SUSE-IU-2022:859-1 SUSE Image security@suse.de SUSE Security Team SUSE Image SUSE-IU-2022:859-1 Interim 1 1 2025-01-02T09:45:51Z current 2022-07-18T01:00:00Z 2022-07-18T01:00:00Z cve-database/bin/generate-cvrf-publiccloud.pl 2021-02-18T01:00:00Z Image update for SUSE-IU-2022:859-1 / google/sles-15-sp2-chost-byos-v20220718-x86-64 This image update for google/sles-15-sp2-chost-byos-v20220718-x86-64 contains the following changes: Package aaa_base was updated: - fix (bsc#1194883) - aaa_base: Set net.ipv4.ping_group_range to allow ICMP ping - added patches + git-40-d004657a244d75b372a107c4f6097b42ba1992d5.patch - Port change from Thu Sep 30 08:51:55 UTC 2022 forword to current version which includes a rename of patch git-13-14003c19eaa863ae9d80a0ebb9b5cab6273a5a9e.patch to git-43-14003c19eaa863ae9d80a0ebb9b5cab6273a5a9e.patch as otherwise autopatch macro does not work anymore - Include all fixes and changes for systemwide inputrc to remove the 8 bit escape sequence which interfere with UTF-8 multi byte characters as well as support the vi mode of readline library. This is done with the patches * git-41-f00ca2600331602241954533a1b1610d1da57edf.patch * git-42-f39a8d18719c3b34373e0e36098f0f404121b5c5.patch before the changed patch git-13-14003c19eaa863ae9d80a0ebb9b5cab6273a5a9e.patch rename it to git-43-14003c19eaa863ae9d80a0ebb9b5cab6273a5a9e.patch and also add the patches * git-44-425f3e9b44ba9ead865d70ff6690d5f2869442dc.patch * git-45-bf0a31597d0ed3562bfc5e6be0ade2fe5dc1f7a1.patch Package augeas was updated: - add augeas-sysctl_parsing.patch (bsc#1197443) * backport original patch and rebase - support new chrony 4.1 options (jsc#SLE-17334) augeas-new_options_for_chrony.patch Package avahi was updated: - Downgrade python3-Twisted to a Recommends. It is not available on SLED or PackageHub, and it is only needed by avahi-bookmarks (bsc#1196282). - Add avahi-bookmarks-import-warning.patch: fix warning when twisted is not available. - Replace avahi-0.6.31-systemd-order.patch with avahi-add-resolv-conf-to-inotify.patch: re-read configuration when resolv.conf changes, per discussion on the bug (boo#1194561). - Have python3-avahi require python3-dbus-python, not the python 2 dbus-1-python package (bsc#1195614). - Reinstate avahi-0.6.31-systemd-order.patch (boo#1194561). This can probably go away if/when gh#lathiat/avahi#118 is fixed. - Drop avahi-0.6.32-suppress-resolv-conf-warning.patch: we should no longer need this given the above patch. - Move sftp-ssh and ssh services to the doc directory. They allow a host's up/down status to be easily discovered and should not be enabled by default (boo#1179060). Package bind was updated: - When using forwarders, bogus NS records supplied by, or via, those forwarders may be cached and used by named if it needs to recurse for any reason, causing it to obtain and pass on potentially incorrect answers. [CVE-2021-25220, bsc#1197135, bind-9.16.27-0001-CVE-2021-25220.patch] Package cifs-utils was updated: - CVE-2022-27239: mount.cifs: fix length check for ip option parsing; (bsc#1197216) (bso#15025); CVE-2022-27239. * add 0016-CVE-2022-27239-mount.cifs-fix-length-check-for-ip-op.patch Package containerd was updated: - Update to containerd v1.6.6 to fix CVE-2022-31030 and meet the requirements of Docker v20.10.17-ce. bsc#1200145 - Remove upstreamed patches: - bsc1200145-Limit-the-response-size-of-ExecSync.patch [ This patch was only released in SLES and Leap. ] - Backport patch to fix GHSA-5ffw-gxpp-mxpf CVE-2022-31030. bsc#1200145 + bsc1200145-Limit-the-response-size-of-ExecSync.patch - Update to containerd v1.5.12. Upstream release notes: &lt;https://github.com/containerd/containerd/releases/tag/v1.5.12&gt; - Update to containerd v1.5.11 to fix CVE-2022-24769. bsc#1197517 - Update to containerd v1.4.13 to fix CVE-2022-23648. bsc#1196441 - Remove upstreamed patch: - CVE-2022-23648.patch [ This patch was only released in SLES and Leap. ] - Add patch for CVE-2022-23648. bsc#1196441 + CVE-2022-23648.patch - Update to containerd v1.4.12 for Docker 20.10.11-ce. bsc#1192814 bsc#1193273 CVE-2021-41190 - Update to containerd v1.4.11, to fix CVE-2021-41103. bsc#1191355 - Switch to Go 1.16.x compiler, in line with upstream. Package coreutils was updated: - coreutils-df-fuse-portal-dummy.patch: df: Add &quot;/fuse.portal&quot;/ as a dummy file system (used in flatpak implementations). (bsc#1189152) Package cups was updated: - cups-2.2.7-CVE-2022-26691.patch fixes CVE-2022-26691 cups: authentication bypass and code execution (bsc#1199474) - SUSE_bsc_1189517.patch is https://github.com/apple/cups/commit/821b3cc956d46b811facd50986acc9f24f0e1c79 which belongs to https://github.com/apple/cups/issues/5288 that fixes bsc#1189517 &quot;/cups printservice takes much longer than before with a big number of printers&quot;/ see in particular https://github.com/apple/cups/issues/5288#issuecomment-921626381 - SUSE_bsc_1195115.patch is https://github.com/apple/cups/commit/ba9d68cc7467a7a47ef219071902b9e9eb6dbc44 which belongs to https://github.com/apple/cups/issues/5538 that fixes bsc#1195115 &quot;/CUPS PreserveJobHistory doesn't work with seconds&quot;/ Package curl was updated: - Security fix: [bsc#1200735, CVE-2022-32206] * HTTP compression denial of service * Add curl-CVE-2022-32206.patch - Security fix: [bsc#1200737, CVE-2022-32208] * FTP-KRB bad message verification * Add curl-CVE-2022-32208.patch - Securiy fix: [bsc#1199223, CVE-2022-27781] * CERTINFO never-ending busy-loop * Add curl-CVE-2022-27781.patch - Securiy fix: [bsc#1199224, CVE-2022-27782] * TLS and SSH connection too eager reuse * Add curl-CVE-2022-27782.patch - Security fix: [bsc#1198766, CVE-2022-27776] * Auth/cookie leak on redirect * Add backported curl-CVE-2022-27776.patch - Security fix: [bsc#1198723, CVE-2022-27775] * Bad local IPv6 connection reuse * Add backported curl-CVE-2022-27775.patch - Security fix: [bsc#1198614, CVE-2022-22576] * OAUTH2 bearer bypass in connection re-use * Add backported curl-CVE-2022-22576.patch Package cyrus-sasl was updated: - CVE-2022-24407: cyrus-sasl: SQL injection in sql_auxprop_store in plugins/sql.c (bsc#1196036) o add upstream patch: 0001-CVE-2022-24407-Escape-password-for-SQL-insert-update.patch Package docker was updated: - Update to Docker 20.10.17-ce. See upstream changelog online at &lt;https://docs.docker.com/engine/release-notes/#201017&gt;. bsc#1200145 - Rebase patches: * 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch * 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch * 0003-PRIVATE-REGISTRY-add-private-registry-mirror-support.patch * 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch * 0005-bsc1183855-btrfs-Do-not-disable-quota-on-cleanup.patch * 0006-bsc1193930-vendor-update-golang.org-x-crypto.patch - Add patch to update golang.org/x/crypto for CVE-2021-43565 and CVE-2022-27191. bsc#1193930 bsc#1197284 * 0006-bsc1193930-vendor-update-golang.org-x-crypto.patch - Rebase patches: * 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch * 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch * 0003-PRIVATE-REGISTRY-add-private-registry-mirror-support.patch * 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch * 0005-bsc1183855-btrfs-Do-not-disable-quota-on-cleanup.patch - Update to Docker 20.10.14-ce. See upstream changelog online at &lt;https://docs.docker.com/engine/release-notes/#201014&gt;. bsc#1197517 CVE-2022-24769 - Update to Docker 20.10.12-ce. See upstream changelog online at &lt;https://docs.docker.com/engine/release-notes/#201012&gt;. - Remove CHANGELOG.md. It hasn't been maintained since 2017, and all of the changelogs are currently only available online. - Update to Docker 20.10.11-ce. See upstream changelog online at &lt;https://docs.docker.com/engine/release-notes/#201011&gt;. bsc#1192814 bsc#1193273 CVE-2021-41190 - Rebase patches: * 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch * 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch * 0003-PRIVATE-REGISTRY-add-private-registry-mirror-support.patch * 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch * 0005-bsc1183855-btrfs-Do-not-disable-quota-on-cleanup.patch - Remove upstreamed patches: - 0006-bsc1190670-seccomp-add-support-for-clone3-syscall-in.patch - Update to Docker 20.10.9-ce. See upstream changelog online at &lt;https://docs.docker.com/engine/release-notes/#20109&gt;. bsc#1191355 CVE-2021-41089 bsc#1191015 CVE-2021-41091 bsc#1191434 CVE-2021-41092 bsc#1191334 CVE-2021-41103 bsc#1191121 - Update to Docker 20.10.6-ce. See upstream changelog online at &lt;https://docs.docker.com/engine/release-notes/#20106&gt;. bsc#1184768 - Update to Docker 20.10.5-ce. See upstream changelog online at &lt;https://docs.docker.com/engine/release-notes/#20105&gt;. bsc#1182947 Package dracut was updated: - Update to version 049.1+suse.234.g902e489c: * fix(dracut-install): copy files preserving ownership attributes (bsc#1197967) - Update to version 049.1+suse.232.g2ccee559: * fix(dracut-systemd): do not require vconsole-setup.service (bsc#1195508) * fix(dracut-functions.sh): ip route parsing (bsc#1195011) - Update to version 049.1+suse.228.g07676562: * fix(network): consistent use of &quot;/$gw&quot;/ for gateway (bsc#1192685) * fix(install): handle builtin modules (bsc#1194716) Package e2fsprogs was updated: - libext2fs-add-sanity-check-to-extent-manipulation.patch: libext2fs: add sanity check to extent manipulation (bsc#1198446 CVE-2022-1304) - libss-add-newer-libreadline.so.7-to-dlopen-path.patch: libss: Add support for libreadline.so.7 for Leap 15.3 (bsc#1196939) Package expat was updated: - Security fixes: * (CVE-2022-25236, bsc#1196784) [&gt;=2.4.5] Fix to CVE-2022-25236 breaks biboumi, ClairMeta, jxmlease, libwbxml, openleadr-python, rnv, xmltodict - Added expat-CVE-2022-25236-relax-fix.patch - Security fixes: * (CVE-2022-25236, bsc#1196025) Expat before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs - Added expat-CVE-2022-25236.patch * (CVE-2022-25235, bsc#1196026) xmltok_impl.c in Expat before 2.4.5 does not check whether a UTF-8 character is valid in a certain context. - Added expat-CVE-2022-25235.patch * (CVE-2022-25313, bsc#1196168) Stack exhaustion in build_model() via uncontrolled recursion - Added expat-CVE-2022-25313.patch - The fix upstream introduced a regression that was later amended in 2.4.6 version + Added expat-CVE-2022-25313-fix-regression.patch * (CVE-2022-25314, bsc#1196169) Integer overflow in copyString - Added expat-CVE-2022-25314.patch * (CVE-2022-25315, bsc#1196171) Integer overflow in storeRawNames - Added expat-CVE-2022-25315.patch - Security fix (CVE-2022-23852, bsc#1195054) * Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES * Add tests for CVE-2022-23852. * Added expat-CVE-2022-23852.patch - Security fix (CVE-2022-23990, bsc#1195217) * Fix unsigned integer overflow in function doProlog triggered by large content in element type declarations when there is an element declaration handler present (from a prior call to XML_SetElementDeclHandler). * Add expat-CVE-2022-23990.patch * Added expat-CVE-2022-22827.patch Package filesystem was updated: Package gcc11 was updated: - Update to the GCC 11.3.0 release. * includes SLS hardening backport on x86_64. [bsc#1195283] - Update to gcc-11 branch head (691af15031e00227ba6d5935c), git1635 * includes gcc11-pr104931.patch * includes fix for Firefox ICE [gcc#105256] - Add provides/conflicts to glibc crosses since only one GCC version for the same target can be installed at the same time. - Add provides/conflicts to libgccjit. - Update to gcc-11 branch head (6a1150d1524aeda3381b21717), git1406 * includes change to adjust gnats idea of the target, fixing the build of gprbuild. [bsc#1196861] - Add gcc11-pr104931.patch to fix miscompile of embedded premake in 0ad on i586. [bsc#1197065] - drop armv5tel, merge arm and armv6hl - use --with-cpu rather than specifying --with-arch/--with-tune - Add a list of Obsoletes to libstdc++6-pp-gcc11 so updates from packages provided by older GCC work. Add a requires from that package to the corresponding libstc++6 package to keep those at the same version. [bsc#1196107] - Add gcc11-PIE, similar to gcc-PIE but affecting gcc11 [bsc#1195628] - Put libstdc++6-pp Requires on the shared library and drop to Recoomends. - Remove sys/rseq.h from include-fixed - Update to gcc-11 branch head (d4a1d3c4b377f1d4acb), git1173 * Fix D memory corruption in -M output. * Fix ICE in is_this_parameter with coroutines. [boo#1193659] - Enable the cross compilers also on i586 - Enable some cross compilers also in rings - Remove cross compilers for i386 target - Update to gcc-11 branch head (7510c23c1ec53aa4a62705f03), git1018 * fixes issue with debug dumping together with -o /dev/null * fixes libgccjit issue showing up in emacs build [boo#1192951] - Package mwaitintrin.h - Remove spurious exit from change_spec. - Enable the full cross compiler, cross-aarch64-gcc11 and cross-riscv64-gcc11 now provide a fully hosted C (and C++) cross compiler, not just a freestanding one. I.e. with a cross glibc. They don't yet support the sanitizer libraries. Part of [jsc#OBS-124]. Package glib2 was updated: - Add glib2-CVE-2021-28153.patch: fix CREATE_REPLACE_DESTINATION with symlinks (boo#1183533 glgo#GNOME/glib#2325 CVE-2021-28153). Package glibc was updated: - pthread-rwlock-trylock-stalls.patch: nptl: Fix pthread_rwlock_try*lock stalls (bsc#1195560, BZ #23844) - clnt-create-unix-overflow.patch: Buffer overflow in sunrpc clnt_create for &quot;/unix&quot;/ (CVE-2022-23219, bsc#1194768, BZ #22542) - svcunix-create-overflow.patch: Buffer overflow in sunrpc svcunix_create (CVE-2022-23218, bsc#1194770, BZ #28768) - getcwd-erange.patch: getcwd: Set errno to ERANGE for size == 1 (CVE-2021-3999, bsc#1194640, BZ #28769) - pop-fail-stack.patch: Assertion failure in pop_fail_stack when executing a malformed regexp (CVE-2015-8985, bsc#1193625, BZ #21163) Package gnutls was updated: - Security fix: [bsc#1196167, CVE-2021-4209] * Null pointer dereference in MD_UPDATE * Add gnutls-CVE-2021-4209.patch Package google-guest-agent was updated: - Update to version 20220204.00 (bsc#1195437, bsc#1195438) * remove han from owners (#154) * Remove extra slash from metadata URL. (#151) - from version 20220104.00 * List IPv6 routes (#150) - from version 20211228.00 * add add or remove route integration test, utils (#147) - from version 20211214.00 * add malformed ssh key unit test (#142) - Update to version 20211116.00 (bsc#1193257, bsc#1193258) * dont duplicate logs (#146) * Add WantedBy network dependencies to google-guest-agent service (#136) * dont try dhcpv6 when not needed (#145) * Integration tests: instance setup (#143) * Integration test: test create and remove google user (#128) * handle comm errors in script runner (#140) * enforce script ordering (#138) * enable ipv6 on secondary interfaces (#133) - from version 20211103.00 * Integration tests: instance setup (#143) - from version 20211027.00 * Integration test: test create and remove google user (#128) - Update to version 20211019.00 * handle comm errors in script runner (#140) - from version 20211015.00 * enforce script ordering (#138) - from version 20211014.00 * enable ipv6 on secondary interfaces (#133) - from version 20211013.00 * dont open ssh tempfile exclusively (#137) - from version 20211011.00 * correct linux startup script order (#135) * Emit sshable attribute (#123) - from version 20210908.1 * restore line (#127) - from version 20210908.00 * New integ test (#124) - from version 20210901.00 * support enable-oslogin-sk key (#120) * match script logging to guest agent (#125) - from version 20210804.00 * Debug logging (#122) - Refresh patches for new version * dont_overwrite_ifcfg.patch - Build with go1.15 for reproducible build results (boo#1102408) - Update to version 20210707.00 * Use IP address for calling the metadata server. (#116) - from version 20210629.00 * use IP for MDS (#115) - Update to version 20210603.00 * systemd-notify in agentInit (#113) * dont check status (#112) - from version 20210524.00 * more granular service restarts (#111) - from version 20210414.00 * (no functional changes) Package google-guest-configs was updated: - Update to version 20220211.00 (bsc#1195437, bsc#1195438) * Set NVMe-PD IO timeout to 4294967295. (#32) - Add missing pkg-config dependency to BuildRequires for SLE-12 - Install modprobe configuration files into /etc again on SLE-15-SP2 and older since that's stil the default location on these distributions - Probe udev directory using the &quot;/udevdir&quot;/ pkg-config variable on SLE-15-SP2 and older since the variable got renamed to &quot;/udev_dir&quot;/ in later versions - Remove redundant pkgconfig(udev) from BuildRequires for SLE-12 - Update to version 20211116.00 (bsc#1193257, bsc#1193258) * GCE supports up to 24 NVMe local SSDs, but the regex in the PROGRAM field only looks for the last digit of the given string causing issues when there are &gt;= 10 local SSDs. Changed REGEX to get the last number of the string instead to support the up to 24 local SSDs. (#30) * chmod+x google_nvme_id on EL (#31) - Fix duplicate installation of google_optimize_local_ssd and google_set_multiqueue - Install google_nvme_id into /usr/lib/udev (bsc#1192652, bsc#1192653) - Update to version 20210916.00 * Revert &quot;/dont set IP in etc/hosts; remove rsyslog (#26)&quot;/ (#28) - from version 20210831.00 * restore rsyslog (#27) - from version 20210830.00 * Fix NVMe partition names (#25) - from version 20210824.00 * dont set IP in etc/hosts; remove rsyslog (#26) * update OWNERS - Use %_modprobedir for modprobe.d files (out of /etc) - Use %_sysctldir for sysctl.d files (out of /etc) - Update to version 20210702.00 * use grep for hostname check (#23) - from version 20210629.00 * address set_hostname vuln (#22) - from version 20210324.00 * dracut.conf wants spaces around values (#19) Package google-guest-oslogin was updated: - Update to version 20220205.00 (bsc#1195437, bsc#1195438) * Fix build for EL9. (#82) - from version 20211213.00 * Reauth error (#81) - Rename Source0 field to Source - Update URL in Source field to point to upstream tarball - Update to version 20211013.00 (bsc#1193257, bsc#1193258) * remove deprecated binary (#79) - from version 20211001.00 * no message if no groups (#78) - from version 20210907.00 * use sigaction for signals (#76) - from version 20210906.00 * include cstdlib for exit (#75) * catch SIGPIPE in authorized_keys (#73) - from version 20210805.00 * fix double free in ParseJsonToKey (#70) - from version 20210804.00 * fix packaging for authorized_keys_sk (#68) * add authorized_keys_sk (#66) - Add google_authorized_keys_sk to %files section - Remove google_oslogin_control from %files section Package google-osconfig-agent was updated: - Update to version 20220209.00 (bsc#1195437, bsc#1195438) * Update licences, remove deprecated centos-8 tests (#414) - Update to version 20220204.00 * Add DisableLocalLogging option (#413) - from version 20220107.00 * OS assignment example: Copy file from bucket - Update to version 20211117.00 (bsc#1193257, bsc#1193258) * Add retry logic for RegisterAgent (#404) - from version 20211111.01 * e2e_test: drop ubuntu 1604 image as its EOL (#403) - from version 20211111.00 * e2e_test: move to V1 api for OSPolicies (#397) - from version 20211102.00 * Fix context logging and fix label names (#400) - from version 20211028.00 * Add cloudops example for gcloud (#399) - Update to version 20211021.00 * Added patch report logging for Zypper. (#395) - from version 20211012.00 * Replace deprecated instance filters with the new filters (#394) - from version 20211006.00 * Added patch report log messages for Yum and Apt (#392) - from version 20210930.00 * Config: Add package info caching (#391) - from version 20210928.00 * Fixed the runWithPty function to set ctty to child's filedesc (#389) - from version 20210927.00 * e2e_tests: fix a test output mismatch (#390) - from version 20210924.00 * Fix some e2e test failures (#388) - from version 20210923.02 * Correctly check for folder existance in package upgrade (#387) - from version 20210923.01 * ReportInventory: Fix bug in deb/rpm inventory, reduce calls to append (#386) - from version 20210923.00 * Deprecate old config directory in favor of new cache directory (#385) - from version 20210922.02 * Fix rpm/deb package formating for inventory reporting (#384) - from version 20210922.01 * Add centos stream rocky linux and available package tests (#383) - from version 20210922.00 * Add more info logs, actually cleanup unmanaged repos (#382) - from version 20210901.00 * Add E2E tests for Windows Application (#379) * Return lower-case package name (#377) * Update Terraform scripts for multi-project deployments tutorial. (#378) - from version 20210811.00 * Support Windows Application Inventory (#371) - from version 20210723.00 * Send basic inventory with RegisterAgent (#373) - from version 20210722.1 * e2e_tests: move to manually generated osconfig library (#372) - from version 20210722.00 * Create OWNERS file for examples directory (#368) - from version 20210719.00 * Update Zypper patch info parsing (#370) - Build with go1.15 for reproducible build results (boo#1102408) - Update to version 20210712.1 * Skip getting patch info when no patches are found. (#369) - from version 20210712.00 * Add Terraform scripts for multi-project deployments (#367) - from version 20210709.00 * Add examples/Terraform directory. (#366) - from version 20210707.00 * Fix bug in printing packages to update, return error for zypper patch (#365) - from version 20210629.00 * Add CloudOps examples for CentOS (#364) - Update to version 20210621.00 * chore: Fixing a comment. (#363) - from version 20210617.00 * Use exec.CommandContext so that canceling the context also kills any running processes (#362) - from version 20210608.1 * e2e_tests: point to official osconfig client library (#359) - from version 20210608.00 * e2e_tests: deflake tests (#358) - from version 20210607.00 * Fix build on some architectures (#357) - from version 20210603.00 * Create win-validation-powershell.yaml (#356) - from version 20210602.00 * Agent efficiency improvements/bugfixes/logging updates (#355) * e2e_tests: add tests for ExecResource output (#354) - from version 20210525.00 * Run fieldalignment on all structs (#353) - from version 20210521.00 * Config Task: add error message and ExecResource output recording (#350) * e2e_tests: remove Windows server 1909 and add server 20h2 (#352) * Added a method for logging structured data (#349) Package grep was updated: Package grub2 was updated: - Security fixes and hardenings for boothole 3 / boothole 2022 (bsc#1198581) * 0001-video-Remove-trailing-whitespaces.patch * 0002-video-readers-jpeg-Test-for-an-invalid-next-marker-r.patch * 0003-video-readers-jpeg-Catch-files-with-unsupported-quan.patch * 0004-video-readers-jpeg-Catch-OOB-reads-writes-in-grub_jp.patch * 0005-video-readers-jpeg-Don-t-decode-data-before-start-of.patch * 0006-misc-Format-string-for-grub_error-should-be-a-litera.patch * 0007-loader-efi-chainloader-Simplify-the-loader-state.patch * 0008-commands-boot-Add-API-to-pass-context-to-loader.patch - Fix CVE-2022-28736 (bsc#1198496) * 0009-loader-efi-chainloader-Use-grub_loader_set_ex.patch - Fix CVE-2022-28735 (bsc#1198495) * 0010-kern-efi-sb-Reject-non-kernel-files-in-the-shim_lock.patch * 0011-kern-file-Do-not-leak-device_name-on-error-in-grub_f.patch * 0012-video-readers-png-Abort-sooner-if-a-read-operation-f.patch * 0013-video-readers-png-Refuse-to-handle-multiple-image-he.patch - Fix CVE-2021-3695 (bsc#1191184) * 0014-video-readers-png-Drop-greyscale-support-to-fix-heap.patch - Fix CVE-2021-3696 (bsc#1191185) * 0015-video-readers-png-Avoid-heap-OOB-R-W-inserting-huff-.patch * 0016-video-readers-png-Sanity-check-some-huffman-codes.patch * 0017-video-readers-jpeg-Abort-sooner-if-a-read-operation-.patch * 0018-video-readers-jpeg-Do-not-reallocate-a-given-huff-ta.patch * 0019-video-readers-jpeg-Refuse-to-handle-multiple-start-o.patch - Fix CVE-2021-3697 (bsc#1191186) * 0020-video-readers-jpeg-Block-int-underflow-wild-pointer-.patch * 0021-normal-charset-Fix-array-out-of-bounds-formatting-un.patch - Fix CVE-2022-28733 (bsc#1198460) * 0022-net-ip-Do-IP-fragment-maths-safely.patch * 0023-net-netbuff-Block-overly-large-netbuff-allocs.patch * 0024-net-dns-Fix-double-free-addresses-on-corrupt-DNS-res.patch * 0025-net-dns-Don-t-read-past-the-end-of-the-string-we-re-.patch * 0026-net-tftp-Prevent-a-UAF-and-double-free-from-a-failed.patch * 0027-net-tftp-Avoid-a-trivial-UAF.patch * 0028-net-http-Do-not-tear-down-socket-if-it-s-already-bee.patch - Fix CVE-2022-28734 (bsc#1198493) * 0029-net-http-Fix-OOB-write-for-split-http-headers.patch - Fix CVE-2022-28734 (bsc#1198493) * 0030-net-http-Error-out-on-headers-with-LF-without-CR.patch * 0031-fs-f2fs-Do-not-read-past-the-end-of-nat-journal-entr.patch * 0032-fs-f2fs-Do-not-read-past-the-end-of-nat-bitmap.patch * 0033-fs-f2fs-Do-not-copy-file-names-that-are-too-long.patch * 0034-fs-btrfs-Fix-several-fuzz-issues-with-invalid-dir-it.patch * 0035-fs-btrfs-Fix-more-ASAN-and-SEGV-issues-found-with-fu.patch * 0036-fs-btrfs-Fix-more-fuzz-issues-related-to-chunks.patch * 0037-Use-grub_loader_set_ex-for-secureboot-chainloader.patch - Update SBAT security contact (boo#1193282) - Bump grub's SBAT generation to 2 - Use boot disks in OpenFirmware, fixing regression caused by 0001-ieee1275-implement-FCP-methods-for-WWPN-and-LUNs.patch, when the root LV is completely in the boot LUN (bsc#1197948) * 0001-ofdisk-improve-boot-time-by-lookup-boot-disk-first.patch - Fix grub-install error when efi system partition is created as mdadm software raid1 device (bsc#1179981) (bsc#1195204) * 0001-install-fix-software-raid1-on-esp.patch - Fix error in grub-install when linux root device is on lvm thin volume (bsc#1192622) (bsc#1191974) * 0001-grub-install-bailout-root-device-probing.patch - Fix error not a btrfs filesystem on s390x (bsc#1187645) * 80_suse_btrfs_snapshot - Add support for simplefb (boo#1193532). * grub2-simplefb.patch Package gzip was updated: - Add support to zstd in zgrep, fixes bsc#1198922 * xz_lzma.patch -&gt; xz_lzma_zstd.patch - Fix escaping of malicious filenames (CVE-2022-1271 bsc#1198062) * bsc1198062.patch * bsc1198062-2.patch Package kernel-default was updated: - x86/kexec: Disable RET on kexec (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit 307fbca - x86/bugs: Do not enable IBPB-on-entry when IBPB is not supported (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit 1765272 - x86/cpu/amd: Enumerate BTC_NO (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit d929744 - x86/common: Stamp out the stepping madness (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit 2c755e4 - KVM: VMX: Prevent RSB underflow before vmenter (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit 9a79f2f - x86/speculation: Fill RSB on vmexit for IBRS (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit 0b69b8a - KVM: VMX: Fix IBRS handling after vmexit (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit 07ac9e9 - KVM: