop when a patch wouldn't apply, leading to a segmentation fault (boo#1111572). - dont-follow-symlinks-unless-asked.patch: Don't follow symlinks unless --follow-symlinks is given. This increases the security against malicious patches (boo#1142041 CVE-2019-13636). - pass-the-correct-stat-to-backup-files.patch: Pass the correct stat to backup files. This bug would occasionally cause backup files to be missing when all hunks failed to apply (boo#1198106). Package pcre was updated: - Added pcre-8.45-bsc1199232-unicode-property-matching.patch * bsc#1199232 * CVE-2022-1586 * Fixes unicode property matching issue Package pcre2 was updated: - Added pcre2-10.31-bsc1199232-unicode-property-matching.patch * bsc#1199232 / CVE-2022-1586 * Fixes unicode property matching issue Package perl was updated: - Stabilize Socket::VERSION comparisons [bnc#1193489] new patch: perl-Stabilize-Socket-VERSION-comparisons.patch Package perl-XML-LibXML was updated: - (bsc#1197798) FTBFS: compile against latest version available of libxml in SP4 so perl-XML-LibXSLT compiles cleanly. Package procps was updated: - Add patch bsc1195468-23da4f40.patch to fix bsc#1195468 that is ignore SIGURG Package protobuf was updated: - Fix incorrect parsing of nullchar in the proto symbol, CVE-2021-22570, bsc#1195258 * Add protobuf-CVE-2021-22570.patch Package psmisc was updated: * Add a fallback if the system call name_to_handle_at() is not supported by the used file system. - Add patch psmisc-22.21-semaphores.patch * Replace the synchronizing over pipes of the sub process for the stat(2) system call with mutex and conditions from pthreads(7) (bsc#1194172) - Add patch psmisc-22.21-statx.patch * Use statx(2) or SYS_statx system call to replace the stat(2) system call and avoid the sub process at all (bsc#1194172) - Change patch 0001-Use-mountinfo-to-be-able-to-use-the-mount-identity.patch * Determine the namespace of a process only once to speed up the parsing of fdinfo (bsc#1194172). - Change patch 0001-Use-mountinfo-to-be-able-to-use-the-mount-identity.patch Package python3 was updated: - Add CVE-2015-20107-mailcap-unsafe-filenames.patch to avoid CVE-2015-20107 (bsc#1198511, gh#python/cpython#68966), the command injection in the mailcap module. - Rename support-expat-245.patch to support-expat-CVE-2022-25236-patched.patch to unify the patch with other packages. - Add bpo-46623-skip-zlib-s390x.patch skipping two failing tests on s390x. - Update bundled pip wheel to the latest SLE version patched against bsc#1186819 (CVE-2021-3572). - Add patch support-expat-245.patch: * Support Expat &gt;= 2.4.5 - Rename 22198.patch into more descriptive remove-sphinx40-warning.patch. - Don't use appstream-glib on SLE-12. - Use Python 2-based Sphinx on SLE-12. - No documentation on SLE-12. - Add skip_SSL_tests.patch skipping tests because of patched OpenSSL (bpo#9425). - Don't use appstream-glib on SLE-12. - Use Python 2-based Sphinx on SLE-12. - No documentation on SLE-12. - Add skip_SSL_tests.patch skipping tests because of patched OpenSSL (bpo#9425). - Don't use OpenSSL 1.1 on platforms which don't have it. - Remove shebangs from from python-base libraries in _libdir (bsc#1193179, bsc#1192249). - Readjust patches: - bpo-31046_ensurepip_honours_prefix.patch - decimal.patch - python-3.3.0b1-fix_date_time_compiler.patch - build against openssl 1.1 as it is incompatible with openssl 3.0+ (bsc#1190566) - 0001-allow-for-reproducible-builds-of-python-packages.patch: ignore permission error when changing the mtime of the source file in presence of SOURCE_DATE_EPOCH - CVE-2021-3733-ReDoS-urllib-AbstractBasicAuthHandler.patch - Remove merged patch CVE-2020-8492-urllib-ReDoS.patch and CRLF_injection_via_host_part.patch. Package release-notes-ha was updated: - 15.1.20220427 (tracked in bsc#933411)- Change bug reporting product to non-beta - Updated URL for source code download (bsc#1150672) Package release-notes-sles-for-sap was updated: 15.1.20220712 (tracked in bsc#1201315)- fixed bsc#1201315: Trento is fully supported remove it from tech preview section - Added note about native systemd support (bsc#1197511) Set to unmaintained - 15.1.20220202 (tracked in bsc#933411) - Added Trento disclaimer (jsc#SLE-22810) - Updated lifecycle length to 3.5 years (bsc#1188003) - Added note about HANA-SR unattended (jsc#SLE-4044) - Updated URL for source code download (bsc#1150672) Package resource-agents was updated: - AUDIT-FIND: resource-agents: Predictable log file in /tmp in mariadb.in (bsc#1146691) Add patch: 0001-mariadb-Remove-obsolete-DEBUG_LOG-functionality-1191.patch - oracle RA lists monpassword as optional but fails unless provided (bsc#1197956) Add upstream patch: 0001-Improve-the-error-message-if-monpassword-was-not-set.patch - RA reports &quot;/string indices must be integers&quot;/ to stderr after &quot;/WARNING: Failed to reach the server: Gone&quot;/ (bsc#1194502) Add upstream patch: 0001-azure-events-report-error-if-jsondata-not-received.patch Package rsyslog was updated: - (CVE-2022-24903) fix potential heap buffer overflow in modules for TCP syslog reception (bsc#1199061) * add CVE-2022-24903.patch Package ruby2 was updated: - Update suse.patch: - backport fix for CVE-2022-28739: ruby: Buffer overrun in String-to-Float conversion (boo#1198441) - back port date 2.0.3 CVE-2021-41817 (boo#1193035) - merge the previous bug fixes into suse.patch - CVE-2021-32066.patch - CVE-2021-31810.patch - CVE-2021-31799.patch - Add Requires to make and gcc to ruby-devel to make the default extconf.rb work Package rubygem-actionpack-5_1 was updated: - Added patch 0005-CVE-2021-22904.patch to fix CVE-2021-22904 (bsc#1185780) - Added patch 0004-CVE-2022-23633.patch to fix CVE-2022-23633 (bsc#1196182) Package rubygem-activesupport-5_1 was updated: Package rubygem-puma was updated: - updated to version 4.3.11 * fix bsc#1196222, CVE-2022-23634 rubygem-puma: puma would not always call 'close' on the response body * fix bsc#1191681, CVE-2021-41136 * fix bsc#1188527, CVE-2021-29509 Package rubygem-rack was updated: - security update- added patches fix CVE-2022-30122 [bsc#1200748], crafted multipart POST request may cause a DoS + rubygem-rack-CVE-2022-30122.patch fix CVE-2022-30123 [bsc#1200750], crafted requests can cause shell escape sequences + rubygem-rack-CVE-2022-30123.patch Package runc was updated: - Update to runc v1.1.3. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.3. (Includes a fix for bsc#1200088.) * Our seccomp `-ENOSYS` stub now correctly handles multiplexed syscalls on s390 and s390x. This solves the issue where syscalls the host kernel did not support would return `-EPERM` despite the existence of the `-ENOSYS` stub code (this was due to how s390x does syscall multiplexing). * Retry on dbus disconnect logic in libcontainer/cgroups/systemd now works as intended; this fix does not affect runc binary itself but is important for libcontainer users such as Kubernetes. * Inability to compile with recent clang due to an issue with duplicate constants in libseccomp-golang. * When using systemd cgroup driver, skip adding device paths that don't exist, to stop systemd from emitting warnings about those paths. * Socket activation was failing when more than 3 sockets were used. * Various CI fixes. * Allow to bind mount /proc/sys/kernel/ns_last_pid to inside container. * runc static binaries are now linked against libseccomp v2.5.4. - Remove upstreamed patches: - bsc1192051-0001-seccomp-enosys-always-return-ENOSYS-for-setup-2-on-s390x.patch - Backport &lt;https://github.com/opencontainers/runc/pull/3474&gt; to fix issues with newer syscalls (namely faccessat2) on older kernels on s390(x) caused by that platform's syscall multiplexing semantics. bsc#1192051 bsc#1199565 + bsc1192051-0001-seccomp-enosys-always-return-ENOSYS-for-setup-2-on-s390x.patch - Add ExcludeArch for s390 (not s390x) since we've never supported it. - Update to runc v1.1.2. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.2. CVE-2022-29162 bsc#1199460 * A bug was found in runc where runc exec --cap executed processes with non-empty inheritable Linux process capabilities, creating an atypical Linux environment. For more information, see [GHSA-f3fp-gc8g-vw66][] and CVE-2022-29162. bsc#1199460 * `runc spec` no longer sets any inheritable capabilities in the created example OCI spec (`config.json`) file. - Update to runc v1.1.1. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.1. * runc run/start can now run a container with read-only /dev in OCI spec, rather than error out. (#3355) * runc exec now ensures that --cgroup argument is a sub-cgroup. (#3403) libcontainer systemd v2 manager no longer errors out if one of the files listed in /sys/kernel/cgroup/delegate do not exist in container's cgroup. (#3387, #3404) * Loosen OCI spec validation to avoid bogus &quot;/Intel RDT is not supported&quot;/ error. (#3406) * libcontainer/cgroups no longer panics in cgroup v1 managers if stat of /sys/fs/cgroup/unified returns an error other than ENOENT. (#3435) - Update to runc v1.1.0. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.0. - libcontainer will now refuse to build without the nsenter package being correctly compiled (specifically this requires CGO to be enabled). This should avoid folks accidentally creating broken runc binaries (and incorrectly importing our internal libraries into their projects). (#3331) - Update to runc v1.1.0~rc1. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.0-rc.1. + Add support for RDMA cgroup added in Linux 4.11. * runc exec now produces exit code of 255 when the exec failed. This may help in distinguishing between runc exec failures (such as invalid options, non-running container or non-existent binary etc.) and failures of the command being executed. + runc run: new --keep option to skip removal exited containers artefacts. This might be useful to check the state (e.g. of cgroup controllers) after the container hasexited. + seccomp: add support for SCMP_ACT_KILL_PROCESS and SCMP_ACT_KILL_THREAD (the latter is just an alias for SCMP_ACT_KILL). + seccomp: add support for SCMP_ACT_NOTIFY (seccomp actions). This allows users to create sophisticated seccomp filters where syscalls can be efficiently emulated by privileged processes on the host. + checkpoint/restore: add an option (--lsm-mount-context) to set a different LSM mount context on restore. + intelrdt: support ClosID parameter. + runc exec --cgroup: an option to specify a (non-top) in-container cgroup to use for the process being executed. + cgroup v1 controllers now support hybrid hierarchy (i.e. when on a cgroup v1 machine a cgroup2 filesystem is mounted to /sys/fs/cgroup/unified, runc run/exec now adds the container to the appropriate cgroup under it). + sysctl: allow slashes in sysctl names, to better match sysctl(8)'s behaviour. + mounts: add support for bind-mounts which are inaccessible after switching the user namespace. Note that this does not permit the container any additional access to the host filesystem, it simply allows containers to have bind-mounts configured for paths the user can access but have restrictive access control settings for other users. + Add support for recursive mount attributes using mount_setattr(2). These have the same names as the proposed mount(8) options -- just prepend r to the option name (such as rro). + Add runc features subcommand to allow runc users to detect what features runc has been built with. This includes critical information such as supported mount flags, hook names, and so on. Note that the output of this command is subject to change and will not be considered stable until runc 1.2 at the earliest. The runtime-spec specification for this feature is being developed in opencontainers/runtime-spec#1130. * system: improve performance of /proc/$pid/stat parsing. * cgroup2: when /sys/fs/cgroup is configured as a read-write mount, change the ownership of certain cgroup control files (as per /sys/kernel/cgroup/delegate) to allow for proper deferral to the container process. * runc checkpoint/restore: fixed for containers with an external bind mount which destination is a symlink. * cgroup: improve openat2 handling for cgroup directory handle hardening. runc delete -f now succeeds (rather than timing out) on a paused container. * runc run/start/exec now refuses a frozen cgroup (paused container in case of exec). Users can disable this using --ignore-paused. - Update version data embedded in binary to correctly include the git commit of the release. - Drop runc-rpmlintrc because we don't have runc-test anymore. bsc#1193436 Package salt was updated: - Fix for CVE-2022-22967 (bsc#1200566)- Added: * fix-for-cve-2022-22967-bsc-1200566.patch - Make sure SaltCacheLoader use correct fileclient (bsc#1199149) - Added: * make-sure-saltcacheloader-use-correct-fileclient-519.patch - Update to version 3004 (jsc#SLE-24223) (jsc#SLE-23672) * See release notes: https://docs.saltproject.io/en/master/topics/releases/3004.html - Expose missing &quot;/ansible&quot;/ module functions in Salt 3004 (bsc#1195625) - Fixes for Python 3.10 - Fix issues found around pre_flight_script_args - Fix salt-call event.send with pillar or grains - Fix exception in batch_async caused by a bad function call - Fix print regression for yumnotify plugin - Fix issues with salt-ssh's extra-filerefs - Fix crash when calling manage.not_alive runners - Added: * add-missing-ansible-module-functions-to-whitelist-in.patch * drop-serial-from-event.unpack-in-cli.batch_async.patch * fix-crash-when-calling-manage.not_alive-runners.patch * fix-issues-with-salt-ssh-s-extra-filerefs.patch * fix-salt-call-event.send-call-with-grains-and-pillar.patch * fix-the-regression-for-yumnotify-plugin-456.patch * fixes-for-python-3.10-502.patch * prevent-shell-injection-via-pre_flight_script_args-4.patch - Modified: * add-custom-suse-capabilities-as-grains.patch * add-environment-variable-to-know-if-yum-is-invoked-f.patch * add-migrated-state-and-gpg-key-management-functions-.patch * add-rpm_vercmp-python-library-for-version-comparison.patch * adds-explicit-type-cast-for-port.patch * async-batch-implementation.patch * debian-info_installed-compatibility-50453.patch * dnfnotify-pkgset-plugin-implementation-3002.2-450.patch * do-not-crash-when-unexpected-cmd-output-at-listing-p.patch * do-not-load-pip-state-if-there-is-no-3rd-party-depen.patch * early-feature-support-config.patch * enable-passing-a-unix_socket-for-mysql-returners-bsc.patch * enhance-openscap-module-add-xccdf_eval-call-386.patch * fix-bsc-1065792.patch * fix-exception-in-yumpkg.remove-for-not-installed-pac.patch * fix-ip6_interface-grain-to-not-leak-secondary-ipv4-a.patch * fix-multiple-security-issues-bsc-1197417.patch * fix-regression-with-depending-client.ssh-on-psutil-b.patch * fix-wrong-test_mod_del_repo_multiline_values-test-af.patch * fixes-56144-to-enable-hotadd-profile-support.patch * implementation-of-held-unheld-functions-for-state-pk.patch * implementation-of-suse_ip-execution-module-bsc-10999.patch * improvements-on-ansiblegate-module-354.patch * include-aliases-in-the-fqdns-grains.patch * info_installed-works-without-status-attr-now.patch * make-aptpkg.list_repos-compatible-on-enabled-disable.patch * prevent-affection-of-ssh.opts-with-lazyloader-bsc-11.patch * prevent-pkg-plugins-errors-on-missing-cookie-path-bs.patch * refactor-and-improvements-for-transactional-updates-.patch * restore-default-behaviour-of-pkg-list-return.patch * return-the-expected-powerpc-os-arch-bsc-1117995.patch * revert-fixing-a-use-case-when-multiple-inotify-beaco.patch * run-salt-master-as-dedicated-salt-user.patch * state.apply-don-t-check-for-cached-pillar-errors.patch * switch-firewalld-state-to-use-change_interface.patch * temporary-fix-extend-the-whitelist-of-allowed-comman.patch * update-target-fix-for-salt-ssh-to-process-targets-li.patch * use-adler32-algorithm-to-compute-string-checksums.patch * wipe-notify_socket-from-env-in-cmdmod-bsc-1193357-30.patch * x509-fixes-111.patch * zypperpkg-ignore-retcode-104-for-search-bsc-1176697-.patch - Removed: * 3002-set-distro-requirement-to-oldest-supported-vers.patch * 3002.2-do-not-consider-skipped-targets-as-failed-for.patch * 3002.2-xen-spicevmc-dns-srv-records-backports-314.patch * accumulated-changes-from-yomi-167.patch * accumulated-changes-required-for-yomi-165.patch * add-alibaba-cloud-linux-2-by-backporting-upstream-s-.patch * add-all-ssh-kwargs-to-sanitize_kwargs-method-3002.2-.patch * add-all_versions-parameter-to-include-all-installed-.patch * add-almalinux-and-alibaba-cloud-linux-to-the-os-fami.patch * add-astra-linux-common-edition-to-the-os-family-list.patch * add-batch_presence_ping_timeout-and-batch_presence_p.patch * add-cpe_name-for-osversion-grain-parsing-u-49946.patch * add-docker-logout-237.patch * add-hold-unhold-functions.patch * add-missing-aarch64-to-rpm-package-architectures-405.patch * add-multi-file-support-and-globbing-to-the-filetree-.patch * add-new-custom-suse-capability-for-saltutil-state-mo.patch * add-patch-support-for-allow-vendor-change-option-wit.patch * add-pkg.services_need_restart-302.patch * add-saltssh-multi-version-support-across-python-inte.patch * add-supportconfig-module-for-remote-calls-and-saltss.patch * add-virt.all_capabilities.patch * adding-preliminary-support-for-rocky.-59682-391.patch * allow-extra_filerefs-as-sanitized-kwargs-for-ssh-cli.patch * allow-passing-kwargs-to-pkg.list_downloaded-bsc-1140.patch * ansiblegate-take-care-of-failed-skipped-and-unreacha.patch * apply-patch-from-upstream-to-support-python-3.8.patch * async-batch-implementation-fix-320.patch * avoid-traceback-when-http.query-request-cannot-be-pe.patch * backport-a-few-virt-prs-272.patch * backport-of-upstream-pr59492-to-3002.2-404.patch * backport-thread.is_alive-fix-390.patch * backport-virt-patches-from-3001-256.patch * batch-async-catch-exceptions-and-safety-unregister-a.patch * batch_async-avoid-using-fnmatch-to-match-event-217.patch * better-handling-of-bad-public-keys-from-minions-bsc-.patch * calculate-fqdns-in-parallel-to-avoid-blockings-bsc-1.patch * changed-imports-to-vendored-tornado.patch * clear-network-interface-cache-when-grains-are-reques.patch * do-noop-for-services-states-when-running-systemd-in-.patch * do-not-break-repo-files-with-multiple-line-values-on.patch * do-not-crash-when-there-are-ipv6-established-connect.patch * do-not-make-ansiblegate-to-crash-on-python3-minions.patch * do-not-monkey-patch-yaml-bsc-1177474.patch * do-not-raise-streamclosederror-traceback-but-only-lo.patch * don-t-call-zypper-with-more-than-one-no-refresh.patch * drop-wrong-mock-from-chroot-unit-test.patch * drop-wrong-virt-capabilities-code-after-rebasing-pat.patch * ensure-virt.update-stop_on_reboot-is-updated-with-it.patch * exclude-the-full-path-of-a-download-url-to-prevent-i.patch * fall-back-to-pymysql.patch * figure-out-python-interpreter-to-use-inside-containe.patch * fix-__mount_device-wrapper-254.patch * fix-a-test-and-some-variable-names-229.patch * fix-a-wrong-rebase-in-test_core.py-180.patch * fix-aptpkg-systemd-call-bsc-1143301.patch * fix-aptpkg.normalize_name-when-package-arch-is-all.patch * fix-async-batch-multiple-done-events.patch * fix-async-batch-race-conditions.patch * fix-batch_async-obsolete-test.patch * fix-cve-2020-25592-and-add-tests-bsc-1178319.patch * fix-error-handling-in-openscap-module-bsc-1188647-40.patch * fix-failing-unit-tests-for-batch-async.patch * fix-failing-unit-tests-for-systemd.patch * fix-for-log-checking-in-x509-test.patch * fix-for-some-cves-bsc1181550.patch * fix-for-temp-folder-definition-in-loader-unit-test.patch * fix-git_pillar-merging-across-multiple-__env__-repos.patch * fix-grains.test_core-unit-test-277.patch * fix-ipv6-scope-bsc-1108557.patch * fix-issue-parsing-errors-in-ansiblegate-state-module.patch * fix-memory-leak-produced-by-batch-async-find_jobs-me.patch * fix-novendorchange-option-284.patch * fix-onlyif-unless-when-multiple-conditions-bsc-11808.patch * fix-regression-on-cmd.run-when-passing-tuples-as-cmd.patch * fix-save-for-iptables-state-module-bsc-1185131-372.patch * fix-the-removed-six.itermitems-and-six.-_type-262.patch * fix-unit-test-for-grains-core.patch * fix-unit-tests-for-batch-async-after-refactor.patch * fix-virt.update-with-cpu-defined-263.patch * fix-zypper-pkg.list_pkgs-expectation-and-dpkg-mockin.patch * fix-zypper.list_pkgs-to-be-aligned-with-pkg-state.patch * fixed-bug-lvm-has-no-parttion-type.-the-scipt-later-.patch * fixes-cve-2018-15750-cve-2018-15751.patch * fixing-streamclosed-issue.patch * get-os_arch-also-without-rpm-package-installed.patch * grains-master-can-read-grains.patch * grains.extra-support-old-non-intel-kernels-bsc-11806.patch * handle-master-tops-data-when-states-are-applied-by-t.patch * handle-volumes-on-stopped-pools-in-virt.vm_info-373.patch * implement-network.fqdns-module-function-bsc-1134860-.patch * improve-batch_async-to-release-consumed-memory-bsc-1.patch * integration-of-msi-authentication-with-azurearm-clou.patch * invalidate-file-list-cache-when-cache-file-modified-.patch * loop-fix-variable-names-for-until_no_eval.patch * loosen-azure-sdk-dependencies-in-azurearm-cloud-driv.patch * make-profiles-a-package.patch * move-server_id-deprecation-warning-to-reduce-log-spa.patch * move-vendor-change-logic-to-zypper-class-355.patch * open-suse-3002.2-bigvm-310.patch * open-suse-3002.2-virt-network-311.patch * open-suse-3002.2-xen-grub-316.patch * opensuse-3000-libvirt-engine-fixes-251.patch * opensuse-3000-virt-defined-states-222.patch * opensuse-3000.2-virt-backports-236-257.patch * opensuse-3000.3-spacewalk-runner-parse-command-250.patch * option-to-en-disable-force-refresh-in-zypper-215.patch * parsing-epoch-out-of-version-provided-during-pkg-rem.patch * path-replace-functools.wraps-with-six.wraps-bsc-1177.patch * pkgrepo-support-python-2.7-function-call-295.patch * prevent-ansiblegate-unit-tests-to-fail-on-ubuntu.patch * prevent-command-injection-in-the-snapper-module-bsc-.patch * prevent-import-errors-when-running-test_btrfs-unit-t.patch * prevent-logging-deadlock-on-salt-api-subprocesses-bs.patch * prevent-race-condition-on-sigterm-for-the-minion-bsc.patch * prevent-systemd-run-description-issue-when-running-a.patch * prevent-test_mod_del_repo_multiline_values-to-fail.patch * provide-the-missing-features-required-for-yomi-yet-o.patch * python3.8-compatibility-pr-s-235.patch * re-adding-function-to-test-for-root.patch * regression-fix-of-salt-ssh-on-processing-targets-353.patch * reintroducing-reverted-changes.patch * remove-arch-from-name-when-pkg.list_pkgs-is-called-w.patch * remove-deprecated-usage-of-no_mock-and-no_mock_reaso.patch * remove-deprecated-warning-that-breaks-miniion-execut.patch * remove-duplicated-method-definitions-in-salt.netapi-.patch * remove-msgpack-1.0.0-requirement-in-the-installed-me.patch * remove-unnecessary-yield-causing-badyielderror-bsc-1.patch * remove-vendored-backports-abc-from-requirements.patch * remove-wrong-_parse_cpe_name-from-grains.core-452.patch * revert-add-patch-support-for-allow-vendor-change-opt.patch * sanitize-grains-loaded-from-roster_grains.json.patch * strip-trailing-from-repo.uri-when-comparing-repos-in.patch * support-config-non-root-permission-issues-fixes-u-50.patch * support-for-btrfs-and-xfs-in-parted-and-mkfs.patch * support-transactional-systems-microos-271.patch * templates-move-the-globals-up-to-the-environment-jin.patch * transactional_update-detect-recursion-in-the-executo.patch * transactional_update-unify-with-chroot.call.patch * use-current-ioloop-for-the-localclient-instance-of-b.patch * use-threadpool-from-multiprocessing.pool-to-avoid-le.patch * vendor-stateresult.patch * virt-adding-kernel-boot-parameters-to-libvirt-xml-55.patch * virt-pass-emulator-when-getting-domain-capabilities-.patch * virt-uefi-fix-backport-312.patch * virt-use-dev-kvm-to-detect-kvm-383.patch * virt._get_domain-don-t-raise-an-exception-if-there-i.patch * virt.network_update-handle-missing-ipv4-netmask-attr.patch * xen-disk-fixes-264.patch * xfs-do-not-fails-if-type-is-not-present.patch * zypperpkg-filter-patterns-that-start-with-dot-244.patch - Renamed and modified: * 3002.2-do-not-consider-skipped-targets-as-failed-for.patch -&gt; 3003.3-do-not-consider-skipped-targets-as-failed-for.patch * 3002.2-postgresql-json-support-in-pillar-424.patch -&gt; 3003.3-postgresql-json-support-in-pillar-423.patch * add-salt-ssh-support-with-venv-salt-minion-3002.2-47.patch -&gt; add-salt-ssh-support-with-venv-salt-minion-3004-493.patch * allow-vendor-change-option-with-zypper-313.patch -&gt; allow-vendor-change-option-with-zypper.patch * fix-inspector-module-export-function-bsc-1097531-480.patch -&gt; fix-inspector-module-export-function-bsc-1097531-481.patch * fix-salt-ssh-opts-poisoning-bsc-1197637-3002.2-500.patch -&gt; fix-salt-ssh-opts-poisoning-bsc-1197637-3004-501.patch * fix-state.orchestrate_single-to-not-pass-pillar-none.patch -&gt; state.orchestrate_single-does-not-pass-pillar-none-4.patch * fix-traceback.