SUSE-IU-2023:557-1 SUSE Image security@suse.de SUSE Security Team SUSE Image SUSE-IU-2023:557-1 Interim 1 1 2024-05-09T07:22:58Z current 2023-08-07T01:00:00Z 2023-08-07T01:00:00Z cve-database/bin/generate-cvrf-publiccloud.pl 2021-02-18T01:00:00Z Image update for SUSE-IU-2023:557-1 / google/sle-micro-5-2-byos-v20230807-x86-64 This image update for google/sle-micro-5-2-byos-v20230807-x86-64 contains the following changes: Package c-ares was updated: - Update to version 1.19.1 Security: * CVE-2023-32067. High. 0-byte UDP payload causes Denial of Service (bsc#1211604) * CVE-2023-31147 Moderate. Insufficient randomness in generation of DNS query IDs (bsc#1211605) * CVE-2023-31130. Moderate. Buffer Underwrite in ares_inet_net_pton() (bsc#1211606) * CVE-2023-31124. Low. AutoTools does not set CARES_RANDOM_FILE during cross compilation (bsc#1211607) Bug fixes: * Fix uninitialized memory warning in test * ares_getaddrinfo() should allow a port of 0 * Fix memory leak in ares_send() on error * Fix comment style in ares_data.h * Fix typo in ares_init_options.3 * Sync ax_pthread.m4 with upstream * Sync ax_cxx_compile_stdcxx_11.m4 with upstream to fix uclibc support - Update to version 1.19.0 Security: * Low. Stack overflow in ares_set_sortlist() which is used during c-ares initialization and typically provided by an administrator and not an end user. (bsc#1208067, CVE-2022-4904) Changes: * Add ARES_OPT_HOSTS_FILE similar to ARES_OPT_RESOLVCONF for specifying a custom hosts file location. Bug fixes: * Fix memory leak in reading /etc/hosts when using localhost fallback. * Fix chain building c-ares when libresolv is already included by another project. * File lookup should not immediately abort as there may be other tries due to search criteria. * Asterisks should be allowed in host validation as CNAMEs may reference wildcard domains. * AutoTools build system referenced bad STDC_HEADERS macro. * Even if one address class returns a failure for ares_getaddrinfo() we should still return the results we have. * Fix ares_getaddrinfo() numerical address resolution with AF_UNSPEC * Fix tools and help information. * Various documentation fixes and cleanups. * Add include guards to ares_data.h * c-ares could try to exceed maximum number of iovec entries supported by system. * The RFC6761 6.3 states localhost subdomains must be offline too - update to 1.18.1. Changes since 1.17.2: * Allow '/' as a valid character for a returned name for CNAME in-addr.arpa delegation * no longer forwards requests for localhost resolution per RFC6761 * During a domain search, treat ARES_ENODATA as ARES_NXDOMAIN so that the search process will continue to the next domain in the search. * Provide ares_nameser.h as a public interface as needed by NodeJS * Add support for URI(Uniform Resource Identifier) records via ares_parse_uri_reply() - disable unit tests for SLE12 since GCC compiler too old to build unit tests - 5c995d5.patch: upstreamed - disable-live-tests.patch: refreshed - new upstream website - drop multibuild - tests do not require static library anymore - spec file cleanup - drop sources that were re-added to upstream distibution (c-ares-config.cmake.in ares_dns.h libcares.pc.cmake) - update to 1.17.2: Security: * When building c-ares with CMake, the RANDOM_FILE would not be set and therefore downgrade to the less secure random number generator it would cause a crash * Expand number of escaped characters in DNS replies as per RFC1035 5.1 to prevent spoofing follow-up (bsc#1188881, CVE-2021-3672) * Perform validation on hostnames to prevent possible XSS due to applications not performing valiation themselves Changes: * ares_malloc(0) is now defined behavior (returns NULL) rather than system-specific to catch edge cases Bug fixes: * Building tests should not force building of static libraries except on Windows * Relative headers must use double quotes to prevent pulling in a system library for details see, https://c-ares.haxx.se/changelog.html#1_17_2 - update to 1.17.1: Travis: add iOS target built with CMake (#378) Issue #377 suggested that CMake builds for iOS with c-ares were broken. This PR adds an automatic Travis build for iOS CMake. - fix build External projects were using non-public header ares_dns.h, make public again (#376) It appears some outside projects were relying on macros in ares_dns.h, even though it doesn't appear that header was ever meant to be public. That said, we don't want to break external integrators so we should distribute this header again. - note that so versioning has moved to configure.ac - note about 1.17.1 - fix sed gone wrong autotools cleanup (#372) * buildconf: remove custom logic with autoreconf - remove missing_header.patch (upstream) Package ca-certificates-mozilla was updated: - Updated to 2.60 state of Mozilla SSL root CAs (bsc#1206622) Removed CAs: - Global Chambersign Root - EC-ACC - Network Solutions Certificate Authority - Staat der Nederlanden EV Root CA - SwissSign Platinum CA - G2 Added CAs: - DIGITALSIGN GLOBAL ROOT ECDSA CA - DIGITALSIGN GLOBAL ROOT RSA CA - Security Communication ECC RootCA1 - Security Communication RootCA3 Changed trust: - TrustCor certificates only trusted up to Nov 30 (bsc#1206212) - Removed CAs (bsc#1206212) as most code does not handle &quot;/valid before nov 30 2022&quot;/ and it is not clear how many certs were issued for SSL middleware by TrustCor: - TrustCor RootCert CA-1 - TrustCor RootCert CA-2 - TrustCor ECA-1 Patch: remove-trustcor.patch Package catatonit was updated: - Update to catatont v0.1.7- This release adds the ability for catatonit to be used as the only process in a pause container, by passing the -P flag (in this mode no subprocess is spawned and thus no signal forwarding is done). - Add 99bb9048f.patch: configure.ac: call AM_INIT_AUTOMAKE only once. Fix build with autocnf 2.71 / automake 1.16.5. - Update to catatonit v0.1.6, which fixes a few bugs -- mainly ones related to socket activation or features somewhat adjacent to socket activation (such as passing file descriptors). - Update catatonit-rpmlintrc in order to cover that static binaries are now an error not a warning. Package cloud-netconfig was updated: - Update to version 1.7: + Overhaul policy routing setup (issue #19) + Support alias IPv4 ranges (issue #14) + Add support for NetworkManager (bsc#1204549) + Remove dependency on netconfig + Install into libexec directory + Clear stale ifcfg files for accelerated NICs (bsc#1199853) + More debug messages + Documentation update - /etc/netconfig.d/ moved to /usr/libexec/netconfig/netconfig.d/ in Tumbleweed, update path (poo#116221) Package containerd was updated: - Update to containerd v1.6.21 for Docker v23.0.6-ce. Upstream release notes: &lt;https://github.com/containerd/containerd/releases/tag/v1.6.21&gt; bsc#1211578 - Require a minimum Go version explicitly rather than using golang(API). Fixes the change for bsc#1210298. [ This was only released in SLE. ] - unversion to golang requires to always use the current default go. (bsc#1210298) - Update to containerd v1.6.20 for Docker v23.0.4-ce. Upstream release notes: &lt;https://github.com/containerd/containerd/releases/tag/v1.6.20&gt; - Update to containerd v1.6.19 for Docker v23.0.2-ce. Upstream release notes: &lt;https://github.com/containerd/containerd/releases/tag/v1.6.19&gt; Includes fixes for: - CVE-2023-25153 bsc#1208423 - CVE-2023-25173 bsc#1208426 - Re-build containerd to use updated golang-packaging. jsc#1342 - Update to containerd v1.6.16 for Docker v23.0.1-ce. Upstream release notes: &lt;https://github.com/containerd/containerd/releases/tag/v1.6.16&gt; - Update to containerd v1.6.12 to fix CVE-2022-23471 bsc#1206235. Upstream release notes: &lt;https://github.com/containerd/containerd/releases/tag/v1.6.12&gt; - Update to containerd v1.6.11. Upstream release notes: &lt;https://github.com/containerd/containerd/releases/tag/v1.6.11&gt; - Update to containerd v1.6.9 for Docker v20.10.21-ce. Also includes a fix for CVE-2022-27191. boo#1206065 bsc#1197284 Upstream release notes: &lt;https://github.com/containerd/containerd/releases/tag/v1.6.9&gt; - add devel subpackage, which is needed by open-vm-tools Package curl was updated: - Security fixes: * [bsc#1211231, CVE-2023-28320] siglongjmp race condition - Add curl-CVE-2023-28320.patch * [bsc#1211232, CVE-2023-28321] IDN wildcard matching - Add curl-CVE-2023-28321.patch [bsc#1211339] * [bsc#1211233, CVE-2023-28322] POST-after-PUT confusion - Add curl-CVE-2023-28322.patch - Security fixes: * [bsc#1209209, CVE-2023-27533] TELNET option IAC injection Add curl-CVE-2023-27533-no-sscanf.patch curl-CVE-2023-27533.patch * [bsc#1209210, CVE-2023-27534] SFTP path ~ resolving discrepancy Add curl-CVE-2023-27534.patch curl-CVE-2023-27534-dynbuf.patch * [bsc#1209211, CVE-2023-27535] FTP too eager connection reuse Add curl-CVE-2023-27535.patch * [bsc#1209212, CVE-2023-27536] GSS delegation too eager connection re-use Add curl-CVE-2023-27536.patch * [bsc#1209214, CVE-2023-27538] SSH connection too eager reuse still Add curl-CVE-2023-27538.patch - Security Fix: [bsc#1207992, CVE-2023-23916] * HTTP multi-header compression denial of service * Add curl-CVE-2023-23916.patch - Security Fix: [bsc#1206309, CVE-2022-43552] * HTTP Proxy deny use-after-free * Add curl-CVE-2022-43552.patch Package dbus-1 was updated: - Sometimes unprivileged users were able to crash dbus-daemon (CVE-2023-34969, bsc#1212126) * fix-upstream-CVE-2023-34969.patch Package dmidecode was updated: - use-read_file-to-read-from-dump.patch: Fix an old harmless bug which would prevent root from using the --from-dump option since the latest security fixes (bsc#1210418). Security fixes (CVE-2023-30630) - dmidecode-split-table-fetching-from-decoding.patch: dmidecode: Clean up function dmi_table so that it does only one thing (bsc#1210418). - dmidecode-write-the-whole-dump-file-at-once.patch: When option - -dump-bin is used, write the whole dump file at once, instead of opening and closing the file separately for the table and then for the entry point (bsc#1210418). - dmidecode-do-not-let-dump-bin-overwrite-an-existing-file.patch: Make sure that the file passed to option --dump-bin does not already exist (bsc#1210418). - ensure-dev-mem-is-a-character-device-file.patch: Add a safety check on the type of the mem device file we are asked to read from, if we are root (bsc#1210418). 3 recommended fixes from upstream: - dmidecode-fortify-entry-point-length-checks.patch: Ensure that the SMBIOS entry point is long enough to include all the fields we need. - dmidecode-fix-the-alignment-of-type-25-name.patch: Drop a stray tabulation before the name of DMI record type 25. - dmidecode-print-type-33-name-unconditionally.patch: Display the name of DMI record type 33 even if we can't decode it. Package docker was updated: - Update to Docker 23.0.6-ce. See upstream changelog online at &lt;https://docs.docker.com/engine/release-notes/23.0/#2306&gt;. bsc#1211578 - Rebase patches: * cli-0001-docs-include-required-tools-in-source-tree.patch - Re-unify packaging for SLE-12 and SLE-15. - Add patch to fix build on SLE-12 by switching back to libbtrfs-devel headers (the uapi headers in SLE-12 are too old). + 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch - Re-numbered patches: - 0003-bsc1073877-apparmor-clobber-docker-default-profile-o.patch + 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch` - Update to Docker 23.0.5-ce. See upstream changelog online at &lt;https://docs.docker.com/engine/release-notes/23.0/#2305&gt;. - Rebase patches: * cli-0001-docs-include-required-tools-in-source-tree.patch - Update to Docker 23.0.4-ce. See upstream changelog online at &lt;https://docs.docker.com/engine/release-notes/23.0/#2304&gt;. bsc#1208074 - Rebase patches: * 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch * 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch * 0003-bsc1073877-apparmor-clobber-docker-default-profile-o.patch - Renumbered patches: - 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch - Remove upstreamed patches: - 0005-bsc1183855-btrfs-Do-not-disable-quota-on-cleanup.patch - 0006-bsc1193930-vendor-update-golang.org-x-crypto.patch - 0007-bsc1200022-fifo.Close-prevent-possible-panic-if-fifo.patch - Backport &lt;https://github.com/docker/cli/pull/4228&gt; to allow man pages to be built without internet access in OBS. + cli-0001-docs-include-required-tools-in-source-tree.patch - update to 20.10.23-ce. * see upstream changelog at https://docs.docker.com/engine/release-notes/#201023 - drop kubic flavor as kubic is EOL. this removes: kubelet.env docker-kubic-service.conf 0003-PRIVATE-REGISTRY-add-private-registry-mirror-support.patch - Update to Docker 20.10.21-ce. See upstream changelog online at &lt;https://docs.docker.com/engine/release-notes/#201021&gt;. bsc#1206065 bsc#1205375 CVE-2022-36109 - Rebase patches: * 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch * 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch * 0003-PRIVATE-REGISTRY-add-private-registry-mirror-support.patch * 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch * 0005-bsc1183855-btrfs-Do-not-disable-quota-on-cleanup.patch * 0006-bsc1193930-vendor-update-golang.org-x-crypto.patch * 0007-bsc1200022-fifo.Close-prevent-possible-panic-if-fifo.patch - The PRIVATE-REGISTRY patch will now output a warning if it is being used (in preparation for removing the feature). This feature was never meant to be used by users directly (and is only available in the -kubic/CaaSP version of the package anyway) and thus should not affect any users. - Fix wrong After: in docker.service, fixes bsc#1188447 - Add apparmor-parser as a Recommends to make sure that most users will end up with it installed even if they are primarily running SELinux. - Fix syntax of boolean dependency - Allow to install container-selinux instead of apparmor-parser. - Change to using systemd-sysusers - Backport &lt;https://github.com/containerd/fifo/pull/32&gt; to fix a crash-on-start issue with dockerd. bsc#1200022 + 0007-bsc1200022-fifo.Close-prevent-possible-panic-if-fifo.patch Package dracut was updated: - Update to version 049.1+suse.253.g1008bf13: * fix(network-legacy): handle do_dhcp calls without arguments (bsc#1210640) - Update to version 049.1+suse.251.g0b8dad5: * fix(dracut.sh): omission is an addition to other omissions in conf files (bsc#1208929) * fix(nfs): chown using rpc default group (bsc#1204929) - Update to version 049.1+suse.247.gfb7df05c: * fix(systemd): add missing modprobe@.service (bsc#1203749) * fix(i18n): do not fail if FONT in /etc/vconsole.conf has the file extension (bsc#1203267) * fix(drm): consider also drm_dev_register when looking for gpu driver (bsc#1195618) * fix(integrity): do not display any error if there is no IMA certificate (bsc#1187654) Package elfutils was updated: - 0001-libelf-Fixup-SHF_COMPRESSED-sh_addralign-in-elf_upda.patch: make debuginfo extraction from go1.19 built binaries work again. (bsc#1203599) Package expat was updated: * (CVE-2022-43680, bsc#1204708) use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations - Added patch expat-CVE-2022-43680.patch - Security fix: Package glib2 was updated: - Update glib2-fix-normal-form-handling-in-gvariant.patch: Backported from upstream to fix regression on s390x. (bsc#1210135, glgo#GNOME/glib!2978) - Add glib2-fix-normal-form-handling-in-gvariant.patch: Backported from upstream to fix normal form handling in GVariant. (CVE-2023-24593, CVE-2023-25180, bsc#1209714, bsc#1209713, glgo#GNOME/glib!3125) Package glibc was updated: - resolv-conf-lock.patch: resolv_conf: release lock on allocation failure (bsc#1211828, BZ #30527) - ulp-prologue-into-asm-functions.patch: Add support for livepatches in ASM written functions (bsc#1211726) - getlogin-no-loginuid.patch: getlogin_r: fix missing fallback if loginuid is unset (bsc#1209229, BZ #30235) - Exclude static archives from preparation for live patching (bnc#1208721) - amd-cacheinfo.patch: x86: Cache computation for AMD architecture (bsc#1207957) - gmon-hash-table-size.patch: gmon: Fix allocated buffer overflow (CVE-2023-0687, bsc#1207975, BZ #29444) - strncmp-avx2-boundary.patch: Fix avx2 strncmp offset compare condition check (bsc#1208358, BZ #25933) - dlopen-filter-object.patch: elf: Allow dlopen of filter object to work (bsc#1207571, BZ #16272) - powerpc-tst-ucontext.patch: powerpc: Fix unrecognized instruction errors with recent GCC Package gnutls was updated: - Security Fix: [bsc#1208143, CVE-2023-0361] * Bleichenbacher oracle in TLS RSA key exchange * Add gnutls-CVE-2023-0361.patch - Validate input when calling fmemopen() [bsc#1204511] * Add gnutls-check-system_priority_buf-input.patch Package grub2 was updated: - grub2-once: Fix 'sh: terminal_output: command not found' error (bsc#1204563)- Fix unknown filesystem error on disks with 4096 sector size (bsc#1207064) (bsc#1209234) * 0001-grub-core-modify-sector-by-sysfs-as-disk-sector.patch - Fix installation over serial console ends up in infinite boot loop (bsc#1187810) (bsc#1209667) (bsc#1209372) * 0001-Fix-infinite-boot-loop-on-headless-system-in-qemu.patch - Fix aarch64 kiwi image's file not found due to '/@' prepended to path in btrfs filesystem. (bsc#1209165) * grub2-btrfs-05-grub2-mkconfig.patch - Make grub more robust against storage race condition causing system boot failures (bsc#1189036) * 0001-ieee1275-ofdisk-retry-on-open-and-read-failure.patch - Make grub.cfg invariant to efi and legacy platforms (bsc#1205200) - Removed patch linuxefi * grub2-secureboot-provide-linuxefi-config.patch * grub2-secureboot-use-linuxefi-on-uefi-in-os-prober.patch * grub2-secureboot-use-linuxefi-on-uefi.patch - Rediff * grub2-btrfs-05-grub2-mkconfig.patch * grub2-efi-xen-cmdline.patch * grub2-s390x-05-grub2-mkconfig.patch * grub2-suse-remove-linux-root-param.patch - Move unsupported zfs modules into 'extras' packages (bsc#1205554) (PED-2947) - Security fixes and hardenings * 0001-font-Reject-glyphs-exceeds-font-max_glyph_width-or-f.patch * 0002-font-Fix-size-overflow-in-grub_font_get_glyph_intern.patch - Fix CVE-2022-2601 (bsc#1205178) * 0003-font-Fix-several-integer-overflows-in-grub_font_cons.patch * 0004-font-Remove-grub_font_dup_glyph.patch * 0005-font-Fix-integer-overflow-in-ensure_comb_space.patch * 0006-font-Fix-integer-overflow-in-BMP-index.patch * 0007-font-Fix-integer-underflow-in-binary-search-of-char-.patch * 0008-fbutil-Fix-integer-overflow.patch - Fix CVE-2022-3775 (bsc#1205182) * 0009-font-Fix-an-integer-underflow-in-blit_comb.patch * 0010-font-Harden-grub_font_blit_glyph-and-grub_font_blit_.patch * 0011-font-Assign-null_font-to-glyphs-in-ascii_font_glyph.patch * 0012-normal-charset-Fix-an-integer-overflow-in-grub_unico.patch - Bump upstream SBAT generation to 3 Package iputils was updated: - Add fix for ICMP datagram socket ping6-Fix-device-binding.patch (bsc#1196840, bsc#1199918, bsc#1199926, bsc#1199927). Package kernel-default was updated: - ipvlan:Fix out-of-bounds caused by unclear skb-&gt;cb (bsc#1212842 CVE-2023-3090). - commit ddb6922 - x86/build: Avoid relocation information in final vmlinux (bsc#1187829). - commit 88b515e - Refresh patches.suse/cifs-fix-open-leaks-in-open_cached_dir.patch. s/sync_hdr/hdr/ - fix build breakage on CONFIG_CIFS_DEBUG2=y. - commit c3cb631 - HID: intel_ish-hid: Add check for ishtp_dma_tx_map (git-fixes bsc#1212606 CVE-2023-3358). - commit 7077c4f - usb: gadget: udc: renesas_usb3: Fix use after free bug in renesas_usb3_remove due to race condition (bsc#1212513 CVE-2023-35828). - commit 1f06f62 - binfmt_elf: Take the mmap lock when walking the VMA list (bsc#1209039 CVE-2023-1249). - commit 3f46ff2 - bluetooth: Perform careful capability checks in hci_sock_ioctl() (bsc#1210533 CVE-2023-2002). - commit cb86eb0 - relayfs: fix out-of-bounds access in relay_file_read (bsc#1212502 CVE-2023-3268). - kernel/relay.c: fix read_pos error when multiple readers (bsc#1212502 CVE-2023-3268). - commit 73e4027 - media: dm1105: Fix use after free bug in dm1105_remove due to race condition (bsc#1212501 CVE-2023-35824). - commit 0c9d507 - media: saa7134: fix use after free bug in saa7134_finidev due to race condition (bsc#1212494 CVE-2023-35823). - commit 61b38d8 - net/sched: flower: fix possible OOB write in fl_set_geneve_opt() (CVE-2023-35788 bsc#1212504). - commit 865936b - Drop a buggy dvb-core fix patch (bsc#1205758) Also the kabi workaround is dropped, too - commit 7ace3fb - cifs: fix open leaks in open_cached_dir() (bsc#1209342). - commit 82c30e2 - fbcon: Check font dimension limits (CVE-2023-3161 bsc#1212154). - commit 6f6d21f - Move setting %%build_html to config.sh - commit 3f65cd5 - memstick: r592: Fix UAF bug in r592_remove due to race condition (CVE-2023-3141 bsc#1212129 bsc#1211449). - commit 4d760e7 - firewire: fix potential uaf in outbound_phy_packet_callback() (CVE-2023-3159 bsc#1212128). - commit 444321d - Fix missing top level chapter numbers on SLE12 SP5 (bsc#1212158). - commit 7ebcbd5 - Move setting %%split_optional to config.sh - commit 4519250 - Move setting %%supported_modules_check to config.sh - commit d9c64aa - rpm/kernel-docs.spec.in: pass PYTHON=python3 to fix build error (bsc#1160435) - commit 799f050 - rpm/kernel-binary.spec.in: Fix compatibility wth newer rpm - commit 334fb4d - Also include kernel-docs build requirements for ALP - commit 114d088 - Move the kernel-binary conflicts out of the spec file. Thie list of conflicting packages varies per release. To reduce merge conflicts move the list out of the spec file. - commit 4d81125 - sched/rt: pick_next_rt_entity(): check list_entry (bsc#1208600 CVE-2023-1077) - commit a8f82d0 - Avoid unsuported tar parameter on SLE12 - commit f11765a - gve: Remove the code of clearing PBA bit (bsc#1211519). - gve: Secure enough bytes in the first TX desc for all TCP pkts (bsc#1211519). - gve: Cache link_speed value from device (bsc#1211519). - gve: Handle alternate miss completions (bsc#1211519). - gve: Adding a new AdminQ command to verify driver (bsc#1211519). - gve: Fix error return code in gve_prefill_rx_pages() (bsc#1211519). - gve: Reduce alloc and copy costs in the GQ rx path (bsc#1211519). - gve: Fix GFP flags when allocing pages (bsc#1211519). - google/gve:fix repeated words in comments (bsc#1211519). - gve: Fix spelling mistake &quot;/droping&quot;/ -&gt; &quot;/dropping&quot;/ (bsc#1211519). - gve: enhance no queue page list detection (bsc#1211519). - commit 5088617 - Move obsolete KMP list into a separate file. The list of obsoleted KMPs varies per release, move it out of the spec file. - commit 016bc55 - Trim obsolete KMP list. SLE11 is out of support, we do not need to handle upgrading from SLE11 SP1. - commit 08819bb - Generalize kernel-doc build requirements. - commit 23b058f - kernel-binary: Add back kernel-default-base guarded by option Add configsh option for splitting off kernel-default-base, and for not signing the kernel on non-efi - commit 28c22af - net: rpl: fix rpl header size calculation (CVE-2023-2156 bsc#1211131). - commit 884cd15 - Drivers: hv: vmbus: Optimize vmbus_on_event (bsc#1211622). - commit 6cf7013 - usrmerge: Compatibility with earlier rpm (boo#1211796) - commit 2191d32 - Fix usrmerge error (boo#1211796) - commit da84579 - Update References patches.suse/x86-speculation-restore-speculation-related-msrs-during-s3-resume.patch (bsc#1198400 bsc#1209779 CVE-2023-1637). - commit 23e11e7 - tcp: Fix data races around icsk-&gt;icsk_af_ops (bsc#1204405 CVE-2022-3566). - commit d1f836b - Remove usrmerge compatibility symlink in buildroot (boo#1211796) Besides Makefile depmod.sh needs to be patched to prefix /lib/modules. Requires corresponding patch to kmod. - commit b8e00c5 - Update patches.suse/netfilter-x_tables-use-correct-memory-barriers.patch (bsc#1184208 CVE-2021-29650 bsc#1211596 CVE-2020-36694). - commit 0092ed2 - HID: asus: use spinlock to safely schedule workers (bsc#1208604 CVE-2023-1079). - commit df4ce9a - HID: asus: use spinlock to protect concurrent accesses (bsc#1208604 CVE-2023-1079). - commit 4b7a2e4 - ipv6: sr: fix out-of-bounds read when setting HMAC data (bsc#1211592). - commit f37c1a1 - power: supply: bq24190: Fix use after free bug in bq24190_remove due to race condition (CVE-2023-33288 bsc#1211590). - commit 3e2047c - kernel-source: Remove unused macro variant_symbols - commit 915ac72 - media: dvb_net: kABI workaround (CVE-2022-45886 bsc#1205760). - media: dvb_frontend: kABI workaround (CVE-2022-45885 bsc#1205758). - commit c99685c - media: ttusb-dec: fix memory leak in ttusb_dec_exit_dvb() (CVE-2022-45887 bsc#1205762). - media: dvb-core: Fix use-after-free due to race condition at dvb_ca_en50221 (CVE-2022-45919 bsc#1205803). - media: dvb-core: Fix use-after-free due to race at dvb_register_device() (CVE-2022-45884 bsc#1205756). - media: dvb-core: Fix use-after-free due on race condition at dvb_net (CVE-2022-45886 bsc#1205760). - media: dvb-core: Fix kernel WARNING for blocking operation in wait_event*() (CVE-2023-31084 bsc#1210783). - media: dvb-core: Fix use-after-free on race condition at dvb_frontend (CVE-2022-45885 bsc#1205758). - commit f5d1bea - media: dvbdev: fix error logic at dvb_register_device() (CVE-2022-45884 bsc#1205756). - media: dvbdev: Fix memleak in dvb_register_device (CVE-2022-45884 bsc#1205756). - media: media/dvb: Use kmemdup rather than duplicating its implementation (CVE-2022-45884 bsc#1205756). - commit fa580d0 - net: sched: sch_qfq: prevent slab-out-of-bounds in qfq_activate_agg (bsc#1210940 CVE-2023-31436). - commit eeb865d - i2c: xgene-slimpro: Fix out-of-bounds bug in xgene_slimpro_i2c_xfer() (bsc#1210715 CVE-2023-2194). - commit e9b03ca - netrom: Fix use-after-free caused by accept on already connected socket (bsc#1211186 CVE-2023-32269). - commit e76516d - SUNRPC: Ensure the transport backchannel association (bsc#1211203). - commit db18275 - rpm/constraints.in: Increase disk size constraint for riscv64 to 52GB - commit 1c1a4cd - netfilter: nf_tables: deactivate anonymous set from preparation phase (CVE-2023-32233 bsc#1211043). - commit 8d253dc - act_mirred: use the backlog for nested calls to mirred ingress (CVE-2022-4269 bsc#1206024). - net/sched: act_mirred: better wording on protection against excessive stack growth (CVE-2022-4269 bsc#1206024). - net/sched: act_mirred: refactor the handle of xmit (CVE-2022-4269 bsc#1206024). - commit c36d39a - wifi: brcmfmac: slab-out-of-bounds read in brcmf_get_assoc_ies() (bsc#1209287 CVE-2023-1380). - commit 238a208 - Remove obsolete rpm spec constructs defattr does not need to be specified anymore buildroot does not need to be specified anymore - commit c963185 - kernel-spec-macros: Fix up obsolete_rebuilds_subpackage to generate obsoletes correctly (boo#1172073 bsc#1191731). rpm only supports full length release, no provides - commit c9b5bc4 - ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h (bsc#1206878 bsc#1211105 CVE-2023-2513). - commit 2a8658b - ext4: fix use-after-free in ext4_xattr_set_entry (bsc#1206878 bsc#1211105 CVE-2023-2513). - commit 880db90 - kernel-binary: install expoline.o (boo#1210791 bsc#1211089) - commit d6c8c20 - net: qcom/emac: Fix use after free bug in emac_remove due to race condition (bsc#1211037 CVE-2023-2483). - commit d3abec2 - Update patches.suse/io_uring-prevent-race-on-registering-fixed-files.patch Fix the missing the bsc# prefix for the bug number in the References tag. - commit 704a6c4 - timens: Forbid changing time namespace for an io_uring process (bsc#1208474 CVE-2023-23586). - commit 89cf4b3 - s390,dcssblk,dax: Add dax zero_page_range operation to dcssblk driver (bsc#1199636). - commit 6a9faa3 - xfs: verify buffer contents when we skip log replay (bsc#1210498 CVE-2023-2124). - commit 8eed3d3 - io_uring: prevent race on registering fixed files (1210414 CVE-2023-1872). - commit e53cfa3 - KVM: VMX: Execute IBPB on emulated VM-exit when guest has IBRS (bsc#1206992 CVE-2022-2196). - commit f66a218 - keys: Fix linking a duplicate key to a keyring's assoc_array (bsc#1207088). - commit 527a5be - xirc2ps_cs: Fix use after free bug in xirc2ps_detach (bsc#1209871 CVE-2023-1670). - commit cfec974 - Drivers: vmbus: Check for channel allocation before looking up relids (git-fixes). - commit de13f74 - scsi: iscsi_tcp: Fix UAF during login when accessing the shost ipaddress (bsc#1210647 CVE-2023-2162). - commit d0a859e - RDMA/core: Refactor rdma_bind_addr (bsc#1210629 CVE-2023-2176) - commit 5886145 - RDMA/cma: Ensure rdma_addr_cancel() happens before issuing more requests (bsc#1210629 CVE-2023-2176) - commit 8b6288f - RDMA/cma: Do not change route.addr.src_addr outside state checks (bsc#1210629 CVE-2023-2176) - commit c706a03 - RDMA/cma: Make the locking for automatic state transition more clear (bsc#1210629 CVE-2023-2176) - commit 7a43827 - vmxnet3: use gro callback when UPT is enabled (bsc#1209739). - commit f513a6e - x86/speculation: Allow enabling STIBP with legacy IBRS (bsc#1210506 CVE-2023-1998). - commit d03ef09 - cifs: fix negotiate context parsing (bsc#1210301). - commit 5d87bbe - power: supply: da9150: Fix use after free bug in da9150_charger_remove due to race condition (CVE-2023-30772 bsc#1210329). - commit 61aa622 - k-m-s: Drop Linux 2.6 support - commit 22b2304 - Remove obsolete KMP obsoletes (bsc#1210469). - commit 7f325c6 - udmabuf: add back sanity check (git-fixes bsc#1210453 CVE-2023-2008). - commit b2b9158 - hwmon: (xgene) Fix use after free bug in xgene_hwmon_remove due to race condition (CVE-2023-1855 bsc#1210202). - commit 4401c6f - netlink: limit recursion depth in policy validation (CVE-2020-36691 bsc#1209613). - Refresh patches.suse/netlink-prevent-potential-spectre-v1-gadgets.patch. - commit 374a1af - nfc: st-nci: Fix use after free bug in ndlc_remove due to race condition (git-fixes bsc#1210337 CVE-2023-1990). - commit 775e632 - Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work (CVE-2023-1989 bsc#1210336). - commit e27c00d - Update patches.suse/NFSD-Protect-against-send-buffer-overflow-in-NFSv2-R.patch (bsc#1205128 CVE-2022-43945 bsc#1210124). - Update patches.suse/NFSD-Protect-against-send-buffer-overflow-in-NFSv3-R.patch (bsc#1205128 CVE-2022-43945 bsc#1210124). - Update patches.suse/NFSD-Protect-against-send-buffer-overflow-in-NFSv3-Rdir.patch (bsc#1205128 CVE-2022-43945 bsc#1210124). Fix performance problem with these patches - bsc@1210124 - commit 4dbd22d - btrfs: fix race between quota disable and quota assign ioctls (CVE-2023-1611 bsc#1209687). - commit 3fdcd22 - Fix double fget() in vhost_net_set_backend() (bsc#1210203 CVE-2023-1838). - commit 7e671a8 - Define kernel-vanilla as source variant The vanilla_only macro is overloaded. It is used for determining if there should be two kernel sources built as well as for the purpose of determmioning if vanilla kernel should be used for kernel-obs-build. While the former can be determined at build time the latter needs to be baked into the spec file template. Separate the two while also making the latter more generic. $build_dtbs is enabled on every single rt and azure branch since 15.3 when the setting was introduced, gate on the new $obs_build_variant setting as well. - commit 36ba909 - series.conf: cleanup - update upstream references and resort: - patches.suse/wifi-cfg80211-avoid-nontransmitted-BSS-list-corrupti.patch - commit 9bae747 - net/ulp: use consistent error code when blocking ULP (CVE-2023-0461 bsc#1208787). - net/ulp: prevent ULP without clone op from entering the LISTEN status (CVE-2023-0461 bsc#1208787). - commit 028f0fd - rpm/constraints.in: increase the disk size for armv6/7 to 24GB It grows and the build fails recently on SLE15-SP4/5. - commit 41ac816 - rpm/check-for-config-changes: add TOOLCHAIN_NEEDS_* to IGNORED_CONFIGS_RE This new form was added in commit e89c2e815e76 (&quot;/riscv: Handle zicsr/zifencei issues between clang and binutils&quot;/). - commit 234baea - seq_buf: Fix overflow in seq_buf_putmem_hex() (bsc#1209549 CVE-2023-28772). - commit 5c5e4d3 - PCI: hv: Add a per-bus mutex state_lock (bsc#1209785). - Revert &quot;/PCI: hv: Fix a timing issue which causes kdump to fail occasionally&quot;/ (bsc#1209785). - PCI: hv: Remove the useless hv_pcichild_state from struct hv_pci_dev (bsc#1209785). - PCI: hv: Fix a race condition in hv_irq_unmask() that can cause panic (bsc#1209785). - PCI: hv: fix a race condition bug in hv_pci_query_relations() (bsc#1209785). - commit 6b9e385 - kvm: initialize all of the kvm_debugregs structure before sending it to userspace (bsc#1209532 CVE-2023-1513). - commit bd9c11d - Bluetooth: Fix double free in hci_conn_cleanup (bsc#1209052 CVE-2023-28464). - commit 677d920 - net: tls: fix possible race condition between do_tls_getsockopt_conf() and do_tls_setsockopt_conf() (bsc#1209366 CVE-2023-28466). - commit 5f7c4a6 - Move ENA upstream fix to sorted section. - commit aff6c71 - RDMA/core: Don't infoleak GRH fields (bsc#1209778 CVE-2021-3923) - commit 50ba48b - tipc: fix NULL deref in tipc_link_xmit() (bsc#1209289 CVE-2023-1390). - commit b2c1533 - tun: avoid double free in tun_free_netdev (bsc#1209635 CVE-2022-4744). - commit c5cf205 - net/sched: tcindex: update imperfect hash filters respecting rcu (CVE-2023-1281 bsc#1209634). - commit 97b3f9d - fs/proc: task_mmu.c: don't read mapcount for migration entry (CVE-2023-1582, bsc#1209636). - commit 35d5c42 - af_unix: Get user_ns from in_skb in unix_diag_get_exact() (bsc#1209290 CVE-2023-28327). - commit 000517c - netlink: prevent potential spectre v1 gadgets (bsc#1209547 CVE-2017-5753). - commit cec3f24 - tipc: add an extra conn_get in tipc_conn_alloc (bsc#1209288 CVE-2023-1382). - commit 6a58da4 - tipc: set con sock in tipc_conn_alloc (bsc#1209288 CVE-2023-1382). - commit 06eaf34 - Refresh patches.suse/sctp-fail-if-no-bound-addresses-can-be-used-for-a-gi.patch. - commit 890554b - media: dvb-usb: az6027: fix null-ptr-deref in az6027_i2c_xfer() (bsc#1209291 CVE-2023-28328). - commit af7b7eb - rpm/group-source-files.pl: Fix output difference when / is in location While previous attempt to fix group-source-files.pl in 6d651362c38 &quot;/rpm/group-source-files.pl: Deal with {pre,post}fixed / in location&quot;/ breaks the infinite loop, it does not properly address the issue. Having prefixed and/or postfixed forward slash still result in different output. This commit changes the script to use the Perl core module File::Spec for proper path manipulation to give consistent output. - commit 4161bf9 - Require suse-kernel-rpm-scriptlets at all times. The kernel packages call scriptlets for each stage, add the dependency to make it clear to libzypp that the scriptlets are required. There is no special dependency for posttrans, these scriptlets run when transactions are resolved. The plain dependency has to be used to support posttrans. - commit 56c4dbe - Replace mkinitrd dependency with dracut (bsc#1202353). Also update mkinitrd refrences in documentation and comments. - commit e356c9b - prlimit: do_prlimit needs to have a speculation check (bsc#1209256 CVE-2017-5753). - commit a2ac7fb - rpm/kernel-obs-build.spec.in: Remove SLE11 cruft - commit 871eeb4 - rds: rds_rm_zerocopy_callback() correct order for list_add_tail() (CVE-2023-1078 bsc#1208601). - rds: rds_rm_zerocopy_callback() use list_first_entry() (CVE-2023-1078 bsc#1208601). - commit ec0c93c - net/tls: tls_is_tx_ready() checked list_entry (CVE-2023-1075 bsc#1208598). - commit d651270 - tap: tap_open(): correctly initialize socket uid (CVE-2023-1076 bsc#1208599). - tun: tun_chr_open(): correctly initialize socket uid (CVE-2023-1076 bsc#1208599). - net: add sock_init_data_uid() (CVE-2023-1076 bsc#1208599). - netfilter: nf_tables: fix null deref due to zeroed list head (CVE-2023-1095 bsc#1208777). - commit b65b67b - cifs: fix use-after-free caused by invalid pointer `hostname` (bsc#1208971). - commit d1a37f1 - HID: bigben: use spinlock to safely schedule workers (CVE-2023-25012 bsc#1207560). - HID: bigben_worker() remove unneeded check on report_field (CVE-2023-25012 bsc#1207560). - HID: bigben: use spinlock to protect concurrent accesses (CVE-2023-25012 bsc#1207560). - commit 3c79258 - malidp: Fix NULL vs IS_ERR() checking (bsc#1208843 CVE-2023-23004). - commit a8f9557 - Do not sign the vanilla kernel (bsc#1209008). - commit cee4d89 - rpm/group-source-files.pl: Deal with {pre,post}fixed / in location When the source file location provided with -L is either prefixed or postfixed with forward slash, the script get stuck in a infinite loop inside calc_dirs() where $path is an empty string. user@localhost:/tmp&gt; perl &quot;/$HOME/group-source-files.pl&quot;/ -D devel.files -N nondevel.files -L /usr/src/linux-5.14.21-150500.41/ ... path = /usr/src/linux-5.14.21-150500.41/Documentation/Kconfig path = /usr/src/linux-5.14.21-150500.41/Documentation path = /usr/src/linux-5.14.21-150500.41 path = /usr/src path = /usr path = path = path = ... # Stuck in an infinite loop This workarounds the issue by breaking out the loop once path is an empty string. For a proper fix we'd want something that filesystem-aware, but this workaround should be enough for the rare occation that this script is ran manually. Link: http://mailman.suse.de/mlarch/SuSE/kernel/2023/kernel.2023.03/msg00024.html - commit 6d65136 - media: rc: Fix use-after-free bugs caused by ene_tx_irqsim() (CVE-2023-1118 bsc#1208837). - phy: tegra: xusb: Fix return value of tegra_xusb_find_port_node function (CVE-2023-23000 bsc#1208816). - commit 52c897a - scsi: qla2xxx: Add option to disable FC2 Target support (bsc#1198438 bsc#1206103). - Delete patches.suse/revert-scsi-qla2xxx-Changes-to-support-FCP2-Target.patch. - commit 5959f82 - drm/virtio: Fix NULL vs IS_ERR checking in virtio_gpu_object_shmem_init (bsc#1208776 CVE-2023-22998). - commit 2fd8a08 - net/mlx5: DR, Fix NULL vs IS_ERR checking in dr_domain_init_resources (bsc#1208845 CVE-2023-23006). - commit 14082ec - mm/slub: fix panic in slab_alloc_node() (bsc#1208023). - commit b092aa9 - kernel-module-subpackage: Fix expansion with -b parameter (bsc#1208179). When -b is specified the script is prefixed with KMP_NEEDS_MKINITRD=1 which sets the variable for a simple command. However, the script is no longer a simple command. Export the variable instead. - commit 152a069 - README.BRANCH: Update Relieve Ivan Ivanov of his duties as branch maintainer as I am back. - commit 1da55f1 - usb: dwc3: dwc3-qcom: Add missing platform_device_put() in dwc3_qcom_acpi_register_core (bsc#1208741 CVE-2023-22995). - commit 7a31d48 - net: mpls: fix stale pointer if allocation fails during device rename (bsc#1208700 CVE-2023-26545). - commit 18d9ec7 - s390/kexec: fix ipl report address for kdump (bsc#1207575). - commit 7a62f13 - x86/mm: Randomize per-cpu entry area (bsc#1207845 CVE-2023-0597). - commit 3a695c7 - vmxnet3: move rss code block under eop descriptor (bsc#1208212). - commit f589074 - usb: rndis_host: Secure rndis_query check against int overflow (CVE-2023-23559 bsc#1207051). - commit d9a137b - net: mana: Assign interrupts to CPUs based on NUMA nodes (bsc#1208153). - Refresh patches.suse/net-mana-Fix-IRQ-name-add-PCI-and-queue-number.patch. - commit 342fb4d - net: mana: Fix accessing freed irq affinity_hint (bsc#1208153). - genirq: Provide new interfaces for affinity hints (bsc#1208153). - commit 4d24191 - drm/vmwgfx: Avoid NULL-ptr deref in vmw_cmd_dx_define_query() (bsc#1203331 CVE-2022-38096) - commit 1f21d95 - module: Don't wait for GOING modules (bsc#1196058, bsc#1186449, bsc#1204356, bsc#1204662). - commit 77af0b0 - drm/vmwgfx: Validate the box size for the snooped cursor (bsc#1203332 CVE-2022-36280) - commit f246cad - Refresh patches.kabi/scsi-kABI-fix-for-eh_should_retry_cmd.patch (bsc#1206351). The former kABI fix only move the newly added member to scsi_host_template to the end of the struct. But that is usually allocated statically, even by 3rd party modules relying on kABI. Before we use the member we need to signalize that it is to be expected. As we only expect it to be allocated by in-tree modules that we can control, we can use a space in the bitfield to signalize that. - commit 0e772e8 - net: mana: Fix IRQ name - add PCI and queue number (bsc#1207875). - commit f2c8c19 - x86/bugs: Flush IBP in ib_prctl_set() (bsc#1207773 CVE-2023-0045). - commit baf6bec - net: ena: optimize data access in fast-path code (bsc#1208137). - commit 09cfdc0 - net: sched: fix race condition in qdisc_graft() (CVE-2023-0590 bsc#1207795). - net_sched: add __rcu annotation to netdev-&gt;qdisc (CVE-2023-0590 bsc#1207795). - commit c6f042b - Update patches.suse/net-mlx5-Allocate-individual-capability.patch (bsc#1195175). - Update patches.suse/net-mlx5-Dynamically-resize-flow-counters-query-buff.patch (bsc#1195175). - Update patches.suse/net-mlx5-Fix-flow-counters-SF-bulk-query-len.patch (bsc#1195175). - Update patches.suse/net-mlx5-Reduce-flow-counters-bulk-query-buffer-size.patch (bsc#1195175). - Update patches.suse/net-mlx5-Reorganize-current-and-maximal-capabilities.patch (bsc#1195175). - Update patches.suse/net-mlx5-Use-order-0-allocations-for-EQs.patch (bsc#1195175). Fixed bugzilla reference. - commit e56868b - watchdog: diag288_wdt: do not use stack buffers for hardware data (bsc#1207497). - commit f31eb64 - watchdog: diag288_wdt: fix __diag288() inline assembly (bsc#1207497). - commit 2f246cf - RDMA/core: Fix ib block iterator counter overflow (bsc#1207878). - commit 64f6682 - libbpf: Fix null-pointer dereference in find_prog_by_sec_insn() (bsc#1204502 CVE-2022-3606). - commit eef9e8d - cifs: do not include page data when checking signature (bsc#1200217). - commit 89d2457 - config.conf: Drop armv7l, Leap 15.3 is EOL. - Delete config/armv7hl/default. - Delete config/armv7hl/lpae. - commit 022c807 - mm: /proc/pid/smaps_rollup: fix no vma's null-deref (bsc#1207769). - commit be9727c - scsi: mpi3mr: Refer CONFIG_SCSI_MPI3MR in Makefile (git-fixes). - scsi: snic: Fix possible UAF in snic_tgt_create() (git-fixes). - scsi: fcoe: Fix transport not deattached when fcoe_if_init() fails (git-fixes). - scsi: ipr: Fix WARNING in ipr_init() (git-fixes). - scsi: scsi_debug: Fix possible name leak in sdebug_add_host_helper() (git-fixes). - scsi: fcoe: Fix possible name leak when device_register() fails (git-fixes). - scsi: hpsa: Fix possible memory leak in hpsa_add_sas_device() (git-fixes). - scsi: hpsa: Fix error handling in hpsa_add_sas_host() (git-fixes). - scsi: mpt3sas: Fix possible resource leaks in mpt3sas_transport_port_add() (git-fixes). - scsi: hpsa: Fix possible memory leak in hpsa_init_one() (git-fixes). - scsi: scsi_debug: Fix a warning in resp_write_scat() (git-fixes). - scsi: core: Fix a race between scsi_done() and scsi_timeout() (git-fixes). - scsi: scsi_debug: Fix possible UAF in sdebug_add_host_helper() (git-fixes). - scsi: core: Restrict legal sdev_state transitions via sysfs (git-fixes). - scsi: 3w-9xxx: Avoid disabling device if failing to enable it (git-fixes). - scsi: qedf: Fix a UAF bug in __qedf_probe() (git-fixes). - scsi: megaraid_sas: Fix double kfree() (git-fixes). - scsi: Revert &quot;/scsi: qla2xxx: Fix disk failure to rediscover&quot;/ (git-fixes). - commit 25cb1e4 - dm thin: Use last transaction's pmd-&gt;root when commit failed (git-fixes). - dm thin: resume even if in FAIL mode (git-fixes). - dm cache: set needs_check flag after aborting metadata (git-fixes). - dm cache: Fix ABBA deadlock between shrink_slab and dm_cache_metadata_abort (git-fixes). - dm thin: Fix ABBA deadlock between shrink_slab and dm_pool_abort_metadata (git-fixes). - dm integrity: Fix UAF in dm_integrity_dtr() (git-fixes). - dm cache: Fix UAF in destroy() (git-fixes). - dm clone: Fix UAF in clone_dtr() (git-fixes). - dm thin: Fix UAF in run_timer_softirq() (git-fixes). - blktrace: Fix output non-blktrace event when blk_classic option enabled (git-fixes). - dm integrity: flush the journal on suspend (git-fixes). - dm ioctl: fix misbehavior if list_versions races with module loading (git-fixes). - md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d (git-fixes). - bcache: fix set_at_max_writeback_rate() for multiple attached devices (git-fixes). - nbd: Fix hung when signal interrupts nbd_start_device_ioctl() (git-fixes). - md: Flush workqueue md_rdev_misc_wq in md_alloc() (git-fixes). - drivers:md:fix a potential use-after-free bug (git-fixes). - null_blk: fix ida error handling in null_add_dev() (git-fixes). - md: Notify sysfs sync_completed in md_reap_sync_thread() (git-fixes). - nbd: fix io hung while disconnecting device (git-fixes). - nbd: fix race between nbd_alloc_config() and module removal (git-fixes). - nbd: call genl_unregister_family() first in nbd_cleanup() (git-fixes). - md: protect md_unregister_thread from reentrancy (git-fixes). - nbd: Fix hung on disconnect request if socket is closed before (git-fixes). - dm ioctl: prevent potential spectre v1 gadget (git-fixes). - loop: use sysfs_emit() in the sysfs xxx show() (git-fixes). - dm space map common: add bounds check to sm_ll_lookup_bitmap() (git-fixes). - dm btree: add a defensive bounds check to insert_at() (git-fixes). - commit 223b9c6 - nbd: Fix incorrect error handle when first_minor is illegal in nbd_dev_add (git-fixes). - Refresh for the above change, patches.suse/0019-nbd-fix-possible-overflow-on-first_minor-in-nbd_dev_.patch. - commit 9c00c1c - nbd: fix max value for 'first_minor' (git-fixes). - Refresh for the above change, patches.suse/0012-nbd-fix-possible-overflow-for-first_minor-in-nbd_dev.patch. - commit dd126a5 - dm space maps: don't reset space map allocation cursor when committing (git-fixes). - dm verity: fix require_signatures module_param permissions (git-fixes). - dm integrity: fix flush with external metadata device (git-fixes). - dm integrity: select CRYPTO_SKCIPHER (git-fixes). - dm verity: skip verity work if I/O error when system is shutting down (git-fixes). - dm table: Remove BUG_ON(in_interrupt()) (git-fixes). - nbd: make the config put is called before the notifying the waiter (git-fixes). - nbd: restore default timeout when setting it to zero (git-fixes). - loop: unset GENHD_FL_NO_PART_SCAN on LOOP_CONFIGURE (git-fixes). - blktrace: ensure our debugfs dir exists (git-fixes). - commit 50ca764 - rbd: work around -Wuninitialized warning (git-fixes). - Refresh for the above change, patches.suse/rbd-export-some-functions-used-by-lio-rbd-backend.patch. - commit e923159 - blacklist.conf: add git-fixes commits which won't be backported - commit 4601d33 - blacklist.conf: removing SCSI git-fix mistakenly added This fix was labelled as already present in our code base, but it was not. - commit bcd8cfe - scsi: pmcraid: Fix missing resource cleanup in error case (git-fixes). - scsi: ipr: Fix missing/incorrect resource cleanup in error case (git-fixes). - scsi: vmw_pvscsi: Expand vcpuHint to 16 bits (git-fixes). - scsi: myrb: Fix up null pointer access on myrb_cleanup() (git-fixes). - scsi: megaraid: Fix error check return value of register_chrdev() (git-fixes). - scsi: qedi: Fix failed disconnect handling (git-fixes). - scsi: megaraid_sas: Target with invalid LUN ID is deleted during scan (git-fixes). - scsi: mvsas: Add PCI ID of RocketRaid 2640 (git-fixes). - scsi: libfc: Fix use after free in fc_exch_abts_resp() (git-fixes). - scsi: aha152x: Fix aha152x_setup() __setup handler return value (git-fixes). - scsi: pm8001: Fix pm8001_mpi_task_abort_resp() (git-fixes). - scsi: bfa: Replace snprintf() with sysfs_emit() (git-fixes). - scsi: mvsas: Replace snprintf() with sysfs_emit() (git-fixes). - scsi: myrs: Fix crash in error case (git-fixes). - scsi: qedf: Fix refcount issue when LOGO is received during TMF (git-fixes). - scsi: sr: Don't use GFP_DMA (git-fixes). - scsi: vmw_pvscsi: Set residual data length conditionally (git-fixes). - scsi: libiscsi: Fix UAF in iscsi_conn_get_param()/iscsi_conn_teardown() (git-fixes). - scsi: core: sysfs: Fix setting device state to SDEV_RUNNING (git-fixes). - scsi: core: sysfs: Fix hang when device state is set via sysfs (git-fixes). - scsi: iscsi: Unblock session then wake up error handler (git-fixes). - scsi: advansys: Fix kernel pointer leak (git-fixes). - scsi: core: Fix shost-&gt;cmd_per_lun calculation in scsi_add_host_with_dma() (git-fixes). - scsi: virtio_scsi: Fix spelling mistake &quot;/Unsupport&quot;/ -&gt; &quot;/Unsupported&quot;/ (git-fixes). - scsi: ses: Fix unsigned comparison with less than zero (git-fixes). - scsi: ufs: Fix illegal offset in UPIU event trace (git-fixes). - scsi: ses: Retry failed Send/Receive Diagnostic commands (git-fixes). - scsi: sd: Free scsi_disk device via put_device() (git-fixes). - scsi: core: Fix hang of freezing queue between blocking and running device (git-fixes). - scsi: core: Fix capacity set to zero after offlinining device (git-fixes). - scsi: sr: Return correct event when media event code is 3 (git-fixes). - scsi: core: Avoid printing an error if target_alloc() returns - ENXIO (git-fixes). - scsi: scsi_dh_rdac: Avoid crash during rdac_bus_attach() (git-fixes). - scsi: megaraid_mm: Fix end of loop tests for list_for_each_entry() (git-fixes). - scsi: qedf: Add check to synchronize abort and flush (git-fixes). - scsi: libsas: Add LUN number check in .slave_alloc callback (git-fixes). - scsi: aic7xxx: Fix unintentional sign extension issue on left shift of u8 (git-fixes). - scsi: scsi_dh_alua: Fix signedness bug in alua_rtpg() (git-fixes). - scsi: scsi_dh_alua: Check for negative result value (git-fixes). - scsi: qedi: Fix null ref during abort handling (git-fixes). - scsi: iscsi: Fix shost-&gt;max_id use (git-fixes). - scsi: iscsi: Add iscsi_cls_conn refcount helpers (git-fixes). - scsi: megaraid_sas: Handle missing interrupts while re-enabling IRQs (git-fixes). - scsi: megaraid_sas: Early detection of VD deletion through RaidMap update (git-fixes). - scsi: megaraid_sas: Fix resource leak in case of probe failure (git-fixes). - scsi: core: Cap scsi_host cmd_per_lun at can_queue (git-fixes). - scsi: hisi_sas: Propagate errors in interrupt_init_v1_hw() (git-fixes). - scsi: sr: Return appropriate error code when disk is ejected (git-fixes). - scsi: hisi_sas: Drop free_irq() of devm_request_irq() allocated irq (git-fixes). - scsi: vmw_pvscsi: Set correct residual data length (git-fixes). - scsi: bnx2fc: Return failure if io_req is already in ABTS processing (git-fixes). - scsi: BusLogic: Fix 64-bit system enumeration error for Buslogic (git-fixes). - scsi: libfc: Fix a format specifier (git-fixes). - scsi: mpt3sas: Block PCI config access from userspace during reset (git-fixes). - scsi: scsi_dh_alua: Remove check for ASC 24h in alua_rtpg() (git-fixes). - scsi: st: Fix a use after free in st_open() (git-fixes). - scsi: libiscsi: Fix iscsi_prep_scsi_cmd_pdu() error handling (git-fixes). - scsi: fnic: Fix memleak in vnic_dev_init_devcmd2 (git-fixes). - scsi: ufs: Fix tm request when non-fatal error happens (git-fixes). - scsi: sd: Suppress spurious errors when WRITE SAME is being disabled (git-fixes). - scsi: scsi_transport_spi: Set RQF_PM for domain validation commands (git-fixes). - scsi: ufs-pci: Ensure UFS device is in PowerDown mode for suspend-to-disk -&gt;poweroff() (git-fixes). - scsi: ufs: Fix wrong print message in dev_err() (git-fixes). - scsi: mpt3sas: Increase IOCInit request timeout to 30s (git-fixes). - commit cf6a959 - scsi: ufs: Make sure clk scaling happens only when HBA is runtime ACTIVE (git-fixes). - scsi: ufs: Fix unbalanced scsi_block_reqs_cnt caused by ufshcd_hold() (git-fixes). - scsi: mpt3sas: Fix timeouts observed while reenabling IRQ (git-fixes). - scsi: hpsa: Fix memory leak in hpsa_init_one() (git-fixes). - scsi: core: Don't start concurrent async scan on same host (git-fixes). - scsi: mvumi: Fix error return in mvumi_io_attach() (git-fixes). - scsi: qedf: Return SUCCESS if stale rport is encountered (git-fixes). - scsi: qedi: Protect active command list to avoid list corruption (git-fixes). - scsi: qedi: Fix list_del corruption while removing active I/O (git-fixes). - scsi: ufs: ufs-qcom: Fix race conditions caused by ufs_qcom_testbus_config() (git-fixes). - commit 0335e79 - sctp: fail if no bound addresses can be used for a given scope (bsc#1206677). - commit dcee4fd - scsi: ufs: Clean up completed request without interrupt notification (git-fixes). - Refresh patches.suse/scsi-ufs-Properly-release-resources-if-a-task-is-aborted-successfully. - commit 0e26434 - KVM: VMX: fix crash cleanup when KVM wasn't used (bsc#1207508). - Refresh patches.suse/KVM-x86-speculation-Disable-Fill-buffer-clear-within-guests.patch. - commit 8d5e108 - scsi: ufs: Improve interrupt handling for shared interrupts (git-fixes). - scsi: ufs: Fix interrupt error message for shared interrupts (git-fixes). - scsi: ufs: Fix possible infinite loop in ufshcd_hold (git-fixes). - scsi: iscsi: Do not put host in iscsi_set_flashnode_param() (git-fixes). - scsi: ufs: Add DELAY_BEFORE_LPM quirk for Micron devices (git-fixes). - scsi: scsi_transport_spi: Fix function pointer check (git-fixes). - scsi: sr: Fix sr_probe() missing deallocate of device minor (git-fixes). - scsi: iscsi: Fix reference count leak in iscsi_boot_create_kobj (git-fixes). - scsi: hisi_sas: Do not reset phy timer to wait for stray phy up (git-fixes). - scsi: cxlflash: Fix error return code in cxlflash_probe() (git-fixes). - scsi: core: free sgtables in case command setup fails (git-fixes). - scsi: pm: Balance pm_only counter of request queue during system resume (git-fixes). - scsi: iscsi: Report unbind session event when the target has been removed (git-fixes). - scsi: iscsi: Don't destroy session if there are outstanding connections (git-fixes). - scsi: ufs: Fix a race condition in the tracing code (git-fixes). - scsi: ufs: Make ufshcd_add_command_trace() easier to read (git-fixes). - scsi: aic7xxx: Adjust indentation in ahc_find_syncrate (git-fixes). - scsi: iscsi: Avoid potential deadlock in iscsi_if_rx func (git-fixes). - scsi: iscsi: Don't send data to unbound connection (git-fixes). - scsi: NCR5380: Add disconnect_mask module parameter (git-fixes). - scsi: scsi_debug: num_tgts must be &gt;= 0 (git-fixes). - scsi: ufs: Fix error handing during hibern8 enter (git-fixes). - scsi: ufs: Fix irq return code (git-fixes). - scsi: ufs: Fix up auto hibern8 enablement (git-fixes). - scsi: atari_scsi: sun3_scsi: Set sg_tablesize to 1 instead of SG_NONE (git-fixes). - scsi: ufs: fix potential bug which ends in system hang (git-fixes). - scsi: hisi_sas: Check sas_port before using it (git-fixes). - scsi: fnic: fix use after free (git-fixes). - scsi: ufs: delete redundant function ufshcd_def_desc_sizes() (git-fixes). - scsi: hisi_sas: Delete the debugfs folder of hisi_sas when the probe fails (git-fixes). - commit e77b62a - scsi: hisi_sas: Replace in_softirq() check in hisi_sas_task_exec() (git-fixes). - Refresh patches.suse/scsi-hisi_sas-Remove-preemptible. - commit ce7bed3 - blacklist.conf: add git-fixes to be skipped - commit cb4a471 - netfilter: nft_payload: incorrect arithmetics when fetching VLAN header bits (CVE-2023-0179 bsc#1207034). - commit 9fe77eb - HID: check empty report_list in hid_validate_values() (git-fixes, bsc#1206784). - commit 028641d - HID: check empty report_list in bigben_probe() (git-fixes, bsc#1206784). - commit c479b33 - HID: betop: check shape of output reports (git-fixes, bsc#1207186). - commit f6860d6 - ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF (CVE-2023-0266 bsc#1207134). - commit 9014493 - sctp: sysctl: make extra pointers netns aware (bsc#1204760). - commit 580597a - net: sched: disallow noqueue for qdisc classes (bsc#1207237 CVE-2022-47929). - commit e015217 - blacklist.conf: 461ab10ef7e6 (&quot;/ceph: switch to vfs_inode_has_locks() to fix file lock bug&quot;/) - commit b165b65 - ceph: avoid putting the realm twice when decoding snaps fails (bsc#1207198). - ceph: do not update snapshot context when there is no new snapshot (bsc#1207218). - commit 2f13b5a - ipv6: raw: Deduct extension header length in rawv6_push_pending_frames (bsc#1207168). - commit ad4a091 - rpm/mkspec-dtb: add riscv64 dtb-renesas subpackage - commit 6020754 - Update patches.suse/net-sched-cbq-dont-intepret-cls-results-when-asked-t.patch (bsc#1207036 CVE-2023-23454). - commit 88c4e72 - Update patches.suse/net-sched-atm-dont-intepret-cls-results-when-asked-t.patch (bsc#1207125 CVE-2023-23455). - commit e595908 - SLE15-SP3 went to LTSS, hand over to L3 - commit c5e6bf0 - mm/memcg: optimize memory.numa_stat like memory.stat (bsc#1206663). - commit d7619da - drbd: destroy workqueue when drbd device was freed (git-fixes). - drbd: use after free in drbd_create_device() (git-fixes). - drbd: remove usage of list iterator variable after loop (git-fixes). - commit ebdddc5 - powerpc/rtas: avoid scheduling in rtas_os_term() (bsc#1065729). - powerpc/rtas: avoid device tree lookups in rtas_os_term() (bsc#1065729). - commit da7ea39 - net: sched: atm: dont intepret cls results when asked to drop (bsc#1207036). - commit 49dc51c - net: sched: cbq: dont intepret cls results when asked to drop (bsc#1207036). - commit 0726009 - ibmveth: Always stop tx queues during close (bsc#1065729). - commit 8b8572d - Refresh patches.suse/btrfs-avoid-unnecessary-lock-and-leaf-splits-when-up.patch. For bsc#1206904, see: https://bugzilla.suse.com/show_bug.cgi?id=1206904#c6 - commit dfcd116 - README.BRANCH: Added myself as co-maintainer And drop Oscars name. - commit 0607a55 - ipv4: Handle attempt to delete multipath route when fib_info contains an nh reference (bsc#1204171 CVE-2022-3435). - commit d2a1bb2 - net: ipv4: fix route with nexthop object delete warning (bsc#1204171 CVE-2022-3435). - commit 51fb670 - module: avoid *goto*s in module_sig_check() (git-fixes). - commit 95dc2c1 - module: merge repetitive strings in module_sig_check() (git-fixes). - commit e890371 - module: set MODULE_STATE_GOING state when a module fails to load (git-fixes). - commit bbf8a43 - modules: lockdep: Suppress suspicious RCU usage warning (git-fixes). - commit a75abac - module: Remove accidental change of module_enable_x() (git-fixes). - commit c1799c7 - tracing: Verify if trace array exists before destroying it (git-fixes). - commit 484ce03 - powerpc/powernv: add missing of_node_put (bsc#1065729). - powerpc/boot: Fixup device-tree on little endian (bsc#1065729). - powerpc/pseries: Stop calling printk in rtas_stop_self() (bsc#1065729). - powerpc: Force inlining of cpu_has_feature() to avoid build failure (bsc#1065729). - powerpc: improve handling of unrecoverable system reset (bsc#1065729). - powerpc: sysdev: add missing iounmap() on error in mpic_msgr_probe() (bsc#1065729). - powerpc/powernv/smp: Fix spurious DBG() warning (bsc#1065729). - powerpc/crashkernel: Take &quot;/mem=&quot;/ option into account (bsc#1065729). - powerpc/64s/pgtable: fix an undefined behaviour (bsc#1065729). - powerpc/eeh: Only dump stack once if an MMIO loop is detected (bsc#1065729). - powerpc/sriov: Remove VF eeh_dev state when disabling SR-IOV (bsc#1065729). - powerpc/powernv/iov: Ensure the pdn for VFs always contains a valid PE number (bsc#1065729). - commit f1282a1 - blacklist.conf: Add reverted commit - commit 1048706 - powerpc: Ensure that swiotlb buffer is allocated from low memory (bsc#1156395). - commit 6657d5f - powerpc/powernv: Avoid re-registration of imc debugfs directory (bsc#1156395). - powerpc/book3s/mm: Update Oops message to print the correct translation in use (bsc#1156395). - commit 1967b85 - powerpc/pseries/cmm: Implement release() function for sysfs device (bsc#1065729). - commit eef87f7 - rpm/kernel-binary.spec.in: Add Enhances and Supplements tags to in-tree KMPs This makes in-tree KMPs more consistent with externally built KMPs and silences several rpmlint warnings. - commit 02b7735 - mm: fix race between MADV_FREE reclaim and blkdev direct IO read (bsc#1204989,bsc#1205601). - commit b1fad8e - rpm/check-for-config-changes: add OBJTOOL and FTRACE_MCOUNT_USE_* Dummy gcc pretends to support -mrecord-mcount option but actual gcc on ppc64le does not. Therefore ppc64le builds of 6.2-rc1 and later in OBS enable FTRACE_MCOUNT_USE_OBJTOOL and OBJTOOL config options, resulting in check failure. As we already have FTRACE_MCOUNT_USE_CC and FTRACE_MCOUNT_USE_RECORDMCOUNT in the exception list, replace them with a general pattern. And add OBJTOOL as well. - commit 887416f - powerpc/xive/spapr: correct bitmap allocation size (fate#322438 git-fixes). - powerpc/xive: Add a check for memory allocation failure (fate#322438 git-fixes). - commit 2423c59 - arm64: memory: Add missing brackets to untagged_addr() macro (git-fixes) - commit 5dff1e5 - arm64: tags: Preserve tags for addresses translated via TTBR1 (git-fixes) - commit 822d824 - blacklist.conf: (&quot;/arm64: lse: Fix LSE atomics with LLVM&quot;/) - commit 22e012e - arm64: dts: rockchip: add reg property to brcmf sub-nodes (git-fixes) - commit 82f0058 - arm64: dts: rockchip: fix dwmmc clock name for px30 (git-fixes) - commit 2d24fe0 - arm64: dts: allwinner: H5: Add PMU node (git-fixes) - commit 5f7b503 - arm64: dts: allwinner: H6: Add PMU mode (git-fixes) - commit 3c56f93 - arm64: dts: rockchip: Fix NanoPC-T4 cooling maps (git-fixes) - commit 10890a5 - blacklist.conf: (&quot;/arm64: fix alternatives with LLVM's integrated assembler&quot;/) - commit a642f3b - blacklist.conf: (&quot;/arm64: lse: fix LSE atomics with LLVM's integrated assembler&quot;/) - commit 76593cf - blacklist.conf: (&quot;/arm64: dts: allwinner: a64: olinuxino: Fix eMMC supply regulator&quot;/) - commit 1caef50 - Refresh patches.suse/NFS-Handle-missing-attributes-in-OPEN-reply.patch. Update commit log to prevent patch and quilt from thinking it should apply the example hunks and fail. - commit 78fab3f - NFS: Handle missing attributes in OPEN reply (bsc#1203740). - commit 75c0f21 - NFSv4.x: Fail client initialisation if state manager thread can't run (git-fixes). - SUNRPC: Fix missing release socket in rpc_sockname() (git-fixes). - xprtrdma: Fix regbuf data not freed in rpcrdma_req_create() (git-fixes). - NFS: Fix an Oops in nfs_d_automount() (git-fixes). - NFSv4: Fix a deadlock between nfs4_open_recover_helper() and delegreturn (git-fixes). - NFSv4.2: Fix initialisation of struct nfs4_label (git-fixes). - NFSv4.2: Fix a memory stomp in decode_attr_security_label (git-fixes). - NFSv4.2: Clear FATTR4_WORD2_SECURITY_LABEL when done decoding (git-fixes). - SUNRPC: Don't leak netobj memory when gss_read_proxy_verf() fails (git-fixes). - nfsd: don't call nfsd_file_put from client states seqfile display (git-fixes). - nfs4: Fix kmemleak when allocate slot failed (git-fixes). - NFSv4.2: Fixup CLONE dest file size for zero-length count (git-fixes). - NFSv4: Retry LOCK on OLD_STATEID during delegation return (git-fixes). - NFSv4.1: We must always send RECLAIM_COMPLETE after a reboot (git-fixes). - NFSv4.1: Handle RECLAIM_COMPLETE trunking errors (git-fixes). - NFSv4/pNFS: Always return layout stats on layout return for flexfiles (git-fixes). - NFSD: Return nfserr_serverfault if splice_ok but buf-&gt;pages have data (git-fixes). - NFSD: Fix handling of oversized NFSv4 COMPOUND requests (git-fixes). - NFSv4/pnfs: Fix a use-after-free bug in open (git-fixes). - xprtrdma: treat all calls not a bcall when bc_serv is NULL (git-fixes). - NFSv4: Don't hold the layoutget locks across multiple RPC calls (git-fixes). - SUNRPC: Fix socket waits for write buffer space (git-fixes). - NFSv4: Protect the state recovery thread against direct reclaim (git-fixes). - NFSv4 expose nfs_parse_server_name function (git-fixes). - NFSv4 remove zero number of fs_locations entries error check (git-fixes). - NFSv4.1: Fix uninitialised variable in devicenotify (git-fixes). - nfs: nfs4clinet: check the return value of kstrdup() (git-fixes). - NFSv4 only print the label when its queried (git-fixes). - NFSD: Keep existing listeners on portlist error (git-fixes). - lockd: lockd server-side shouldn't set fl_ops (git-fixes). - rpc: fix gss_svc_init cleanup on failure (git-fixes). - NFS: nfs_find_open_context() may only select open files (git-fixes). - NFSD: fix error handling in NFSv4.0 callbacks (git-fixes). - rpc: fix NULL dereference on kmalloc failure (git-fixes). - fs: nfsd: fix kconfig dependency warning for NFSD_V4 (git-fixes). - nfs: we don't support removing system.nfs4_acl (git-fixes). - nfs: fix PNFS_FLEXFILE_LAYOUT Kconfig default (git-fixes). - SUNRPC: Handle 0 length opaque XDR object data properly (git-fixes). - SUNRPC: Move simple_get_bytes and simple_get_netobj into private header (git-fixes). - pNFS/NFSv4: Try to return invalid layout in pnfs_layout_process() (git-fixes). - NFSv4: Fix a pNFS layout related use-after-free race when freeing the inode (git-fixes). - NFS4: Fix oops when copy_file_range is attempted with NFS4.0 source (git-fixes). - SUNRPC: Mitigate cond_resched() in xprt_transmit() (git-fixes). - SUNRPC: stop printk reading past end of string (git-fixes). - NFS: Zero-stateid SETATTR should first return delegation (git-fixes). - NFSv4.1 handle ERR_DELAY error reclaiming locking state on delegation recall (git-fixes). - svcrdma: Fix another Receive buffer leak (git-fixes). - NFS: nfs_xdr_status should record the procedure name (git-fixes). - net: sunrpc: Fix off-by-one issues in 'rpc_ntop6' (git-fixes). - nfsd: safer handling of corrupted c_type (git-fixes). - nfsd: Fix svc_xprt refcnt leak when setup callback client failed (git-fixes). - sunrpc: check that domain table is empty at module unload (git-fixes). - svcrdma: Fix backchannel return code (git-fixes). - SUNRPC: Don't start a timer on an already queued rpc task (git-fixes). - NFS: Fix memory leaks in nfs_pageio_stop_mirroring() (git-fixes). - NFS: direct.c: Fix memory leak of dreq when nfs_get_lock_context fails (git-fixes). - NFSv4.2: error out when relink swapfile (git-fixes). - NFSv4: Fix races between open and dentry revalidation (git-fixes). - sunrpc: Fix potential leaks in sunrpc_cache_unhash() (git-fixes). - nfsd: Clone should commit src file metadata too (git-fixes). - NFS: Fix memory leaks (git-fixes). - commit 5b3ba89 - memcg, kmem: further deprecate kmem.limit_in_bytes (bsc#1206896). - commit c8d19aa - blacklist.conf: blacklist 6fcbcec9cfc7 - commit de669f1 - arm64: cpu_errata: Add Hisilicon TSV110 to spectre-v2 safe list (git-fixes) - commit b310aa7 - blacklist.conf: (&quot;/arm64: dts: ls1028a: fix typo in TMU calibration data&quot;/) - commit 716a28c - blacklist.conf: (&quot;/arm64: Validate tagged addresses in access_ok() called from kernel&quot;/) - commit 9dd7e12 - blacklist.conf: (&quot;/arm64: insn: consistently handle exit text&quot;/) - commit f816334 - blacklist.conf: blacklist 5c099c4fd - commit 5b0fa49 - blacklist.conf: blacklist c3497fd009ef - commit 359f3b8 - blacklist.conf: blacklist c915fb80eaa - commit 02b35f9 - ext4: avoid BUG_ON when creating xattrs (bsc#1205496). - commit b1bfe2a - ext4: fix uninititialized value in 'ext4_evict_inode' (bsc#1206893). - commit ff976a4 - ext4: fix corruption when online resizing a 1K bigalloc fs (bsc#1206891). - commit 140cef5 - ext4: fix undefined behavior in bit shift for ext4_check_flag_values (bsc#1206890). - commit 0696f69 - ext4: silence the warning when evicting inode with dioread_nolock (bsc#1206889). - commit 8d66379 - ext4: fix use-after-free in ext4_ext_shift_extents (bsc#1206888). - commit 027bd53 - ext4: fix warning in 'ext4_da_release_space' (bsc#1206887). - commit 5134642 - ext4: fix BUG_ON() when directory entry has invalid rec_len (bsc#1206886). - commit 7d14bba - Update tags in patches.suse/ext4-Fix-check-for-block-being-out-of-directory-size.patch. - commit b651ac6 - ext4: make ext4_lazyinit_thread freezable (bsc#1206885). - commit f8a1109 - ext4: fix null-ptr-deref in ext4_write_info (bsc#1206884). - commit 100f2b7 - ext4: avoid crash when inline data creation follows DIO write (bsc#1206883). - commit 05e8ed4 - ext4: continue to expand file system when the target size doesn't reach (bsc#1206882). - commit 1b01bae - ext4: fix bug in extents parsing when eh_entries == 0 and eh_depth &gt; 0 (bsc#1206881). - commit f1f3d4f - blacklist.conf: blacklist 613c5a85898d - commit 48dfb5e - ext4: avoid resizing to a partial cluster size (bsc#1206880). - commit f96243f - blacklist.conf: blacklist b24e77ef1c6d - commit 7ecc9d3 - ext4: correct the misjudgment in ext4_iget_extra_inode (bsc#1206878). - commit b931654 - ext4: correct max_inline_xattr_value_size computing (bsc#1206878). - commit fde0a78 - ext4: fix use-after-free in ext4_xattr_set_entry (bsc#1206878). - commit a4c76a4 - ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h (bsc#1206878). - commit ecac58a - ext4: fix extent status tree race in writeback error recovery path (bsc#1206877). - commit 35c3734 - ext4: update s_overhead_clusters in the superblock during an on-line resize (bsc#1206876). - commit 4ca9666 - ext4: correct the error path of ext4_write_inline_data_end() (bsc#1206875). - commit 9ad9468 - blacklist.conf: blacklist 5dccdc5a1916 - commit 8417a93 - blacklist.conf: blacklist efc61345274d - commit 8078536 - blacklist.conf: blacklist 5a3b590d4b2d - commit 5590cb0 - ext4: Detect already used quota file early (bsc#1206873). - commit 0136eeb - blacklist.conf: Blacklist 0f5bde1db174 - commit 66ece1b - blacklist.conf: blacklist f25391ebb475 - commit b3ab927 - ext4: avoid race conditions when remounting with options that change dax (bsc#1206860). Refresh patches.suse/ext4-dont-warn-when-enabling-DAX.patch - commit 89b7d84 - blacklist.conf: Add ppc ddw fix only applicable to 5.15 - commit ce185e4 - ext4: convert BUG_ON's to WARN_ON's in mballoc.c (bsc#1206859). - commit c933ca2 - blacklist.conf: blacklist a17a9d935dc4 - commit 267ec30 - ext4: use matching invalidatepage in ext4_writepage (bsc#1206858). - commit 9adbb3f - ext4: mark block bitmap corrupted when found instead of BUGON (bsc#1206857). - commit 0b7c7d5 - ext4: fix a data race at inode-&gt;i_disksize (bsc#1206855). - commit 6032d35 - ext4: choose hardlimit when softlimit is larger than hardlimit in ext4_statfs_project() (bsc#1206854). - commit 1fdf2d9 - blacklist.conf: blacklist 4068664e3cd2 - commit 3a30037 - blacklist.conf: Add active memory.high throttling fixups - d397a45fc741 mm, memcg: fix corruption on 64-bit divisor in memory.high throttling - e26733e0d0ec mm, memcg: throttle allocators based on ancestral memory.high - 9b8b17541f13 mm, memcg: do not high throttle allocators based on wraparound - commit 0508c0b - sched/psi: Fix sampling error and rare div0 crashes with cgroups and high uptime (bsc#1206841). - commit d518fcd - scsi: lpfc: Remove linux/msi.h include (jsc#PED-1445). - scsi: lpfc: Update lpfc version to 14.2.0.9 (jsc#PED-1445). - scsi: lpfc: Fix crash involving race between FLOGI timeout and devloss handler (jsc#PED-1445). - scsi: lpfc: Fix MI capability display in cmf_info sysfs attribute (jsc#PED-1445). - scsi: lpfc: Correct bandwidth logging during receipt of congestion sync WCQE (jsc#PED-1445). - scsi: lpfc: Fix WQ|CQ|EQ resource check (jsc#PED-1445). - scsi: lpfc: Use memset_startat() helper (jsc#PED-1445). - scsi: lpfc: Remove redundant pointer 'lp' (jsc#PED-1445). - string.h: Introduce memset_startat() for wiping trailing members and padding (jsc#PED-1445). - commit 76decfc - scsi: qla2xxx: Fix crash when I/O abort times out (jsc#PED-568). - scsi: qla2xxx: Initialize vha-&gt;unknown_atio_[list, work] for NPIV hosts (jsc#PED-568). - scsi: qla2xxx: Remove duplicate of vha-&gt;iocb_work initialization (jsc#PED-568). - scsi: qla2xxx: Remove unused variable 'found_devs' (jsc#PED-568). - scsi: qla2xxx: Fix set-but-not-used variable warnings (jsc#PED-568). - commit b04c714 - blacklist.conf: pSeries and powernv get dt from firmware - commit 47ec098 - powerpc/pseries/eeh: use correct API for error log size (bsc#1065729). - powerpc/perf: callchain validate kernel stack pointer bounds (bsc#1065729). - powerpc/xive: add missing iounmap() in error path in xive_spapr_populate_irq_data() (fate#322438 git-fixes). - powerpc/pci: Fix get_phb_number() locking (bsc#1065729). - powerpc/64: Init jump labels before parse_early_param() (bsc#1065729). - commit 3405c6d - powerpc/pseries: unregister VPA when hot unplugging a CPU (bsc#1205695 ltc#200603). - commit 3d8dab2 - Fix kABI breakage in usb.h: struct usb_device: hide new member (bsc#1206664 CVE-2022-4662). - commit a53ec27 - USB: core: Prevent nested device-reset calls (bsc#1206664 CVE-2022-4662). - commit 2d03a85 - drm: mali-dp: potential dereference of null pointer (CVE-2022-3115 bsc#1206393). - commit 9246c67 - wifi: wilc1000: validate pairwise and authentication suite offsets (CVE-2022-47520 bsc#1206515). - commit 10a48d9 - kabi/severities: ignore kABI change for meson driver fix (CVE-2022-3112 bsc#1206399) - commit cecc04a - media: meson: vdec: potential dereference of null pointer (CVE-2022-3112 bsc#1206399). - commit 32c7d25 - Bluetooth: L2CAP: Fix use-after-free caused by l2cap_reassemble_sdu (CVE-2022-3564 bsc#1206073). - commit 5495793 - Update patch reference for BT fix (CVE-2022-3564 bsc#1206073) - commit a5136f0 - udf: Fix a slab-out-of-bounds write bug in udf_find_entry() (bsc#1206649). - commit 81eb278 - udf_get_extendedattr() had no boundary checks (bsc#1206648). - commit 2ff0ceb - udf: Fix iocharset=utf8 mount option (bsc#1206647). - commit 6d30f6e - udf: Fix NULL pointer dereference in udf_symlink function (bsc#1206646). - commit aa42b50 - udf: fix silent AED tagLocation corruption (bsc#1206645). - commit a3bf788 - udf: fix the problem that the disc content is not displayed (bsc#1206644). - commit baed6fa - udf: Limit sparing table size (bsc#1206643). - commit 10a39e1 - udf: Avoid accessing uninitialized data on failed inode read (bsc#1206642). - commit 8c98e30 - udf: Fix free space reporting for metadata and virtual partitions (bsc#1206641). - commit 0743d18 - quota: Check next/prev free block number after reading from quota file (bsc#1206640). - commit f8fb63e - blacklist.conf: Blacklist dd5532a4994b - commit 836bdfa - blacklist.conf: Blacklist dfc2d2594e4a - commit dd5297d - blacklist.conf: Blacklist f4c2d372b89a - commit fc7d11b - ext4: iomap that extends beyond EOF should be marked dirty (bsc#1206637). - commit e1b2dad - blacklist.conf: Blacklist 02f03c4206c1 - commit bb8f69f - isofs: joliet: Fix iocharset=utf8 mount option (bsc#1206636). - commit 9374be1 - mm/filemap.c: clear page error before actual read (bsc#1206635). - commit 5e80ff2 - lib/notifier-error-inject: fix error when writing -errno to debugfs file (bsc#1206634). - commit dea9978 - libfs: add DEFINE_SIMPLE_ATTRIBUTE_SIGNED for signed value (bsc#1206634). - commit 2504e98 - blacklist.conf: Blacklist 9066e151c379 - commit 966d217 - sbitmap: fix lockup while swapping (bsc#1206602). - commit 008171d - struct usbnet: move new members to end (git-fixes). - commit f647bb2 - net: usb: cdc_ncm: don't spew notifications (git-fixes). - Refresh patches.suse/0002-Add-a-void-suse_kabi_padding-placeholder-to-some-USB.patch. - commit 6bb9cb6 - blacklist.conf: (&quot;/arm64: dts: armada-3720-turris-mox: add firmware node&quot;/) - commit 77ea716 - arm64: dts: marvell: Add AP806-dual missing CPU clocks (git-fixes) - commit 954a96f - blacklist.conf: (&quot;/crypto: arm64/aes-neonbs - add return value of skcipher_walk_done()&quot;/) - commit 8dcdb26 - arm64: tegra: Fix 'active-low' warning for Jetson Xavier regulator (git-fixes) - commit c3c7089 - arm64: psci: Reduce the waiting time for cpu_psci_cpu_kill() (git-fixes). - commit ae4388c - net: usb: qmi_wwan: add u-blox 0x1342 composition (git-fixes). - commit 47e48bc - rtc: pcf85063: Fix reading alarm (git-fixes). - commit 3b1fc33 - efi: Add iMac Pro 2017 to uefi skip cert quirk (git-fixes). - commit 1dc7c8f - commit 71ea896 - Update patches.suse/RDMA-uverbs-Check-for-null-return-of-kmalloc_array.patch (CVE-2022-3105 bsc#1206398 git-fixes). - commit 66cd628 - Update patches.suse/drm-amdkfd-Check-for-null-pointer-after-calling-kmem.patch (CVE-2022-3108 bsc#1206389 git-fixes). - commit 7c181a5 - RDMA/uverbs: Check for null return of kmalloc_array (CVE-2022-3105 bsc#1206398 git-fixes). - commit 73b6bff - Update patches.suse/sfc_ef100-potential-dereference-of-null-pointer.patch (jsc#SLE-16683 CVE-2022-3106 bsc#1206397). - commit 3e8cb15 - Update patches.suse/msft-hv-2553-hv_netvsc-Add-check-for-kvmalloc_array.patch (CVE-2022-3107 bsc#1206395 git-fixes). - commit d5698e3 - Update patches.suse/power-supply-wm8350-power-Add-missing-free-in-free_c.patch (CVE-2022-3111 bsc#1206394 git-fixes). - commit 2ff0fd7 - blacklist.conf: cosmetic, does not fix a bug - commit c7bc28a - dt-bindings: clocks: imx8mp: Add ID for usb suspend clock (git-fixes). - commit 4972874 - tracing: Free buffers when a used dynamic event is removed (git-fixes). - commit 3703499 - tracing/dynevent: Delete all matched events (git-fixes). - commit dcf29de - tracing: Add tracing_reset_all_online_cpus_unlocked() function (git-fixes). - commit 6ce4166 - blacklist.conf: Risky, requires reworking of mempolicies - commit e11ba4b - blacklist.conf: Risky semantic change for hugetlbfs runtime allocation - commit 8dbcec6 - mm, page_alloc: avoid expensive reclaim when compaction may not succeed (bsc#1204250). - commit f800975 - afs: Fix some tracing details (git-fixes). - commit 161393a - blacklist.conf: cosmetic fix - commit 39c4f5a - usb: host: xhci-hub: fix extra endianness conversion (git-fixes). - commit 3574ccc - memcg: Fix possible use-after-free in memcg_write_event_control() (bsc#1206344). - commit d0798c9 - s390/boot: add secure boot trailer (bsc#1205256 LTC#1205256). - commit 2e9f75b - net: mana: Fix race on per-CQ variable napi work_done (git-fixes). - commit 935369b - Update patches.suse/drm-amd-display-memory-leak.patch (CVE-2019-19083 bsc#1157049 bnc#1151927 5.3.8). Update the metadata of this patch and in particular its commit ID. This fix was committed twice upstream, and we used one commit ID in all branches except SLE15-SP3 where we use the other one. Align this branch with what was done in all other branches. Benefits: * No need to blacklist the other commit ID as it was never mentioned in stable trees. * Minimize the differences between branches to lower the risk of merge conflicts. I verified that the resulting source tree is exactly the same before and after this change. - commit 27c76af - Rename 0001-drm-amd-display-memory-leak.patch Use the same name as in all other branches for consistency. - commit 9d96a87 - ipv6: ping: fix wrong checksum for large frames (bsc#1203183). - commit 6426714 - proc: proc_skip_spaces() shouldn't think it is working on C strings (CVE-2022-4378 bsc#1206207). - proc: avoid integer type confusion in get_proc_long (CVE-2022-4378 bsc#1206207). - commit 1e50bbf - ext4: Fixup pages without buffers (bsc#1205495). - commit ad24b58 - kbuild: Unify options for BTF generation for vmlinux and modules (bsc#1204693). - Refresh patches.suse/kbuild-Add-skip_encoding_btf_enum64-option-to-pahole.patch. - commit 5bc49fe - fuse: lock inode unconditionally in fuse_fallocate() (bsc#1206179). - fuse: fix use after free in fuse_read_interrupt() (bsc#1206178). - cuse: prevent clone (bsc#1206177). - fuse: fix the -&gt;direct_IO() treatment of iov_iter (bsc#1206176). - fuse: update attr_version counter on fuse_notify_inval_inode() (bsc#1206175). - fuse: don't check refcount after stealing page (bsc#1206174). - commit 8cb708c - Refresh patches.kabi/kABI-remove-new-member-of-usbip_device.patch. - commit bf09767 - Refresh patches.suse/x86-speculation-Disable-RRSBA-behavior.patch. Fix up after merge from cve/5.3. The patch can be closer to upstream in 15sp3 as we have more than in the cve branch. - commit 344ce75 - x86/bugs: Make sure MSR_SPEC_CTRL is updated properly upon resume from S3 (bsc#1206037). - commit df768bd - xen/netback: don't call kfree_skb() with interrupts disabled (bsc#1206114, XSA-424, CVE-2022-42328, CVE-2022-42329). - commit 18b6c2b - xen/netback: Ensure protocol headers don't fall in the non-linear area (bsc#1206113, XSA-423, CVE-2022-3643). - commit ef1bd8e - blacklist.conf: 2e5383d7904e cgroup1: don't call release_agent when it is &quot;/&quot;/ - commit dce5fa8 - Rename colliding patches before the next cve/linux-5.3 -&gt; SLE15-SP3 merge - commit ff0c181 - docs/kernel-parameters: Update descriptions for &quot;/mitigations=&quot;/ param with retbleed (bsc#1199657 CVE-2022-29900 CVE-2022-29901 bsc#1203271 bsc#1206032). - commit 012ee9f - Update patches.suse/x86-bugs-Add-AMD-retbleed-boot-parameter.patch (bsc#1199657 CVE-2022-29900 CVE-2022-29901 bsc#1203271 bsc#1206032). - Refresh patches.suse/x86-bugs-Add-retbleed-ibpb.patch. - Refresh patches.suse/x86-bugs-Enable-STIBP-for-JMP2RET.patch. Fix mitigations=off to imply retbleed=off (bsc#1206032). - commit f959a8e - Do not enable CONFIG_ATARI_PARTITION (jsc#PED-1573) - commit 2043e6b - ceph: allow ceph.dir.rctime xattr to be updatable (bsc#1205989). - ceph: lockdep annotations for try_nonblocking_invalidate (bsc#1205988). - ceph: request Fw caps before updating the mtime in ceph_write_iter (bsc#1205987). - ceph: remove bogus checks and WARN_ONs from ceph_set_page_dirty (bsc#1205986). - ceph: fix fscache invalidation (bsc#1205985). - ceph: do not access the kiocb after aio requests (bsc#1205984). - commit 3a3eff6 - kabi: sk_buff.scm_io_uring (bsc#1204228 CVE-2022-2602). - commit 1cb9473 - io_uring/af_unix: defer registered files gc to io_uring release (bsc#1204228 CVE-2022-2602). - commit fee5862 - hwmon: (coretemp) fix pci device refcount leak in nv1a_ram_new() (git-fixes). - hwmon: (coretemp) Check for null before removing sysfs attrs (git-fixes). - hwmon: (ibmpex) Fix possible UAF when ibmpex_register_bmc() fails (git-fixes). - hwmon: (i5500_temp) fix missing pci_disable_device() (git-fixes). - commit fdf27d9 - cifs: skip extra NULL byte in filenames (bsc#1204791). - commit 482b418 - block: Do not reread partition table on exclusively open device (bsc#1190969). - commit 1d888c0 - atm: idt77252: fix use-after-free bugs caused by tst_timer (CVE-2022-3635 bsc#1204631). - commit 81a86f3 - Update patch reference for ATM fix (CVE-2022-3635 bsc#1204631) - commit f11d21c - Move upstreamed i915 patch into sorted section - commit 4f7c541 - net: ethernet: renesas: ravb: Fix promiscuous mode after system resumed (git-fixes). - wifi: mac8021: fix possible oob access in ieee80211_get_rate_duration (git-fixes). - wifi: cfg80211: fix buffer overflow in elem comparison (git-fixes). - net: ethernet: nixge: fix NULL dereference (git-fixes). - net: phy: fix null-ptr-deref while probe() failed (git-fixes). - can: cc770: cc770_isa_probe(): add missing free_cc770dev() (git-fixes). - can: sja1000_isa: sja1000_isa_probe(): add missing free_sja1000dev() (git-fixes). - commit c233552 - Add support for enabling livepatching related packages on -RT (jsc#PED-1706) - commit 9d41244 - xen/privcmd: fix error exit of privcmd_ioctl_dm_op() (git-fixes). - commit a2d69de - xen/privcmd: Corrected error handling path (git-fixes). - commit 9273ea4 - blacklist.conf: add 5c13a4a0291b3019 - commit f414b37 - xen/gntdev: Prevent leaking grants (git-fixes). - commit d068003 - xen/gntdev: Ignore failure to unmap INVALID_GRANT_HANDLE (git-fixes). - commit 310f73b - xen/gntdev: Avoid blocking in unmap_grant_pages() (git-fixes). - commit e66563b - xen: delay xen_hvm_init_time_ops() if kdump is boot on vcpu&gt;=32 (git-fixes). - commit 2026fbd - blacklist.conf: add e8240addd0a39 - commit c8fea7d - blacklist.conf: add 0f4558ae91870 - commit 1f46313 - xen: Fix XenStore initialisation for XS_LOCAL (git-fixes). - commit b1da831 - xen/pcpu: fix possible memory leak in register_pcpu() (git-fixes). - commit 7bcfa5e - xen/balloon: fix cancelled balloon action (git-fixes). - commit df9a18a - Refresh patches.suse/ibmvnic-Properly-dispose-of-all-skbs-during-a-failov.patch. Fix metadata - commit b7e4dba - xen/balloon: fix balloon kthread freezing (git-fixes). - commit 5c64258 - ibmvnic: Free rwi on reset success (bsc#1184350 ltc#191533 git-fixes). - commit 390f969 - Xen/gntdev: don't ignore kernel unmapping error (git-fixes). - commit d1d28ba - xen-netback: correct success/error reporting for the SKB-with-fraglist case (git-fixes). - commit 26320ba - xen/balloon: use a kernel thread instead a workqueue (git-fixes). - commit cb178a9 - arm/xen: Don't probe xenbus as part of an early initcall (git-fixes). - commit 6b23717 - x86/xen: Add xen_no_vector_callback option to test PCI INTX delivery (git-fixes). - commit c3e71c4 - xen/xenbus: Fix granting of vmalloc'd memory (git-fixes). - Refresh patches.suse/xen-xenbus-don-t-let-xenbus_grant_ring-remove-grants.patch. - commit b773587 - xen: Fix event channel callback via INTX/GSI (git-fixes). - commit f009c3f - x86/xen: don't unbind uninitialized lock_kicker_irq (git-fixes). - commit dc41a1f - usb: dwc3: gadget: Clear ep descriptor last (git-fixes). - commit 9eafa9a - swiotlb-xen: use vmalloc_to_page on vmalloc virt addresses (git-fixes). - commit a448c92 - xen/xenbus: ensure xenbus_map_ring_valloc() returns proper grant status (git-fixes). - commit eda3b54 - xenbus: req-&gt;err should be updated before req-&gt;state (git-fixes). - commit b68f2a5 - xenbus: req-&gt;body should be updated before req-&gt;state (git-fixes). - commit 43d862b - x86/xen: Distribute switch variables for initialization (git-fixes). - commit 0f71692 - xen/balloon: fix ballooned page accounting without hotplug enabled (git-fixes). - commit e768449 - xen-blkback: prevent premature module unload (git-fixes). - commit 55eaccd - USB: serial: option: add u-blox LARA-L6 modem (git-fixes). - commit 5b34629 - USB: serial: option: add u-blox LARA-R6 00B modem (git-fixes). - commit 48c193f - USB: serial: option: remove old LARA-R6 PID. - commit 50cfc4c - USB: serial: option: add Fibocom FM160 0x0111 composition (git-fixes). - commit 3cf3877 - usb: add NO_LPM quirk for Realforce 87U Keyboard (git-fixes). - commit 6ac2249 - usb: chipidea: fix deadlock in ci_otg_del_timer (git-fixes). - commit 774f54f - drm/i915: fix TLB invalidation for Gen12 video and compute engines (CVE-2022-4139 bsc#1205700). - commit 58aaa10 - Refresh patches.suse/misc-sgi-gru-fix-use-after-free-error-in-gru_set_con.patch (CVE-2022-3424 bsc#1204166) Taken from v10 patch in char-misc subsystem tree - commit 09cd28d - blacklist.conf: duplicate - commit 468555e - blacklist.conf: cosmetic fix - commit a8e199d - net: usb: qmi_wwan: Set DTR quirk for MR400 (git-fixes). - commit bc1c359 - rndis_host: increase sleep time in the query-response loop (git-fixes). - commit 1a77104 - net: usb: qmi_wwan: restore mtu min/max values after raw_ip switch (git-fixes). - commit 43cdbc4 - HID: roccat: Fix use-after-free in roccat_read() (bsc#1203960 CVE-2022-41850). - commit 3bef7b9 - Drivers: hv: vmbus: fix possible memory leak in vmbus_device_register() (git-fixes). - Drivers: hv: vmbus: fix double free in the error path of vmbus_add_channel_work() (git-fixes). - v3 of &quot;/PCI: hv: Only reuse existing IRTE allocation for Multi-MSI&quot;/ - scsi: storvsc: Fix handling of srb_status and capacity change events (git-fixes). - commit e4d40ab - Bluetooth: L2CAP: Fix u8 overflow (CVE-2022-45934 bsc#1205796). - commit 9a43bb4 - usb: dwc3: exynos: Fix remove() function (git-fixes). - spi: spi-imx: Fix spi_bus_clk if requested clock is higher than input clock (git-fixes). - USB: serial: option: add u-blox LARA-L6 modem (git-fixes). - USB: serial: option: add u-blox LARA-R6 00B modem (git-fixes). - USB: serial: option: remove old LARA-R6 PID (git-fixes). - USB: serial: option: add Fibocom FM160 0x0111 composition (git-fixes). - USB: serial: option: add Sierra Wireless EM9191 (git-fixes). - usb: add NO_LPM quirk for Realforce 87U Keyboard (git-fixes). - usb: chipidea: fix deadlock in ci_otg_del_timer (git-fixes). - slimbus: stream: correct presence rate frequencies (git-fixes). - siox: fix possible memory leak in siox_device_add() (git-fixes). - commit acc3c71 - iio: core: Fix entry not deleted when iio_register_sw_trigger_type() fails (git-fixes). - iio: light: rpr0521: add missing Kconfig dependencies (git-fixes). - iio: health: afe4404: Fix oob read in afe4404_[read|write]_raw (git-fixes). - iio: health: afe4403: Fix oob read in afe4403_read_raw (git-fixes). - iio: light: apds9960: fix wrong register for gesture gain (git-fixes). - regulator: twl6030: re-add TWL6032_SUBCLASS (git-fixes). - regulator: core: fix UAF in destroy_regulator() (git-fixes). - regulator: core: fix kobject release warning and memory leak in regulator_register() (git-fixes). - nfc: st-nci: fix memory leaks in EVT_TRANSACTION (git-fixes). - nfc: st-nci: fix incorrect validating logic in EVT_TRANSACTION (git-fixes). - NFC: nci: fix memory leak in nci_rx_data_packet() (git-fixes). - nfc: s3fwrn5: Fix potential memory leak in s3fwrn5_nci_send() (git-fixes). - nfc: nfcmrvl: Fix potential memory leak in nfcmrvl_i2c_nci_send() (git-fixes). - nfc/nci: fix race with opening and closing (git-fixes). - Input: i8042 - fix leaking of platform device on module removal (git-fixes). - Input: iforce - invert valid length check when fetching device IDs (git-fixes). - serial: 8250_lpss: Configure DMA also w/o DMA filter (git-fixes). - serial: 8250: Fall back to non-DMA Rx if IIR_RDI occurs (git-fixes). - serial: imx: Add missing .thaw_noirq hook (git-fixes). - serial: 8250: omap: Flush PM QOS work on remove (git-fixes). - serial: 8250: omap: Fix unpaired pm_runtime_put_sync() in omap8250_remove() (git-fixes). - serial: 8250_omap: remove wait loop from Errata i202 workaround (git-fixes). - parport_pc: Avoid FIFO port location truncation (git-fixes). - misc/vmw_vmci: fix an infoleak in vmci_host_do_receive_datagram() (git-fixes). - iio: adc: at91_adc: fix possible memory leak in at91_adc_allocate_trigger() (git-fixes). - iio: pressure: ms5611: changed hardcoded SPI speed to value limited (git-fixes). - iio: trigger: sysfs: fix possible memory leak in iio_sysfs_trig_init() (git-fixes). - mmc: sdhci-pci: Fix possible memory leak caused by missing pci_dev_put() (git-fixes). - mmc: sdhci-pci-o2micro: fix card detect fail issue caused by CD# debounce timeout (git-fixes). - mmc: core: properly select voltage range without power cycle (git-fixes). - mmc: sdhci-of-arasan: Fix SDHCI_RESET_ALL for CQHCI (git-fixes). - mmc: cqhci: Provide helper for resetting both SDHCI and CQHCI (git-fixes). - platform/x86: hp_wmi: Fix rfkill causing soft blocked wifi (git-fixes). - drivers: net: slip: fix NPD bug in sl_tx_timeout() (git-fixes). - commit d87f9df - ASoC: max98373: Add checks for devm_kcalloc (git-fixes). - dma-buf: fix racing conflict of dma_heap_add() (git-fixes). - bus: sunxi-rsb: Support atomic transfers (git-fixes). - drm: Fix potential null-ptr-deref in drm_vblank_destroy_worker() (git-fixes). - drm/drv: Fix potential memory leak in drm_dev_init() (git-fixes). - drm/panel: simple: set bpc field for logic technologies displays (git-fixes). - ALSA: usb-audio: Drop snd_BUG_ON() from snd_usbmidi_output_open() (git-fixes). - ASoC: soc-utils: Remove __exit for snd_soc_util_exit() (git-fixes). - ASoC: core: Fix use-after-free in snd_soc_exit() (git-fixes). - ALSA: hda: fix potential memleak in 'add_widget_node' (git-fixes). - ALSA: usb-audio: Add DSD support for Accuphase DAC-60 (git-fixes). - ALSA: usb-audio: Add quirk entry for M-Audio Micro (git-fixes). - ALSA: hda/ca0132: add quirk for EVGA Z390 DARK (git-fixes). - i2c: i801: add lis3lv02d's I2C address for Vostro 5568 (git-fixes). - drm/imx: imx-tve: Fix return type of imx_tve_connector_mode_valid (git-fixes). - Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm (git-fixes). - ASoC: codecs: jz4725b: Fix spelling mistake &quot;/Sourc&quot;/ -&gt; &quot;/Source&quot;/, &quot;/Routee&quot;/ -&gt; &quot;/Route&quot;/ (git-fixes). - ASoC: codecs: jz4725b: fix capture selector naming (git-fixes). - ASoC: codecs: jz4725b: use right control for Capture Volume (git-fixes). - ASoC: codecs: jz4725b: fix reported volume for Master ctl (git-fixes). - ASoC: codecs: jz4725b: add missed Line In power control bit (git-fixes). - ASoC: wm8962: Add an event handler for TEMP_HP and TEMP_SPK (git-fixes). - ASoC: wm8997: Revert &quot;/ASoC: wm8997: Fix PM disable depth imbalance in wm8997_probe&quot;/ (git-fixes). - ASoC: wm5110: Revert &quot;/ASoC: wm5110: Fix PM disable depth imbalance in wm5110_probe&quot;/ (git-fixes). - ASoC: wm5102: Revert &quot;/ASoC: wm5102: Fix PM disable depth imbalance in wm5102_probe&quot;/ (git-fixes). - commit 27fe82f - x86/kexec: Fix double-free of elf header buffer (bsc#1205567). - commit 25c2f2d - Refresh patches.suse/nfsd4-fix-NULL-dereference-in-nfsd-clients-display-c.patch. - Delete patches.suse/nfsd-show_open-NULL-deref.patch. These patches are for the same git commit, so merging. &quot;/return SEQ_SKIP&quot;/ is changed to &quot;/return 0&quot;/ to match upstream. Difference is only important if some content has already been generated. In that case SEQ_SKIP discards it and 0 leaves it. Here we haven't generated any content. bsc#1205753 - commit 4d06f59 - l2tp: Serialize access to sk_user_data with sk_callback_lock (bsc#1205711 CVE-2022-4129). - commit add2103 - net: fix a concurrency bug in l2tp_tunnel_register() (bsc#1205711 CVE-2022-4129). - commit ced1fd6 - Drop incorrectly doubly applied patches for brcmfmac and vc4 (bsc#1205753) - commit 5941245 - arm64: dts: imx8mm: Fix NAND controller size-cells (git-fixes) - commit 7b66fa8 - blacklist.conf: kvm_arch_no_poll() is called only once already - commit 3bc62c2 - KVM: s390: pv: don't allow userspace to set the clock under PV (git-fixes). - KVM: s390: Fix handle_sske page fault handling (git-fixes). - KVM: s390: Add a routine for setting userspace CPU state (git-fixes). - KVM: s390: Simplify SIGP Set Arch handling (git-fixes). - KVM: s390: get rid of register asm usage (git-fixes). - KVM: s390: reduce number of IO pins to 1 (git-fixes). - commit 76c25b0 - Bluetooth: L2CAP: Fix attempting to access uninitialized memory (CVE-2022-42895 bsc#1205705). - Bluetooth: L2CAP: Fix accepting connection request for invalid SPSM (CVE-2022-42896 bsc#1205709). - commit fc4b67c - Update patch reference for Bluetooth fix (CVE-2022-42895 bsc#1205705) - commit 0d77342 - blacklist.conf: Unnecessary build config fix. - commit 68959f0 - scsi: zfcp: Fix double free of FSF request when qdio send fails (git-fixes). - s390: fix nospec table alignments (git-fixes). - s390: Remove arch_has_random, arch_has_random_seed (git-fixes). - commit 55df511 - iwlwifi: dbg: disable ini debug in 9000 family and below (git-fixes). - commit 152ef40 - blacklist.conf: kABI - commit 509fe6c - blacklist.conf: kABI - commit 8bad736 - drivers: net: slip: fix NPD bug in sl_tx_timeout() (bsc#1205671 CVE-2022-41858). - commit dd6f85a - md/raid5: Ensure stripe_fill happens on non-read IO with journal (git-fixes). - commit cac2314 - md: Replace snprintf with scnprintf (git-fixes). - Replaced the in-house patch by the above upstream patch, patches.suse/md-raid0-fix-buffer-overflow-at-debug-print.patch. - commit 8c3cff2 - dm raid: fix address sanitizer warning in raid_resume (git-fixes). - dm raid: fix address sanitizer warning in raid_status (git-fixes). - dm: return early from dm_pr_call() if DM device is suspended (git-fixes). - dm thin: fix use-after-free crash in dm_sm_register_threshold_callback (git-fixes). - dm writecache: set a default MAX_WRITEBACK_JOBS (git-fixes). - dm raid: fix accesses beyond end of raid member array (git-fixes). - dm mirror log: clear log bits up to BITS_PER_LONG boundary (git-fixes). - dm era: commit metadata in postsuspend after worker stops (git-fixes). - dm mpath: only use ktime_get_ns() in historical selector (git-fixes). - dm integrity: set journal entry unused when shrinking device (git-fixes). - dm verity fec: fix misaligned RS roots IO (git-fixes). - dm writecache: fix writing beyond end of underlying device when shrinking (git-fixes). - dm writecache: return the exact table values that were set (git-fixes). - commit e0e374e - dm: fix request-based DM to not bounce through indirect dm_submit_bio (git-fixes). - Refresh for the above change, patches.suse/blk-mq-clear-stale-request-in-tags-rq-before-freeing.patch. - commit 259862c - dm: remove special-casing of bio-based immutable singleton target on NVMe (git-fixes). - commit 31a00a1 - blacklist.conf: add non-backport git-fixes commit - commit 42c7406 - nfsd: set the server_scope during service startup (bsc#1203746). - commit 3d5973a - NFSD: Cap rsize_bop result based on send buffer size (bsc#1205128 CVE-2022-43945). - NFSD: Protect against send buffer overflow in NFSv3 READ (bsc#1205128 CVE-2022-43945). - NFSD: Protect against send buffer overflow in NFSv2 READ (bsc#1205128 CVE-2022-43945). - NFSD: Protect against send buffer overflow in NFSv3 READDIR (bsc#1205128 CVE-2022-43945). - NFSD: Protect against send buffer overflow in NFSv2 READDIR (bsc#1205128 CVE-2022-43945). - commit e93318a - blacklist.conf: Add 74e4b956eb1c cgroup: Honor caller's cgroup NS when resolving path - commit 99fc524 - add another bug reference to some hyperv changes (bsc#1205617). - commit b575115 - blacklist.conf: cleanup - commit b0b46b5 - media: vim2m: initialize the media device earlier (git-fixes). - commit c5af813 - media: vivid: fix assignment of dev-&gt;fbuf_out_flags (git-fixes). - commit 2431c97 - rtc: mt6397: fix alarm register overwrite (git-fixes). - commit 95d4e3d - staging: greybus: light: fix a couple double frees (git-fixes). - commit 58bdfb3 - blacklist.conf: duplicate - commit 3dd1632 - tracing: Fix wild-memory-access in register_synth_event() (git-fixes). - commit 7dac608 - ftrace: Fix null pointer dereference in ftrace_add_mod() (git-fixes). - commit 4244693 - ring_buffer: Do not deactivate non-existant pages (git-fixes). - commit 464f48f - ftrace: Optimize the allocation for mcount entries (git-fixes). - commit c7550d0 - ftrace: Fix the possible incorrect kernel message (git-fixes). - commit 47e4dec - ring-buffer: Include dropped pages in counting dirty patches (git-fixes). - commit 284d26b - tracing/ring-buffer: Have polling block on watermark (git-fixes). - commit d2a2e4f - ftrace: Fix use-after-free for dynamic ftrace_ops (git-fixes). - commit b801309 - powerpc/kvm: Fix kvm_use_magic_page (bsc#1156395). - commit 3c8b93e - powerpc/boot: Explicitly disable usage of SPE instructions (bsc#1156395). - commit 0bc0054 - blacklist.conf: Add fixes for unsupported platforms - commit 27bff58 - Update patch reference for rtl8712 driver fix (CVE-2022-4095 bsc#1205514) - commit 8075958 - staging: rtl8712: fix use after free bugs (CVE-2022-4095 bsc#1205514). - commit d8c38e0 - ipv6: Fix data races around sk-&gt;sk_prot (bsc#1204414 CVE-2022-3567). - commit 12fec90 - ipv6: annotate some data-races around sk-&gt;sk_prot (bsc#1204414 CVE-2022-3567). - commit 3b01230 - KVM: nVMX: Invalidate all EPTP contexts when emulating INVEPT for L1 (git-fixes). - commit d56f1ae - KVM: nVMX: Validate the EPTP when emulating INVEPT(EXTENT_CONTEXT) (git-fixes). - commit 26dc9e3 - kvm: nVMX: reflect MTF VM-exits if injected by L1 (git-fixes). - commit 2f5ac01 - blacklist.conf: add 514ccc194971d0 (&quot;/x86/kvm: fix a missing-prototypes &quot;/vmread_error&quot;/&quot;/) - commit c73c5e6 - KVM: VMX: Always VMCLEAR in-use VMCSes during crash with kexec support (git-fixes). - commit 038458a - KVM: nVMX: clear PIN_BASED_POSTED_INTR from nested pinbased_ctls only when apicv is globally disabled (git-fixes). - commit c95874c - mISDN: fix misuse of put_device() in mISDN_register_device() (git-fixes). - commit fea2547 - x86/speculation: Disable RRSBA behavior (bsc#1201455 CVE-2022-28693). - commit 1c08940 - net: thunderbolt: Fix error handling in tbnet_init() (git-fixes). - net/x25: Fix skb leak in x25_lapb_receive_frame() (git-fixes). - mISDN: fix possible memory leak in mISDN_dsp_element_register() (git-fixes). - commit d89f3be - Move upstreamed fbdev fix into sorted section - commit c2656f7 - pinctrl: devicetree: fix null pointer dereferencing in pinctrl_dt_to_map (git-fixes). - ata: libata-transport: fix error handling in ata_tdev_add() (git-fixes). - ata: libata-transport: fix error handling in ata_tlink_add() (git-fixes). - ata: libata-transport: fix error handling in ata_tport_add() (git-fixes). - ata: libata-transport: fix double ata_host_put() in ata_tport_add() (git-fixes). - dmaengine: at_hdmac: Check return code of dma_async_device_register (git-fixes). - dmaengine: at_hdmac: Fix impossible condition (git-fixes). - dmaengine: at_hdmac: Don't allow CPU to reorder channel enable (git-fixes). - dmaengine: at_hdmac: Fix completion of unissued descriptor in case of errors (git-fixes). - dmaengine: at_hdmac: Don't start transactions at tx_submit level (git-fixes). - dmaengine: at_hdmac: Fix at_lli struct definition (git-fixes). - dmaengine: mv_xor_v2: Fix a resource leak in mv_xor_v2_remove() (git-fixes). - dmaengine: pxa_dma: use platform_get_irq_optional (git-fixes). - spi: stm32: Print summary 'callbacks suppressed' message (git-fixes). - drm/i915/dmabuf: fix sg_table handling in map_dma_buf (git-fixes). - drm/vc4: Fix missing platform_unregister_drivers() call in vc4_drm_register() (git-fixes). - hamradio: fix issue of dev reference count leakage in bpq_device_event() (git-fixes). - wifi: cfg80211: fix memory leak in query_regdb_file() (git-fixes). - wifi: cfg80211: silence a sparse RCU warning (git-fixes). - phy: stm32: fix an error code in probe (git-fixes). - capabilities: fix undefined behavior in bit shift for CAP_TO_MASK (git-fixes). - firmware: arm_scmi: Suppress the driver's bind attributes (git-fixes). - drm/i915/sdvo: Setup DDC fully before output init (git-fixes). - drm/i915/sdvo: Filter out invalid outputs more sensibly (git-fixes). - drm/rockchip: dsi: Force synchronous probe (git-fixes). - ata: pata_legacy: fix pdc20230_set_piomode() (git-fixes). - Bluetooth: L2CAP: Fix attempting to access uninitialized memory (git-fixes). - Bluetooth: L2CAP: Fix use-after-free caused by l2cap_reassemble_sdu (git-fixes). - isdn: mISDN: netjet: fix wrong check of device registration (git-fixes). - mISDN: fix possible memory leak in mISDN_register_device() (git-fixes). - nfc: nfcmrvl: Fix potential memory leak in nfcmrvl_i2c_nci_send() (git-fixes). - nfc: s3fwrn5: Fix potential memory leak in s3fwrn5_nci_send() (git-fixes). - fbdev: smscufx: Fix several use-after-free bugs (git-fixes). - xhci: Remove device endpoints from bandwidth list when freeing the device (git-fixes). - media: venus: dec: Handle the case where find_format fails (git-fixes). - media: v4l2: Fix v4l2_i2c_subdev_set_name function documentation (git-fixes). - media: meson: vdec: fix possible refcount leak in vdec_probe() (git-fixes). - media: dvb-frontends/drxk: initialize err to 0 (git-fixes). - HID: saitek: add madcatz variant of MMO7 mouse device ID (git-fixes). - USB: add RESET_RESUME quirk for NVIDIA Jetson devices in RCM (git-fixes). - commit 87c5230 - usbip: usbip_event: use global lock (git-fixes). - commit dfdff40 - usbip: synchronize event handler with sysfs code paths (git-fixes). - commit 02e148d - usbip: vudc_sysfs: use global lock (git-fixes). - commit 0d41db9 - usbip: vudc synchronize sysfs code paths (git-fixes). - commit 436bc70 - usbip: stub_dev: remake locking for kABI (git-fixes). - commit 9d2c460 - kABI: remove new member of usbip_device (git-fixes). - usbip: stub-dev synchronize sysfs code paths (git-fixes). - usbip: add sysfs_lock to synchronize sysfs code paths (git-fixes). - commit a40ec71 - blacklist.conf: kABI - commit 304049d - blacklist.conf: kABI - commit 18d7f9f - usb: dwc3: fix PHY disable sequence (git-fixes). - commit b0b38c0 - blacklist.conf: too intrusive - commit c4ba71f - x86/cpu: Restore AMD's DE_CFG MSR after resume (bsc#1205473). - commit 84f9a38 - blacklist.conf: inapplicable - commit f1ebd1d - vmlinux.lds.h: Fix placement of '.data..decrypted' section (git-fixes). - commit 8070192 - x86/microcode/AMD: Apply the patch early on every logical thread (bsc#1205264). - commit 761173c - kabi: fix transport_add_device change (git-fixes). - commit 9ff4597 - s390/futex: add missing EX_TABLE entry to __futex_atomic_op() (bsc#1205428 LTC#200501). - s390/uaccess: add missing EX_TABLE entries to __clear_user(), copy_in_user_mvcos(), copy_in_user_mvc(), clear_user_xc() and __strnlen_user() (bsc#1205428 LTC#200501). - commit 402d4fe - scsi: scsi_transport_sas: Fix error handling in sas_phy_add() (git-fixes). - scsi: drivers: base: Propagate errors through the transport component (git-fixes). - scsi: drivers: base: Support atomic version of attribute_container_device_trigger (git-fixes). - commit 7f6d450 - blacklist.conf: skip git-fix that is too invasive - commit e017099 - blk-mq: Properly init requests from blk_mq_alloc_request_hctx() (git-fixes). - rbd: fix possible memory leak in rbd_sysfs_init() (git-fixes). - blk-wbt: call rq_qos_add() after wb_normal is initialized (git-fixes). - loop: Check for overflow while configuring loop (git-fixes). - blktrace: Trace remapped requests correctly (git-fixes). - blk-mq: don't create hctx debugfs dir until q-&gt;debugfs_dir is created (git-fixes). - block: fix infinite loop for invalid zone append (git-fixes). - nbd: fix possible overflow on 'first_minor' in nbd_dev_add() (git-fixes). - virtio_blk: fix the discard_granularity and discard_alignment queue limits (git-fixes). - virtio_blk: eliminate anonymous module_init &amp; module_exit (git-fixes). - block: limit request dispatch loop duration (git-fixes). - virtio-blk: Don't use MAX_DISCARD_SEGMENTS if max_discard_seg is zero (git-fixes). - block-map: add __GFP_ZERO flag for alloc_page in function bio_copy_kern (git-fixes). - block: use &quot;/unsigned long&quot;/ for blk_validate_block_size() (git-fixes). - nbd: fix possible overflow for 'first_minor' in nbd_dev_add() (git-fixes). - block: ataflop: more blk-mq refactoring fixes (git-fixes). - nbd: Fix use-after-free in pid_show (git-fixes). - block: ataflop: fix breakage introduced at blk-mq refactoring (git-fixes). - virtio-blk: Use blk_validate_block_size() to validate block size (git-fixes). - block: Add a helper to validate the block size (git-fixes). - scsi: bsg: Remove support for SCSI_IOCTL_SEND_COMMAND (git-fixes). - block: nbd: add sanity check for first_minor (git-fixes). - blk-crypto: fix check for too-large dun_bytes (git-fixes). - nbd: handle device refs for DESTROY_ON_DISCONNECT properly (git-fixes). - null_blk: Fail zone append to conventional zones (git-fixes). - null_blk: synchronization fix for zoned device (git-fixes). - commit 3b9349e - Update references of patches.suse/s390-pci-add-missing-EX_TABLE-entries-to-__pcistg_mio_inuser-__pcilg_mio_inuser (bsc#1205428 LTC#200501). - commit b4aa54c - arm64: dts: juno: Add thermal critical trip points (git-fixes) - commit 2be09ac - blacklist.conf: (&quot;/arm64: topology: move store_cpu_topology() to shared code&quot;/) - commit 68eedfd - blacklist.conf: (&quot;/arm64: topology: fix possible overflow in amu_fie_setup()&quot;/) - commit 4b45d2c - arm64: errata: Remove AES hwcap for COMPAT tasks (git-fixes) Enable CONFIG_ARM64_ERRATUM_1742098 in arm64/default. Update patches.suse/KVM_arm64_Add-templates-for-BHB-mitigation-sequences.patch And refresh kABI patch. - commit 543771f - Drop NVMeoF support for TP 8013 &amp; 8014 (bsc#1192761 bsc#1204827) The kernel side for the TP 8013 and 8014 support was added before we finished implementing the feature support in nvme-cli in 2.x. As it turns out the rather old base version of nvme-cli would require to completely re-implement the support for these feature for the 1.x branch. As SP3 is nearing it's end of the active update cycle, we decided against to update the nvme-cli package hence these patches for the kernel are not needed. In fact they introduce, regression due to the nvme-cli package not able to do handle the new API correctly. So let's remove these patches as there is no user for it. - Refresh patches.suse/nvme-add-iopolicy-module-parameter.patch. - Delete patches.kabi/kabi-fix-nvme-subsystype-change.patch. - Delete patches.suse/nvme-Add-connect-option-discovery.patch. - Delete patches.suse/nvme-add-CNTRLTYPE-definitions-for-identify-controll.patch. - Delete patches.suse/nvme-add-new-discovery-log-page-entry-definitions.patch. - Delete patches.suse/nvme-display-correct-subsystem-NQN.patch. - Delete patches.suse/nvme-expose-subsystem-type-in-sysfs-attribute-subsys.patch. - Delete patches.suse/nvmet-add-nvmet_is_disc_subsys-helper.patch. - Delete patches.suse/nvmet-add-nvmet_req_subsys-helper.patch. - Delete patches.suse/nvmet-don-t-check-iosqes-iocqes-for-discovery-contro.patch. - Delete patches.suse/nvmet-make-discovery-NQN-configurable.patch. - Delete patches.suse/nvmet-register-discovery-subsystem-as-current.patch. - Delete patches.suse/nvmet-set-CNTRLTYPE-in-the-identify-controller-data.patch. - Delete patches.suse/nvmet-switch-check-for-subsystem-type.patch. - commit 65fe080 - panic, kexec: make __crash_kexec() NMI safe (git-fixes). - kexec: turn all kexec_mutex acquisitions into trylocks (git-fixes). - commit 3521cb1 - v3 of &quot;/PCI: hv: Only reuse existing IRTE allocation for Multi-MSI&quot;/ (bsc#1200845) - PCI: hv: Fix the definition of vector in hv_compose_msi_msg() (bsc#1200845). - hv_netvsc: Fix race between VF offering and VF association message from host (bsc#1204850). - scsi: storvsc: Drop DID_TARGET_FAILURE use (git-fixes). - scsi: storvsc: Remove WQ_MEM_RECLAIM from storvsc_error_wq (git-fixes). - PCI: hv: Fix synchronization between channel callback and hv_pci_bus_exit() (bsc#1204017). - PCI: hv: Add validation for untrusted Hyper-V values (git-fixes). - PCI: hv: Fix synchronization between channel callback and hv_compose_msi_msg() (bsc#1204017). - Drivers: hv: vmbus: Introduce {lock,unlock}_requestor() (bsc#1204017). - Drivers: hv: vmbus: Introduce vmbus_request_addr_match() (bsc#1204017). - Drivers: hv: vmbus: Introduce vmbus_sendpacket_getid() (bsc#1204017). - PCI: hv: Use vmbus_requestor to generate transaction IDs for VMbus hardening (bsc#1204017). - Drivers: hv: vmbus: Fix handling of messages with transaction ID of zero (bsc#1204017). - Drivers: hv: vmbus: Add VMbus IMC device to unsupported list (git-fixes). - hv_netvsc: Fix potential dereference of NULL pointer (git-fixes). - hv_netvsc: Print value of invalid ID in netvsc_send_{completion,tx_complete}() (git-fixes). - net: hyperv: remove use of bpf_op_t (git-fixes). - Drivers: hv: vmbus: Replace smp_store_mb() with virt_store_mb() (git-fixes). - Drivers: hv: vmbus: Prevent load re-ordering when reading ring buffer (git-fixes). - Drivers: hv: vmbus: Fix potential crash on module unload (git-fixes). - net: netvsc: remove break after return (git-fixes). - x86/hyperv: Output host build info as normal Windows version number (git-fixes). - hv_netvsc: Add check for kvmalloc_array (git-fixes). - Drivers: hv: vmbus: Fix memory leak in vmbus_add_channel_kobj (git-fixes). - PCI: hv: Use PCI_ERROR_RESPONSE to identify config read errors (bsc#1204446). - hv_netvsc: Use bitmap_zalloc() when applicable (git-fixes). - PCI: hv: Remove unnecessary use of %hx (bsc#1204446). - hv_netvsc: use netif_is_bond_master() instead of open code (git-fixes). - scsi: storvsc: Fix validation for unsolicited incoming packets (bsc#1204017). - PCI: hv: Fix sleep while in non-sleep context when removing child devices from the bus (bsc#1204446). - PCI: hv: Support for create interrupt v3 (bsc#1204446). - scsi: storvsc: Use scsi_cmd_to_rq() instead of scsi_cmnd.request (git-fixes). - hv: hyperv.h: Remove unused inline functions (git-fixes). - scsi: storvsc: Log TEST_UNIT_READY errors as warnings (git-fixes). - Drivers: hv: vmbus: Fix duplicate CPU assignments within a device (git-fixes). - PCI: hv: Remove bus device removal unused refcount/functions (bsc#1204446). - PCI: hv: Fix a race condition when removing the device (bsc#1204446). - scsi: storvsc: Correctly handle multiple flags in srb_status (git-fixes). - scsi: storvsc: Update error logging (git-fixes). - scsi: storvsc: Miscellaneous code cleanups (git-fixes). - PCI: hv: Add check for hyperv_initialized in init_hv_pci_drv() (bsc#1204446). - drivers: hv: Fix missing error code in vmbus_connect() (git-fixes). - hv_utils: Fix passing zero to 'PTR_ERR' warning (git-fixes). - scsi: storvsc: Use blk_mq_unique_tag() to generate requestIDs (bsc#1204017). - PCI: hv: Drop msi_controller structure (bsc#1204446). - hv_netvsc: Add error handling while switching data path (bsc#1204850). - hv_netvsc: Add a comment clarifying batching logic (git-fixes). - scsi: storvsc: Parameterize number hardware queues (git-fixes). - Drivers: hv: vmbus: remove unused function (git-fixes). - Drivers: hv: vmbus: Remove unused linux/version.h header (git-fixes). - drivers: hv: Fix EXPORT_SYMBOL and tab spaces issue (git-fixes). - Drivers: hv: vmbus: Drop error message when 'No request id available' (bsc#1204017). - PCI: hv: Fix typo (bsc#1204446). - scsi: storvsc: Return DID_ERROR for invalid commands (git-fixes). - scsi: storvsc: Validate length of incoming packet in storvsc_on_channel_callback() (bsc#1204017). - scsi: storvsc: Resolve data race in storvsc_probe() (bsc#1204017). - scsi: storvsc: Fix max_outstanding_req_per_channel for Win8 and newer (bsc#1204017). - Drivers: hv: vmbus: Add /sys/bus/vmbus/hibernation (git-fixes). - hv_netvsc: Allocate the recv_buf buffers after NVSP_MSG1_TYPE_SEND_RECV_BUF (git-fixes). - hv_netvsc: Process NETDEV_GOING_DOWN on VF hot remove (bsc#1204850). - hv_netvsc: Wait for completion on request SWITCH_DATA_PATH (bsc#1204017). - hv_netvsc: Check VF datapath when sending traffic to VF (git-fixes). - x86/hyperv: check cpu mask after interrupt has been disabled (git-fixes). - use __netdev_notify_peers in hyperv (git-fixes). - drivers/hv: remove obsolete TODO and fix misleading typo in comment (git-fixes). - drivers: hv: vmbus: Fix checkpatch SPLIT_STRING (git-fixes). - hv_netvsc: Validate number of allocated sub-channels (git-fixes). - drivers: hv: vmbus: Fix call msleep using &lt; 20ms (git-fixes). - drivers: hv: vmbus: Fix checkpatch LINE_SPACING (git-fixes). - drivers: hv: vmbus: Replace symbolic permissions by octal permissions (git-fixes). - drivers: hv: Fix hyperv_record_panic_msg path on comment (git-fixes). - hv_netvsc: Use vmbus_requestor to generate transaction IDs for VMBus hardening (bsc#1204017). - scsi: storvsc: Use vmbus_requestor to generate transaction IDs for VMBus hardening (bsc#1204017). - Drivers: hv: vmbus: Add vmbus_requestor data structure for VMBus hardening (bsc#1204017). - Revert &quot;/scsi: storvsc: Validate length of incoming packet in storvsc_on_channel_callback()&quot;/ (bsc#1204017). - scsi: storvsc: Validate length of incoming packet in storvsc_on_channel_callback() (bsc#1204017). - commit 5f3eadd - fuse: add file_modified() to fallocate (bsc#1205330). - fuse: fix readdir cache race (bsc#1205329). - commit 199a84c - netfilter: nfnetlink_osf: fix possible bogus match in nf_osf_find() (bsc#1204614). - commit e9ccbaa - usb: xhci: add XHCI_SPURIOUS_SUCCESS to ASM1042 despite being a V0.96 controller (git-fixes). - commit 9593f85 - blacklist.conf: add some git-fixes commits which won't be backported - commit 19d26a3 - media: mceusb: Use new usb_control_msg_*() routines (CVE-2022-3903 bsc#1205220). - media: mceusb: fix control-message timeouts (CVE-2022-3903 bsc#1205220). - USB: core: return -EREMOTEIO on short usb_control_msg_recv() (CVE-2022-3903 bsc#1205220). - USB: correct API of usb_control_msg_send/recv (CVE-2022-3903 bsc#1205220). - USB: core: message.c: use usb_control_msg_send() in a few places (CVE-2022-3903 bsc#1205220). - USB: add usb_control_msg_send() and usb_control_msg_recv() (CVE-2022-3903 bsc#1205220). - USB: move snd_usb_pipe_sanity_check into the USB core (CVE-2022-3903 bsc#1205220). - commit 575009a - drm/i915/gvt: fix double free bug in split_2MB_gtt_entry (bsc#1204780, CVE-2022-3707) - commit 1da3c8a - Refresh sorted patches. - commit 759ab14 - scsi: ibmvscsis: Increase INITIAL_SRP_LIMIT to 1024 (bsc#1156395). - commit 6ad0462 - r8152: add PID for the Lenovo OneLink+ Dock (git-fixes). - commit 3de57a1 - Refresh patches.suse/scsi-ibmvfc-Do-not-wait-for-initial-device-scan.patch. Refresh to upstream version of patch. - commit 381d74e - r8152: use new helper tcp_v6_gso_csum_prep (git-fixes). - commit b1a7e6a - scsi: ibmvfc: Avoid path failures during live migration (bsc#1065729 bsc#1204810 ltc#200162). - commit 617a752 - rpm/check-for-config-changes: add TOOLCHAIN_HAS_* to IGNORED_CONFIGS_RE This new form was added in commit b8c86872d1dc (riscv: fix detection of toolchain Zicbom support). - commit e9f2ba6 - ring-buffer: Check for NULL cpu_buffer in ring_buffer_wake_waiters() (git-fixes). - commit f0e9f4a - r8152: Add MAC passthrough support to new device (git-fixes). - commit 2c0b0e4 - Add suse-kernel-rpm-scriptlets to kmp buildreqs (boo#1205149) - commit 888e01e - s390/ptrace: return -ENOSYS when invalid syscall is supplied (git-fixes). - Refresh patches.suse/s390-ptrace-pass-invalid-syscall-numbers-to-tracing. - commit 49c6928 - s390/pci: add missing EX_TABLE entries to __pcistg_mio_inuser()/__pcilg_mio_inuser() (git-fixes). - s390/dasd: fix Oops in dasd_alias_get_start_dev due to missing pavgroup (git-fixes). - s390/boot: fix absolute zero lowcore corruption on boot (git-fixes). - s390/hugetlb: fix prepare_hugepage_range() check for 2 GB hugepages (bsc#1203144 LTC#199881). - s390: fix double free of GS and RI CBs on fork() failure (git-fixes). - scsi: zfcp: Fix missing auto port scan and thus missing target ports (git-fixes). - s390/zcore: fix race when reading from hardware system area (git-fixes). - vfio/ccw: Do not change FSM state in subchannel event (git-fixes). - KVM: s390: pv: leak the topmost page table when destroy fails (git-fixes). - s390/mm: use non-quiescing sske for KVM switch to keyed guest (git-fixes). - KVM: s390: pv: avoid stalls when making pages secure (git-fixes). - s390/disassembler: increase ebpf disasm buffer size (git-fixes). - s390/zcrypt: fix zcard and zqueue hot-unplug memleak (git-fixes). - s390/cpcmd: fix inline assembly register clobbering (git-fixes). - s390/vtime: fix inline assembly clobber list (git-fixes). - s390: mark __cpacf_query() as __always_inline (git-fixes). - commit 2fade04 - xfs: trylock underlying buffer on dquot flush (git-fixes). - commit 114228e - xfs: tail updates only need to occur when LSN changes (git-fixes). - commit 9d404a5 - xfs: factor common AIL item deletion code (git-fixes). - commit b1771cc - xfs: Throttle commits on delayed background CIL push (git-fixes). - commit e58ad94 - xfs: Lower CIL flush limit for large logs (git-fixes). - commit 66c16cf - xfs: Use scnprintf() for avoiding potential buffer overflow (git-fixes). - commit 1495b79 - xfs: check owner of dir3 blocks (git-fixes). - commit cb50471 - xfs: xfs_buf_corruption_error should take __this_address (git-fixes). - commit 840c497 - xfs: rework collapse range into an atomic operation (git-fixes). - commit cfa7b45 - xfs: rework insert range into an atomic operation (git-fixes). - commit a96f43c - xfs: open code insert range extent split helper (git-fixes). - commit f1b0ddb - blacklist.conf: ignore unapplicable rdma patches - commit 38abdf0 - Refresh patches.suse/ppc64-kdump-Limit-kdump-base-to-512MB.patch to upstream version. - commit bb3e9b2 - NFSv3: use nfs_add_or_obtain() to create and reference inodes (bsc#1204215). - Refresh patches.suse/nfs-fix-acl-memory-leak-of-posix_acl_create.patch. - commit d9aeac3 - NFS: Refactor nfs_instantiate() for dentry referencing callers (bsc#1204215). - Refresh patches.suse/NFS-Don-t-revalidate-the-directory-permissions-on-a-.patch. - commit 50b85ce - Update patch references to patches.suse/0001-floppy-disable-FDRAWCMD-by-default.patch (bsc#1200692 CVE-2022-33981). - commit 2a514c4 - wifi: brcmfmac: Fix potential buffer overflow in brcmf_fweh_event_worker() (CVE-2022-3628 bsc#1204868). - commit c0bd14a - selftests/livepatch: better synchronize test_klp_callbacks_busy (bsc#1071995). - commit 5cc1f06 - blacklist.conf: livepatch: 32-bit only - commit ed4af6c - livepatch: Add a missing newline character in klp_module_coming() (bsc#1071995). - commit cbc1bb8 - livepatch: fix race between fork and KLP transition (bsc#1071995). - commit ed70923 - workqueue: don't skip lockdep work dependency in cancel_work_sync() (bsc#1204967). - commit d7d8431 - scsi: lpfc: Update the obsolete adapter list (bsc#1204142). - commit e027fbe - scsi: qla2xxx: Use transport-defined speed mask for supported_speeds (bsc#1204963). - scsi: qla2xxx: Fix serialization of DCBX TLV data request (bsc#1204963). - commit 2f0e70b - usb: dwc3: qcom: fix runtime PM wakeup. - commit 770ebb2 - usb: dwc3: qcom: fix use-after-free on runtime-PM wakeup (git-fixes). - commit 1b57243 - printk: wake waiters for safe and NMI contexts (bsc#1204934). - commit 16527ab - blacklist.conf: cleanup - commit a1ca722 - printk: use atomic updates for klogd work (bsc#1204934). - commit 60be5fc - printk: add missing memory barrier to wake_up_klogd() (bsc#1204934). - commit 270aa51 - blacklist.conf: this patch implements a feature implied, but not implemented - commit d863db7 - usb: dwc3: gadget: Fix null pointer exception (git-fixes). - commit b825ac2 - RDMA/qedr: Add support for user mode XRC-SRQ's (git-fixes) - commit 2d07106 - RDMA/qedr: Fix reporting max_{send/recv}_wr attrs (git-fixes) - commit 0dbe04a - blacklist.conf: workqueue: put back cancel_work(); would be needed only when backporting recent amdgpu stuff - commit 9a9dea9 - RDMA/qedr: Remove unsupported qedr_resize_cq callback (git-fixes) - commit 8229886 - scsi: lpfc: Update lpfc version to 14.2.0.8 (bsc#1204957). - scsi: lpfc: Create a sysfs entry called lpfc_xcvr_data for transceiver info (bsc#1204957). - scsi: lpfc: Log when congestion management limits are in effect (bsc#1204957). - scsi: lpfc: Fix hard lockup when reading the rx_monitor from debugfs (bsc#1204957). - scsi: lpfc: Set sli4_param's cmf option to zero when CMF is turned off (bsc#1204957). - scsi: lpfc: Fix spelling mistake &quot;/unsolicted&quot;/ -&gt; &quot;/unsolicited&quot;/ (bsc#1204957). - scsi: lpfc: Fix memory leak in lpfc_create_port() (bsc#1204957). - commit 641ed8b - RDMA/rxe: Fix memory leak in error path code (git-fixes) - commit 9c6ee14 - RDMA/core/sa_query: Remove unused argument (git-fixes) - commit 23d84da - RDMA/hns: Fix spelling mistakes of original (git-fixes) - commit 1db7560 - blacklist.conf: Ignore build fixes for crypto selftest config Build fixes for crypto selftest with CRYPTO_MANAGER_DISABLE_TESTS!