VMX: Prevent guest RSB poisoning attacks with eIBRS (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit 1e6246d - KVM: VMX: Convert launched argument to flags (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit c6cb889 - KVM: VMX: Flatten __vmx_vcpu_run() (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit 7be7aa8 - KVM/nVMX: Use __vmx_vcpu_run in nested_vmx_check_vmentry_hw (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit fa67a49 - x86/speculation: Remove x86_spec_ctrl_mask (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit 65ae6ff - x86/speculation: Use cached host SPEC_CTRL value for guest entry/exit (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit f9804f2 - x86/speculation: Fix SPEC_CTRL write on SMT state change (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit 5f2a343 - x86/speculation: Fix firmware entry SPEC_CTRL handling (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit f2239f3 - x86/cpu/amd: Add Spectral Chicken (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit 947cd5f - x86/bugs: Do IBPB fallback check only once (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit 1a61b75 - x86/bugs: Add retbleed=ibpb (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit 0cc24ff - x86/xen: Rename SYS* entry points (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit 006e283 - intel_idle: Disable IBRS during long idle (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit be76ad2 - x86/bugs: Report Intel retbleed vulnerability (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit f305bb6 - x86/bugs: Split spectre_v2_select_mitigation() and spectre_v2_user_select_mitigation() (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit ea9c198 - x86/speculation: Add spectre_v2=ibrs option to support Kernel IBRS (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit f446cce - x86/bugs: Optimize SPEC_CTRL MSR writes (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit c6d4bce - x86/entry: Add kernel IBRS implementation (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit 177b58c - x86/bugs: Keep a per-CPU IA32_SPEC_CTRL value (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit 09deb3c - x86/bugs: Enable STIBP for JMP2RET (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit f81a4dd - x86/bugs: Add AMD retbleed= boot parameter (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - Update config files. - commit d01bb91 - x86/bugs: Report AMD retbleed vulnerability (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit 0f3415d - x86: Add magic AMD return-thunk (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit c07f56b - x86: Use return-thunk in asm code (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit ca39a43 - x86/sev: Avoid using __x86_return_thunk (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit 10587ca - x86/vsyscall_emu/64: Don't use RET in vsyscall emulation (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit 5767b0f - x86/kvm: Fix SETcc emulation for return thunks (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit 720497e - x86/bpf: Use alternative RET encoding (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit 2b357b7 - x86: Undo return-thunk damage (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit 83262bf - x86/retpoline: Use -mfunction-return (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit 15c2b41 - x86/cpufeatures: Move RETPOLINE flags to word 11 (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit 115e0f2 - crypto: x86/poly1305 - Fixup SLS (bsc#1201050 CVE-2021-26341). - commit 2d201f6 - x86: Add straight-line-speculation mitigation (bsc#1201050 CVE-2021-26341). - Update config files. - Refresh patches.suse/x86-speculation-rename-retpoline_amd-to-retpoline_lfence.patch. - commit 928abdb - x86: Prepare inline-asm for straight-line-speculation (bsc#1201050 CVE-2021-26341). - commit 5a87fe7 - x86: Prepare asm files for straight-line-speculation (bsc#1201050 CVE-2021-26341). - commit cbb5495 - x86/lib/atomic64_386_32: Rename things (bsc#1201050 CVE-2021-26341). - commit 2201ded - x86: Use -mindirect-branch-cs-prefix for RETPOLINE builds (bsc#1201050 CVE-2021-26341). - commit beba436 - bcache: avoid unnecessary soft lockup in kworker update_writeback_rate() (bsc#1197362). - commit 23f1946 - sctp: handle kABI change in struct sctp_endpoint (CVE-2022-20154 bsc#1200599). - commit b1e8eec - sctp: use call_rcu to free endpoint (CVE-2022-20154 bsc#1200599). - commit 44ec44b - vmxnet3: fix minimum vectors alloc issue (bsc#1199489). - commit e96d754 - blk-mq: clear active_queues before clearing BLK_MQ_F_TAG_QUEUE_SHARED (bsc#1200263). - commit d497e61 - rpm/check-for-config-changes: ignore GCC12/CC_NO_ARRAY_BOUNDS Upstream commit f0be87c42cbd (gcc-12: disable '-Warray-bounds' universally for now) added two new compiler-dependent configs: * CC_NO_ARRAY_BOUNDS * GCC12_NO_ARRAY_BOUNDS Ignore them -- they are unset by dummy tools (they depend on gcc version == 12), but set as needed during real compilation. - commit a14607c - ath9k: fix use-after-free in ath9k_hif_usb_rx_cb (CVE-2022-1679 bsc#1199487). - commit 1ae14c9 - Update patches.suse/pNFS-flexfiles-fix-incorrect-size-check-in-decode_nf.patch (git-fixes CVE-2021-4157 bnc#1194013). - commit fccebe3 - exec: Force single empty string when argv is empty (bsc#1200571). - commit dffa04e - HID: add USB_HID dependancy to hid-prodikeys (CVE-2022-20132 bsc#1200619). - HID: add USB_HID dependancy to hid-chicony (CVE-2022-20132 bsc#1200619). - HID: bigbenff: prevent null pointer dereference (CVE-2022-20132 bsc#1200619). - HID: add USB_HID dependancy on some USB HID drivers (CVE-2022-20132 bsc#1200619). - commit f2f08be - HID: holtek: fix mouse probing (CVE-2022-20132 bsc#1200619). - commit f8ff78e - HID: check for valid USB device for many HID drivers (CVE-2022-20132 bsc#1200619). - HID: add hid_is_usb() function to make it simpler for USB detection (CVE-2022-20132 bsc#1200619). - commit 3fe30db - igmp: Add ip_mc_list lock in ip_check_mc_rcu (bsc#1200604 CVE-2022-20141). - commit 34bf464 - kernel-binary.spec: check s390x vmlinux location As a side effect of mainline commit edd4a8667355 (&quot;/s390/boot: get rid of startup archive&quot;/), vmlinux on s390x moved from &quot;/compressed&quot;/ subdirectory directly into arch/s390/boot. As the specfile is shared among branches, check both locations and let objcopy use one that exists. - commit cd15543 - Add missing recommends of kernel-install-tools to kernel-source-vanilla (bsc#1200442) - commit 93b1375 - blk-mq: Fix wrong wakeup batch configuration which will cause hang (bsc#1200263). - commit 94fe3d6 - blk-mq: fix tag_get wait task can't be awakened (bsc#1200263). - commit 6b5ea17 - floppy: disable FDRAWCMD by default (bsc#1198866 CVE-2022-1836). - Update config files. - commit f9d0532 - add mainline tag for a pci-hyperv change - commit 32deed8 - netfilter: nf_tables: disallow non-stateful expression in sets earlier (CVE-2022-1966 bsc#1200015). - commit 41de480 - btrfs: tree-checker: fix incorrect printk format (bsc#1200249). - commit 9d94c81 - NFC: netlink: fix sleep in atomic bug when firmware download timeout (CVE-2022-1975 bsc#1200143). - commit bcae1e0 - nfc: replace improper check device_is_registered() in netlink related functions (CVE-2022-1974 bsc#1200144). - Refresh patches.suse/NFC-SUSE-specific-brutal-fix-for-runtime-PM.patch. - commit 8ab4a08 - certs: Add EFI_CERT_X509_GUID support for dbx entries (bsc#1177282 CVE-2020-26541). - Update config files. - commit 6bf28b7 - Refresh patches.suse/lockdown-also-lock-down-previous-kgdb-use.patch. In this case, we can not simply use __GENKSYMS__ to wrap new LOCKDOWN_DBG_WRITE/READ_KERNEL fields in enum lockdown_reason struct. So let's remove __GENKSYMS__ and add a kabi workaround patch. (bsc#1199426 CVE-2022-21499) - commit 88eddb5 - lockdown: kABI workaround for lockdown_reason changes (bsc#1199426, CVE-2022-21499). - commit fe7a29a - btrfs: extent-tree: kill the BUG_ON() in insert_inline_extent_backref() (CVE-2019-19377 bsc#1158266). - commit 31a8792 - btrfs: extent-tree: kill BUG_ON() in __btrfs_free_extent() (CVE-2019-19377 bsc#1158266). - commit 75b17c1 - sched/rt: Disable RT_RUNTIME_SHARE by default (bnc#1197895). - commit b949091 - KVM: x86/speculation: Disable Fill buffer clear within guests (bsc#1199650 CVE-2022-21166 CVE-2022-21127 CVE-2022-21123 CVE-2022-21125 CVE-2022-21180). - commit 5a5e587 - lockdown: also lock down previous kgdb use (bsc#1199426 CVE-2022-21499). - commit 090b59e - kernel-binary.spec: Support radio selection for debuginfo. To disable debuginfo on 5.18 kernel a radio selection needs to be switched to a different selection. This requires disabling the currently active option and selecting NONE as debuginfo type. - commit 43b5dd3 - perf: Fix sys_perf_event_open() race against self (CVE-2022-1729, bsc#1199507). - commit feaf8f1 - x86/speculation/mmio: Reuse SRBDS mitigation for SBDS (bsc#1199650 CVE-2022-21166 CVE-2022-21127 CVE-2022-21123 CVE-2022-21125 CVE-2022-21180). - commit 26884d9 - ext4: avoid cycles in directory h-tree (bsc#1198577 CVE-2022-1184). - commit b98a7a0 - ext4: verify dir block before splitting it (bsc#1198577 CVE-2022-1184). - commit 1b10a51 - x86/speculation/srbds: Update SRBDS mitigation selection (bsc#1199650 CVE-2022-21166 CVE-2022-21127 CVE-2022-21123 CVE-2022-21125 CVE-2022-21180). - commit d537aef - x86/speculation/mmio: Add sysfs reporting for Processor MMIO Stale Data (bsc#1199650 CVE-2022-21166 CVE-2022-21127 CVE-2022-21123 CVE-2022-21125 CVE-2022-21180). - commit b3703f5 - x86/speculation/mmio: Enable CPU Fill buffer clearing on idle (bsc#1199650 CVE-2022-21166 CVE-2022-21127 CVE-2022-21123 CVE-2022-21125 CVE-2022-21180). - commit 66ff392 - x86/bugs: Group MDS, TAA &amp; Processor MMIO Stale Data mitigations (bsc#1199650 CVE-2022-21166 CVE-2022-21127 CVE-2022-21123 CVE-2022-21125 CVE-2022-21180). - commit 155be7c - x86/speculation/mmio: Add mitigation for Processor MMIO Stale Data (bsc#1199650 CVE-2022-21166 CVE-2022-21127 CVE-2022-21123 CVE-2022-21125 CVE-2022-21180). - commit f3a7e3f - x86/speculation: Add a common function for MD_CLEAR mitigation update (bsc#1199650 CVE-2022-21166 CVE-2022-21127 CVE-2022-21123 CVE-2022-21125 CVE-2022-21180). - commit a863a71 - x86/speculation/mmio: Enumerate Processor MMIO Stale Data bug (bsc#1199650 CVE-2022-21166 CVE-2022-21127 CVE-2022-21123 CVE-2022-21125 CVE-2022-21180). - commit 70a86e2 - ping: fix the sk_bound_dev_if match in ping_lookup (bsc#1199918). - commit 6a58950 - kABI: Fix kABI after CVE-2022-0171 backport (CVE-2022-0171 bsc#1199509). - commit da4b250 - KVM: SEV: add cache flush to solve SEV cache incoherency issues (CVE-2022-0171 bsc#1199509). - commit b851a8d - ping: remove pr_err from ping_lookup (bsc#1199918). - commit db3c60d - patches.suse/ping-fix-the-dif-and-sdif-check-in-ping_lookup.patch: (bsc#1199918). - commit f3f3a96 - floppy: use a statically allocated error counter (bsc#1199063 CVE-2022-1652). - commit 3cde83e - nfc: nfcmrvl: main: reorder destructive operations in nfcmrvl_nci_unregister_dev to avoid bugs (CVE-2022-1734 bsc#1199605 git-fixes). - commit 4841312 - NFS: limit use of ACCESS cache for negative responses (bsc#1196570). - Refresh patches.kabi/NFS-pass-cred-explicitly-for-access-tests.patch. - commit d1ca538 - Update patches.suse/sctp-delay-auto_asconf-init-until-binding-the-first-.patch headers (CVE-2021-23133 bsc#1184675). Remove unwanted patch headers which have hidden intended CVE and bugzilla references (shown above) when the patch was added. The primary purpose of this commit is to get the CVE/bugzilla references to git and rpm changelog. - commit 33c2a2f - Fix build warning Refreshed: patches.suse/PCI-hv-Do-not-set-PCI_COMMAND_MEMORY-to-reduce-VM-bo.patch - commit ba12cc4 - ptrace: Check PTRACE_O_SUSPEND_SECCOMP permission on PTRACE_SEIZE (CVE-2022-30594 bsc#1199505 bsc#1198413). - commit fd4d93d - NFSv4: nfs_atomic_open() can race when looking up a non-regular file (bsc#1195612 CVE-2022-24448). - commit db3a8ef - PCI: hv: Do not set PCI_COMMAND_MEMORY to reduce VM boot time (bsc#1199314). - commit bdb23bb - series.conf: cleanup - Move submitted patch to &quot;/sorted&quot;/ section patches.suse/0001-SUNRPC-change-locking-for-xs_swap_enable-disable.patch - commit cacd83b - cifs: fix NULL ptr dereference in smb2_ioctl_query_info() (CVE-2022-0168 bsc#1197472). - commit 5256a40 - cifs: prevent bad output lengths in smb2_ioctl_query_info() (CVE-2022-0168 bsc#1197472). - commit 3989909 - rpm/kernel-obs-build.spec.in: Also depend on dracut-systemd (bsc#1195775) - commit 5d4e32c - ixgbevf: add disable link state (bsc#1196426 CVE-2021-33061). - ixgbe: add improvement for MDD response functionality (bsc#1196426 CVE-2021-33061). - ixgbe: add the ability for the PF to disable VF link state (bsc#1196426 CVE-2021-33061). - commit c5d1777 - net: mana: Remove unnecessary check of cqe_type in mana_process_rx_cqe() (bsc#1195651). - net: mana: Add handling of CQE_RX_TRUNCATED (bsc#1195651). - net: mana: Reuse XDP dropped page (bsc#1195651). - net: mana: Add counter for XDP_TX (bsc#1195651). - net: mana: Add counter for packet dropped by XDP (bsc#1195651). - net: mana: Use struct_size() helper in mana_gd_create_dma_region() (bsc#1195651). - commit 9f064ea - net/x25: Fix null-ptr-deref caused by x25_disconnect (CVE-2022-1516 bsc#1199012). - commit bd2f1ec - net: ena: Extract recurring driver reset code into a function (bsc#1198778). - net: ena: Change the name of bad_csum variable (bsc#1198778). - net: ena: Add debug prints for invalid req_id resets (bsc#1198778). - net: ena: Remove ena_calc_queue_size_ctx struct (bsc#1198778). - net: ena: Move reset completion print to the reset function (bsc#1198778). - net: ena: Remove redundant return code check (bsc#1198778). - net: ena: Change ENI stats support check to use capabilities field (bsc#1198778). - net: ena: Add capabilities field with support for ENI stats capability (bsc#1198778). - net: ena: Change return value of ena_calc_io_queue_size() to void (bsc#1198778). - net: ena: Fix error handling when calculating max IO queues number (bsc#1198778). - net: ena: Fix wrong rx request id by resetting device (bsc#1198778). - net: ena: Fix undefined state when tx request id is out of bounds (bsc#1198778). - ena: Remove rcu_read_lock() around XDP program invocation (bsc#1198778). - net: ena: make symbol 'ena_alloc_map_page' static (bsc#1198778). - net: ena: re-organize code to improve readability (bsc#1198778). - net: ena: Use dev_alloc() in RX buffer allocation (bsc#1198778). - net: ena: aggregate doorbell common operations into a function (bsc#1198778). - net: ena: Remove module param and change message severity (bsc#1198778). - net: ena: add jiffies of last napi call to stats (bsc#1198778). - net: ena: use build_skb() in RX path (bsc#1198778). - net: ena: Improve error logging in driver (bsc#1198778). - net: ena: Remove unused code (bsc#1198778). - net: ena: optimize data access in fast-path code (bsc#1198778). - net: ena: fix DMA mapping function issues in XDP (bsc#1198778). - net: ena: remove extra words from comments (bsc#1198778). - net: ena: fix inaccurate print type (bsc#1198778). - ethernet: amazon: ena: A typo fix in the file ena_com.h (bsc#1198778). - net: ena: Update XDP verdict upon failure (bsc#1198778). - net: ena: introduce ndo_xdp_xmit() function for XDP_REDIRECT (bsc#1198778). - net: ena: use xdp_return_frame() to free xdp frames (bsc#1198778). - net: ena: introduce XDP redirect implementation (bsc#1198778). - net: ena: use xdp_frame in XDP TX flow (bsc#1198778). - net: ena: aggregate stats increase into a function (bsc#1198778). - net: ena: fix coding style nits (bsc#1198778). - net: ena: store values in their appropriate variables types (bsc#1198778). - net: ena: add device distinct log prefix to files (bsc#1198778). - net: ena: use constant value for net_device allocation (bsc#1198778). - commit f2320f9 - ovl: fix missing negative dentry check in ovl_rename() (CVE-2021-20321 bsc#1191647). - commit 14422d8 - SUNRPC: change locking for xs_swap_enable/disable (bsc#1196367). - commit 8562a15 - scsi: scsi_dh_alua: Avoid crash during alua_bus_detach() (bsc#1028340 bsc#1198825). - commit f04215d - pahole 1.22 required for full BTF features. also recommend pahole for kernel-source to make the kernel buildable with standard config - commit 364f54b - Update patches.suse/net-usb-ax88179_178a-Fix-out-of-bounds-accesses-in-R.patch (bsc#1196018 CVE-2022-28748). added CVE number - commit dfbe27e - use jobs not processors in the constraints jobs is the number of vcpus available to the build, while processors is the total processor count of the machine the VM is running on. - commit a6e141d - Update patch reference for drm fix (CVE-2022-1419 bsc#1198742) - commit 5c0501b - KVM: x86/mmu: do compare-and-exchange of gPTE via the user address (CVE-2022-1158 bsc#1197660). - commit 0581a66 - powerpc/pseries: Fix use after free in remove_phb_dynamic() (bsc#1065729 bsc#1198660 ltc#197803). - commit 4723baf - af_key: add __GFP_ZERO flag for compose_sadb_supported in function pfkey_register (CVE-2022-1353 bsc#1198516). - commit 981f1ec - SUNRPC: Ensure we flush any closed sockets before xs_xprt_free() (bsc#1198330 CVE-2022-28893). - commit f607730 - Update patches.suse/cgroup-verify-that-source-is-a-string.patch (bsc#1190131 bsc#1193842 CVE-2021-4154). - commit 0f6b5cd - Update patch references of drm fixes (CVE-2022-1280 bsc#1197914) - commit c917eda - Update patch reference for DRM fix (CVE-2021-20292 bsc#1183723) - commit f6cdff5 - fuse: handle kABI change in struct fuse_req (bsc#1197343 CVE-2022-1011). - fuse: fix pipe buffer lifetime for direct_io (bsc#1197343 CVE-2022-1011). - commit 5920a58 - Update patch reference for NFS/RDMA fix (CVE-2022-0812 bsc#1196639) - commit 7e276c6 - livepatch: Don't block removal of patches that are safe to unload (bsc#1071995). - commit 768b9d1 - x86/speculation: Restore speculation related MSRs during S3 resume (bsc#1198400). - commit aece496 - x86/pm: Save the MSR validity status at context setup (bsc#1198400). - commit 2364cfa - direct-io: defer alignment check until after the EOF check (bsc#1197656). - commit 90d08aa - direct-io: don't force writeback for reads beyond EOF (bsc#1197656). - commit f8a2691 - direct-io: clean up error paths of do_blockdev_direct_IO (bsc#1197656). - commit 4781e89 - Update patches.suse/llc-fix-netdevice-reference-leaks-in-llc_ui_bind.patch references (add CVE-2022-28356 bsc#1197391). - commit bf5ad66 - cifs: fix bad fids sent over wire (bsc#1197157). - commit 3e7e3c4 - drm: drm_file struct kABI compatibility workaround (bsc#1197914). - commit dd24982 - drm: use the lookup lock in drm_is_current_master (bsc#1197914). - drm: protect drm_master pointers in drm_lease.c (bsc#1197914). - drm: serialize drm_file.master with a new spinlock (bsc#1197914). - drm: add a locked version of drm_is_current_master (bsc#1197914). - commit 82a498a - blacklist.conf: Add reverted/reverting swiotlb change (CVE-2022-0854 bsc#1196823 bsc#1197460) - commit 8d52c36 - Reinstate some of &quot;/swiotlb: rework &quot;/fix info leak with DMA_FROM_DEVICE&quot;/&quot;/ (CVE-2022-0854 bsc#1196823). - swiotlb: fix info leak with DMA_FROM_DEVICE (CVE-2022-0854 bsc#1196823). - commit ff554b5 - netfilter: nf_tables: initialize registers in nft_do_chain() (CVE-2022-1016 bsc#1197227). - commit 7111961 - Delete patches.suse/net-tipc-validate-domain-record-count-on-input.patch. This was the original work-in-progress patch for CVE-2022-0435 / bsc#1195254. Later, a proper backport of mainline commit 9aa422ad3266 (&quot;/tipc: improve size validations for received domain records&quot;/) was added as patches.suse/tipc-improve-size-validations-for-received-domain-re.patch but this patch was left in place. As it adds the check a bit later than upstream fix, it did not cause a conflict so nobody noticed the duplicity. - commit ef08708 - llc: fix netdevice reference leaks in llc_ui_bind() (git-fixes). - commit 2237578 - can: mcba_usb: mcba_usb_start_xmit(): fix double dev_kfree_skb in error path (CVE-2022-28389 bsc#1198033). - can: usb_8dev: usb_8dev_start_xmit(): fix double dev_kfree_skb() in error path (CVE-2022-28388 bsc#1198032). - can: ems_usb: ems_usb_start_xmit(): fix double dev_kfree_skb() in error path (CVE-2022-28390 bsc#1198031). - commit d6e6523 - ALSA: pcm: Fix potential AB/BA lock with buffer_mutex and mmap_lock (CVE-2022-1048 bsc#1197331). - Refresh patches.kabi/ALSA-kABI-workaround-for-snd_pcm_runtime-changes.patch. - commit db7647d - net: sched: fix use-after-free in tc_new_tfilter() (CVE-2022-1055 bsc#1197702). - commit 4c7dc78 - Add CVE tags to patches.suse/ext4-fix-kernel-infoleak-via-ext4_extent_header.patch (bsc#1189562 bsc#1196761 CVE-2022-0850). - commit f3cb08f - powerpc/mm/numa: skip NUMA_NO_NODE onlining in parse_numa_properties() (bsc#1179639 ltc#189002 git-fixes). - commit 73583c9 - esp: Fix possible buffer overflow in ESP transformation (bsc#1197131 CVE-2022-0886 CVE-2022-27666). - commit 39a5891 - cifs: use the correct max-length for dentry_path_raw() (bsc1196196). - commit 10cddb2 - quota: check block number when reading the block in quota file (bsc#1197366 CVE-2021-45868). - commit a7d4915 - netfilter: conntrack: don't refresh sctp entries in closed state (bsc#1197389). - commit c3afd15 - ALSA: kABI workaround for snd_pcm_runtime changes (CVE-2022-1048 bsc#1197331). - commit 12628f8 - ALSA: pcm: Fix races among concurrent prealloc proc writes (CVE-2022-1048 bsc#1197331). - ALSA: pcm: Fix races among concurrent prepare and hw_params/hw_free calls (CVE-2022-1048 bsc#1197331). - ALSA: pcm: Fix races among concurrent read/write and buffer changes (CVE-2022-1048 bsc#1197331). - ALSA: pcm: Fix races among concurrent hw_params and hw_free calls (CVE-2022-1048 bsc#1197331). - commit aee063f - rpm/constraints.in: skip SLOW_DISK workers for kernel-source - commit e84694f - macros.kernel-source: Fix conditional expansion. Fixes: bb95fef3cf19 (&quot;/rpm: Use bash for %() expansion (jsc#SLE-18234).&quot;/) - commit 7e857f7 - rpm: Use bash for %() expansion (jsc#SLE-18234). Since 15.4 alternatives for /bin/sh are provided by packages &lt;something&gt;-sh. While the interpreter for the build script can be selected the interpreter for %() cannot. The kernel spec files use bashisms in %(). While this could technically be fixed there is more serious underlying problem: neither bash nor any of the alternatives are 100% POSIX compliant nor bug-free. It is not my intent to maintain bug compatibility with any number of shells for shell scripts embedded in the kernel spec file. The spec file syntax is not documented so embedding the shell script in it causes some unspecified transformation to be applied to it. That means that ultimately any changes must be tested by building the kernel, n times if n shells are supported. To reduce maintenance effort require that bash is used for kernel build always. - commit bb95fef - net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup (bsc#1196018). - commit 1580ab2 - ax88179_178a: Merge memcpy + le32_to_cpus to get_unaligned_le32 (bsc#1196018). - commit 1cdc779 - rpm: Run external scriptlets on uninstall only when available (bsc#1196514 bsc#1196114 bsc#1196942). When dependency cycles are encountered package dependencies may not be fulfilled during zypper transaction at the time scriptlets are run. This is a problem for kernel scriptlets provided by suse-module-tools when migrating to a SLE release that provides these scriptlets only as part of LTSS. The suse-module-tools that provides kernel scriptlets may be removed early causing migration to fail. - commit ab8dd2d - sr9700: sanity check for packet length (bsc#1196836 CVE-2022-26966). - commit edaafdd - rpm/*.spec.in: remove backtick usage - commit 87ca1fb - rpm: SC2006: Use $(...) notation instead of legacy backticked `...`. - commit f0d0e90 - aio: fix use-after-free due to missing POLLFREE handling (CVE-2021-39698 bsc#1196956). - aio: keep poll requests on waitqueue until completed (CVE-2021-39698 bsc#1196956). - signalfd: use wake_up_pollfree() (CVE-2021-39698 bsc#1196956). - binder: use wake_up_pollfree() (CVE-2021-39698 bsc#1196956). - wait: add wake_up_pollfree() (CVE-2021-39698 bsc#1196956). - commit b026506 - rpm/kernel-source.spec.in: call fdupes per subpackage It is a waste of time to do a global fdupes when we have subpackages. - commit 1da8439 - af_unix: fix garbage collect vs MSG_PEEK (CVE-2021-0920 bsc#1193731). - commit 7040fdd - Refresh patches.suse/xfrm-fix-mtu-regression.patch. - commit 8d867d6 - xen/netfront: react properly to failing gnttab_end_foreign_access_ref() (bsc#1196488, XSA-396, CVE-2022-23042). - commit fe0a923 - xen/gnttab: fix gnttab_end_foreign_access() without page specified (bsc#1196488, XSA-396, CVE-2022-23041). - commit 58c801b - xen/pvcalls: use alloc/free_pages_exact() (bsc#1196488, XSA-396, CVE-2022-23041). - commit afb2dba - xen/9p: use alloc/free_pages_exact() (bsc#1196488, XSA-396, CVE-2022-23041). - commit cee63b9 - xen/usb: don't use gnttab_end_foreign_access() in xenhcd_gnttab_done() (bsc#1196488, XSA-396). - commit b1d434d - xen/gntalloc: don't use gnttab_query_foreign_access() (bsc#1196488, XSA-396, CVE-2022-23039). - commit a4ec4aa - xen/scsifront: don't use gnttab_query_foreign_access() for mapped status (bsc#1196488, XSA-396, CVE-2022-23038). - commit fd9cb30 - xen/netfront: don't use gnttab_query_foreign_access() for mapped status (bsc#1196488, XSA-396, CVE-2022-23037). - commit 4e33999 - xen/blkfront: don't use gnttab_query_foreign_access() for mapped status (bsc#1196488, XSA-396, CVE-2022-23036). - commit 4334af7 - xen/grant-table: add gnttab_try_end_foreign_access() (bsc#1196488, XSA-396, CVE-2022-23036, CVE-2022-23038). - commit 19b769a - xen/xenbus: don't let xenbus_grant_ring() remove grants in error case (bsc#1196488, XSA-396, CVE-2022-23040). - commit 5aacf1f - rpm/arch-symbols,guards,*driver: Replace Novell with SUSE. - commit 174a64f - usb: host: xen-hcd: add missing unlock in error path (git-fixes). - commit daa9ea7 - Refresh patches.suse/0002-usb-Introduce-Xen-pvUSB-frontend-xen-hcd.patch. - commit d9066f6 - Refresh patches.suse/0001-usb-Add-Xen-pvUSB-protocol-description.patch. - commit 5c41eb3 - rpm/kernel-docs.spec.in: use %%license for license declarations Limited to SLE15+ to avoid compatibility nightmares. - commit 73d560e - rpm/*.spec.in: Use https:// urls - commit 77b5f8e - powerpc/powernv/memtrace: Fix dcache flushing (bsc#1196433 ltc#196449). - commit 9f96679 - Hand over the maintainership to SLE15-SP3 maintainers - commit 0c92742 - SUNRPC: avoid race between mod_timer() and del_timer_sync() (bnc#1195403). - commit fffe0fc - nfc: st21nfca: Fix potential buffer overflows in EVT_TRANSACTION (CVE-2022-26490 bsc#1196830). - commit fd10ace - Update patch reference for iov security fix (CVE-2022-0847 bsc#1196584) - commit 1dafeb6 - net/mlx5e: Fix page DMA map/unmap attributes (bsc#1196468). - commit 8c8ae13 - kernel-binary.spec: Also exclude the kernel signing key from devel package. There is a check in OBS that fails when it is included. Also the key is not reproducible. Fixes: bb988d4625a3 (&quot;/kernel-binary: Do not include sourcedir in certificate path.