-_exc-calls-429.patch -&gt; fix-traceback.print_exc-calls-for-test_pip_state-432.patch * mock-ip_addrs-in-utils-minions.py-unit-test-444.patch -&gt; mock-ip_addrs-in-utils-minions.py-unit-test-443.patch * support-transactional-systems-microos-271.patch -&gt; support-transactional-systems-microos.patch - Fix regression preventing bootstrapping new clients caused by redundant dependency on psutil (bsc#1197533) - Prevent data pollution between actions proceesed at the same time (bsc#1197637) - Added: * prevent-affection-of-ssh.opts-with-lazyloader-bsc-11.patch * fix-regression-with-depending-client.ssh-on-psutil-b.patch - Fix salt-ssh opts poisoning (bsc#1197637) - Clear network interfaces cache on grains request (bsc#1196050) - Add salt-ssh with Salt Bundle support (venv-salt-minion) - (bsc#1182851, bsc#1196432) - Remove duplicated method definitions in salt.netapi - Restrict &quot;/state.orchestrate_single&quot;/ to pass a pillar value if it exists (bsc#1194632) - Added: * add-salt-ssh-support-with-venv-salt-minion-3002.2-47.patch * clear-network-interface-cache-when-grains-are-reques.patch * fix-salt-ssh-opts-poisoning-bsc-1197637-3002.2-500.patch * fix-state.orchestrate_single-to-not-pass-pillar-none.patch * remove-duplicated-method-definitions-in-salt.netapi-.patch - Renamed: * patch_for_cve_bsc1197417.patch -&gt; fix-multiple-security-issues-bsc-1197417.patch - Fix multiple security issues (bsc#1197417) * Sign authentication replies to prevent MiTM (CVE-2022-22935) * Sign pillar data to prevent MiTM attacks. (CVE-2022-22934) * Prevent job and fileserver replays (CVE-2022-22936) * Fixed targeting bug, especially visible when using syndic and user auth. (CVE-2022-22941) - Added: * patch_for_cve_bsc1197417.patch - Fix inspector module export function (bsc#1097531) - Add all ssh kwargs to sanitize_kwargs method - Wipe NOTIFY_SOCKET from env in cmdmod (bsc#1193357) - Don't check for cached pillar errors on state.apply (bsc#1190781) - Simplify &quot;/transactional_update&quot;/ module to not use SSH wrapper and allow more flexible execution - Add &quot;/--no-return-event&quot;/ option to salt-call to prevent sending return event back to master. - Make &quot;/state.highstate&quot;/ to acts on concurrent flag. - Added: * wipe-notify_socket-from-env-in-cmdmod-bsc-1193357-30.patch * add-all-ssh-kwargs-to-sanitize_kwargs-method-3002.2-.patch * refactor-and-improvements-for-transactional-updates-.patch * vendor-stateresult.patch * state.apply-don-t-check-for-cached-pillar-errors.patch * fix-inspector-module-export-function-bsc-1097531-480.patch Package samba was updated: - Adjust systemd tmpfiles.d configuration, use /run/samba instead of /var/run/samba; (bsc#1134046); - CVE-2021-44142: Out-of-Bound Read/Write on Samba vfs_fruit module; (bsc#1194859); (bso#14914). Package sapconf was updated: - version update from 5.0.3 to 5.0.4- change block device handling to handle multipath devices correctly. Only the DM multipath devices (mpath) will be used for the settings, but not its paths. (bsc#1188743) - fixed wrong comparison used for setting force_latency (bsc#1185702) - SAP Note 1771258 v6 updates nofile values to 1048576 (bsc#1192841) Package sudo was updated: - Add support in the LDAP filter for negated users, patch taken from upstream (jsc#20068) * Adds sudo-feature-negated-LDAP-users.patch - Restrict use of sudo -U other -l to people who have permission to run commands as that user (bsc#1181703, jsc#SLE-22569) * feature-upstream-restrict-sudo-U-other-l.patch Package supportutils was updated: - Spec file adjusted for usr-merge- Changes to version 3.1.20 + Added command blkid #114 + Added s390x specific files and output #115 + Fix for invalid argument during updates (bsc#1193204) + Optimized conf_files, conf_files_text and log_cmd functions #118 + Fixed iscsi initiator name (bsc#1195797) + Added rpcinfo -p output #116 + Included /etc/sssd/conf.d configuration files #100 - Changes to version 3.1.19 + Made /proc directory and network names spaces configurable (bsc#1193868) - Changes to version 3.1.19 + Removed chronyc DNS lookups with -n switch (bsc#1193732) - Merged Include udev rules in /lib/udev/rules.d/ #113 - Merged Move localmessage/warm logs out of messages.txt to new localwarn.txt #87 - getappcore identifies compressed core files (bsc#1191794) - Installing to /usr/sbin instead of /sbin (bsc#1191096) - Added shared memory as a log directory for emergency use (bsc#1190943) - Fixed cron package for RPM validation (bsc#1190315) - Updated spec file with correct URL - Changes to version 3.1.18 + Added email.txt based on OPTION_EMAIL #108 (bsc#1189028) + Include 'multipath -t' output in mpio.txt #105 + Improved lsblk readability with --ascsi #106 + Removed duplicate commands in network.txt + Remove duplicate firewalld status output #109 Package supportutils-plugin-suse-public-cloud was updated: - Update to version 1.0.6 (bsc#1195095, bsc#1195096) + Include cloud-init logs whenever they are present + Update the packages we track in AWS, Azure, and Google + Include the ecs logs for AWS ECS instances Package suse-build-key was updated: - still ship the old ptf key (was not added to documentation by mistake). (bsc#1198504) - No longer install 1024bit keys by default. (bsc#1197293) - SLE11 key moved to documentation - old PTF (pre March 2022) moved to documentation only - extended expiry of SUSE PTF key, move it to suse_ptf_key_old.asc - added new SUSE PTF key with RSA2048 bit as suse_ptf_key.asc (bsc#1196494) - extended expiry of SUSE SLES11 key (bsc#1194845) - added SUSE Contaner signing key in PEM format for use e.g. by cosign. - SUSE security key replaced with 2022 edition (E-Mail usage only). (bsc#1196495) Package sysstat was updated: - Fix possible segfault in read_task_stats() [bsc#1194679]- Add sysstat-fix-segfault-in-read_task_stats.patch Package systemd was updated: - Import commit 5e7db68eb43ec3733c56e98262973431f57e2265 4f00efadc7 systemd-coredump: allow setting external core size to infinity (bsc#1195899 jsc#SLE-23868 jsc#SLE-23870) - Import commit c46bcb2df93c802f43e240ceb96eaf28027808a8 28e379cc21 systemctl: exit with 1 if no unit files found (bsc#1193841) * 60-io-scheduler.rules: add rules for virtual devices (boo#1193759) * 60-io-scheduler.rules: enforce &quot;/none&quot;/ for loop devices (boo#1193759) Package systemd-presets-branding-SLE was updated: Package systemd-presets-common-SUSE was updated: Package tar was updated: - tests-skip-time01-on-32bit-time_t.patch: Add patch to skip test 'tests/time01.at' on platforms with 32-bit time_t for now. - tar.spec: Reference it. (%check): Output the testsuite.log in case the testsuite failed. - The following issues have already been fixed in this package but weren't previously mentioned in the changes file: * bsc#1181131, CVE-2021-20193 * bsc#1120610 - GNU tar 1.34: * Fix extraction over pipe * Fix memory leak in read_header * Fix extraction when . and .. are unreadable * Gracefully handle duplicate symlinks when extracting * Re-initialize supplementary groups when switching to user privileges - GNU tar 1.33: * POSIX extended format headers do not include PID by default * --delay-directory-restore works for archives with reversed member ordering * Fix extraction of a symbolic link hardlinked to another symbolic link * Wildcards in exclude-vcs-ignore mode don't match slash * Fix the --no-overwrite-dir option * Fix handling of chained renames in incremental backups * Link counting works for file names supplied with -T * Accept only position-sensitive (file-selection) options in file list files - remove deprecated texinfo packaging macros - prepare usrmerge (boo#1029961) - Drop Requires(pre) info in the preamble: the main package does not contain any info files, and has not even a pre script. The - doc subpackage already has the correct deps. - No longer recommend -lang: supplements are in use. - update to version 1.32 * Fix the use of --checkpoint without explicit --checkpoint-action * Fix extraction with the -U option * Fix iconv usage on BSD-based systems * Fix possible NULL dereference (savannah bug #55369) [bsc#1130496] [CVE-2019-9923] * Improve the testsuite - remove tar-1.31-tests_dirrem.patch and tar-1.31-racy_compress_tests.patch that are no longer needed (applied usptream) - Remove libattr-devel from buildrequires, tar no longer uses it but finds xattr functions in libc. - update to version 1.31 * Fix heap-buffer-overrun with --one-top-level, bug introduced with the addition of that option in 1.28 * Support for zstd compression * New option '--zstd' instructs tar to use zstd as compression program. When listing, extractng and comparing, zstd compressed archives are recognized automatically. When '-a' option is in effect, zstd compression is selected if the destination archive name ends in '.zst' or '.tzst'. * The -K option interacts properly with member names given in the command line. Names of members to extract can be specified along with the &quot;/-K NAME&quot;/ option. In this case, tar will extract NAME and those of named members that appear in the archive after it, which is consistent with the semantics of the option. Previous versions of tar extracted NAME, those of named members that appeared before it, and everything after it. * Fix CVE-2018-20482 - When creating archives with the --sparse option, previous versions of tar would loop endlessly if a sparse file had been truncated while being archived. - remove the following patches (upstreamed) * tar-1.30-tests-difflink.patch * tar-1.30-tests_dirrem_race.patch - refresh add_readme-tests.patch - add tar-1.31-tests_dirrem.patch to fix expected output in dirrem tests - add tar-1.31-racy_compress_tests.patch to fix compression tests Package tcpdump was updated: - Security fix: [bsc#1195825, CVE-2018-16301] * Fix segfault when handling large files * Add tcpdump-CVE-2018-16301.patch Package tiff was updated: - security update * CVE-2022-0561 [bsc#1195964] + tiff-CVE-2022-0561.patch * CVE-2022-0562 [bsc#1195965] + tiff-CVE-2022-0562.patch * CVE-2022-0865 [bsc#1197066] + tiff-CVE-2022-0865.patch * CVE-2022-0909 [bsc#1197072] + tiff-CVE-2022-0909.patch * CVE-2022-0924 [bsc#1197073] + tiff-CVE-2022-0924.patch * CVE-2022-0908 [bsc#1197074] + tiff-CVE-2022-0908.patch - security update * CVE-2022-1056 [bsc#1197631] * CVE-2022-0891 [bsc#1197068] + tiff-CVE-2022-1056,CVE-2022-0891.patch - security update: Fix buffer overwrite * CVE-2019-17546[bsc#1154365] + tiff-CVE-2019-17546.patch - security update: Fix heap based buffer overflow in pal2rgb * CVE-2017-17095[bsc#1071031] + tiff-CVE-2017-17095.patch - security update: Fix OOB in _TIFFmemcpy * CVE-2022-22844[bsc#1194539] + tiff-CVE-2022-22844.patch - security update: Fix memory allocation failure in tif_read.c * CVE-2020-35521[bsc#1182808] CVE-2020-35522[bsc#1182809] + tiff-CVE-2020-35521,CVE-2020-35522.patch - security update: Fix DOS via invertImage() * CVE-2020-19131[bsc#1190312] + tiff-CVE-2020-19131.patch - security update: Fix heap-based buffer overflow in TIFF2PDF tool * CVE-2020-35524[bsc#1182812] + tiff-CVE-2020-35524.patch - security update: Fix integer overflow in tif_getimage * CVE-2020-35523 [bsc#1182811] + tiff-CVE-2020-35523.patch Package tigervnc was updated: - U_0003-Fix-rendering-on-big-endian-system.patch * Patch now handles properly endianness. * Patch modified from: 7ab92639848a6059e2b6b88499b008b9606f3af6 * bsc#1197119 - U_0003-Fix-rendering-on-big-endian-system.patch * Backport to fix rendering on big endian systems. * bsc#1177758 Package timezone was updated: - timezone update 2022a (bsc#1177460): * Palestine will spring forward on 2022-03-27, not -03-26* * zdump -v now outputs better failure indications * Bug fixes for code that reads corrupted TZif data Package update-alternatives was updated: - break bash &lt;-&gt; update-alternatives cycle by coolo's rewrite of %post in lua [bsc#1195654] Package util-linux was updated: - Extend cache in uuid_generate_time_generic() (bsc#1194642#c51, util-linux-libuuid-extend-cache.patch). - Prevent root owning of /var/lib/libuuid/clock.txt (bsc#1194642, util-linux-uuidd-prevent-root-owning.patch). - Warn if uuidd lock state is not usable (bsc#1194642, util-linux-uuidd-check-lock-state.patch). - Fix &quot;/su -s&quot;/ bash completion (bsc#1172427, util-linux-bash-completion-su-chsh-l.patch). Package util-linux-systemd was updated: - Extend cache in uuid_generate_time_generic() (bsc#1194642#c51, util-linux-libuuid-extend-cache.patch). - Prevent root owning of /var/lib/libuuid/clock.txt (bsc#1194642, util-linux-uuidd-prevent-root-owning.patch). - Warn if uuidd lock state is not usable (bsc#1194642, util-linux-uuidd-check-lock-state.patch). - Fix &quot;/su -s&quot;/ bash completion (bsc#1172427, util-linux-bash-completion-su-chsh-l.patch). Package vim was updated: - Deleted patches: * restrict-shell-commands.patch * source-check-sandbox.patch * vim-8.0.1568-CVE-2021-3778.patch * vim-8.0.1568-CVE-2021-3796.patch * vim-8.0.1568-CVE-2021-3872.patch * vim-8.0.1568-CVE-2021-3927.patch * vim-8.0.1568-CVE-2021-3928.patch * vim-8.0.1568-CVE-2021-3984.patch * vim-8.0.1568-CVE-2021-4019.patch * vim-8.0.1568-CVE-2021-4193.patch * vim-8.0.1568-CVE-2021-46059.patch * vim-8.0.1568-CVE-2022-0319.patch * vim-8.0.1568-CVE-2022-0351.patch * vim-8.0.1568-CVE-2022-0361.patch * vim-8.0.1568-CVE-2022-0413.patch * vim-8.0.1568-globalvimrc.patch - Added patches: * vim-8.1.0297-dump3.patch * vim-8.2.2411-globalvimrc.patch * disable-unreliable-tests-arch.patch - Updated patches: * disable-unreliable-tests.patch * vim-7.3-filetype_changes.patch * vim-7.3-filetype_ftl.patch * vim-7.3-filetype_spec.patch * vim-7.3-gvimrc_fontset.patch * vim-7.3-help_tags.patch * vim-7.3-mktemp_tutor.patch * vim-7.3-name_vimrc.patch * vim-7.3-sh_is_bash.patch * vim-7.3-use_awk.patch * vim-7.4-disable_lang_no.patch * vim-7.4-filetype_apparmor.patch * vim-7.4-filetype_mine.patch * vim-7.4-highlight_fstab.patch * vim-8.0-ttytype-test.patch * vim-8.0.1568-defaults.patch * vim73-no-static-libpython.patch - Updated to version 8.2 with patch level 5038, fixes the following problems * Fixing bsc#1191770 VUL-0: CVE-2021-3875: vim: heap-based buffer overflow * Fixing bsc#1192167 VUL-0: CVE-2021-3903: vim: heap-based buffer overflow * Fixing bsc#1192902 VUL-0: CVE-2021-3968: vim: vim is vulnerable to Heap-based Buffer Overflow * Fixing bsc#1192903 VUL-0: CVE-2021-3973: vim: vim is vulnerable to Heap-based Buffer Overflow * Fixing bsc#1192904 VUL-0: CVE-2021-3974: vim: vim is vulnerable to Use After Free * Fixing bsc#1193466 VUL-1: CVE-2021-4069: vim: use-after-free in ex_open() in src/ex_docmd.c * Fixing bsc#1193905 VUL-0: CVE-2021-4136: vim: vim is vulnerable to Heap-based Buffer Overflow * Fixing bsc#1194093 VUL-1: CVE-2021-4166: vim: vim is vulnerable to Out-of-bounds Read * Fixing bsc#1194216 VUL-1: CVE-2021-4193: vim: vulnerable to Out-of-bounds Read * Fixing bsc#1194217 VUL-0: CVE-2021-4192: vim: vulnerable to Use After Free * Fixing bsc#1194872 VUL-0: CVE-2022-0261: vim: Heap-based Buffer Overflow in vim prior to 8.2. * Fixing bsc#1194885 VUL-0: CVE-2022-0213: vim: vim is vulnerable to Heap-based Buffer Overflow * Fixing bsc#1195004 VUL-0: CVE-2022-0318: vim: Heap-based Buffer Overflow in vim prior to 8.2. * Fixing bsc#1195203 VUL-0: CVE-2022-0359: vim: heap-based buffer overflow in init_ccline() in ex_getln.c * Fixing bsc#1195354 VUL-0: CVE-2022-0407: vim: Heap-based Buffer Overflow in Conda vim prior to 8.2. * Fixing bsc#1198596 VUL-0: CVE-2022-1381: vim: global heap buffer overflow in skip_range * Fixing bsc#1199331 VUL-0: CVE-2022-1616: vim: Use after free in append_command * Fixing bsc#1199333 VUL-0: CVE-2022-1619: vim: Heap-based Buffer Overflow in function cmdline_erase_chars * Fixing bsc#1199334 VUL-0: CVE-2022-1620: vim: NULL Pointer Dereference in function vim_regexec_string * Fixing bsc#1199747 VUL-0: CVE-2022-1796: vim: Use After in find_pattern_in_path * Fixing bsc#1200010 VUL-0: CVE-2022-1897: vim: Out-of-bounds Write in vim * Fixing bsc#1200011 VUL-0: CVE-2022-1898: vim: Use After Free in vim prior to 8.2 * Fixing bsc#1200012 VUL-0: CVE-2022-1927: vim: Buffer Over-read in vim prior to 8.2 * Fixing bsc#1070955 VUL-1: CVE-2017-17087: vim: Sets the group ownership of a .swp file to the editor's primary group, which allows local users to obtain sensitive information * Fixing bsc#1194388 VUL-1: CVE-2022-0128: vim: vim is vulnerable to Out-of-bounds Read * Fixing bsc#1195332 VUL-1: CVE-2022-0392: vim: Heap-based Buffer Overflow in vim prior to 8.2 * Fixing bsc#1196361 VUL-1: CVE-2022-0696: vim: NULL Pointer Dereference in vim prior to 8.2 * Fixing bsc#1198748 VUL-1: CVE-2022-1420: vim: Out-of-range Pointer Offset * Fixing bsc#1199651 VUL-1: CVE-2022-1735: vim: heap buffer overflow * Fixing bsc#1199655 VUL-1: CVE-2022-1733: vim: Heap-based Buffer Overflow in cindent.c * Fixing bsc#1199693 VUL-1: CVE-2022-1771: vim: stack exhaustion in vim prior to 8.2. * Fixing bsc#1199745 VUL-1: CVE-2022-1785: vim: Out-of-bounds Write * Fixing bsc#1199936 VUL-1: CVE-2022-1851: vim: out of bounds read - Minimal fix for Bug 1195004 - (CVE-2022-0318) VUL-0: CVE-2022-0318: vim: Heap-based Buffer Overflow in vim prior to 8.2. / vim-8.0.1568-CVE-2022-0413.patch - Fixing bsc#1190570 CVE-2021-3796: vim: use-after-free in nv_replace() in normal.c / vim-8.0.1568-CVE-2021-3796.patch - Fixing bsc#1191893 CVE-2021-3872: vim: heap-based buffer overflow in win_redr_status() drawscreen.c / vim-8.0.1568-CVE-2021-3872.patch - Fixing bsc#1192481 CVE-2021-3927: vim: vim is vulnerable to Heap-based Buffer Overflow / vim-8.0.1568-CVE-2021-3927.patch - Fixing bsc#1192478 CVE-2021-3928: vim: vim is vulnerable to Stack-based Buffer Overflow / vim-8.0.1568-CVE-2021-3928.patch - Fixing bsc#1193294 CVE-2021-4019: vim: vim is vulnerable to Heap-based Buffer Overflow / vim-8.0.1568-CVE-2021-4019.patch - Fixing bsc#1193298 CVE-2021-3984: vim: illegal memory access when C-indenting could lead to Heap Buffer Overflow / vim-8.0.1568-CVE-2021-3984.patch - Fixing bsc#1190533 CVE-2021-3778: vim: Heap-based Buffer Overflow in regexp_nfa.c / vim-8.0.1568-CVE-2021-3778.patch - Fixing bsc#1194216 CVE-2021-4193: vim: vulnerable to Out-of-bounds Read / vim-8.0.1568-CVE-2021-4193.patch - Fixing bsc#1194556 CVE-2021-46059: vim: A Pointer Dereference vulnerability exists in Vim 8.2.3883 via the vim_regexec_multi function at regexp.c, which causes a denial of service. / vim-8.0.1568-CVE-2021-46059.patch - Fixing bsc#1195066 CVE-2022-0319: vim: Out-of-bounds Read in vim/vim prior to 8.2. / vim-8.0.1568-CVE-2022-0319.patch - Fixing bsc#1195126 CVE-2022-0351: vim: uncontrolled recursion in eval7() / vim-8.0.1568-CVE-2022-0351.patch - Fixing bsc#1195202 CVE-2022-0361: vim: Heap-based Buffer Overflow in vim prior to 8.2. / vim-8.0.1568-CVE-2022-0361.patch - Fixing bsc#1195356 CVE-2022-0413: vim: use after free in src/ex_cmds.c / vim-8.0.1568-CVE-2022-0413.patch Package wicked was updated: - fsm: fix device rename via yast (bsc#1194392) Reset worker config instead to reject a NULL/empty config xml node -- introduced in wicked 0.6.67 by commit c2a0385. [+ 0001-fsm-fix-device-rename-via-yast-bsc-1194392.patch] - version 0.6.68 - sysctl: process sysctl.d directories as in sysctl --system - sysctl: fix sysctl values for loopback device (bsc#1181163, bsc#1178357) - dhcp4: add option to set route pref-src to dhcp IP (bsc#1192353) - cleanup: warnings, time calculations and dhcp fixes (bsc#1188019) - wireless: reconnect on unexpected wpa_supplicant restart (bsc#1183495) - tuntap: avoid sysfs attr read error (bsc#1192311) - ifstatus: fix warning of unexpected interface flag combination (bsc#1192164) - dbus: config files in /usr shouldn't be marked as config in spec - version 0.6.67 - dbus: install bus config in /usr (bsc#1183407,jsc#SLE-9750) - logging: log reaped sub-process command and as debug, not error - ifstatus: Don't show link as &quot;/up&quot;/ without RUNNING flag set - firewalld: Make the zone assignment permanent (boo#1189560) - fsm: cleanup and improve ifconfig and ifpolicy access utils - dbus: cleanup the dbus-service.h file and unused property makros - cleanup: applied code-spell run typo corrections - dracut: initial fixes and improved option handling (boo#1182227) - version 0.6.66 - wireless: migrate to wpa-supplicant v1 DBus interface (bsc#1156920) - support multiple networks configurations per interface - show connection status and scan-results (bsc#1160654) - corrected eap-tls,ttls cetificate handling and open vs. shared wep,open,psk,eap-tls,ttls,peap parsing from ifcfg (bsc#1057592) - cleanups and several other improvements, see changes - updated man ifcfg-wireless manual pages - nanny: fix identify node owner exit condition - schema: several xml-schema and dbus/property improvements - utils: format/parse bitmap to array and string alternatives - client: expose ethtool --get-permanent-address option - removed sle15-sp3 patches included in the master sources (bsc#1181812) [- 0001-dhcp4-discover-on-reboot-timeout-after-start-delay.1181812.patch] [- 0002-dhcp6-request-nis-options-on-sle15-by-default.1181812.patch] - dhcp4: discover on reboot timeout after start-delay (bsc#1181812) [+ 0001-dhcp4-discover-on-reboot-timeout-after-start-delay.1181812.patch] - dhcp6: request nis options on sle15 by default (bsc#1181812) [+ 0002-dhcp6-request-nis-options-on-sle15-by-default.1181812.patch] - version 0.6.65 - ifconfig: differentiate if to re-trigger dad on address updates (bsc#1177215) - client: parse sysctl files in the correct order (bsc#1181186) - ifup: fix for set up with unenslave from unconfigured master (boo#954329) - rpm: prepare for new builds using usrmerged rpm macro (boo#1029961) - rpm: Let wicked-service also provide service(network) - cleanup: remove obsolete use-nanny=false (gh#openSUSE/wicked#815) - dbus: add variant container, generic object-path and uint32 array macros Package xkeyboard-config was updated: - U_Add-the-new-AZERTY-layout-norm-NF-Z71-300.patch * Backport French standardized AZERTY layout (AFNOR: NF Z71-300) (bsc#1188867) Package xz was updated: - Fix ZDI-CAN-16587 Fix escaping of malicious filenames (ZDI-CAN-16587 bsc#1198062 CVE-2022-1271) * bsc1198062.patch Package yaml-cpp was updated: - Fix CVE-2018-20573 The Scanner:EnsureTokensInQueue function in yaml-cpp allows remote attackers to cause DOS via a crafted YAML file (CVE-2018-20573, bsc#1121227) - Fix CVE-2018-20574 The SingleDocParser:HandleFlowMap function in yaml-cpp allows remote attackers to cause DOS via a crafted YAML file (CVE-2018-20574, bsc#1121230) - Fix CVE-2019-6285 The SingleDocParser::HandleFlowSequence function in cpp allows remote attackers to cause DOS via a crafted YAML file (CVE-2019-6285, bsc#1122004) - Fix CVE-2019-6292 An issue was discovered in singledocparser.cpp in yaml-cpp which cause DOS by stack consumption (CVE-2019-6292, bsc#1122021) - Added patch cve-2018-20574.patch Package yast2-add-on was updated: - Restore the repo unexpanded URL to get it properly saved in the /etc/zypp/repos.d file (bsc#972046, bsc#1194851). - 4.1.16 Package zlib was updated: - CVE-2018-25032: Fix memory corruption on deflate, bsc#1197459 * bsc1197459.patch Package zsh was updated: - Added CVE-2019-20044.patch: fixes insecure dropping of privileges when unsetting PRIVILEGED option (CVE-2019-20044 bsc#1163882) - Added CVE-2021-45444.patch: fixes a vulnerability in prompt expansion which could be exploited through e.g. VCS_Info to execute arbitrary shell commands (CVE-2021-45444 bsc#1196435) Package zypp-plugin was updated: Package zypper was updated: - info: print the packages upstream URL if available (fixes #426)- info: Fix SEGV with not installed PTFs (bsc#1196317) - Don't prevent less restrictive umasks (bsc#1195999) - version 1.14.52 - Singletrans: handle fatal and non-fatal script errors properly. - Add SingleTransReportReceiver. - Immediately write out additional rpm output. - BuildRequires: libzypp-devel &gt;= 17.29.0. Need SingleTransReport and immediate rpm script output reports. - version 1.14.51 The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://publiccloudimagechangeinfo.suse.com/google/sles-15-sp1-sap-byos-v20220716-x86-64/ Public Cloud Image Info https://www.suse.com/support/security/rating/ SUSE Security Ratings Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 SAPHanaSR-0.155.0-4.17.1 SAPHanaSR-doc-0.155.0-4.17.1 aaa_base-84.87+git20180409.04c9dae-3.57.1 aaa_base-extras-84.87+git20180409.04c9dae-3.57.1 augeas-1.10.1-150000.3.12.1 augeas-lenses-1.10.1-150000.3.12.1 autofs-5.1.3-150000.7.11.1 bind-utils-9.16.6-150000.12.60.1 binutils-2.37-150100.7.37.1 cifs-utils-6.9-150100.5.15.1 cloud-regionsrv-client-10.0.3-150000.6.70.1 cloud-regionsrv-client-plugin-gce-1.0.0-150000.6.70.1 cluster-glue-1.0.12+v1.git.1587474580.a5fda2bc-150000.3.14.1 cluster-md-kmp-default-4.12.14-150100.197.117.1 containerd-1.6.6-150000.73.2 coreutils-8.29-4.3.1 crash-7.2.1-150100.9.15.1 crmsh-4.3.1+20220505.cf4ab649-150100.3.91.3 crmsh-scripts-4.3.1+20220505.cf4ab649-150100.3.91.3 ctdb-4.9.5+git.487.9b5717b962b-150100.3.67.2 cups-config-2.2.7-150000.3.32.1 cyrus-sasl-2.1.26-5.10.1 cyrus-sasl-digestmd5-2.1.26-5.10.1 cyrus-sasl-gssapi-2.1.26-5.10.1 cyrus-sasl-plain-2.1.26-5.10.1 cyrus-sasl-saslauthd-2.1.26-5.10.1 dhcp-4.3.6.P1-150000.6.14.1 dhcp-client-4.3.6.P1-150000.6.14.1 dlm-kmp-default-4.12.14-150100.197.117.1 docker-20.10.17_ce-150000.166.1 dracut-44.2-150000.18.79.2 drbd-9.0.16+git.ab9777df-150100.8.27.2 drbd-kmp-default-9.0.16+git.ab9777df_k4.12.14_150100.197.114-150100.8.27.2 e2fsprogs-1.43.8-150000.4.33.1 expat-2.2.5-3.19.1 fence-agents-4.9.0+git.1624456340.8d746be9-150100.7.35.1 filesystem-15.0-11.8.1 gfs2-kmp-default-4.12.14-150100.197.117.1 glibc-2.26-13.65.1 glibc-i18ndata-2.26-13.65.1 glibc-locale-2.26-13.65.1 glibc-locale-base-2.26-13.65.1 google-guest-agent-20220204.0-150000.1.26.1 google-guest-configs-20220211.0-150000.1.19.1 google-guest-oslogin-20220205.0-150000.1.27.1 google-osconfig-agent-20220209.0-150000.1.17.1 grep-3.1-150000.4.6.1 grub2-2.02-150100.123.12.2 grub2-i386-pc-2.02-150100.123.12.2 grub2-x86_64-efi-2.02-150100.123.12.2 gzip-1.1-150000.4.15.1 icewm-1.4.2-150000.7.15.1 icewm-lite-1.4.2-150000.7.15.1 icewm-theme-branding-1.2.4-3.15.1 java-1_8_0-ibm-1.8.0_sr7.5-150000.3.56.1 kernel-default-4.12.14-150100.197.117.1 ldirectord-4.3.0184.6ee15eb2-150100.4.66.1 libXvnc1-1.9.0-150100.19.17.1 libaugeas0-1.10.1-150000.3.12.1 libavahi-client3-0.7-3.18.1 libavahi-common3-0.7-3.18.1 libbind9-1600-9.16.6-150000.12.60.1 libblkid1-2.33.2-150100.4.21.1 libcom_err2-1.43.8-150000.4.33.1 libctf-nobfd0-2.37-150100.7.37.1 libctf0-2.37-150100.7.37.1 libcups2-2.2.7-150000.3.32.1 libdcerpc-binding0-4.9.5+git.487.9b5717b962b-150100.3.67.2 libdcerpc0-4.9.5+git.487.9b5717b962b-150100.3.67.2 libdns1605-9.16.6-150000.12.60.1 libexpat1-2.2.5-3.19.1 libext2fs2-1.43.8-150000.4.33.1 libfdisk1-2.33.2-150100.4.21.1 libfreebl3-3.68.3-150000.3.67.1 libgcc_s1-11.3.0+git1637-150000.1.9.1 libglue2-1.0.12+v1.git.1587474580.a5fda2bc-150000.3.14.1 libinput10-1.10.5-150000.3.3.1 libirs1601-9.16.6-150000.12.60.1 