=y and CRYPTO=m - commit 423d58a - RDMA/mlx5: Use different doorbell memory for different processes (git-fixes) Refresh: - patches.suse/RDMA-mlx5-Remove-unused-parameter-udata.patch - commit fd05a52 - Update patches.suse/kbuild-Add-skip_encoding_btf_enum64-option-to-pahole.patch (bsc#1204693). - commit 26595bd - RDMA/usnic: fix set-but-not-unused variable 'flags' warning (git-fixes) - commit 293bf91 - IB/rdmavt: Add __init/__exit annotations to module init/exit funcs (git-fixes) - commit f7baf6a - RDMA/siw: Always consume all skbuf data in sk_data_ready() upcall. (git-fixes) - commit d355c79 - RDMA/rxe: Fix the error caused by qp-&gt;sk (git-fixes) - commit 6d0ef48 - RDMA/rxe: Fix &quot;/kernel NULL pointer dereference&quot;/ error (git-fixes) - commit 9205fa0 - RDMA/siw: Pass a pointer to virt_to_page() (git-fixes) - commit 7daf160 - RDMA/cma: Fix arguments order in net device validation (git-fixes) - commit 7890ffd - RDMA/rtrs-srv: Pass the correct number of entries for dma mapped SGL (git-fixes) - commit cc2cd02 - RDMA/rxe: Fix error unwind in rxe_create_qp() (git-fixes) - commit 4332868 - RDMA/mlx5: Add missing check for return value in get namespace flow (git-fixes) - commit 19e84c3 - RDMA/rxe: Fix rnr retry behavior (git-fixes) - commit db88b1b - RDMA/siw: Fix duplicated reported IW_CM_EVENT_CONNECT_REPLY event (git-fixes) - commit c8db39b - RDMA/qedr: Fix potential memory leak in __qedr_alloc_mr() (git-fixes) - commit e28b8f5 - RDMA: remove useless condition in siw_create_cq() (git-fixes) - commit 4c36066 - RDMA/cm: Fix memory leak in ib_cm_insert_listen (git-fixes) - commit 3ec31d2 - RDMA/qedr: Fix reporting QP timeout attribute (git-fixes) - commit 26de3e3 - RDMA/hfi1: Fix potential integer multiplication overflow errors (git-fixes) - commit 9d4253b - RDMA/rxe: Generate a completion for unsupported/invalid opcode (git-fixes) - commit 92bff10 - RDMA/hns: Remove unnecessary check for the sgid_attr when modifying QP (git-fixes) - commit e806a5b - RDMA/siw: Fix a condition race issue in MPA request processing (git-fixes) - commit 709fd3a - IB/cm: Cancel mad on the DREQ event when the state is MRA_REP_RCVD (git-fixes) - commit 121ed63 - RDMA/mlx5: Fix memory leak in error flow for subscribe event routine (git-fixes) - commit 1408298 - IB/cma: Allow XRC INI QPs to set their local ACK timeout (git-fixes) - commit 8a4119a - RDMA/qedr: Fix NULL deref for query_qp on the GSI QP (git-fixes) - commit f1870dd - RDMA/mlx4: Return missed an error if device doesn't support steering (git-fixes) - commit 53e12a2 - RDMA/bnxt_re: Fix query SRQ failure (git-fixes) - commit 3389a3f - RDMA/rxe: Fix wrong port_cap_flags (git-fixes) - commit a3b0ded - RDMA/sa_query: Use strscpy_pad instead of memcpy to copy a string (git-fixes) - commit 12260f5 - IB/hfi1: Fix abba locking issue with sc_disable() (git-fixes) - commit 7c89c4a - IB/qib: Protect from buffer overflow in struct qib_user_sdma_pkt fields (git-fixes) - commit 1259749 - RDMA/mlx5: Set user priority for DCT (git-fixes) - commit b499161 - RDMA/cma: Ensure rdma_addr_cancel() happens before issuing more requests (git-fixes) - commit 74e3ed2 - RDMA/efa: Remove double QP type assignment (git-fixes) - commit 858283b - RDMA/iwcm: Release resources if iw_cm module initialization fails (git-fixes) - commit 47de10e - IB/hfi1: Adjust pkey entry in index 0 (git-fixes) - commit 385ff05 - RDMA/efa: Free IRQ vectors on error flow (git-fixes) - commit 2498525 - IB/hfi1: Fix possible null-pointer dereference in _extend_sdma_tx_descs() (git-fixes) - commit 96f828c - RDMA/bnxt_re: Add missing spin lock initialization (git-fixes) - commit 49315d8 - RDMA/rxe: Don't overwrite errno from ib_umem_get() (git-fixes) - commit dc6482e - RDMA/rxe: Fix redundant skb_put_zero (git-fixes) - commit 4b744b6 - RDMA/rxe: Fix extra copy in prepare_ack_packet (git-fixes) - commit b0c4366 - RDMA/rxe: Remove unused pkt-&gt;offset (git-fixes) - commit 2e0cf31 - RDMA/rxe: Fix over copying in get_srq_wqe (git-fixes) - commit 8d71bad - RDMA/rxe: Fix extra copies in build_rdma_network_hdr (git-fixes) - commit 2b87978 - RDMA/rxe: Fix redundant call to ip_send_check (git-fixes) - commit 6f47c39 - RDMA/rxe: Fix failure during driver load (git-fixes) - commit bb23773 - RDMA/core: Sanitize WQ state received from the userspace (git-fixes) - commit 1ebcca8 - IB/core: Only update PKEY and GID caches on respective events (git-fixes) - commit 242d271 - IB/srpt: Remove redundant assignment to ret (git-fixes) - commit 1421a09 - RDMA: Verify port when creating flow rule (git-fixes) - commit 75b7985 - IB/mlx4: Use port iterator and validation APIs (git-fixes) - commit c3aa778 - RDMA/mlx5: Block FDB rules when not in switchdev mode (git-fixes) - commit 097d131 - RDMA/rxe: Return CQE error if invalid lkey was supplied (git-fixes) - commit 8811d6a - RDMa/mthca: Work around -Wenum-conversion warning (git-fixes) - commit e6dae53 - RDMA/cxgb4: Remove MW support (git-fixes) - commit d49ea58 - RDMA/mlx5: Make mkeys always owned by the kernel's PD when not enabled (git-fixes) - commit fdca7b3 - RDMA/mlx5: Use set_mkc_access_pd_addr_fields() in reg_create() (git-fixes) - commit 289115b - RDMA/i40iw: Use ib_umem_num_dma_pages() (git-fixes) - commit ad98a0c - RDMA/efa: Use ib_umem_num_dma_pages() (git-fixes) - commit cda973b - RDMA/qib: Remove superfluous fallthrough statements (git-fixes) - commit 0c97417 - IB/mlx4: Add support for REJ due to timeout (git-fixes) - commit dd6c131 - Rename colliding patches before the next cve/linux-5.3 -&gt; SLE15-SP3 merge - commit a77f876 - kbuild: remove the target in signal traps when interrupted (git-fixes). - kbuild: sink stdout from cmd for silent build (git-fixes). - commit d17022d - blacklist.conf: Unnecessary S390 ARCHITECTURE fixes. - commit 8f1bd85 - kbuild: Add skip_encoding_btf_enum64 option to pahole (git-fixes). - kbuild: skip per-CPU BTF generation for pahole v1.18-v1.21 (jsc#SLE-24559). - commit 7b939ad - fbdev: cyber2000fb: fix missing pci_disable_device() (git-fixes). - fbdev: da8xx-fb: Fix error handling in .remove() (git-fixes). - iio: adc: mcp3911: use correct id bits (git-fixes). - iio: light: tsl2583: Fix module unloading (git-fixes). - usb: dwc3: gadget: Don't set IMI for no_interrupt (git-fixes). - usb: dwc3: gadget: Stop processing more requests on IMI (git-fixes). - usb: bdc: change state when port disconnected (git-fixes). - hwmon/coretemp: Handle large core ID value (git-fixes). - ACPI: extlog: Handle multiple records (git-fixes). - commit 77773fb - ftrace: Fix char print issue in print_ip_ins() (git-fixes). - commit d4a892d - tracing: Do not free snapshot if tracer is on cmdline (git-fixes). - commit 44c0d5c - tracing: Simplify conditional compilation code in tracing_set_tracer() (git-fixes). - commit 030e84d - ring-buffer: Fix race between reset page and reading page (git-fixes). - commit 500d3d5 - tracing: Wake up waiters when tracing is disabled (git-fixes). - commit 3f63b61 - tracing: Add ioctl() to force ring buffer waiters to wake up (git-fixes). - commit 1ac3e72 - tracing: Wake up ring buffer waiters on closing of the file (git-fixes). - kABI: Fix after adding trace_iterator.wait_index (git-fixes). - commit ee58509 - ring-buffer: Add ring_buffer_wake_waiters() (git-fixes). - commit daffb44 - ring-buffer: Check pending waiters when doing wake ups as well (git-fixes). - commit 8618e02 - ring-buffer: Have the shortest_full queue be the shortest not longest (git-fixes). - commit ebf21e7 - ring-buffer: Allow splice to read previous partially read pages (git-fixes). - commit 81e9520 - ftrace: Properly unset FTRACE_HASH_FL_MOD (git-fixes). - commit e2b6a1c - tracing: Disable interrupt or preemption before acquiring arch_spinlock_t (git-fixes). - commit 75ec285 - device property: Fix documentation for *_match_string() APIs (git-fixes). - PM: domains: Fix handling of unavailable/disabled idle states (git-fixes). - PM: hibernate: Allow hybrid sleep to work with s2idle (git-fixes). - mmc: core: Fix kernel panic when remove non-standard SDIO card (git-fixes). - mtd: rawnand: marvell: Use correct logic for nand-keep-config (git-fixes). - ALSA: aoa: Fix I2S device accounting (git-fixes). - ALSA: Use del_timer_sync() before freeing timer (git-fixes). - ALSA: aoa: i2sbus: fix possible memory leak in i2sbus_add_dev() (git-fixes). - ALSA: rme9652: use explicitly signed char (git-fixes). - ALSA: au88x0: use explicitly signed char (git-fixes). - ALSA: ac97: fix possible memory leak in snd_ac97_dev_register() (git-fixes). - drm/msm/hdmi: fix memory corruption with too many bridges (git-fixes). - drm/msm/dsi: fix memory corruption with too many bridges (git-fixes). - drm/msm: Fix return type of mdp4_lvds_connector_mode_valid (git-fixes). - can: kvaser_usb: Fix possible completions during init_completion (git-fixes). - openvswitch: switch from WARN to pr_warn (git-fixes). - can: mscan: mpc5xxx: mpc5xxx_can_probe(): add missing put_clock() in error path (git-fixes). - mac802154: Fix LQI recording (git-fixes). - media: videodev2.h: V4L2_DV_BT_BLANKING_HEIGHT should check 'interlaced' (git-fixes). - media: v4l2-dv-timings: add sanity checks for blanking values (git-fixes). - commit c820733 - Fix build warning Refreshed: patches.suse/mm-hugetlb-fix-races-when-looking-up-a-CONT-PTE-PMD-.patch - commit ca5cb24 - Add CVE reference to patches.suse/net-usb-ax88179_178a-Fix-out-of-bounds-accesses-in-R.patch (bsc#1196018 CVE-2022-28748 CVE-2022-2964). - commit 94992c9 - block: assign bi_bdev for cloned bios in blk_rq_prep_clone (bsc#1204328). - commit b9f2ea4 - thermal: intel_powerclamp: Use first online CPU as control_cpu (git-fixes). - HID: magicmouse: Do not set BTN_MOUSE on double report (git-fixes). - ALSA: oss: Fix potential deadlock at unregistration (git-fixes). - ALSA: rawmidi: Drop register_mutex in snd_rawmidi_free() (git-fixes). - ALSA: hda/realtek: Add Intel Reference SSID to support headset keys (git-fixes). - ALSA: hda/realtek: Add quirk for ASUS GV601R laptop (git-fixes). - clk: bcm2835: Make peripheral PLLC critical (git-fixes). - clk: zynqmp: pll: rectify rate rounding in zynqmp_pll_round_rate (git-fixes). - clk: zynqmp: Fix stack-out-of-bounds in strncpy` (git-fixes). - staging: rtl8723bs: fix a potential memory leak in rtw_init_cmd_priv() (git-fixes). - staging: vt6655: fix potential memory leak (git-fixes). - iio: pressure: dps310: Reset chip after timeout (git-fixes). - iio: pressure: dps310: Refactor startup procedure (git-fixes). - usb: add quirks for Lenovo OneLink+ Dock (git-fixes). - usb: idmouse: fix an uninit-value in idmouse_open (git-fixes). - usb: musb: Fix musb_gadget.c rxstate overflow bug (git-fixes). - usb: host: xhci: Fix potential memory leak in xhci_alloc_stream_info() (git-fixes). - power: supply: adp5061: fix out-of-bounds read in adp5061_get_chg_type() (git-fixes). - HSI: omap_ssi_port: Fix dma_map_sg error check (git-fixes). - HSI: omap_ssi: Fix refcount leak in ssi_probe (git-fixes). - HID: roccat: Fix use-after-free in roccat_read() (git-fixes). - media: cx88: Fix a null-ptr-deref bug in buffer_prepare() (git-fixes). - ata: libahci_platform: Sanity check the DT child nodes number (git-fixes). - ALSA: usb-audio: Fix potential memory leaks (git-fixes). - ALSA: usb-audio: Fix NULL dererence at error path (git-fixes). - drm/amdgpu: fix initial connector audio value (git-fixes). - drm: panel-orientation-quirks: Add quirk for Anbernic Win600 (git-fixes). - drm: Prevent drm_copy_field() to attempt copying a NULL pointer (git-fixes). - drm: Use size_t type for len variable in drm_copy_field() (git-fixes). - drm/nouveau/nouveau_bo: fix potential memory leak in nouveau_bo_alloc() (git-fixes). - platform/x86: msi-laptop: Change DMI match / alias strings to fix module autoloading (git-fixes). - mmc: sdhci-msm: add compatible string check for sdm670 (git-fixes). - Bluetooth: L2CAP: Fix user-after-free (git-fixes). - Bluetooth: hci_sysfs: Fix attempting to call device_add multiple times (git-fixes). - Bluetooth: L2CAP: initialize delayed works at l2cap_chan_create() (git-fixes). - wifi: rt2x00: correctly set BBP register 86 for MT7620 (git-fixes). - wifi: rt2x00: set SoC wmac clock register (git-fixes). - wifi: rt2x00: set VGC gain for both chains of MT7620 (git-fixes). - wifi: rt2x00: set correct TX_SW_CFG1 MAC register for MT7620 (git-fixes). - wifi: rt2x00: don't run Rt5592 IQ calibration on MT7620 (git-fixes). - wifi: brcmfmac: fix use-after-free bug in brcmf_netdev_start_xmit() (git-fixes). - can: bcm: check the result of can_send() in bcm_can_tx() (git-fixes). - wifi: ath9k: avoid uninit memory read in ath9k_htc_rx_msg() (git-fixes). - wifi: brcmfmac: fix invalid address access when enabling SCAN log level (git-fixes). - openvswitch: Fix overreporting of drops in dropwatch (git-fixes). - openvswitch: Fix double reporting of drops in dropwatch (git-fixes). - thermal: intel_powerclamp: Use get_cpu() instead of smp_processor_id() to avoid crash (git-fixes). - ACPI: video: Add Toshiba Satellite/Portege Z830 quirk (git-fixes). - HID: hidraw: fix memory leak in hidraw_release() (git-fixes). - commit 89baab9 - kthread: Extract KTHREAD_IS_PER_CPU (bsc#1204753). - commit 0463863 - mm/hugetlb: fix races when looking up a CONT-PTE/PMD size hugetlb page (bsc#1204575). - commit 06c4f04 - xfs: reserve data and rt quota at the same time (bsc#1203496). - commit fb82e46 - scsi: libsas: Fix use-after-free bug in smp_execute_task_sg() (git-fixes). - scsi: mpt3sas: Fix return value check of dma_get_required_mask() (git-fixes). - scsi: qla2xxx: Fix disk failure to rediscover (git-fixes). - commit 0ca6891 - mm: memcontrol: fix occasional OOMs due to proportional memory.low reclaim (bsc#1204754). - mm, memcg: avoid stale protection values when cgroup is above protection (bsc#1204754). - commit 0e7d107 - cgroup/cpuset: Enable update_tasks_cpumask() on top_cpuset (bsc#1204753). - commit b8640ed - blacklist.conf: Add cgroup: cgroup: Honor caller's cgroup NS when resolving cgroup id - commit d9d65d4 - powerpc/fadump: align destination address to pagesize (bsc#1204728 ltc#200074). - commit 618ab17 - fs: move S_ISGID stripping into the vfs_*() helpers (bsc#1198702 CVE-2021-4037). - commit 2f39bf9 - fs: Add missing umask strip in vfs_tmpfile (bsc#1198702 CVE-2021-4037). - commit ab394e7 - fs: add mode_strip_sgid() helper (bsc#1198702 CVE-2021-4037). - commit 536e02f - usb: mon: make mmapped memory read only (bsc#1204653 CVE-2022-43750). - commit 1f646df - blacklist.conf: add commit from git-fixes - commit c46aa6a - devlink: Fix use-after-free after a failed reload (bsc#1204637 CVE-2022-3625). - commit 3567978 - nvmem: core: Check input parameter for NULL in nvmem_unregister() (bsc#1204241). - commit 1b1642f - kABI: arm64/crypto/sha512 Preserve function signature (git-fixes). - commit 9ea634f - arm64: assembler: add cond_yield macro (git-fixes) - commit f628c0a - net: mvpp2: fix mvpp2 debugfs leak (bsc#1204417 CVE-2022-3535). - bnx2x: fix potential memory leak in bnx2x_tpa_stop() (bsc#1204402 CVE-2022-3542). - nfp: fix use-after-free in area_cache_get() (bsc#1204415 CVE-2022-3545). - commit 9a28d9e - nilfs2: fix leak of nilfs_root in case of writer thread creation failure (CVE-2022-3646 bsc#1204646). - nilfs2: fix use-after-free bug of struct nilfs_root (CVE-2022-3649 bsc#1204647). - vsock: Fix memory leak in vsock_connect() (CVE-2022-3629 bsc#1204635). - commit 772e9a5 - Bluetooth: L2CAP: fix use-after-free in l2cap_conn_del() (CVE-2022-3640 bsc#1204619). - commit b1ed4c2 - crypto: arm64/sha512-ce - simplify NEON yield (git-fixes) - commit d60e491 - crypto: arm64/sha3-ce - simplify NEON yield (git-fixes) - commit 477d56a - KVM: s390: pv: don't present the ecall interrupt twice (git-fixes). - KVM: s390x: fix SCK locking (git-fixes). - KVM: s390: Clarify SIGP orders versus STOP/RESTART (git-fixes). - KVM: s390: preserve deliverable_mask in __airqs_kick_single_vcpu (git-fixes). - KVM: s390: clear kicked_mask before sleeping again (git-fixes). - KVM: s390: VSIE: fix MVPG handling for prefixing and MSO (git-fixes). - KVM: s390: split kvm_s390_real_to_abs (git-fixes). - commit 1c45296 - crypto: arm64/sha2-ce - simplify NEON yield (git-fixes) - commit ec837bd - crypto: arm64/sha1-ce - simplify NEON yield (git-fixes) - commit bf7093a - crypto: arm64/sha - fix function types (git-fixes) - commit 887f265 - Update metadata references - commit 980fadf - blacklist.conf: (&quot;/arm64: Introduce a way to disable the 32bit vdso&quot;/) - commit 0591754 - KVM: x86: do not report a vCPU as preempted outside instruction boundaries (bsc#1203066 CVE-2022-39189). - commit 89982eb - nilfs2: fix NULL pointer dereference at nilfs_bmap_lookup_at_level() (CVE-2022-3621 bsc#1204574). - commit df5c951 - r8152: Rate limit overflow messages (CVE-2022-3594 bsc#1204479). - commit 488dede - HID: bigben: fix slab-out-of-bounds Write in bigben_probe (CVE-2022-3577 bsc#1204470). - commit e57339b - kcm: avoid potential race in kcm_tx_work (bsc#1204355 CVE-2022-3521). - commit d2eeccc - tcp/udp: Fix memory leak in ipv6_renew_options() (bsc#1204354 CVE-2022-3524). - commit ec8a71d - Update metadata references - commit 6d888aa - sch_sfb: Also store skb len before calling child enqueue (CVE-2022-3586 bsc#1204439). - sch_sfb: Don't assume the skb is still around after enqueueing to child (CVE-2022-3586 bsc#1204439). - commit bbd433f - mISDN: fix use-after-free bugs in l1oip timer handlers (CVE-2022-3565 bsc#1204431). - commit 1917bcf - net: ieee802154: return -EINVAL for unknown addr type (git-fixes). - commit 2d80805 - ACPI: HMAT: Release platform device in case of platform_device_add_data() fails (git-fixes). - rtc: stmp3xxx: Add failure handling for stmp3xxx_wdt_register() (git-fixes). - ALSA: hda/realtek: Correct pin configs for ASUS G533Z (git-fixes). - ALSA: hda/realtek: remove ALC289_FIXUP_DUAL_SPK for Dell 5530 (git-fixes). - Input: xpad - add supported devices as contributed on github (git-fixes). - USB: serial: qcserial: add new usb-id for Dell branded EM7455 (git-fixes). - USB: serial: ftdi_sio: fix 300 bps rate for SIO (git-fixes). - ALSA: hda: Fix position reporting on Poulsbo (git-fixes). - mmc: core: Terminate infinite loop in SD-UHS voltage switch (git-fixes). - firmware: arm_scmi: Add SCMI PM driver remove routine (git-fixes). - net/ieee802154: fix uninit value bug in dgram_sendmsg (git-fixes). - dmaengine: xilinx_dma: Report error in case of dma_set_mask_and_coherent API failure (git-fixes). - dmaengine: xilinx_dma: cleanup for fetching xlnx,num-fstores property (git-fixes). - rpmsg: qcom: glink: replace strncpy() with strscpy_pad() (git-fixes). - mmc: core: Replace with already defined values for readability (git-fixes). - commit ba86540 - struct pci_config_window kABI workaround (bsc#1204382). - commit b2287af - PCI: Dynamically map ECAM regions (bsc#1204382). - commit dc89dd6 - powerpc/mm: remove pmd_huge/pud_huge stubs and include hugetlb.h (bsc#1065729). - Refresh patches.suse/powerpc-mm-radix-Create-separate-mappings-for-hot-pl.patch - Refresh patches.suse/powerpc-mm-radix-Remove-split_kernel_mapping.patch - commit 852bb71 - rpm/check-for-config-changes: loosen pattern for AS_HAS_* This is needed to handle CONFIG_AS_HAS_NON_CONST_LEB128. - commit bdc0bf7 - Revert &quot;/usb: storage: Add quirk for Samsung Fit flash&quot;/ (git-fixes). - commit c4ea05c - USB: serial: qcserial: add new usb-id for Dell branded EM7455 (git-fixes). - commit 72baa22 - powerpc/mm/64s: Drop pgd_huge() (bsc#1065729). - powerpc/powernv: add missing of_node_put() in opal_export_attrs() (bsc#1065729). - powerpc/pci_dn: Add missing of_node_put() (bsc#1065729). - commit 11a4b1b - powerpc/kprobes: Fix null pointer reference in arch_prepare_kprobe() (jsc#SLE-13847 git-fixes). - powerpc/64: Remove unused SYS_CALL_TABLE symbol (jsc#SLE-9246 git-fixes). - commit 98b4617 - xfs: remove obsolete AGF counter debugging (git-fixes). - commit 6b3cbd8 - xfs: hoist out xfs_resizefs_init_new_ags() (git-fixes). - commit c80d128 - xfs: rename `new' to `delta' in xfs_growfs_data_private() (git-fixes). - commit 7994309 - xfs: streamline xfs_attr3_leaf_inactive (git-fixes). - commit d0ec732 - xfs: fix memory corruption during remote attr value buffer invalidation (git-fixes). - commit 63ac0a8 - xfs: refactor remote attr value buffer invalidation (git-fixes). - commit cdcab38 - xfs: fix s_maxbytes computation on 32-bit kernels (git-fixes). - commit 260cd8e - xfs: move incore structures out of xfs_da_format.h (git-fixes). - commit f916b39 - xfs: add missing assert in xfs_fsmap_owner_from_rmap (git-fixes). - commit 7d88bfe - xfs: slightly tweak an assert in xfs_fs_map_blocks (git-fixes). - commit dc70b98 - mmc: sdhci-sprd: Fix minimum clock limit (git-fixes). - wifi: iwlwifi: mvm: fix double list_add at iwl_mvm_mac_wake_tx_queue (other cases) (git-fixes). - wifi: mac80211: do not drop packets smaller than the LLC-SNAP header on fast-rx (git-fixes). - can: kvaser_usb_leaf: Fix CAN state after restart (git-fixes). - can: kvaser_usb_leaf: Fix TX queue out of sync after restart (git-fixes). - can: kvaser_usb: Fix use of uninitialized completion (git-fixes). - mISDN: hfcpci: Fix use-after-free bug in hfcpci_softirq (git-fixes). - watchdog: armada_37xx_wdt: Fix .set_timeout callback (git-fixes). - watchdog: ftwdt010_wdt: fix test for platform_get_irq() failure (git-fixes). - drm/i915/gvt: fix a memory leak in intel_gvt_init_vgpu_types (git-fixes). - irqchip/ls-extirq: Fix invalid wait context by avoiding to use regmap (git-fixes). - commit 90b2426 - wifi: cfg80211: update hidden BSSes to avoid WARN_ON (git-fixes). - wifi: mac80211_hwsim: avoid mac80211 warning on bad rate (git-fixes). - commit d78eec4 - Move upstreamed WiFi fixes into sorted section - commit 2dec8da - Move upstreamed WiFi fixes into sorted section - commit 05342a3 - kABI: fix kABI after &quot;/KVM: Add infrastructure and macro to mark VM as bugged&quot;/ (bsc#1200788 CVE-2022-2153). - commit 1ddb693 - KVM: Add infrastructure and macro to mark VM as bugged (bsc#1200788 CVE-2022-2153). - commit 07862de - locking/csd_lock: Change csdlock_debug from early_param to __setup (git-fixes). - Refresh patches.suse/0002-kernel-smp-make-csdlock-timeout-depend-on-boot-param.patch. - commit 4abed38 - s390/hypfs: avoid error message under KVM (bsc#1032323). - commit 2cf708c - KVM: x86: Forbid VMM to set SYNIC/STIMER MSRs when SynIC wasn't activated (bsc#1200788 CVE-2022-2153). - commit 8712ddf - KVM: x86: hyper-v: disallow configuring SynIC timers with no SynIC (bsc#1200788 CVE-2022-2153). - commit 75749d4 - KVM: nVMX: Unconditionally purge queued/injected events on nested &quot;/exit&quot;/ (git-fixes). - commit 04b8316 - KVM: x86: Avoid theoretical NULL pointer dereference in kvm_irq_delivery_to_apic_fast() (bsc#1200788 CVE-2022-2153). - commit f23b172 - KVM: x86/emulator: Fix handing of POP SS to correctly set interruptibility (git-fixes). - commit 3671e7c - KVM: x86: Check lapic_in_kernel() before attempting to set a SynIC irq (bsc#1200788 CVE-2022-2153). - commit e02caef - io_uring: disable polling signalfd pollfree files (CVE-2022-3176 bsc#1203391). - fs: fix UAF/GPF bug in nilfs_mdt_destroy (CVE-2022-2978 bsc#1202700). - commit 8c7541d - sbitmap: Avoid leaving waitqueue in invalid state in __sbq_wake_up() (git-fixes). - commit 89e6f60 - staging: vt6655: fix some erroneous memory clean-up loops (git-fixes). - Revert &quot;/usb: storage: Add quirk for Samsung Fit flash&quot;/ (git-fixes). - usb: mon: make mmapped memory read only (git-fixes). - usb: gadget: function: fix dangling pnp_string in f_printer.c (git-fixes). - xhci: Don't show warning for reinit on known broken suspend (git-fixes). - USB: serial: console: move mutex_unlock() before usb_serial_put() (git-fixes). - vhost/vsock: Use kvmalloc/kvfree for larger packets (git-fixes). - wifi: rtl8xxxu: Improve rtl8xxxu_queue_select (git-fixes). - wifi: rtl8xxxu: Fix AIFS written to REG_EDCA_*_PARAM (git-fixes). - wifi: rtl8xxxu: Remove copy-paste leftover in gen2_update_rate_mask (git-fixes). - wifi: rtl8xxxu: gen2: Fix mistake in path B IQ calibration (git-fixes). - wifi: rtl8xxxu: Fix skb misuse in TX queue selection (git-fixes). - wifi: rtl8xxxu: tighten bounds checking in rtl8xxxu_read_efuse() (git-fixes). - wifi: ath10k: add peer map clean up for peer delete in ath10k_sta_state() (git-fixes). - wifi: mac80211: allow bw change during channel switch in mesh (git-fixes). - commit d4e6eb9 - soc: sunxi_sram: Make use of the helper function devm_platform_ioremap_resource() (git-fixes). - Refresh patches.suse/soc-sunxi-sram-Prevent-the-driver-from-being-unbound.patch. - commit 1478c4f - PCI: Sanitise firmware BAR assignments behind a PCI-PCI bridge (git-fixes). - PCI: Fix used_buses calculation in pci_scan_child_bus_extend() (git-fixes). - pinctrl: rockchip: add pinmux_ops.gpio_set_direction callback (git-fixes). - pinctrl: armada-37xx: Checks for errors in gpio_request_enable callback (git-fixes). - pinctrl: armada-37xx: Fix definitions for MPP pins 20-22 (git-fixes). - pinctrl: armada-37xx: Add missing GPIO-only pins (git-fixes). - tty: serial: fsl_lpuart: disable dma rx/tx use flags in lpuart_dma_shutdown (git-fixes). - drivers: serial: jsm: fix some leaks in probe (git-fixes). - tty: xilinx_uartps: Fix the ignore_status (git-fixes). - phy: qualcomm: call clk_disable_unprepare in the error handling (git-fixes). - sbitmap: fix possible io hung due to lost wakeup (git-fixes). - soc: qcom: smem_state: Add refcounting for the 'state-&gt;of_node' (git-fixes). - soc: qcom: smsm: Fix refcount leak bugs in qcom_smsm_probe() (git-fixes). - platform/x86: msi-laptop: Fix resource cleanup (git-fixes). - platform/x86: msi-laptop: Fix old-ec check for backlight registering (git-fixes). - spi: s3c64xx: Fix large transfers with DMA (git-fixes). - spi/omap100k:Fix PM disable depth imbalance in omap1_spi100k_probe (git-fixes). - spi: qup: add missing clk_disable_unprepare on error in spi_qup_pm_resume_runtime() (git-fixes). - spi: qup: add missing clk_disable_unprepare on error in spi_qup_resume() (git-fixes). - spi: mt7621: Fix an error message in mt7621_spi_probe() (git-fixes). - regulator: qcom_rpm: Fix circular deferral regression (git-fixes). - uas: ignore UAS for Thinkplus chips (git-fixes). - usb-storage: Add Hiksemi USB3-FW to IGNORE_UAS (git-fixes). - uas: add no-uas quirk for Hiksemi usb_disk (git-fixes). - net: usb: qmi_wwan: Add new usb-id for Dell branded EM7455 (git-fixes). - commit d4e37ac - Input: i8042 - fix refount leak on sparc (git-fixes). - Input: xpad - fix wireless 360 controller breaking after suspend (git-fixes). - lib/sg_pool: change module_init(sg_pool_init) to subsys_initcall (git-fixes). - mailbox: bcm-ferxrm-mailbox: Fix error check for dma_map_sg (git-fixes). - iio: adc: ad7923: fix channel readings for some variants (git-fixes). - iio: dac: ad5593r: Fix i2c read protocol requirements (git-fixes). - iio: ABI: Fix wrong format of differential capacitance channel ABI (git-fixes). - iio: inkern: only release the device node when done with it (git-fixes). - iio: adc: at91-sama5d2_adc: lock around oversampling and sample freq (git-fixes). - iio: adc: at91-sama5d2_adc: check return status for pressure and touch (git-fixes). - iio: adc: at91-sama5d2_adc: fix AT91_SAMA5D2_MR_TRACKTIM_MAX (git-fixes). - misc: ocxl: fix possible refcount leak in afu_ioctl() (git-fixes). - mtd: rawnand: atmel: Unmap streaming DMA mappings (git-fixes). - mtd: rawnand: meson: fix bit map use in meson_nfc_ecc_correct() (git-fixes). - mtd: devices: docg3: check the return value of devm_ioremap() in the probe (git-fixes). - mfd: sm501: Add check for platform_driver_register() (git-fixes). - mfd: lp8788: Fix an error handling path in lp8788_irq_init() and lp8788_irq_init() (git-fixes). - mfd: lp8788: Fix an error handling path in lp8788_probe() (git-fixes). - mfd: fsl-imx25: Fix an error handling path in mx25_tsadc_setup_irq() (git-fixes). - mfd: intel_soc_pmic: Fix an error handling path in intel_soc_pmic_i2c_probe() (git-fixes). - HID: multitouch: Add memory barriers (git-fixes). - media: xilinx: vipp: Fix refcount leak in xvip_graph_dma_init (git-fixes). - media: cedrus: Set the platform driver data earlier (git-fixes). - memory: of: Fix refcount leak bug in of_get_ddr_timings() (git-fixes). - memory: pl353-smc: Fix refcount leak bug in pl353_smc_probe() (git-fixes). - mmc: wmt-sdmmc: Fix an error handling path in wmt_mci_probe() (git-fixes). - mmc: au1xmmc: Fix an error handling path in au1xmmc_probe() (git-fixes). - mISDN: fix use-after-free bugs in l1oip timer handlers (git-fixes). - commit ea51746 - gpio: rockchip: request GPIO mux to pinctrl when setting direction (git-fixes). - crypto: cavium - prevent integer overflow loading firmware (git-fixes). - crypto: ccp - Release dma channels before dmaengine unrgister (git-fixes). - crypto: akcipher - default implementation for setting a private key (git-fixes). - crypto: hisilicon/zip - fix mismatch in get/set sgl_sge_nr (git-fixes). - efi: libstub: drop pointless get_memory_map() call (git-fixes). - clk: bcm2835: fix bcm2835_clock_rate_from_divisor declaration (git-fixes). - firmware: google: Test spinlock on panic path to avoid lockups (git-fixes). - fpga: prevent integer overflow in dfl_feature_ioctl_set_irq() (git-fixes). - dyndbg: let query-modname override actual module name (git-fixes). - dyndbg: fix module.dyndbg handling (git-fixes). - dmaengine: ioat: stop mod_timer from resurrecting deleted timer in __cleanup() (git-fixes). - hid: hid-logitech-hidpp: avoid unnecessary assignments in hidpp_connect_event (git-fixes). - drm/udl: Restore display mode on resume (git-fixes). - drm/omap: dss: Fix refcount leak bugs (git-fixes). - drm/msm/dpu: Fix comment typo (git-fixes). - drm/msm/dpu: index dpu_kms-&gt;hw_vbif using vbif_idx (git-fixes). - drm/scheduler: quieten kernel-doc warnings (git-fixes). - drm/bridge: megachips: Fix a null pointer dereference bug (git-fixes). - drm: fix drm_mipi_dbi build errors (git-fixes). - drm/msm: Make .remove and .shutdown HW shutdown consistent (git-fixes). - drm:pl111: Add of_node_put() when breaking out of for_each_available_child_of_node() (git-fixes). - drm/bridge: parade-ps8640: Fix regulator supply order (git-fixes). - drm/mipi-dsi: Detach devices when removing the host (git-fixes). - drm/bridge: Avoid uninitialized variable warning (git-fixes). - drm/nouveau: fix a use-after-free in nouveau_gem_prime_import_sg_table() (git-fixes). - drm: bridge: adv7511: fix CEC power down control register offset (git-fixes). - efi: Correct Macmini DMI match in uefi cert quirk (git-fixes). - docs: update mediator information in CoC docs (git-fixes). - commit 6db482b - ACPI: APEI: do not add task_work to kernel thread to avoid memory leak (git-fixes). - clk: qcom: gcc-msm8916: use ARRAY_SIZE instead of specifying num_parents (git-fixes). - clk: mediatek: mt8183: mfgcfg: Propagate rate changes to parent (git-fixes). - clk: ti: dra7-atl: Fix reference leak in of_dra7_atl_clk_probe (git-fixes). - clk: tegra20: Fix refcount leak in tegra20_clock_init (git-fixes). - clk: tegra: Fix refcount leak in tegra114_clock_init (git-fixes). - clk: tegra: Fix refcount leak in tegra210_clock_init (git-fixes). - clk: berlin: Add of_node_put() for of_get_parent() (git-fixes). - clk: qoriq: Hold reference returned by of_get_parent() (git-fixes). - clk: oxnas: Hold reference returned by of_get_parent() (git-fixes). - ata: fix ata_id_has_dipm() (git-fixes). - ata: fix ata_id_has_ncq_autosense() (git-fixes). - ata: fix ata_id_has_devslp() (git-fixes). - ata: fix ata_id_sense_reporting_enabled() and ata_id_has_sense_reporting() (git-fixes). - ASoC: mt6660: Fix PM disable depth imbalance in mt6660_i2c_probe (git-fixes). - ASoC: wm5102: Fix PM disable depth imbalance in wm5102_probe (git-fixes). - ASoC: wm5110: Fix PM disable depth imbalance in wm5110_probe (git-fixes). - ASoC: wm8997: Fix PM disable depth imbalance in wm8997_probe (git-fixes). - ASoC: eureka-tlv320: Hold reference returned from of_find_xxx API (git-fixes). - ASoC: rsnd: Add check for rsnd_mod_power_on (git-fixes). - ASoC: fsl_sai: Remove unnecessary FIFO reset in ISR (git-fixes). - ALSA: hda/hdmi: Don't skip notification handling during PM operation (git-fixes). - ALSA: dmaengine: increment buffer pointer atomically (git-fixes). - ALSA: asihpi - Remove useless code in hpi_meter_get_peak() (git-fixes). - ASoC: wcd934x: fix order of Slimbus unprepare/disable (git-fixes). - ASoC: wcd9335: fix order of Slimbus unprepare/disable (git-fixes). - Bluetooth: hci_core: Fix not handling link timeouts propertly (git-fixes). - commit 058f8fc - Update patches.suse/mm-rmap-Fix-anon_vma-degree-ambiguity-leading-to-double-reuse.patch (CVE-2022-42703, bsc#1204168, git-fixes, bsc#1203098). - commit 15fe693 - misc: sgi-gru: fix use-after-free error in gru_set_context_option, gru_fault and gru_handle_user_call_os (CVE-2022-3424 bsc#1204166). - commit 721c580 - blacklist.conf: Append 'drm/vc4: hdmi: Prevent access to crtc-&gt;state outside of KMS' - commit 39988a9 - blacklist.conf: Append 'drm/vc4: hdmi: Use a mutex to prevent concurrent framework access' - commit c6967e3 - blacklist.conf: Append 'drm/vc4: hdmi: Add a spinlock to protect register access' - commit 7d9f3f3 - exfat: Return ENAMETOOLONG consistently for oversized paths (bsc#1204053 bsc#1201725). - commit 955135a - selftests/powerpc: Skip energy_scale_info test on older firmware (git-fixes). - commit 2a9f2c0 - blacklist.conf: prerequisite too risky - commit 67fdf07 - Rename colliding patches before the next cve/linux-5.3 -&gt; SLE15-SP3 merge - commit 3394628 - net: usb: qmi_wwan: Add new usb-id for Dell branded EM7455 (git-fixes). - commit 71e1adc - blacklist.conf: ignore unwanted nfs patches - commit 5bb5269 - blacklist.conf: ignore unwanted md patches - commit ff9f04a - xfs: enable big timestamps (bsc#1203387). - commit e8c654f - xfs: widen ondisk quota expiration timestamps to handle y2038+ (bsc#1203387). - commit f11211b - quota: widen timestamps for the fs_disk_quota structure (bsc#1203387). - commit 1a9210f - xfs: widen ondisk inode timestamps to deal with y2038+ (bsc#1203387). - commit ef6704e - ACPI: processor idle: Practically limit &quot;/Dummy wait&quot;/ workaround to old Intel systems (bnc#1203802). - commit 5c74e0f - xfs: redefine xfs_ictimestamp_t (bsc#1203387). Refresh patches.suse/xfs-repair-malformed-inode-items-during-log-recovery.patch. - commit 79f8f1e - xfs: redefine xfs_timestamp_t (bsc#1203387). - commit f6d0842 - xfs: use a struct timespec64 for the in-core crtime (bsc#1203387). - commit d683559 - xfs: quota: move to time64_t interfaces (bsc#1203387). - commit e4afdb9 - xfs: explicitly define inode timestamp range (bsc#1203387). - commit d8ae99a - media: aspeed-video: ignore interrupts that aren't enabled (git-fixes). - commit 36a70fa - media: coda: Add more H264 levels for CODA960 (git-fixes). - commit 6094fd3 - media: coda: Fix reported H264 profile (git-fixes). - commit af3ba3e - xfs: enable new inode btree counters feature (bsc#1203387). - commit 06361ad - xfs: use the finobt block counts to speed up mount times (bsc#1203387). - commit debb8f9 - xfs: store inode btree block counts in AGI header (bsc#1203387). - commit f9fb0f8 - blacklist.conf: Append 'sysfb: Enable boot time VESA graphic mode selection' - commit 49f0f34 - Revert &quot;/constraints: increase disk space for all architectures&quot;/ (bsc#1203693). This reverts commit 43a9011f904bc7328d38dc340f5e71aecb6b19ca. - commit 3d33373 - drm/amdgpu: don't register a dirty callback for non-atomic (git-fixes). - commit 0b4b37a - wifi: mac80211: Fix UAF in ieee80211_scan_rx() (git-fixes). - commit 0b58855 - usb: typec: ucsi: Remove incorrect warning (git-fixes). - USB: serial: option: add Quectel RM520N (git-fixes). - USB: serial: option: add Quectel BG95 0x0203 composition (git-fixes). - Revert &quot;/usb: add quirks for Lenovo OneLink+ Dock&quot;/ (git-fixes). - usb: add quirks for Lenovo OneLink+ Dock (git-fixes). - video: fbdev: pxa3xx-gcu: Fix integer overflow in pxa3xx_gcu_write (git-fixes). - usb: dwc3: gadget: Prevent repeat pullup() (git-fixes). - usb: dwc3: gadget: Avoid starting DWC3 gadget during UDC unbind (git-fixes). - usb: xhci-mtk: fix issue of out-of-bounds array access (git-fixes). - commit 2e55e74 - soc: sunxi: sram: Fix debugfs info for A64 SRAM C (git-fixes). - soc: sunxi: sram: Prevent the driver from being unbound (git-fixes). - soc: sunxi: sram: Actually claim SRAM regions (git-fixes). - usb: xhci-mtk: add some schedule error number (git-fixes). - usb: xhci-mtk: add a function to (un)load bandwidth info (git-fixes). - usb: xhci-mtk: use @sch_tt to check whether need do TT schedule (git-fixes). - usb: xhci-mtk: add only one extra CS for FS/LS INTR (git-fixes). - usb: xhci-mtk: get the microframe boundary for ESIT (git-fixes). - tty/serial: atmel: RS485 &amp; ISO7816: wait for TXRDY before sending data (git-fixes). - commit e040102 - blacklist.conf: df5b035b5683 x86/cacheinfo: Add a cpu_llc_shared_mask() UP variant - commit 51fbc8c - media: dvb_vb2: fix possible out of bound access (git-fixes). - clk: iproc: Do not rely on node name for correct PLL setup (git-fixes). - clk: imx: imx6sx: remove the SET_RATE_PARENT flag for QSPI clocks (git-fixes). - Revert &quot;/drm: bridge: analogix/dp: add panel prepare/unprepare in suspend/resume time&quot;/ (git-fixes). - libata: add ATA_HORKAGE_NOLPM for Pioneer BDR-207M and BDR-205 (git-fixes). - mmc: moxart: fix 4-bit bus width and remove 8-bit bus width (git-fixes). - reset: imx7: Fix the iMX8MP PCIe PHY PERST support (git-fixes). - ASoC: tas2770: Reinit regcache on reset (git-fixes). - serial: tegra-tcu: Use uart_xmit_advance(), fixes icount.tx accounting (git-fixes). - serial: tegra: Use uart_xmit_advance(), fixes icount.tx accounting (git-fixes). - serial: Create uart_xmit_advance() (git-fixes). - can: gs_usb: gs_can_open(): fix race dev-&gt;can.state condition (git-fixes). - ALSA: hda/realtek: Add quirk for ASUS GA503R laptop (git-fixes). - ALSA: hda/realtek: Add pincfg for ASUS G533Z HP jack (git-fixes). - ALSA: hda/realtek: Add pincfg for ASUS G513 HP jack (git-fixes). - ALSA: hda/realtek: Enable 4-speaker output Dell Precision 5530 laptop (git-fixes). - ALSA: hda/realtek: Add quirk for Huawei WRT-WX9 (git-fixes). - ALSA: hda: add Intel 5 Series / 3400 PCI DID (git-fixes). - drm/rockchip: Fix return type of cdn_dp_connector_mode_valid (git-fixes). - drm/amd/display: Limit user regamma to a valid value (git-fixes). - drm/amdgpu: use dirty framebuffer helper (git-fixes). - ASoC: nau8824: Fix semaphore unbalance at error paths (git-fixes). - ALSA: hda/tegra: Align BDL entry to 4KB boundary (git-fixes). - ALSA: hda/sigmatel: Fix unused variable warning for beep power change (git-fixes). - ALSA: hda/sigmatel: Keep power up while beep is enabled (git-fixes). - regulator: pfuze100: Fix the global-out-of-bounds access in pfuze100_regulator_probe() (git-fixes). - net: usb: qmi_wwan: add Quectel RM520N (git-fixes). - commit e7744dc - blacklist.conf: 00da0cb385d0 Documentation/ABI: Mention retbleed vulnerability info file for sysfs - commit 24c89c9 - USB: serial: option: add Quectel RM520N (git-fixes). - commit e500762 - USB: serial: option: add Quectel BG95 0x0203 composition (git-fixes). - commit 75be355 - Revert &quot;/drivers/video/backlight/platform_lcd.c: add support for (bsc#1152489) - commit b42e64a - parisc/sticon: fix reverse colors (bsc#1152489) Backporting notes: * context changes - commit 206cd49 - parisc: parisc-agp requires SBA IOMMU driver (bsc#1152489) - commit f67e434 - kabi/severities: add mlx5 internal symbols - commit 4fb94df - net/mlx5: Dynamically resize flow counters query buffer (bsc#119175). - net/mlx5: Fix flow counters SF bulk query len (bsc#119175). - net/mlx5: Reduce flow counters bulk query buffer size for SFs (bsc#119175). - net/mlx5: Allocate individual capability (bsc#119175). - net/mlx5: Reorganize current and maximal capabilities to be per-type (bsc#119175). - net/mlx5: Use order-0 allocations for EQs (bsc#119175). - commit cb2b71a - constraints: increase disk space for all architectures References: bsc#1203693 aarch64 is already suffering. SLE15-SP5 x86_64 stats show that it is very close to the limit. - commit 43a9011 - padata: make padata_free_shell() to respect pd's -&gt;refcnt (bsc#1202638). - commit 2827da5 - padata: introduce internal padata_get/put_pd() helpers (bsc#1202638). - commit 8fd1f6c - SCSI: scsi_probe_lun: retry INQUIRY after timeout (bsc#1189297). - commit 72392d0 - selftest/powerpc: Add PAPR sysfs attributes sniff test (bsc#1200465 ltc#197256 jsc#PED-1931). - powerpc/pseries: Interface to represent PAPR firmware attributes (bsc#1200465 ltc#197256 jsc#PED-1931). - commit 9795281 - rpm/kernel-binary.spec.in: Fix missing kernel-preempt-devel and KMP Provides (bsc#1199046) - commit 84d7ba8 - rpm/kernel-binary.spec.in: Add Provides of kernel-preempt (jsc#SLE-18857) For smooth migration with the former kernel-preempt user, kernel-default provides kernel-preempt now when CONFIG_PREEMPT_DYNAMIC is defined. - commit d292a81 - rpm/kernel-source.spec.in: Add patches.drm for moved DRM patches - commit 8592674 Package krb5 was updated: - Fix integer overflows in PAC parsing; (CVE-2022-42898); (bso#15203), (bsc#1205126). - Added patches: * 0010-Fix-integer-overflows-in-PAC-parsing.patch Package libcap was updated: - Fixed integer overflow or wraparound in libcap/cap_alloc.c:_libcap_strdup() (bsc#1211419 / CVE-2023-2603) CVE-2023-2603.patch Package libksba was updated: - Security fix: [bsc#1206579, CVE-2022-47629] * Integer overflow in the CRL signature parser. * Add libksba-CVE-2022-47629.patch Package libsodium was updated: - Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)- Revert previous change about cpuid as previous change rejected in https://build.opensuse.org/request/show/724809 - Disable LTO as bypass boo#1148184 - Add libsodium_configure_cpuid_chg.patch and call autoconf to regenerate configure script with proper CPUID checking. Required at least for PowerPC and ARM now that LTO enabled. - Update to 1.0.18 - Enterprise versions of Visual Studio are now supported. - Visual Studio 2019 is now supported. - 32-bit binaries for Visual Studio 2010 are now provided. - A test designed to trigger an OOM condition didn't work on Linux systems with memory overcommit turned on. It has been removed in order to fix Ansible builds. - Emscripten: print and printErr functions are overridden to send errors to the console, if there is one. - Emscripten: UTF8ToString() is now exported since Pointer_stringify() has been deprecated. - Libsodium version detection has been fixed in the CMake recipe. - Generic hashing got a 10% speedup on AVX2. - New target: WebAssembly/WASI (compile with dist-builds/wasm32-wasi.sh). - New functions to map a hash to an edwards25519 point or get a random point: core_ed25519_from_hash() and