&quot;/) - commit 68fa069 - rpm/check-for-config-changes: Ignore PAHOLE_VERSION. - commit 88ba5ec - lib/iov_iter: initialize &quot;/flags&quot;/ in new pipe_buffer (bsc#1196584). - commit 4f3bbf5 - x86/speculation: Use generic retpoline by default on AMD (bsc#1191580 CVE-2022-0001 CVE-2022-0002). - commit bed48b1 - rpm/kernel-obs-build.spec.in: add systemd-initrd and terminfo dracut module (bsc#1195775) - commit d9a821b - powerpc/mm: Remove dcache flush from memory remove (bsc#1196433 ltc#196449). - commit ec198ed - gve: Recording rx queue before sending to napi (jsc#SLE-23652). - gve: fix the wrong AdminQ buffer queue index check (jsc#SLE-23652). - gve: Fix GFP flags when allocing pages (jsc#SLE-23652). - gve: Add consumed counts to ethtool stats (jsc#SLE-23652). - gve: Implement suspend/resume/shutdown (jsc#SLE-23652). - gve: Add optional metadata descriptor type GVE_TXD_MTD (jsc#SLE-23652). - gve: remove memory barrier around seqno (jsc#SLE-23652). - gve: Update gve_free_queue_page_list signature (jsc#SLE-23652). - gve: Move the irq db indexes out of the ntfy block struct (jsc#SLE-23652). - gve: Correct order of processing device options (jsc#SLE-23652). - gve: fix for null pointer dereference (jsc#SLE-23652). - gve: fix unmatched u64_stats_update_end() (jsc#SLE-23652). - gve: Add a jumbo-frame device option (jsc#SLE-23652). - gve: Implement packet continuation for RX (jsc#SLE-23652). - gve: Add RX context (jsc#SLE-23652). - gve: Use kvcalloc() instead of kvzalloc() (jsc#SLE-23652). - commit e1a9cfc - udf: Restore i_lenAlloc when inode expansion fails (bsc#1196079 CVE-2022-0617). - commit a1deb2a - udf: Fix NULL ptr deref when converting from inline format (bsc#1196079 CVE-2022-0617). - commit 43cd4ed - x86/speculation: Include unprivileged eBPF status in Spectre v2 mitigation reporting (bsc#1191580 CVE-2022-0001 CVE-2022-0002). - commit d42fa20 - Documentation/hw-vuln: Update spectre doc (bsc#1191580 CVE-2022-0001 CVE-2022-0002). - commit a48cfcc - x86/speculation: Add eIBRS + Retpoline options (bsc#1191580 CVE-2022-0001 CVE-2022-0002). - commit 1a20a7e - x86/speculation: Rename RETPOLINE_AMD to RETPOLINE_LFENCE (bsc#1191580 CVE-2022-0001 CVE-2022-0002). - commit 80f47a3 - x86,bugs: Unconditionally allow spectre_v2=retpoline,amd (bsc#1191580 CVE-2022-0001 CVE-2022-0002). - commit 1f9dd65 - usb: gadget: rndis: check size of RNDIS_MSG_SET command (CVE-2022-25375 bsc#1196235). - commit 4e7d746 - Update patch reference for vfs fix (CVE-2022-0644 bsc#1196155) - commit 900b4f0 - USB: gadget: validate interface OS descriptor requests (CVE-2022-25258 bsc#1196095). - commit 4c69367 - scsi: lpfc: Fix pt2pt NVMe PRLI reject LOGO loop (bsc#1189126). - commit 6aa037a - rpm/kernel-obs-build.spec.in: use default dracut modules (bsc#1195926, bsc#1198484) Let's iron out the reduced initrd optimisation in Tumbleweed. Build full blown dracut initrd with systemd for SLE15 SP4. - commit ea76821 - powerpc/pseries/ddw: Revert &quot;/Extend upper limit for huge DMA window for persistent memory&quot;/ (bsc#1195995 ltc#196394). - commit 7be7563 - f2fs: fix to do sanity check on inode type during garbage collection (CVE-2021-44879 bsc#1195987). - commit 139271b - tipc: improve size validations for received domain records (bsc#1195254, CVE-2022-0435). - commit 48911da - yam: fix a memory leak in yam_siocdevprivate() (CVE-2022-24959 bsc#1195897). - commit 60220af - usb: gadget: clear related members when goto fail (CVE-2022-24958 bsc#1195905). - usb: gadget: don't release an existing dev-&gt;buf (CVE-2022-24958 bsc#1195905). - commit 96dda76 - Update patches.suse/0001-mmc-moxart_remove-Fix-UAF.patch (bsc#1194516 CVE-2022-0487). - commit f68f189 - nfsd: don't admin-revoke NSv4.0 state ids (bsc#1192483). - nfsd: allow delegation state ids to be revoked and then freed (bsc#1192483). - nfsd: allow lock state ids to be revoked and then freed (bsc#1192483). - nfsd: allow open state ids to be revoked and then freed (bsc#1192483). - nfsd: prepare for supporting admin-revocation of state (bsc#1192483). - commit 4fab2c0 - kernel-binary: Do not include sourcedir in certificate path. The certs macro runs before build directory is set up so it creates the aggregate of supplied certificates in the source directory. Using this file directly as the certificate in kernel config works but embeds the source directory path in the kernel config. To avoid this symlink the certificate to the build directory and use relative path to refer to it. Also fabricate a certificate in the same location in build directory when none is provided. - commit bb988d4 - constraints: Also adjust disk requirement for x86 and s390. - commit 9719db0 - constraints: Increase disk space for aarch64 - commit 09c2882 - KVM: s390: Return error on SIDA memop on normal guest (bsc#1195516 CVE-2022-0516). - commit d46602b - NFSv4: Handle case where the lookup of a directory fails (bsc#1195612 CVE-2022-24448). - commit 1023a28 - btrfs: check for missing device in btrfs_trim_fs (bsc#1195701). - commit be8e591 - cgroup-v1: Require capabilities to set release_agent (bsc#1195543 CVE-2022-0492). - commit 413d689 - scsi: ufs: Correct the LUN used in eh_device_reset_handler() callback (bsc#1193864 CVE-2021-39657). - commit 5ec67f9 - scsi: target: iscsi: Fix cmd abort fabric stop race (bsc#1195286). - commit 79c1016 - Update kabi files. - update from February 2022 maintenance update submission (commit 49453fa0b26b) - commit 10d28a1 - kernel-obs-build: include 9p (boo#1195353) To be able to share files between host and the qemu vm of the build script, the 9p and 9p_virtio kernel modules need to be included in the initrd of kernel-obs-build. - commit 0cfe67a - video: hyperv_fb: Fix validation of screen resolution (git-fixes). - commit fcb02f5 - net: tipc: validate domain record count on input (bsc#1195254). - commit 5e4e31e - series.conf: sort Fix patch ordering in sorted section. - commit f4bbbbf - fix patches metadata - fix Patch-mainline, mark partial backport, add a note to commit message - patches.suse/net-xdp-Introduce-xdp_init_buff-utility-routine.patch - patches.suse/net-xdp-Introduce-xdp_prepare_buff-utility-routine.patch - commit c8555c7 - Update kabi files. - update from out of order January 2022 maintenance update (commit 712a8e6dffc3) - commit d4e500b - update - commit 8000467 - phonet: refcount leak in pep_sock_accep (bsc#1193867, CVE-2021-45095). - commit 98c27cb - xfrm: fix MTU regression (bsc#1185377, bsc#1194048). - Delete patches.suse/xfrm-xfrm_state_mtu-should-return-at-least-1280-for-.patch. which caused a regression (bsc#1194048). - fix patches.kabi/revert-xfrm-xfrm_state_mtu-should-return-at-least-1280.patch fixes the resulting KABI change - Replace with an alternative fix for bsc#1185377 - commit ccdfbb9 - net: tipc: validate domain record count on input (bsc#1195254). - commit 96de11b - SLE15-SP2 went to LTSS, hand over to L3 - commit 1e60178 - drm/vmwgfx: Fix stale file descriptors on failed usercopy (CVE-2022-22942 bsc#1195065). - commit b93c2a4 - nvme: add 'iopolicy' module parameter (bsc#1177599 bsc#1193096). - commit 92fcdfb - bpf: Verifer, adjust_scalar_min_max_vals to always call update_reg_bounds() (bsc#1194227). - commit bf95985 - net/packet: rx_owner_map depends on pg_vec (bsc#1195184 CVE-2021-22600). - commit ef975a8 - scsi: ufs: Correct the LUN used in eh_device_reset_handler() callback (bsc#1193864 CVE-2021-39657). - commit a954734 - Update patches.suse/usb-gadget-configfs-Fix-use-after-free-issue-with-ud.patch (bsc#1193861 CVE-2021-39648). updated references for a CVE that became known after the fix had been applied for other reasons - commit 2372cca - net: mana: Add RX fencing (bsc#1193506). - commit 86ca026 - net: mana: Add XDP support (bsc#1193506). - commit 8a8d94e - hv_netvsc: Set needed_headroom according to VF (bsc#1193506). - commit 2ce60c3 - net, xdp: Introduce xdp_prepare_buff utility routine (bsc#1193506). - commit f1f2607 - net, xdp: Introduce xdp_init_buff utility routine (bsc#1193506). - commit d81f88a - btrfs: tree-checker: check for BTRFS_BLOCK_FLAG_FULL_BACKREF being set improperly (bsc#1195009). - commit 472ff50 - btrfs: tree-checker: annotate all error branches as unlikely (bsc#1195009). - commit ac668ff - btrfs: tree-checker: Add EXTENT_ITEM and METADATA_ITEM check (bsc#1195009). - commit 38bf9aa - kernel-binary.spec.in: Move 20-kernel-default-extra.conf to the correctr directory (bsc#1195051). - commit c80b5de - drm/i915: Flush TLBs before releasing backing store (CVE-2022-0330 bsc#1194880). - commit 34a8919 - net: allow retransmitting a TCP packet if original is still in queue (bsc#1188605 bsc#1187428). - commit 07dea3c - kernel-binary.spec: Do not use the default certificate path (bsc#1194943). Using the the default path is broken since Linux 5.17 - commit 68b36f0 - fix rpm build warning tumbleweed rpm is adding these warnings to the log: It's not recommended to have unversioned Obsoletes: Obsoletes: microcode_ctl - commit 3ba8941 - build initrd without systemd This reduces the size of the initrd by over 25%, which improves startup time of the virtual machine by 0.5-0.6s on very fast machines, more on slower ones. - commit ef4c569 - Revert &quot;/net: sched: disable TCQ_F_NOLOCK for pfifo_fast (bsc#1183405)&quot;/ This reverts commit 3aa0c01fad38360cc9cd840d49bdfdc565e2e718. With the backport of the upstream fix for bsc#1183405 race, this workaround is no longer needed. - commit e063337 - net: sched: add barrier to ensure correct ordering for lockless qdisc (bsc#1183405). - net: sched: avoid unnecessary seqcount operation for lockless qdisc (bsc#1183405). - net: sched: fix tx action reschedule issue with stopped queue (bsc#1183405). - net: sched: fix tx action rescheduling issue during deactivation (bsc#1183405). - net: sched: fix packet stuck problem for lockless qdisc (bsc#1183405). - net: sched: replaced invalid qdisc tree flush helper in qdisc_replace (bsc#1183405). - net: sch_generic: aviod concurrent reset and enqueue op for lockless qdisc (bsc#1183405). - net_sched: get rid of unnecessary dev_qdisc_reset() (bsc#1183405). - net_sched: avoid resetting active qdisc for multiple times (bsc#1183405). - net_sched: use qdisc_reset() in qdisc_destroy() (bsc#1183405). - commit abc4d94 Package libpsl was updated: - fix [bsc#1197771] - FTBFS: libpsl won't compile on SP4- added patches https://github.com/rockdaboot/libpsl/commit/f364cea73e351ce62e0b337fd1fbc21e70b52d56 + libpsl-fix-test-data.patch Package libsolv was updated: - reworked choice rule generation to cover more usecases- support SOLVABLE_PREREQ_IGNOREINST in the ordering code [bsc#1196514] - support parsing of Debian's Multi-Arch indicator - bump version to 0.7.22 - fix segfault on conflict resolution when using bindings - fix split provides not working if the update includes a forbidden vendor change - support strict repository priorities new solver flag: SOLVER_FLAG_STRICT_REPO_PRIORITY - support zstd compressed control files in debian packages - add an ifdef allowing to rename Solvable dependency members (&quot;/requires&quot;/ is a keyword in C++20) - support setting/reading userdata in solv files new functions: repowriter_set_userdata, solv_read_userdata - support queying of the custom vendor check function new function: pool_get_custom_vendorcheck - support solv files with an idarray block - allow accessing the toolversion at runtime - bump version to 0.7.21 Package libtirpc was updated: - fix memory leak in client protocol version 2 code (bsc#1193805) - update: 0001-rpcb_clnt.c-config-to-try-protocolversion-2-first.patch Package libxml2 was updated: - Security fix: [bsc#1199132, CVE-2022-29824] * Integer overflow leading to out-of-bounds write in buf.c (xmlBuf*) and tree.c (xmlBuffer*) * Add libxml2-CVE-2022-29824.patch - Security fix: [bsc#1196490, CVE-2022-23308] * Use-after-free of ID and IDREF attributes. * Add libxml2-CVE-2022-23308.patch * Add libxml2-CVE-2021-3541.patch Package libzypp was updated: - ZConfig: Update solver settings if target changes (bsc#1196368)- version 17.30.0 (22) - Fix possible hang in singletrans mode (bsc#1197134) - Do 2 retries if mount is still busy. - version 17.29.7 (22) - Fix package signature check (bsc#1184501) Pay attention that header and payload are secured by a valid signature and report more detailed which signature is missing. - Retry umount if device is busy (bsc#1196061, closes #381) A previously released ISO image may need a bit more time to release it's loop device. So we wait a bit and retry. - Fix serializing/deserializing type mismatch in zypp-rpm protocol (bsc#1196925) - Fix handling of ISO media in releaseAll (bsc#1196061) - Hint on common ptf resolver conflicts (bsc#1194848) - version 17.29.6 (22) - Hint on ptf&lt;&gt;patch resolver conflicts (bsc#1194848) - version 17.29.5 (22) - Fix handling of redirected command in-/output (bsc#1195326) This fixes delays at the end of zypper operations, where zypper unintentionally waits for appdata plugin scripts to complete. - version 17.29.4 (22) - Public header files on older distros must use c++11 (bsc#1194597) - Fix exception handling when reading or writing credentials (bsc#1194898) - version 17.29.3 (22) - Fix Legacy include (bsc#1194597) - version 17.29.2 (22) - Fix broken install path for parser compat headers (fixes #372, bsc#1194597) - RepoManager: remember exec errors in exception history (bsc#1193007) - version 17.29.1 (22) - Use the default zypp.conf settings if no zypp.conf exists (bsc#1193488) - Fix wrong encoding of iso: URL components (bsc#954813) - Handle armv8l as armv7hl compatible userland. - Introduce zypp-curl a sublibrary for CURL related code. - zypp-rpm: Increase rpm loglevel if ZYPP_RPM_DEBUG is set. - Save all signatures associated with a public key in its PublicKeyData. - version 17.29.0 (22) Package lvm2 was updated: - udev: create symlinks and watch even in suspended state (bsc#1195231) + bug-1195231-udev-create-symlinks-and-watch-even-in-suspended-sta.patch Package mozilla-nss was updated: - Mozilla NSS 3.68.3 (bsc#1197903) This release improves the stability of NSS when used in a multi-threaded environment. In particular, it fixes memory safety violations that can occur when PKCS#11 tokens are removed while in use (CVE-2022-1097). We presume that with enough effort these memory safety violations are exploitable. * Remove token member from NSSSlot struct (bmo#1756271). * Hold tokensLock through nssToken_GetSlot calls in nssTrustDomain_GetActiveSlots (bmo#1755555). * Check return value of PK11Slot_GetNSSToken (bmo#1370866). Package nfs-utils was updated: - Add 0023-cache.c-removed-a-couple-warning.patch Fix compilation with new glibc (SLE15-SP4) (bsc#1197788) - Add 0021-mount.nfs-insert-sloppy-at-beginning-of-the-options.patch Add 0022-mount.nfs-Fix-the-sloppy-option-processing.patch Ensure &quot;/sloppy&quot;/ is added correctly for newer kernels. Particularly required for kernels since 5.6 (so SLE15-SP4), and safe for all kernels. (boo#1197297) - Add 0020-mountd-Initialize-logging-early.patch If an error or warning message is produced before closeall() is called, mountd gets confused and doesn't work. (bsc#1194661) Package openldap2 was updated: - bsc#1199240 - CVE-2022-29155 - Resolve sql injection in back-sql * 0242-ITS-9815-slapd-sql-escape-filter-values.patch - bsc#1191157 - Correct version specification in ppolicy to allow submission to SP3 for TLS1.3 - bsc#1191157 - allow specification of max/min TLS version with TLS1.3 * 0239-ITS-9422-Update-for-TLS-v1.3.patch * 0240-ITS-9518-add-LDAP_OPT_X_TLS_PROTOCOL_MAX-option.patch * 0241-TLS-set-protocol-version.patch - bsc#1197004 - libldap was able to be out of step with openldap in some cases which could cause incorrect installations and symbol resolution failures. openldap2 and libldap now are locked to their related release versions. - jsc#PM-3288 - restore CLDAP functionality in CLI tools - Revert jsc#PM-3288 - CLDAP ( -DLDAP_CONNECTIONLESS ) due to regression reporting is bsc#1197004 causing SSSD to have faults. - jsc#PM-3288 - restore CLDAP functionality in CLI tools Package openssh was updated: - Add openssh-do-not-send-empty-message.patch: Prevent empty messages from being sent. This avoids a superfluous new line (bsc#1192439). - Add openssh-dbus.sh, openssh-dbus.csh, openssh-dbus.fish: Make ssh connections update their dbus environment (bsc#1179465). - Add openssh-bsc1190975-CVE-2021-41617-authorizedkeyscommand.patch (bsc#1190975, CVE-2021-41617), backported from upstream by Ali Abdallah. Package openssl-1_1 was updated: - Encrypt the sixteen bytes that were unencrypted in some circumstances on 32-bit x86 platforms. * [bsc#1201099, CVE-2022-2097] * added openssl-CVE-2022-2097.patch - Added openssl-1_1-Fix-file-operations-in-c_rehash.patch * bsc#1200550 * CVE-2022-2068 * Fixed more shell code injection issues in c_rehash - Added openssl-update_expired_certificates.patch * Openssl failed tests because of expired certificates. * bsc#1185637 * Sourced from https://github.com/openssl/openssl/pull/18446/commits - Security fix: [bsc#1199166, CVE-2022-1292] * Added: openssl-CVE-2022-1292.patch * properly sanitise shell metacharacters in c_rehash script. - Security Fix: [bsc#1196877, CVE-2022-0778] * Infinite loop in BN_mod_sqrt() reachable when parsing certificates * Add openssl-CVE-2022-0778.patch openssl-CVE-2022-0778-tests.patch - Fix PAC pointer authentication in ARM [bsc#1195856] * PAC pointer authentication signs the return address against the value of the stack pointer, to prevent stack overrun exploits from corrupting the control flow. The Poly1305 armv8 code got this wrong, resulting in crashes on PAC capable hardware. * Add openssl-1_1-ARM-PAC.patch - Pull libopenssl-1_1 when updating openssl-1_1 with the same version. [bsc#1195792] - FIPS: Fix function and reason error codes [bsc#1182959] * Add openssl-1_1-FIPS-fix-error-reason-codes.patch - Enable zlib compression support [bsc#1195149] * Add openssl-fix-BIO_f_zlib.patch to fix BIO_f_zlib: Properly handle BIO_CTRL_PENDING and BIO_CTRL_WPENDING calls. Package p11-kit was updated: - CVE-2020-29362: Fixed a 4 byte overread (bsc#1180065) Added p11-kit-CVE-2020-29362.patch: Package pam was updated: - Do not include obsolete libselinux header files flask.h and av_permissions.h. [bsc#1197794, pam-bsc1197794-do-not-include-obsolete-header-files.patch] - Between allocating the variable &quot;/ai&quot;/ and free'ing them, there are two &quot;/return NO&quot;/ were we don't free this variable. This patch inserts freaddrinfo() calls before the &quot;/return NO;&quot;/s. [bsc#1197024, pam-bsc1197024-free-addrinfo-before-return.patch] - Define _pam_vendordir as &quot;//%{_sysconfdir}/pam.d&quot;/ The variable is needed by systemd and others. [bsc#1196093, macros.pam] Package pcre was updated: - Added pcre-8.45-bsc1199232-unicode-property-matching.patch * bsc#1199232 * CVE-2022-1586 * Fixes unicode property matching issue Package pcre2 was updated: - Added pcre2-10.31-bsc1199232-unicode-property-matching.patch * bsc#1199232 / CVE-2022-1586 * Fixes unicode property matching issue Package perl was updated: - Stabilize Socket::VERSION comparisons [bnc#1193489] new patch: perl-Stabilize-Socket-VERSION-comparisons.patch Package procps was updated: - Add patch bsc1195468-23da4f40.patch to fix bsc#1195468 that is ignore SIGURG Package protobuf was updated: - Fix incorrect parsing of nullchar in the proto symbol, CVE-2021-22570, bsc#1195258 * Add protobuf-CVE-2021-22570.patch Package python3 was updated: - Add CVE-2015-20107-mailcap-unsafe-filenames.patch to avoid CVE-2015-20107 (bsc#1198511, gh#python/cpython#68966), the command injection in the mailcap module. - Rename support-expat-245.patch to support-expat-CVE-2022-25236-patched.patch to unify the patch with other packages. - Add bpo-46623-skip-zlib-s390x.patch skipping two failing tests on s390x. - Update bundled pip wheel to the latest SLE version patched against bsc#1186819 (CVE-2021-3572). - Add patch support-expat-245.patch: * Support Expat &gt;= 2.4.5 - Rename 22198.patch into more descriptive remove-sphinx40-warning.patch. - Don't use appstream-glib on SLE-12. - Use Python 2-based Sphinx on SLE-12. - No documentation on SLE-12. - Add skip_SSL_tests.patch skipping tests because of patched OpenSSL (bpo#9425). - Don't use appstream-glib on SLE-12. - Use Python 2-based Sphinx on SLE-12. - No documentation on SLE-12. - Add skip_SSL_tests.patch skipping tests because of patched OpenSSL (bpo#9425). - Don't use OpenSSL 1.1 on platforms which don't have it. - Remove shebangs from from python-base libraries in _libdir (bsc#1193179, bsc#1192249). - Readjust patches: - bpo-31046_ensurepip_honours_prefix.patch - decimal.patch - python-3.3.0b1-fix_date_time_compiler.patch - build against openssl 1.1 as it is incompatible with openssl 3.0+ (bsc#1190566) - 0001-allow-for-reproducible-builds-of-python-packages.patch: ignore permission error when changing the mtime of the source file in presence of SOURCE_DATE_EPOCH - CVE-2021-3733-ReDoS-urllib-AbstractBasicAuthHandler.patch - Remove merged patch CVE-2020-8492-urllib-ReDoS.patch and CRLF_injection_via_host_part.patch. Package rsyslog was updated: - Remove inotify watch descriptor in imfile on inode change detected (bsc#1198939) * add 0001-imfile-Remove-inotify-watch-descriptor-on-inode-chan.patch - (CVE-2022-24903) fix potential heap buffer overflow in modules for TCP syslog reception (bsc#1199061) * add CVE-2022-24903.patch - add service dependencies for remote logging (bsc#1194669) - update config example in remote.conf to match upstream documentation Package ruby2 was updated: - Update suse.patch: - backport fix for CVE-2022-28739: ruby: Buffer overrun in String-to-Float conversion (boo#1198441) - back port date 2.0.3 CVE-2021-41817 (boo#1193035) - merge the previous bug fixes into suse.patch - CVE-2021-32066.patch - CVE-2021-31810.patch - CVE-2021-31799.patch - Add Requires to make and gcc to ruby-devel to make the default extconf.rb work Package runc was updated: - Update to runc v1.1.3. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.3. (Includes a fix for bsc#1200088.) * Our seccomp `-ENOSYS` stub now correctly handles multiplexed syscalls on s390 and s390x. This solves the issue where syscalls the host kernel did not support would return `-EPERM` despite the existence of the `-ENOSYS` stub code (this was due to how s390x does syscall multiplexing). * Retry on dbus disconnect logic in libcontainer/cgroups/systemd now works as intended; this fix does not affect runc binary itself but is important for libcontainer users such as Kubernetes. * Inability to compile with recent clang due to an issue with duplicate constants in libseccomp-golang. * When using systemd cgroup driver, skip adding device paths that don't exist, to stop systemd from emitting warnings about those paths. * Socket activation was failing when more than 3 sockets were used. * Various CI fixes. * Allow to bind mount /proc/sys/kernel/ns_last_pid to inside container. * runc static binaries are now linked against libseccomp v2.5.4. - Remove upstreamed patches: - bsc1192051-0001-seccomp-enosys-always-return-ENOSYS-for-setup-2-on-s390x.patch - Backport &lt;https://github.com/opencontainers/runc/pull/3474&gt; to fix issues with newer syscalls (namely faccessat2) on older kernels on s390(x) caused by that platform's syscall multiplexing semantics. bsc#1192051 bsc#1199565 + bsc1192051-0001-seccomp-enosys-always-return-ENOSYS-for-setup-2-on-s390x.patch - Add ExcludeArch for s390 (not s390x) since we've never supported it. - Update to runc v1.1.2. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.2. CVE-2022-29162 bsc#1199460 * A bug was found in runc where runc exec --cap executed processes with non-empty inheritable Linux process capabilities, creating an atypical Linux environment. For more information, see [GHSA-f3fp-gc8g-vw66][] and CVE-2022-29162. bsc#1199460 * `runc spec` no longer sets any inheritable capabilities in the created example OCI spec (`config.json`) file. - Update to runc v1.1.1. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.1. * runc run/start can now run a container with read-only /dev in OCI spec, rather than error out. (#3355) * runc exec now ensures that --cgroup argument is a sub-cgroup. (#3403) libcontainer systemd v2 manager no longer errors out if one of the files listed in /sys/kernel/cgroup/delegate do not exist in container's cgroup. (#3387, #3404) * Loosen OCI spec validation to avoid bogus &quot;/Intel RDT is not supported&quot;/ error. (#3406) * libcontainer/cgroups no longer panics in cgroup v1 managers if stat of /sys/fs/cgroup/unified returns an error other than ENOENT. (#3435) - Update to runc v1.1.0. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.0. - libcontainer will now refuse to build without the nsenter package being correctly compiled (specifically this requires CGO to be enabled). This should avoid folks accidentally creating broken runc binaries (and incorrectly importing our internal libraries into their projects). (#3331) - Update to runc v1.1.0~rc1. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.0-rc.1. + Add support for RDMA cgroup added in Linux 4.11. * runc exec now produces exit code of 255 when the exec failed. This may help in distinguishing between runc exec failures (such as invalid options, non-running container or non-existent binary etc.) and failures of the command being executed. + runc run: new --keep option to skip removal exited containers artefacts. This might be useful to check the state (e.g. of cgroup controllers) after the container hasexited. + seccomp: add support for SCMP_ACT_KILL_PROCESS and SCMP_ACT_KILL_THREAD (the latter is just an alias for SCMP_ACT_KILL). + seccomp: add support for SCMP_ACT_NOTIFY (seccomp actions). This allows users to create sophisticated seccomp filters where syscalls can be efficiently emulated by privileged processes on the host. + checkpoint/restore: add an option (--lsm-mount-context) to set a different LSM mount context on restore. + intelrdt: support ClosID parameter. + runc exec --cgroup: an option to specify a (non-top) in-container cgroup to use for the process being executed. + cgroup v1 controllers now support hybrid hierarchy (i.e. when on a cgroup v1 machine a cgroup2 filesystem is mounted to /sys/fs/cgroup/unified, runc run/exec now adds the container to the appropriate cgroup under it). + sysctl: allow slashes in sysctl names, to better match sysctl(8)'s behaviour. + mounts: add support for bind-mounts which are inaccessible after switching the user namespace. Note that this does not permit the container any additional access to the host filesystem, it simply allows containers to have bind-mounts configured for paths the user can access but have restrictive access control settings for other users. + Add support for recursive mount attributes using mount_setattr(2). These have the same names as the proposed mount(8) options -- just prepend r to the option name (such as rro). + Add runc features subcommand to allow runc users to detect what features runc has been built with. This includes critical information such as supported mount flags, hook names, and so on. Note that the output of this command is subject to change and will not be considered stable until runc 1.2 at the earliest. The runtime-spec specification for this feature is being developed in opencontainers/runtime-spec#1130. * system: improve performance of /proc/$pid/stat parsing. * cgroup2: when /sys/fs/cgroup is configured as a read-write mount, change the ownership of certain cgroup control files (as per /sys/kernel/cgroup/delegate) to allow for proper deferral to the container process. * runc checkpoint/restore: fixed for containers with an external bind mount which destination is a symlink. * cgroup: improve openat2 handling for cgroup directory handle hardening. runc delete -f now succeeds (rather than timing out) on a paused container. * runc run/start/exec now refuses a frozen cgroup (paused container in case of exec). Users can disable this using --ignore-paused. - Update version data embedded in binary to correctly include the git commit of the release. - Drop runc-rpmlintrc because we don't have runc-test anymore. bsc#1193436 Package samba was updated: - Adjust systemd tmpfiles.d configuration, use /run/samba instead of /var/run/samba; (bsc#1134046); - CVE-2021-44142: Out-of-Bound Read/Write on Samba vfs_fruit module; (bsc#1194859); (bso#14914). Package sudo was updated: - Add support in the LDAP filter for negated users, patch taken from upstream (jsc#20068) * Adds sudo-feature-negated-LDAP-users.patch - Restrict use of sudo -U other -l to people who have permission to run commands as that user (bsc#1181703, jsc#SLE-22569) * feature-upstream-restrict-sudo-U-other-l.patch Package supportutils was updated: - Spec file adjusted for usr-merge- Changes to version 3.1.20 + Added command blkid #114 + Added s390x specific files and output #115 + Fix for invalid argument during updates (bsc#1193204) + Optimized conf_files, conf_files_text and log_cmd functions #118 + Fixed iscsi initiator name (bsc#1195797) + Added rpcinfo -p output #116 + Included /etc/sssd/conf.d configuration files #100 - Changes to version 3.1.19 + Made /proc directory and network names spaces configurable (bsc#1193868) - Changes to version 3.1.19 + Removed chronyc DNS lookups with -n switch (bsc#1193732) - Merged Include udev rules in /lib/udev/rules.d/ #113 - Merged Move localmessage/warm logs out of messages.txt to new localwarn.txt #87 - getappcore identifies compressed core files (bsc#1191794) - Installing to /usr/sbin instead of /sbin (bsc#1191096) - Added shared memory as a log directory for emergency use (bsc#1190943) - Fixed cron package for RPM validation (bsc#1190315) - Updated spec file with correct URL - Changes to version 3.1.18 + Added email.txt based on OPTION_EMAIL #108 (bsc#1189028) + Include 'multipath -t' output in mpio.txt #105 + Improved lsblk readability with --ascsi #106 + Removed duplicate commands in network.txt + Remove duplicate firewalld status output #109 Package supportutils-plugin-suse-public-cloud was updated: - Update to version 1.0.6 (bsc#1195095, bsc#1195096) + Include cloud-init logs whenever they are present + Update the packages we track in AWS, Azure, and Google + Include the ecs logs for AWS ECS instances Package suse-build-key was updated: - still ship the old ptf key (was not added to documentation by mistake). (bsc#1198504) - No longer install 1024bit keys by default. (bsc#1197293) - SLE11 key moved to documentation - old PTF (pre March 2022) moved to documentation only - extended expiry of SUSE PTF key, move it to suse_ptf_key_old.asc - added new SUSE PTF key with RSA2048 bit as suse_ptf_key.asc (bsc#1196494) - extended expiry of SUSE SLES11 key (bsc#1194845) - added SUSE Contaner signing key in PEM format for use e.g. by cosign. - SUSE security key replaced with 2022 edition (E-Mail usage only). (bsc#1196495) Package systemd was updated: - Import commit 5e7db68eb43ec3733c56e98262973431f57e2265 4f00efadc7 systemd-coredump: allow setting external core size to infinity (bsc#1195899 jsc#SLE-23868 jsc#SLE-23870) - Import commit c46bcb2df93c802f43e240ceb96eaf28027808a8 28e379cc21 systemctl: exit with 1 if no unit files found (bsc#1193841) * 60-io-scheduler.rules: add rules for virtual devices (boo#1193759) * 60-io-scheduler.rules: enforce &quot;/none&quot;/ for loop devices (boo#1193759) Package systemd-presets-branding-SLE was updated: Package systemd-presets-common-SUSE was updated: Package tar was updated: - tests-skip-time01-on-32bit-time_t.patch: Add patch to skip test 'tests/time01.at' on platforms with 32-bit time_t for now. - tar.spec: Reference it. (%check): Output the testsuite.log in case the testsuite failed. - The following issues have already been fixed in this package but weren't previously mentioned in the changes file: * bsc#1181131, CVE-2021-20193 * bsc#1120610 - GNU tar 1.34: * Fix extraction over pipe * Fix memory leak in read_header * Fix extraction when . and .. are unreadable * Gracefully handle duplicate symlinks when extracting * Re-initialize supplementary groups when switching to user privileges - GNU tar 1.33: * POSIX extended format headers do not include PID by default * --delay-directory-restore works for archives with reversed member ordering * Fix extraction of a symbolic link hardlinked to another symbolic link * Wildcards in exclude-vcs-ignore mode don't match slash * Fix the --no-overwrite-dir option * Fix handling of chained renames in incremental backups * Link counting works for file names supplied with -T * Accept only position-sensitive (file-selection) options in file list files - remove deprecated texinfo packaging macros - prepare usrmerge (boo#1029961) - Drop Requires(pre) info in the preamble: the main package does not contain any info files, and has not even a pre script. The - doc subpackage already has the correct deps. - No longer recommend -lang: supplements are in use. - update to version 1.32 * Fix the use of --checkpoint without explicit --checkpoint-action * Fix extraction with the -U option * Fix iconv usage on BSD-based systems * Fix possible NULL dereference (savannah bug #55369) [bsc#1130496] [CVE-2019-9923] * Improve the testsuite - remove tar-1.31-tests_dirrem.patch and tar-1.31-racy_compress_tests.patch that are no longer needed (applied usptream) - Remove libattr-devel from buildrequires, tar no longer uses it but finds xattr functions in libc. - update to version 1.31 * Fix heap-buffer-overrun with --one-top-level, bug introduced with the addition of that option in 1.28 * Support for zstd compression * New option '--zstd' instructs tar to use zstd as compression program. When listing, extractng and comparing, zstd compressed archives are recognized automatically. When '-a' option is in effect, zstd compression is selected if the destination archive name ends in '.zst' or '.tzst'. * The -K option interacts properly with member names given in the command line. Names of members to extract can be specified along with the &quot;/-K NAME&quot;/ option. In this case, tar will extract NAME and those of named members that appear in the archive after it, which is consistent with the semantics of the option. Previous versions of tar extracted NAME, those of named members that appeared before it, and everything after it. * Fix CVE-2018-20482 - When creating archives with the --sparse option, previous versions of tar would loop endlessly if a sparse file had been truncated while being archived. - remove the following patches (upstreamed) * tar-1.30-tests-difflink.patch * tar-1.30-tests_dirrem_race.patch - refresh add_readme-tests.patch - add tar-1.31-tests_dirrem.patch to fix expected output in dirrem tests - add tar-1.31-racy_compress_tests.patch to fix compression tests Package tcpdump was updated: - Security fix: [bsc#1195825, CVE-2018-16301] * Fix segfault when handling large files * Add tcpdump-CVE-2018-16301.patch Package timezone was updated: - timezone update 2022a (bsc#1177460): * Palestine will spring forward on 2022-03-27, not -03-26* * zdump -v now outputs better failure indications * Bug fixes for code that reads corrupted TZif data Package update-alternatives was updated: - break bash &lt;-&gt; update-alternatives cycle by coolo's rewrite of %post in lua [bsc#1195654] Package util-linux was updated: - Extend cache in uuid_generate_time_generic() (bsc#1194642#c51, util-linux-libuuid-extend-cache.patch). - Prevent root owning of /var/lib/libuuid/clock.txt (bsc#1194642, util-linux-uuidd-prevent-root-owning.patch). - Warn if uuidd lock state is not usable (bsc#1194642, util-linux-uuidd-check-lock-state.patch). - Fix &quot;/su -s&quot;/ bash completion (bsc#1172427, util-linux-bash-completion-su-chsh-l.patch). Package util-linux-systemd was updated: - Extend cache in uuid_generate_time_generic() (bsc#1194642#c51, util-linux-libuuid-extend-cache.patch). - Prevent root owning of /var/lib/libuuid/clock.txt (bsc#1194642, util-linux-uuidd-prevent-root-owning.patch). - Warn if uuidd lock state is not usable (bsc#1194642, util-linux-uuidd-check-lock-state.patch). - Fix &quot;/su -s&quot;/ bash completion (bsc#1172427, util-linux-bash-completion-su-chsh-l.patch). Package vim was updated: - Deleted patches: * restrict-shell-commands.patch * source-check-sandbox.patch * vim-8.0.1568-CVE-2021-3778.patch * vim-8.0.1568-CVE-2021-3796.patch * vim-8.0.1568-CVE-2021-3872.patch * vim-8.0.1568-CVE-2021-3927.patch * vim-8.0.1568-CVE-2021-3928.patch * vim-8.0.1568-CVE-2021-3984.patch * vim-8.0.1568-CVE-2021-4019.patch * vim-8.0.1568-CVE-2021-4193.patch * vim-8.0.1568-CVE-2021-46059.patch * vim-8.0.1568-CVE-2022-0319.patch * vim-8.0.1568-CVE-2022-0351.patch * vim-8.0.1568-CVE-2022-0361.patch * vim-8.0.1568-CVE-2022-0413.patch * vim-8.0.1568-globalvimrc.patch - Added patches: * vim-8.1.0297-dump3.patch * vim-8.2.2411-globalvimrc.patch * disable-unreliable-tests-arch.patch - Updated patches: * disable-unreliable-tests.patch * vim-7.3-filetype_changes.patch * vim-7.3-filetype_ftl.patch * vim-7.3-filetype_spec.patch * vim-7.3-gvimrc_fontset.patch * vim-7.3-help_tags.patch * vim-7.3-mktemp_tutor.patch * vim-7.3-name_vimrc.patch * vim-7.3-sh_is_bash.patch * vim-7.3-use_awk.patch * vim-7.4-disable_lang_no.patch * vim-7.4-filetype_apparmor.patch * vim-7.4-filetype_mine.patch * vim-7.4-highlight_fstab.patch * vim-8.0-ttytype-test.patch * vim-8.0.1568-defaults.patch * vim73-no-static-libpython.patch - Updated to version 8.2 with patch level 5038, fixes the following problems * Fixing bsc#1191770 VUL-0: CVE-2021-3875: vim: heap-based buffer overflow * Fixing bsc#1192167 VUL-0: CVE-2021-3903: vim: heap-based buffer overflow * Fixing bsc#1192902 VUL-0: CVE-2021-3968: vim: vim is vulnerable to Heap-based Buffer Overflow * Fixing bsc#1192903 VUL-0: CVE-2021-3973: vim: vim is vulnerable to Heap-based Buffer Overflow * Fixing bsc#1192904 VUL-0: CVE-2021-3974: vim: vim is vulnerable to Use After Free * Fixing bsc#1193466 VUL-1: CVE-2021-4069: vim: use-after-free in ex_open() in src/ex_docmd.c * Fixing bsc#1193905 VUL-0: CVE-2021-4136: vim: vim is vulnerable to Heap-based Buffer Overflow * Fixing bsc#1194093 VUL-1: CVE-2021-4166: vim: vim is vulnerable to Out-of-bounds Read * Fixing bsc#1194216 VUL-1: CVE-2021-4193: vim: vulnerable to Out-of-bounds Read * Fixing bsc#1194217 VUL-0: CVE-2021-4192: vim: vulnerable to Use After Free * Fixing bsc#1194872 VUL-0: CVE-2022-0261: vim: Heap-based Buffer Overflow in vim prior to 8.2. * Fixing bsc#1194885 VUL-0: CVE-2022-0213: vim: vim is vulnerable to Heap-based Buffer Overflow * Fixing bsc#1195004 VUL-0: CVE-2022-0318: vim: Heap-based Buffer Overflow in vim prior to 8.2. * Fixing bsc#1195203 VUL-0: CVE-2022-0359: vim: heap-based buffer overflow in init_ccline() in ex_getln.c * Fixing bsc#1195354 VUL-0: CVE-2022-0407: vim: Heap-based Buffer Overflow in Conda vim prior to 8.2. * Fixing bsc#1198596 VUL-0: CVE-2022-1381: vim: global heap buffer overflow in skip_range * Fixing bsc#1199331 VUL-0: CVE-2022-1616: vim: Use after free in append_command * Fixing bsc#1199333 VUL-0: CVE-2022-1619: vim: Heap-based Buffer Overflow in function cmdline_erase_chars * Fixing bsc#1199334 VUL-0: CVE-2022-1620: vim: NULL Pointer Dereference in function vim_regexec_string * Fixing bsc#1199747 VUL-0: CVE-2022-1796: vim: Use After in find_pattern_in_path * Fixing bsc#1200010 VUL-0: CVE-2022-1897: vim: Out-of-bounds Write in vim * Fixing bsc#1200011 VUL-0: CVE-2022-1898: vim: Use After Free in vim prior to 8.2 * Fixing bsc#1200012 VUL-0: CVE-2022-1927: vim: Buffer Over-read in vim prior to 8.2 * Fixing bsc#1070955 VUL-1: CVE-2017-17087: vim: Sets the group ownership of a .swp file to the editor's primary group, which allows local users to obtain sensitive information * Fixing bsc#1194388 VUL-1: CVE-2022-0128: vim: vim is vulnerable to Out-of-bounds Read * Fixing bsc#1195332 VUL-1: CVE-2022-0392: vim: Heap-based Buffer Overflow in vim prior to 8.2 * Fixing bsc#1196361 VUL-1: CVE-2022-0696: vim: NULL Pointer Dereference in vim prior to 8.2 * Fixing bsc#1198748 VUL-1: CVE-2022-1420: vim: Out-of-range Pointer Offset * Fixing bsc#1199651 VUL-1: CVE-2022-1735: vim: heap buffer overflow * Fixing bsc#1199655 VUL-1: CVE-2022-1733: vim: Heap-based Buffer Overflow in cindent.c * Fixing bsc#1199693 VUL-1: CVE-2022-1771: vim: stack exhaustion in vim prior to 8.2. * Fixing bsc#1199745 VUL-1: CVE-2022-1785: vim: Out-of-bounds Write * Fixing bsc#1199936 VUL-1: CVE-2022-1851: vim: out of bounds read - Minimal fix for Bug 1195004 - (CVE-2022-0318) VUL-0: CVE-2022-0318: vim: Heap-based Buffer Overflow in vim prior to 8.2. / vim-8.0.1568-CVE-2022-0413.patch - Fixing bsc#1190570 CVE-2021-3796: vim: use-after-free in nv_replace() in normal.c / vim-8.0.1568-CVE-2021-3796.patch - Fixing bsc#1191893 CVE-2021-3872: vim: heap-based buffer overflow in win_redr_status() drawscreen.c / vim-8.0.1568-CVE-2021-3872.patch - Fixing bsc#1192481 CVE-2021-3927: vim: vim is vulnerable to Heap-based Buffer Overflow / vim-8.0.1568-CVE-2021-3927.patch - Fixing bsc#1192478 CVE-2021-3928: vim: vim is vulnerable to Stack-based Buffer Overflow / vim-8.0.1568-CVE-2021-3928.patch - Fixing bsc#1193294 CVE-2021-4019: vim: vim is vulnerable to Heap-based Buffer Overflow / vim-8.0.1568-CVE-2021-4019.patch - Fixing bsc#1193298 CVE-2021-3984: vim: illegal memory access when C-indenting could lead to Heap Buffer Overflow / vim-8.0.1568-CVE-2021-3984.patch - Fixing bsc#1190533 CVE-2021-3778: vim: Heap-based Buffer Overflow in regexp_nfa.c / vim-8.0.1568-CVE-2021-3778.patch - Fixing bsc#1194216 CVE-2021-4193: vim: vulnerable to Out-of-bounds Read / vim-8.0.1568-CVE-2021-4193.patch - Fixing bsc#1194556 CVE-2021-46059: vim: A Pointer Dereference vulnerability exists in Vim 8.2.3883 via the vim_regexec_multi function at regexp.c, which causes a denial of service. / vim-8.0.1568-CVE-2021-46059.patch - Fixing bsc#1195066 CVE-2022-0319: vim: Out-of-bounds Read in vim/vim prior to 8.2. / vim-8.0.1568-CVE-2022-0319.patch - Fixing bsc#1195126 CVE-2022-0351: vim: uncontrolled recursion in eval7() / vim-8.0.1568-CVE-2022-0351.patch - Fixing bsc#1195202 CVE-2022-0361: vim: Heap-based Buffer Overflow in vim prior to 8.2. / vim-8.0.1568-CVE-2022-0361.patch - Fixing bsc#1195356 CVE-2022-0413: vim: use after free in src/ex_cmds.c / vim-8.0.1568-CVE-2022-0413.patch Package wicked was updated: - fsm: fix device rename via yast (bsc#1194392) Reset worker config instead to reject a NULL/empty config xml node -- introduced in wicked 0.6.67 by commit c2a0385. [+ 0001-fsm-fix-device-rename-via-yast-bsc-1194392.patch] - version 0.6.68 - sysctl: process sysctl.d directories as in sysctl --system - sysctl: fix sysctl values for loopback device (bsc#1181163, bsc#1178357) - dhcp4: add option to set route pref-src to dhcp IP (bsc#1192353) - cleanup: warnings, time calculations and dhcp fixes (bsc#1188019) - wireless: reconnect on unexpected wpa_supplicant restart (bsc#1183495) - tuntap: avoid sysfs attr read error (bsc#1192311) - ifstatus: fix warning of unexpected interface flag combination (bsc#1192164) - dbus: config files in /usr shouldn't be marked as config in spec - version 0.6.67 - dbus: install bus config in /usr (bsc#1183407,jsc#SLE-9750) - logging: log reaped sub-process command and as debug, not error - ifstatus: Don't show link as &quot;/up&quot;/ without RUNNING flag set - firewalld: Make the zone assignment permanent (boo#1189560) - fsm: cleanup and improve ifconfig and ifpolicy access utils - dbus: cleanup the dbus-service.h file and unused property makros - cleanup: applied code-spell run typo corrections - dracut: initial fixes and improved option handling (boo#1182227) - version 0.6.66 - wireless: migrate to wpa-supplicant v1 DBus interface (bsc#1156920) - support multiple networks configurations per interface - show connection status and scan-results (bsc#1160654) - corrected eap-tls,ttls cetificate handling and open vs. shared wep,open,psk,eap-tls,ttls,peap parsing from ifcfg (bsc#1057592) - cleanups and several other improvements, see changes - updated man ifcfg-wireless manual pages - nanny: fix identify node owner exit condition - schema: several xml-schema and dbus/property improvements - utils: format/parse bitmap to array and string alternatives - client: expose ethtool --get-permanent-address option - removed sle15-sp3 patches included in the master sources (bsc#1181812) [- 0001-dhcp4-discover-on-reboot-timeout-after-start-delay.1181812.patch] [- 0002-dhcp6-request-nis-options-on-sle15-by-default.1181812.patch] - dhcp4: discover on reboot timeout after start-delay (bsc#1181812) [+ 0001-dhcp4-discover-on-reboot-timeout-after-start-delay.1181812.patch] - dhcp6: request nis options on sle15 by default (bsc#1181812) [+ 0002-dhcp6-request-nis-options-on-sle15-by-default.1181812.patch] - version 0.6.65 - ifconfig: differentiate if to re-trigger dad on address updates (bsc#1177215) - client: parse sysctl files in the correct order (bsc#1181186) - ifup: fix for set up with unenslave from unconfigured master (boo#954329) - rpm: prepare for new builds using usrmerged rpm macro (boo#1029961) - rpm: Let wicked-service also provide service(network) - cleanup: remove obsolete use-nanny=false (gh#openSUSE/wicked#815) - dbus: add variant container, generic object-path and uint32 array macros Package xen was updated: - bsc#1199966 - VUL-0: EMBARGOED: CVE-2022-26363,CVE-2022-26364: xen: Insufficient care with non-coherent mappings fix xsa402-5.patch - bsc#1199965 - VUL-0: CVE-2022-26362: xen: Race condition in typeref acquisition (XSA-401) xsa401-1.patch xsa401-2.patch - bsc#1199966 - VUL-0: CVE-2022-26363,CVE-2022-26364: xen: Insufficient care with non-coherent mappings (XSA-402) xsa402-1.patch xsa402-2.patch xsa402-3.patch xsa402-4.patch xsa402-5.patch - bsc#1197426 - VUL-0: CVE-2022-26358,CVE-2022-26359, CVE-2022-26360,CVE-2022-26361: xen: IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues (XSA-400) 624ebcef-VT-d-dont-needlessly-look-up-DID.patch 624ebd3b-VT-d-avoid-NULL-deref-on-dcmo-error-paths.patch 624ebd74-VT-d-avoid-infinite-recursion-on-dcmo-error-path.patch - bsc#1197423 - VUL-0: CVE-2022-26356: xen: Racy interactions between dirty vram tracking and paging log dirty hypercalls (XSA-397) xsa397.patch - bsc#1197425 - VUL-0: CVE-2022-26357: xen: race in VT-d domain ID cleanup (XSA-399) xsa399.patch - bsc#1197426 - VUL-0: CVE-2022-26358,CVE-2022-26359, CVE-2022-26360,CVE-2022-26361: xen: IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues (XSA-400) xsa400-00.patch xsa400-01.patch xsa400-02.patch xsa400-03.patch xsa400-04.patch xsa400-05.patch xsa400-06.patch xsa400-07.patch xsa400-08.patch xsa400-09.patch xsa400-10.patch xsa400-11.patch - bsc#1196915 - VUL-0: CVE-2022-0001, CVE-2022-0002,CVE-2021-26401: xen: BHB speculation issues (XSA-398) xsa398-1.patch xsa398-2.patch xsa398-3.patch xsa398-4.patch xsa398-5.patch xsa398-6.patch - bsc#1194576 - VUL-0: CVE-2022-23033: xen: arm: guest_physmap_remove_page not removing the p2m mappings (XSA-393) xsa393.patch - bsc#1194581 - VUL-0: CVE-2022-23034: xen: a PV guest could DoS Xen while unmapping a grant (XSA-394) xsa394.patch - bsc#1194588 - VUL-0: CVE-2022-23035: xen: insufficient cleanup of passed-through device IRQs (XSA-395) xsa395.patch - bsc#1191668 - L3: issue around xl and virsh operation - virsh list not giving any output (see also bsc#1194267) libxl-dont-try-to-free-a-NULL-list-of-vcpus.patch libxl-dont-touch-nr_vcpus_out-if-listing-vcpus-and-returning-NULL.patch - Collect active VM config files in the supportconfig plugin xen-supportconfig - bsc#1191510 - [UEFI]15sp4 uefi fv guest on 12sp5 host unable to bootup with sriov pci device plugin 5e15e174-libxl-dont-needlessly-report-highmem-in-use.patch - Upstream bug fixes (bsc#1027519) 616d66bd-x86-HVM-cleanup-after-failed-viridian_vcpu_init.patch 616e7cfe-x86-paging-restrict-paddr-width-reported.patch 619b7ac9-harden-assign_pages.patch 619b8cb0-x86-PoD-misaligned-GFNs.patch 619b8cb1-x86-PoD-intermediate-page-orders.patch 619b8cb2-x86-P2M-set-partial-success.patch - Drop xsa patches in favor of upstream versions xsa385.patch xsa388-1.patch xsa388-2.patch xsa389.patch Package xz was updated: - Fix ZDI-CAN-16587 Fix escaping of malicious filenames (ZDI-CAN-16587 bsc#1198062 CVE-2022-1271) * bsc1198062.patch Package yaml-cpp was updated: - Fix CVE-2018-20573 The Scanner:EnsureTokensInQueue function in yaml-cpp allows remote attackers to cause DOS via a crafted YAML file (CVE-2018-20573, bsc#1121227) - Fix CVE-2018-20574 The SingleDocParser:HandleFlowMap function in yaml-cpp allows remote attackers to cause DOS via a crafted YAML file (CVE-2018-20574, bsc#1121230) - Fix CVE-2019-6285 The SingleDocParser::HandleFlowSequence function in cpp allows remote attackers to cause DOS via a crafted YAML file (CVE-2019-6285, bsc#1122004) - Fix CVE-2019-6292 An issue was discovered in singledocparser.cpp in yaml-cpp which cause DOS by stack consumption (CVE-2019-6292, bsc#1122021) - Added patch cve-2018-20574.patch Package zlib was updated: - CVE-2018-25032: Fix memory corruption on deflate, bsc#1197459 * bsc1197459.patch Package zypper was updated: - info: print the packages upstream URL if available (fixes #426)- info: Fix SEGV with not installed PTFs (bsc#1196317) - Don't prevent less restrictive umasks (bsc#1195999) - version 1.14.52 - Singletrans: handle fatal and non-fatal script errors properly. - Add SingleTransReportReceiver. - Immediately write out additional rpm output. - BuildRequires: libzypp-devel &gt;= 17.29.0. Need SingleTransReport and immediate rpm script output reports. - version 1.14.51 The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://publiccloudimagechangeinfo.suse.com/google/sles-15-sp2-chost-byos-v20220718-x86-64/ Public Cloud Image Info https://www.suse.com/support/security/rating/ SUSE Security Ratings Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64 aaa_base-84.87+git20180409.04c9dae-3.57.1 bind-utils-9.16.6-150000.12.60.1 boost-license1_66_0-1.66.0-12.3.1 cifs-utils-6.9-150100.5.15.1 containerd-1.6.6-150000.73.2 containerd-ctr-1.6.6-150000.73.2 coreutils-8.29-4.3.1 cups-config-2.2.7-150000.3.32.1 curl-7.66.0-150200.4.36.1 docker-20.10.17_ce-150000.166.1 dracut-049.1+suse.234.g902e489c-150200.3.57.1 e2fsprogs-1.43.8-150000.4.33.1 filesystem-15.0-11.8.1 glibc-2.26-13.65.1 glibc-locale-2.26-13.65.1 glibc-locale-base-2.26-13.65.1 google-guest-agent-20220204.0-150000.1.26.1 google-guest-configs-20220211.0-150000.1.19.1 google-guest-oslogin-20220205.0-150000.1.27.1 google-osconfig-agent-20220209.0-150000.1.17.1 grep-3.1-150000.4.6.1 grub2-2.04-150200.9.63.2 grub2-i386-pc-2.04-150200.9.63.2 grub2-x86_64-efi-2.04-150200.9.63.2 gzip-1.1-150200.10.1 kernel-default-5.3.18-150200.24.120.1 libaugeas0-1.10.1-150000.3.12.1 libavahi-client3-0.7-3.18.1 libavahi-common3-0.7-3.18.1 libbind9-1600-9.16.6-150000.12.60.1 libblkid1-2.33.2-150100.4.21.1 libboost_system1_66_0-1.66.0-12.3.1 libboost_thread1_66_0-1.66.0-12.3.1 libcom_err2-1.43.8-150000.4.33.1 libcups2-2.2.7-150000.3.32.1 libcurl4-7.66.0-150200.4.36.1 libdcerpc-binding0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libdcerpc0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libdevmapper1_03-1.02.163-8.42.1 libdns1605-9.16.6-150000.12.60.1 libexpat1-2.2.5-3.19.1 libext2fs2-1.43.8-150000.4.33.1 libfdisk1-2.33.2-150100.4.21.1 libfreebl3-3.68.3-150000.3.67.1 libgcc_s1-11.3.0+git1637-150000.1.9.1 libglib-2_0-0-2.62.6-150200.3.9.1 libgnutls30-3.6.7-14.16.1 libirs1601-9.16.6-150000.12.60.1 libisc1606-9.16.6-150000.12.60.1 libisccc1600-9.16.6-150000.12.60.1 libisccfg1600-9.16.6-150000.12.60.1 libldap-2_4-2-2.4.46-150200.14.8.1 libldap-data-2.4.46-150200.14.8.1 liblzma5-5.2.3-150000.4.7.1 libmount1-2.33.2-150100.4.21.1 libndr-krb5pac0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr-nbt0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr-standard0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libnetapi0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libns1604-9.16.6-150000.12.60.1 libopenssl1_1-1.1.1d-150200.11.51.1 libp11-kit0-0.23.2-150000.4.16.1 libpcre1-8.45-150000.20.13.1 libpcre2-8-0-10.31-150000.3.7.1 libprocps7-3.3.15-7.22.1 libprotobuf-lite20-3.9.2-4.12.1 libpsl5-0.20.1-150000.3.3.1 libpython3_6m1_0-3.6.15-150000.3.106.1 libruby2_5-2_5-2.5.9-150000.4.23.1 libsamba-credentials0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-errors0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-hostconfig0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-passdb0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-util0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamdb0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsasl2-3-2.1.26-5.10.1 libsmartcols1-2.33.2-150100.4.21.1 libsmbconf0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsmbldap2-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsolv-tools-0.7.22-150200.12.1 libstdc++6-11.3.0+git1637-150000.1.9.1 libsystemd0-234-24.108.1 libtevent-util0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libtirpc-netconfig-1.0.2-3.11.1 libtirpc3-1.0.2-3.11.1 libudev1-234-24.108.1 libuuid1-2.33.2-150100.4.21.1 libwbclient0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libxml2-2-2.9.7-150000.3.46.1 libyaml-cpp0_6-0.6.1-4.5.1 libz1-1.2.11-150000.3.30.1 libzypp-17.30.0-150200.36.1 nfs-client-2.1.1-150100.10.24.1 openssh-8.1p1-150200.5.28.1 openssl-1_1-1.1.1d-150200.11.51.1 p11-kit-0.23.2-150000.4.16.1 p11-kit-tools-0.23.2-150000.4.16.1 pam-1.3.0-150000.6.58.3 perl-5.26.1-150000.7.15.1 perl-base-5.26.1-150000.7.15.1 procps-3.3.15-7.22.1 python3-3.6.15-150000.3.106.1 python3-base-3.6.15-150000.3.106.1 python3-bind-9.16.6-150000.12.60.1 python3-six-1.14.0-12.1 rsyslog-8.2106.0-150200.4.29.1 ruby2.5-2.5.9-150000.4.23.1 ruby2.5-stdlib-2.5.9-150000.4.23.1 runc-1.1.3-150000.30.1 samba-libs-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-libs-python3-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 