libisc1606-9.16.6-150000.12.60.1 libisccc1600-9.16.6-150000.12.60.1 libisccfg1600-9.16.6-150000.12.60.1 libldap-2_4-2-2.4.46-150000.9.71.1 libldap-data-2.4.46-150000.9.71.1 liblzma5-5.2.3-150000.4.7.1 libmount1-2.33.2-150100.4.21.1 libndr-krb5pac0-4.9.5+git.487.9b5717b962b-150100.3.67.2 libndr-nbt0-4.9.5+git.487.9b5717b962b-150100.3.67.2 libndr-standard0-4.9.5+git.487.9b5717b962b-150100.3.67.2 libndr0-4.9.5+git.487.9b5717b962b-150100.3.67.2 libnetapi0-4.9.5+git.487.9b5717b962b-150100.3.67.2 libns1604-9.16.6-150000.12.60.1 libopenssl1_1-1.1.0i-150100.14.36.1 libp11-kit0-0.23.2-150000.4.16.1 libpacemaker3-2.0.1+20190417.13d370ca9-3.24.1 libpcre1-8.45-150000.20.13.1 libpcre2-8-0-10.31-150000.3.7.1 libprocps7-3.3.15-7.22.1 libprotobuf-lite15-3.5.0-5.5.1 libpsl5-0.20.1-150000.3.3.1 libpython3_6m1_0-3.6.15-150000.3.106.1 libqb20-1.0.3+20190326.a521604-3.6.1 libruby2_5-2_5-2.5.9-150000.4.23.1 libsamba-credentials0-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-errors0-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-hostconfig0-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-passdb0-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-util0-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamdb0-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsasl2-3-2.1.26-5.10.1 libsmartcols1-2.33.2-150100.4.21.1 libsmbconf0-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsmbldap2-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsnmp30-5.7.3-10.12.1 libsoftokn3-3.68.3-150000.3.67.1 libsolv-tools-0.7.22-150100.4.6.1 libstdc++6-11.3.0+git1637-150000.1.9.1 libsystemd0-234-24.108.1 libtevent-util0-4.9.5+git.487.9b5717b962b-150100.3.67.2 libtiff5-4.0.9-150000.45.8.1 libtirpc-netconfig-1.0.2-3.11.1 libtirpc3-1.0.2-3.11.1 libudev1-234-24.108.1 libuuid1-2.33.2-150100.4.21.1 libwbclient0-4.9.5+git.487.9b5717b962b-150100.3.67.2 libxml2-2-2.9.7-150000.3.46.1 libyaml-cpp0_6-0.6.1-4.5.1 libz1-1.2.11-150000.3.30.1 libzypp-17.30.0-150100.3.78.1 mlocate-0.26-150100.7.3.2 mozilla-nss-3.68.3-150000.3.67.1 mozilla-nss-certs-3.68.3-150000.3.67.1 mozilla-nss-tools-3.68.3-150000.3.67.1 net-snmp-5.7.3-10.12.1 nfs-client-2.1.1-150100.10.24.1 nfs-kernel-server-2.1.1-150100.10.24.1 nscd-2.26-13.65.1 ocfs2-kmp-default-4.12.14-150100.197.117.1 ocfs2-tools-1.8.5-150100.12.14.1 openldap2-client-2.4.46-150000.9.71.1 openssl-1_1-1.1.0i-150100.14.36.1 p11-kit-0.23.2-150000.4.16.1 p11-kit-tools-0.23.2-150000.4.16.1 pacemaker-2.0.1+20190417.13d370ca9-3.24.1 pacemaker-cli-2.0.1+20190417.13d370ca9-3.24.1 pam-1.3.0-150000.6.58.3 pam-modules-12.1-150000.5.3.2 patch-2.7.6-150000.5.3.1 perl-5.26.1-150000.7.15.1 perl-SNMP-5.7.3-10.12.1 perl-XML-LibXML-2.0132-150000.3.3.1 perl-base-5.26.1-150000.7.15.1 procps-3.3.15-7.22.1 psmisc-23.0-150000.6.22.1 python3-3.6.15-150000.3.106.1 python3-M2Crypto-0.35.2-150000.3.11.1 python3-base-3.6.15-150000.3.106.1 python3-bind-9.16.6-150000.12.60.1 python3-curses-3.6.15-150000.3.106.1 python3-salt-3004-150100.71.1 python3-solv-0.7.22-150100.4.6.1 python3-zypp-plugin-0.6.3-150000.4.2.1 release-notes-ha-15.1.20220427-150100.8.8.1 release-notes-sles-for-sap-15.1.20220712-150100.6.10.1 resource-agents-4.3.0184.6ee15eb2-150100.4.66.1 rsyslog-8.33.1-150000.3.37.1 ruby2.5-2.5.9-150000.4.23.1 ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.12.1 ruby2.5-rubygem-activesupport-5_1-5.1.4-150000.3.6.1 ruby2.5-rubygem-puma-4.3.11-150000.3.6.2 ruby2.5-rubygem-rack-2.0.8-150000.3.6.1 ruby2.5-stdlib-2.5.9-150000.4.23.1 runc-1.1.3-150000.30.1 salt-3004-150100.71.1 salt-minion-3004-150100.71.1 samba-libs-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-libs-python3-4.9.5+git.487.9b5717b962b-150100.3.67.2 sapconf-5.0.4-150000.7.21.1 snmp-mibs-5.7.3-10.12.1 sudo-1.8.27-4.24.1 supportutils-3.1.20-150000.5.39.1 supportutils-plugin-suse-public-cloud-1.0.6-3.9.1 suse-build-key-12.0-150000.8.25.1 sysstat-12.0.2-3.33.1 systemd-234-24.108.1 systemd-presets-branding-SLE-15.1-150100.20.11.1 systemd-presets-common-SUSE-15-150100.8.12.1 systemd-sysvinit-234-24.108.1 tar-1.34-150000.3.12.1 tcpdump-4.9.2-3.18.1 timezone-2022a-150000.75.7.1 udev-234-24.108.1 update-alternatives-1.19.0.4-4.3.1 util-linux-2.33.2-150100.4.21.1 util-linux-systemd-2.33.2-150100.4.21.1 uuidd-2.33.2-150100.4.21.1 vim-8.2.5038-150000.5.21.1 vim-data-common-8.2.5038-150000.5.21.1 wicked-0.6.68-3.24.1 wicked-service-0.6.68-3.24.1 xkeyboard-config-2.23.1-150000.3.12.1 xorg-x11-Xvnc-1.9.0-150100.19.17.1 xz-5.2.3-150000.4.7.1 yast2-add-on-4.1.16-3.16.1 zsh-5.6-7.5.1 zypper-1.14.52-150100.3.55.2 SAPHanaSR-0.155.0-4.17.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 SAPHanaSR-doc-0.155.0-4.17.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 aaa_base-84.87+git20180409.04c9dae-3.57.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 aaa_base-extras-84.87+git20180409.04c9dae-3.57.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 augeas-1.10.1-150000.3.12.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 augeas-lenses-1.10.1-150000.3.12.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 autofs-5.1.3-150000.7.11.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 bind-utils-9.16.6-150000.12.60.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 binutils-2.37-150100.7.37.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 cifs-utils-6.9-150100.5.15.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 cloud-regionsrv-client-10.0.3-150000.6.70.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 cloud-regionsrv-client-plugin-gce-1.0.0-150000.6.70.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 cluster-glue-1.0.12+v1.git.1587474580.a5fda2bc-150000.3.14.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 cluster-md-kmp-default-4.12.14-150100.197.117.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 containerd-1.6.6-150000.73.2 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 coreutils-8.29-4.3.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 crash-7.2.1-150100.9.15.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 crmsh-4.3.1+20220505.cf4ab649-150100.3.91.3 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 crmsh-scripts-4.3.1+20220505.cf4ab649-150100.3.91.3 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 ctdb-4.9.5+git.487.9b5717b962b-150100.3.67.2 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 cups-config-2.2.7-150000.3.32.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 cyrus-sasl-2.1.26-5.10.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 cyrus-sasl-digestmd5-2.1.26-5.10.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 cyrus-sasl-gssapi-2.1.26-5.10.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 cyrus-sasl-plain-2.1.26-5.10.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 cyrus-sasl-saslauthd-2.1.26-5.10.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 dhcp-4.3.6.P1-150000.6.14.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 dhcp-client-4.3.6.P1-150000.6.14.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 dlm-kmp-default-4.12.14-150100.197.117.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 docker-20.10.17_ce-150000.166.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 dracut-44.2-150000.18.79.2 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 drbd-9.0.16+git.ab9777df-150100.8.27.2 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 drbd-kmp-default-9.0.16+git.ab9777df_k4.12.14_150100.197.114-150100.8.27.2 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 e2fsprogs-1.43.8-150000.4.33.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 expat-2.2.5-3.19.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 fence-agents-4.9.0+git.1624456340.8d746be9-150100.7.35.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 filesystem-15.0-11.8.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 gfs2-kmp-default-4.12.14-150100.197.117.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 glibc-2.26-13.65.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 glibc-i18ndata-2.26-13.65.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 glibc-locale-2.26-13.65.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 glibc-locale-base-2.26-13.65.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 google-guest-agent-20220204.0-150000.1.26.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 google-guest-configs-20220211.0-150000.1.19.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 google-guest-oslogin-20220205.0-150000.1.27.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 google-osconfig-agent-20220209.0-150000.1.17.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 grep-3.1-150000.4.6.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 grub2-2.02-150100.123.12.2 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 grub2-i386-pc-2.02-150100.123.12.2 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 grub2-x86_64-efi-2.02-150100.123.12.2 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 gzip-1.1-150000.4.15.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 icewm-1.4.2-150000.7.15.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 icewm-lite-1.4.2-150000.7.15.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 icewm-theme-branding-1.2.4-3.15.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 java-1_8_0-ibm-1.8.0_sr7.5-150000.3.56.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 kernel-default-4.12.14-150100.197.117.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 ldirectord-4.3.0184.6ee15eb2-150100.4.66.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 libXvnc1-1.9.0-150100.19.17.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 libaugeas0-1.10.1-150000.3.12.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 libavahi-client3-0.7-3.18.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 libavahi-common3-0.7-3.18.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 libbind9-1600-9.16.6-150000.12.60.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 libblkid1-2.33.2-150100.4.21.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 libcom_err2-1.43.8-150000.4.33.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 libctf-nobfd0-2.37-150100.7.37.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 libctf0-2.37-150100.7.37.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 libcups2-2.2.7-150000.3.32.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 libdcerpc-binding0-4.9.5+git.487.9b5717b962b-150100.3.67.2 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 libdcerpc0-4.9.5+git.487.9b5717b962b-150100.3.67.2 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 libdns1605-9.16.6-150000.12.60.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 libexpat1-2.2.5-3.19.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 libext2fs2-1.43.8-150000.4.33.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 libfdisk1-2.33.2-150100.4.21.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 libfreebl3-3.68.3-150000.3.67.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 libgcc_s1-11.3.0+git1637-150000.1.9.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 libglue2-1.0.12+v1.git.1587474580.a5fda2bc-150000.3.14.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 libinput10-1.10.5-150000.3.3.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 libirs1601-9.16.6-150000.12.60.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 libisc1606-9.16.6-150000.12.60.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 libisccc1600-9.16.6-150000.12.60.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 libisccfg1600-9.16.6-150000.12.60.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 libldap-2_4-2-2.4.46-150000.9.71.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 libldap-data-2.4.46-150000.9.71.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 liblzma5-5.2.3-150000.4.7.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 libmount1-2.33.2-150100.4.21.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 libndr-krb5pac0-4.9.5+git.487.9b5717b962b-150100.3.67.2 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 libndr-nbt0-4.9.5+git.487.9b5717b962b-150100.3.67.2 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 libndr-standard0-4.9.5+git.487.9b5717b962b-150100.3.67.2 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 libndr0-4.9.5+git.487.9b5717b962b-150100.3.67.2 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 libnetapi0-4.9.5+git.487.9b5717b962b-150100.3.67.2 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 libns1604-9.16.6-150000.12.60.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 libopenssl1_1-1.1.0i-150100.14.36.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 libp11-kit0-0.23.2-150000.4.16.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 libpacemaker3-2.0.1+20190417.13d370ca9-3.24.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 libpcre1-8.45-150000.20.13.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 libpcre2-8-0-10.31-150000.3.7.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 libprocps7-3.3.15-7.22.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 libprotobuf-lite15-3.5.0-5.5.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 libpsl5-0.20.1-150000.3.3.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 libpython3_6m1_0-3.6.15-150000.3.106.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 libqb20-1.0.3+20190326.a521604-3.6.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 libruby2_5-2_5-2.5.9-150000.4.23.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 libsamba-credentials0-4.9.5+git.487.9b5717b962b-150100.3.67.2 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 libsamba-errors0-4.9.5+git.487.9b5717b962b-150100.3.67.2 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 libsamba-hostconfig0-4.9.5+git.487.9b5717b962b-150100.3.67.2 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 libsamba-passdb0-4.9.5+git.487.9b5717b962b-150100.3.67.2 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 libsamba-util0-4.9.5+git.487.9b5717b962b-150100.3.67.2 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 libsamdb0-4.9.5+git.487.9b5717b962b-150100.3.67.2 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 libsasl2-3-2.1.26-5.10.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 libsmartcols1-2.33.2-150100.4.21.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 libsmbconf0-4.9.5+git.487.9b5717b962b-150100.3.67.2 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 libsmbldap2-4.9.5+git.487.9b5717b962b-150100.3.67.2 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 libsnmp30-5.7.3-10.12.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 libsoftokn3-3.68.3-150000.3.67.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 libsolv-tools-0.7.22-150100.4.6.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 libstdc++6-11.3.0+git1637-150000.1.9.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 libsystemd0-234-24.108.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 libtevent-util0-4.9.5+git.487.9b5717b962b-150100.3.67.2 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 libtiff5-4.0.9-150000.45.8.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 libtirpc-netconfig-1.0.2-3.11.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 libtirpc3-1.0.2-3.11.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 libudev1-234-24.108.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 libuuid1-2.33.2-150100.4.21.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 libwbclient0-4.9.5+git.487.9b5717b962b-150100.3.67.2 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 libxml2-2-2.9.7-150000.3.46.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 libyaml-cpp0_6-0.6.1-4.5.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 libz1-1.2.11-150000.3.30.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 libzypp-17.30.0-150100.3.78.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 mlocate-0.26-150100.7.3.2 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 mozilla-nss-3.68.3-150000.3.67.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 mozilla-nss-certs-3.68.3-150000.3.67.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 mozilla-nss-tools-3.68.3-150000.3.67.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 net-snmp-5.7.3-10.12.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 nfs-client-2.1.1-150100.10.24.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 nfs-kernel-server-2.1.1-150100.10.24.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 nscd-2.26-13.65.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 ocfs2-kmp-default-4.12.14-150100.197.117.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 ocfs2-tools-1.8.5-150100.12.14.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 openldap2-client-2.4.46-150000.9.71.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 openssl-1_1-1.1.0i-150100.14.36.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 p11-kit-0.23.2-150000.4.16.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 p11-kit-tools-0.23.2-150000.4.16.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 pacemaker-2.0.1+20190417.13d370ca9-3.24.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 pacemaker-cli-2.0.1+20190417.13d370ca9-3.24.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 pam-1.3.0-150000.6.58.3 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 pam-modules-12.1-150000.5.3.2 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 patch-2.7.6-150000.5.3.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 perl-5.26.1-150000.7.15.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 perl-SNMP-5.7.3-10.12.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 perl-XML-LibXML-2.0132-150000.3.3.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 perl-base-5.26.1-150000.7.15.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 procps-3.3.15-7.22.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 psmisc-23.0-150000.6.22.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 python3-3.6.15-150000.3.106.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 python3-M2Crypto-0.35.2-150000.3.11.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 python3-base-3.6.15-150000.3.106.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 python3-bind-9.16.6-150000.12.60.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 python3-curses-3.6.15-150000.3.106.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 python3-salt-3004-150100.71.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 python3-solv-0.7.22-150100.4.6.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 python3-zypp-plugin-0.6.3-150000.4.2.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 release-notes-ha-15.1.20220427-150100.8.8.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 release-notes-sles-for-sap-15.1.20220712-150100.6.10.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 resource-agents-4.3.0184.6ee15eb2-150100.4.66.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 rsyslog-8.33.1-150000.3.37.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 ruby2.5-2.5.9-150000.4.23.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.12.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 ruby2.5-rubygem-activesupport-5_1-5.1.4-150000.3.6.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 ruby2.5-rubygem-puma-4.3.11-150000.3.6.2 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 ruby2.5-rubygem-rack-2.0.8-150000.3.6.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 ruby2.5-stdlib-2.5.9-150000.4.23.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 runc-1.1.3-150000.30.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 salt-3004-150100.71.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 salt-minion-3004-150100.71.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 samba-libs-4.9.5+git.487.9b5717b962b-150100.3.67.2 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 samba-libs-python3-4.9.5+git.487.9b5717b962b-150100.3.67.2 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 sapconf-5.0.4-150000.7.21.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 snmp-mibs-5.7.3-10.12.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 sudo-1.8.27-4.24.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 supportutils-3.1.20-150000.5.39.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 supportutils-plugin-suse-public-cloud-1.0.6-3.9.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 suse-build-key-12.0-150000.8.25.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 sysstat-12.0.2-3.33.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 systemd-234-24.108.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 systemd-presets-branding-SLE-15.1-150100.20.11.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 systemd-presets-common-SUSE-15-150100.8.12.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 systemd-sysvinit-234-24.108.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 tar-1.34-150000.3.12.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 tcpdump-4.9.2-3.18.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 timezone-2022a-150000.75.7.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 udev-234-24.108.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 update-alternatives-1.19.0.4-4.3.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 util-linux-2.33.2-150100.4.21.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 util-linux-systemd-2.33.2-150100.4.21.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 uuidd-2.33.2-150100.4.21.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 vim-8.2.5038-150000.5.21.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 vim-data-common-8.2.5038-150000.5.21.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 wicked-0.6.68-3.24.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 wicked-service-0.6.68-3.24.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 xkeyboard-config-2.23.1-150000.3.12.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 xorg-x11-Xvnc-1.9.0-150100.19.17.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 xz-5.2.3-150000.4.7.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 yast2-add-on-4.1.16-3.16.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 zsh-5.6-7.5.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 zypper-1.14.52-150100.3.55.2 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64 In Python (aka CPython) up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shell commands into applications that call mailcap.findmatch with untrusted input (if they lack validation of user-provided filenames or arguments). The fix is also back-ported to 3.7, 3.8, 3.9 CVE-2015-20107 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:python3-3.6.15-150000.3.106.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:python3-curses-3.6.15-150000.3.106.1 important 8 AV:N/AC:L/Au:S/C:P/I:C/A:P The pop_fail_stack function in the GNU C Library (aka glibc or libc6) allows context-dependent attackers to cause a denial of service (assertion failure and application crash) via vectors related to extended regular expression processing. CVE-2015-8985 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:glibc-2.26-13.65.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:glibc-i18ndata-2.26-13.65.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:glibc-locale-2.26-13.65.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:glibc-locale-base-2.26-13.65.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:nscd-2.26-13.65.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P The acpi_ns_evaluate() function in drivers/acpi/acpica/nseval.c in the Linux kernel through 4.12.9 does not flush the operand cache and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table. CVE-2017-13695 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:cluster-md-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:dlm-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:gfs2-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:kernel-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:ocfs2-kmp-default-4.12.14-150100.197.117.1 low 2.1 AV:L/AC:L/Au:N/C:P/I:N/A:N fileio.c in Vim prior to 8.0.1263 sets the group ownership of a .swp file to the editor's primary group (which may be different from the group ownership of the original file), which allows local users to obtain sensitive information by leveraging an applicable group membership, as demonstrated by /etc/shadow owned by root:shadow mode 0640, but /etc/.shadow.swp owned by root:users mode 0640, a different vulnerability than CVE-2017-1000382. CVE-2017-17087 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:vim-8.2.5038-150000.5.21.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:vim-data-common-8.2.5038-150000.5.21.1 low 2.1 AV:L/AC:L/Au:N/C:P/I:N/A:N tools/pal2rgb.c in pal2rgb in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (TIFFSetupStrips heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file. CVE-2017-17095 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:libtiff5-4.0.9-150000.45.8.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P The command-line argument parser in tcpdump before 4.99.0 has a buffer overflow in tcpdump.c:read_infile(). To trigger this vulnerability the attacker needs to create a 4GB file on the local filesystem and to specify the file name as the value of the -F command-line argument of tcpdump. CVE-2018-16301 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:tcpdump-4.9.2-3.18.1 important 4.4 AV:L/AC:M/Au:N/C:P/I:P/A:P GNU Tar through 1.30, when --sparse is used, mishandles file shrinkage during read access, which allows local users to cause a denial of service (infinite read loop in sparse_dump_region in sparse.c) by modifying a file that is supposed to be archived by a different user's process (e.g., a system backup running as root). CVE-2018-20482 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:tar-1.34-150000.3.12.1 moderate 1.9 AV:L/AC:M/Au:N/C:N/I:N/A:P The Scanner::EnsureTokensInQueue function in yaml-cpp (aka LibYaml-C++) 0.6.2 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted YAML file. CVE-2018-20573 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:libyaml-cpp0_6-0.6.1-4.5.