core_ed25519_random(). - crypto_core_ed25519_scalar_mul() has been implemented for scalar*scalar (mod L) multiplication. - Support for the Ristretto group has been implemented for interoperability with wasm-crypto. - Improvements have been made to the test suite. - Portability improvements have been made. - getentropy() is now used on systems providing this system call. - randombytes_salsa20 has been renamed to randombytes_internal. - Support for NativeClient has been removed. - Most ((nonnull)) attributes have been relaxed to allow 0-length inputs to be NULL. - The -ftree-vectorize and -ftree-slp-vectorize compiler switches are now used, if available, for optimized builds. - Update to 1.0.17 - Bug fix: sodium_pad() didn't properly support block sizes &gt;= 256 bytes. - JS/WebAssembly: some old iOS versions can't instantiate the WebAssembly module; fall back to Javascript on these. - JS/WebAssembly: compatibility with newer Emscripten versions. - Bug fix: crypto_pwhash_scryptsalsa208sha256_str_verify() and crypto_pwhash_scryptsalsa208sha256_str_needs_rehash()didn't returnEINVAL` on input strings with a short length, unlike their high-level counterpart. - Added a workaround for Visual Studio 2010 bug causing CPU features not to be detected. - Portability improvements. - Test vectors from Project Wycheproof have been added. - New low-level APIs for arithmetic mod the order of the prime order group: - crypto_core_ed25519_scalar_random(), crypto_core_ed25519_scalar_reduce(), - crypto_core_ed25519_scalar_invert(), crypto_core_ed25519_scalar_negate(), - crypto_core_ed25519_scalar_complement(), crypto_core_ed25519_scalar_add() and crypto_core_ed25519_scalar_sub(). - New low-level APIs for scalar multiplication without clamping: crypto_scalarmult_ed25519_base_noclamp() and crypto_scalarmult_ed25519_noclamp(). These new APIs are especially useful for blinding. - sodium_sub() has been implemented. - Support for WatchOS has been added. - getrandom(2) is now used on FreeBSD 12+. - The nonnull attribute has been added to all relevant prototypes. - More reliable AVX512 detection. - Javascript/Webassembly builds now use dynamic memory growth. Package libsolv was updated: - handle learnt rules in solver_alternativeinfo()- support x86_64_v[234] architecture levels - implement decision sorting for package decisionlists - add back findutils requires for the libsolv-tools packagse [bsc#1195633] - bump version to 0.7.24 - fix &quot;/keep installed&quot;/ jobs not disabling &quot;/best update&quot;/ rules - do not autouninstall suse ptf packages - ensure duplinvolvedmap_all is reset when a solver is reused - special case file dependencies in the testcase writer - support stringification of multiple solvables - new weakdep introspection interface similar to ruleinfos - support decision reason queries - support merging of related decissions - support stringification of ruleinfo, decisioninfo and decision reasons - support better info about alternatives - new '-P' and '-W' options for testsolv - bump version to 0.7.23 Package libtirpc was updated: - consider /proc/sys/net/ipv4/ip_local_reserved_ports, before binding to a random port (bsc#1199467) - add binddynport-honor-ip_local_reserved_ports.patch Package libxml2 was updated: - Security update: * [CVE-2023-29469, bsc#1210412] Hashing of empty dict strings isn't deterministic - Added patch libxml2-CVE-2023-29469.patch * [CVE-CVE-2023-28484, bsc#1210411] NULL dereference in xmlSchemaFixupComplexType - Added patch libxml2-CVE-2023-28484-1.patch - Added patch libxml2-CVE-2023-28484-2.patch - Fix changelog entries in both .changes files. - Apply al patches correctly for libxml2 and python-libxml2. - Add W3C conformance tests to the testsuite (bsc#1204585): * Added file xmlts20080827.tar.gz - Security fixes: * [CVE-2022-40303, bsc#1204366] Fix integer overflows with XML_PARSE_HUGE + Added patch libxml2-CVE-2022-40303.patch * [CVE-2022-40304, bsc#1204367] Fix dict corruption caused by entity reference cycles + Added patch libxml2-CVE-2022-40304.patch - Security fix: [bsc#1201978, CVE-2016-3709] * Cross-site scripting vulnerability after commit 960f0e2 * Add libxml2-CVE-2016-3709.patch - Add libxml2-python3-string-null-check.patch: fix NULL pointer dereference when parsing invalid data (bsc#1065270 glgo#libxml2!15).). - clean with spec-cleaner - libxml2-python3-unicode-errors.patch: work around an issue with libxml2 supplied error strings being undecodable UTF-8 (bsc#1065270) - convert to singlespec, build a python 3 version - change build instructions to use setup.py (and %python_build macros) instead of makefile-based approach - add python3.6-verify_fd.patch that fixes libxml2 on python 3.6 - rename to python-libxml2-python to conform to package naming policy (PyPI name is &quot;/libxml2-python&quot;/) Package libzypp was updated: - build: honor libproxy.pc's includedir (bsc#1212222)- Curl: trim all custom headers (bsc#1212187) HTTP/2 RFC 9113 forbids fields ending with a space. So we make sure all custom headers are trimmed. This also includes headers returned by URL-Resolver plugins. - version 17.31.14 (22) - curl: Trim user agent string (bsc#1212187) HTTP/2 RFC 9113 forbids fields ending with a space. Violation results in curl error: 92: HTTP/2 PROTOCOL_ERROR. - version 17.31.13 (22) - Do not unconditionally release a medium if provideFile failed (bsc#1211661) - libzypp.spec.cmake: remove duplicate file listing. - version 17.31.12 (22) - MediaCurl: Fix endless loop if wrong credentials are stored in credentials.cat (bsc#1210870) Since libzypp-17.31.7 wrong credentials stored in credentials.cat may lead to an endless loop. Rather than asking for the right credentials, the stored ones are used again and again. - zypp.conf: Introduce 'download.connect_timeout' [60 sec.] (bsc#1208329) Maximum time in seconds that you allow the connection phase to the server to take. This only limits the connection phase, it has no impact once it has connected. (see also CURLOPT_CONNECTTIMEOUT) - commit: Try to provide /dev fs if not present (fixes #444) - fix build with boost 1.82. - version 17.31.11 (22) - fix build with boost 1.82 - BuildRequires: libsolv-devel &gt;= 0.7.24 for x86_64_v[234] support. - version 17.31.10 (22) - Workround bsc#1195633 while libsolv &lt;= 0.7.23 is used. - Fix potential endless loop in new ZYPP_MEDIANETWORK. - ZYPP_METALINK_DEBUG=1: Log URL and priority of the mirrors parsed from a metalink file. - multicurl: propagate ssl settings stored in repo url (boo#1127591) Closes #335. - Teach MediaNetwork to retry on HTTP2 errors. - fix CapDetail to return Rel::NONE if an EXPRESSION is used as a NAMED cap. - Capability: support parsing richdeps from string. - defaultLoadSystem: default to LS_NOREFRESH if not root. - Detect x86_64_v[234]: Fix LZCNT bit used in detection (fixes [#439]) Merges rpm-software-management/rpm#2412: The bit for LZCNT is in CPUID 0x80000001, not 1. - Detect x86_64_v[234] architecture levels (fixes #439) - Support x86_64_v[234] architecture levels (for #439) - version 17.31.9 (22) - ProgressData: enforce reporting the INIT||END state (bsc#1206949) - ps: fix service detection on newer Tumbleweed systems (bsc#1205636) - version 17.31.8 (22) - Hint to &quot;/zypper removeptf&quot;/ to remove PTFs. - Removing a PTF without enabled repos should always fail (bsc#1203248) Without enabled repos, the dependent PTF-packages would be removed (not replaced!) as well. To remove a PTF &quot;/zypper install - - -PTF&quot;/ or a dedicated &quot;/zypper removeptf PTF&quot;/ should be used. This will update the installed PTF packages to theit latest version. - version 17.31.7 (22) - Avoid calling getsockopt when we know the info already. This patch hopefully fixes logging on WSL, getsockopt seems to not be fully supported but the code required it when accepting new socket connections. (for bsc#1178233) - Enhance yaml-cpp detection (fixes #428) - No need to redirect 'history.logfile=/dev/null' into the target. - MultiCurl: Make sure to reset the progress function when falling back. - version 17.31.6 (22) - Create '.no_auto_prune' in the package cache dir to prevent auto cleanup of orphaned repositories (bsc#1204956) - properly reset range requests (bsc#1204548) - version 17.31.5 (22) - Do not clean up MediaSetAccess before using the geoip file (fixes #424) - version 17.31.4 (22) - Improve download of optional files (fixes #416) - Do not use geoip rewrites if the repo has explicit country settings. - Implement geoIP feature for zypp. This patch adds a feature to rewrite request URLs to the repo servers by querying a geoIP file from download.opensuse.org. This file can return a redirection target depending on the clients IP adress, this way we can directly contact a local mirror of d.o.o instead. The redir target stays valid for 24hrs. This feature can be disabled in zypp.conf by setting 'download.use_geoip_mirror = false'. - Use a dynamic fallback for BLKSIZE in downloads. When not receiving a blocklist via metalink file from the server MediaMultiCurl used to fallback to a fixed, relatively small BLKSIZE. This patch changes the fallback into a dynamic value based on the filesize using a similar metric as the MirrorCache implementation on the server side. - Skip media.1/media download for http repo status calc. This patch allows zypp to skip a extra media.1/media download to calculate if a repository needs to be refreshed. This optimisation only takes place if the repo does specify only downloading base urls. - version 17.31.3 (22) Package lvm2 was updated: - killed lvmlockd doesn't clear/adopt locks leading to inability to start volume group (bsc#1203216) - bug-1203216_lvmlockd-purge-the-lock-resources-left-in-previous-l.patch - dracut-initqueue timeouts with 5.3.18-150300.59.63 kernel on ppc64le (bsc#1199074) - in lvm2.spec, change device_mapper_version from 1.02.163 to %{lvm2_version}_1.02.163 - lvm2.spec %post deletes libdevmapper and triggers kernel panic (bsc#1198523) - change %post behaviour, only do deleting job for non-link folder Package microos-tools was updated: - Update to version 2.18: - Add TMPDIR to tukit binddirs for Salt [bsc#1211356] [bsc#1205011] - 98selinux-microos: Add chroot as dependency - Fix spelling error in warning - Update to version 2.17: - selinux-autorelabel-generator: Don't cross partition boundaries for /.snapshots when relabeling [issue#11] - Update to version 2.16: - 98selinux-microos: Make the btrfs subvolume writable temporarily [boo#1202395] - Update to version 2.15 - 98selinux-microos: Add grep as dependency - Update to version 2.14 - Fix Makefile to install sysext-add-debug - Update to version 2.13 - 98selinux-microos: Don't rely on selinux=1 [bsc#1202449] - Add sysext-add-debug - Make sure /var/lib/overlay exists before relabeling - Update to version 2.12 - Remove special MicroOS firstboot script - Remove locale-check, replaced by another aaa_base implementation - Add new subpackage microos-devel-tools - Add rpm as build dependency for that subpackage Package ncurses was updated: - Modify patch ncurses-6.1.dif * Secure writing terminfo entries by setfs[gu]id in s[gu]id (boo#1210434, CVE-2023-29491) * Reading is done since 2000/01/17 Package openldap2 was updated: - bsc#1212260 - crash in libldap when non-ldap data responds * 0245-ITS-9803-Drop-connection-when-receiving-non-LDAP-dat.patch - bsc#1211795 - CVE-2023-2953 - Null pointer deref in ber_memalloc_x * 0244-ITS-9904-ldif_open_url-check-for-ber_strdup-failure.patch Package openssh was updated: - Add openssh-CVE-2023-38408-PKCS11-execution.patch, Abort if requested to load a PKCS#11 provider that isnt a PKCS#11 provider (bsc#1213504,CVE-2023-38408) - openssh-7.7p1-fips_checks.patch: close the right filedescriptor to avoid fd leads, and also close fdh in read_hmac (bsc#1209536) - Revert addition of openssh-dbus.sh, openssh-dbus.csh, openssh-dbus.fish: This caused invalid and irrelevant environment assignments (bsc#1207014). - Add openssh-dbus.sh, openssh-dbus.csh, openssh-dbus.fish: Make ssh connections update their dbus environment (bsc#1179465). - Add openssh-do-not-send-empty-message.patch: Prevent empty messages from being sent. This avoids a superfluous new line (bsc#1192439). - Add openssh-mitigate-lingering-secrets.patch (bsc#1186673), which attempts to mitigate instances of secrets lingering in memory after a session exits. (bsc#1213004 bsc#1213008) Package openssl-1_1 was updated: - Security fix: [bsc#1213487, CVE-2023-3446] * Fix DH_check() excessive time with over sized modulus. * The function DH_check() performs various checks on DH parameters. One of those checks confirms that the modulus (&quot;/p&quot;/ parameter) is not too large. Trying to use a very large modulus is slow and OpenSSL will not normally use a modulus which is over 10,000 bits in length. However the DH_check() function checks numerous aspects of the key or parameters that have been supplied. Some of those checks use the supplied modulus value even if it has already been found to be too large. A new limit has been added to DH_check of 32,768 bits. Supplying a key/parameters with a modulus over this size will simply cause DH_check() to fail. * Add openssl-CVE-2023-3446.patch openssl-CVE-2023-3446-test.patch - Security Fix: [bsc#1207534, CVE-2022-4304] * Reworked the Fix for the Timing Oracle in RSA Decryption The previous fix for this timing side channel turned out to cause a severe 2-3x performance regression in the typical use case compared to 1.1.1s. * Add openssl-CVE-2022-4304.patch * Removed patches: - openssl-CVE-2022-4304-1of2.patch - openssl-CVE-2022-4304-2of2.patch * Refreshed openssl-CVE-2023-0286.patch - Update further expiring certificates that affect tests [bsc#1201627] * Add openssl-Update-further-expiring-certificates.patch - Security Fix: [CVE-2023-2650, bsc#1211430] * Possible DoS translating ASN.1 object identifiers * Add openssl-CVE-2023-2650.patch - Security Fix: [CVE-2023-0465, bsc#1209878] * Invalid certificate policies in leaf certificates are silently ignored * Add openssl-CVE-2023-0465.patch - Security Fix: [CVE-2023-0466, bsc#1209873] * Certificate policy check not enabled * Add openssl-CVE-2023-0466.patch - Security Fix: [CVE-2023-0464, bsc#1209624] * Excessive Resource Usage Verifying X.509 Policy Constraints * Add openssl-CVE-2023-0464.patch - Security Fix: [bsc#1207533, CVE-2023-0286] * Fix X.400 address type confusion in X.509 GENERAL_NAME_cmp for x400Address * Add openssl-CVE-2023-0286.patch - Security Fix: [bsc#1207536, CVE-2023-0215] * Use-after-free following BIO_new_NDEF() * Add patches: - openssl-CVE-2023-0215-1of4.patch - openssl-CVE-2023-0215-2of4.patch - openssl-CVE-2023-0215-3of4.patch - openssl-CVE-2023-0215-4of4.patch - Security Fix: [bsc#1207538, CVE-2022-4450] * Double free after calling PEM_read_bio_ex() * Add patches: - openssl-CVE-2022-4450-1of2.patch - openssl-CVE-2022-4450-2of2.patch - Security Fix: [bsc#1207534, CVE-2022-4304] * Timing Oracle in RSA Decryption * Add patches: - openssl-CVE-2022-4304-1of2.patch - openssl-CVE-2022-4304-2of2.patch - FIPS: list only FIPS approved public key algorithms [bsc#1121365, bsc#1198472] * Add openssl-1_1-fips-list-only-approved-pubkey-algorithms.patch - Added openssl-1_1-paramgen-default_to_rfc7919.patch * bsc#1180995 * Default to RFC7919 groups when generating ECDH parameters using 'genpkey' or 'dhparam' in FIPS mode. - Fix memory leaks introduced by openssl-1.1.1-fips.patch [bsc#1203046] * Add patch openssl-1.1.1-fips-fix-memory-leaks.patch Package pam was updated: - Update pam_motd to the most current version. This fixes various issues and adds support for mot.d directories [jsc#PED-1712]. * Added: pam-ped1712-pam_motd-directory-feature.patch Package perl was updated: - enable TLS cert verification in CPAN [bnc#1210999] [CVE-2023-31484] new patch: perl-cpan_verify_cert.diff Package perl-Bootloader was updated: - merge gh#openSUSE/perl-bootloader#152- use signed grub EFI binary when updating grub in default EFI location (bsc#1210799) - check whether grub2-install supports --suse-force-signed option - 0.944 - merge gh#openSUSE/perl-bootloader#147 - UEFI: update also default location, if it is controlled by SUSE (bsc#1210799, bsc#1201399) - 0.943 - merge gh#openSUSE/perl-bootloader#142 - use fw_platform_size to distinguish between 32 bit and 64 bit UEFI platforms (bsc#1208003) - 0.942 - merge gh#openSUSE/perl-bootloader#141 - systemd-boot: easier initial setup - 0.941 - merge gh#openSUSE/perl-bootloader#140 - add basic support for systemd-boot - 0.940 Package permissions was updated: * Backport postfix to SLE-15-SP2 (bsc#1206738)- Update to version 20181225: Package procps was updated: - Add patch bsc1209122-a6c0795d.patch * Fix for bsc#1209122 to allow `-´ as leading character to ignore possible errors on systctl entries - Extend patch procps-3.3.17-library-bsc1181475.patch (bsc#1206412) - Make sure that correct library version is installed (bsc#1206412) Package protobuf was updated: - Fix a potential DoS issue in protobuf-cpp and protobuf-python, CVE-2022-1941, bsc#1203681 * Add protobuf-CVE-2022-1941.patch - Fix a potential DoS issue when parsing with binary data in protobuf-java, CVE-2022-3171, bsc#1204256 * Add protobuf-CVE-2022-3171.patch - Refresh protobuf-CVE-2021-22570.patch - Backport changes from 3.16.x tree for apply recent CVE patches * Add protobuf-51026d922970e06475f005b39287963594134b96.patch * Add protobuf-6ee16a9c60e734104aeb738503fe3f411c97bd88.patch * Add protobuf-73e0d748b9acdc40b693f2879ce82ecb1a849b81.patch * Add protobuf-7bff8393cab939bfbb9b5c69b3fe76b4d83c41ee.patch * Add protobuf-4f02f056b5cea99052bfdfb6698afe47a3cf2964.patch * Add protobuf-763c3588740b97e8e80b1b1a1a2dc4f417647133.patch * Add protobuf-6c92f9dff1807c142edf6780d775b58a3b078591.patch * Add protobuf-4e93585e8bb234efeacb7737b8d080968c5ab91e.patch * Add protobuf-58d4420e2dd8a3cd354fff9db0052881c25369ce.patch - Reorganize patch set ordering - Fix potential Denial of Service in protobuf-java in the parsing procedure for binary data, CVE-2021-22569, bsc#1194530 * Add protobuf-improve-performance-of-parsing-unknown-fields-in-Java.patch Package python-certifi was updated: - remove all TrustCor CAs, as TrustCor issued multiple man-in-the-middle certs (bsc#1206212 CVE-2022-23491) - TrustCor RootCert CA-1 - TrustCor RootCert CA-2 - TrustCor ECA-1 - Add removeTrustCor.patch Package python-cryptography was updated: - Add patch CVE-2023-23931-dont-allow-update-into.patch (bsc#1208036, CVE-2023-23931) * Don't allow update_into to mutate immutable objects - Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) - Update in SLE-15 (bsc#1177083, jsc#PM-2730, jsc#SLE-18312) - Refresh patches for new version + 5507-mitigate-Bleichenbacher-attacks.patch - update to 3.3.2 (bsc#1182066, CVE-2020-36242, bsc#1198331): * SECURITY ISSUE: Fixed a bug where certain sequences of update() calls when symmetrically encrypting very large payloads (&gt;2GB) could result in an integer overflow, leading to buffer overflows. CVE-2020-36242 - drops CVE-2020-36242-buffer-overflow.patch on older dists - update to 3.3.1: * Re-added a legacy symbol causing problems for older ``pyOpenSSL`` use - Update in SLE-15 (bsc#1176785, jsc#ECO-3105, jsc#PM-2352) - update to 3.3.0 - BACKWARDS INCOMPATIBLE: Support for Python 3.5 has been removed due to low usage and maintenance burden. - BACKWARDS INCOMPATIBLE: The GCM and AESGCM now require 64-bit to 1024-bit (8 byte to 128 byte) initialization vectors. This change is to conform with an upcoming OpenSSL release that will no longer support sizes outside this window. - BACKWARDS INCOMPATIBLE: When deserializing asymmetric keys we now raise ValueError rather than UnsupportedAlgorithm when an unsupported cipher is used. This change is to conform with an upcoming OpenSSL release that will no longer distinguish between error types. - BACKWARDS INCOMPATIBLE: We no longer allow loading of finite field Diffie-Hellman parameters of less than 512 bits in length. This change is to conform with an upcoming OpenSSL release that no longer supports smaller sizes. These keys were already wildly insecure and should not have been used in any application outside of testing. - Updated Windows, macOS, and manylinux wheels to be compiled with OpenSSL 1.1.1i. - Python 2 support is deprecated in cryptography. This is the last release that will support Python 2. - Added the recover_data_from_signature() function to RSAPublicKey for recovering the signed data from an RSA signature. - Remove unnecessary dependency virtualenv. - update to 3.2.1: Disable blinding on RSA public keys to address an error with some versions of OpenSSL. - update to 3.2 (bsc#1178168, CVE-2020-25659): * CVE-2020-25659: Attempted to make RSA PKCS#1v1.5 decryption more constant time, to protect against Bleichenbacher vulnerabilities. Due to limitations imposed by our API, we cannot completely mitigate this vulnerability. * Support for OpenSSL 1.0.2 has been removed. * Added basic support for PKCS7 signing (including SMIME) via PKCS7SignatureBuilder. - drops 5507-mitigate-Bleichenbacher-attacks.patch on older dists - update to 3.1.1: * wheels compiled with OpenSSL 1.1.1h. - update to 3.1: * **BACKWARDS INCOMPATIBLE:** Removed support for ``idna`` based :term:`U-label` parsing in various X.509 classes. This support was originally deprecated in version 2.1 and moved to an extra in 2.5. * Deprecated OpenSSL 1.0.2 support. OpenSSL 1.0.2 is no longer supported by the OpenSSL project. The next version of ``cryptography`` will drop support for it. * Deprecated support for Python 3.5. This version sees very little use and will be removed in the next release. * ``backend`` arguments to functions are no longer required and the default backend will automatically be selected if no ``backend`` is provided. * Added initial support for parsing certificates from PKCS7 files with :func:`~cryptography.hazmat.primitives.serialization.pkcs7.load_pem_pkcs7_certificates` and :func:`~cryptography.hazmat.primitives.serialization.pkcs7.load_der_pkcs7_certificates` . * Calling ``update`` or ``update_into`` on :class:`~cryptography.hazmat.primitives.ciphers.CipherContext` with ``data`` longer than 2 :sup:`31` bytes no longer raises an ``OverflowError``. This also resolves the same issue in :doc:`/fernet`. - update to 3.0 - refreshed disable-uneven-sizes-tests.patch and skip_openssl_memleak_test.patch * Removed support for passing an Extension instance to from_issuer_subject_key_identifier(), as per our deprecation policy. * Support for LibreSSL 2.7.x, 2.8.x, and 2.9.0 has been removed * Dropped support for macOS 10.9, macOS users must upgrade to 10.10 or newer. * RSA generate_private_key() no longer accepts public_exponent values except 65537 and 3 (the latter for legacy purposes). * X.509 certificate parsing now enforces that the version field contains a valid value, rather than deferring this check until version is accessed. * Deprecated support for Python 2 * Added support for OpenSSH serialization format for ec, ed25519, rsa and dsa private keys: load_ssh_private_key() for loading and OpenSSH for writing. * Added support for OpenSSH certificates to load_ssh_public_key(). * Added encrypt_at_time() and decrypt_at_time() to Fernet. * Added support for the SubjectInformationAccess X.509 extension. * Added support for parsing SignedCertificateTimestamps in OCSP responses. * Added support for parsing attributes in certificate signing requests via get_attribute_for_oid(). * Added support for encoding attributes in certificate signing requests via add_attribute(). * On OpenSSL 1.1.1d and higher cryptography now uses OpenSSL’s built-in CSPRNG instead of its own OS random engine because these versions of OpenSSL properly reseed on fork. * Added initial support for creating PKCS12 files with serialize_key_and_certificates(). - update to 2.9.2 * 2.9.2 - 2020-04-22 - Updated the macOS wheel to fix an issue where it would not run on macOS versions older than 10.15. * 2.9.1 - 2020-04-21 - Updated Windows, macOS, and manylinux wheels to be compiled with OpenSSL 1.1.1g. * 2.9 - 2020-04-02 - BACKWARDS INCOMPATIBLE: Support for Python 3.4 has been removed due to low usage and maintenance burden. - BACKWARDS INCOMPATIBLE: Support for OpenSSL 1.0.1 has been removed. Users on older version of OpenSSL will need to upgrade. - BACKWARDS INCOMPATIBLE: Support for LibreSSL 2.6.x has been removed. - Removed support for calling public_bytes() with no arguments, as per our deprecation policy. You must now pass encoding and format. - BACKWARDS INCOMPATIBLE: Reversed the order in which rfc4514_string() returns the RDNs as required by RFC 4514. - Updated Windows, macOS, and manylinux wheels to be compiled with OpenSSL 1.1.1f. - Added support for parsing single_extensions in an OCSP response. - NameAttribute values can now be empty strings. - Add openSSL_111d.patch to make this version of the package compatible with OpenSSL 1.1.1d, thus fixing bsc#1149792. - bsc#1101820 CVE-2018-10903 GCM tag forgery via truncated tag in finalize_with_tag API * add disallow_implicit_tag_truncation.patch from https://github.com/pyca/cryptography/commit/688e0f673bfb.patch Package python-msgpack was updated: - Loose the filelist for the package info to avoid FTBFS on SLE-15-SP5 (bsc#1203743). Package python-packaging was updated: - Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)- Add patch to fix testsuite on big-endian targets + fix-big-endian-build.patch - Ignore python3.6.2 since the test doesn't support it. - update to 21.3: * Add a pp3-none-any tag (gh#pypa/packaging#311) * Replace the blank pyparsing 3 exclusion with a 3.0.5 exclusion (gh#pypa/packaging#481), (gh#pypa/packaging#486) * Fix a spelling mistake (gh#pypa/packaging#479) - update to 21.2: * Update documentation entry for 21.1. * Update pin to pyparsing to exclude 3.0.0. * PEP 656: musllinux support * Drop support for Python 2.7, Python 3.4 and Python 3.5. * Replace distutils usage with sysconfig * Add support for zip files in ``parse_sdist_filename`` * Use cached ``_hash`` attribute to short-circuit tag equality comparisons * Specify the default value for the ``specifier`` argument to ``SpecifierSet`` * Proper keyword-only &quot;/warn&quot;/ argument in packaging.tags * Correctly remove prerelease suffixes from ~= check * Fix type hints for ``Version.post`` and ``Version.dev`` * Use typing alias ``UnparsedVersion`` * Improve type inference for ``packaging.specifiers.filter()`` * Tighten the return type of ``canonicalize_version()`` - Add Provides: for python*dist(packaging): work around boo#1186870 - skip tests failing because of no-legacyversion-warning.patch - add no-legacyversion-warning.patch to restore compatibility with 20.4 - update to 20.9: * Run [isort](https://pypi.org/project/isort/) over the code base (:issue:`377`) * Add support for the ``macosx_10_*_universal2`` platform tags (:issue:`379`) * Introduce ``packaging.utils.parse_wheel_filename()`` and ``parse_sdist_filename()`` - update to 20.8: * Revert back to setuptools for compatibility purposes for some Linux distros (:issue:`363`) * Do not insert an underscore in wheel tags when the interpreter version number is more than 2 digits (:issue:`372`) * Fix flit configuration, to include LICENSE files (:issue:`357`) * Make `intel` a recognized CPU architecture for the `universal` macOS platform tag (:issue:`361`) * Add some missing type hints to `packaging.requirements` (issue:`350`) * Officially support Python 3.9 (:issue:`343`) * Deprecate the ``LegacyVersion`` and ``LegacySpecifier`` classes (:issue:`321`) * Handle ``OSError`` on non-dynamic executables when attempting to resolve the glibc version string. - update to 20.4: * Canonicalize version before comparing specifiers. (:issue:`282`) * Change type hint for ``canonicalize_name`` to return ``packaging.utils.NormalizedName``. This enables the use of static typing tools (like mypy) to detect mixing of normalized and un-normalized names. Package python-py was updated: - Remove all traces of py._path.svn{url,wc}. (bsc#1204364, CVE-2022-42969)- Add patch remove-svn-remants.patch to help with that goal. - Refresh pr_222.patch as needed for above. Package python-requests was updated: - Add CVE-2023-32681.patch to fix unintended leak of Proxy-Authorization header (CVE-2023-32681, bsc#1211674) Upstream commit: gh#psf/requests@74ea7cf7a6a2 Package python-setuptools was updated: - Add CVE-2022-40897-ReDos.patch to fix Regular Expression Denial of Service (ReDoS) in package_index.py. bsc#1206667 Package python3 was updated: - Add 99366-patch.dict-can-decorate-async.patch fixing gh#python/cpython#98086 (backport from Python 3.10 patch in gh#python/cpython!99366), fixing bsc#1211158. - Add CVE-2007-4559-filter-tarfile_extractall.patch to fix CVE-2007-4559 (bsc#1203750) by adding the filter for tarfile.extractall (PEP 706). - Use python3 modules to build the documentation. - Add bpo-44434-libgcc_s-for-pthread_cancel.patch which eliminates unnecessary and dangerous calls to PyThread_exit_thread() (bsc#1203355). - Add CVE-2023-24329-blank-URL-bypass.patch (CVE-2023-24329, bsc#1208471) blocklists bypass via the urllib.parse component when supplying a URL that starts with blank characters - Add bpo27321-email-no-replace-header.patch to stop email.generator.py from replacing a non-existent header (bsc#1208443, gh#python/cpython#71508). - Add bsc1188607-pythreadstate_clear-decref.patch to fix crash in the garbage collection (bsc#1188607). - Add CVE-2022-45061-DoS-by-IDNA-decode.patch to avoid CVE-2022-45061 (bsc#1205244) allowing DoS by IDNA decoding extremely long domain names. - Add CVE-2022-37454-sha3-buffer-overflow.patch to fix bsc#1204577 (CVE-2022-37454, gh#python/cpython#98517) buffer overflow in hashlib.sha3_* implementations (originally from the XKCP library). - Add CVE-2020-10735-DoS-no-limit-int-size.patch to fix CVE-2020-10735 (bsc#1203125) to limit amount of digits converting text to int and vice vera (potential for DoS). Originally by Victor Stinner of Red Hat. - Remove merged patch CVE-2020-8492-urllib-ReDoS.patch, CRLF_injection_via_host_part.patch, and CVE-2019-18348-CRLF_injection_via_host_part.patch. Package rsyslog was updated: - fix parsing of legacy config syntax (bsc#1205275) * add: 0001-testbench-add-test-for-legacy-permittedPeer-statemen.patch 0002-imtcp-bugfix-legacy-config-directives-did-no-longer-.patch Package runc was updated: - Update to runc v1.1.7. Upstream changelog is available from &lt;https://github.com/opencontainers/runc/releases/tag/v1.1.7&gt;. - Update runc.keyring to upstream version. - Update to runc v1.1.6. Upstream changelog is available from &lt;https://github.com/opencontainers/runc/releases/tag/v1.1.6&gt;. - Update to runc v1.1.5. Upstream changelog is available from &lt;https://github.com/opencontainers/runc/releases/tag/v1.1.5&gt;. Includes fixes for the following CVEs: - CVE-2023-25809 bsc#1209884 - CVE-2023-27561 bsc#1208962 - CVE-2023-28642 bsc#1209888 * Fix the inability to use `/dev/null` when inside a container. bsc#1168481 * Fix changing the ownership of host's `/dev/null` caused by fd redirection (a regression in 1.1.1). bsc#1207004 * Fix rare runc exec/enter unshare error on older kernels. * nsexec: Check for errors in `write_log()`. - Drop version-specific Go requirement. bsc#1202021 Package salt was updated: - Prevent _pygit2.GitError: error loading known_hosts when $HOME is not set (bsc#1210994)- Fix ModuleNotFoundError and other issues raised by salt-support module (bsc#1211591) - tornado: Fix an open redirect in StaticFileHandler (CVE-2023-28370, bsc#1211741) - Added: * 3006.0-prevent-_pygit2.giterror-error-loading-known_.patch * fix-some-issues-detected-in-salt-support-cli-module-.patch * tornado-fix-an-open-redirect-in-staticfilehandler-cv.patch - Make master_tops compatible with Salt 3000 and older minions (bsc#1212516) (bsc#1212517) - Added: * make-master_tops-compatible-with-salt-3000-and-older.patch - Avoid failures due transactional_update module not available in Salt 3006.0 (bsc#1211754) - Added: * define-__virtualname__-for-transactional_update-modu.patch - Avoid conflicts with Salt dependencies versions (bsc#1211612) - Added: * avoid-conflicts-with-dependencies-versions-bsc-12116.patch - Update to Salt release version 3006.0 (jsc#PED-4360) * See release notes: https://docs.saltproject.io/en/latest/topics/releases/3006.0.html - Add missing patch after rebase to fix collections Mapping issues - Add python3-looseversion as new dependency for salt - Add python3-packaging as new dependency for salt - Allow entrypoint compatibility for &quot;/importlib-metadata&gt;=5.0.0&quot;/ (bsc#1207071) - Create new salt-tests subpackage containing Salt tests - Drop conflictive patch dicarded from upstream - Fix SLS rendering error when Jinja macros are used - Fix version detection and avoid building and testing failures - Prevent deadlocks in salt-ssh executions - Require python3-jmespath runtime dependency (bsc#1209233) - Added: * 3005.1-implement-zypper-removeptf-573.patch * control-the-collection-of-lvm-grains-via-config.patch * fix-version-detection-and-avoid-building-and-testing.patch * make-sure-the-file-client-is-destroyed-upon-used.patch * skip-package-names-without-colon-bsc-1208691-578.patch * use-rlock-to-avoid-deadlocks-in-salt-ssh.patch - Modified: * activate-all-beacons-sources-config-pillar-grains.patch * add-custom-suse-capabilities-as-grains.patch * add-environment-variable-to-know-if-yum-is-invoked-f.patch * add-migrated-state-and-gpg-key-management-functions-.patch * add-publish_batch-to-clearfuncs-exposed-methods.patch * add-salt-ssh-support-with-venv-salt-minion-3004-493.patch * add-sleep-on-exception-handling-on-minion-connection.patch * add-standalone-configuration-file-for-enabling-packa.patch * add-support-for-gpgautoimport-539.patch * allow-vendor-change-option-with-zypper.patch * async-batch-implementation.patch * avoid-excessive-syslogging-by-watchdog-cronjob-58.patch * bsc-1176024-fix-file-directory-user-and-group-owners.patch * change-the-delimeters-to-prevent-possible-tracebacks.patch * debian-info_installed-compatibility-50453.patch * dnfnotify-pkgset-plugin-implementation-3002.2-450.patch * do-not-load-pip-state-if-there-is-no-3rd-party-depen.patch * don-t-use-shell-sbin-nologin-in-requisites.patch * drop-serial-from-event.unpack-in-cli.batch_async.patch * early-feature-support-config.patch * enable-passing-a-unix_socket-for-mysql-returners-bsc.patch * enhance-openscap-module-add-xccdf_eval-call-386.patch * fix-bsc-1065792.patch * fix-for-suse-expanded-support-detection.patch * fix-issue-2068-test.patch * fix-missing-minion-returns-in-batch-mode-360.patch * fix-ownership-of-salt-thin-directory-when-using-the-.patch * fix-regression-with-depending-client.ssh-on-psutil-b.patch * fix-salt-ssh-opts-poisoning-bsc-1197637-3004-501.patch * fix-salt.utils.stringutils.to_str-calls-to-make-it-w.patch * fix-the-regression-for-yumnotify-plugin-456.patch * fix-traceback.print_exc-calls-for-test_pip_state-432.patch * fixes-for-python-3.10-502.patch * include-aliases-in-the-fqdns-grains.patch * info_installed-works-without-status-attr-now.patch * let-salt-ssh-use-platform-python-binary-in-rhel8-191.patch * make-aptpkg.list_repos-compatible-on-enabled-disable.patch * make-setup.py-script-to-not-require-setuptools-9.1.patch * pass-the-context-to-pillar-ext-modules.patch * prevent-affection-of-ssh.opts-with-lazyloader-bsc-11.patch * prevent-pkg-plugins-errors-on-missing-cookie-path-bs.patch * prevent-shell-injection-via-pre_flight_script_args-4.patch * read-repo-info-without-using-interpolation-bsc-11356.patch * restore-default-behaviour-of-pkg-list-return.patch * return-the-expected-powerpc-os-arch-bsc-1117995.patch * revert-fixing-a-use-case-when-multiple-inotify-beaco.patch * run-salt-api-as-user-salt-bsc-1064520.patch * run-salt-master-as-dedicated-salt-user.patch * save-log-to-logfile-with-docker.build.patch * switch-firewalld-state-to-use-change_interface.patch * temporary-fix-extend-the-whitelist-of-allowed-comman.patch * update-target-fix-for-salt-ssh-to-process-targets-li.patch * use-adler32-algorithm-to-compute-string-checksums.patch * use-salt-bundle-in-dockermod.patch * x509-fixes-111.patch * zypperpkg-ignore-retcode-104-for-search-bsc-1176697-.patch - Removed: * 3003.3-do-not-consider-skipped-targets-as-failed-for.patch * 3003.3-postgresql-json-support-in-pillar-423.patch * add-amazon-ec2-detection-for-virtual-grains-bsc-1195.patch * add-missing-ansible-module-functions-to-whitelist-in.patch * add-rpm_vercmp-python-library-for-version-comparison.patch * add-support-for-name-pkgs-and-diff_attr-parameters-t.patch * adds-explicit-type-cast-for-port.patch * align-amazon-ec2-nitro-grains-with-upstream-pr-bsc-1.patch * backport-syndic-auth-fixes.patch * batch.py-avoid-exception-when-minion-does-not-respon.patch * check-if-dpkgnotify-is-executable-bsc-1186674-376.patch * clarify-pkg.installed-pkg_verify-documentation.patch * detect-module.run-syntax.patch * do-not-crash-when-unexpected-cmd-output-at-listing-p.patch * enhance-logging-when-inotify-beacon-is-missing-pyino.patch * fix-62092-catch-zmq.error.zmqerror-to-set-hwm-for-zm.patch * fix-crash-when-calling-manage.not_alive-runners.patch * fixes-pkg.version_cmp-on-openeuler-systems-and-a-few.patch * fix-exception-in-yumpkg.remove-for-not-installed-pac.patch * fix-for-cve-2022-22967-bsc-1200566.patch * fix-inspector-module-export-function-bsc-1097531-481.patch * fix-ip6_interface-grain-to-not-leak-secondary-ipv4-a.patch * fix-issues-with-salt-ssh-s-extra-filerefs.patch * fix-jinja2-contextfuntion-base-on-version-bsc-119874.patch * fix-multiple-security-issues-bsc-1197417.patch * fix-salt-call-event.send-call-with-grains-and-pillar.patch * fix-salt.states.file.managed-for-follow_symlinks-tru.patch * fix-state.apply-in-test-mode-with-file-state-module-.patch * fix-test_ipc-unit-tests.patch * fix-the-regression-in-schedule-module-releasded-in-3.patch * fix-wrong-test_mod_del_repo_multiline_values-test-af.patch * fixes-56144-to-enable-hotadd-profile-support.patch * fopen-workaround-bad-buffering-for-binary-mode-563.patch * force-zyppnotify-to-prefer-packages.db-than-packages.patch * ignore-erros-on-reading-license-files-with-dpkg_lowp.patch * ignore-extend-declarations-from-excluded-sls-files.patch * ignore-non-utf8-characters-while-reading-files-with-.patch * implementation-of-held-unheld-functions-for-state-pk.patch * implementation-of-suse_ip-execution-module-bsc-10999.patch * improvements-on-ansiblegate-module-354.patch * include-stdout-in-error-message-for-zypperpkg-559.patch * make-pass-renderer-configurable-other-fixes-532.patch * make-sure-saltcacheloader-use-correct-fileclient-519.patch * mock-ip_addrs-in-utils-minions.py-unit-test-443.patch * normalize-package-names-once-with-pkg.installed-remo.patch * notify-beacon-for-debian-ubuntu-systems-347.patch * refactor-and-improvements-for-transactional-updates-.patch * retry-if-rpm-lock-is-temporarily-unavailable-547.patch * set-default-target-for-pip-from-venv_pip_target-envi.patch * state.apply-don-t-check-for-cached-pillar-errors.patch * state.orchestrate_single-does-not-pass-pillar-none-4.patch * support-transactional-systems-microos.patch * wipe-notify_socket-from-env-in-cmdmod-bsc-1193357-30.patch - Fix problem with detecting PTF packages (bsc#1208691) - Added: * skip-package-names-without-colon-bsc-1208691-578.patch - Fixes pkg.version_cmp on openEuler systems and a few other OS flavors - Make pkg.remove function from zypperpkg module to handle also PTF packages - Added: * fixes-pkg.version_cmp-on-openeuler-systems-and-a-few.patch * 3004-implement-zypper-removeptf-574.patch - Control the collection of lvm grains via config (bsc#1204939) - Added: * control-the-collection-of-lvm-grains-via-config.patch - Pass the context to pillar ext modules - Align Amazon EC2 (Nitro) grains with upstream (bsc#1203685) - Detect module run syntax version - Implement automated patches alignment for the Salt Bundle - Ignore extend declarations from excluded SLS files (bsc#1203886) - Clarify pkg.installed pkg_verify documentation - Enhance capture of error messages for Zypper calls in zypperpkg module - Make pass renderer configurable and fix detected issues - Workaround fopen line buffering for binary mode (bsc#1203834) - Added: * clarify-pkg.installed-pkg_verify-documentation.patch * make-pass-renderer-configurable-other-fixes-532.patch * fopen-workaround-bad-buffering-for-binary-mode-563.patch * align-amazon-ec2-nitro-grains-with-upstream-pr-bsc-1.patch * detect-module.run-syntax.patch * ignore-extend-declarations-from-excluded-sls-files.patch * include-stdout-in-error-message-for-zypperpkg-559.patch * pass-the-context-to-pillar-ext-modules.patch Package selinux-policy was updated: - Add fix_cloudform.patch to fix cloud-init runcmd issue with snapper (bnc#1201015) Package shadow was updated: - bsc#1210507 (CVE-2023-29383): Check for control characters - Add shadow-CVE-2023-29383.patch Package shim was updated: - Updated shim.changes to add CVE-2022-28737 number for bsc#1198458. The issue be fixed by upgrade to shim 15.7. (bsc#1198458, CVE-2022-28737) - Sometimes SLE shim signature be Microsoft updated before openSUSE shim signature. When submit request on IBS for updating SLE shim, the submitreq project be generated, but it always be blocked by checking the signature of openSUSE shim. It doesn't make sense checking openSUSE shim signature when building SLE shim on SLE platform, and vice versa. So the following change adds the logic to compare suffix (sles, opensuse) with distro_id (sle, opensuse). When and only when hash mismatch and distro_id match with suffix, stop building. [#] compare suffix (sles, opensuse) with distro_id (sle, opensuse) [#] when hash mismatch and distro_id match with suffix, stop building - Upgrade shim-install for bsc#1210382 After closing Leap-gap project since Leap 15.3, openSUSE Leap direct uses shim from SLE. So the ca_string is 'SUSE Linux Enterprise Secure Boot CA1', not 'openSUSE Secure Boot CA1'. It causes that the update_boot=no, so all files in /boot/efi/EFI/boot are not updated. The 86b73d1 patch added the logic that using ID field in os-release for checking Leap distro and set ca_string to 'SUSE Linux Enterprise Secure Boot CA1'. Then /boot/efi/EFI/boot/* can also be updated. - https://github.com/SUSE/shim-resources (git log --oneline) 86b73d1 Fix that bootx64.efi is not updated on Leap f2e8143 Use the long name to specify the grub2 key protector 7283012 cryptodisk: support TPM authorized policies 49e7a0d Do not use tpm_record_pcrs unless the command is in command.lst 26c6bd5 Have grub take a snapshot of &quot;/relevant&quot;/ TPM PCRs 5c2c3ad Handle different cases of controlling cryptomount volumes during first stage boot a5c5734 Introduce --no-grub-install option - Updated shim signature after shim 15.7 be signed back: signature-sles.x86_64.asc, signature-sles.aarch64.asc (bsc#1198458, CVE-2022-28737) - Add POST_PROCESS_PE_FLAGS=-N to the build command in shim.spec to disable the NX compatibility flag when using post-process-pe because grub2 is not ready. (bsc#1205588) - Kernel can boot with the NX compatibility flag since 82e0d6d76a2a7 be merged to v5.19. On the other hand, upstream is working on improve compressed kernel stage for NX: [PATCH v3 00/24] x86_64: Improvements at compressed kernel stage https://www.spinics.net/lists/kernel/msg4599636.html - Add shim-Enable-the-NX-compatibility-flag-by-default.patch to enable the NX compatibility flag by default. (jsc#PED-127) - Drop upstreamed patch: - shim-Enable-TDX-measurement-to-RTMR-register.patch - Enable TDX measurement to RTMR register (jsc#PED-1273) - 4fd484e4c2 15.7 - Update to 15.7 (bsc#1198458)(jsc#PED-127) - Patches (git log --oneline --reverse 15.6..15.7) 0eb07e1 Make SBAT variable payload introspectable 092c2b2 Reference MokListRT instead of MokList 8b59b69 Add a link to the test plan in the readme. 