sudo-1.8.27-4.24.1 supportutils-3.1.20-150000.5.39.1 supportutils-plugin-suse-public-cloud-1.0.6-3.9.1 suse-build-key-12.0-150000.8.25.1 systemd-234-24.108.1 systemd-presets-branding-SLE-15.1-150100.20.11.1 systemd-presets-common-SUSE-15-150100.8.12.1 systemd-sysvinit-234-24.108.1 tar-1.34-150000.3.12.1 tcpdump-4.9.2-3.18.1 timezone-2022a-150000.75.7.1 udev-234-24.108.1 update-alternatives-1.19.0.4-4.3.1 util-linux-2.33.2-150100.4.21.1 util-linux-systemd-2.33.2-150100.4.21.1 vim-8.2.5038-150000.5.21.1 vim-data-common-8.2.5038-150000.5.21.1 wicked-0.6.68-3.8.1 wicked-service-0.6.68-3.8.1 xen-libs-4.13.4_10-150200.3.55.1 xz-5.2.3-150000.4.7.1 zypper-1.14.52-150200.30.2 aaa_base-84.87+git20180409.04c9dae-3.57.1 as a component of Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64 bind-utils-9.16.6-150000.12.60.1 as a component of Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64 boost-license1_66_0-1.66.0-12.3.1 as a component of Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64 cifs-utils-6.9-150100.5.15.1 as a component of Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64 containerd-1.6.6-150000.73.2 as a component of Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64 containerd-ctr-1.6.6-150000.73.2 as a component of Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64 coreutils-8.29-4.3.1 as a component of Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64 cups-config-2.2.7-150000.3.32.1 as a component of Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64 curl-7.66.0-150200.4.36.1 as a component of Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64 docker-20.10.17_ce-150000.166.1 as a component of Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64 dracut-049.1+suse.234.g902e489c-150200.3.57.1 as a component of Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64 e2fsprogs-1.43.8-150000.4.33.1 as a component of Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64 filesystem-15.0-11.8.1 as a component of Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64 glibc-2.26-13.65.1 as a component of Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64 glibc-locale-2.26-13.65.1 as a component of Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64 glibc-locale-base-2.26-13.65.1 as a component of Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64 google-guest-agent-20220204.0-150000.1.26.1 as a component of Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64 google-guest-configs-20220211.0-150000.1.19.1 as a component of Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64 google-guest-oslogin-20220205.0-150000.1.27.1 as a component of Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64 google-osconfig-agent-20220209.0-150000.1.17.1 as a component of Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64 grep-3.1-150000.4.6.1 as a component of Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64 grub2-2.04-150200.9.63.2 as a component of Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64 grub2-i386-pc-2.04-150200.9.63.2 as a component of Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64 grub2-x86_64-efi-2.04-150200.9.63.2 as a component of Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64 gzip-1.1-150200.10.1 as a component of Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64 kernel-default-5.3.18-150200.24.120.1 as a component of Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64 libaugeas0-1.10.1-150000.3.12.1 as a component of Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64 libavahi-client3-0.7-3.18.1 as a component of Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64 libavahi-common3-0.7-3.18.1 as a component of Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64 libbind9-1600-9.16.6-150000.12.60.1 as a component of Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64 libblkid1-2.33.2-150100.4.21.1 as a component of Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64 libboost_system1_66_0-1.66.0-12.3.1 as a component of Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64 libboost_thread1_66_0-1.66.0-12.3.1 as a component of Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64 libcom_err2-1.43.8-150000.4.33.1 as a component of Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64 libcups2-2.2.7-150000.3.32.1 as a component of Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64 libcurl4-7.66.0-150200.4.36.1 as a component of Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64 libdcerpc-binding0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 as a component of Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64 libdcerpc0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 as a component of Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64 libdevmapper1_03-1.02.163-8.42.1 as a component of Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64 libdns1605-9.16.6-150000.12.60.1 as a component of Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64 libexpat1-2.2.5-3.19.1 as a component of Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64 libext2fs2-1.43.8-150000.4.33.1 as a component of Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64 libfdisk1-2.33.2-150100.4.21.1 as a component of Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64 libfreebl3-3.68.3-150000.3.67.1 as a component of Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64 libgcc_s1-11.3.0+git1637-150000.1.9.1 as a component of Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64 libglib-2_0-0-2.62.6-150200.3.9.1 as a component of Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64 libgnutls30-3.6.7-14.16.1 as a component of Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64 libirs1601-9.16.6-150000.12.60.1 as a component of Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64 libisc1606-9.16.6-150000.12.60.1 as a component of Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64 libisccc1600-9.16.6-150000.12.60.1 as a component of Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64 libisccfg1600-9.16.6-150000.12.60.1 as a component of Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64 libldap-2_4-2-2.4.46-150200.14.8.1 as a component of Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64 libldap-data-2.4.46-150200.14.8.1 as a component of Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64 liblzma5-5.2.3-150000.4.7.1 as a component of Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64 libmount1-2.33.2-150100.4.21.1 as a component of Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64 libndr-krb5pac0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 as a component of Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64 libndr-nbt0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 as a component of Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64 libndr-standard0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 as a component of Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64 libndr0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 as a component of Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64 libnetapi0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 as a component of Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64 libns1604-9.16.6-150000.12.60.1 as a component of Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64 libopenssl1_1-1.1.1d-150200.11.51.1 as a component of Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64 libp11-kit0-0.23.2-150000.4.16.1 as a component of Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64 libpcre1-8.45-150000.20.13.1 as a component of Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64 libpcre2-8-0-10.31-150000.3.7.1 as a component of Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64 libprocps7-3.3.15-7.22.1 as a component of Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64 libprotobuf-lite20-3.9.2-4.12.1 as a component of Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64 libpsl5-0.20.1-150000.3.3.1 as a component of Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64 libpython3_6m1_0-3.6.15-150000.3.106.1 as a component of Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64 libruby2_5-2_5-2.5.9-150000.4.23.1 as a component of Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64 libsamba-credentials0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 as a component of Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64 libsamba-errors0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 as a component of Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64 libsamba-hostconfig0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 as a component of Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64 libsamba-passdb0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 as a component of Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64 libsamba-util0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 as a component of Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64 libsamdb0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 as a component of Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64 libsasl2-3-2.1.26-5.10.1 as a component of Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64 libsmartcols1-2.33.2-150100.4.21.1 as a component of Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64 libsmbconf0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 as a component of Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64 libsmbldap2-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 as a component of Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64 libsolv-tools-0.7.22-150200.12.1 as a component of Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64 libstdc++6-11.3.0+git1637-150000.1.9.1 as a component of Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64 libsystemd0-234-24.108.1 as a component of Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64 libtevent-util0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 as a component of Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64 libtirpc-netconfig-1.0.2-3.11.1 as a component of Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64 libtirpc3-1.0.2-3.11.1 as a component of Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64 libudev1-234-24.108.1 as a component of Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64 libuuid1-2.33.2-150100.4.21.1 as a component of Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64 libwbclient0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 as a component of Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64 libxml2-2-2.9.7-150000.3.46.1 as a component of Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64 libyaml-cpp0_6-0.6.1-4.5.1 as a component of Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64 libz1-1.2.11-150000.3.30.1 as a component of Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64 libzypp-17.30.0-150200.36.1 as a component of Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64 nfs-client-2.1.1-150100.10.24.1 as a component of Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64 openssh-8.1p1-150200.5.28.1 as a component of Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64 openssl-1_1-1.1.1d-150200.11.51.1 as a component of Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64 p11-kit-0.23.2-150000.4.16.1 as a component of Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64 p11-kit-tools-0.23.2-150000.4.16.1 as a component of Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64 pam-1.3.0-150000.6.58.3 as a component of Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64 perl-5.26.1-150000.7.15.1 as a component of Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64 perl-base-5.26.1-150000.7.15.1 as a component of Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64 procps-3.3.15-7.22.1 as a component of Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64 python3-3.6.15-150000.3.106.1 as a component of Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64 python3-base-3.6.15-150000.3.106.1 as a component of Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64 python3-bind-9.16.6-150000.12.60.1 as a component of Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64 python3-six-1.14.0-12.1 as a component of Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64 rsyslog-8.2106.0-150200.4.29.1 as a component of Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64 ruby2.5-2.5.9-150000.4.23.1 as a component of Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64 ruby2.5-stdlib-2.5.9-150000.4.23.1 as a component of Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64 runc-1.1.3-150000.30.1 as a component of Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64 samba-libs-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 as a component of Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64 samba-libs-python3-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 as a component of Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64 sudo-1.8.27-4.24.1 as a component of Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64 supportutils-3.1.20-150000.5.39.1 as a component of Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64 supportutils-plugin-suse-public-cloud-1.0.6-3.9.1 as a component of Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64 suse-build-key-12.0-150000.8.25.1 as a component of Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64 systemd-234-24.108.1 as a component of Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64 systemd-presets-branding-SLE-15.1-150100.20.11.1 as a component of Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64 systemd-presets-common-SUSE-15-150100.8.12.1 as a component of Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64 systemd-sysvinit-234-24.108.1 as a component of Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64 tar-1.34-150000.3.12.1 as a component of Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64 tcpdump-4.9.2-3.18.1 as a component of Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64 timezone-2022a-150000.75.7.1 as a component of Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64 udev-234-24.108.1 as a component of Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64 update-alternatives-1.19.0.4-4.3.1 as a component of Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64 util-linux-2.33.2-150100.4.21.1 as a component of Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64 util-linux-systemd-2.33.2-150100.4.21.1 as a component of Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64 vim-8.2.5038-150000.5.21.1 as a component of Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64 vim-data-common-8.2.5038-150000.5.21.1 as a component of Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64 wicked-0.6.68-3.8.1 as a component of Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64 wicked-service-0.6.68-3.8.1 as a component of Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64 xen-libs-4.13.4_10-150200.3.55.1 as a component of Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64 xz-5.2.3-150000.4.7.1 as a component of Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64 zypper-1.14.52-150200.30.2 as a component of Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64 In Python (aka CPython) up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shell commands into applications that call mailcap.findmatch with untrusted input (if they lack validation of user-provided filenames or arguments). The fix is also back-ported to 3.7, 3.8, 3.9 CVE-2015-20107 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:python3-3.6.15-150000.3.106.1 important 8 AV:N/AC:L/Au:S/C:P/I:C/A:P The pop_fail_stack function in the GNU C Library (aka glibc or libc6) allows context-dependent attackers to cause a denial of service (assertion failure and application crash) via vectors related to extended regular expression processing. CVE-2015-8985 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:glibc-2.26-13.65.1 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:glibc-locale-2.26-13.65.1 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:glibc-locale-base-2.26-13.65.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P fileio.c in Vim prior to 8.0.1263 sets the group ownership of a .swp file to the editor's primary group (which may be different from the group ownership of the original file), which allows local users to obtain sensitive information by leveraging an applicable group membership, as demonstrated by /etc/shadow owned by root:shadow mode 0640, but /etc/.shadow.swp owned by root:users mode 0640, a different vulnerability than CVE-2017-1000382. CVE-2017-17087 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:vim-8.2.5038-150000.5.21.1 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:vim-data-common-8.2.5038-150000.5.21.1 low 2.1 AV:L/AC:L/Au:N/C:P/I:N/A:N The command-line argument parser in tcpdump before 4.99.0 has a buffer overflow in tcpdump.c:read_infile(). To trigger this vulnerability the attacker needs to create a 4GB file on the local filesystem and to specify the file name as the value of the -F command-line argument of tcpdump. CVE-2018-16301 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:tcpdump-4.9.2-3.18.1 important 4.4 AV:L/AC:M/Au:N/C:P/I:P/A:P GNU Tar through 1.30, when --sparse is used, mishandles file shrinkage during read access, which allows local users to cause a denial of service (infinite read loop in sparse_dump_region in sparse.c) by modifying a file that is supposed to be archived by a different user's process (e.g., a system backup running as root). CVE-2018-20482 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:tar-1.34-150000.3.12.1 moderate 1.9 AV:L/AC:M/Au:N/C:N/I:N/A:P The Scanner::EnsureTokensInQueue function in yaml-cpp (aka LibYaml-C++) 0.6.2 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted YAML file. CVE-2018-20573 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:libyaml-cpp0_6-0.6.1-4.5.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P The SingleDocParser::HandleFlowMap function in yaml-cpp (aka LibYaml-C++) 0.6.2 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted YAML file. CVE-2018-20574 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:libyaml-cpp0_6-0.6.1-4.5.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches. CVE-2018-25032 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:libz1-1.2.11-150000.3.30.1 important 5 AV:N/AC:L/Au:N/C:N/I:N/A:P In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and unmounting can lead to a use-after-free in btrfs_queue_work in fs/btrfs/async-thread.c. CVE-2019-19377 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:kernel-default-5.3.18-150200.24.120.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P The SingleDocParser::HandleFlowSequence function in yaml-cpp (aka LibYaml-C++) 0.6.2 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted YAML file. CVE-2019-6285 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:libyaml-cpp0_6-0.6.1-4.5.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P An issue was discovered in singledocparser.cpp in yaml-cpp (aka LibYaml-C++) 0.6.2. Stack Exhaustion occurs in YAML::SingleDocParser, and there is a stack consumption problem caused by recursive stack frames: HandleCompactMap, HandleMap, HandleFlowSequence, HandleSequence, HandleNode. Remote attackers could leverage this vulnerability to cause a denial-of-service via a cpp file. CVE-2019-6292 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:libyaml-cpp0_6-0.6.1-4.5.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P pax_decode_header in sparse.c in GNU Tar before 1.32 had a NULL pointer dereference when parsing certain archives that have malformed extended headers. CVE-2019-9923 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:tar-1.34-150000.3.12.1 low 5 AV:N/AC:L/Au:N/C:N/I:N/A:P The Linux kernel through 5.8.13 does not properly enforce the Secure Boot Forbidden Signature Database (aka dbx) protection mechanism. This affects certs/blacklist.c and certs/system_keyring.c. CVE-2020-26541 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:kernel-default-5.3.18-150200.24.120.1 moderate 6.9 AV:L/AC:M/Au:N/C:C/I:C/A:C An issue was discovered in p11-kit 0.21.1 through 0.23.21. A heap-based buffer over-read has been discovered in the RPC protocol used by thep11-kit server/remote commands and the client library. When the remote entity supplies a byte array through a serialized PKCS#11 function call, the receiving entity may allow the reading of up to 4 bytes of memory past the heap allocation. CVE-2020-29362 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:libp11-kit0-0.23.2-150000.4.16.1 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:p11-kit-0.23.2-150000.4.16.1 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:p11-kit-tools-0.23.2-150000.4.16.1 moderate 5 AV:N/AC:L/Au:N/C:P/I:N/A:N Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking. CVE-2020-8492 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:python3-3.6.15-150000.3.106.1 moderate 7.1 AV:N/AC:M/Au:N/C:N/I:N/A:C In unix_scm_to_skb of af_unix.c, there is a possible use after free bug due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-196926917References: Upstream kernel CVE-2021-0920 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:kernel-default-5.3.18-150200.24.120.1 important 6.9 AV:L/AC:M/Au:N/C:C/I:C/A:C A flaw was found in the src/list.c of tar 1.33 and earlier. This flaw allows an attacker who can submit a crafted input file to tar to cause uncontrolled consumption of memory. The highest threat from this vulnerability is to system availability. CVE-2021-20193 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:tar-1.34-150000.3.12.1 low 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P There is a flaw reported in the Linux kernel in versions before 5.9 in drivers/gpu/drm/nouveau/nouveau_sgdma.c in nouveau_sgdma_create_ttm in Nouveau DRM subsystem. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker with a local account with a root privilege, can leverage this vulnerability to escalate privileges and execute code in the context of the kernel. CVE-2021-20292 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:kernel-default-5.3.18-150200.24.120.1 moderate 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C A race condition accessing file object in the Linux kernel OverlayFS subsystem was found in the way users do rename in specific way with OverlayFS. A local user could use this flaw to crash the system. CVE-2021-20321 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:kernel-default-5.3.18-150200.24.120.1 moderate 4.7 AV:L/AC:M/Au:N/C:N/I:N/A:C Nullptr dereference when a null char is present in a proto symbol. The symbol is parsed incorrectly, leading to an unchecked call into the proto file's name during generation of the resulting error message. Since the symbol is incorrectly parsed, the file is nullptr. We recommend upgrading to version 3.15.0 or greater. CVE-2021-22570 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:libprotobuf-lite20-3.9.2-4.12.1 moderate 2.1 AV:L/AC:L/Au:N/C:N/I:N/A:P A double free bug in packet_set_ring() in net/packet/af_packet.c can be exploited by a local user through crafted syscalls to escalate privileges or deny service. We recommend upgrading kernel past the effected versions or rebuilding past ec6af094ea28f0f2dda1a6a33b14cd57e36a9755 CVE-2021-22600 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:kernel-default-5.3.18-150200.24.120.1 important 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C A race condition in Linux kernel SCTP sockets (net/sctp/socket.c) before 5.12-rc8 can lead to kernel privilege escalation from the context of a network service or an unprivileged process. If sctp_destroy_sock is called without sock_net(sk)->sctp.addr_wq_lock then an element is removed from the auto_asconf_splist list without any proper locking. This can be exploited by an attacker with network service privileges to escalate to root or from the context of an unprivileged user directly if a BPF_CGROUP_INET_SOCK_CREATE is attached which denies creation of some SCTP socket. CVE-2021-23133 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:kernel-default-5.3.18-150200.24.120.1 moderate 6.9 AV:L/AC:M/Au:N/C:C/I:C/A:C BIND 9.11.0 -> 9.11.36 9.12.0 -> 9.16.26 9.17.0 -> 9.18.0 BIND Supported Preview Editions: 9.11.4-S1 -> 9.11.36-S1 9.16.8-S1 -> 9.16.26-S1 Versions of BIND 9 earlier than those shown - back to 9.1.0, including Supported Preview Editions - are also believed to be affected but have not been tested as they are EOL. The cache could become poisoned with incorrect records leading to queries being made to the wrong servers, which might also result in false information being returned to clients. CVE-2021-25220 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:bind-utils-9.16.6-150000.12.60.1 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:libbind9-1600-9.16.6-150000.12.60.1 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:libdns1605-9.16.6-150000.12.60.1 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:libirs1601-9.16.6-150000.12.60.1 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:libisc1606-9.16.6-150000.12.60.1 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:libisccc1600-9.16.6-150000.12.60.1 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:libisccfg1600-9.16.6-150000.12.60.1 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:libns1604-9.16.6-150000.12.60.1 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:python3-bind-9.16.6-150000.12.60.1 moderate 4 AV:N/AC:L/Au:S/C:N/I:P/A:N Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage. CVE-2021-26341 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:kernel-default-5.3.18-150200.24.120.1 moderate 2.1 AV:L/AC:L/Au:N/C:P/I:N/A:N An issue was discovered in GNOME GLib before 2.66.8. When g_file_replace() is used with G_FILE_CREATE_REPLACE_DESTINATION to replace a path that is a dangling symlink, it incorrectly also creates the target of the symlink as an empty file, which could conceivably have security relevance if the symlink is attacker-controlled. (If the path is a symlink to a file that already exists, then the contents of that file correctly remain unchanged.) CVE-2021-28153 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:libglib-2_0-0-2.62.6-150200.3.9.1 low 5 AV:N/AC:L/Au:N/C:N/I:P/A:N In RDoc 3.11 through 6.x before 6.3.1, as distributed with Ruby through 3.0.1, it is possible to execute arbitrary code via | and tags in a filename. CVE-2021-31799 important 4.4 AV:L/AC:M/Au:N/C:P/I:P/A:P An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. A malicious FTP server can use the PASV response to trick Net::FTP into connecting back to a given IP address and port. This potentially makes curl extract information about services that are otherwise private and not disclosed (e.g., the