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P The SingleDocParser::HandleFlowMap function in yaml-cpp (aka LibYaml-C++) 0.6.2 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted YAML file. CVE-2018-20574 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:libyaml-cpp0_6-0.6.1-4.5.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P The BPF subsystem in the Linux kernel before 4.17 mishandles situations with a long jump over an instruction sequence where inner instructions require substantial expansions into multiple BPF instructions, leading to an overflow. This affects kernel/bpf/core.c and net/core/filter.c. CVE-2018-25020 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:cluster-md-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:dlm-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:gfs2-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:kernel-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:ocfs2-kmp-default-4.12.14-150100.197.117.1 important 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches. CVE-2018-25032 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:libz1-1.2.11-150000.3.30.1 important 5 AV:N/AC:L/Au:N/C:N/I:N/A:P A double free exists in the another_hunk function in pch.c in GNU patch through 2.7.6. CVE-2018-6952 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:patch-2.7.6-150000.5.3.1 low 5 AV:N/AC:L/Au:N/C:N/I:N/A:P An issue was discovered in the fd_locked_ioctl function in drivers/block/floppy.c in the Linux kernel through 4.15.7. The floppy driver will copy a kernel pointer to user memory in response to the FDGETPRM ioctl. An attacker can send the FDGETPRM ioctl and use the obtained kernel pointer to discover the location of kernel code and data and bypass kernel security protections such as KASLR. CVE-2018-7755 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:cluster-md-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:dlm-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:gfs2-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:kernel-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:ocfs2-kmp-default-4.12.14-150100.197.117.1 low 2.1 AV:L/AC:L/Au:N/C:P/I:N/A:N In GNU patch through 2.7.6, the following of symlinks is mishandled in certain cases other than input files. This affects inp.c and util.c. CVE-2019-13636 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:patch-2.7.6-150000.5.3.1 moderate 5.8 AV:N/AC:M/Au:N/C:N/I:P/A:P An issue was discovered on Broadcom Wi-Fi client devices. Specifically timed and handcrafted traffic can cause internal errors (related to state transitions) in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic, a different vulnerability than CVE-2019-9500, CVE-2019-9501, CVE-2019-9502, and CVE-2019-9503. CVE-2019-15126 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:cluster-md-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:dlm-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:gfs2-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:kernel-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:ocfs2-kmp-default-4.12.14-150100.197.117.1 important 2.9 AV:A/AC:M/Au:N/C:P/I:N/A:N tif_getimage.c in LibTIFF through 4.0.10, as used in GDAL through 3.0.1 and other products, has an integer overflow that potentially causes a heap-based buffer overflow via a crafted RGBA image, related to a "Negative-size-param" condition. CVE-2019-17546 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:libtiff5-4.0.9-150000.45.8.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and unmounting can lead to a use-after-free in btrfs_queue_work in fs/btrfs/async-thread.c. CVE-2019-19377 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:cluster-md-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:dlm-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:gfs2-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:kernel-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:ocfs2-kmp-default-4.12.14-150100.197.117.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P In Zsh before 5.8, attackers able to execute commands can regain privileges dropped by the --no-PRIVILEGED option. Zsh fails to overwrite the saved uid, so the original privileges can be restored by executing MODULE_PATH=/dir/with/module zmodload with a module that calls setuid(). CVE-2019-20044 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:zsh-5.6-7.5.1 moderate 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C An issue was discovered in the Linux kernel before 5.0.6. In rx_queue_add_kobject() and netdev_queue_add_kobject() in net/core/net-sysfs.c, a reference count is mishandled, aka CID-a3e23f719f5c. CVE-2019-20811 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:cluster-md-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:dlm-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:gfs2-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:kernel-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:ocfs2-kmp-default-4.12.14-150100.197.117.1 moderate 2.1 AV:L/AC:L/Au:N/C:N/I:P/A:N The SingleDocParser::HandleFlowSequence function in yaml-cpp (aka LibYaml-C++) 0.6.2 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted YAML file. CVE-2019-6285 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:libyaml-cpp0_6-0.6.1-4.5.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P An issue was discovered in singledocparser.cpp in yaml-cpp (aka LibYaml-C++) 0.6.2. Stack Exhaustion occurs in YAML::SingleDocParser, and there is a stack consumption problem caused by recursive stack frames: HandleCompactMap, HandleMap, HandleFlowSequence, HandleSequence, HandleNode. Remote attackers could leverage this vulnerability to cause a denial-of-service via a cpp file. CVE-2019-6292 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:libyaml-cpp0_6-0.6.1-4.5.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P pax_decode_header in sparse.c in GNU Tar before 1.32 had a NULL pointer dereference when parsing certain archives that have malformed extended headers. CVE-2019-9923 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:tar-1.34-150000.3.12.1 low 5 AV:N/AC:L/Au:N/C:N/I:N/A:P Buffer Overflow in LibTiff v4.0.10 allows attackers to cause a denial of service via the "invertImage()" function in the component "tiffcrop". CVE-2020-19131 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:libtiff5-4.0.9-150000.45.8.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P The Linux kernel through 5.8.13 does not properly enforce the Secure Boot Forbidden Signature Database (aka dbx) protection mechanism. This affects certs/blacklist.c and certs/system_keyring.c. CVE-2020-26541 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:cluster-md-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:dlm-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:gfs2-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:kernel-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:ocfs2-kmp-default-4.12.14-150100.197.117.1 moderate 6.9 AV:L/AC:M/Au:N/C:C/I:C/A:C A vulnerability was found in Linux kernel, where a use-after-frees in nouveau's postclose() handler could happen if removing device (that is not common to remove video card physically without power-off, but same happens if "unbind" the driver). CVE-2020-27820 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:cluster-md-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:dlm-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:gfs2-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:kernel-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:ocfs2-kmp-default-4.12.14-150100.197.117.1 low 4.7 AV:L/AC:M/Au:N/C:N/I:N/A:C A use-after-free flaw was found in kernel/trace/ring_buffer.c in Linux kernel (before 5.10-rc1). There was a race problem in trace_open and resize of cpu buffer running parallely on different cpus, may cause a denial of service problem (DOS). This flaw could even allow a local attacker with special user privilege to a kernel information leak threat. CVE-2020-27825 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:cluster-md-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:dlm-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:gfs2-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:kernel-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:ocfs2-kmp-default-4.12.14-150100.197.117.1 important 5.4 AV:L/AC:M/Au:N/C:P/I:N/A:C An issue was discovered in p11-kit 0.21.1 through 0.23.21. A heap-based buffer over-read has been discovered in the RPC protocol used by thep11-kit server/remote commands and the client library. When the remote entity supplies a byte array through a serialized PKCS#11 function call, the receiving entity may allow the reading of up to 4 bytes of memory past the heap allocation. CVE-2020-29362 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:libp11-kit0-0.23.2-150000.4.16.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:p11-kit-0.23.2-150000.4.16.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:p11-kit-tools-0.23.2-150000.4.16.1 moderate 5 AV:N/AC:L/Au:N/C:P/I:N/A:N A flaw was found in libtiff. Due to a memory allocation failure in tif_read.c, a crafted TIFF file can lead to an abort, resulting in denial of service. CVE-2020-35521 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:libtiff5-4.0.9-150000.45.8.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P An integer overflow flaw was found in libtiff that exists in the tif_getimage.c file. This flaw allows an attacker to inject and execute arbitrary code when a user opens a crafted TIFF file. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. CVE-2020-35523 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:libtiff5-4.0.9-150000.45.8.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P A heap-based buffer overflow flaw was found in libtiff in the handling of TIFF images in libtiff's TIFF2PDF tool. A specially crafted TIFF file can lead to arbitrary code execution. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. CVE-2020-35524 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:libtiff5-4.0.9-150000.45.8.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking. CVE-2020-8492 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:python3-3.6.15-150000.3.106.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:python3-curses-3.6.15-150000.3.106.1 moderate 7.1 AV:N/AC:M/Au:N/C:N/I:N/A:C In unix_scm_to_skb of af_unix.c, there is a possible use after free bug due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-196926917References: Upstream kernel CVE-2021-0920 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:cluster-md-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:dlm-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:gfs2-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:kernel-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:ocfs2-kmp-default-4.12.14-150100.197.117.1 important 6.9 AV:L/AC:M/Au:N/C:C/I:C/A:C In ip6_xmit of ip6_output.c, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-168607263References: Upstream kernel CVE-2021-0935 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:cluster-md-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:dlm-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:gfs2-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:kernel-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:ocfs2-kmp-default-4.12.14-150100.197.117.1 important 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C A flaw was found in the src/list.c of tar 1.33 and earlier. This flaw allows an attacker who can submit a crafted input file to tar to cause uncontrolled consumption of memory. The highest threat from this vulnerability is to system availability. CVE-2021-20193 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:tar-1.34-150000.3.12.1 low 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P There is a flaw reported in the Linux kernel in versions before 5.9 in drivers/gpu/drm/nouveau/nouveau_sgdma.c in nouveau_sgdma_create_ttm in Nouveau DRM subsystem. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker with a local account with a root privilege, can leverage this vulnerability to escalate privileges and execute code in the context of the kernel. CVE-2021-20292 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:cluster-md-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:dlm-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:gfs2-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:kernel-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:ocfs2-kmp-default-4.12.14-150100.197.117.1 moderate 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C A race condition accessing file object in the Linux kernel OverlayFS subsystem was found in the way users do rename in specific way with OverlayFS. A local user could use this flaw to crash the system. CVE-2021-20321 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:cluster-md-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:dlm-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:gfs2-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:kernel-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:ocfs2-kmp-default-4.12.14-150100.197.117.1 moderate 4.7 AV:L/AC:M/Au:N/C:N/I:N/A:C Nullptr dereference when a null char is present in a proto symbol. The symbol is parsed incorrectly, leading to an unchecked call into the proto file's name during generation of the resulting error message. Since the symbol is incorrectly parsed, the file is nullptr. We recommend upgrading to version 3.15.0 or greater. CVE-2021-22570 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:libprotobuf-lite15-3.5.0-5.5.1 moderate 2.1 AV:L/AC:L/Au:N/C:N/I:N/A:P The actionpack ruby gem before 6.1.3.2, 6.0.3.7, 5.2.4.6, 5.2.6 suffers from a possible denial of service vulnerability in the Token Authentication logic in Action Controller due to a too permissive regular expression. Impacted code uses `authenticate_or_request_with_http_token` or `authenticate_with_http_token` for request authentication. CVE-2021-22904 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.12.1 important 5 AV:N/AC:L/Au:N/C:N/I:N/A:P BIND 9.11.0 -> 9.11.36 9.12.0 -> 9.16.26 9.17.0 -> 9.18.0 BIND Supported Preview Editions: 9.11.4-S1 -> 9.11.36-S1 9.16.8-S1 -> 9.16.26-S1 Versions of BIND 9 earlier than those shown - back to 9.1.0, including Supported Preview Editions - are also believed to be affected but have not been tested as they are EOL. The cache could become poisoned with incorrect records leading to queries being made to the wrong servers, which might also result in false information being returned to clients. CVE-2021-25220 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:bind-utils-9.16.6-150000.12.60.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:libbind9-1600-9.16.6-150000.12.60.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:libdns1605-9.16.6-150000.12.60.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:libirs1601-9.16.6-150000.12.60.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:libisc1606-9.16.6-150000.12.60.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:libisccc1600-9.16.6-150000.12.60.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:libisccfg1600-9.16.6-150000.12.60.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:libns1604-9.16.6-150000.12.60.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:python3-bind-9.16.6-150000.12.60.1 moderate 4 AV:N/AC:L/Au:S/C:N/I:P/A:N Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage. CVE-2021-26341 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:cluster-md-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:dlm-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:gfs2-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:kernel-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:ocfs2-kmp-default-4.12.14-150100.197.117.1 moderate 2.1 AV:L/AC:L/Au:N/C:P/I:N/A:N Rogue backends can cause DoS of guests via high frequency events T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen offers the ability to run PV backends in regular unprivileged guests, typically referred to as "driver domains". Running PV backends in driver domains has one primary security advantage: if a driver domain gets compromised, it doesn't have the privileges to take over the system. However, a malicious driver domain could try to attack other guests via sending events at a high frequency leading to a Denial of Service in the guest due to trying to service interrupts for elongated amounts of time. There are three affected backends: * blkfront patch 1, CVE-2021-28711 * netfront patch 2, CVE-2021-28712 * hvc_xen (console) patch 3, CVE-2021-28713 CVE-2021-28711 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:cluster-md-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:dlm-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:gfs2-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:kernel-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:ocfs2-kmp-default-4.12.14-150100.197.117.1 moderate 2.1 AV:L/AC:L/Au:N/C:N/I:N/A:P Rogue backends can cause DoS of guests via high frequency events T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen offers the ability to run PV backends in regular unprivileged guests, typically referred to as "driver domains". Running PV backends in driver domains has one primary security advantage: if a driver domain gets compromised, it doesn't have the privileges to take over the system. However, a malicious driver domain could try to attack other guests via sending events at a high frequency leading to a Denial of Service in the guest due to trying to service interrupts for elongated amounts of time. There are three affected backends: * blkfront patch 1, CVE-2021-28711 * netfront patch 2, CVE-2021-28712 * hvc_xen (console) patch 3, CVE-2021-28713 CVE-2021-28712 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:cluster-md-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:dlm-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:gfs2-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:kernel-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:ocfs2-kmp-default-4.12.14-150100.197.117.1 moderate 2.1 AV:L/AC:L/Au:N/C:N/I:N/A:P Rogue backends can cause DoS of guests via high frequency events T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen offers the ability to run PV backends in regular unprivileged guests, typically referred to as "driver domains". Running PV backends in driver domains has one primary security advantage: if a driver domain gets compromised, it doesn't have the privileges to take over the system. However, a malicious driver domain could try to attack other guests via sending events at a high frequency leading to a Denial of Service in the guest due to trying to service interrupts for elongated amounts of time. There are three affected backends: * blkfront patch 1, CVE-2021-28711 * netfront patch 2, CVE-2021-28712 * hvc_xen (console) patch 3, CVE-2021-28713 CVE-2021-28713 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:cluster-md-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:dlm-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:gfs2-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:kernel-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:ocfs2-kmp-default-4.12.14-150100.197.117.1 moderate 2.1 AV:L/AC:L/Au:N/C:N/I:N/A:P Guest can force Linux netback driver to hog large amounts of kernel memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Incoming data packets for a guest in the Linux kernel's netback driver are buffered until the guest is ready to process them. There are some measures taken for avoiding to pile up too much data, but those can be bypassed by the guest: There is a timeout how long the client side of an interface can stop consuming new packets before it is assumed to have stalled, but this timeout is rather long (60 seconds by default). Using a UDP connection on a fast interface can easily accumulate gigabytes of data in that time. (CVE-2021-28715) The timeout could even never trigger if the guest manages to have only one free slot in its RX queue ring page and the next package would require more than one free slot, which may be the case when using GSO, XDP, or software hashing. (CVE-2021-28714) CVE-2021-28714 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:cluster-md-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:dlm-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:gfs2-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:kernel-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:ocfs2-kmp-default-4.12.14-150100.197.117.1 moderate 2.1 AV:L/AC:L/Au:N/C:N/I:N/A:P Guest can force Linux netback driver to hog large amounts of kernel memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Incoming data packets for a guest in the Linux kernel's netback driver are buffered until the guest is ready to process them. There are some measures taken for avoiding to pile up too much data, but those can be bypassed by the guest: There is a timeout how long the client side of an interface can stop consuming new packets before it is assumed to have stalled, but this timeout is rather long (60 seconds by default). Using a UDP connection on a fast interface can easily accumulate gigabytes of data in that time. (CVE-2021-28715) The timeout could even never trigger if the guest manages to have only one free slot in its RX queue ring page and the next package would require more than one free slot, which may be the case when using GSO, XDP, or software hashing. (CVE-2021-28714) CVE-2021-28715 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:cluster-md-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:dlm-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:gfs2-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:kernel-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:ocfs2-kmp-default-4.12.14-150100.197.117.1 moderate 2.1 AV:L/AC:L/Au:N/C:N/I:N/A:P Puma is a concurrent HTTP 1.1 server for Ruby/Rack applications. The fix for CVE-2019-16770 was incomplete. The original fix only protected existing connections that had already been accepted from having their requests starved by greedy persistent-connections saturating all threads in the same process. However, new connections may still be starved by greedy persistent-connections saturating all threads in all processes in the cluster. A `puma` server which received more concurrent `keep-alive` connections than the server had threads in its threadpool would service only a subset of connections, denying service to the unserved connections. This problem has been fixed in `puma` 4.3.8 and 5.3.1. Setting `queue_requests false` also fixes the issue. This is not advised when using `puma` without a reverse proxy, such as `nginx` or `apache`, because you will open yourself to slow client attacks (e.g. slowloris). The fix is very small and a git patch is available for those using unsupported versions of Puma. CVE-2021-29509 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:ruby2.5-rubygem-puma-4.3.11-150000.3.6.2 important 5 AV:N/AC:L/Au:N/C:N/I:N/A:P In RDoc 3.11 through 6.x before 6.3.1, as distributed with Ruby through 3.0.1, it is possible to execute arbitrary code via | and tags in a filename. CVE-2021-31799 important 4.4 AV:L/AC:M/Au:N/C:P/I:P/A:P An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. A malicious FTP server can use the PASV response to trick Net::FTP into connecting back to a given IP address and port. This potentially makes curl extract information about services that are otherwise private and not disclosed (e.g., the attacker can conduct port scans and service banner extractions). CVE-2021-31810 important 5 AV:N/AC:L/Au:N/C:P/I:N/A:N An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. Net::IMAP does not raise an exception when StartTLS fails with an an unknown response, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between the client and the registry to block the StartTLS command, aka a "StartTLS stripping attack." CVE-2021-32066 important 5.8 AV:N/AC:M/Au:N/C:P/I:P/A:N Insufficient control flow management for the Intel(R) 82599 Ethernet Controllers and Adapters may allow an authenticated user to potentially enable denial of service via local access. CVE-2021-33061 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:cluster-md-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:dlm-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:gfs2-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:kernel-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:ocfs2-kmp-default-4.12.14-150100.197.117.1 moderate 2.1 AV:L/AC:L/Au:N/C:N/I:N/A:P Improper input validation in the Intel(R) Ethernet ixgbe driver for Linux before version 3.17.3 may allow an authenticated user to potentially enable denial of service via local access. CVE-2021-33098 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:cluster-md-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:dlm-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:gfs2-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:kernel-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:ocfs2-kmp-default-4.12.14-150100.197.117.1 moderate 4.9 AV:L/AC:L/Au:N/C:N/I:N/A:C A flaw was found in libxml2. Exponential entity expansion attack its possible bypassing all existing protection mechanisms and leading to denial of service. CVE-2021-3541 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:libxml2-2-2.9.7-150000.3.46.1 moderate 4 AV:N/AC:L/Au:S/C:N/I:N/A:P A flaw double-free memory corruption in the Linux kernel HCI device initialization subsystem was found in the way user attach malicious HCI TTY Bluetooth device. A local user could use this flaw to crash the system. This flaw affects all the Linux kernel versions starting from 3.13. CVE-2021-3564 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:cluster-md-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:dlm-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:gfs2-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:kernel-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:ocfs2-kmp-default-4.12.14-150100.197.117.1 moderate 2.1 AV:L/AC:L/Au:N/C:N/I:N/A:P A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity. This is fixed in python-pip version 21.1. CVE-2021-3572 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:python3-3.6.15-150000.3.106.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:python3-curses-3.6.15-150000.3.106.1 moderate 3.5 AV:N/AC:M/Au:S/C:N/I:P/A:N A crafted 16-bit grayscale PNG image may lead to a out-of-bounds write in the heap area. An attacker may take advantage of that to cause heap data corruption or eventually arbitrary code execution and circumvent secure boot protections. This issue has a high complexity to be exploited as an attacker needs to perform some triage over the heap layout to achieve signifcant results, also the values written into the memory are repeated three times in a row making difficult to produce valid payloads. This flaw affects grub2 versions prior grub-2.12. CVE-2021-3695 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:grub2-2.02-150100.123.12.2 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:grub2-i386-pc-2.02-150100.123.12.2 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:grub2-x86_64-efi-2.02-150100.123.12.2 important 4.4 AV:L/AC:M/Au:N/C:P/I:P/A:P A heap out-of-bounds write may heppen during the handling of Huffman tables in the PNG reader. This may lead to data corruption in the heap space. Confidentiality, Integrity and Availablity impact may be considered Low as it's very complex to an attacker control the encoding and positioning of corrupted Huffman entries to achieve results such as arbitrary code execution and/or secure boot circumvention. This flaw affects grub2 versions prior grub-2.12. CVE-2021-3696 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:grub2-2.02-150100.123.12.2 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:grub2-i386-pc-2.02-150100.123.12.2 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:grub2-x86_64-efi-2.02-150100.123.12.2 moderate 6.9 AV:L/AC:M/Au:N/C:C/I:C/A:C A crafted JPEG image may lead the JPEG reader to underflow its data pointer, allowing user-controlled data to be written in heap. To a successful to be performed the attacker needs to perform some triage over the heap layout and craft an image with a malicious format and payload. This vulnerability can lead to data corruption and eventual code execution or secure boot circumvention. This flaw affects grub2 versions prior grub-2.12. CVE-2021-3697 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:grub2-2.02-150100.123.12.2 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:grub2-i386-pc-2.02-150100.123.12.2 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:grub2-x86_64-efi-2.02-150100.123.12.2 important 4.4 AV:L/AC:M/Au:N/C:P/I:P/A:P There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client (such as web browser) connects to, could trigger a Regular Expression Denial of Service (ReDOS) during an authentication request with a specially crafted payload that is sent by the server to the client. The greatest threat that this flaw poses is to application availability. CVE-2021-3733 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:python3-3.6.15-150000.3.106.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:python3-curses-3.6.15-150000.3.106.1 low 4 AV:N/AC:L/Au:S/C:N/I:N/A:P vim is vulnerable to Heap-based Buffer Overflow CVE-2021-3778 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:vim-8.2.5038-150000.5.21.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:vim-data-common-8.2.5038-150000.5.21.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P vim is vulnerable to Use After Free CVE-2021-3796 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:vim-8.2.5038-150000.5.21.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:vim-data-common-8.2.5038-150000.5.21.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P net/nfc/llcp_sock.c in the Linux kernel before 5.12.10 allows local unprivileged users to cause a denial of service (NULL pointer dereference and BUG) by making a getsockname call after a certain type of failure of a bind call. CVE-2021-38208 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:cluster-md-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:dlm-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:gfs2-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:kernel-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:ocfs2-kmp-default-4.12.14-150100.197.117.1 moderate 2.1 AV:L/AC:L/Au:N/C:N/I:N/A:P vim is vulnerable to Heap-based Buffer Overflow CVE-2021-3872 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:vim-8.2.5038-150000.5.21.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:vim-data-common-8.2.5038-150000.5.21.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P vim is vulnerable to Heap-based Buffer Overflow CVE-2021-3875 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:vim-8.2.5038-150000.5.21.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:vim-data-common-8.2.5038-150000.5.21.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P vim is vulnerable to Heap-based Buffer Overflow CVE-2021-3903 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:vim-8.2.5038-150000.5.21.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:vim-data-common-8.2.5038-150000.5.21.1 moderate 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P vim is vulnerable to Heap-based Buffer Overflow CVE-2021-3927 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:vim-8.2.5038-150000.5.21.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:vim-data-common-8.2.5038-150000.5.21.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P vim is vulnerable to Use of Uninitialized Variable CVE-2021-3928 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:vim-8.2.5038-150000.5.21.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:vim-data-common-8.2.5038-150000.5.21.1 moderate 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P In gadget_dev_desc_UDC_show of configfs.c, there is a possible disclosure of kernel heap memory due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-160822094References: Upstream kernel CVE-2021-39648 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:cluster-md-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:dlm-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:gfs2-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:kernel-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:ocfs2-kmp-default-4.12.14-150100.197.117.1 moderate 1.9 AV:L/AC:M/Au:N/C:P/I:N/A:N In ufshcd_eh_device_reset_handler of ufshcd.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-194696049References: Upstream kernel CVE-2021-39657 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:cluster-md-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:dlm-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:gfs2-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:kernel-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:ocfs2-kmp-default-4.12.14-150100.197.117.1 low 2.1 AV:L/AC:L/Au:N/C:P/I:N/A:N vim is vulnerable to Heap-based Buffer Overflow CVE-2021-3968 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:vim-8.2.5038-150000.5.21.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:vim-data-common-8.2.5038-150000.5.21.1 important 8.5 AV:N/AC:M/Au:S/C:C/I:C/A:C In bpf_prog_test_run_skb of test_run.c, there is a possible out of bounds read due to Incorrect Size Value. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-154175781References: Upstream kernel CVE-2021-39711 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:cluster-md-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:dlm-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:gfs2-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:kernel-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:ocfs2-kmp-default-4.12.14-150100.197.117.1 moderate 2.1 AV:L/AC:L/Au:N/C:P/I:N/A:N Product: AndroidVersions: Android kernelAndroid ID: A-173788806References: Upstream kernel CVE-2021-39713 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:cluster-md-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:dlm-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:gfs2-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:kernel-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:ocfs2-kmp-default-4.12.14-150100.197.117.1 important 6.9 AV:L/AC:M/Au:N/C:C/I:C/A:C vim is vulnerable to Heap-based Buffer Overflow CVE-2021-3973 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:vim-8.2.5038-150000.5.21.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:vim-data-common-8.2.5038-150000.5.21.1 critical 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C vim is vulnerable to Use After Free CVE-2021-3974 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:vim-8.2.5038-150000.5.21.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:vim-data-common-8.2.5038-150000.5.21.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P vim is vulnerable to Heap-based Buffer Overflow CVE-2021-3984 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:vim-8.2.5038-150000.5.21.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:vim-data-common-8.2.5038-150000.5.21.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P A flaw was found in glibc. An off-by-one buffer overflow and underflow in getcwd() may lead to memory corruption when the size of the buffer is exactly 1. A local attacker who can control the input buffer and size passed to getcwd() in a setuid program could use this flaw to potentially execute arbitrary code and escalate their privileges on the system. CVE-2021-3999 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:glibc-2.26-13.65.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:glibc-i18ndata-2.26-13.65.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:glibc-locale-2.26-13.65.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:glibc-locale-base-2.26-13.65.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:nscd-2.26-13.65.1 important A memory leak flaw in the Linux kernel's hugetlbfs memory usage was found in the way the user maps some regions of memory twice using shmget() which are aligned to PUD alignment with the fault of some of the memory pages. A local user could use this flaw to get unauthorized access to some data. CVE-2021-4002 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:cluster-md-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:dlm-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:gfs2-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:kernel-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:ocfs2-kmp-default-4.12.14-150100.197.117.1 moderate 3.6 AV:L/AC:L/Au:N/C:P/I:P/A:N vim is vulnerable to Heap-based Buffer Overflow CVE-2021-4019 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:vim-8.2.5038-150000.5.21.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:vim-data-common-8.2.5038-150000.5.21.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P vim is vulnerable to Use After Free CVE-2021-4069 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:vim-8.2.5038-150000.5.21.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:vim-data-common-8.2.5038-150000.5.21.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P A read-after-free memory flaw was found in the Linux kernel's garbage collection for Unix domain socket file handlers in the way users call close() and fget() simultaneously and can potentially trigger a race condition. This flaw allows a local user to crash the system or escalate their privileges on the system. This flaw affects Linux kernel versions prior to 5.16-rc4. CVE-2021-4083 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:cluster-md-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:dlm-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:gfs2-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:kernel-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:ocfs2-kmp-default-4.12.14-150100.197.117.1 important 6.9 AV:L/AC:M/Au:N/C:C/I:C/A:C Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where attempting to copy files using `docker cp` into a specially-crafted container can result in Unix file permission changes for existing files in the host’s filesystem, widening access to others. This bug does not directly allow files to be read, modified, or executed without an additional cooperating process. This bug has been fixed in Moby (Docker Engine) 20.10.9. Users should update to this version as soon as possible. Running containers do not need to be restarted. CVE-2021-41089 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:docker-20.10.17_ce-150000.166.1 moderate 4.4 AV:L/AC:M/Au:N/C:P/I:P/A:P Docker CLI is the command line interface for the docker container runtime. A bug was found in the Docker CLI where running `docker login my-private-registry.example.com` with a misconfigured configuration file (typically `~/.docker/config.json`) listing a `credsStore` or `credHelpers` that could not be executed would result in any provided credentials being sent to `registry-1.docker.io` rather than the intended private registry. This bug has been fixed in Docker CLI 20.10.9. Users should update to this version as soon as possible. For users unable to update ensure that any configured credsStore or credHelpers entries in the configuration file reference an installed credential helper that is executable and on the PATH. CVE-2021-41092 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:docker-20.10.17_ce-150000.166.1 moderate 5 AV:N/AC:L/Au:N/C:P/I:N/A:N containerd is an open source container runtime with an emphasis on simplicity, robustness and portability. A bug was found in containerd where container root directories and some plugins had insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs. When containers included executable programs with extended permission bits (such as setuid), unprivileged Linux users could discover and execute those programs. When the UID of an unprivileged Linux user on the host collided with the file owner or group inside a container, the unprivileged Linux user on the host could discover, read, and modify those files. This vulnerability has been fixed in containerd 1.4.11 and containerd 1.5.7. Users should update to these version when they are released and may restart containers or update directory permissions to mitigate the vulnerability. Users unable to update should limit access to the host to trusted users. Update directory permission on container bundles directories. CVE-2021-41103 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:containerd-1.6.6-150000.73.2 moderate 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C Puma is a HTTP 1.1 server for Ruby/Rack applications. Prior to versions 5.5.1 and 4.3.9, using `puma` with a proxy which forwards HTTP header values which contain the LF character could allow HTTP request smugggling. A client could smuggle a request through a proxy, causing the proxy to send a response back to another unknown client. The only proxy which has this behavior, as far as the Puma team is aware of, is Apache Traffic Server. If the proxy uses persistent connections and the client adds another request in via HTTP pipelining, the proxy may mistake it as the first request's body. Puma, however, would see it as two requests, and when processing the second request, send back a response that the proxy does not expect. If the proxy has reused the persistent connection to Puma to send another request for a different client, the second response from the first client will be sent to the second client. This vulnerability was patched in Puma 5.5.1 and 4.3.9. As a workaround, do not use Apache Traffic Server with `puma`. CVE-2021-41136 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:ruby2.5-rubygem-puma-4.3.11-150000.3.6.2 low 3.6 AV:N/AC:H/Au:S/C:P/I:P/A:N The OCI Distribution Spec project defines an API protocol to facilitate and standardize the distribution of content. In the OCI Distribution Specification version 1.0.0 and prior, the Content-Type header alone was used to determine the type of document during push and pull operations. Documents that contain both “manifests” and “layers” fields could be interpreted as either a manifest or an index in the absence of an accompanying Content-Type header. If a Content-Type header changed between two pulls of the same digest, a client may interpret the resulting content differently. The OCI Distribution Specification has been updated to require that a mediaType value present in a manifest or index match the Content-Type header used during the push and pull operations. Clients pulling from a registry may distrust the Content-Type header and reject an ambiguous document that contains both “manifests” and “layers” fields or “manifests” and “config” fields if they are unable to update to version 1.0.1 of the spec. CVE-2021-41190 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:containerd-1.6.6-150000.73.2 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:docker-20.10.17_ce-150000.166.1 moderate A memory leak vulnerability was found in the Linux kernel's eBPF for the Simulated networking device driver in the way user uses BPF for the device such that function nsim_map_alloc_elem being called. A local user could use this flaw to get unauthorized access to some data. CVE-2021-4135 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:cluster-md-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:dlm-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:gfs2-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:kernel-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:ocfs2-kmp-default-4.12.14-150100.197.117.1 moderate vim is vulnerable to Heap-based Buffer Overflow CVE-2021-4136 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:vim-8.2.5038-150000.5.21.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:vim-data-common-8.2.5038-150000.5.21.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P A vulnerability was found in btrfs_alloc_tree_b in fs/btrfs/extent-tree.c in the Linux kernel due to an improper lock operation in btrfs. In this flaw, a user with a local privilege may cause a denial of service (DOS) due to a deadlock problem. CVE-2021-4149 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:cluster-md-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:dlm-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:gfs2-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:kernel-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:ocfs2-kmp-default-4.12.14-150100.197.117.1 moderate 2.1 AV:L/AC:L/Au:N/C:N/I:N/A:P An out of memory bounds write flaw (1 or 2 bytes of memory) in the Linux kernel NFS subsystem was found in the way users use mirroring (replication of files with NFS). A user, having access to the NFS mount, could potentially use this flaw to crash the system or escalate privileges on the system. CVE-2021-4157 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:cluster-md-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:dlm-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:gfs2-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:kernel-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:ocfs2-kmp-default-4.12.14-150100.197.117.1 low 7.4 AV:A/AC:M/Au:S/C:C/I:C/A:C vim is vulnerable to Out-of-bounds Read CVE-2021-4166 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:vim-8.2.5038-150000.5.21.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:vim-data-common-8.2.5038-150000.5.21.1 moderate 5.8 AV:N/AC:M/Au:N/C:P/I:N/A:P Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS (regular expression Denial of Service) via a long string. The fixed versions are 3.2.1, 3.1.2, 3.0.2, and 2.0.1. CVE-2021-41817 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P vim is vulnerable to Use After Free CVE-2021-4192 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:vim-8.2.5038-150000.5.21.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:vim-data-common-8.2.5038-150000.5.21.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P vim is vulnerable to Out-of-bounds Read CVE-2021-4193 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:vim-8.2.5038-150000.5.21.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:vim-data-common-8.2.5038-150000.5.21.1 low 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N An unprivileged write to the file handler flaw in the Linux kernel's control groups and namespaces subsystem was found in the way users have access to some less privileged process that are controlled by cgroups and have higher privileged parent process. It is actually both for cgroup2 and cgroup1 versions of control groups. A local user could use this flaw to crash the system or escalate their privileges on the system. CVE-2021-4197 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:cluster-md-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:dlm-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:gfs2-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:kernel-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:ocfs2-kmp-default-4.12.14-150100.197.117.1 moderate 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C A use-after-free flaw was found in nci_request in net/nfc/nci/core.c in NFC Controller Interface (NCI) in the Linux kernel. This flaw could allow a local attacker with user privileges to cause a data race problem while the device is getting removed, leading to a privilege escalation problem. CVE-2021-4202 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:cluster-md-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:dlm-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:gfs2-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:kernel-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:ocfs2-kmp-default-4.12.14-150100.197.117.1 moderate 6.9 AV:L/AC:M/Au:N/C:C/I:C/A:C An issue was discovered in the Linux kernel before 5.14.15. There is an array-index-out-of-bounds flaw in the detach_capi_ctr function in drivers/isdn/capi/kcapi.c. CVE-2021-43389 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:cluster-md-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:dlm-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:gfs2-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:kernel-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:ocfs2-kmp-default-4.12.14-150100.197.117.1 moderate 2.1 AV:L/AC:L/Au:N/C:N/I:N/A:P The x/crypto/ssh package before 0.0.0-20211202192323-5770296d904e of golang.org/x/crypto allows an attacker to panic an SSH server. CVE-2021-43565 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:docker-20.10.17_ce-150000.166.1 important In the Linux kernel through 5.15.2, hw_atl_utils_fw_rpc_wait in drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_utils.c allows an attacker (who can introduce a crafted device) to trigger an out-of-bounds write via a crafted length value. CVE-2021-43975 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:cluster-md-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:dlm-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:gfs2-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:kernel-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:ocfs2-kmp-default-4.12.14-150100.197.117.1 moderate 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P In the Linux kernel through 5.15.2, mwifiex_usb_recv in drivers/net/wireless/marvell/mwifiex/usb.c allows an attacker (who can connect a crafted USB device) to cause a denial of service (skb_over_panic). CVE-2021-43976 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:cluster-md-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:dlm-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:gfs2-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:kernel-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:ocfs2-kmp-default-4.12.14-150100.197.117.1 moderate 2.1 AV:L/AC:L/Au:N/C:N/I:N/A:P The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide "...enhanced compatibility with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver." Samba versions prior to 4.13.17, 4.14.12 and 4.15.5 with vfs_fruit configured allow out-of-bounds heap read and write via specially crafted extended file attributes. A remote attacker with write access to extended file attributes can execute arbitrary code with the privileges of smbd, typically root. CVE-2021-44142 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:ctdb-4.9.5+git.487.9b5717b962b-150100.3.67.2 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:libdcerpc-binding0-4.9.5+git.487.9b5717b962b-150100.3.67.2 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:libdcerpc0-4.9.5+git.487.9b5717b962b-150100.3.67.2 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:libndr-krb5pac0-4.9.5+git.487.9b5717b962b-150100.3.67.2 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:libndr-nbt0-4.9.5+git.487.9b5717b962b-150100.3.67.2 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:libndr-standard0-4.9.5+git.487.9b5717b962b-150100.3.67.2 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:libndr0-4.9.5+git.487.9b5717b962b-150100.3.67.2 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:libnetapi0-4.9.5+git.487.9b5717b962b-150100.3.67.2 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:libsamba-credentials0-4.9.5+git.487.9b5717b962b-150100.3.67.2 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:libsamba-errors0-4.9.5+git.487.9b5717b962b-150100.3.67.2 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:libsamba-hostconfig0-4.9.5+git.487.9b5717b962b-150100.3.67.2 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:libsamba-passdb0-4.9.5+git.487.9b5717b962b-150100.3.67.2 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:libsamba-util0-4.9.5+git.487.9b5717b962b-150100.3.67.2 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:libsamdb0-4.9.5+git.487.9b5717b962b-150100.3.67.2 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:libsmbconf0-4.9.5+git.487.9b5717b962b-150100.3.67.2 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:libsmbldap2-4.9.5+git.487.9b5717b962b-150100.3.67.2 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:libtevent-util0-4.9.5+git.487.9b5717b962b-150100.3.67.2 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:libwbclient0-4.9.5+git.487.9b5717b962b-150100.3.67.2 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:samba-libs-4.9.5+git.487.9b5717b962b-150100.3.67.2 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:samba-libs-python3-4.9.5+git.487.9b5717b962b-150100.3.67.2 critical 9 AV:N/AC:L/Au:S/C:C/I:C/A:C A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel through 5.15.11. This occurs because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory object. CVE-2021-44733 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:cluster-md-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:dlm-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:gfs2-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:kernel-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:ocfs2-kmp-default-4.12.14-150100.197.117.1 moderate 4.4 AV:L/AC:M/Au:N/C:P/I:P/A:P In gc_data_segment in fs/f2fs/gc.c in the Linux kernel before 5.16.3, special files are not considered, leading to a move_data_page NULL pointer dereference. CVE-2021-44879 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:cluster-md-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:dlm-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:gfs2-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:kernel-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:ocfs2-kmp-default-4.12.14-150100.197.117.