attacker can conduct port scans and service banner extractions). CVE-2021-31810 important 5 AV:N/AC:L/Au:N/C:P/I:N/A:N An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. Net::IMAP does not raise an exception when StartTLS fails with an an unknown response, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between the client and the registry to block the StartTLS command, aka a "StartTLS stripping attack." CVE-2021-32066 important 5.8 AV:N/AC:M/Au:N/C:P/I:P/A:N Insufficient control flow management for the Intel(R) 82599 Ethernet Controllers and Adapters may allow an authenticated user to potentially enable denial of service via local access. CVE-2021-33061 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:kernel-default-5.3.18-150200.24.120.1 moderate 2.1 AV:L/AC:L/Au:N/C:N/I:N/A:P A flaw was found in libxml2. Exponential entity expansion attack its possible bypassing all existing protection mechanisms and leading to denial of service. CVE-2021-3541 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:libxml2-2-2.9.7-150000.3.46.1 moderate 4 AV:N/AC:L/Au:S/C:N/I:N/A:P A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity. This is fixed in python-pip version 21.1. CVE-2021-3572 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:python3-3.6.15-150000.3.106.1 moderate 3.5 AV:N/AC:M/Au:S/C:N/I:P/A:N A crafted 16-bit grayscale PNG image may lead to a out-of-bounds write in the heap area. An attacker may take advantage of that to cause heap data corruption or eventually arbitrary code execution and circumvent secure boot protections. This issue has a high complexity to be exploited as an attacker needs to perform some triage over the heap layout to achieve signifcant results, also the values written into the memory are repeated three times in a row making difficult to produce valid payloads. This flaw affects grub2 versions prior grub-2.12. CVE-2021-3695 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:grub2-2.04-150200.9.63.2 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:grub2-i386-pc-2.04-150200.9.63.2 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:grub2-x86_64-efi-2.04-150200.9.63.2 important 4.4 AV:L/AC:M/Au:N/C:P/I:P/A:P A heap out-of-bounds write may heppen during the handling of Huffman tables in the PNG reader. This may lead to data corruption in the heap space. Confidentiality, Integrity and Availablity impact may be considered Low as it's very complex to an attacker control the encoding and positioning of corrupted Huffman entries to achieve results such as arbitrary code execution and/or secure boot circumvention. This flaw affects grub2 versions prior grub-2.12. CVE-2021-3696 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:grub2-2.04-150200.9.63.2 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:grub2-i386-pc-2.04-150200.9.63.2 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:grub2-x86_64-efi-2.04-150200.9.63.2 moderate 6.9 AV:L/AC:M/Au:N/C:C/I:C/A:C A crafted JPEG image may lead the JPEG reader to underflow its data pointer, allowing user-controlled data to be written in heap. To a successful to be performed the attacker needs to perform some triage over the heap layout and craft an image with a malicious format and payload. This vulnerability can lead to data corruption and eventual code execution or secure boot circumvention. This flaw affects grub2 versions prior grub-2.12. CVE-2021-3697 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:grub2-2.04-150200.9.63.2 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:grub2-i386-pc-2.04-150200.9.63.2 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:grub2-x86_64-efi-2.04-150200.9.63.2 important 4.4 AV:L/AC:M/Au:N/C:P/I:P/A:P There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client (such as web browser) connects to, could trigger a Regular Expression Denial of Service (ReDOS) during an authentication request with a specially crafted payload that is sent by the server to the client. The greatest threat that this flaw poses is to application availability. CVE-2021-3733 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:python3-3.6.15-150000.3.106.1 low 4 AV:N/AC:L/Au:S/C:N/I:N/A:P vim is vulnerable to Heap-based Buffer Overflow CVE-2021-3778 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:vim-8.2.5038-150000.5.21.1 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:vim-data-common-8.2.5038-150000.5.21.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P vim is vulnerable to Use After Free CVE-2021-3796 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:vim-8.2.5038-150000.5.21.1 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:vim-data-common-8.2.5038-150000.5.21.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P vim is vulnerable to Heap-based Buffer Overflow CVE-2021-3872 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:vim-8.2.5038-150000.5.21.1 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:vim-data-common-8.2.5038-150000.5.21.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P vim is vulnerable to Heap-based Buffer Overflow CVE-2021-3875 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:vim-8.2.5038-150000.5.21.1 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:vim-data-common-8.2.5038-150000.5.21.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P vim is vulnerable to Heap-based Buffer Overflow CVE-2021-3903 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:vim-8.2.5038-150000.5.21.1 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:vim-data-common-8.2.5038-150000.5.21.1 moderate 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P vim is vulnerable to Heap-based Buffer Overflow CVE-2021-3927 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:vim-8.2.5038-150000.5.21.1 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:vim-data-common-8.2.5038-150000.5.21.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P vim is vulnerable to Use of Uninitialized Variable CVE-2021-3928 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:vim-8.2.5038-150000.5.21.1 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:vim-data-common-8.2.5038-150000.5.21.1 moderate 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P In gadget_dev_desc_UDC_show of configfs.c, there is a possible disclosure of kernel heap memory due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-160822094References: Upstream kernel CVE-2021-39648 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:kernel-default-5.3.18-150200.24.120.1 moderate 1.9 AV:L/AC:M/Au:N/C:P/I:N/A:N In ufshcd_eh_device_reset_handler of ufshcd.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-194696049References: Upstream kernel CVE-2021-39657 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:kernel-default-5.3.18-150200.24.120.1 low 2.1 AV:L/AC:L/Au:N/C:P/I:N/A:N vim is vulnerable to Heap-based Buffer Overflow CVE-2021-3968 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:vim-8.2.5038-150000.5.21.1 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:vim-data-common-8.2.5038-150000.5.21.1 important 8.5 AV:N/AC:M/Au:S/C:C/I:C/A:C In aio_poll_complete_work of aio.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-185125206References: Upstream kernel CVE-2021-39698 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:kernel-default-5.3.18-150200.24.120.1 important 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C vim is vulnerable to Heap-based Buffer Overflow CVE-2021-3973 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:vim-8.2.5038-150000.5.21.1 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:vim-data-common-8.2.5038-150000.5.21.1 critical 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C vim is vulnerable to Use After Free CVE-2021-3974 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:vim-8.2.5038-150000.5.21.1 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:vim-data-common-8.2.5038-150000.5.21.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P vim is vulnerable to Heap-based Buffer Overflow CVE-2021-3984 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:vim-8.2.5038-150000.5.21.1 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:vim-data-common-8.2.5038-150000.5.21.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P A flaw was found in glibc. An off-by-one buffer overflow and underflow in getcwd() may lead to memory corruption when the size of the buffer is exactly 1. A local attacker who can control the input buffer and size passed to getcwd() in a setuid program could use this flaw to potentially execute arbitrary code and escalate their privileges on the system. CVE-2021-3999 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:glibc-2.26-13.65.1 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:glibc-locale-2.26-13.65.1 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:glibc-locale-base-2.26-13.65.1 important vim is vulnerable to Heap-based Buffer Overflow CVE-2021-4019 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:vim-8.2.5038-150000.5.21.1 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:vim-data-common-8.2.5038-150000.5.21.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P vim is vulnerable to Use After Free CVE-2021-4069 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:vim-8.2.5038-150000.5.21.1 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:vim-data-common-8.2.5038-150000.5.21.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where attempting to copy files using `docker cp` into a specially-crafted container can result in Unix file permission changes for existing files in the host's filesystem, widening access to others. This bug does not directly allow files to be read, modified, or executed without an additional cooperating process. This bug has been fixed in Moby (Docker Engine) 20.10.9. Users should update to this version as soon as possible. Running containers do not need to be restarted. CVE-2021-41089 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:docker-20.10.17_ce-150000.166.1 moderate 4.4 AV:L/AC:M/Au:N/C:P/I:P/A:P Docker CLI is the command line interface for the docker container runtime. A bug was found in the Docker CLI where running `docker login my-private-registry.example.com` with a misconfigured configuration file (typically `~/.docker/config.json`) listing a `credsStore` or `credHelpers` that could not be executed would result in any provided credentials being sent to `registry-1.docker.io` rather than the intended private registry. This bug has been fixed in Docker CLI 20.10.9. Users should update to this version as soon as possible. For users unable to update ensure that any configured credsStore or credHelpers entries in the configuration file reference an installed credential helper that is executable and on the PATH. CVE-2021-41092 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:docker-20.10.17_ce-150000.166.1 moderate 5 AV:N/AC:L/Au:N/C:P/I:N/A:N containerd is an open source container runtime with an emphasis on simplicity, robustness and portability. A bug was found in containerd where container root directories and some plugins had insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs. When containers included executable programs with extended permission bits (such as setuid), unprivileged Linux users could discover and execute those programs. When the UID of an unprivileged Linux user on the host collided with the file owner or group inside a container, the unprivileged Linux user on the host could discover, read, and modify those files. This vulnerability has been fixed in containerd 1.4.11 and containerd 1.5.7. Users should update to these version when they are released and may restart containers or update directory permissions to mitigate the vulnerability. Users unable to update should limit access to the host to trusted users. Update directory permission on container bundles directories. CVE-2021-41103 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:containerd-1.6.6-150000.73.2 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:containerd-ctr-1.6.6-150000.73.2 moderate 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C The OCI Distribution Spec project defines an API protocol to facilitate and standardize the distribution of content. In the OCI Distribution Specification version 1.0.0 and prior, the Content-Type header alone was used to determine the type of document during push and pull operations. Documents that contain both "manifests" and "layers" fields could be interpreted as either a manifest or an index in the absence of an accompanying Content-Type header. If a Content-Type header changed between two pulls of the same digest, a client may interpret the resulting content differently. The OCI Distribution Specification has been updated to require that a mediaType value present in a manifest or index match the Content-Type header used during the push and pull operations. Clients pulling from a registry may distrust the Content-Type header and reject an ambiguous document that contains both "manifests" and "layers" fields or "manifests" and "config" fields if they are unable to update to version 1.0.1 of the spec. CVE-2021-41190 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:containerd-1.6.6-150000.73.2 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:containerd-ctr-1.6.6-150000.73.2 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:docker-20.10.17_ce-150000.166.1 moderate vim is vulnerable to Heap-based Buffer Overflow CVE-2021-4136 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:vim-8.2.5038-150000.5.21.1 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:vim-data-common-8.2.5038-150000.5.21.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P A use-after-free flaw was found in cgroup1_parse_param in kernel/cgroup/cgroup-v1.c in the Linux kernel's cgroup v1 parser. A local attacker with a user privilege could cause a privilege escalation by exploiting the fsconfig syscall parameter leading to a container breakout and a denial of service on the system. CVE-2021-4154 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:kernel-default-5.3.18-150200.24.120.1 important 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C An out of memory bounds write flaw (1 or 2 bytes of memory) in the Linux kernel NFS subsystem was found in the way users use mirroring (replication of files with NFS). A user, having access to the NFS mount, could potentially use this flaw to crash the system or escalate privileges on the system. CVE-2021-4157 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:kernel-default-5.3.18-150200.24.120.1 low 7.4 AV:A/AC:M/Au:S/C:C/I:C/A:C sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user. CVE-2021-41617 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:openssh-8.1p1-150200.5.28.1 moderate 4.4 AV:L/AC:M/Au:N/C:P/I:P/A:P vim is vulnerable to Out-of-bounds Read CVE-2021-4166 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:vim-8.2.5038-150000.5.21.1 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:vim-data-common-8.2.5038-150000.5.21.1 moderate 5.8 AV:N/AC:M/Au:N/C:P/I:N/A:P Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS (regular expression Denial of Service) via a long string. The fixed versions are 3.2.1, 3.1.2, 3.0.2, and 2.0.1. CVE-2021-41817 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P vim is vulnerable to Use After Free CVE-2021-4192 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:vim-8.2.5038-150000.5.21.1 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:vim-data-common-8.2.5038-150000.5.21.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P vim is vulnerable to Out-of-bounds Read CVE-2021-4193 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:vim-8.2.5038-150000.5.21.1 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:vim-data-common-8.2.5038-150000.5.21.1 low 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N A NULL pointer dereference flaw was found in GnuTLS. As Nettle's hash update functions internally call memcpy, providing zero-length input may cause undefined behavior. This flaw leads to a denial of service after authentication in rare circumstances. CVE-2021-4209 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:libgnutls30-3.6.7-14.16.1 moderate The x/crypto/ssh package before 0.0.0-20211202192323-5770296d904e of golang.org/x/crypto allows an attacker to panic an SSH server. CVE-2021-43565 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:docker-20.10.17_ce-150000.166.1 important The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide "...enhanced compatibility with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver." Samba versions prior to 4.13.17, 4.14.12 and 4.15.5 with vfs_fruit configured allow out-of-bounds heap read and write via specially crafted extended file attributes. A remote attacker with write access to extended file attributes can execute arbitrary code with the privileges of smbd, typically root. CVE-2021-44142 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:libdcerpc-binding0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:libdcerpc0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:libndr-krb5pac0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:libndr-nbt0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:libndr-standard0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:libndr0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:libnetapi0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:libsamba-credentials0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:libsamba-errors0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:libsamba-hostconfig0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:libsamba-passdb0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:libsamba-util0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:libsamdb0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:libsmbconf0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:libsmbldap2-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:libtevent-util0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:libwbclient0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:samba-libs-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:samba-libs-python3-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 critical 9 AV:N/AC:L/Au:S/C:C/I:C/A:C In gc_data_segment in fs/f2fs/gc.c in the Linux kernel before 5.16.3, special files are not considered, leading to a move_data_page NULL pointer dereference. CVE-2021-44879 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:kernel-default-5.3.18-150200.24.120.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P pep_sock_accept in net/phonet/pep.c in the Linux kernel through 5.15.8 has a refcount leak. CVE-2021-45095 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:kernel-default-5.3.18-150200.24.120.1 moderate 2.1 AV:L/AC:L/Au:N/C:P/I:N/A:N In the Linux kernel before 5.15.3, fs/quota/quota_tree.c does not validate the block number in the quota tree (on disk). This can, for example, lead to a kernel/locking/rwsem.c use-after-free if there is a corrupted quota file. CVE-2021-45868 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:kernel-default-5.3.18-150200.24.120.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. CVE-2021-46059 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:vim-8.2.5038-150000.5.21.1 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:vim-data-common-8.2.5038-150000.5.21.1 moderate Non-transparent sharing of branch predictor selectors between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. CVE-2022-0001 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:kernel-default-5.3.18-150200.24.120.1 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:xen-libs-4.13.4_10-150200.3.55.1 moderate 2.1 AV:L/AC:L/Au:N/C:P/I:N/A:N vim is vulnerable to Out-of-bounds Read CVE-2022-0128 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:vim-8.2.5038-150000.5.21.1 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:vim-data-common-8.2.5038-150000.5.21.1 low 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P A denial of service (DOS) issue was found in the Linux kernel's smb2_ioctl_query_info function in the fs/cifs/smb2ops.c Common Internet File System (CIFS) due to an incorrect return from the memdup_user function. This flaw allows a local, privileged (CAP_SYS_ADMIN) attacker to crash the system. CVE-2022-0168 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:kernel-default-5.3.18-150200.24.120.1 moderate A flaw was found in the Linux kernel. The existing KVM SEV API has a vulnerability that allows a non-root (host) user-level application to crash the host kernel by creating a confidential guest VM instance in AMD CPU that supports Secure Encrypted Virtualization (SEV). CVE-2022-0171 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:kernel-default-5.3.18-150200.24.120.1 moderate vim is vulnerable to Heap-based Buffer Overflow CVE-2022-0213 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:vim-8.2.5038-150000.5.21.1 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:vim-data-common-8.2.5038-150000.5.21.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. CVE-2022-0261 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:vim-8.2.5038-150000.5.21.1 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:vim-data-common-8.2.5038-150000.5.21.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P Heap-based Buffer Overflow in vim/vim prior to 8.2. CVE-2022-0318 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:vim-8.2.5038-150000.5.21.1 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:vim-data-common-8.2.5038-150000.5.21.1 moderate 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P Out-of-bounds Read in vim/vim prior to 8.2. CVE-2022-0319 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:vim-8.2.5038-150000.5.21.1 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:vim-data-common-8.2.5038-150000.5.21.1 low 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw allows a local user to crash the system or escalate their privileges on the system. CVE-2022-0330 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:kernel-default-5.3.18-150200.24.120.1 moderate 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P Access of Memory Location Before Start of Buffer in GitHub repository vim/vim prior to 8.2. CVE-2022-0351 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:vim-8.2.5038-150000.5.21.1 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:vim-data-common-8.2.5038-150000.5.21.1 low 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. CVE-2022-0359 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:vim-8.2.5038-150000.5.21.1 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:vim-data-common-8.2.5038-150000.5.21.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. CVE-2022-0361 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:vim-8.2.5038-150000.5.21.1 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:vim-data-common-8.2.5038-150000.5.21.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P Heap-based Buffer Overflow in GitHub repository vim prior to 8.2. CVE-2022-0392 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:vim-8.2.5038-150000.5.21.1 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:vim-data-common-8.2.5038-150000.5.21.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. CVE-2022-0407 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:vim-8.2.5038-150000.5.21.1 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:vim-data-common-8.2.5038-150000.5.21.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P Use After Free in GitHub repository vim/vim prior to 8.2. CVE-2022-0413 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:vim-8.2.5038-150000.5.21.1 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:vim-data-common-8.2.5038-150000.5.21.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P A stack overflow flaw was found in the Linux kernel's TIPC protocol functionality in the way a user sends a packet with malicious content where the number of domain member nodes is higher than the 64 allowed. This flaw allows a remote user to crash the system or possibly escalate their privileges if they have access to the TIPC network. CVE-2022-0435 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:kernel-default-5.3.18-150200.24.120.1 important 9 AV:N/AC:L/Au:S/C:C/I:C/A:C A use-after-free vulnerability was found in rtsx_usb_ms_drv_remove in drivers/memstick/host/rtsx_usb_ms.c in memstick in the Linux kernel. In this flaw, a local attacker with a user privilege may impact system Confidentiality. This flaw affects kernel versions prior to 5.14 rc1. CVE-2022-0487 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:kernel-default-5.3.18-150200.24.120.1 moderate 2.1 AV:L/AC:L/Au:N/C:P/I:N/A:N A vulnerability was found in the Linux kernel's cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly. CVE-2022-0492 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:kernel-default-5.3.18-150200.24.120.1 moderate 6.9 AV:L/AC:M/Au:N/C:C/I:C/A:C A vulnerability was found in kvm_s390_guest_sida_op in the arch/s390/kvm/kvm-s390.c function in KVM for s390 in the Linux kernel. This flaw allows a local attacker with a normal user privilege to obtain unauthorized memory write access. This flaw affects Linux kernel versions prior to 5.17-rc4. CVE-2022-0516 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:kernel-default-5.3.18-150200.24.120.1 important 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P A flaw null pointer dereference in the Linux kernel UDF file system functionality was found in the way user triggers udf_file_write_iter function for the malicious UDF image. A local user could use this flaw to crash the system. Actual from Linux kernel 4.2-rc1 till 5.17-rc2. CVE-2022-0617 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:kernel-default-5.3.18-150200.24.120.1 moderate 4.9 AV:L/AC:L/Au:N/C:N/I:N/A:C ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. CVE-2022-0644 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:kernel-default-5.3.18-150200.24.120.1 moderate NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.4428. CVE-2022-0696 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:vim-8.2.5038-150000.5.21.1 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:vim-data-common-8.2.5038-150000.5.21.1 low 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic curve parameters. Thus vulnerable situations include: - TLS clients consuming server certificates - TLS servers consuming client certificates - Hosting providers taking certificates or private keys from customers - Certificate authorities parsing certification requests from subscribers - Anything else which parses ASN.1 elliptic curve parameters Also any other applications that use the BN_mod_sqrt() where the attacker can control the parameter values are vulnerable to this DoS issue. In the OpenSSL 1.0.2 version the public key is not parsed during initial parsing of the certificate which makes it slightly harder to trigger the infinite loop. However any operation which requires the public key from the certificate will trigger the infinite loop. In particular the attacker can use a self-signed certificate to trigger the loop during verification of the certificate signature. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0. It was addressed in the releases of 1.1.1n and 3.0.2 on the 15th March 2022. Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1). Fixed in OpenSSL 1.1.1n (Affected 1.1.1-1.1.1m). Fixed in OpenSSL 1.0.2zd (Affected 1.0.2-1.0.2zc). CVE-2022-0778 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:libopenssl1_1-1.1.1d-150200.11.51.1 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:openssl-1_1-1.1.1d-150200.11.51.1 important 5 AV:N/AC:L/Au:N/C:N/I:N/A:P An information leak flaw was found in NFS over RDMA in the net/sunrpc/xprtrdma/rpc_rdma.c in the Linux Kernel. This flaw allows an attacker with normal user privileges to leak kernel information. CVE-2022-0812 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:kernel-default-5.3.18-150200.24.120.1 moderate A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache backed by read only files and as such escalate their privileges on the system. CVE-2022-0847 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:kernel-default-5.3.18-150200.24.120.1 important 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C A vulnerability was found in linux kernel, where an information leak occurs via ext4_extent_header to userspace. CVE-2022-0850 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:kernel-default-5.3.18-150200.24.120.1 moderate A memory leak flaw was found in the Linux kernel's DMA subsystem, in the way a user calls DMA_FROM_DEVICE. This flaw allows a local user to read random memory from the kernel space. CVE-2022-0854 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:kernel-default-5.3.18-150200.24.120.1 moderate 2.1 AV:L/AC:L/Au:N/C:P/I:N/A:N ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-27666. Reason: This candidate is a reservation duplicate of CVE-2022-27666. Notes: All CVE users should reference CVE-2022-27666 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. CVE-2022-0886 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:kernel-default-5.3.18-150200.24.120.1 important A use-after-free flaw was found in the Linux kernel's FUSE filesystem in the way a user triggers write(). This flaw allows a local user to gain unauthorized access to data from the FUSE filesystem, resulting in privilege escalation. CVE-2022-1011 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:kernel-default-5.3.18-150200.24.120.1 moderate 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P A flaw was found in the Linux kernel in net/netfilter/nf_tables_core.c:nft_do_chain, which can cause a use-after-free. This issue needs to handle 'return' with proper preconditions, as it can lead to a kernel information leak problem caused by a local, unprivileged attacker. CVE-2022-1016 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:kernel-default-5.3.18-150200.24.120.1 important A use-after-free flaw was found in the Linux kernel's sound subsystem in the way a user triggers concurrent calls of PCM hw_params. The hw_free ioctls or similar race condition happens inside ALSA PCM for other ioctls. This flaw allows a local user to crash or potentially escalate their privileges on the system. CVE-2022-1048 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:kernel-default-5.3.18-150200.24.120.1 important 6.9 AV:L/AC:M/Au:N/C:C/I:C/A:C A use-after-free exists in the Linux Kernel in tc_new_tfilter that could allow a local attacker to gain privilege escalation. The exploit requires unprivileged user namespaces. We recommend upgrading past commit 04c2a47ffb13c29778e2a14e414ad4cb5a5db4b5 CVE-2022-1055 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:kernel-default-5.3.18-150200.24.120.1 important 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P <code>NSSToken</code> objects were referenced via direct points, and could have been accessed in an unsafe way on different threads, leading to a use-after-free and potentially exploitable crash. This vulnerability affects Thunderbird < 91.8, Firefox < 99, and Firefox ESR < 91.8. CVE-2022-1097 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:libfreebl3-3.68.3-150000.3.67.1 important A flaw was found in KVM. When updating a guest's page table entry, vm_pgoff was improperly used as the offset to get the page's pfn. As vaddr and vm_pgoff are controllable by user-mode processes, this flaw allows unprivileged local users on the host to write outside the userspace region and potentially corrupt the kernel, resulting in a denial of service condition. CVE-2022-1158 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:kernel-default-5.3.18-150200.24.120.1 important A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel's filesystem sub-component. This flaw allows a local attacker with a user privilege to cause a denial of service. CVE-2022-1184 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:kernel-default-5.3.18-150200.24.120.1 moderate An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name (for example, a crafted file name), this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation when processing filenames with two or more newlines where selected content and the target file names are embedded in crafted multi-line file names. This flaw allows a remote, low privileged attacker to force zgrep to write arbitrary files on the system. CVE-2022-1271 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:gzip-1.1-150200.10.1 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:liblzma5-5.2.3-150000.4.7.1 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:xz-5.2.3-150000.4.7.1 important A use-after-free vulnerability was found in drm_lease_held in drivers/gpu/drm/drm_lease.c in the Linux kernel due to a race problem. This flaw allows a local user privilege attacker to cause a denial of service (DoS) or a kernel information leak. CVE-2022-1280 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:kernel-default-5.3.18-150200.24.120.1 moderate 3.3 AV:L/AC:M/Au:N/C:P/I:N/A:P The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2). Fixed in OpenSSL 1.1.1o (Affected 1.1.1-1.1.1n). Fixed in OpenSSL 1.0.2ze (Affected 1.0.2-1.0.2zd). CVE-2022-1292 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:libopenssl1_1-1.1.1d-150200.11.51.1 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:openssl-1_1-1.1.1d-150200.11.51.1 moderate 10 AV:N/AC:L/Au:N/C:C/I:C/A:C An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5. This issue leads to a segmentation fault and possibly arbitrary code execution via a specially crafted filesystem. CVE-2022-1304 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:e2fsprogs-1.43.8-150000.4.33.1 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:libcom_err2-1.43.8-150000.4.33.1 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:libext2fs2-1.43.8-150000.4.33.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a leak of internal kernel information. CVE-2022-1353 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:kernel-default-5.3.18-150200.24.120.1 moderate 3.6 AV:L/AC:L/Au:N/C:P/I:N/A:P global heap buffer overflow in skip_range in GitHub repository vim/vim prior to 8.2.4763. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution CVE-2022-1381 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:vim-8.2.5038-150000.5.21.1 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:vim-data-common-8.2.5038-150000.5.21.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P The root cause of this vulnerability is that the ioctl$DRM_IOCTL_MODE_DESTROY_DUMB can decrease refcount of *drm_vgem_gem_object *(created in *vgem_gem_dumb_create*) concurrently, and *vgem_gem_dumb_create *will access the freed drm_vgem_gem_object. CVE-2022-1419 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:kernel-default-5.3.18-150200.24.120.1 moderate 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4774. CVE-2022-1420 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:vim-8.2.5038-150000.5.21.1 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:vim-data-common-8.2.5038-150000.5.21.1 low 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P A NULL pointer dereference flaw was found in the Linux kernel's X.25 set of standardized network protocols functionality in the way a user terminates their session using a simulated Ethernet card and continued usage of this connection. This flaw allows a local user to crash the system. CVE-2022-1516 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:kernel-default-5.3.18-150200.24.120.1 moderate 4.9 AV:L/AC:L/Au:N/C:N/I:N/A:C An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. This involves a unicode property matching issue in JIT-compiled regular expressions. The issue occurs because the character was not fully read in case-less matching within JIT. CVE-2022-1586 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:libpcre1-8.45-150000.20.13.1 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:libpcre2-8-0-10.31-150000.3.7.1 important 6.4 AV:N/AC:L/Au:N/C:P/I:N/A:P Use after free in append_command in GitHub repository vim/vim prior to 8.2.4895. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution CVE-2022-1616 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:vim-8.2.5038-150000.5.21.1 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:vim-data-common-8.2.5038-150000.5.21.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P Heap-based Buffer Overflow in function cmdline_erase_chars in GitHub repository vim/vim prior to 8.2.4899. This vulnerabilities are capable of crashing software, modify memory, and possible remote execution CVE-2022-1619 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:vim-8.2.5038-150000.5.21.1 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:vim-data-common-8.2.5038-150000.5.21.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 in GitHub repository vim/vim prior to 8.2.4901. NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 allows attackers to cause a denial of service (application crash) via a crafted input. CVE-2022-1620 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:vim-8.2.5038-150000.5.21.1 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:vim-data-common-8.2.5038-150000.5.21.1 low 5 AV:N/AC:L/Au:N/C:N/I:N/A:P Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system. CVE-2022-1652 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:kernel-default-5.3.18-150200.24.120.1 moderate 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C A use-after-free flaw was found in the Linux kernel's Atheros wireless adapter driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local user to crash or potentially escalate their privileges on the system. CVE-2022-1679 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:kernel-default-5.3.18-150200.24.120.1 moderate 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C A race condition was found the Linux kernel in perf_event_open() which can be exploited by an unprivileged user to gain root privileges. The bug allows to build several exploit primitives such as kernel address information leak, arbitrary execution, etc. CVE-2022-1729 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:kernel-default-5.3.18-150200.24.120.1 important Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4968. CVE-2022-1733 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:vim-8.2.5038-150000.5.21.1 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:vim-data-common-8.2.5038-150000.5.21.1 low 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P A flaw in Linux Kernel found in nfcmrvl_nci_unregister_dev() in drivers/nfc/nfcmrvl/main.c can lead to use after free both read or write when non synchronized between cleanup routine and firmware download routine. CVE-2022-1734 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:kernel-default-5.3.18-150200.24.120.1 important 4.4 AV:L/AC:M/Au:N/C:P/I:P/A:P Classic Buffer Overflow in GitHub repository vim/vim prior to 8.2.4969. CVE-2022-1735 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:vim-8.2.5038-150000.5.21.1 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:vim-data-common-8.2.5038-150000.5.21.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P Uncontrolled Recursion in GitHub repository vim/vim prior to 8.2.4975. CVE-2022-1771 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:vim-8.2.5038-150000.5.21.1 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:vim-data-common-8.2.5038-150000.5.21.1 low 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.4977. CVE-2022-1785 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:vim-8.2.5038-150000.5.21.1 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:vim-data-common-8.2.5038-150000.5.21.1 low 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P Use After Free in GitHub repository vim/vim prior to 8.2.4979. CVE-2022-1796 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:vim-8.2.5038-150000.5.21.1 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:vim-data-common-8.2.5038-150000.5.21.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-33981. Reason: This candidate is a reservation duplicate of CVE-2022-33981. Notes: All CVE users should reference CVE-2022-33981 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. CVE-2022-1836 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:kernel-default-5.3.18-150200.24.120.1 moderate Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. CVE-2022-1851 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:vim-8.2.5038-150000.5.21.1 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:vim-data-common-8.2.5038-150000.5.21.1 low 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. CVE-2022-1897 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:vim-8.2.5038-150000.5.21.1 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:vim-data-common-8.2.5038-150000.5.21.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P Use After Free in GitHub repository vim/vim prior to 8.2. CVE-2022-1898 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:vim-8.2.5038-150000.5.21.1 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:vim-data-common-8.2.5038-150000.5.21.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P Buffer Over-read in GitHub repository vim/vim prior to 8.2. CVE-2022-1927 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:vim-8.2.5038-150000.5.21.1 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:vim-data-common-8.2.5038-150000.5.21.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-32250. Reason: This candidate is a duplicate of CVE-2022-32250. Notes: All CVE users should reference CVE-2022-32250 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. CVE-2022-1966 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:kernel-default-5.3.18-150200.24.120.1 important 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C A use-after-free flaw was found in the Linux kernel's NFC core functionality due to a race condition between kobject creation and delete. This vulnerability allows a local attacker with CAP_NET_ADMIN privilege to leak kernel information. CVE-2022-1974 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:kernel-default-5.3.18-150200.24.120.1 moderate There is a sleep-in-atomic bug in /net/nfc/netlink.c that allows an attacker to crash the Linux kernel by simulating a nfc device from user-space. CVE-2022-1975 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:kernel-default-5.3.18-150200.24.120.1 moderate In lg_probe and related functions of hid-lg.c and other USB HID files, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure if a malicious USB HID device were plugged in, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-188677105References: Upstream kernel CVE-2022-20132 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:kernel-default-5.3.18-150200.24.120.1 moderate 4.9 AV:L/AC:L/Au:N/C:C/I:N/A:N In ip_check_mc_rcu of igmp.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege when opening and closing inet sockets with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-112551163References: Upstream kernel CVE-2022-20141 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:kernel-default-5.3.18-150200.24.120.1 moderate 6.9 AV:L/AC:M/Au:N/C:C/I:C/A:C In lock_sock_nested of sock.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-174846563References: Upstream kernel CVE-2022-20154 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:kernel-default-5.3.18-150200.24.120.1 moderate 4.4 AV:L/AC:M/Au:N/C:P/I:P/A:P In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other places in the script where the file names of certificates being hashed were possibly passed to a command executed through the shell. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4 (Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected 1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze). CVE-2022-2068 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:libopenssl1_1-1.1.1d-150200.11.51.1 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:openssl-1_1-1.1.1d-150200.11.51.1 moderate 10 AV:N/AC:L/Au:N/C:C/I:C/A:C AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of "in place" encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and DTLS, they are both unaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL 1.1.1q (Affected 1.1.1-1.1.1p). CVE-2022-2097 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:libopenssl1_1-1.1.1d-150200.11.51.1 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:openssl-1_1-1.1.1d-150200.11.51.1 important 5 AV:N/AC:L/Au:N/C:P/I:N/A:N Incomplete cleanup in specific special register write operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. CVE-2022-21166 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:kernel-default-5.3.18-150200.24.120.1 moderate 2.1 AV:L/AC:L/Au:N/C:P/I:N/A:N KGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lockdown. An attacker with access to a serial port could trigger the debugger so it is important that the debugger respect the lockdown mode when/if it is triggered. CVSS 3.1 Base Score 6.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H). CVE-2022-21499 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:kernel-default-5.3.18-150200.24.120.1 important 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer. This affects SASL-enabled protocols: SMPTP(S), IMAP(S), POP3(S) and LDAP(S) (openldap only). CVE-2022-22576 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:curl-7.66.0-150200.4.36.1 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:libcurl4-7.66.0-150200.4.36.1 moderate 5.5 AV:N/AC:L/Au:S/C:P/I:P/A:N storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. CVE-2022-22827 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:libexpat1-2.2.5-3.19.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P The vmwgfx driver contains a local privilege escalation vulnerability that allows unprivileged users to gain access to files opened by other processes on the system through a dangling 'file' pointer. CVE-2022-22942 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:kernel-default-5.3.18-150200.24.120.1 moderate arm: guest_physmap_remove_page not removing the p2m mappings The functions to remove one or more entries from a guest p2m pagetable on Arm (p2m_remove_mapping, guest_physmap_remove_page, and p2m_set_entry with mfn set to INVALID_MFN) do not actually clear the pagetable entry if the entry doesn't have the valid bit set. It is possible to have a valid pagetable entry without the valid bit set when a guest operating system uses set/way cache maintenance instructions. For instance, a guest issuing a set/way cache maintenance instruction, then calling the XENMEM_decrease_reservation hypercall to give back memory pages to Xen, might be able to retain access to those pages even after Xen started reusing them for other purposes. CVE-2022-23033 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:xen-libs-4.13.4_10-150200.3.55.1 important 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P A PV guest could DoS Xen while unmapping a grant To address XSA-380, reference counting was introduced for grant mappings for the case where a PV guest would have the IOMMU enabled. PV guests can request two forms of mappings. When both are in use for any individual mapping, unmapping of such a mapping can be requested in two steps. The reference count for such a mapping would then mistakenly be decremented twice. Underflow of the counters gets detected, resulting in the triggering of a hypervisor bug check. CVE-2022-23034 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:xen-libs-4.13.4_10-150200.3.55.1 low 2.1 AV:L/AC:L/Au:N/C:N/I:N/A:P Insufficient cleanup of passed-through device IRQs The management of IRQs associated with physical devices exposed to x86 HVM guests involves an iterative operation in particular when cleaning up after the guest's use of the device. In the case where an interrupt is not quiescent yet at the time this cleanup gets invoked, the cleanup attempt may be scheduled to be retried. When multiple interrupts are involved, this scheduling of a retry may get erroneously skipped. At the same time pointers may get cleared (resulting in a de-reference of NULL) and freed (resulting in a use-after-free), while other code would continue to assume them to be valid. CVE-2022-23035 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:xen-libs-4.13.4_10-150200.3.55.1 moderate 4.7 AV:L/AC:M/Au:N/C:N/I:N/A:C Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they assume that a following removal of the granted access will always succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result the backend can keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. The xenbus driver has a similar problem, as it doesn't check the success of removing the granted access of a shared ring buffer. blkfront: CVE-2022-23036 netfront: CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no longer in use, but the freeing of the related data page is not synchronized with dropping the granted access. As a result the backend can keep access to the memory page even after it has been freed and then re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG_ON() assertion if it fails to revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which can be triggered by the backend. CVE-2022-23042 CVE-2022-23036 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:kernel-default-5.3.18-150200.24.120.1 important 4.4 AV:L/AC:M/Au:N/C:P/I:P/A:P Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they assume that a following removal of the granted access will always succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result the backend can keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. The xenbus driver has a similar problem, as it doesn't check the success of removing the granted access of a shared ring buffer. blkfront: CVE-2022-23036 netfront: CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no longer in use, but the freeing of the related data page is not synchronized with dropping the granted access. As a result the backend can keep access to the memory page even after it has been freed and then re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG_ON() assertion if it fails to revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which can be triggered by the backend. CVE-2022-23042 CVE-2022-23037 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:kernel-default-5.3.18-150200.24.120.1 important 4.4 AV:L/AC:M/Au:N/C:P/I:P/A:P Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they assume that a following removal of the granted access will always succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result the backend can keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. The xenbus driver has a similar problem, as it doesn't check the success of removing the granted access of a shared ring buffer. blkfront: CVE-2022-23036 netfront: CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no longer in use, but the freeing of the related data page is not synchronized with dropping the granted access. As a result the backend can keep access to the memory page even after it has been freed and then re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG_ON() assertion if it fails to revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which can be triggered by the backend. CVE-2022-23042 CVE-2022-23038 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:kernel-default-5.3.18-150200.24.120.1 important 4.4 AV:L/AC:M/Au:N/C:P/I:P/A:P Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they assume that a following removal of the granted access will always succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result the backend can keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. The xenbus driver has a similar problem, as it doesn't check the success of removing the granted access of a shared ring buffer. blkfront: CVE-2022-23036 netfront: CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no longer in use, but the freeing of the related data page is not synchronized with dropping the granted access. As a result the backend can keep access to the memory page even after it has been freed and then re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG_ON() assertion if it fails to revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which can be triggered by the backend. CVE-2022-23042 CVE-2022-23039 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:kernel-default-5.3.18-150200.24.120.1 important 4.4 AV:L/AC:M/Au:N/C:P/I:P/A:P Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they assume that a following removal of the granted access will always succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result the backend can keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. The xenbus driver has a similar problem, as it doesn't check the success of removing the granted access of a shared ring buffer. blkfront: CVE-2022-23036 netfront: CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no longer in use, but the freeing of the related data page is not synchronized with dropping the granted access. As a result the backend can keep access to the memory page even after it has been freed and then re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG_ON() assertion if it fails to revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which can be triggered by the backend. CVE-2022-23042 CVE-2022-23040 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:kernel-default-5.3.18-150200.24.120.1 important 4.4 AV:L/AC:M/Au:N/C:P/I:P/A:P Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they assume that a following removal of the granted access will always succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result the backend can keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. The xenbus driver has a similar problem, as it doesn't check the success of removing the granted access of a shared ring buffer. blkfront: CVE-2022-23036 netfront: CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no longer in use, but the freeing of the related data page is not synchronized with dropping the granted access. As a result the backend can keep access to the memory page even after it has been freed and then re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG_ON() assertion if it fails to revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which can be triggered by the backend. CVE-2022-23042 CVE-2022-23041 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:kernel-default-5.3.18-150200.24.120.1 important 4.4 AV:L/AC:M/Au:N/C:P/I:P/A:P Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they assume that a following removal of the granted access will always succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result the backend can keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. The xenbus driver has a similar problem, as it doesn't check the success of removing the granted access of a shared ring buffer. blkfront: CVE-2022-23036 netfront: CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no longer in use, but the freeing of the related data page is not synchronized with dropping the granted access. As a result the backend can keep access to the memory page even after it has been freed and then re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG_ON() assertion if it fails to revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which can be triggered by the backend. CVE-2022-23042 CVE-2022-23042 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:kernel-default-5.3.18-150200.24.120.1 important 4.4 AV:L/AC:M/Au:N/C:P/I:P/A:P The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its path argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution. CVE-2022-23218 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:glibc-2.26-13.65.1 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:glibc-locale-2.26-13.65.1 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:glibc-locale-base-2.26-13.65.1 moderate 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its hostname argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution. CVE-2022-23219 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:glibc-2.26-13.65.1 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:glibc-locale-2.26-13.65.1 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:glibc-locale-base-2.26-13.65.1 moderate 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes. CVE-2022-23308 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:libxml2-2-2.9.7-150000.3.46.