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P pep_sock_accept in net/phonet/pep.c in the Linux kernel through 5.15.8 has a refcount leak. CVE-2021-45095 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:cluster-md-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:dlm-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:gfs2-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:kernel-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:ocfs2-kmp-default-4.12.14-150100.197.117.1 moderate 2.1 AV:L/AC:L/Au:N/C:P/I:N/A:N In zsh before 5.8.1, an attacker can achieve code execution if they control a command output inside the prompt, as demonstrated by a %F argument. This occurs because of recursive PROMPT_SUBST expansion. CVE-2021-45444 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:zsh-5.6-7.5.1 moderate 5.1 AV:N/AC:H/Au:N/C:P/I:P/A:P In the IPv4 implementation in the Linux kernel before 5.12.4, net/ipv4/route.c has an information leak because the hash table is very small. CVE-2021-45486 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:cluster-md-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:dlm-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:gfs2-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:kernel-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:ocfs2-kmp-default-4.12.14-150100.197.117.1 low 2.7 AV:A/AC:L/Au:S/C:P/I:N/A:N In the Linux kernel before 5.15.3, fs/quota/quota_tree.c does not validate the block number in the quota tree (on disk). This can, for example, lead to a kernel/locking/rwsem.c use-after-free if there is a corrupted quota file. CVE-2021-45868 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:cluster-md-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:dlm-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:gfs2-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:kernel-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:ocfs2-kmp-default-4.12.14-150100.197.117.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. CVE-2021-46059 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:vim-8.2.5038-150000.5.21.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:vim-data-common-8.2.5038-150000.5.21.1 moderate Non-transparent sharing of branch predictor selectors between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. CVE-2022-0001 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:cluster-md-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:dlm-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:gfs2-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:kernel-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:ocfs2-kmp-default-4.12.14-150100.197.117.1 moderate 2.1 AV:L/AC:L/Au:N/C:P/I:N/A:N Non-transparent sharing of branch predictor within a context in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. CVE-2022-0002 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:cluster-md-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:dlm-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:gfs2-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:kernel-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:ocfs2-kmp-default-4.12.14-150100.197.117.1 moderate 2.1 AV:L/AC:L/Au:N/C:P/I:N/A:N vim is vulnerable to Out-of-bounds Read CVE-2022-0128 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:vim-8.2.5038-150000.5.21.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:vim-data-common-8.2.5038-150000.5.21.1 low 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P vim is vulnerable to Heap-based Buffer Overflow CVE-2022-0213 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:vim-8.2.5038-150000.5.21.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:vim-data-common-8.2.5038-150000.5.21.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. CVE-2022-0261 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:vim-8.2.5038-150000.5.21.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:vim-data-common-8.2.5038-150000.5.21.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P Heap-based Buffer Overflow in vim/vim prior to 8.2. CVE-2022-0318 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:vim-8.2.5038-150000.5.21.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:vim-data-common-8.2.5038-150000.5.21.1 moderate 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P Out-of-bounds Read in vim/vim prior to 8.2. CVE-2022-0319 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:vim-8.2.5038-150000.5.21.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:vim-data-common-8.2.5038-150000.5.21.1 low 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N A flaw was found in the sctp_make_strreset_req function in net/sctp/sm_make_chunk.c in the SCTP network protocol in the Linux kernel with a local user privilege access. In this flaw, an attempt to use more buffer than is allocated triggers a BUG_ON issue, leading to a denial of service (DOS). CVE-2022-0322 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:cluster-md-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:dlm-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:gfs2-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:kernel-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:ocfs2-kmp-default-4.12.14-150100.197.117.1 moderate 2.1 AV:L/AC:L/Au:N/C:N/I:N/A:P A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw allows a local user to crash the system or escalate their privileges on the system. CVE-2022-0330 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:cluster-md-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:dlm-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:gfs2-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:kernel-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:ocfs2-kmp-default-4.12.14-150100.197.117.1 moderate 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P Access of Memory Location Before Start of Buffer in GitHub repository vim/vim prior to 8.2. CVE-2022-0351 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:vim-8.2.5038-150000.5.21.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:vim-data-common-8.2.5038-150000.5.21.1 low 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. CVE-2022-0359 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:vim-8.2.5038-150000.5.21.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:vim-data-common-8.2.5038-150000.5.21.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. CVE-2022-0361 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:vim-8.2.5038-150000.5.21.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:vim-data-common-8.2.5038-150000.5.21.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P Heap-based Buffer Overflow in GitHub repository vim prior to 8.2. CVE-2022-0392 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:vim-8.2.5038-150000.5.21.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:vim-data-common-8.2.5038-150000.5.21.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. CVE-2022-0407 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:vim-8.2.5038-150000.5.21.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:vim-data-common-8.2.5038-150000.5.21.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P Use After Free in GitHub repository vim/vim prior to 8.2. CVE-2022-0413 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:vim-8.2.5038-150000.5.21.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:vim-data-common-8.2.5038-150000.5.21.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P A stack overflow flaw was found in the Linux kernel's TIPC protocol functionality in the way a user sends a packet with malicious content where the number of domain member nodes is higher than the 64 allowed. This flaw allows a remote user to crash the system or possibly escalate their privileges if they have access to the TIPC network. CVE-2022-0435 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:cluster-md-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:dlm-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:gfs2-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:kernel-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:ocfs2-kmp-default-4.12.14-150100.197.117.1 important 9 AV:N/AC:L/Au:S/C:C/I:C/A:C A use-after-free vulnerability was found in rtsx_usb_ms_drv_remove in drivers/memstick/host/rtsx_usb_ms.c in memstick in the Linux kernel. In this flaw, a local attacker with a user privilege may impact system Confidentiality. This flaw affects kernel versions prior to 5.14 rc1. CVE-2022-0487 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:cluster-md-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:dlm-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:gfs2-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:kernel-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:ocfs2-kmp-default-4.12.14-150100.197.117.1 moderate 2.1 AV:L/AC:L/Au:N/C:P/I:N/A:N A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly. CVE-2022-0492 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:cluster-md-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:dlm-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:gfs2-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:kernel-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:ocfs2-kmp-default-4.12.14-150100.197.117.1 moderate 6.9 AV:L/AC:M/Au:N/C:C/I:C/A:C Null source pointer passed as an argument to memcpy() function within TIFFFetchStripThing() in tif_dirread.c in libtiff versions from 3.9.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. For users that compile libtiff from sources, the fix is available with commit eecb0712. CVE-2022-0561 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:libtiff5-4.0.9-150000.45.8.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P Null source pointer passed as an argument to memcpy() function within TIFFReadDirectory() in tif_dirread.c in libtiff versions from 4.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. For users that compile libtiff from sources, a fix is available with commit 561599c. CVE-2022-0562 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:libtiff5-4.0.9-150000.45.8.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P A flaw null pointer dereference in the Linux kernel UDF file system functionality was found in the way user triggers udf_file_write_iter function for the malicious UDF image. A local user could use this flaw to crash the system. Actual from Linux kernel 4.2-rc1 till 5.17-rc2. CVE-2022-0617 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:cluster-md-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:dlm-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:gfs2-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:kernel-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:ocfs2-kmp-default-4.12.14-150100.197.117.1 moderate 4.9 AV:L/AC:L/Au:N/C:N/I:N/A:C ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. CVE-2022-0644 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:cluster-md-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:dlm-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:gfs2-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:kernel-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:ocfs2-kmp-default-4.12.14-150100.197.117.1 moderate NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.4428. CVE-2022-0696 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:vim-8.2.5038-150000.5.21.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:vim-data-common-8.2.5038-150000.5.21.1 low 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic curve parameters. Thus vulnerable situations include: - TLS clients consuming server certificates - TLS servers consuming client certificates - Hosting providers taking certificates or private keys from customers - Certificate authorities parsing certification requests from subscribers - Anything else which parses ASN.1 elliptic curve parameters Also any other applications that use the BN_mod_sqrt() where the attacker can control the parameter values are vulnerable to this DoS issue. In the OpenSSL 1.0.2 version the public key is not parsed during initial parsing of the certificate which makes it slightly harder to trigger the infinite loop. However any operation which requires the public key from the certificate will trigger the infinite loop. In particular the attacker can use a self-signed certificate to trigger the loop during verification of the certificate signature. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0. It was addressed in the releases of 1.1.1n and 3.0.2 on the 15th March 2022. Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1). Fixed in OpenSSL 1.1.1n (Affected 1.1.1-1.1.1m). Fixed in OpenSSL 1.0.2zd (Affected 1.0.2-1.0.2zc). CVE-2022-0778 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:libopenssl1_1-1.1.0i-150100.14.36.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:openssl-1_1-1.1.0i-150100.14.36.1 important 5 AV:N/AC:L/Au:N/C:N/I:N/A:P An information leak flaw was found in NFS over RDMA in the net/sunrpc/xprtrdma/rpc_rdma.c in the Linux Kernel. This flaw allows an attacker with normal user privileges to leak kernel information. CVE-2022-0812 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:cluster-md-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:dlm-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:gfs2-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:kernel-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:ocfs2-kmp-default-4.12.14-150100.197.117.1 moderate A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache backed by read only files and as such escalate their privileges on the system. CVE-2022-0847 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:cluster-md-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:dlm-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:gfs2-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:kernel-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:ocfs2-kmp-default-4.12.14-150100.197.117.1 important 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C A vulnerability was found in linux kernel, where an information leak occurs via ext4_extent_header to userspace. CVE-2022-0850 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:cluster-md-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:dlm-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:gfs2-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:kernel-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:ocfs2-kmp-default-4.12.14-150100.197.117.1 moderate Reachable Assertion in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 5e180045. CVE-2022-0865 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:libtiff5-4.0.9-150000.45.8.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-27666. Reason: This candidate is a reservation duplicate of CVE-2022-27666. Notes: All CVE users should reference CVE-2022-27666 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. CVE-2022-0886 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:cluster-md-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:dlm-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:gfs2-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:kernel-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:ocfs2-kmp-default-4.12.14-150100.197.117.1 important A heap buffer overflow in ExtractImageSection function in tiffcrop.c in libtiff library Version 4.3.0 allows attacker to trigger unsafe or out of bounds memory access via crafted TIFF image file which could result into application crash, potential information disclosure or any other context-dependent impact CVE-2022-0891 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:libtiff5-4.0.9-150000.45.8.1 important 5.8 AV:N/AC:M/Au:N/C:P/I:N/A:P Null source pointer passed as an argument to memcpy() function within TIFFFetchNormalTag () in tif_dirread.c in libtiff versions up to 4.3.0 could lead to Denial of Service via crafted TIFF file. CVE-2022-0908 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:libtiff5-4.0.9-150000.45.8.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P Divide By Zero error in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f8d0f9aa. CVE-2022-0909 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:libtiff5-4.0.9-150000.45.8.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P Out-of-bounds Read error in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 408976c4. CVE-2022-0924 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:libtiff5-4.0.9-150000.45.8.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P A use-after-free flaw was found in the Linux kernel’s FUSE filesystem in the way a user triggers write(). This flaw allows a local user to gain unauthorized access to data from the FUSE filesystem, resulting in privilege escalation. CVE-2022-1011 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:cluster-md-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:dlm-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:gfs2-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:kernel-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:ocfs2-kmp-default-4.12.14-150100.197.117.1 moderate 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P A flaw was found in the Linux kernel in net/netfilter/nf_tables_core.c:nft_do_chain, which can cause a use-after-free. This issue needs to handle 'return' with proper preconditions, as it can lead to a kernel information leak problem caused by a local, unprivileged attacker. CVE-2022-1016 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:cluster-md-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:dlm-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:gfs2-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:kernel-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:ocfs2-kmp-default-4.12.14-150100.197.117.1 important A use-after-free flaw was found in the Linux kernel’s sound subsystem in the way a user triggers concurrent calls of PCM hw_params. The hw_free ioctls or similar race condition happens inside ALSA PCM for other ioctls. This flaw allows a local user to crash or potentially escalate their privileges on the system. CVE-2022-1048 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:cluster-md-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:dlm-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:gfs2-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:kernel-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:ocfs2-kmp-default-4.12.14-150100.197.117.1 important 6.9 AV:L/AC:M/Au:N/C:C/I:C/A:C Out-of-bounds Read error in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 46dc8fcd. CVE-2022-1056 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:libtiff5-4.0.9-150000.45.8.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P <code>NSSToken</code> objects were referenced via direct points, and could have been accessed in an unsafe way on different threads, leading to a use-after-free and potentially exploitable crash. This vulnerability affects Thunderbird < 91.8, Firefox < 99, and Firefox ESR < 91.8. CVE-2022-1097 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:libfreebl3-3.68.3-150000.3.67.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:libsoftokn3-3.68.3-150000.3.67.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:mozilla-nss-3.68.3-150000.3.67.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:mozilla-nss-certs-3.68.3-150000.3.67.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:mozilla-nss-tools-3.68.3-150000.3.67.1 important A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel’s filesystem sub-component. This flaw allows a local attacker with a user privilege to cause a denial of service. CVE-2022-1184 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:cluster-md-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:dlm-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:gfs2-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:kernel-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:ocfs2-kmp-default-4.12.14-150100.197.117.1 moderate A format string vulnerability was found in libinput CVE-2022-1215 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:libinput10-1.10.5-150000.3.3.1 important 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name (for example, a crafted file name), this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation when processing filenames with two or more newlines where selected content and the target file names are embedded in crafted multi-line file names. This flaw allows a remote, low privileged attacker to force zgrep to write arbitrary files on the system. CVE-2022-1271 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:gzip-1.1-150000.4.15.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:liblzma5-5.2.3-150000.4.7.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:xz-5.2.3-150000.4.7.1 important The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2). Fixed in OpenSSL 1.1.1o (Affected 1.1.1-1.1.1n). Fixed in OpenSSL 1.0.2ze (Affected 1.0.2-1.0.2zd). CVE-2022-1292 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:libopenssl1_1-1.1.0i-150100.14.36.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:openssl-1_1-1.1.0i-150100.14.36.1 moderate 10 AV:N/AC:L/Au:N/C:C/I:C/A:C An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5. This issue leads to a segmentation fault and possibly arbitrary code execution via a specially crafted filesystem. CVE-2022-1304 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:e2fsprogs-1.43.8-150000.4.33.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:libcom_err2-1.43.8-150000.4.33.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:libext2fs2-1.43.8-150000.4.33.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a leak of internal kernel information. CVE-2022-1353 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:cluster-md-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:dlm-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:gfs2-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:kernel-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:ocfs2-kmp-default-4.12.14-150100.197.117.1 moderate 3.6 AV:L/AC:L/Au:N/C:P/I:N/A:P global heap buffer overflow in skip_range in GitHub repository vim/vim prior to 8.2.4763. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution CVE-2022-1381 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:vim-8.2.5038-150000.5.21.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:vim-data-common-8.2.5038-150000.5.21.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P The root cause of this vulnerability is that the ioctl$DRM_IOCTL_MODE_DESTROY_DUMB can decrease refcount of *drm_vgem_gem_object *(created in *vgem_gem_dumb_create*) concurrently, and *vgem_gem_dumb_create *will access the freed drm_vgem_gem_object. CVE-2022-1419 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:cluster-md-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:dlm-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:gfs2-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:kernel-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:ocfs2-kmp-default-4.12.14-150100.197.117.1 moderate 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4774. CVE-2022-1420 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:vim-8.2.5038-150000.5.21.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:vim-data-common-8.2.5038-150000.5.21.1 low 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P A NULL pointer dereference flaw was found in the Linux kernel’s X.25 set of standardized network protocols functionality in the way a user terminates their session using a simulated Ethernet card and continued usage of this connection. This flaw allows a local user to crash the system. CVE-2022-1516 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:cluster-md-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:dlm-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:gfs2-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:kernel-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:ocfs2-kmp-default-4.12.14-150100.197.117.1 moderate 4.9 AV:L/AC:L/Au:N/C:N/I:N/A:C An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. This involves a unicode property matching issue in JIT-compiled regular expressions. The issue occurs because the character was not fully read in case-less matching within JIT. CVE-2022-1586 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:libpcre1-8.45-150000.20.13.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:libpcre2-8-0-10.31-150000.3.7.1 important 6.4 AV:N/AC:L/Au:N/C:P/I:N/A:P Use after free in append_command in GitHub repository vim/vim prior to 8.2.4895. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution CVE-2022-1616 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:vim-8.2.5038-150000.5.21.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:vim-data-common-8.2.5038-150000.5.21.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P Heap-based Buffer Overflow in function cmdline_erase_chars in GitHub repository vim/vim prior to 8.2.4899. This vulnerabilities are capable of crashing software, modify memory, and possible remote execution CVE-2022-1619 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:vim-8.2.5038-150000.5.21.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:vim-data-common-8.2.5038-150000.5.21.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 in GitHub repository vim/vim prior to 8.2.4901. NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 allows attackers to cause a denial of service (application crash) via a crafted input. CVE-2022-1620 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:vim-8.2.5038-150000.5.21.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:vim-data-common-8.2.5038-150000.5.21.1 low 5 AV:N/AC:L/Au:N/C:N/I:N/A:P Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system. CVE-2022-1652 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:cluster-md-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:dlm-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:gfs2-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:kernel-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:ocfs2-kmp-default-4.12.14-150100.197.117.1 moderate 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C A use-after-free flaw was found in the Linux kernel’s Atheros wireless adapter driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local user to crash or potentially escalate their privileges on the system. CVE-2022-1679 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:cluster-md-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:dlm-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:gfs2-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:kernel-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:ocfs2-kmp-default-4.12.14-150100.197.117.1 moderate 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C A race condition was found the Linux kernel in perf_event_open() which can be exploited by an unprivileged user to gain root privileges. The bug allows to build several exploit primitives such as kernel address information leak, arbitrary execution, etc. CVE-2022-1729 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:cluster-md-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:dlm-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:gfs2-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:kernel-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:ocfs2-kmp-default-4.12.14-150100.197.117.1 important Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4968. CVE-2022-1733 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:vim-8.2.5038-150000.5.21.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:vim-data-common-8.2.5038-150000.5.21.1 low 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P A flaw in Linux Kernel found in nfcmrvl_nci_unregister_dev() in drivers/nfc/nfcmrvl/main.c can lead to use after free both read or write when non synchronized between cleanup routine and firmware download routine. CVE-2022-1734 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:cluster-md-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:dlm-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:gfs2-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:kernel-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:ocfs2-kmp-default-4.12.14-150100.197.117.1 important 4.4 AV:L/AC:M/Au:N/C:P/I:P/A:P Classic Buffer Overflow in GitHub repository vim/vim prior to 8.2.4969. CVE-2022-1735 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:vim-8.2.5038-150000.5.21.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:vim-data-common-8.2.5038-150000.5.21.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P Uncontrolled Recursion in GitHub repository vim/vim prior to 8.2.4975. CVE-2022-1771 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:vim-8.2.5038-150000.5.21.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:vim-data-common-8.2.5038-150000.5.21.1 low 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.4977. CVE-2022-1785 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:vim-8.2.5038-150000.5.21.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:vim-data-common-8.2.5038-150000.5.21.1 low 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P Use After Free in GitHub repository vim/vim prior to 8.2.4979. CVE-2022-1796 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:vim-8.2.5038-150000.5.21.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:vim-data-common-8.2.5038-150000.5.21.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-33981. Reason: This candidate is a reservation duplicate of CVE-2022-33981. Notes: All CVE users should reference CVE-2022-33981 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. CVE-2022-1836 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:cluster-md-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:dlm-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:gfs2-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:kernel-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:ocfs2-kmp-default-4.12.14-150100.197.117.1 moderate Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. CVE-2022-1851 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:vim-8.2.5038-150000.5.21.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:vim-data-common-8.2.5038-150000.5.21.1 low 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. CVE-2022-1897 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:vim-8.2.5038-150000.5.21.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:vim-data-common-8.2.5038-150000.5.21.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P Use After Free in GitHub repository vim/vim prior to 8.2. CVE-2022-1898 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:vim-8.2.5038-150000.5.21.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:vim-data-common-8.2.5038-150000.5.21.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P Buffer Over-read in GitHub repository vim/vim prior to 8.2. CVE-2022-1927 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:vim-8.2.5038-150000.5.21.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:vim-data-common-8.2.5038-150000.5.21.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P A use-after-free flaw was found in the Linux kernel's NFC core functionality due to a race condition between kobject creation and delete. This vulnerability allows a local attacker with CAP_NET_ADMIN privilege to leak kernel information. CVE-2022-1974 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:cluster-md-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:dlm-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:gfs2-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:kernel-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:ocfs2-kmp-default-4.12.14-150100.197.117.1 moderate There is a sleep-in-atomic bug in /net/nfc/netlink.c that allows an attacker to crash the Linux kernel by simulating a nfc device from user-space. CVE-2022-1975 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:cluster-md-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:dlm-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:gfs2-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:kernel-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:ocfs2-kmp-default-4.12.14-150100.197.117.1 moderate In lg_probe and related functions of hid-lg.c and other USB HID files, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure if a malicious USB HID device were plugged in, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-188677105References: Upstream kernel CVE-2022-20132 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:cluster-md-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:dlm-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:gfs2-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:kernel-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:ocfs2-kmp-default-4.12.14-150100.197.117.1 moderate 4.9 AV:L/AC:L/Au:N/C:C/I:N/A:N In ip_check_mc_rcu of igmp.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege when opening and closing inet sockets with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-112551163References: Upstream kernel CVE-2022-20141 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:cluster-md-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:dlm-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:gfs2-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:kernel-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:ocfs2-kmp-default-4.12.14-150100.197.117.1 moderate 6.9 AV:L/AC:M/Au:N/C:C/I:C/A:C In lock_sock_nested of sock.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-174846563References: Upstream kernel CVE-2022-20154 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:cluster-md-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:dlm-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:gfs2-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:kernel-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:ocfs2-kmp-default-4.12.14-150100.197.117.1 moderate 4.4 AV:L/AC:M/Au:N/C:P/I:P/A:P In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other places in the script where the file names of certificates being hashed were possibly passed to a command executed through the shell. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4 (Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected 1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze). CVE-2022-2068 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:libopenssl1_1-1.1.0i-150100.14.36.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:openssl-1_1-1.1.0i-150100.14.36.1 moderate 10 AV:N/AC:L/Au:N/C:C/I:C/A:C AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of "in place" encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and DTLS, they are both unaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL 1.1.1q (Affected 1.1.1-1.1.1p). CVE-2022-2097 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:libopenssl1_1-1.1.0i-150100.14.36.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:openssl-1_1-1.1.0i-150100.14.36.1 important 5 AV:N/AC:L/Au:N/C:P/I:N/A:N Incomplete cleanup of multi-core shared buffers for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. CVE-2022-21123 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:cluster-md-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:dlm-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:gfs2-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:kernel-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:ocfs2-kmp-default-4.12.14-150100.197.117.1 moderate 2.1 AV:L/AC:L/Au:N/C:P/I:N/A:N Incomplete cleanup of microarchitectural fill buffers on some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. CVE-2022-21125 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:cluster-md-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:dlm-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:gfs2-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:kernel-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:ocfs2-kmp-default-4.12.14-150100.197.117.1 moderate 2.1 AV:L/AC:L/Au:N/C:P/I:N/A:N Incomplete cleanup in specific special register write operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. CVE-2022-21166 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:cluster-md-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:dlm-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:gfs2-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:kernel-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:ocfs2-kmp-default-4.12.14-150100.197.117.1 moderate 2.1 AV:L/AC:L/Au:N/C:P/I:N/A:N Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). CVE-2022-21271 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:java-1_8_0-ibm-1.8.0_sr7.5-150000.3.56.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). CVE-2022-21282 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:java-1_8_0-ibm-1.8.0_sr7.5-150000.3.56.1 moderate 5 AV:N/AC:L/Au:N/C:P/I:N/A:N Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). CVE-2022-21283 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:java-1_8_0-ibm-1.8.0_sr7.5-150000.3.56.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). CVE-2022-21293 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:java-1_8_0-ibm-1.8.0_sr7.5-150000.3.56.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). CVE-2022-21299 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:java-1_8_0-ibm-1.8.0_sr7.5-150000.3.56.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N). CVE-2022-21305 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:java-1_8_0-ibm-1.8.0_sr7.5-150000.3.56.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:P/A:N Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). CVE-2022-21341 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:java-1_8_0-ibm-1.8.0_sr7.5-150000.3.56.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). CVE-2022-21360 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:java-1_8_0-ibm-1.8.0_sr7.5-150000.3.56.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Oracle Java SE: 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). CVE-2022-21366 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:java-1_8_0-ibm-1.8.0_sr7.5-150000.3.56.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P KGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lockdown. An attacker with access to a serial port could trigger the debugger so it is important that the debugger respect the lockdown mode when/if it is triggered. CVSS 3.1 Base Score 6.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H). CVE-2022-21499 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:cluster-md-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:dlm-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:gfs2-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:kernel-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:ocfs2-kmp-default-4.12.14-150100.197.117.1 important 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. CVE-2022-22827 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:expat-2.2.5-3.19.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:libexpat1-2.2.5-3.19.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P LibTIFF 4.3.0 has an out-of-bounds read in _TIFFmemcpy in tif_unix.c in certain situations involving a custom tag and 0x0200 as the second word of the DE field. CVE-2022-22844 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:libtiff5-4.0.9-150000.45.8.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. Salt Masters do not sign pillar data with the minion’s public key, which can result in attackers substituting arbitrary pillar data. CVE-2022-22934 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:python3-salt-3004-150100.71.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:salt-3004-150100.71.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:salt-minion-3004-150100.71.1 important 5.8 AV:A/AC:L/Au:N/C:P/I:P/A:P An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. A minion authentication denial of service can cause a MiTM attacker to force a minion process to stop by impersonating a master. CVE-2022-22935 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:python3-salt-3004-150100.71.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:salt-3004-150100.71.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:salt-minion-3004-150100.71.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. Job publishes and file server replies are susceptible to replay attacks, which can result in an attacker replaying job publishes causing minions to run old jobs. File server replies can also be re-played. A sufficient craft attacker could gain root access on minion under certain scenarios. CVE-2022-22936 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:python3-salt-3004-150100.71.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:salt-3004-150100.71.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:salt-minion-3004-150100.71.1 important 5.4 AV:A/AC:M/Au:N/C:P/I:P/A:P An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. When configured as a Master-of-Masters, with a publisher_acl, if a user configured in the publisher_acl targets any minion connected to the Syndic, the Salt Master incorrectly interpreted no valid targets as valid, allowing configured users to target any of the minions connected to the syndic with their configured commands. This requires a syndic master combined with publisher_acl configured on the Master-of-Masters, allowing users specified in the publisher_acl to bypass permissions, publishing authorized commands to any configured minion. CVE-2022-22941 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:python3-salt-3004-150100.71.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:salt-3004-150100.71.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:salt-minion-3004-150100.71.1 important 6 AV:N/AC:M/Au:S/C:P/I:P/A:P ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2022-22942 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:cluster-md-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:dlm-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:gfs2-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:kernel-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:ocfs2-kmp-default-4.12.14-150100.197.117.1 moderate An issue was discovered in SaltStack Salt in versions before 3002.9, 3003.5, 3004.2. PAM auth fails to reject locked accounts, which allows a previously authorized user whose account is locked still run Salt commands when their account is locked. This affects both local shell accounts with an active session and salt-api users that authenticate via PAM eauth. CVE-2022-22967 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:python3-salt-3004-150100.71.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:salt-3004-150100.71.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:salt-minion-3004-150100.71.1 important 6.5 AV:N/AC:L/Au:S/C:P/I:P/A:P Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they assume that a following removal of the granted access will always succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result the backend can keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. The xenbus driver has a similar problem, as it doesn't check the success of removing the granted access of a shared ring buffer. blkfront: CVE-2022-23036 netfront: CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no longer in use, but the freeing of the related data page is not synchronized with dropping the granted access. As a result the backend can keep access to the memory page even after it has been freed and then re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG_ON() assertion if it fails to revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which can be triggered by the backend. CVE-2022-23042 CVE-2022-23036 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:cluster-md-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:dlm-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:gfs2-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:kernel-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:ocfs2-kmp-default-4.12.14-150100.197.117.1 important 4.4 AV:L/AC:M/Au:N/C:P/I:P/A:P Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they assume that a following removal of the granted access will always succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result the backend can keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. The xenbus driver has a similar problem, as it doesn't check the success of removing the granted access of a shared ring buffer. blkfront: CVE-2022-23036 netfront: CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no longer in use, but the freeing of the related data page is not synchronized with dropping the granted access. As a result the backend can keep access to the memory page even after it has been freed and then re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG_ON() assertion if it fails to revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which can be triggered by the backend. CVE-2022-23042 CVE-2022-23037 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:cluster-md-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:dlm-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:gfs2-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:kernel-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:ocfs2-kmp-default-4.12.14-150100.197.117.1 important 4.4 AV:L/AC:M/Au:N/C:P/I:P/A:P Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they assume that a following removal of the granted access will always succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result the backend can keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. The xenbus driver has a similar problem, as it doesn't check the success of removing the granted access of a shared ring buffer. blkfront: CVE-2022-23036 netfront: CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no longer in use, but the freeing of the related data page is not synchronized with dropping the granted access. As a result the backend can keep access to the memory page even after it has been freed and then re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG_ON() assertion if it fails to revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which can be triggered by the backend. CVE-2022-23042 CVE-2022-23038 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:cluster-md-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:dlm-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:gfs2-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:kernel-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:ocfs2-kmp-default-4.12.14-150100.197.117.1 important 4.4 AV:L/AC:M/Au:N/C:P/I:P/A:P Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they assume that a following removal of the granted access will always succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result the backend can keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. The xenbus driver has a similar problem, as it doesn't check the success of removing the granted access of a shared ring buffer. blkfront: CVE-2022-23036 netfront: CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no longer in use, but the freeing of the related data page is not synchronized with dropping the granted access. As a result the backend can keep access to the memory page even after it has been freed and then re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG_ON() assertion if it fails to revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which can be triggered by the backend. CVE-2022-23042 CVE-2022-23039 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:cluster-md-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:dlm-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:gfs2-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:kernel-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:ocfs2-kmp-default-4.12.14-150100.197.117.1 important 4.4 AV:L/AC:M/Au:N/C:P/I:P/A:P Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they assume that a following removal of the granted access will always succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result the backend can keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. The xenbus driver has a similar problem, as it doesn't check the success of removing the granted access of a shared ring buffer. blkfront: CVE-2022-23036 netfront: CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no longer in use, but the freeing of the related data page is not synchronized with dropping the granted access. As a result the backend can keep access to the memory page even after it has been freed and then re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG_ON() assertion if it fails to revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which can be triggered by the backend. CVE-2022-23042 CVE-2022-23040 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:cluster-md-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:dlm-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:gfs2-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:kernel-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:ocfs2-kmp-default-4.12.14-150100.197.117.1 important 4.4 AV:L/AC:M/Au:N/C:P/I:P/A:P Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they assume that a following removal of the granted access will always succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result the backend can keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. The xenbus driver has a similar problem, as it doesn't check the success of removing the granted access of a shared ring buffer. blkfront: CVE-2022-23036 netfront: CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no longer in use, but the freeing of the related data page is not synchronized with dropping the granted access. As a result the backend can keep access to the memory page even after it has been freed and then re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG_ON() assertion if it fails to revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which can be triggered by the backend. CVE-2022-23042 CVE-2022-23041 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:cluster-md-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:dlm-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:gfs2-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:kernel-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:ocfs2-kmp-default-4.12.14-150100.197.117.1 important 4.4 AV:L/AC:M/Au:N/C:P/I:P/A:P Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they assume that a following removal of the granted access will always succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result the backend can keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. The xenbus driver has a similar problem, as it doesn't check the success of removing the granted access of a shared ring buffer. blkfront: CVE-2022-23036 netfront: CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no longer in use, but the freeing of the related data page is not synchronized with dropping the granted access. As a result the backend can keep access to the memory page even after it has been freed and then re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG_ON() assertion if it fails to revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which can be triggered by the backend. CVE-2022-23042 CVE-2022-23042 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:cluster-md-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:dlm-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:gfs2-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:kernel-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:ocfs2-kmp-default-4.12.14-150100.197.117.1 important 4.4 AV:L/AC:M/Au:N/C:P/I:P/A:P There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that allow attackers to crash linux kernel without any privileges. CVE-2022-2318 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:cluster-md-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:dlm-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:gfs2-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:kernel-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:ocfs2-kmp-default-4.12.14-150100.197.117.1 moderate 4.9 AV:L/AC:L/Au:N/C:N/I:N/A:C The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its path argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution. CVE-2022-23218 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:glibc-2.26-13.65.