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P containerd is a container runtime available as a daemon for Linux and Windows. A bug was found in containerd prior to versions 1.6.1, 1.5.10, and 1.14.12 where containers launched through containerd's CRI implementation on Linux with a specially-crafted image configuration could gain access to read-only copies of arbitrary files and directories on the host. This may bypass any policy-based enforcement on container setup (including a Kubernetes Pod Security Policy) and expose potentially sensitive information. Kubernetes and crictl can both be configured to use containerd's CRI implementation. This bug has been fixed in containerd 1.6.1, 1.5.10, and 1.4.12. Users should update to these versions to resolve the issue. CVE-2022-23648 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:containerd-1.6.6-150000.73.2 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:containerd-ctr-1.6.6-150000.73.2 moderate 5 AV:N/AC:L/Au:N/C:P/I:N/A:N Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES. CVE-2022-23852 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:libexpat1-2.2.5-3.19.1 important 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function. CVE-2022-23990 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:libexpat1-2.2.5-3.19.1 important 5 AV:N/AC:L/Au:N/C:N/I:N/A:P In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a SQL INSERT or UPDATE statement. CVE-2022-24407 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:libsasl2-3-2.1.26-5.10.1 important 6.5 AV:N/AC:L/Au:S/C:P/I:P/A:P An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.16.5. If an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a regular file is found, ENOTDIR should occur, but the server instead returns uninitialized data in the file descriptor. CVE-2022-24448 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:kernel-default-5.3.18-150200.24.120.1 moderate 1.9 AV:L/AC:M/Au:N/C:P/I:N/A:N Moby is an open-source project created by Docker to enable and accelerate software containerization. A bug was found in Moby (Docker Engine) prior to version 20.10.14 where containers were incorrectly started with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling programs with inheritable file capabilities to elevate those capabilities to the permitted set during `execve(2)`. Normally, when executable programs have specified permitted file capabilities, otherwise unprivileged users and processes can execute those programs and gain the specified file capabilities up to the bounding set. Due to this bug, containers which included executable programs with inheritable file capabilities allowed otherwise unprivileged users and processes to additionally gain these inheritable file capabilities up to the container's bounding set. Containers which use Linux users and groups to perform privilege separation inside the container are most directly impacted. This bug did not affect the container security sandbox as the inheritable set never contained more capabilities than were included in the container's bounding set. This bug has been fixed in Moby (Docker Engine) 20.10.14. Running containers should be stopped, deleted, and recreated for the inheritable capabilities to be reset. This fix changes Moby (Docker Engine) behavior such that containers are started with a more typical Linux environment. As a workaround, the entry point of a container can be modified to use a utility like `capsh(1)` to drop inheritable capabilities prior to the primary process starting. CVE-2022-24769 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:containerd-1.6.6-150000.73.2 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:containerd-ctr-1.6.6-150000.73.2 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:docker-20.10.17_ce-150000.166.1 moderate 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P Rsyslog is a rocket-fast system for log processing. Modules for TCP syslog reception have a potential heap buffer overflow when octet-counted framing is used. This can result in a segfault or some other malfunction. As of our understanding, this vulnerability can not be used for remote code execution. But there may still be a slight chance for experts to do that. The bug occurs when the octet count is read. While there is a check for the maximum number of octets, digits are written to a heap buffer even when the octet count is over the maximum, This can be used to overrun the memory buffer. However, once the sequence of digits stop, no additional characters can be added to the buffer. In our opinion, this makes remote exploits impossible or at least highly complex. Octet-counted framing is one of two potential framing modes. It is relatively uncommon, but enabled by default on receivers. Modules `imtcp`, `imptcp`, `imgssapi`, and `imhttp` are used for regular syslog message reception. It is best practice not to directly expose them to the public. When this practice is followed, the risk is considerably lower. Module `imdiag` is a diagnostics module primarily intended for testbench runs. We do not expect it to be present on any production installation. Octet-counted framing is not very common. Usually, it needs to be specifically enabled at senders. If users do not need it, they can turn it off for the most important modules. This will mitigate the vulnerability. CVE-2022-24903 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:rsyslog-8.2106.0-150200.4.29.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P drivers/usb/gadget/legacy/inode.c in the Linux kernel through 5.16.8 mishandles dev->buf release. CVE-2022-24958 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:kernel-default-5.3.18-150200.24.120.1 moderate 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P An issue was discovered in the Linux kernel before 5.16.5. There is a memory leak in yam_siocdevprivate in drivers/net/hamradio/yam.c. CVE-2022-24959 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:kernel-default-5.3.18-150200.24.120.1 moderate 2.1 AV:L/AC:L/Au:N/C:N/I:N/A:P xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context. CVE-2022-25235 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:libexpat1-2.2.5-3.19.1 important 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs. CVE-2022-25236 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:libexpat1-2.2.5-3.19.1 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:python3-3.6.15-150000.3.106.1 important 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P An issue was discovered in drivers/usb/gadget/composite.c in the Linux kernel before 5.16.10. The USB Gadget subsystem lacks certain validation of interface OS descriptor requests (ones with a large array index and ones associated with NULL function pointer retrieval). Memory corruption might occur. CVE-2022-25258 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:kernel-default-5.3.18-150200.24.120.1 important 4.9 AV:L/AC:L/Au:N/C:N/I:N/A:C In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element. CVE-2022-25313 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:libexpat1-2.2.5-3.19.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P In Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString. CVE-2022-25314 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:libexpat1-2.2.5-3.19.1 important 5 AV:N/AC:L/Au:N/C:N/I:N/A:P In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames. CVE-2022-25315 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:libexpat1-2.2.5-3.19.1 important 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P An issue was discovered in drivers/usb/gadget/function/rndis.c in the Linux kernel before 5.16.10. The RNDIS USB gadget lacks validation of the size of the RNDIS_MSG_SET command. Attackers can obtain sensitive information from kernel memory. CVE-2022-25375 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:kernel-default-5.3.18-150200.24.120.1 moderate 2.1 AV:L/AC:L/Au:N/C:P/I:N/A:N Racy interactions between dirty vram tracking and paging log dirty hypercalls Activation of log dirty mode done by XEN_DMOP_track_dirty_vram (was named HVMOP_track_dirty_vram before Xen 4.9) is racy with ongoing log dirty hypercalls. A suitably timed call to XEN_DMOP_track_dirty_vram can enable log dirty while another CPU is still in the process of tearing down the structures related to a previously enabled log dirty mode (XEN_DOMCTL_SHADOW_OP_OFF). This is due to lack of mutually exclusive locking between both operations and can lead to entries being added in already freed slots, resulting in a memory leak. CVE-2022-26356 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:xen-libs-4.13.4_10-150200.3.55.1 moderate 4 AV:L/AC:H/Au:N/C:N/I:N/A:C race in VT-d domain ID cleanup Xen domain IDs are up to 15 bits wide. VT-d hardware may allow for only less than 15 bits to hold a domain ID associating a physical device with a particular domain. Therefore internally Xen domain IDs are mapped to the smaller value range. The cleaning up of the housekeeping structures has a race, allowing for VT-d domain IDs to be leaked and flushes to be bypassed. CVE-2022-26357 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:xen-libs-4.13.4_10-150200.3.55.1 moderate 6.2 AV:L/AC:H/Au:N/C:C/I:C/A:C IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Reserved Memory Region Reporting, "RMRR") for Intel VT-d or Unity Mapping ranges for AMD-Vi. These are typically used for platform tasks such as legacy USB emulation. Since the precise purpose of these regions is unknown, once a device associated with such a region is active, the mappings of these regions need to remain continuouly accessible by the device. This requirement has been violated. Subsequent DMA or interrupts from the device may have unpredictable behaviour, ranging from IOMMU faults to memory corruption. CVE-2022-26358 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:xen-libs-4.13.4_10-150200.3.55.1 moderate 4.4 AV:L/AC:M/Au:N/C:P/I:P/A:P IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Reserved Memory Region Reporting, "RMRR") for Intel VT-d or Unity Mapping ranges for AMD-Vi. These are typically used for platform tasks such as legacy USB emulation. Since the precise purpose of these regions is unknown, once a device associated with such a region is active, the mappings of these regions need to remain continuouly accessible by the device. This requirement has been violated. Subsequent DMA or interrupts from the device may have unpredictable behaviour, ranging from IOMMU faults to memory corruption. CVE-2022-26360 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:xen-libs-4.13.4_10-150200.3.55.1 moderate 4.4 AV:L/AC:M/Au:N/C:P/I:P/A:P x86 pv: Race condition in typeref acquisition Xen maintains a type reference count for pages, in addition to a regular reference count. This scheme is used to maintain invariants required for Xen's safety, e.g. PV guests may not have direct writeable access to pagetables; updates need auditing by Xen. Unfortunately, the logic for acquiring a type reference has a race condition, whereby a safely TLB flush is issued too early and creates a window where the guest can re-establish the read/write mapping before writeability is prohibited. CVE-2022-26362 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:xen-libs-4.13.4_10-150200.3.55.1 important 6.9 AV:L/AC:M/Au:N/C:C/I:C/A:C x86 pv: Insufficient care with non-coherent mappings T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen maintains a type reference count for pages, in addition to a regular reference count. This scheme is used to maintain invariants required for Xen's safety, e.g. PV guests may not have direct writeable access to pagetables; updates need auditing by Xen. Unfortunately, Xen's safety logic doesn't account for CPU-induced cache non-coherency; cases where the CPU can cause the content of the cache to be different to the content in main memory. In such cases, Xen's safety logic can incorrectly conclude that the contents of a page is safe. CVE-2022-26363 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:xen-libs-4.13.4_10-150200.3.55.1 important 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C st21nfca_connectivity_event_received in drivers/nfc/st21nfca/se.c in the Linux kernel through 5.16.12 has EVT_TRANSACTION buffer overflows because of untrusted length parameters. CVE-2022-26490 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:kernel-default-5.3.18-150200.24.120.1 important 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P A logic issue was addressed with improved state management. This issue is fixed in Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. An application may be able to gain elevated privileges. CVE-2022-26691 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:cups-config-2.2.7-150000.3.32.1 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:libcups2-2.2.7-150000.3.32.1 important 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C An issue was discovered in the Linux kernel before 5.16.12. drivers/net/usb/sr9700.c allows attackers to obtain sensitive information from heap memory via crafted frame lengths from a device. CVE-2022-26966 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:kernel-default-5.3.18-150200.24.120.1 moderate 2.1 AV:L/AC:L/Au:N/C:P/I:N/A:N In cifs-utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could lead to local attackers gaining root privileges. CVE-2022-27239 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:cifs-utils-6.9-150100.5.15.1 moderate 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C An information disclosure vulnerability exists in curl 7.65.0 to 7.82.0 are vulnerable that by using an IPv6 address that was in the connection pool but with a different zone id it could reuse a connection instead. CVE-2022-27775 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:curl-7.66.0-150200.4.36.1 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:libcurl4-7.66.0-150200.4.36.1 moderate 5 AV:N/AC:L/Au:N/C:P/I:N/A:N A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or cookie header data on HTTP redirects to the same host but another port number. CVE-2022-27776 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:curl-7.66.0-150200.4.36.1 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:libcurl4-7.66.0-150200.4.36.1 moderate 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N libcurl provides the `CURLOPT_CERTINFO` option to allow applications torequest details to be returned about a server's certificate chain.Due to an erroneous function, a malicious server could make libcurl built withNSS get stuck in a never-ending busy-loop when trying to retrieve thatinformation. CVE-2022-27781 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:curl-7.66.0-150200.4.36.1 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:libcurl4-7.66.0-150200.4.36.1 low 5 AV:N/AC:L/Au:N/C:N/I:N/A:P libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibited reuse.libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse if one of them matches the setup. However, several TLS andSSH settings were left out from the configuration match checks, making themmatch too easily. CVE-2022-27782 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:curl-7.66.0-150200.4.36.1 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:libcurl4-7.66.0-150200.4.36.1 important 5 AV:N/AC:L/Au:N/C:N/I:P/A:N In the Linux kernel before 5.17.1, a refcount leak bug was found in net/llc/af_llc.c. CVE-2022-28356 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:kernel-default-5.3.18-150200.24.120.1 moderate 2.1 AV:L/AC:L/Au:N/C:N/I:N/A:P usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c in the Linux kernel through 5.17.1 has a double free. CVE-2022-28388 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:kernel-default-5.3.18-150200.24.120.1 moderate 2.1 AV:L/AC:L/Au:N/C:N/I:N/A:P mcba_usb_start_xmit in drivers/net/can/usb/mcba_usb.c in the Linux kernel through 5.17.1 has a double free. CVE-2022-28389 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:kernel-default-5.3.18-150200.24.120.1 moderate 2.1 AV:L/AC:L/Au:N/C:N/I:N/A:P ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free. CVE-2022-28390 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:kernel-default-5.3.18-150200.24.120.1 moderate 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P Integer underflow in grub_net_recv_ip4_packets; A malicious crafted IP packet can lead to an integer underflow in grub_net_recv_ip4_packets() function on rsm->total_len value. Under certain circumstances the total_len value may end up wrapping around to a small integer number which will be used in memory allocation. If the attack succeeds in such way, subsequent operations can write past the end of the buffer. CVE-2022-28733 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:grub2-2.04-150200.9.63.2 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:grub2-i386-pc-2.04-150200.9.63.2 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:grub2-x86_64-efi-2.04-150200.9.63.2 important Out-of-bounds write when handling split HTTP headers; When handling split HTTP headers, GRUB2 HTTP code accidentally moves its internal data buffer point by one position. This can lead to a out-of-bound write further when parsing the HTTP request, writing a NULL byte past the buffer. It's conceivable that an attacker controlled set of packets can lead to corruption of the GRUB2's internal memory metadata. CVE-2022-28734 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:grub2-2.04-150200.9.63.2 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:grub2-i386-pc-2.04-150200.9.63.2 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:grub2-x86_64-efi-2.04-150200.9.63.2 moderate The GRUB2's shim_lock verifier allows non-kernel files to be loaded on shim-powered secure boot systems. Allowing such files to be loaded may lead to unverified code and modules to be loaded in GRUB2 breaking the secure boot trust-chain. CVE-2022-28735 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:grub2-2.04-150200.9.63.2 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:grub2-i386-pc-2.04-150200.9.63.2 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:grub2-x86_64-efi-2.04-150200.9.63.2 important There's a use-after-free vulnerability in grub_cmd_chainloader() function; The chainloader command is used to boot up operating systems that doesn't support multiboot and do not have direct support from GRUB2. When executing chainloader more than once a use-after-free vulnerability is triggered. If an attacker can control the GRUB2's memory allocation pattern sensitive data may be exposed and arbitrary code execution can be achieved. CVE-2022-28736 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:grub2-2.04-150200.9.63.2 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:grub2-i386-pc-2.04-150200.9.63.2 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:grub2-x86_64-efi-2.04-150200.9.63.2 important There is a buffer over-read in Ruby before 2.6.10, 2.7.x before 2.7.6, 3.x before 3.0.4, and 3.1.x before 3.1.2. It occurs in String-to-Float conversion, including Kernel#Float and String#to_f. CVE-2022-28739 moderate 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-2964. Reason: This candidate is a reservation duplicate of CVE-2022-2964. Notes: All CVE users should reference CVE-2022-2964 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. CVE-2022-28748 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:kernel-default-5.3.18-150200.24.120.1 low The SUNRPC subsystem in the Linux kernel through 5.17.2 can call xs_xprt_free before ensuring that sockets are in the intended state. CVE-2022-28893 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:kernel-default-5.3.18-150200.24.120.1 moderate 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C In OpenLDAP 2.x before 2.5.12 and 2.6.x before 2.6.2, a SQL injection vulnerability exists in the experimental back-sql backend to slapd, via a SQL statement within an LDAP query. This can occur during an LDAP search operation when the search filter is processed, due to a lack of proper escaping. CVE-2022-29155 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:libldap-2_4-2-2.4.46-150200.14.8.1 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:libldap-data-2.4.46-150200.14.8.1 critical 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. A bug was found in runc prior to version 1.1.2 where `runc exec --cap` created processes with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling programs with inheritable file capabilities to elevate those capabilities to the permitted set during execve(2). This bug did not affect the container security sandbox as the inheritable set never contained more capabilities than were included in the container's bounding set. This bug has been fixed in runc 1.1.2. This fix changes `runc exec --cap` behavior such that the additional capabilities granted to the process being executed (as specified via `--cap` arguments) do not include inheritable capabilities. In addition, `runc spec` is changed to not set any inheritable capabilities in the created example OCI spec (`config.json`) file. CVE-2022-29162 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:runc-1.1.3-150000.30.1 low 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2's buffer functions, for example libxslt through 1.1.35, is affected as well. CVE-2022-29824 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:libxml2-2-2.9.7-150000.3.46.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions. CVE-2022-29900 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:kernel-default-5.3.18-150200.24.120.1 moderate 2.1 AV:L/AC:L/Au:N/C:P/I:N/A:N Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions. CVE-2022-29901 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:kernel-default-5.3.18-150200.24.120.1 moderate 1.9 AV:L/AC:M/Au:N/C:P/I:N/A:N The Linux kernel before 5.17.2 mishandles seccomp permissions. The PTRACE_SEIZE code path allows attackers to bypass intended restrictions on setting the PT_SUSPEND_SECCOMP flag. CVE-2022-30594 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:kernel-default-5.3.18-150200.24.120.1 important 4.4 AV:L/AC:M/Au:N/C:P/I:P/A:P containerd is an open source container runtime. A bug was found in the containerd's CRI implementation where programs inside a container can cause the containerd daemon to consume memory without bound during invocation of the `ExecSync` API. This can cause containerd to consume all available memory on the computer, denying service to other legitimate workloads. Kubernetes and crictl can both be configured to use containerd's CRI implementation; `ExecSync` may be used when running probes or when executing processes via an "exec" facility. This bug has been fixed in containerd 1.6.6 and 1.5.13. Users should update to these versions to resolve the issue. Users unable to upgrade should ensure that only trusted images and commands are used. CVE-2022-31030 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:containerd-1.6.6-150000.73.2 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:containerd-ctr-1.6.6-150000.73.2 moderate 2.1 AV:L/AC:L/Au:N/C:N/I:N/A:P curl < 7.84.0 supports "chained" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable "links" in this "decompression chain" was unbounded, allowing a malicious server to insert a virtually unlimited number of compression steps.The use of such a decompression chain could result in a "malloc bomb", makingcurl end up spending enormous amounts of allocated heap memory, or trying toand returning out of memory errors. CVE-2022-32206 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:curl-7.66.0-150200.4.36.1 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:libcurl4-7.66.0-150200.4.36.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P When curl < 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject data to the client. CVE-2022-32208 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:curl-7.66.0-150200.4.36.1 Public Cloud Image google/sles-15-sp2-chost-byos-v20220718-x86-64:libcurl4-7.66.0-150200.4.36.1 moderate 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N