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:glibc-i18ndata-2.26-13.65.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:glibc-locale-2.26-13.65.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:glibc-locale-base-2.26-13.65.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:nscd-2.26-13.65.1 moderate 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its hostname argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution. CVE-2022-23219 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:glibc-2.26-13.65.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:glibc-i18ndata-2.26-13.65.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:glibc-locale-2.26-13.65.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:glibc-locale-base-2.26-13.65.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:nscd-2.26-13.65.1 moderate 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes. CVE-2022-23308 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:libxml2-2-2.9.7-150000.3.46.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P Action Pack is a framework for handling and responding to web requests. Under certain circumstances response bodies will not be closed. In the event a response is *not* notified of a `close`, `ActionDispatch::Executor` will not know to reset thread local state for the next request. This can lead to data being leaked to subsequent requests.This has been fixed in Rails 7.0.2.1, 6.1.4.5, 6.0.4.5, and 5.2.6.1. Upgrading is highly recommended, but to work around this problem a middleware described in GHSA-wh98-p28r-vrc9 can be used. CVE-2022-23633 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.12.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:ruby2.5-rubygem-activesupport-5_1-5.1.4-150000.3.6.1 moderate 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N Puma is a Ruby/Rack web server built for parallelism. Prior to `puma` version `5.6.2`, `puma` may not always call `close` on the response body. Rails, prior to version `7.0.2.2`, depended on the response body being closed in order for its `CurrentAttributes` implementation to work correctly. The combination of these two behaviors (Puma not closing the body + Rails' Executor implementation) causes information leakage. This problem is fixed in Puma versions 5.6.2 and 4.3.11. This problem is fixed in Rails versions 7.02.2, 6.1.4.6, 6.0.4.6, and 5.2.6.2. Upgrading to a patched Rails _or_ Puma version fixes the vulnerability. CVE-2022-23634 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:ruby2.5-rubygem-puma-4.3.11-150000.3.6.2 moderate 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N containerd is a container runtime available as a daemon for Linux and Windows. A bug was found in containerd prior to versions 1.6.1, 1.5.10, and 1.14.12 where containers launched through containerd’s CRI implementation on Linux with a specially-crafted image configuration could gain access to read-only copies of arbitrary files and directories on the host. This may bypass any policy-based enforcement on container setup (including a Kubernetes Pod Security Policy) and expose potentially sensitive information. Kubernetes and crictl can both be configured to use containerd’s CRI implementation. This bug has been fixed in containerd 1.6.1, 1.5.10, and 1.4.12. Users should update to these versions to resolve the issue. CVE-2022-23648 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:containerd-1.6.6-150000.73.2 moderate 5 AV:N/AC:L/Au:N/C:P/I:N/A:N Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES. CVE-2022-23852 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:expat-2.2.5-3.19.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:libexpat1-2.2.5-3.19.1 important 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function. CVE-2022-23990 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:expat-2.2.5-3.19.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:libexpat1-2.2.5-3.19.1 important 5 AV:N/AC:L/Au:N/C:N/I:N/A:P In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a SQL INSERT or UPDATE statement. CVE-2022-24407 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:cyrus-sasl-2.1.26-5.10.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:cyrus-sasl-digestmd5-2.1.26-5.10.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:cyrus-sasl-gssapi-2.1.26-5.10.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:cyrus-sasl-plain-2.1.26-5.10.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:cyrus-sasl-saslauthd-2.1.26-5.10.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:libsasl2-3-2.1.26-5.10.1 important 6.5 AV:N/AC:L/Au:S/C:P/I:P/A:P An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.16.5. If an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a regular file is found, ENOTDIR should occur, but the server instead returns uninitialized data in the file descriptor. CVE-2022-24448 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:cluster-md-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:dlm-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:gfs2-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:kernel-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:ocfs2-kmp-default-4.12.14-150100.197.117.1 moderate 1.9 AV:L/AC:M/Au:N/C:P/I:N/A:N Moby is an open-source project created by Docker to enable and accelerate software containerization. A bug was found in Moby (Docker Engine) prior to version 20.10.14 where containers were incorrectly started with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling programs with inheritable file capabilities to elevate those capabilities to the permitted set during `execve(2)`. Normally, when executable programs have specified permitted file capabilities, otherwise unprivileged users and processes can execute those programs and gain the specified file capabilities up to the bounding set. Due to this bug, containers which included executable programs with inheritable file capabilities allowed otherwise unprivileged users and processes to additionally gain these inheritable file capabilities up to the container's bounding set. Containers which use Linux users and groups to perform privilege separation inside the container are most directly impacted. This bug did not affect the container security sandbox as the inheritable set never contained more capabilities than were included in the container's bounding set. This bug has been fixed in Moby (Docker Engine) 20.10.14. Running containers should be stopped, deleted, and recreated for the inheritable capabilities to be reset. This fix changes Moby (Docker Engine) behavior such that containers are started with a more typical Linux environment. As a workaround, the entry point of a container can be modified to use a utility like `capsh(1)` to drop inheritable capabilities prior to the primary process starting. CVE-2022-24769 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:containerd-1.6.6-150000.73.2 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:docker-20.10.17_ce-150000.166.1 moderate 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P Rsyslog is a rocket-fast system for log processing. Modules for TCP syslog reception have a potential heap buffer overflow when octet-counted framing is used. This can result in a segfault or some other malfunction. As of our understanding, this vulnerability can not be used for remote code execution. But there may still be a slight chance for experts to do that. The bug occurs when the octet count is read. While there is a check for the maximum number of octets, digits are written to a heap buffer even when the octet count is over the maximum, This can be used to overrun the memory buffer. However, once the sequence of digits stop, no additional characters can be added to the buffer. In our opinion, this makes remote exploits impossible or at least highly complex. Octet-counted framing is one of two potential framing modes. It is relatively uncommon, but enabled by default on receivers. Modules `imtcp`, `imptcp`, `imgssapi`, and `imhttp` are used for regular syslog message reception. It is best practice not to directly expose them to the public. When this practice is followed, the risk is considerably lower. Module `imdiag` is a diagnostics module primarily intended for testbench runs. We do not expect it to be present on any production installation. Octet-counted framing is not very common. Usually, it needs to be specifically enabled at senders. If users do not need it, they can turn it off for the most important modules. This will mitigate the vulnerability. CVE-2022-24903 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:rsyslog-8.33.1-150000.3.37.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P An issue was discovered in the Linux kernel before 5.16.5. There is a memory leak in yam_siocdevprivate in drivers/net/hamradio/yam.c. CVE-2022-24959 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:cluster-md-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:dlm-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:gfs2-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:kernel-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:ocfs2-kmp-default-4.12.14-150100.197.117.1 moderate 2.1 AV:L/AC:L/Au:N/C:N/I:N/A:P xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context. CVE-2022-25235 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:expat-2.2.5-3.19.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:libexpat1-2.2.5-3.19.1 important 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs. CVE-2022-25236 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:expat-2.2.5-3.19.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:libexpat1-2.2.5-3.19.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:python3-3.6.15-150000.3.106.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:python3-curses-3.6.15-150000.3.106.1 important 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element. CVE-2022-25313 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:expat-2.2.5-3.19.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:libexpat1-2.2.5-3.19.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P In Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString. CVE-2022-25314 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:expat-2.2.5-3.19.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:libexpat1-2.2.5-3.19.1 important 5 AV:N/AC:L/Au:N/C:N/I:N/A:P In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames. CVE-2022-25315 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:expat-2.2.5-3.19.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:libexpat1-2.2.5-3.19.1 important 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742). CVE-2022-26365 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:cluster-md-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:dlm-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:gfs2-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:kernel-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:ocfs2-kmp-default-4.12.14-150100.197.117.1 moderate 3.6 AV:L/AC:L/Au:N/C:P/I:N/A:P st21nfca_connectivity_event_received in drivers/nfc/st21nfca/se.c in the Linux kernel through 5.16.12 has EVT_TRANSACTION buffer overflows because of untrusted length parameters. CVE-2022-26490 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:cluster-md-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:dlm-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:gfs2-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:kernel-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:ocfs2-kmp-default-4.12.14-150100.197.117.1 important 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P A logic issue was addressed with improved state management. This issue is fixed in Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. An application may be able to gain elevated privileges. CVE-2022-26691 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:cups-config-2.2.7-150000.3.32.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:libcups2-2.2.7-150000.3.32.1 important 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C An issue was discovered in the Linux kernel before 5.16.12. drivers/net/usb/sr9700.c allows attackers to obtain sensitive information from heap memory via crafted frame lengths from a device. CVE-2022-26966 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:cluster-md-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:dlm-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:gfs2-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:kernel-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:ocfs2-kmp-default-4.12.14-150100.197.117.1 moderate 2.1 AV:L/AC:L/Au:N/C:P/I:N/A:N In cifs-utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could lead to local attackers gaining root privileges. CVE-2022-27239 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:cifs-utils-6.9-150100.5.15.1 moderate 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C In the Linux kernel before 5.17.1, a refcount leak bug was found in net/llc/af_llc.c. CVE-2022-28356 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:cluster-md-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:dlm-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:gfs2-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:kernel-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:ocfs2-kmp-default-4.12.14-150100.197.117.1 moderate 2.1 AV:L/AC:L/Au:N/C:N/I:N/A:P usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c in the Linux kernel through 5.17.1 has a double free. CVE-2022-28388 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:cluster-md-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:dlm-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:gfs2-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:kernel-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:ocfs2-kmp-default-4.12.14-150100.197.117.1 moderate 2.1 AV:L/AC:L/Au:N/C:N/I:N/A:P mcba_usb_start_xmit in drivers/net/can/usb/mcba_usb.c in the Linux kernel through 5.17.1 has a double free. CVE-2022-28389 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:cluster-md-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:dlm-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:gfs2-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:kernel-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:ocfs2-kmp-default-4.12.14-150100.197.117.1 moderate 2.1 AV:L/AC:L/Au:N/C:N/I:N/A:P ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free. CVE-2022-28390 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:cluster-md-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:dlm-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:gfs2-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:kernel-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:ocfs2-kmp-default-4.12.14-150100.197.117.1 moderate 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2022-28733 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:grub2-2.02-150100.123.12.2 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:grub2-i386-pc-2.02-150100.123.12.2 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:grub2-x86_64-efi-2.02-150100.123.12.2 important ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2022-28734 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:grub2-2.02-150100.123.12.2 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:grub2-i386-pc-2.02-150100.123.12.2 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:grub2-x86_64-efi-2.02-150100.123.12.2 moderate ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2022-28736 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:grub2-2.02-150100.123.12.2 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:grub2-i386-pc-2.02-150100.123.12.2 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:grub2-x86_64-efi-2.02-150100.123.12.2 important There is a buffer over-read in Ruby before 2.6.10, 2.7.x before 2.7.6, 3.x before 3.0.4, and 3.1.x before 3.1.2. It occurs in String-to-Float conversion, including Kernel#Float and String#to_f. CVE-2022-28739 moderate 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-2964. Reason: This candidate is a reservation duplicate of CVE-2022-2964. Notes: All CVE users should reference CVE-2022-2964 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. CVE-2022-28748 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:cluster-md-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:dlm-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:gfs2-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:kernel-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:ocfs2-kmp-default-4.12.14-150100.197.117.1 low In OpenLDAP 2.x before 2.5.12 and 2.6.x before 2.6.2, a SQL injection vulnerability exists in the experimental back-sql backend to slapd, via a SQL statement within an LDAP query. This can occur during an LDAP search operation when the search filter is processed, due to a lack of proper escaping. CVE-2022-29155 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:libldap-2_4-2-2.4.46-150000.9.71.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:libldap-data-2.4.46-150000.9.71.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:openldap2-client-2.4.46-150000.9.71.1 critical 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. A bug was found in runc prior to version 1.1.2 where `runc exec --cap` created processes with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling programs with inheritable file capabilities to elevate those capabilities to the permitted set during execve(2). This bug did not affect the container security sandbox as the inheritable set never contained more capabilities than were included in the container's bounding set. This bug has been fixed in runc 1.1.2. This fix changes `runc exec --cap` behavior such that the additional capabilities granted to the process being executed (as specified via `--cap` arguments) do not include inheritable capabilities. In addition, `runc spec` is changed to not set any inheritable capabilities in the created example OCI spec (`config.json`) file. CVE-2022-29162 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:runc-1.1.3-150000.30.1 low 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2's buffer functions, for example libxslt through 1.1.35, is affected as well. CVE-2022-29824 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:libxml2-2-2.9.7-150000.3.46.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions. CVE-2022-29900 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:cluster-md-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:dlm-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:gfs2-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:kernel-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:ocfs2-kmp-default-4.12.14-150100.197.117.1 moderate 2.1 AV:L/AC:L/Au:N/C:P/I:N/A:N Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions. CVE-2022-29901 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:cluster-md-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:dlm-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:gfs2-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:kernel-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:ocfs2-kmp-default-4.12.14-150100.197.117.1 moderate 1.9 AV:L/AC:M/Au:N/C:P/I:N/A:N A possible denial of service vulnerability exists in Rack <2.0.9.1, <2.1.4.1 and <2.2.3.1 in the multipart parsing component of Rack. CVE-2022-30122 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1 moderate A sequence injection vulnerability exists in Rack <2.0.9.1, <2.1.4.1 and <2.2.3.1 which could allow is a possible shell escape in the Lint and CommonLogger components of Rack. CVE-2022-30123 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1 critical The Linux kernel before 5.17.2 mishandles seccomp permissions. The PTRACE_SEIZE code path allows attackers to bypass intended restrictions on setting the PT_SUSPEND_SECCOMP flag. CVE-2022-30594 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:cluster-md-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:dlm-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:gfs2-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:kernel-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:ocfs2-kmp-default-4.12.14-150100.197.117.1 important 4.4 AV:L/AC:M/Au:N/C:P/I:P/A:P containerd is an open source container runtime. A bug was found in the containerd's CRI implementation where programs inside a container can cause the containerd daemon to consume memory without bound during invocation of the `ExecSync` API. This can cause containerd to consume all available memory on the computer, denying service to other legitimate workloads. Kubernetes and crictl can both be configured to use containerd's CRI implementation; `ExecSync` may be used when running probes or when executing processes via an "exec" facility. This bug has been fixed in containerd 1.6.6 and 1.5.13. Users should update to these versions to resolve the issue. Users unable to upgrade should ensure that only trusted images and commands are used. CVE-2022-31030 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:containerd-1.6.6-150000.73.2 moderate 2.1 AV:L/AC:L/Au:N/C:N/I:N/A:P Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742). CVE-2022-33740 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:cluster-md-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:dlm-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:gfs2-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:kernel-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:ocfs2-kmp-default-4.12.14-150100.197.117.1 moderate 3.6 AV:L/AC:L/Au:N/C:P/I:N/A:P Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742). CVE-2022-33741 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:cluster-md-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:dlm-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:gfs2-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:kernel-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:ocfs2-kmp-default-4.12.14-150100.197.117.1 moderate 3.6 AV:L/AC:L/Au:N/C:P/I:N/A:P Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742). CVE-2022-33742 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:cluster-md-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:dlm-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:gfs2-kmp-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:kernel-default-4.12.14-150100.197.117.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20220716-x86-64:ocfs2-kmp-default-4.12.14-150100.197.117.1 moderate 3.6 AV:L/AC:L/Au:N/C:P/I:N/A:P