4fd484e Enable TDX measurement to RTMR register 14d6339 Discard load-options that start with a NUL 5c537b3 shim: Flush the memory region from i-cache before execution 2d4ebb5 load_cert_file: Fix stack issue ea4911c load_cert_file: Use EFI RT memory function 0cf43ac Add -malign-double to IA32 compiler flags 17f0233 pe: Fix image section entry-point validation 5169769 make-archive: Build reproducible tarball aa1b289 mok: remove MokListTrusted from PCR 7 53509ea CryptoPkg/BaseCryptLib: fix NULL dereference 616c566 More coverity modeling ea0d0a5 Update shim's .sbat to sbat,3 dd8be98 Bump grub's sbat requirement to grub,3 1149161 (HEAD -&gt; main, tag: 15.7, origin/main, origin/HEAD) Update version to 15.7 - 15.7 release note https://github.com/rhboot/shim/releases Make SBAT variable payload introspectable by @chrisccoulson in #483 Reference MokListRT instead of MokList by @esnowberg in #488 Add a link to the test plan in the readme. by @vathpela in #494 [V3] Enable TDX measurement to RTMR register by @kenplusplus in #485 Discard load-options that start with a NUL by @frozencemetery in #505 load_cert_file bugs by @esnowberg in #523 Add -malign-double to IA32 compiler flags by @nicholasbishop in #516 pe: Fix image section entry-point validation by @iokomin in #518 make-archive: Build reproducible tarball by @julian-klode in #527 mok: remove MokListTrusted from PCR 7 by @baloo in #519 - Drop upstreamed patch: - shim-bsc1177789-fix-null-pointer-deref-AuthenticodeVerify.patch - Cryptlib/CryptAuthenticode: fix NULL pointer dereference in AuthenticodeVerify() - 53509eaf22 15.7 - shim-jscPED-127-upgrade-shim-in-SLE15-SP5.patch - For backporting the following patches between 15.6 with aa1b289a1a (jsc#PED-127) - The following patches are merged to 15.7 aa1b289a1a mok: remove MokListTrusted from PCR 7 0cf43ac6d7 Add -malign-double to IA32 compiler flags ea4911c2f3 load_cert_file: Use EFI RT memory function 2d4ebb5a79 load_cert_file: Fix stack issue 5c537b3d0c shim: Flush the memory region from i-cache before execution 14d6339829 Discard load-options that start with a NUL 092c2b2bbe Reference MokListRT instead of MokList 0eb07e11b2 Make SBAT variable payload introspectable - Update shim.changes, added missed shim 15.6-rc1 and 15.6 changelog to the item in Update to 15.6. (bsc#1198458) - Add shim-jscPED-127-upgrade-shim-in-SLE15-SP5.patch for backporting the following patches between 15.6 with aa1b289a1a (jsc#PED-127): aa1b289a1a16774afc3143b8948d97261f0872d0 mok: remove MokListTrusted from PCR 7 0cf43ac6d78c6f47f8b91210639ac1aa63665f0b Add -malign-double to IA32 compiler flags ea4911c2f3ce8f8f703a1476febac86bb16b00fd load_cert_file: Use EFI RT memory function 2d4ebb5a798aafd3b06d2c3cb9c9840c1caa41ef load_cert_file: Fix stack issue 5c537b3d0cf8c393dad2e61d49aade68f3af1401 shim: Flush the memory region from i-cache before execution 14d63398298c8de23036a4cf61594108b7345863 Discard load-options that start with a NUL 092c2b2bbed950727e41cf450b61c794881c33e7 Reference MokListRT instead of MokList 0eb07e11b20680200d3ce9c5bc59299121a75388 Make SBAT variable payload introspectable - Add shim-Enable-TDX-measurement-to-RTMR-register.patch to support enhance shim measurement to TD RTMR. (jsc#PED-1273) - For pushing openSUSE:Factory/shim to SLE15-SP5, sync the shim.spec and shim.changes: (jsc#PED-127) - Add some change log from SLE shim.changes to Factory shim.changes Those messages are added &quot;/(sync shim.changes from SLE)&quot;/ tag. - Add the following changes to shim.spec - only apply Patch100, the shim-bsc1198101-opensuse-cert-prompt.patch on openSUSE. - Enable the AArch64 signature check for SLE: [#] AArch64 signature signature=%{SOURCE13} - shim-install: ensure grub.cfg created is not overwritten after installing grub related files - Add logic to shim.spec to only set sbat policy when efivarfs is writeable. (bsc#1201066) - Add logic to shim.spec for detecting --set-sbat-policy option before using mokutil to set sbat policy. (bsc#1202120) - Change the URL in SBAT section to mail:security@suse.de. (bsc#1193282) - Revoked the change in shim.spec for &quot;/use common SBAT values (boo#1193282)&quot;/ - we need to build openSUSE Tumbleweed's shim on Leap 15.4 because Factory is unstable for building out a stable shim binary for signing. (bsc#1198458) - But the rpm-config-suse package in Leap 15.4 is direct copied from SLE 15.4 because closing-the-leap-gap. So sbat_distro_* variables are SLE version, not for openSUSE. (bsc#1198458) - Update to 15.6 (bsc#1198458) - shim-15.6.tar.bz2 is downloaded from bsc#1198458#c76 which is from upstream grub2.cve_2021_3695.ms keybase channel. - For building 15.6~rc1 aarch64 image (d6eb9c6 Modernize aarch64), objcopy needs to support efi-app-aarch64 target. So we need the following patches in bintuils: - binutils-AArch64-Add-support-for-AArch64-EFI-efi-aarch64.patch b69c9d41e8 AArch64: Add support for AArch64 EFI (efi-*-aarch64). - binutils-Re-AArch64-Add-support-for-AArch64-EFI-efi-aarch64.patch 32384aa396 Re: AArch64: Add support for AArch64 EFI (efi-*-aarch64) - binutils-Re-Add-support-for-AArch64-EFI-efi-aarch64.patch d91c67e873 Re: Add support for AArch64 EFI (efi-*-aarch64) - Patches (git log --oneline --reverse 15.5~..77144e5a4) 448f096 MokManager: removed Locate graphic output protocol fail error message (bsc#1193315, bsc#1198458) a2da05f shim: implement SBAT verification for the shim_lock protocol bda03b8 post-process-pe: Fix a missing return code check af18810 CI: don't cancel testing when one fails ba580f9 CI: remove EOL Fedoras from github actions bfeb4b3 Remove aarch64 build tests before f35 38cc646 CI: Add f36 and centos9 CI build tests. b5185cb post-process-pe: Fix format string warnings on 32-bit platforms 31094e5 tests: also look for system headers in multi-arch directories 4df989a mock-variables.c: fix gcc warning 6aac595 test-str.c: fix gcc warnings with FORTIFY_SOURCE enabled 2670c6a Allow MokListTrusted to be enabled by default 5c44aaf Add code of conduct d6eb9c6 Modernize aarch64 9af50c1 Use ASCII as fallback if Unicode Box Drawing characters fail de87985 make: don't treat cert.S specially 803dc5c shim: use SHIM_DEVEL_VERBOSE when built in devel mode 6402f1f SBAT matching: Break out of the inner sbat loop if we find the entry. bb4b60e Add verify_image acfd48f Abstract out image reading 35d7378 Load additional certs from a signed binary 8ce2832 post-process-pe: there is no 's' argument. 465663e Add some missing PE image flag definitions 226fee2 PE Loader: support and require NX df96f48 Add MokPolicy variable and MOK_POLICY_REQUIRE_NX b104fc4 post-process-pe: set EFI_IMAGE_DLLCHARACTERISTICS_NX_COMPAT f81a7cc SBAT revocation management abe41ab make: unbreak scan-build again for gnu-efi 610a1ac sbat.h: minor reformatting for legibility f28833f peimage.h: make our signature macros force the type 5d789ca Always initialize data/datasize before calling read_image() a50d364 sbat policy: make our policy change actions symbolic 5868789 load_certs: trust dir-&gt;Read() slightly less. a78673b mok.c: fix a trivial dead assignment 759f061 Fix preserve_sbat_uefi_variable() logic aa61fdf Give the Coverity scanner some more GCC blinders... 0214cd9 load_cert_file(): don't defererence NULL 1eca363 mok import: handle OOM case 75449bc sbat: Make nth_sbat_field() honor the size limit c0bcd04 shim-15.6~rc1 77144e5 SBAT Policy latest should be a one-shot - 15.5 release note https://github.com/rhboot/shim/releases Broken ia32 relocs and an unimportant submodule change. by @vathpela in #357 mok: allocate MOK config table as BootServicesData by @lcp in #361 Don't call QueryVariableInfo() on EFI 1.10 machines by @vathpela in #364 Relax the check for import_mok_state() by @lcp in #372 SBAT.md: trivial changes by @hallyn in #389 shim: another attempt to fix load options handling by @chrisccoulson in #379 Add tests for our load options parsing. by @vathpela in #390 arm/aa64: fix the size of .rela* sections by @lcp in #383 mok: fix potential buffer overrun in import_mok_state by @jyong2 in #365 mok: relax the maximum variable size check by @lcp in #369 Don't unhook ExitBootServices when EBS protection is disabled by @sforshee in #378 fallback: find_boot_option() needs to return the index for the boot entry in optnum by @jsetje in #396 httpboot: Ignore case when checking HTTP headers by @frozencemetery in #403 Fallback allocation errors by @vathpela in #402 shim: avoid BOOTx64.EFI in message on other architectures by @xypron in #406 str: remove duplicate parameter check by @xypron in #408 fallback: add compile option FALLBACK_NONINTERACTIVE by @xnox in #359 Test mok mirror by @vathpela in #394 Modify sbat.md to help with readability. by @eshiman in #398 csv: detect end of csv file correctly by @xypron in #404 Specify that the .sbat section is ASCII not UTF-8 by @daxtens in #413 tests: add &quot;/include-fixed&quot;/ GCC directory to include directories by @diabonas in #415 pe: simplify generate_hash() by @xypron in #411 Don't make shim abort when TPM log event fails (RHBZ #2002265) by @rmetrich in #414 Fallback to default loader if parsed one does not exist by @julian-klode in #393 fallback: Fix for BootOrder crash when index returned by find_boot_option() is not in current BootOrder list by @rmetrich in #422 Better console checks by @vathpela in #416 docs: update SBAT UEFI variable name by @nicholasbishop in #421 Don't parse load options if invoked from removable media path by @julian-klode in #399 fallback: fix fallback not passing arguments of the first boot option by @martinezjavier in #433 shim: Don't stop forever at &quot;/Secure Boot not enabled&quot;/ notification by @rmetrich in #438 Shim 15.5 coverity by @vathpela in #439 Allocate mokvar table in runtime memory. by @vathpela in #447 Remove post-process-pe on 'make clean' by @vathpela in #448 pe: missing perror argument by @xypron in #443 - 15.6-rc1 release note https://github.com/rhboot/shim/releases MokManager: removed Locate graphic output protocol fail error message by @joeyli in #441 shim: implement SBAT verification for the shim_lock protocol by @chrisccoulson in #456 post-process-pe: Fix a missing return code check by @vathpela in #462 Update github actions matrix to be more useful by @frozencemetery in #469 Add f36 and centos9 CI builds by @vathpela in #470 post-process-pe: Fix format string warnings on 32-bit platforms by @steve-mcintyre in #464 tests: also look for system headers in multi-arch directories by @steve-mcintyre in #466 tests: fix gcc warnings by @akodanev in #463 Allow MokListTrusted to be enabled by default by @esnowberg in #455 Add code of conduct by @frozencemetery in #427 Re-add ARM AArch64 support by @vathpela in #468 Use ASCII as fallback if Unicode Box Drawing characters fail by @vathpela in #428 make: don't treat cert.S specially by @vathpela in #475 shim: use SHIM_DEVEL_VERBOSE when built in devel mode by @vathpela in #474 Break out of the inner sbat loop if we find the entry. by @vathpela in #476 Support loading additional certificates by @esnowberg in #446 Add support for NX (W^X) mitigations. by @vathpela in #459 Misc fixups from scan-build. by @vathpela in #477 Fix preserve_sbat_uefi_variable() logic by @jsetje in #478 - 15.6 release note https://github.com/rhboot/shim/releases MokManager: removed Locate graphic output protocol fail error message by @joeyli in #441 shim: implement SBAT verification for the shim_lock protocol by @chrisccoulson in #456 post-process-pe: Fix a missing return code check by @vathpela in #462 Update github actions matrix to be more useful by @frozencemetery in #469 Add f36 and centos9 CI builds by @vathpela in #470 post-process-pe: Fix format string warnings on 32-bit platforms by @steve-mcintyre in #464 tests: also look for system headers in multi-arch directories by @steve-mcintyre in #466 tests: fix gcc warnings by @akodanev in #463 Allow MokListTrusted to be enabled by default by @esnowberg in #455 Add code of conduct by @frozencemetery in #427 Re-add ARM AArch64 support by @vathpela in #468 Use ASCII as fallback if Unicode Box Drawing characters fail by @vathpela in #428 make: don't treat cert.S specially by @vathpela in #475 shim: use SHIM_DEVEL_VERBOSE when built in devel mode by @vathpela in #474 Break out of the inner sbat loop if we find the entry. by @vathpela in #476 Support loading additional certificates by @esnowberg in #446 Add support for NX (W^X) mitigations. by @vathpela in #459 Misc fixups from scan-build. by @vathpela in #477 Fix preserve_sbat_uefi_variable() logic by @jsetje in #478 SBAT Policy latest should be a one-shot by @jsetje in #481 pe: Fix a buffer overflow when SizeOfRawData &gt; VirtualSize by @chriscoulson pe: Perform image verification earlier when loading grub by @chriscoulson Update advertised sbat generation number for shim by @jsetje Update SBAT generation requirements for 05/24/22 by @jsetje Also avoid CVE-2022-28737 in verify_image() by @vathpela - Drop upstreamed patch: - shim-bsc1184454-allocate-mok-config-table-BS.patch - Allocate MOK config table as BootServicesData to avoid the error message from linux kernel - 4068fd42c8 15.5-rc1~70 - shim-bsc1185441-fix-handling-of-ignore_db-and-user_insecure_mode.patch - Handle ignore_db and user_insecure_mode correctly - 822d07ad4f07 15.5-rc1~73 - shim-bsc1185621-relax-max-var-sz-check.patch - Relax the maximum variable size check for u-boot - 3f327f546c219634b2 15.5-rc1~49 - shim-bsc1185261-relax-import_mok_state-check.patch - Relax the check for import_mok_state() when Secure Boot is off - 9f973e4e95b113 15.5-rc1~67 - shim-bsc1185232-relax-loadoptions-length-check.patch - Relax the check for the LoadOptions length - ada7ff69bd8a95 15.5-rc1~52 - shim-fix-aa64-relsz.patch - Fix the size of rela* sections for AArch64 - 34e3ef205c5d65 15.5-rc1~51 - shim-bsc1187260-fix-efi-1.10-machines.patch - Don't call QueryVariableInfo() on EFI 1.10 machines - 493bd940e5 15.5-rc1~69 - shim-bsc1185232-fix-config-table-copying.patch - Avoid buffer overflow when copying the MOK config table - 7501b6bb44 15.5-rc1~50 - shim-bsc1187696-avoid-deleting-rt-variables.patch - Avoid deleting the mirrored RT variables - b1fead0f7c9 15.5-rc1~37 - Add &quot;/rm -f *.o&quot;/ after building MokManager/fallback in shim.spec to make sure all object files gets rebuilt - reference: https://github.com/rhboot/shim/pull/461 - The following fix-CVE-2022-28737-v6 patches against bsc#1198458 are included in shim-15.6.tar.bz2 - shim-bsc1198458-pe-Fix-a-buffer-overflow-when-SizeOfRawData-VirtualS.patch pe: Fix a buffer overflow when SizeOfRawData VirtualSize - shim-bsc1198458-pe-Perform-image-verification-earlier-when-loading-g.patch pe: Perform image verification earlier when loading grub - shim-bsc1198458-Update-advertised-sbat-generation-number-for-shim.patch Update advertised sbat generation number for shim - shim-bsc1198458-Update-SBAT-generation-requirements-for-05-24-22.patch Update SBAT generation requirements for 05/24/22 - shim-bsc1198458-Also-avoid-CVE-2022-28737-in-verify_image.patch Also avoid CVE-2022-28737 in verify_image() - 0006-shim-15.6-rc2.patch - 0007-sbat-add-the-parsed-SBAT-variable-entries-to-the-deb.patch sbat: add the parsed SBAT variable entries to the debug log - 0008-bump-version-to-shim-15.6.patch - Add mokutil command to post script for setting sbat policy to latest mode when the SbatPolicy-605dab50-e046-4300-abb6-3dd810dd8b23 is not created. (bsc#1198458) - Add shim-bsc1198101-opensuse-cert-prompt.patch back to openSUSE shim to show the prompt to ask whether the user trusts openSUSE certificate or not (bsc#1198101) - Updated vendor dbx binary and script (bsc#1198458) - Updated dbx-cert.tar.xz and vendor-dbx-sles.bin for adding SLES-UEFI-SIGN-Certificate-2021-05.crt to vendor dbx list. - Updated dbx-cert.tar.xz and vendor-dbx-opensuse.bin for adding openSUSE-UEFI-SIGN-Certificate-2021-05.crt to vendor dbx list. - Updated vendor-dbx.bin for adding SLES-UEFI-SIGN-Certificate-2021-05.crt and openSUSE-UEFI-SIGN-Certificate-2021-05.crt for testing environment. - Updated generate-vendor-dbx.sh script for generating a vendor-dbx.bin file which includes all .der for testing environment. - use common SBAT values (boo#1193282) - Update the SLE signatures (sync shim.changes from SLE) (sync shim.changes from SLE) - Add shim-bsc1185232-fix-config-table-copying.patch to avoid buffer overflow when copying data to the MOK config table (bsc#1185232) - Add shim-disable-export-vendor-dbx.patch to disable exporting vendor-dbx to MokListXRT since writing a large RT variable could crash some machines (bsc#1185261) - Add shim-bsc1187260-fix-efi-1.10-machines.patch to avoid the potential crash when calling QueryVariableInfo in EFI 1.10 machines (bsc#1187260) - Add shim-fix-aa64-relsz.patch to fix the size of rela sections for AArch64 Fix: https://github.com/rhboot/shim/issues/371 - Add shim-bsc1185232-relax-loadoptions-length-check.patch to ignore the odd LoadOptions length (bsc#1185232) - shim-install: reset def_shim_efi to &quot;/shim.efi&quot;/ if the given file doesn't exist - Add shim-bsc1185261-relax-import_mok_state-check.patch to relax the check for import_mok_state() when Secure Boot is off. (bsc#1185261) (sync shim.changes from SLE) - Add shim-bsc1185621-relax-max-var-sz-check.patch to relax the maximum variable size check for u-boot (bsc#1185621) - Add shim-bsc1185441-fix-handling-of-ignore_db-and-user_insecure_mode.patch to handle ignore_db and user_insecure_mode correctly (bsc#1185441, bsc#1187071) - Split the keys in vendor-dbx.bin to vendor-dbx-sles and vendor-dbx-opensuse for shim-sles and shim-opensuse to reduce the size of MokListXRT (bsc#1185261) + Also update generate-vendor-dbx.sh in dbx-cert.tar.xz - Enable the AArch64 signature check for SLE (sync shim.changes from SLE) - Update the SLE signatures (sync shim.changes from SLE) Package snapper was updated: - improved responsiveness of snapperd when a btrfs quota rescan is running (see bsc#1211459) * added pr821.patch - avoid stale btrfs qgroups on transactional systems (bsc#1210151) * added pr805.patch - wait for existing btrfs quota rescans to finish (bsc#1210150) * added pr790.patch Package sqlite3 was updated: - bsc#1206337, CVE-2022-46908, sqlite-CVE-2022-46908.patch: relying on --safe for execution of an untrusted CLI script Package sudo was updated: - Fix CVE-2023-28486, sudo does not escape control characters in log messages, (CVE-2023-28486, bsc#1209362) * Add sudo-CVE-2023-28486.patch - Fix CVE-2023-28487, sudo does not escape control characters in sudoreplay output (CVE-2023-28487, bsc#1209361) - sudo-dont-enable-read-after-pty_finish.patch * bsc#1203201 * Do not re-enable the reader when flushing the buffers as part of pty_finish(). * While sudo-observe-SIGCHLD patch applied earlier prevents a race condition from happening, this fixes a related buffer hang. - Added sudo-fix_NULL_deref_RunAs.patch * bsc#1206483 * Fix a situation where &quot;/sudo -U otheruser -l&quot;/ would dereference a NULL pointer. - Added sudo-CVE-2023-22809.patch * CVE-2023-22809 * bsc#1207082 * Prevent '--' in the EDITOR environment variable which can allow users to edit sensitive files as root. - Added sudo-utf8-ldap-schema.patch * Change sudo-ldap schema from ASCII to UTF8. * Fixes bsc#1197998 * Credit to William Brown &lt;william.brown@suse.com&gt; * https://github.com/sudo-project/sudo/pull/163 - Added sudo-observe-SIGCHLD.patch * Make sure SIGCHLD is not ignored when sudo is executed; fixes race condition. * bsc#1203201 * Sourced from https://github.com/sudo-project/sudo/commit/727056e - Added sudo-CVE-2022-43995.patch * CVE-2022-43995 * bsc#1204986 * Fixed a potential heap-based buffer over-read when entering a password of seven characters or fewer and using the crypt() password backend. - Fixed an issue where some redundant entries in a sudo configuration file caused freed memory to be accessed in the error message thus wrong information was output in the error message. * [bsc#1190818] * Added [sudo-1.9.5p2-no_free_alias_name.patch] Sourced from the following git commit hashes: | 9ed14870c Add garbage collection to the sudoers parser to clean up on error. This makes it possible to avoid memory leaks when there is a parse error. | bdb02b1ef Got back to calling alias_free() on alias_add() failure. We now need to remove the name and members from the leak list * before* calling alias_add() since alias_add() will consume them for both success and failure. | b4cabdb39 Don't free the alias name in alias_add() if the alias already exists. We need to be able to display it using alias_error(). Only free what we actually allocated in alias_add() on error and let the caller handle cleanup. Note that we cannot completely fill in the alias until it is inserted. Otherwise, we will have modified the file and members parameters even if there was an error. As a result, we have to remove those from the leak list after alias_add(), not before. Package supportutils was updated: - Changes to supportconfig version 3.1.11-46.3 + Added missed sanitation check on crash.txt (bsc#1203818) - Changes to supportconfig.rc version 3.1.11-30 + Added check to _sanitize_file + Using variable for replement text in _sanitize_file - Added lifecycle information (issue#140) - Changes to version 3.1.21 + Added type output with df command in fs-diskio.txt (issue#141) + Gather all files in /etc/security/limits.d/ (issue#142) + Fixed KVM virtualization detection on bare metal (bsc#1184689) + Added logging using journalctl (bsc#1200330) + Passwords correctly removed from email.txt, updates.txt and fs-iscsi.txt (bsc#1203818) + Added system logging configuration and checking in messages_config.txt (issue#103) + If rsyslog not installed collect more from journalctl (issue#120) + Added systemd-status.txt for the status of all service units (issue#125) + autofs includes files in (+dir:&lt;path&gt;) (issue#111) + Get current sar data before collecting files (bsc#1192648) + Collects everything in /etc/multipath/ (bsc#1192252) + Collects power management information in hardware.txt (bsc#1197428) + Checks for suseconnect-ng or SUSEConnect packages (bsc#1202337) + Fixed conf_files and conf_text_files so y2log is gathered (issue#134, bsc#1202269) + Update to nvme_info and block_info #133 (bsc#1202417) + Added IO scheduler (issue#136) + Added includedir directories from /etc/sudoers (bsc#1188086) - Added a listing to /dev/mapper/. #129 Package suse-build-key was updated: - Establish multiple new 4096 RSA keys that we will switch to mid of 2023. (jsc#PED-2777) - gpg-pubkey-3fa1d6ce-63c9481c.asc: new 4096 RSA signing key for SLE (RPM+repos). - gpg-pubkey-d588dc46-63c939db.asc: new 4096 RSA reserver key for SLE (RPM+repos). - suse_ptf_key_4096.asc: new 4096 RSA signing key for PTF RPMs. - build-container-8fd6c337-63c94b45.asc/build-container-8fd6c337-63c94b45.pem: new RSA 4096 key for the SUSE registry registry.suse.com, installed as suse-container-key-2023.pem and suse-container-key-2023.asc - suse_ptf_containerkey_2023.asc suse_ptf_containerkey_2023.pem: New PTF container signing key for registry.suse.com/ptf/ space. - added /usr/share/pki/containers directory for container pem keys (cosign/sigstore style), put our PEM key there too (bsc#1204706) Package systemd was updated: - Fix systemd-coredump to not allow user to access coredumps with changed uid/gid/capabilities (bsc#1205000 CVE-2022-4415) Add 5000-coredump-Fix-format-string-type-mismatch.patch Add 5001-coredump-drop-an-unused-variable.patch Add 5002-coredump-adjust-whitespace.patch Add 5003-coredump-do-not-allow-user-to-access-coredumps-with-.patch - Import commit b83846dc8a5db633cc6cf05a33ddc054f725214e 4d53a5440f udev/net_id: show the correct identifier in the debug output of dev_pci_onboard() f70647a7b7 udev/net_id: add debug logging for construction of device names 48f40fbc8e pid1: set SYSTEMD_NSS_DYNAMIC_BYPASS=1 env var for dbus-daemon (bsc#1203857) 7e4434d883 docs: $SYSTEMD_NSS_BYPASS_BUS is not honoured anymore, don't document it 2bdfc2d8cf pid1: lookup owning PID of BusName= name of services asynchronously dba888a4d3 pid1: watch bus name always when we have it f524807b89 udev: add one more assertion 8558101c73 udev: drop assertion which is always false 566a66dc5c udev: support by-path devlink for multipath nvme block devices (bsc#1200723) b4c4edaada tests: minor simplification in test-execute 76d510c625 tests: make test-execute pass on openSUSE - Drop the following patches which are part of 'SUSE/v246' now: 6000-udev-net_id-add-debug-logging-for-construction-of-de.patch 6001-udev-net_id-show-the-correct-identifier-in-the-debug.patch - 80-hotplug-cpu-mem.rules: restrict cpu rule to x86_64 (bsc#1204423) Also update the rule files to make use of the &quot;/CONST{arch}&quot;/ syntax (available since v244). - Import commit 56bee38fd0da18dad5fc5c5d12c02238a22b50e2 42a26330fc time-util: fix buffer-over-run (bsc#1204968 CVE-2022-3821) 8a70235d8a core: Add trigger limit for path units 93e544f3a0 core/mount: also add default before dependency for automount mount units 5916a7748c logind: fix crash in logind on user-specified message string - Add 1010-man-describe-the-net-naming-schemes-specific-to-SLE.patch (bsc#1204179) Package systemd-presets-common-SUSE was updated: Package tar was updated: - Fix CVE-2022-48303, tar has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump (CVE-2022-48303, bsc#1207753) * fix-CVE-2022-48303.patch - Fix hang when unpacking test tarball, bsc#1202436 * remove bsc1202436.patch * bsc1202436-1.patch * bsc1202436-1.patch - Fix hang when unpacking test tarball, bsc#1202436 * bsc1202436.patch - Fix unexpected inconsistency when making directory, bsc#1203600 * tar-avoid-overflow-in-symlinks-tests.patch * tar-fix-extract-unlink.patch - Update race condition fix, bsc#1200657 * tar-fix-race-condition.patch - Refresh bsc1200657.patch Package timezone was updated: - timezone update 2023c: * Revert changes made in 2023b - timezone update 2023b: * Lebanon delays the start of DST this year. - timezone update 2023a: * Egypt now uses DST again, from April through October. * This year Morocco springs forward April 23, not April 30. * Palestine delays the start of DST this year. * Much of Greenland still uses DST from 2024 on. * America/Yellowknife now links to America/Edmonton. * tzselect can now use current time to help infer timezone. * The code now defaults to C99 or later. - Refresh tzdata-china.diff - timezone update 2022g (bsc#1177460): * In the Mexican state of Chihuahua, the border strip near the US will change to agree with nearby US locations on 2022-11-30. The strip's western part, represented by Ciudad Juárez, switches from -06 all year to -07/-06 with US DST rules, like El Paso, TX. The eastern part, represented by Ojinaga, will observe US DST next year, like Presidio, TX. A new Zone America/Ciudad_Juarez splits from America/Ojinaga. * Much of Greenland, represented by America/Nuuk, stops observing winter time after March 2023, so its daylight saving time becomes standard time. * Changes for pre-1996 northern Canada * Update to past DST transition in Colombia (1993), Singapore (1981) * timegm is now supported by default - timezone update 2022f (bsc#1177460): * Mexico will no longer observe DST except near the US border * Chihuahua moves to year-round -06 on 2022-10-30 * Fiji no longer observes DST * Move links to 'backward' * In vanguard form, GMT is now a Zone and Etc/GMT a link * zic now supports links to links, and vanguard form uses this * Simplify four Ontario zones * Fix a Y2438 bug when reading TZif data * Enable 64-bit time_t on 32-bit glibc platforms * Omit large-file support when no longer needed * In C code, use some C23 features if available * Remove no-longer-needed workaround for Qt bug 53071 - Refreshed patches: * fat.patch * tzdata-china.diff - timezone update 2022e (bsc#1177460): * Jordan and Syria switch from +02/+03 with DST to year-round +03 - timezone update 2022d: * Palestine transitions are now Saturdays at 02:00 * Simplify three Ukraine zones into one - timezone update 2022c: * Work around awk bug * Improve tzselect on intercontinental Zones - timezone update 2022b: * Chile's DST is delayed by a week in September 2022 boo#1202324 * Iran no longer observes DST after 2022 * Rename Europe/Kiev to Europe/Kyiv * New zic -R option * Vanguard form now uses %z * Finish moving duplicate-since-1970 zones to 'backzone' - Refresh tzdata-china.diff - Remove upstreamed bsc1202310.patch Package transactional-update was updated: - Version 4.0.1 - create_dirs_from_rpmdb: Just warn if no default SELinux context found [gh#openSUSE/transactional-update#88], [bsc#1188215] - create_dirs_from_rpmdb: Don't update the rpmdb cookie on failure [gh#openSUSE/transactional-update#88] - Handle directories owned by multiple packages [gh#openSUSE/transactional-update#90], [bsc#1188215] - Version 4.0.0 - Last minute interface change: Changed &quot;/List&quot;/ method of Snapshot D-Bus interface to return a map of properties instead of a comma separated list of strings; this will allow retrieving the snapshot properties even if they contain a comma in their value [boo#1202147] - Remove &quot;/Snapshot.hpp&quot;/ as a public API for now - all public functionality is part of SnapshotManager.hpp - Add header file documentation for SnapshotManager.hpp - Add method to delete snapshot [gh#openSUSE/transactional-update#52] - Allow setting description of snapshot [gh#openSUSE/transactional-update#55] - create_dirs_from_rpmdb: set SELinux file context of missing directories [gh#openSUSE/transactional-update#84], [bsc#1197242] - Fix broken logrotate due to typo in config file [gh#openSUSE/transactional-update#87] - create_dirs_from_rpmdb: Fix handling return code of create_dirs() [gh#openSUSE/transactional-update#86] - Fix broken &quot;/shell&quot;/ prompt after selfupdate - Add documented D-Bus interface definition files - Add tukit_sm_get_current and tukit_sm_get_default to C interface - Fixed typos - Moved logrotate files from user specific directory /etc/logrotate.d to vendor specific directory /usr/etc/logrotate.d. - Version 4.0.0~rc4 - Fix building with GCC 12 - Fix stack overflow with very long commands / ids [bsc#1196149] - Use separate mount namespace for chroot, allowing overwriting the bind mounts from the update environment - this could have lead to data loss of the bind mount previously - Fix C error and exception handling for snapshots Package util-linux was updated: - Add upstream patch fix-lib-internal-cache-size.patch bsc#1210164, gh#util-linux/util-linux@2fa4168c8bc9 - Fix tests not passing when '@' character is in build path: Fixes rpmbuild %checks fail when @ in the directory path (bsc#1194038). - Add util-linux-fix-tests-when-at-symbol-in-path.patch - libuuid continuous clock handling for time based UUIDs: Prevent use of the new libuuid ABI by uuidd %post before update of libuuid1 (bsc#1205646). - util-linux-uuidd-prevent-root-owning.patch: Use chown --quiet to prevent error message if /var/lib/libuuid/clock.txt does not exist. - Fix file conflict during upgrade (boo#1204211). - libuuid improvements (bsc#1201959, PED-1150): * libuuid: Fix range when parsing UUIDs (util-linux-libuuid-uuid_parse-overrun.patch). * Improve cache handling for short running applications-increment the cache size over runtime (util-linux-libuuid-improve-cache-handling.patch). * Implement continuous clock handling for time based UUIDs (util-linux-libuuid-continuous-clock-handling.patch). * Check clock value from clock file to provide seamless libuuid update (util-linux-libuuid-check-clock-value.patch). Package util-linux-systemd was updated: - Add upstream patch fix-lib-internal-cache-size.patch bsc#1210164, gh#util-linux/util-linux@2fa4168c8bc9 - libuuid continuous clock handling for time based UUIDs: Prevent use of the new libuuid ABI by uuidd %post before update of libuuid1 (bsc#1205646). - util-linux-uuidd-prevent-root-owning.patch: Use chown --quiet to prevent error message if /var/lib/libuuid/clock.txt does not exist. - Fix file conflict during upgrade (boo#1204211). - libuuid improvements (bsc#1201959, PED-1150): * libuuid: Fix range when parsing UUIDs (util-linux-libuuid-uuid_parse-overrun.patch). * Improve cache handling for short running applications-increment the cache size over runtime (util-linux-libuuid-improve-cache-handling.patch). * Implement continuous clock handling for time based UUIDs (util-linux-libuuid-continuous-clock-handling.patch). * Check clock value from clock file to provide seamless libuuid update (util-linux-libuuid-check-clock-value.patch). Package vim was updated: - Updated to version 9.0 with patch level 1572, fixes the following security problems * Fixing bsc#1210996 (CVE-2023-2426) - VUL-0: CVE-2023-2426: vim: Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 9.0.1499. * Fixing bsc#1211256 (CVE-2023-2609) - VUL-1: CVE-2023-2609: vim: NULL Pointer Dereference prior to 9.0.1531 * Fixing bsc#1211257 (CVE-2023-2610) - VUL-1: CVE-2023-2610: vim: Integer Overflow or Wraparound prior to 9.0.1532 - for the complete list of changes see https://github.com/vim/vim/compare/v9.0.1443...v9.0.1572 - Fixing bsc#1211144 - [Build 96.1] openQA test fails in zypper_migration - conflict between xxd and vim * Revert the creation standalone xxd packages - Updated to version 9.0 with patch level 1443, fixes the following security problems * Fixing bsc#1209042 (CVE-2023-1264) - VUL-0: CVE-2023-1264: vim: NULL Pointer Dereference vim prior to 9.0.1392 * Fixing bsc#1209187 (CVE-2023-1355) - VUL-0: CVE-2023-1355: vim: NULL Pointer Dereference prior to 9.0.1402. * Fixing bsc#1208828 (CVE-2023-1127) - VUL-1: CVE-2023-1127: vim: divide by zero in scrolldown() - drop vim-8.0-ttytype-test.patch as it changes test_options.vim which we remove during %prep anyway. And this breaks quilt setup. - for the complete list of changes see https://github.com/vim/vim/compare/v9.0.1386...v9.0.1443 - Updated to version 9.0 with patch level 1386, fixes the following security problems * Fixing bsc#1207780 - (CVE-2023-0512) VUL-0: CVE-2023-0512: vim: Divide By Zero in GitHub repository vim/vim prior to 9.0.1247 * Fixing bsc#1208957 - (CVE-2023-1175) VUL-0: CVE-2023-1175: vim: Incorrect Calculation of Buffer Size * Fixing bsc#1208959 - (CVE-2023-1170) VUL-0: CVE-2023-1170: vim: Heap-based Buffer Overflow in vim prior to 9.0.1376 * Fixing bsc#1208828 - (CVE-2023-1127) VUL-1: CVE-2023-1127: vim: divide by zero in scrolldown() - for the complete list of changes see https://github.com/vim/vim/compare/v9.0.1234...v9.0.1386 - Updated to version 9.0 with patch level 1234, fixes the following security problems * Fixing bsc#1207396 VUL-0: CVE-2023-0433: vim: Heap-based Buffer Overflow in vim prior to 9.0.1225 * Fixing bsc#1207162 VUL-1: CVE-2023-0288: vim: Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1189. * Fixing bsc#1206868 VUL-1: CVE-2023-0054: vim: Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1145. * Fixing bsc#1206867 VUL-1: CVE-2023-0051: vim: Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1144. * Fixing bsc#1206866 VUL-1: CVE-2023-0049: vim: Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.1143. - refreshed vim-7.4-highlight_fstab.patch - for the complete list of changes see https://github.com/vim/vim/compare/v9.0.1040...v9.0.1234 - Updated to version 9.0 with patch level 1040, fixes the following security problems * Fixing bsc#1206028 VUL-0: CVE-2022-3491: vim: Heap-based Buffer Overflow prior to 9.0.0742 * Fixing bsc#1206071 VUL-0: CVE-2022-3520: vim: Heap-based Buffer Overflow * Fixing bsc#1206072 VUL-0: CVE-2022-3591: vim: Use After Free * Fixing bsc#1206075 VUL-0: CVE-2022-4292: vim: Use After Free in GitHub repository vim/vim prior to 9.0.0882. * Fixing bsc#1206077 VUL-0: CVE-2022-4293: vim: Floating Point Comparison with Incorrect Operator in GitHub repository vim/vim prior to 9.0.0804. * Fixing bsc#1205797 VUL-0: CVE-2022-4141: vim: heap-buffer-overflow in alloc.c 246:11 * Fixing bsc#1204779 VUL-0: CVE-2022-3705: vim: use after free in function qf_update_buffer of the file quickfix.c - for the complete list of changes see https://github.com/vim/vim/compare/v9.0.814...v9.0.1040 - Updated to version 9.0 with patch level 0814, fixes the following problems * Fixing bsc#1192478 VUL-1: CVE-2021-3928: vim: vim is vulnerable to Stack-based Buffer Overflow * Fixing bsc#1203508 VUL-0: CVE-2022-3234: vim: Heap-based Buffer Overflow prior to 9.0.0483. * Fixing bsc#1203509 VUL-1: CVE-2022-3235: vim: Use After Free in GitHub prior to 9.0.0490. * Fixing bsc#1203820 VUL-0: CVE-2022-3324: vim: Stack-based Buffer Overflow in prior to 9.0.0598. * Fixing bsc#1204779 VUL-0: CVE-2022-3705: vim: use after free in function qf_update_buffer of the file quickfix.c * Fixing bsc#1203152 VUL-1: CVE-2022-2982: vim: use after free in qf_fill_buffer() * Fixing bsc#1203796 VUL-1: CVE-2022-3296: vim: stack out of bounds read in ex_finally() in ex_eval.c * Fixing bsc#1203797 VUL-1: CVE-2022-3297: vim: use-after-free in process_next_cpt_value() at insexpand.c * Fixing bsc#1203110 VUL-1: CVE-2022-3099: vim: Use After Free in ex_docmd.c * Fixing bsc#1203194 VUL-1: CVE-2022-3134: vim: use after free in do_tag() * Fixing bsc#1203272 VUL-1: CVE-2022-3153: vim: NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0404. * Fixing bsc#1203799 VUL-1: CVE-2022-3278: vim: NULL pointer dereference in eval_next_non_blank() in eval.c * Fixing bsc#1203924 VUL-1: CVE-2022-3352: vim: vim: use after free * Fixing bsc#1203155 VUL-1: CVE-2022-2980: vim: null pointer dereference in do_mouse() * Fixing bsc#1202962 VUL-1: CVE-2022-3037: vim: Use After Free in vim prior to 9.0.0321 - ignore-flaky-test-failure.patch: Ignore failure of flaky tests - disable-unreliable-tests-arch.patch: Removed - for the complete list of changes see https://github.com/vim/vim/compare/v9.0.0313...v9.0.0814 Package wget was updated: - Update 0001-possibly-truncate-pathname-components.patch * Truncate file name even if no directory structure * [bsc#1204720] Package wicked was updated: - ifconfig: fix arp notify loop (boo#1212806) and burst sending [+ 0001-fix_arp_notify_loop_and_burst_sending.patch] - update to version 0.6.73 - spec: cleanup artefacts and fix some rpmlint warnings - arp: allow verify/notify counter and interval configuration - arp: handle ENOBUFS sending errors (bsc#1203300) - extensions: improve environment variable handling - firmware: refactor firmware extension definition - firmware: enable, disable and revert cli commands - code cleanup: fix memory leaks, add array/list utils - wireless: Ignore WIRELESS_EAP_AUTH within TLS (bsc#1211026) - cleanup /var/run leftovers in extension scripts (bsc#1194557) - json: output formatting improvements and Unicode support - bond: workaround 6.1 kernel enslave regression (boo#1206674) - update to version 0.6.72 - client: add `wicked firmware extensions|interfaces|enable|disable` command to improve `ibft`,`nbft`,`redfish` firmware extension and interface handling. - client: improve error handling in netif firmware discovery extension execution and extension definition overrides in the wicked-config. - nanny: fix use-after-free in debug mode (bsc#1206447) - spec: replace transitional `%usrmerged` macro with regular version check (boo#1206798) - client: improve to show `no-carrier` in ifstatus output - linux: cleanup inclusions and update uapi header to 6.0 - ethtool: link mode nwords cleanup and new advertise mode names - update to version 0.6.71 - dhcp: enable raw-ip support for wwan-qmi interfaces (jsc#PED-90) - schema: fix the ip rule to-selector to handle network prefixes - spec: Add /etc/sysconfig/network to file list, no longer in the default list of a cleaned up filesystem package on tumbleweed (https://github.com/openSUSE/wicked/pull/939). - version 0.6.70 - build: Link as Position Independent Executable (bsc#1184124) - dhcp4: Fix issues in reuse of last lease (bsc#1187655) - dhcp6: Add option to refresh lease (jsc#SLE-9492,jsc#SLE-24307) - dhcp6: Remove address before release (USGv6 DHCPv6_1_2_07b) - dhcp6: Ignore lease release status (USGv6 DHCPv6_1_2_07e,1_3_03) - dhcp6: Consider ppp interfaces supported (gh#openSUSE/wicked#924) - team: Fix to configure port priority in teamd (bsc#1200505) - firewall-ext: No config change on ifdown (bsc#1201053,bsc#118950) - wireless: Fix SEGV on supplicant restart (gh#openSUSE/wicked#931) - wireless: Add support for WPA3 and PMF (bsc#1198894) - wireless: Remove libiw dependencies (gh#openSUSE/wicked#910) - client: Fix SEGV on empty xpath results (gh#openSUSE/wicked#919) - client: Add release options to ifdown/ifreload (jsc#SLE-10249) - dbus: Clear string array before append (gh#openSUSE/wicked#913) - socket: Fix SEGV on heavy socket restart errors (bsc#1192508) - systemd: Remove systemd-udev-settle dependency (bsc#1186787) - version 0.6.69 - redfish: decode smbios and setup host interface Add initial support to decode the SMBIOS Management Controller Host Interface (Type 42) structure and expose it as wicked `firmware:redfish` configuration to setup a Host Network Interface (to the BMC) using the `Redfish over IP` protocol allowing access to the Redfish Service (via redfish-localhost in /etc/hosts) used to manage the computer system. Tech Preview (jsc#SLE-17762). - buffer: fix size_t length downcast to uint, add guards to init functions - wireless: fix to not expect colons in 64byte long wpa-psk hex hash string - xml-schema: reference counting fix to not crash at exit on schema errors - compat-suse: match sysctl.d /etc vs. /run read order with systemd-sysctl, remove obsolete (sle11/sysconfig) lines about ifup-sysctl from ifsysctl.5. - compat-suse: fix reading of sysctl addr_gen_mode to wrong variable - auto6: fix to apply DNS from RA rdnss after ifdown/ifup (bsc#1181429) - removed obsolete patch included in the master sources (bsc#1194392) [- 0001-fsm-fix-device-rename-via-yast-bsc-1194392.patch] - dbus: cleanup the dbus-service.h file and unused property macros e.g. tso has been split into several features and the - cleanup: add missing/explicit designated field initializers - dhcp: support to define and request custom options (bsc#988954), - utils: fixed last byte formatting in ni_format_hex - ifconfig: re-add broadcast calculation (bcs#971629). - version 0.6.27 Package xen was updated: - bsc#1209017 - VUL-0: CVE-2022-42332: xen: x86 shadow plus log-dirty mode use-after-free (XSA-427) xsa427.patch - bsc#1209018 - VUL-0: CVE-2022-42333,CVE-2022-42334: xen: x86/HVM pinned cache attributes mis-handling (XSA-428) xsa428-1.patch xsa428-2.patch - bsc#1209019 - VUL-0: CVE-2022-42331: xen: x86: speculative vulnerability in 32bit SYSCALL path (XSA-429) xsa429.patch - Upstream bug fixes (bsc#1027519) 63624fa6-xenstored-call-remove_domid_from_perm-for-special.patch 637b5f4f-efifb-ignore-invalid.patch 63a03e28-x86-high-freq-TSC-overflow.patch - Re-order some patches back into their proper upstream sequence. - bsc#1205209 - VUL-0: CVE-2022-23824: xen: x86: Multiple speculative security issues (XSA-422) 636a9130-x86-spec-ctrl-Enumeration-for-IBPB_RET.patch 636a9130-x86-spec-ctrl-Mitigate-IBPB-not-flushing-the-RSB-RAS.patch - bsc#1193923 - VUL-1: xen: Frontends vulnerable to backends (XSA-376) 61dd5f64-limit-support-statement-for-Linux-and-Windows-frontends.patch - bsc#1204482 - VUL-0: CVE-2022-42311, CVE-2022-42312, CVE-2022-42313, CVE-2022-42314, CVE-2022-42315, CVE-2022-42316, CVE-2022-42317, CVE-2022-42318: xen: Xenstore: Guests can let xenstored run out of memory (XSA-326) xsa326-10.patch (correction) - bsc#1203806 - VUL-0: CVE-2022-33746: xen: P2M pool freeing may take excessively long (XSA-410) 63455f82-Arm-P2M-prevent-adding-mapping-when-dying.patch 63455fa8-Arm-P2M-preempt-when-freeing-intermediate.patch 63455fc3-x86-p2m_teardown-allow-skip-root-pt-removal.patch 63455fe4-x86-HAP-monitor-table-error-handling.patch 63456000-x86-tolerate-sh_set_toplevel_shadow-failure.patch 6345601d-x86-tolerate-shadow_prealloc-failure.patch 6345603a-x86-P2M-refuse-new-alloc-for-dying.patch 63456057-x86-P2M-truly-free-paging-pool-for-dying.patch 63456075-x86-P2M-free-paging-pool-preemptively.patch 63456090-x86-p2m_teardown-preemption.patch - bcs#1203804 - VUL-0: CVE-2022-33747: xen: unbounded memory consumption for 2nd-level page tables on ARM systems (XSA-409) 63456175-libxl-per-arch-extra-default-paging-memory.patch 63456177-Arm-construct-P2M-pool-for-guests.patch 6345617a-Arm-XEN_DOMCTL_shadow_op.patch 6345617c-Arm-take-P2M-pages-P2M-pool.patch - bsc#1203807 - VUL-0: CVE-2022-33748: xen: lock order inversion in transitive grant copy handling (XSA-411) 634561aa-gnttab-locking-on-transitive-copy-error-path.patch - Upstream bug fixes (bsc#1027519) 6306185f-x86-XSTATE-CPUID-subleaf-1-EBX.patch 6346e404-VMX-correct-error-handling-in-vmx_create_vmcs.patch 6351095c-Arm-rework-p2m_init.patch 6351096a-Arm-P2M-populate-pages-for-GICv2-mapping.patch 635274c0-EFI-dont-convert-runtime-mem-to-RAM.patch 635665fb-sched-fix-restore_vcpu_affinity.patch 63569723-x86-shadow-replace-bogus-assertions.patch - Drop patches replaced by upstream versions: xsa410-01.patch xsa410-02.patch xsa410-03.patch xsa410-04.patch xsa410-05.patch xsa410-06.patch xsa410-07.patch xsa410-08.patch xsa410-09.patch xsa410-10.patch xsa411.patch - bsc#1204482 - VUL-0: CVE-2022-42311, CVE-2022-42312, CVE-2022-42313, CVE-2022-42314, CVE-2022-42315, CVE-2022-42316, CVE-2022-42317, CVE-2022-42318: xen: Xenstore: Guests can let xenstored run out of memory (XSA-326) xsa326-01.patch xsa326-02.patch xsa326-03.patch xsa326-04.patch xsa326-05.patch xsa326-06.patch xsa326-07.patch xsa326-08.patch xsa326-09.patch xsa326-10.patch xsa326-11.patch xsa326-12.patch xsa326-13.patch xsa326-14.patch xsa326-15.patch xsa326-16.patch - bsc#1204485 - VUL-0: CVE-2022-42309: xen: Xenstore: Guests can crash xenstored (XSA-414) xsa414.patch - bsc#1204487 - VUL-0: CVE-2022-42310: xen: Xenstore: Guests can create orphaned Xenstore nodes (XSA-415) xsa415.patch - bsc#1204488 - VUL-0: CVE-2022-42319: xen: Xenstore: Guests can cause Xenstore to not free temporary memory (XSA-416) xsa416.patch - bsc#1204489 - VUL-0: CVE-2022-42320: xen: Xenstore: Guests can get access to Xenstore nodes of deleted domains (XSA-417) xsa417.patch - bsc#1204490 - VUL-0: CVE-2022-42321: xen: Xenstore: Guests can crash xenstored via exhausting the stack (XSA-418) xsa418-01.patch xsa418-02.patch xsa418-03.patch xsa418-04.patch xsa418-05.patch xsa418-06.patch - bsc#1204494 - VUL-0: CVE-2022-42322,CVE-2022-42323: xen: Xenstore: cooperating guests can create arbitrary numbers of nodes (XSA-419) xsa419-01.patch xsa419-02.patch xsa419-03.patch - bsc#1204496 - VUL-0: CVE-2022-42325,CVE-2022-42326: xen: Xenstore: Guests can create arbitray number of nodes via transactions (XSA-421) xsa421-01.patch xsa421-02.patch Package zlib was updated: - Fix deflateBound() before deflateInit(), bsc#1210593 bsc1210593.patch - Add DFLTCC support for using inflate() with a small window, fixes bsc#1206513 * bsc1206513.patch - Follow up fix for bsc#1203652 due to libxml2 breakage * bsc1203652-2.patch - Fix bsc#1203652, inflate() does not update strm.adler if DFLTCC is used * bsc1203652.patch Package zstd was updated: - Fix CVE-2022-4899, bsc#1209533 * Disallow empty --output-dir-flat= - Added patch: * Disallow-empty-output-directory.patch Package zypper was updated: - targetos: Add an error note if XPath:/product/register/target is not defined in /etc/products.d/baseproduct (bsc#1211261) - targetos: Update help and man page (bsc#1211261) - version 1.14.61 - Fix selecting installed patterns from picklist (bsc#1209406) - man: better explanation of --priority (fixes #480) - version 1.14.60 - BuildRequires: libzypp-devel &gt;= 17.31.7. - Provide &quot;/removeptf&quot;/ command (bsc#1203249) A remove command which prefers replacing dependant packages to removing them as well. A PTF is typically removed as soon as the fix it provides is applied to the latest official update of the dependant packages. But you don't want the dependant packages to be removed together with the PTF, which is what the remove command would do. The removeptf command however will aim to replace the dependant packages by their official update versions. - patterns: Avoid dispylaing superfluous @System entries (bsc#1205570) - version 1.14.59 - Update man page and explain '.no_auto_prune' (bsc#1204956) - Allow to (re)add a service with the same URL (bsc#1203715) - Explain outdatedness of repos (fixes #463) - BuildRequires: libzypp-devel &gt;= 17.31.5 - version 1.14.58 The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://publiccloudimagechangeinfo.suse.com/google/sle-micro-5-2-byos-v20230807-x86-64/ Public Cloud Image Info https://www.suse.com/support/security/rating/ SUSE Security Ratings Public Cloud Image google/sle-micro-5-2-byos-v20230807-x86-64 ca-certificates-mozilla-2.6-150200.27.1 catatonit-0.1.7-150300.10.3.1 cloud-netconfig-gce-1.7-150000.25.8.1 containerd-1.6.21-150000.93.1 curl-7.66.0-150200.4.57.1 dbus-1-1.12.2-150100.8.17.1 dmidecode-3.2-150100.9.16.1 docker-23.0.6_ce-150000.178.1 dracut-049.1+suse.253.g1008bf13-150200.3.69.1 dracut-transactional-update-4.0.1-150300.3.8.1 elfutils-0.177-150300.11.6.1 glib2-tools-2.62.6-150200.3.15.1 glibc-2.31-150300.52.2 glibc-locale-2.31-150300.52.2 glibc-locale-base-2.31-150300.52.2 grub2-2.04-150300.22.40.1 grub2-i386-pc-2.04-150300.22.40.1 grub2-x86_64-efi-2.04-150300.22.40.1 iputils-s20161105-150000.8.6.1 kernel-default-5.3.18-150300.59.127.1 krb5-1.19.2-150300.10.1 libasm1-0.177-150300.11.6.1 libassuan0-2.5.5-150000.4.5.2 libblkid1-2.36.2-150300.4.35.1 libcap2-2.26-150000.4.9.1 libcares2-1.19.1-150000.3.23.1 libcurl4-7.66.0-150200.4.57.1 libdbus-1-3-1.12.2-150100.8.17.1 libdevmapper1_03-2.03.05_1.02.163-150200.8.49.1 libdw1-0.177-150300.11.6.1 libebl-plugins-0.177-150300.11.6.1 libelf1-0.177-150300.11.6.1 libexpat1-2.2.5-150000.3.25.1 libfdisk1-2.36.2-150300.4.35.1 libgcc_s1-12.3.0+git1204-150000.1.10.1 libgio-2_0-0-2.62.6-150200.3.15.1 libglib-2_0-0-2.62.6-150200.3.15.1 libgmodule-2_0-0-2.62.6-150200.3.15.1 libgnutls30-3.6.7-150200.14.25.2 libgobject-2_0-0-2.62.6-150200.3.15.1 libksba8-1.3.5-150000.4.6.1 libldap-2_4-2-2.4.46-150200.14.17.1 libldap-data-2.4.46-150200.14.17.1 libmount1-2.36.2-150300.4.35.1 libncurses6-6.1-150000.5.15.1 libopenssl1_1-1.1.1d-150200.11.72.1 libprocps7-3.3.15-150000.7.31.1 libprotobuf-lite20-3.9.2-150200.4.21.1 libpython3_6m1_0-3.6.15-150300.10.48.1 libsmartcols1-2.36.2-150300.4.35.1 libsnapper5-0.8.16-150300.3.6.1 libsodium23-1.0.18-150000.4.6.1 libsolv-tools-0.7.24-150200.20.2 libsqlite3-0-3.39.3-150000.3.20.1 libstdc++6-12.3.0+git1204-150000.1.10.1 libsystemd0-246.16-150300.7.57.1 libtirpc-netconfig-1.2.6-150300.3.17.1 libtirpc3-1.2.6-150300.3.17.1 libtukit4-4.0.1-150300.3.8.1 libudev1-246.16-150300.7.57.1 libuuid1-2.36.2-150300.4.35.1 libxml2-2-2.9.7-150000.3.57.1 libz1-1.2.11-150000.3.45.1 libzstd1-1.4.4-150000.1.9.1 libzypp-17.31.14-150200.70.1 login_defs-4.8.1-150300.4.6.1 microos-tools-2.18-150300.7.6.1 ncurses-utils-6.1-150000.5.15.1 openssh-8.4p1-150300.3.22.1 openssh-clients-8.4p1-150300.3.22.1 openssh-common-8.4p1-150300.3.22.1 openssh-server-8.4p1-150300.3.22.1 openssl-1_1-1.1.1d-150200.11.72.1 pam-1.3.0-150000.6.61.1 perl-Bootloader-0.944-150300.3.9.1 perl-base-5.26.1-150300.17.14.1 permissions-20181225-150200.23.23.1 procps-3.3.15-150000.7.31.1 python3-3.6.15-150300.10.48.1 python3-apipkg-1.4-150000.3.4.1 python3-base-3.6.15-150300.10.48.1 python3-certifi-2018.1.18-150000.3.3.1 python3-cryptography-3.3.2-150200.19.1 python3-iniconfig-1.1.1-150000.1.9.1 python3-msgpack-0.5.6-150100.3.3.1 python3-packaging-21.3-150200.3.3.1 python3-py-1.10.0-150100.5.12.1 python3-pyzmq-17.1.2-150000.3.5.2 python3-requests-2.24.0-150300.3.3.1 python3-rpm-4.14.3-150300.55.1 python3-salt-3006.0-150300.53.53.2 python3-setuptools-40.5.0-150100.6.6.1 rpm-ndb-4.14.3-150300.55.1 rsyslog-8.2106.0-150200.4.35.1 runc-1.1.7-150000.46.1 salt-3006.0-150300.53.53.2 salt-minion-3006.0-150300.53.53.2 salt-transactional-update-3006.0-150300.53.53.2 selinux-policy-20210716-150300.13.8.1 selinux-policy-targeted-20210716-150300.13.8.1 shadow-4.8.1-150300.4.6.1 shim-15.7-150300.4.16.1 snapper-0.8.16-150300.3.6.1 sudo-1.9.5p2-150300.3.24.1 supportutils-3.1.21-150300.7.35.18.1 suse-build-key-12.0-150000.8.31.1 systemd-246.16-150300.7.57.1 systemd-presets-common-SUSE-15-150100.8.20.1 systemd-sysvinit-246.16-150300.7.57.1 tar-1.34-150000.3.31.1 terminfo-6.1-150000.5.15.1 terminfo-base-6.1-150000.5.15.1 timezone-2023c-150000.75.23.1 transactional-update-4.0.1-150300.3.8.1 transactional-update-zypp-config-4.0.1-150300.3.8.1 tukit-4.0.1-150300.3.8.1 udev-246.16-150300.7.57.1 update-alternatives-1.19.0.4-150000.4.4.1 util-linux-2.36.2-150300.4.35.1 util-linux-systemd-2.36.2-150300.4.35.1 vim-data-common-9.0.1572-150000.5.46.1 vim-small-9.0.1572-150000.5.46.1 wget-1.20.3-150000.3.15.1 wicked-0.6.73-150300.4.13.1 wicked-service-0.6.73-150300.4.13.1 xen-libs-4.14.5_12-150300.3.48.1 zypper-1.14.61-150200.54.1 zypper-needs-restarting-1.14.61-150200.54.1 ca-certificates-mozilla-2.6-150200.27.1 as a component of Public Cloud Image google/sle-micro-5-2-byos-v20230807-x86-64 catatonit-0.1.7-150300.10.3.1 as a component of Public Cloud Image google/sle-micro-5-2-byos-v20230807-x86-64 cloud-netconfig-gce-1.7-150000.25.8.1 as a component of Public Cloud Image google/sle-micro-5-2-byos-v20230807-x86-64 containerd-1.6.21-150000.93.1 as a component of Public Cloud Image google/sle-micro-5-2-byos-v20230807-x86-64 curl-7.66.0-150200.4.57.1 as a component of Public Cloud Image google/sle-micro-5-2-byos-v20230807-x86-64 dbus-1-1.12.2-150100.8.17.1 as a component of Public Cloud Image google/sle-micro-5-2-byos-v20230807-x86-64 dmidecode-3.2-150100.9.16.1 as a component of Public Cloud Image google/sle-micro-5-2-byos-v20230807-x86-64 docker-23.0.6_ce-150000.178.1 as a component of Public Cloud Image google/sle-micro-5-2-byos-v20230807-x86-64 dracut-049.1+suse.253.g1008bf13-150200.3.69.1 as a component of Public Cloud Image google/sle-micro-5-2-byos-v20230807-x86-64 dracut-transactional-update-4.0.1-150300.3.8.1 as a component of Public Cloud Image google/sle-micro-5-2-byos-v20230807-x86-64 elfutils-0.177-150300.11.6.1 as a component of Public Cloud Image google/sle-micro-5-2-byos-v20230807-x86-64 glib2-tools-2.62.6-150200.3.15.1 as a component of Public Cloud Image google/sle-micro-5-2-byos-v20230807-x86-64 glibc-2.31-150300.52.2 as a component of Public Cloud Image google/sle-micro-5-2-byos-v20230807-x86-64 glibc-locale-2.31-150300.52.2 as a component of Public Cloud Image google/sle-micro-5-2-byos-v20230807-x86-64 glibc-locale-base-2.31-150300.52.2 as a component of Public Cloud Image google/sle-micro-5-2-byos-v20230807-x86-64 grub2-2.04-150300.22.40.1 as a component of Public Cloud Image google/sle-micro-5-2-byos-v20230807-x86-64 grub2-i386-pc-2.04-150300.22.40.1 as a component of Public Cloud Image google/sle-micro-5-2-byos-v20230807-x86-64 grub2-x86_64-efi-2.04-150300.22.40.1 as a component of Public Cloud Image google/sle-micro-5-2-byos-v20230807-x86-64 iputils-s20161105-150000.8.6.1 as a component of Public Cloud Image google/sle-micro-5-2-byos-v20230807-x86-64 kernel-default-5.3.18-150300.59.127.1 as a component of Public Cloud Image google/sle-micro-5-2-byos-v20230807-x86-64 krb5-1.19.2-150300.10.1 as a component of Public Cloud Image google/sle-micro-5-2-byos-v20230807-x86-64 libasm1-0.177-150300.11.6.1 as a component of Public Cloud Image google/sle-micro-5-2-byos-v20230807-x86-64 libassuan0-2.5.5-150000.4.5.2 as a component of Public Cloud Image google/sle-micro-5-2-byos-v20230807-x86-64 libblkid1-2.36.2-150300.4.35.1 as a component of Public Cloud Image google/sle-micro-5-2-byos-v20230807-x86-64 libcap2-2.26-150000.4.9.1 as a component of Public Cloud Image google/sle-micro-5-2-byos-v20230807-x86-64 libcares2-1.19.1-150000.3.23.1 as a component of Public Cloud Image google/sle-micro-5-2-byos-v20230807-x86-64 libcurl4-7.66.0-150200.4.57.1 as a component of Public Cloud Image google/sle-micro-5-2-byos-v20230807-x86-64 libdbus-1-3-1.12.2-150100.8.17.1 as a component of Public Cloud Image google/sle-micro-5-2-byos-v20230807-x86-64 libdevmapper1_03-2.03.05_1.02.163-150200.8.49.1 as a component of Public Cloud Image google/sle-micro-5-2-byos-v20230807-x86-64 libdw1-0.177-150300.11.6.1 as a component of Public Cloud Image google/sle-micro-5-2-byos-v20230807-x86-64 libebl-plugins-0.177-150300.11.6.1 as a component of Public Cloud Image google/sle-micro-5-2-byos-v20230807-x86-64 libelf1-0.177-150300.11.6.1 as a component of Public Cloud Image google/sle-micro-5-2-byos-v20230807-x86-64 libexpat1-2.2.5-150000.3.25.1 as a component of Public Cloud Image google/sle-micro-5-2-byos-v20230807-x86-64 libfdisk1-2.36.2-150300.4.35.1 as a component of Public Cloud Image google/sle-micro-5-2-byos-v20230807-x86-64 libgcc_s1-12.3.0+git1204-150000.1.10.1 as a component of Public Cloud Image google/sle-micro-5-2-byos-v20230807-x86-64 libgio-2_0-0-2.62.6-150200.3.15.1 as a component of Public Cloud Image google/sle-micro-5-2-byos-v20230807-x86-64 libglib-2_0-0-2.62.6-150200.3.15.1 as a component of Public Cloud Image google/sle-micro-5-2-byos-v20230807-x86-64 libgmodule-2_0-0-2.62.6-150200.3.15.1 as a component of Public Cloud Image google/sle-micro-5-2-byos-v20230807-x86-64 libgnutls30-3.6.7-150200.14.25.2 as a component of Public Cloud Image google/sle-micro-5-2-byos-v20230807-x86-64 libgobject-2_0-0-2.62.6-150200.3.15.1 as a component of Public Cloud Image google/sle-micro-5-2-byos-v20230807-x86-64 libksba8-1.3.5-150000.4.6.1 as a component of Public Cloud Image google/sle-micro-5-2-byos-v20230807-x86-64 libldap-2_4-2-2.4.46-150200.14.17.1 as a component of Public Cloud Image google/sle-micro-5-2-byos-v20230807-x86-64 libldap-data-2.4.46-150200.14.17.1 as a component of Public Cloud Image google/sle-micro-5-2-byos-v20230807-x86-64 libmount1-2.36.2-150300.4.35.1 as a component of Public Cloud Image google/sle-micro-5-2-byos-v20230807-x86-64 libncurses6-6.1-150000.5.15.1 as a component of Public Cloud Image google/sle-micro-5-2-byos-v20230807-x86-64 libopenssl1_1-1.1.1d-150200.11.72.1 as a component of Public Cloud Image google/sle-micro-5-2-byos-v20230807-x86-64 libprocps7-3.3.15-150000.7.31.1 as a component of Public Cloud Image google/sle-micro-5-2-byos-v20230807-x86-64 libprotobuf-lite20-3.9.2-150200.4.21.1 as a component of Public Cloud Image google/sle-micro-5-2-byos-v20230807-x86-64 libpython3_6m1_0-3.6.15-150300.10.48.1 as a component of Public Cloud Image google/sle-micro-5-2-byos-v20230807-x86-64 libsmartcols1-2.36.2-150300.4.35.1 as a component of Public Cloud Image google/sle-micro-5-2-byos-v20230807-x86-64 libsnapper5-0.8.16-150300.3.6.1 as a component of Public Cloud Image google/sle-micro-5-2-byos-v20230807-x86-64 libsodium23-1.0.18-150000.4.6.1 as a component of Public Cloud Image google/sle-micro-5-2-byos-v20230807-x86-64 libsolv-tools-0.7.24-150200.20.2 as a component of Public Cloud Image google/sle-micro-5-2-byos-v20230807-x86-64 libsqlite3-0-3.39.3-150000.3.20.1 as a component of Public Cloud Image google/sle-micro-5-2-byos-v20230807-x86-64 libstdc++6-12.3.0+git1204-150000.1.10.1 as a component of Public Cloud Image google/sle-micro-5-2-byos-v20230807-x86-64 libsystemd0-246.16-150300.7.57.1 as a component of Public Cloud Image google/sle-micro-5-2-byos-v20230807-x86-64 libtirpc-netconfig-1.2.6-150300.3.17.1 as a component of Public Cloud Image google/sle-micro-5-2-byos-v20230807-x86-64 libtirpc3-1.2.6-150300.3.17.1 as a component of Public Cloud Image google/sle-micro-5-2-byos-v20230807-x86-64 libtukit4-4.0.1-150300.3.8.1 as a component of Public Cloud Image google/sle-micro-5-2-byos-v20230807-x86-64 libudev1-246.16-150300.7.57.1 as a component of Public Cloud Image google/sle-micro-5-2-byos-v20230807-x86-64 libuuid1-2.36.2-150300.4.35.1 as a component of Public Cloud Image google/sle-micro-5-2-byos-v20230807-x86-64 libxml2-2-2.9.7-150000.3.57.1 as a component of Public Cloud Image google/sle-micro-5-2-byos-v20230807-x86-64 libz1-1.2.11-150000.3.45.1 as a component of Public Cloud Image google/sle-micro-5-2-byos-v20230807-x86-64 libzstd1-1.4.4-150000.1.9.1 as a component of Public Cloud Image google/sle-micro-5-2-byos-v20230807-x86-64 libzypp-17.31.14-150200.70.1 as a component of Public Cloud Image google/sle-micro-5-2-byos-v20230807-x86-64 login_defs-4.8.1-150300.4.6.1 as a component of Public Cloud Image google/sle-micro-5-2-byos-v20230807-x86-64 microos-tools-2.18-150300.7.6.1 as a component of Public Cloud Image google/sle-micro-5-2-byos-v20230807-x86-64 ncurses-utils-6.1-150000.5.15.1 as a component of Public Cloud Image google/sle-micro-5-2-byos-v20230807-x86-64 openssh-8.4p1-150300.3.22.1 as a component of Public Cloud Image google/sle-micro-5-2-byos-v20230807-x86-64 openssh-clients-8.4p1-150300.3.22.1 as a component of Public Cloud Image google/sle-micro-5-2-byos-v20230807-x86-64 openssh-common-8.4p1-150300.3.22.1 as a component of Public Cloud Image google/sle-micro-5-2-byos-v20230807-x86-64 openssh-server-8.4p1-150300.3.22.1 as a component of Public Cloud Image google/sle-micro-5-2-byos-v20230807-x86-64 openssl-1_1-1.1.1d-150200.11.72.1 as a component of Public Cloud Image google/sle-micro-5-2-byos-v20230807-x86-64 pam-1.3.0-150000.6.61.1 as a component of Public Cloud Image google/sle-micro-5-2-byos-v20230807-x86-64 perl-Bootloader-0.944-150300.3.9.1 as a component of Public Cloud Image google/sle-micro-5-2-byos-v20230807-x86-64 perl-base-5.26.1-150300.17.14.1 as a component of Public Cloud Image google/sle-micro-5-2-byos-v20230807-x86-64 permissions-20181225-150200.23.23.1 as a component of Public Cloud Image google/sle-micro-5-2-byos-v20230807-x86-64 procps-3.3.15-150000.7.31.1 as a component of Public Cloud Image google/sle-micro-5-2-byos-v20230807-x86-64 python3-3.6.15-150300.10.48.1 as a component of Public Cloud Image google/sle-micro-5-2-byos-v20230807-x86-64 python3-apipkg-1.4-150000.3.4.1 as a component of Public Cloud Image google/sle-micro-5-2-byos-v20230807-x86-64 python3-base-3.6.15-150300.10.48.1 as a component of Public Cloud Image google/sle-micro-5-2-byos-v20230807-x86-64 python3-certifi-2018.1.18-150000.3.3.1 as a component of Public Cloud Image google/sle-micro-5-2-byos-v20230807-x86-64 python3-cryptography-3.3.2-150200.19.1 as a component of Public Cloud Image google/sle-micro-5-2-byos-v20230807-x86-64 python3-iniconfig-1.1.1-150000.1.9.1 as a component of Public Cloud Image google/sle-micro-5-2-byos-v20230807-x86-64 python3-msgpack-0.5.6-150100.3.3.1 as a component of Public Cloud Image google/sle-micro-5-2-byos-v20230807-x86-64 python3-packaging-21.3-150200.3.3.1 as a component of Public Cloud Image google/sle-micro-5-2-byos-v20230807-x86-64 python3-py-1.10.0-150100.5.12.1 as a component of Public Cloud Image google/sle-micro-5-2-byos-v20230807-x86-64 python3-pyzmq-17.1.2-150000.3.5.2 as a component of Public Cloud Image google/sle-micro-5-2-byos-v20230807-x86-64 python3-requests-2.24.0-150300.3.3.1 as a component of Public Cloud Image google/sle-micro-5-2-byos-v20230807-x86-64 python3-rpm-4.14.3-150300.55.1 as a component of Public Cloud Image google/sle-micro-5-2-byos-v20230807-x86-64 python3-salt-3006.0-150300.53.53.2 as a component of Public Cloud Image google/sle-micro-5-2-byos-v20230807-x86-64 python3-setuptools-40.5.0-150100.6.6.1 as a component of Public Cloud Image google/sle-micro-5-2-byos-v20230807-x86-64 rpm-ndb-4.14.3-150300.55.1 as a component of Public Cloud Image google/sle-micro-5-2-byos-v20230807-x86-64 rsyslog-8.2106.0-150200.4.35.1 as a component of Public Cloud Image google/sle-micro-5-2-byos-v20230807-x86-64 runc-1.1.7-150000.46.1 as a component of Public Cloud Image google/sle-micro-5-2-byos-v20230807-x86-64 salt-3006.0-150300.53.53.2 as a component of Public Cloud Image google/sle-micro-5-2-byos-v20230807-x86-64 salt-minion-3006.0-150300.53.53.2 as a component of Public Cloud Image google/sle-micro-5-2-byos-v20230807-x86-64 salt-transactional-update-3006.0-150300.53.53.2 as a component of Public Cloud Image google/sle-micro-5-2-byos-v20230807-x86-64 selinux-policy-20210716-150300.13.8.1 as a component of Public Cloud Image google/sle-micro-5-2-byos-v20230807-x86-64 selinux-policy-targeted-20210716-150300.13.8.1 as a component of Public Cloud Image google/sle-micro-5-2-byos-v20230807-x86-64 shadow-4.8.1-150300.4.6.1 as a component of Public Cloud Image google/sle-micro-5-2-byos-v20230807-x86-64 shim-15.7-150300.4.16.1 as a component of Public Cloud Image google/sle-micro-5-2-byos-v20230807-x86-64 snapper-0.8.16-150300.3.6.1 as a component of Public Cloud Image google/sle-micro-5-2-byos-v20230807-x86-64 sudo-1.9.5p2-150300.3.24.1 as a component of Public Cloud Image google/sle-micro-5-2-byos-v20230807-x86-64 supportutils-3.1.21-150300.7.35.18.1 as a component of Public Cloud Image google/sle-micro-5-2-byos-v20230807-x86-64 suse-build-key-12.0-150000.8.31.1 as a component of Public Cloud Image google/sle-micro-5-2-byos-v20230807-x86-64 systemd-246.16-150300.7.57.1 as a component of Public Cloud Image google/sle-micro-5-2-byos-v20230807-x86-64 systemd-presets-common-SUSE-15-150100.8.20.1 as a component of Public Cloud Image google/sle-micro-5-2-byos-v20230807-x86-64 systemd-sysvinit-246.16-150300.7.57.1 as a component of Public Cloud Image google/sle-micro-5-2-byos-v20230807-x86-64 tar-1.34-150000.3.31.1 as a component of Public Cloud Image google/sle-micro-5-2-byos-v20230807-x86-64 terminfo-6.1-150000.5.15.1 as a component of Public Cloud Image google/sle-micro-5-2-byos-v20230807-x86-64 terminfo-base-6.1-150000.5.15.1 as a component of Public Cloud Image google/sle-micro-5-2-byos-v20230807-x86-64 timezone-2023c-150000.75.23.1 as a component of Public Cloud Image google/sle-micro-5-2-byos-v20230807-x86-64 transactional-update-4.0.1-150300.3.8.1 as a component of Public Cloud Image google/sle-micro-5-2-byos-v20230807-x86-64 transactional-update-zypp-config-4.0.1-150300.3.8.1 as a component of Public Cloud Image google/sle-micro-5-2-byos-v20230807-x86-64 tukit-4.0.1-150300.3.8.1 as a component of Public Cloud Image google/sle-micro-5-2-byos-v20230807-x86-64 udev-246.16-150300.7.57.1 as a component of Public Cloud Image google/sle-micro-5-2-byos-v20230807-x86-64 update-alternatives-1.19.0.4-150000.4.4.1 as a component of Public Cloud Image google/sle-micro-5-2-byos-v20230807-x86-64 util-linux-2.36.2-150300.4.35.1 as a component of Public Cloud Image google/sle-micro-5-2-byos-v20230807-x86-64 util-linux-systemd-2.36.2-150300.4.35.1 as a component of Public Cloud Image google/sle-micro-5-2-byos-v20230807-x86-64 vim-data-common-9.0.1572-150000.5.46.1 as a component of Public Cloud Image google/sle-micro-5-2-byos-v20230807-x86-64 vim-small-9.0.1572-150000.5.46.1 as a component of Public Cloud Image google/sle-micro-5-2-byos-v20230807-x86-64 wget-1.20.3-150000.3.15.1 as a component of Public Cloud Image google/sle-micro-5-2-byos-v20230807-x86-64 wicked-0.6.73-150300.4.13.1 as a component of Public Cloud Image google/sle-micro-5-2-byos-v20230807-x86-64 wicked-service-0.6.73-150300.4.13.1 as a component of Public Cloud Image google/sle-micro-5-2-byos-v20230807-x86-64 xen-libs-4.14.5_12-150300.3.48.1 as a component of Public Cloud Image google/sle-micro-5-2-byos-v20230807-x86-64 zypper-1.14.61-150200.54.1 as a component of Public Cloud Image google/sle-micro-5-2-byos-v20230807-x86-64 zypper-needs-restarting-1.14.61-150200.54.1 as a component of Public Cloud Image google/sle-micro-5-2-byos-v20230807-x86-64 Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267. CVE-2007-4559 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P Possible cross-site scripting vulnerability in libxml after commit 960f0e2. CVE-2016-3709 moderate Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. CVE-2017-5753 important 4.7 AV:L/AC:M/Au:N/C:C/I:N/A:N A flaw was found in python-cryptography versions between >=1.9.0 and <2.3. The finalize_with_tag API did not enforce a minimum tag length. If a user did not validate the input length prior to passing it to finalize_with_tag an attacker could craft an invalid payload with a shortened tag (e.g. 1 byte) such that they would have a 1 in 256 chance of passing the MAC check. GCM tag forgeries can cause key leakage. CVE-2018-10903 important 5 AV:N/AC:L/Au:N/C:P/I:N/A:N An issue was discovered in urllib2 in Python 2.x through 2.7.17 and urllib in Python 3.x through 3.8.0. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the host component of a URL) followed by an HTTP header. This is similar to the CVE-2019-9740 query string issue and the CVE-2019-9947 path string issue. (This is not exploitable when glibc has CVE-2016-10739 fixed.). This is fixed in: v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1; v3.6.11, v3.6.11rc1, v3.6.12; v3.7.8, v3.7.8rc1, v3.7.9; v3.8.3, v3.8.3rc1, v3.8.4, v3.8.4rc1, v3.8.5, v3.8.6, v3.8.6rc1. CVE-2019-18348 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N Memory leaks in *clock_source_create() functions under drivers/gpu/drm/amd/display/dc in the Linux kernel before 5.3.8 allow attackers to cause a denial of service (memory consumption). This affects the dce112_clock_source_create() function in drivers/gpu/drm/amd/display/dc/dce112/dce112_resource.c, the dce100_clock_source_create() function in drivers/gpu/drm/amd/display/dc/dce100/dce100_resource.c, the dcn10_clock_source_create() function in drivers/gpu/drm/amd/display/dc/dcn10/dcn10_resource.c, the dcn20_clock_source_create() function in drivers/gpu/drm/amd/display/dc/dcn20/dcn20_resource.c, the dce120_clock_source_create() function in drivers/gpu/drm/amd/display/dc/dce120/dce120_resource.c, the dce110_clock_source_create() function in drivers/gpu/drm/amd/display/dc/dce110/dce110_resource.c, and the dce80_clock_source_create() function in drivers/gpu/drm/amd/display/dc/dce80/dce80_resource.c, aka CID-055e547478a1. CVE-2019-19083 moderate 4.7 AV:L/AC:M/Au:N/C:N/I:N/A:C A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using int("text"), a system could take 50ms to parse an int string with 100,000 digits and 5s for 1,000,000 digits (float, decimal, int.from_bytes(), and int() for binary bases 2, 4, 8, 16, and 32 are not affected). The highest threat from this vulnerability is to system availability. CVE-2020-10735 important python-cryptography 3.2 is vulnerable to Bleichenbacher timing attacks in the RSA decryption API, via timed processing of valid PKCS#1 v1.5 ciphertext. CVE-2020-25659 moderate 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N In the cryptography package before 3.3.2 for Python, certain sequences of update calls to symmetrically encrypt multi-GB values could result in an integer overflow and buffer overflow, as demonstrated by the Fernet class. CVE-2020-36242 important 6.4 AV:N/AC:L/Au:N/C:P/I:N/A:P An issue was discovered in the Linux kernel before 5.8. lib/nlattr.c allows attackers to cause a denial of service (unbounded recursion) via a nested Netlink policy with a back reference. CVE-2020-36691 moderate Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking. CVE-2020-8492 moderate 7.1 AV:N/AC:M/Au:N/C:N/I:N/A:C An issue in protobuf-java allowed the interleaving of com.google.protobuf.UnknownFieldSet fields in such a way that would be processed out of order. A small malicious payload can occupy the parser for several minutes by creating large numbers of short-lived objects that cause frequent, repeated pauses. We recommend upgrading libraries beyond the vulnerable versions. CVE-2021-22569 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P Nullptr dereference when a null char is present in a proto symbol. The symbol is parsed incorrectly, leading to an unchecked call into the proto file's name during generation of the resulting error message. Since the symbol is incorrectly parsed, the file is nullptr. We recommend upgrading to version 3.15.0 or greater. CVE-2021-22570 moderate 2.1 AV:L/AC:L/Au:N/C:N/I:N/A:P An issue was discovered in the Linux kernel before 5.11.11. The netfilter subsystem allows attackers to cause a denial of service (panic) because net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h lack a full memory barrier upon the assignment of a new table value, aka CID-175e476b8cdf. CVE-2021-29650 moderate 4.9 AV:L/AC:L/Au:N/C:N/I:N/A:C A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS (Domain Name Servers) can lead to output of wrong hostnames which might potentially lead to Domain Hijacking. The highest threat from this vulnerability is to confidentiality and integrity as well as system availability. CVE-2021-3672 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P A flaw was found in the Linux kernel's implementation of RDMA over infiniband. An attacker with a privileged local account can leak kernel stack information when issuing commands to the /dev/infiniband/rdma_cm device node. While this access is unlikely to leak sensitive user information, it can be further used to defeat existing kernel protection mechanisms. CVE-2021-3923 low vim is vulnerable to Use of Uninitialized Variable CVE-2021-3928 moderate 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P A vulnerability was found in the fs/inode.c:inode_init_owner() function logic of the LInux kernel that allows local users to create files for the XFS file-system with an unintended group ownership and with group execution and SGID permission bits set, in a scenario where a directory is SGID and belongs to a certain group and is writable by a user who is not a member of this group. This can lead to excessive permissions granted in case when they should not. This vulnerability is similar to the previous CVE-2018-13405 and adds the missed fix for the XFS. CVE-2021-4037 moderate A parsing vulnerability for the MessageSet type in the ProtocolBuffers versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 3.21.5 for protobuf-cpp, and versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 4.21.5 for protobuf-python can lead to out of memory failures. A specially crafted message with multiple key-value per elements creates parsing issues, and can lead to a Denial of Service against services receiving unsanitized input. We recommend upgrading to versions 3.18.3, 3.19.5, 3.20.2, 3.21.6 for protobuf-cpp and 3.18.3, 3.19.5, 3.20.2, 4.21.6 for protobuf-python. Versions for 3.16 and 3.17 are no longer updated. CVE-2022-1941 moderate A flaw was found in the Linux kernel’s KVM when attempting to set a SynIC IRQ. This issue makes it possible for a misbehaving VMM to write to SYNIC/STIMER MSRs, causing a NULL pointer dereference. This flaw allows an unprivileged local attacker on the host to issue specific ioctl calls, causing a kernel oops condition that results in a denial of service. CVE-2022-2153 moderate A regression exists in the Linux Kernel within KVM: nVMX that allowed for speculative execution attacks. L2 can carry out Spectre v2 attacks on L1 due to L1 thinking it doesn't need retpolines or IBPB after running L2 due to KVM (L0) advertising eIBRS support to L1. An attacker at L2 with code execution can execute code on an indirect branch on the host machine. We recommend upgrading to Kernel 6.2 or past commit 2e7eab81425a CVE-2022-2196 moderate containerd is an open source container runtime. A bug was found in containerd's CRI implementation where a user can exhaust memory on the host. In the CRI stream server, a goroutine is launched to handle terminal resize events if a TTY is requested. If the user's process fails to launch due to, for example, a faulty command, the goroutine will be stuck waiting to send without a receiver, resulting in a memory leak. Kubernetes and crictl can both be configured to use containerd's CRI implementation and the stream server is used for handling container IO. This bug has been fixed in containerd 1.6.12 and 1.5.16. Users should update to these versions to resolve the issue. Users unable to upgrade should ensure that only trusted images and commands are used and that only trusted users have permissions to execute commands in running containers. CVE-2022-23471 moderate Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi 2022.12.07 removes root certificates from "TrustCor" from the root store. These are in the process of being removed from Mozilla's trust store. TrustCor's root certificates are being removed pursuant to an investigation prompted by media reporting that TrustCor's ownership also operated a business that produced spyware. Conclusions of Mozilla's investigation can be found in the linked google group discussion. CVE-2022-23491 moderate IBPB may not prevent return branch predictions from being specified by pre-IBPB branch targets leading to a potential information disclosure. CVE-2022-23824 moderate A buffer overflow was found in grub_font_construct_glyph(). A malicious crafted pf2 font can lead to an overflow when calculating the max_glyph_size value, allocating a smaller than needed buffer for the glyph, this further leads to a buffer overflow and a heap based out-of-bounds write. An attacker may use this vulnerability to circumvent the secure boot mechanism. CVE-2022-2601 moderate io_uring UAF, Unix SCM garbage collection CVE-2022-2602 important The golang.org/x/crypto/ssh package before 0.0.0-20220314234659-1baeb1ce4c0b for Go allows an attacker to crash a server in certain circumstances involving AddHostKey. CVE-2022-27191 important 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2022-28693 moderate There's a possible overflow in handle_image() when shim tries to load and execute crafted EFI executables; The handle_image() function takes into account the SizeOfRawData field from each section to be loaded. An attacker can leverage this to perform out-of-bound writes into memory. Arbitrary code execution is not discarded in such scenario. CVE-2022-28737 important ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-2964. Reason: This candidate is a reservation duplicate of CVE-2022-2964. Notes: All CVE users should reference CVE-2022-2964 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. CVE-2022-28748 low A flaw use after free in the Linux kernel NILFS file system was found in the way user triggers function security_inode_alloc to fail with following call to function nilfs_mdt_destroy. A local user could use this flaw to crash the system or potentially escalate their privileges on the system. CVE-2022-2978 moderate NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0259. CVE-2022-2980 low Use After Free in GitHub repository vim/vim prior to 9.0.0260. CVE-2022-2982 moderate Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions. CVE-2022-29900 moderate 2.1 AV:L/AC:L/Au:N/C:P/I:N/A:N Use After Free in GitHub repository vim/vim prior to 9.0.0322. CVE-2022-3037 low Use After Free in GitHub repository vim/vim prior to 9.0.0360. CVE-2022-3099 moderate An issue was discovered in the Linux kernel through 5.16-rc6. uapi_finalize in drivers/infiniband/core/uverbs_uapi.c lacks check of kmalloc_array(). CVE-2022-3105 moderate An issue was discovered in the Linux kernel through 5.16-rc6. ef100_update_stats in drivers/net/ethernet/sfc/ef100_nic.c lacks check of the return value of kmalloc(). CVE-2022-3106 moderate An issue was discovered in the Linux kernel through 5.16-rc6. netvsc_get_ethtool_stats in drivers/net/hyperv/netvsc_drv.c lacks check of the return value of kvmalloc_array() and will cause the null pointer dereference. CVE-2022-3107 moderate An issue was discovered in the Linux kernel through 5.16-rc6. kfd_parse_subtype_iolink in drivers/gpu/drm/amd/amdkfd/kfd_crat.c lacks check of the return value of kmemdup(). CVE-2022-3108 moderate An issue was discovered in the Linux kernel through 5.16-rc6. free_charger_irq() in drivers/power/supply/wm8350_power.c lacks free of WM8350_IRQ_CHG_FAST_RDY, which is registered in wm8350_init_charger(). CVE-2022-3111 moderate An issue was discovered in the Linux kernel through 5.16-rc6. amvdec_set_canvases in drivers/staging/media/meson/vdec/vdec_helpers.c lacks check of the return value of kzalloc() and will cause the null pointer dereference. CVE-2022-3112 moderate An issue was discovered in the Linux kernel through 5.16-rc6. malidp_crtc_reset in drivers/gpu/drm/arm/malidp_crtc.c lacks check of the return value of kzalloc() and will cause the null pointer dereference. CVE-2022-3115 moderate Use After Free in GitHub repository vim/vim prior to 9.0.0389. CVE-2022-3134 low NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0404. CVE-2022-3153 moderate A parsing issue with binary data in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be converted back-n-forth between mutable and immutable forms, resulting in potentially long garbage collection pauses. We recommend updating to the versions mentioned above. CVE-2022-3171 important There exists a use-after-free in io_uring in the Linux kernel. Signalfd_poll() and binder_poll() use a waitqueue whose lifetime is the current task. It will send a POLLFREE notification to all waiters before the queue is freed. Unfortunately, the io_uring poll doesn't handle POLLFREE. This allows a use-after-free to occur if a signalfd or binder fd is polled with io_uring poll, and the waitqueue gets freed. We recommend upgrading past commit fc78b2fc21f10c4c9c4d5d659a685710ffa63659 CVE-2022-3176 important Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0483. CVE-2022-3234 important Use After Free in GitHub repository vim/vim prior to 9.0.0490. CVE-2022-3235 low NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0552. CVE-2022-3278 low Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0577. CVE-2022-3296 moderate Use After Free in GitHub repository vim/vim prior to 9.0.0579. CVE-2022-3297 moderate Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0598. CVE-2022-3324 moderate Use After Free in GitHub repository vim/vim prior to 9.0.0614. CVE-2022-3352 moderate P2M pool freeing may take excessively long The P2M pool backing second level address translation for guests may be of significant size. Therefore its freeing may take more time than is reasonable without intermediate preemption checks. Such checking for the need to preempt was so far missing. CVE-2022-33746 moderate Arm: unbounded memory consumption for 2nd-level page tables Certain actions require e.g. removing pages from a guest's P2M (Physical-to-Machine) mapping. When large pages are in use to map guest pages in the 2nd-stage page tables, such a removal operation may incur a memory allocation (to replace a large mapping with individual smaller ones). These memory allocations are taken from the global memory pool. A malicious guest might be able to cause the global memory pool to be exhausted by manipulating its own P2M mappings. CVE-2022-33747 low lock order inversion in transitive grant copy handling As part of XSA-226 a missing cleanup call was inserted on an error handling path. While doing so, locking requirements were not paid attention to. As a result two cooperating guests granting each other transitive grants can cause locks to be acquired nested within one another, but in respectively opposite order. With suitable timing between the involved grant copy operations this may result in the locking up of a CPU. CVE-2022-33748 moderate drivers/block/floppy.c in the Linux kernel before 5.17.6 is vulnerable to a denial of service, because of a concurrency use-after-free flaw after deallocating raw_cmd in the raw_cmd_ioctl function. CVE-2022-33981 moderate 2.1 AV:L/AC:L/Au:N/C:N/I:N/A:P A use-after-free flaw was found in the Linux kernel’s SGI GRU driver in the way the first gru_file_unlocked_ioctl function is called by the user, where a fail pass occurs in the gru_check_chiplet_assignment function. This flaw allows a local user to crash or potentially escalate their privileges on the system. CVE-2022-3424 moderate A vulnerability classified as problematic has been found in Linux Kernel. This affects the function fib_nh_match of the file net/ipv4/fib_semantics.c of the component IPv4 Handler. The manipulation leads to out-of-bounds read. It is possible to initiate the attack remotely. It is recommended to apply a patch to fix this issue. The identifier VDB-210357 was assigned to this vulnerability. CVE-2022-3435 moderate Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0742. CVE-2022-3491 low Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0765. CVE-2022-3520 important A vulnerability has been found in Linux Kernel and classified as problematic. This vulnerability affects the function kcm_tx_work of the file net/kcm/kcmsock.c of the component kcm. The manipulation leads to race condition. It is recommended to apply a patch to fix this issue. VDB-211018 is the identifier assigned to this vulnerability. CVE-2022-3521 moderate A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is the function ipv6_renew_options of the component IPv6 Handler. The manipulation leads to memory leak. The attack can be launched remotely. It is recommended to apply a patch to fix this issue. The identifier VDB-211021 was assigned to this vulnerability. CVE-2022-3524 moderate ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. CVE-2022-3535 low ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. CVE-2022-3542 moderate A vulnerability has been found in Linux Kernel and classified as critical. Affected by this vulnerability is the function area_cache_get of the file drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c of the component IPsec. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier VDB-211045 was assigned to this vulnerability. CVE-2022-3545 important A vulnerability classified as critical was found in Linux Kernel. Affected by this vulnerability is the function l2cap_reassemble_sdu of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211087. CVE-2022-3564 important A vulnerability, which was classified as critical, has been found in Linux Kernel. Affected by this issue is the function del_timer of the file drivers/isdn/mISDN/l1oip_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211088. CVE-2022-3565 important A vulnerability, which was classified as problematic, was found in Linux Kernel. This affects the function tcp_getsockopt/tcp_setsockopt of the component TCP Handler. The manipulation leads to race condition. It is recommended to apply a patch to fix this issue. The identifier VDB-211089 was assigned to this vulnerability. CVE-2022-3566 moderate A vulnerability has been found in Linux Kernel and classified as problematic. This vulnerability affects the function inet6_stream_ops/inet6_dgram_ops of the component IPv6 Handler. The manipulation leads to race condition. It is recommended to apply a patch to fix this issue. VDB-211090 is the identifier assigned to this vulnerability. CVE-2022-3567 moderate An out-of-bounds memory write flaw was found in the Linux kernel’s Kid-friendly Wired Controller driver. This flaw allows a local user to crash or potentially escalate their privileges on the system. It is in bigben_probe of drivers/hid/hid-bigbenff.c. The reason is incorrect assumption - bigben devices all have inputs. However, malicious devices can break this assumption, leaking to out-of-bound write. CVE-2022-3577 moderate A flaw was found in the Linux kernel’s networking code. A use-after-free was found in the way the sch_sfb enqueue function used the socket buffer (SKB) cb field after the same SKB had been enqueued (and freed) into a child qdisc. This flaw allows a local, unprivileged user to crash the system, causing a denial of service. CVE-2022-3586 moderate Use After Free in GitHub repository vim/vim prior to 9.0.0789. CVE-2022-3591 important A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is the function intr_callback of the file drivers/net/usb/r8152.c of the component BPF. The manipulation leads to logging of excessive data. The attack can be launched remotely. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211363. CVE-2022-3594 moderate A vulnerability was found in Linux Kernel. It has been classified as problematic. This affects the function find_prog_by_sec_insn of the file tools/lib/bpf/libbpf.c of the component BPF. The manipulation leads to null pointer dereference. It is recommended to apply a patch to fix this issue. The identifier VDB-211749 was assigned to this vulnerability. CVE-2022-3606 moderate Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where supplementary groups are not set up properly. If an attacker has direct access to a container and manipulates their supplementary group access, they may be able to use supplementary group access to bypass primary group restrictions in some cases, potentially gaining access to sensitive information or gaining the ability to execute code in that container. This bug is fixed in Moby (Docker Engine) 20.10.18. Running containers should be stopped and restarted for the permissions to be fixed. For users unable to upgrade, this problem can be worked around by not using the `"USER $USERNAME"` Dockerfile instruction. Instead by calling `ENTRYPOINT ["su", "-", "user"]` the supplementary groups will be set up properly. CVE-2022-36109 moderate A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is the function nilfs_bmap_lookup_at_level of the file fs/nilfs2/inode.c of the component nilfs2. The manipulation leads to null pointer dereference. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211920. CVE-2022-3621 moderate A vulnerability was found in Linux Kernel. It has been classified as critical. This affects the function devlink_param_set/devlink_param_get of the file net/core/devlink.c of the component IPsec. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier VDB-211929 was assigned to this vulnerability. CVE-2022-3625 moderate A buffer overflow flaw was found in the Linux kernel Broadcom Full MAC Wi-Fi driver. This issue occurs when a user connects to a malicious USB device. This can allow a local user to crash the system or escalate their privileges. CVE-2022-3628 moderate An out-of-bounds(OOB) memory access vulnerability was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_kms.c in GPU component in the Linux kernel with device file '/dev/dri/renderD128 (or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS). CVE-2022-36280 moderate A vulnerability was found in Linux Kernel. It has been declared as problematic. This vulnerability affects the function vsock_connect of the file net/vmw_vsock/af_vsock.c. The manipulation leads to memory leak. The complexity of an attack is rather high. The exploitation appears to be difficult. It is recommended to apply a patch to fix this issue. VDB-211930 is the identifier assigned to this vulnerability. CVE-2022-3629 low 1.4 AV:A/AC:H/Au:S/C:N/I:N/A:P A vulnerability, which was classified as critical, has been found in Linux Kernel. Affected by this issue is the function tst_timer of the file drivers/atm/idt77252.c of the component IPsec. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. VDB-211934 is the identifier assigned to this vulnerability. CVE-2022-3635 important A vulnerability, which was classified as critical, was found in Linux Kernel. Affected is the function l2cap_conn_del of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211944. CVE-2022-3640 important Guests can trigger NIC interface reset/abort/crash via netback It is possible for a guest to trigger a NIC interface reset/abort/crash in a Linux based network backend by sending certain kinds of packets. It appears to be an (unwritten?) assumption in the rest of the Linux network stack that packet protocol headers are all contained within the linear section of the SKB and some NICs behave badly if this is not the case. This has been reported to occur with Cisco (enic) and Broadcom NetXtrem II BCM5780 (bnx2x) though it may be an issue with other NICs/drivers as well. In case the frontend is sending requests with split headers, netback will forward those violating above mentioned assumption to the networking core, resulting in said misbehavior. CVE-2022-3643 moderate A vulnerability, which was classified as problematic, has been found in Linux Kernel. This issue affects the function nilfs_attach_log_writer of the file fs/nilfs2/segment.c of the component BPF. The manipulation leads to memory leak. The attack may be initiated remotely. It is recommended to apply a patch to fix this issue. The identifier VDB-211961 was assigned to this vulnerability. CVE-2022-3646 low A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is the function nilfs_new_inode of the file fs/nilfs2/inode.c of the component BPF. The manipulation leads to use after free. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211992. CVE-2022-3649 low A vulnerability was found in vim and classified as problematic. Affected by this issue is the function qf_update_buffer of the file quickfix.c of the component autocmd Handler. The manipulation leads to use after free. The attack may be launched remotely. Upgrading to version 9.0.0805 is able to address this issue. The name of the patch is d0fab10ed2a86698937e3c3fed2f10bd9bb5e731. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-212324. CVE-2022-3705 moderate A double-free memory flaw was found in the Linux kernel. The Intel GVT-g graphics driver triggers VGA card system resource overload, causing a fail in the intel_gvt_dma_map_guest_page function. This issue could allow a local user to crash the system. CVE-2022-3707 moderate The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the sponge function interface. CVE-2022-37454 important When rendering certain unicode sequences, grub2's font code doesn't proper validate if the informed glyph's width and height is constrained within bitmap size. As consequence an attacker can craft an input which will lead to a out-of-bounds write into grub2's heap, leading to memory corruption and availability issues. Although complex, arbitrary code execution could not be discarded. CVE-2022-3775 moderate A NULL pointer dereference vulnerability was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in GPU component of Linux kernel with device file '/dev/dri/renderD128 (or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS). CVE-2022-38096 moderate An off-by-one Error issue was discovered in Systemd in format_timespan() function of time-util.c. An attacker could supply specific values for time and accuracy that leads to buffer overrun in format_timespan(), leading to a Denial of Service. CVE-2022-3821 moderate An incorrect read request flaw was found in the Infrared Transceiver USB driver in the Linux kernel. This issue occurs when a user attaches a malicious USB device. A local user could use this flaw to starve the resources, causing denial of service or potentially crashing the system. CVE-2022-3903 moderate An issue was discovered the x86 KVM subsystem in the Linux kernel before 5.18.17. Unprivileged guest users can compromise the guest kernel because TLB flush operations are mishandled in certain KVM_VCPU_PREEMPTED situations. CVE-2022-39189 moderate An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled, several integer counters can overflow. This results in an attempt to access an array at a negative 2GB offset, typically leading to a segmentation fault. CVE-2022-40303 important An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be provoked. CVE-2022-40304 important Python Packaging Authority (PyPA) setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML in a crafted package or custom PackageIndex page. There is a Regular Expression Denial of Service (ReDoS) in package_index.py. CVE-2022-40897 moderate A use-after-free flaw was found in Linux kernel before 5.19.2. This issue occurs in cmd_hdl_filter in drivers/staging/rtl8712/rtl8712_cmd.c, allowing an attacker to launch a local denial of service attack and gain escalation of privileges. CVE-2022-4095 important A flaw was found in the Linux kernel's Layer 2 Tunneling Protocol (L2TP). A missing lock when clearing sk_user_data can lead to a race condition and NULL pointer dereference. A local user could use this flaw to potentially crash the system causing a denial of service. CVE-2022-4129 moderate An incorrect TLB flush issue was found in the Linux kernel’s GPU i915 kernel driver, potentially leading to random memory corruption or data leaks. This flaw could allow a local user to crash the system or escalate their privileges on the system. CVE-2022-4139 moderate Heap based buffer overflow in vim/vim 9.0.0946 and below by allowing an attacker to CTRL-W gf in the expression used in the RHS of the substitute command. CVE-2022-4141 important roccat_report_event in drivers/hid/hid-roccat.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free in certain situations where a report is received while copying a report->value is in progress. CVE-2022-41850 low A flaw was found in the Linux kernel. A NULL pointer dereference may occur while a slip driver is in progress to detach in sl_tx_timeout in drivers/net/slip/slip.c. This issue could allow an attacker to crash the system or leak internal kernel information. CVE-2022-41858 moderate Xenstore: Guests can crash xenstored Due to a bug in the fix of XSA-115 a malicious guest can cause xenstored to use a wrong pointer during node creation in an error path, resulting in a crash of xenstored or a memory corruption in xenstored causing further damage. Entering the error path can be controlled by the guest e.g. by exceeding the quota value of maximum nodes per domain. CVE-2022-42309 important Xenstore: Guests can create orphaned Xenstore nodes By creating multiple nodes inside a transaction resulting in an error, a malicious guest can create orphaned nodes in the Xenstore data base, as the cleanup after the error will not remove all nodes already created. When the transaction is committed after this situation, nodes without a valid parent can be made permanent in the data base. CVE-2022-42310 moderate Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in a Denial of Service (DoS) of xenstored. There are multiple ways how guests can cause large memory allocations in xenstored: - - by issuing new requests to xenstored without reading the responses, causing the responses to be buffered in memory - - by causing large number of watch events to be generated via setting up multiple xenstore watches and then e.g. deleting many xenstore nodes below the watched path - - by creating as many nodes as allowed with the maximum allowed size and path length in as many transactions as possible - - by accessing many nodes inside a transaction CVE-2022-42311 moderate Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in a Denial of Service (DoS) of xenstored. There are multiple ways how guests can cause large memory allocations in xenstored: - - by issuing new requests to xenstored without reading the responses, causing the responses to be buffered in memory - - by causing large number of watch events to be generated via setting up multiple xenstore watches and then e.g. deleting many xenstore nodes below the watched path - - by creating as many nodes as allowed with the maximum allowed size and path length in as many transactions as possible - - by accessing many nodes inside a transaction CVE-2022-42313 moderate Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in a Denial of Service (DoS) of xenstored. There are multiple ways how guests can cause large memory allocations in xenstored: - - by issuing new requests to xenstored without reading the responses, causing the responses to be buffered in memory - - by causing large number of watch events to be generated via setting up multiple xenstore watches and then e.g. deleting many xenstore nodes below the watched path - - by creating as many nodes as allowed with the maximum allowed size and path length in as many transactions as possible - - by accessing many nodes inside a transaction CVE-2022-42317 moderate Xenstore: Guests can cause Xenstore to not free temporary memory When working on a request of a guest, xenstored might need to allocate quite large amounts of memory temporarily. This memory is freed only after the request has been finished completely. A request is regarded to be finished only after the guest has read the response message of the request from the ring page. Thus a guest not reading the response can cause xenstored to not free the temporary memory. This can result in memory shortages causing Denial of Service (DoS) of xenstored. CVE-2022-42319 moderate Xenstore: Guests can get access to Xenstore nodes of deleted domains Access rights of Xenstore nodes are per domid. When a domain is gone, there might be Xenstore nodes left with access rights containing the domid of the removed domain. This is normally no problem, as those access right entries will be corrected when such a node is written later. There is a small time window when a new domain is created, where the access rights of a past domain with the same domid as the new one will be regarded to be still valid, leading to the new domain being able to get access to a node which was meant to be accessible by the removed domain. For this to happen another domain needs to write the node before the newly created domain is being introduced to Xenstore by dom0. CVE-2022-42320 important Xenstore: Guests can crash xenstored via exhausting the stack Xenstored is using recursion for some Xenstore operations (e.g. for deleting a sub-tree of Xenstore nodes). With sufficiently deep nesting levels this can result in stack exhaustion on xenstored, leading to a crash of xenstored. CVE-2022-42321 moderate Xenstore: Cooperating guests can create arbitrary numbers of nodes T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Since the fix of XSA-322 any Xenstore node owned by a removed domain will be modified to be owned by Dom0. This will allow two malicious guests working together to create an arbitrary number of Xenstore nodes. This is possible by domain A letting domain B write into domain A's local Xenstore tree. Domain B can then create many nodes and reboot. The nodes created by domain B will now be owned by Dom0. By repeating this process over and over again an arbitrary number of nodes can be created, as Dom0's number of nodes isn't limited by Xenstore quota. CVE-2022-42322 moderate Xenstore: Guests can create arbitrary number of nodes via transactions T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] In case a node has been created in a transaction and it is later deleted in the same transaction, the transaction will be terminated with an error. As this error is encountered only when handling the deleted node at transaction finalization, the transaction will have been performed partially and without updating the accounting information. This will enable a malicious guest to create arbitrary number of nodes. CVE-2022-42325 moderate Guests can trigger deadlock in Linux netback driver T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] The patch for XSA-392 introduced another issue which might result in a deadlock when trying to free the SKB of a packet dropped due to the XSA-392 handling (CVE-2022-42328). Additionally when dropping packages for other reasons the same deadlock could occur in case of netpoll being active for the interface the xen-netback driver is connected to (CVE-2022-42329). CVE-2022-42328 moderate x86: speculative vulnerability in 32bit SYSCALL path Due to an oversight in the very original Spectre/Meltdown security work (XSA-254), one entrypath performs its speculation-safety actions too late. In some configurations, there is an unprotected RET instruction which can be attacked with a variety of speculative attacks. CVE-2022-42331 moderate x86 shadow plus log-dirty mode use-after-free In environments where host assisted address translation is necessary but Hardware Assisted Paging (HAP) is unavailable, Xen will run guests in so called shadow mode. Shadow mode maintains a pool of memory used for both shadow page tables as well as auxiliary data structures. To migrate or snapshot guests, Xen additionally runs them in so called log-dirty mode. The data structures needed by the log-dirty tracking are part of aformentioned auxiliary data. In order to keep error handling efforts within reasonable bounds, for operations which may require memory allocations shadow mode logic ensures up front that enough memory is available for the worst case requirements. Unfortunately, while page table memory is properly accounted for on the code path requiring the potential establishing of new shadows, demands by the log-dirty infrastructure were not taken into consideration. As a result, just established shadow page tables could be freed again immediately, while other code is still accessing them on the assumption that they would remain allocated. CVE-2022-42332 important x86/HVM pinned cache attributes mis-handling T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] To allow cachability control for HVM guests with passed through devices, an interface exists to explicitly override defaults which would otherwise be put in place. While not exposed to the affected guests themselves, the interface specifically exists for domains controlling such guests. This interface may therefore be used by not fully privileged entities, e.g. qemu running deprivileged in Dom0 or qemu running in a so called stub-domain. With this exposure it is an issue that - the number of the such controlled regions was unbounded (CVE-2022-42333), - installation and removal of such regions was not properly serialized (CVE-2022-42334). CVE-2022-42333 moderate A flaw was found in the Linux kernel Traffic Control (TC) subsystem. Using a specific networking configuration (redirecting egress packets to ingress using TC action "mirred") a local unprivileged user could trigger a CPU soft lockup (ABBA deadlock) when the transport protocol in use (TCP or SCTP) does a retransmission, resulting in a denial of service condition. CVE-2022-4269 moderate mm/rmap.c in the Linux kernel before 5.19.7 has a use-after-free related to leaf anon_vma double reuse. CVE-2022-42703 important There is an infoleak vulnerability in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_parse_conf_req function which can be used to leak kernel pointers remotely. We recommend upgrading past commit https://github.com/torvalds/linux/commit/b1a2cd50c0357f243b7435a732b4e62ba3157a2e https://www.google.com/url CVE-2022-42895 moderate There are use-after-free vulnerabilities in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_connect and l2cap_le_connect_req functions which may allow code execution and leaking kernel memory (respectively) remotely via Bluetooth. A remote attacker could execute code leaking kernel memory via Bluetooth if within proximity of the victim. We recommend upgrading past commit https://www.google.com/url https://github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4 https://www.google.com/url CVE-2022-42896 moderate PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to remote code execution (in KDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms (which have a resultant heap-based buffer overflow), and cause a denial of service on other platforms. This occurs in krb5_pac_parse in lib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug." CVE-2022-42898 moderate Use After Free in GitHub repository vim/vim prior to 9.0.0882. CVE-2022-4292 important Floating Point Comparison with Incorrect Operator in GitHub repository vim/vim prior to 9.0.0804. CVE-2022-4293 moderate ** DISPUTED ** The py library through 1.11.0 for Python allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data, because the InfoSvnCommand argument is mishandled. Note: This has been disputed by multiple third parties as not being reproduceable and they argue this is not a valid vulnerability. CVE-2022-42969 moderate A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful decryption an attacker would have to be able to send a very large number of trial messages for decryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5, RSA-OEAP and RSASVE. For example, in a TLS connection, RSA is commonly used by a client to send an encrypted pre-master secret to the server. An attacker that had observed a genuine connection between a client and a server could use this flaw to send trial messages to the server and record the time taken to process them. After a sufficiently large number of messages the attacker could recover the pre-master secret used for the original connection and thus be able to decrypt the application data sent over that connection. CVE-2022-4304 moderate A use after free vulnerability exists in curl <7.87.0. Curl can be asked to *tunnel* virtually all protocols it supports through an HTTP proxy. HTTP proxies can (and often do) deny such tunnel operations. When getting denied to tunnel the specific protocols SMB or TELNET, curl would use a heap-allocated struct after it had been freed, in its transfer shutdown code path. CVE-2022-43552 moderate In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations. CVE-2022-43680 important drivers/usb/mon/mon_bin.c in usbmon in the Linux kernel before 5.19.15 and 6.x before 6.0.1 allows a user-space client to corrupt the monitor's internal memory. CVE-2022-43750 moderate A stack overflow flaw was found in the Linux kernel's SYSCTL subsystem in how a user changes certain kernel parameters and variables. This flaw allows a local user to crash or potentially escalate their privileges on the system. CVE-2022-4378 important The Linux kernel NFSD implementation prior to versions 5.19.17 and 6.0.2 are vulnerable to buffer overflow. NFSD tracks the number of pages held by each NFSD thread by combining the receive and send buffers of a remote procedure call (RPC) into a single array of pages. A client can force the send buffer to shrink by sending an RPC message over TCP with garbage data added at the end of the message. The RPC message with garbage data is still correctly formed according to the specification and is passed forward to handlers. Vulnerable code in NFSD is not expecting the oversized request and writes beyond the allocated buffer space. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-43945 important Sudo 1.8.0 through 1.9.12, with the crypt() password backend, contains a plugins/sudoers/auth/passwd.c array-out-of-bounds error that can result in a heap-based buffer over-read. This can be triggered by arbitrary local users with access to Sudo by entering a password of seven characters or fewer. The impact could vary depending on the system libraries, compiler, and processor architecture. CVE-2022-43995 important A vulnerability was found in systemd. This security flaw can cause a local information leak due to systemd-coredump not respecting the fs.suid_dumpable kernel setting. CVE-2022-4415 moderate The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and decodes the "name" (e.g. "CERTIFICATE"), any header data and the payload data. If the function succeeds then the "name_out", "header" and "data" arguments are populated with pointers to buffers containing the relevant decoded data. The caller is responsible for freeing those buffers. It is possible to construct a PEM file that results in 0 bytes of payload data. In this case PEM_read_bio_ex() will return a failure code but will populate the header argument with a pointer to a buffer that has already been freed. If the caller also frees this buffer then a double free will occur. This will most likely lead to a crash. This could be exploited by an attacker who has the ability to supply malicious PEM files for parsing to achieve a denial of service attack. The functions PEM_read_bio() and PEM_read() are simple wrappers around PEM_read_bio_ex() and therefore these functions are also directly affected. These functions are also called indirectly by a number of other OpenSSL functions including PEM_X509_INFO_read_bio_ex() and SSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSL internal uses of these functions are not vulnerable because the caller does not free the header argument if PEM_read_bio_ex() returns a failure code. These locations include the PEM_read_bio_TYPE() functions as well as the decoders introduced in OpenSSL 3.0. The OpenSSL asn1parse command line application is also impacted by this issue. CVE-2022-4450 moderate An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA (RFC 3490) decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often supplied by remote servers that could be controlled by a malicious actor; in such a scenario, they could trigger excessive CPU consumption on the client attempting to make use of an attacker-supplied supposed hostname. For example, the attack payload could be placed in the Location header of an HTTP response with status code 302. A fix is planned in 3.11.1, 3.10.9, 3.9.16, 3.8.16, and 3.7.16. CVE-2022-45061 moderate An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvbdev.c has a use-after-free, related to dvb_register_device dynamically allocating fops. CVE-2022-45884 moderate An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvb_frontend.c has a race condition that can cause a use-after-free when a device is disconnected. CVE-2022-45885 moderate An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvb_net.c has a .disconnect versus dvb_device_open race condition that leads to a use-after-free. CVE-2022-45886 moderate An issue was discovered in the Linux kernel through 6.0.9. drivers/media/usb/ttusb-dec/ttusb_dec.c has a memory leak because of the lack of a dvb_frontend_detach call. CVE-2022-45887 moderate An issue was discovered in the Linux kernel through 6.0.10. In drivers/media/dvb-core/dvb_ca_en50221.c, a use-after-free can occur is there is a disconnect after an open, because of the lack of a wait_event. CVE-2022-45919 important An issue was discovered in the Linux kernel through 6.0.10. l2cap_config_req in net/bluetooth/l2cap_core.c has an integer wraparound via L2CAP_CONF_REQ packets. CVE-2022-45934 moderate A flaw incorrect access control in the Linux kernel USB core subsystem was found in the way user attaches usb device. A local user could use this flaw to crash the system. CVE-2022-4662 moderate SQLite through 3.40.0, when relying on --safe for execution of an untrusted CLI script, does not properly implement the azProhibitedFunctions protection mechanism, and instead allows UDF functions such as WRITEFILE. CVE-2022-46908 important A double-free flaw was found in the Linux kernel’s TUN/TAP device driver functionality in how a user registers the device when the register_netdevice function fails (NETDEV_REGISTER notifier). This flaw allows a local user to crash or potentially escalate their privileges on the system. CVE-2022-4744 important An issue was discovered in the Linux kernel before 6.0.11. Missing offset validation in drivers/net/wireless/microchip/wilc1000/hif.c in the WILC1000 wireless driver can trigger an out-of-bounds read when parsing a Robust Security Network (RSN) information element from a Netlink packet. CVE-2022-47520 important Libksba before 1.6.3 is prone to an integer overflow vulnerability in the CRL signature parser. CVE-2022-47629 important In the Linux kernel before 6.1.6, a NULL pointer dereference bug in the traffic control subsystem allows an unprivileged user to trigger a denial of service (system crash) via a crafted traffic control configuration that is set up with "tc qdisc" and "tc class" commands. This affects qdisc_graft in net/sched/sch_api.c. CVE-2022-47929 moderate GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump. Exploitation to change the flow of control has not been demonstrated. The issue occurs in from_header in list.c via a V7 archive in which mtime has approximately 11 whitespace characters. CVE-2022-48303 moderate A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun. CVE-2022-4899 moderate A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity. CVE-2022-4904 moderate The current implementation of the prctl syscall does not issue an IBPB immediately during the syscall. The ib_prctl_set  function updates the Thread Information Flags (TIFs) for the task and updates the SPEC_CTRL MSR on the function __speculation_ctrl_update, but the IBPB is only issued on the next schedule, when the TIF bits are checked. This leaves the victim vulnerable to values already injected on the BTB, prior to the prctl syscall.  The patch that added the support for the conditional mitigation via prctl (ib_prctl_set) dates back to the kernel 4.9.176. We recommend upgrading past commit a664ec9158eeddd75121d39c9a0758016097fa96 CVE-2023-0045 moderate Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.1143. CVE-2023-0049 moderate Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1144. CVE-2023-0051 moderate Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1145. CVE-2023-0054 moderate A buffer overflow vulnerability was found in the Netfilter subsystem in the Linux Kernel. This issue could allow the leakage of both stack and heap addresses, and potentially allow Local Privilege Escalation to the root user via arbitrary code execution. CVE-2023-0179 important The public API function BIO_new_NDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the SMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by end user applications. The function receives a BIO from the caller, prepends a new BIO_f_asn1 filter BIO onto the front of it to form a BIO chain, and then returns the new head of the BIO chain to the caller. Under certain conditions, for example if a CMS recipient public key is invalid, the new filter BIO is freed and the function returns a NULL result indicating a failure. However, in this case, the BIO chain is not properly cleaned up and the BIO passed by the caller still retains internal pointers to the previously freed filter BIO. If the caller then goes on to call BIO_pop() on the BIO then a use-after-free will occur. This will most likely result in a crash. This scenario occurs directly in the internal function B64_write_ASN1() which may cause BIO_new_NDEF() to be called and will subsequently call BIO_pop() on the BIO. This internal function is in turn called by the public API functions PEM_write_bio_ASN1_stream, PEM_write_bio_CMS_stream, PEM_write_bio_PKCS7_stream, SMIME_write_ASN1, SMIME_write_CMS and SMIME_write_PKCS7. Other public API functions that may be impacted by this include i2d_ASN1_bio_stream, BIO_new_CMS, BIO_new_PKCS7, i2d_CMS_bio_stream and i2d_PKCS7_bio_stream. The OpenSSL cms and smime command line applications are similarly affected. CVE-2023-0215 moderate A use after free vulnerability exists in the ALSA PCM package in the Linux Kernel. SNDRV_CTL_IOCTL_ELEM_{READ|WRITE}32 is missing locks that can be used in a use-after-free that can result in a priviledge escalation to gain ring0 access from the system user. We recommend upgrading past commit 56b88b50565cd8b946a2d00b0c83927b7ebb055e CVE-2023-0266 important There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME incorrectly specified the type of the x400Address field as ASN1_TYPE. This field is subsequently interpreted by the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an ASN1_STRING. When CRL checking is enabled (i.e. the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or enact a denial of service. In most cases, the attack requires the attacker to provide both the certificate chain and CRL, neither of which need to have a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. As such, this vulnerability is most likely to only affect applications which have implemented their own functionality for retrieving CRLs over a network. CVE-2023-0286 important Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1189. CVE-2023-0288 moderate A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption the attacker would need to send a large amount of specially crafted messages to the vulnerable server. By recovering the secret from the ClientKeyExchange message, the attacker would be able to decrypt the application data exchanged over that connection. CVE-2023-0361 moderate Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1225. CVE-2023-0433 low There is a use-after-free vulnerability in the Linux Kernel which can be exploited to achieve local privilege escalation. To reach the vulnerability kernel configuration flag CONFIG_TLS or CONFIG_XFRM_ESPINTCP has to be configured, but the operation does not require any privilege. There is a use-after-free bug of icsk_ulp_data of a struct inet_connection_sock. When CONFIG_TLS is enabled, user can install a tls context (struct tls_context) on a connected tcp socket. The context is not cleared if this socket is disconnected and reused as a listener. If a new socket is created from the listener, the context is inherited and vulnerable. The setsockopt TCP_ULP operation does not require any privilege. We recommend upgrading past commit 2c02d41d71f90a5168391b6a5f2954112ba2307c CVE-2023-0461 important A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial-of-service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function. CVE-2023-0464 moderate Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. Invalid certificate policies in leaf certificates are silently ignored by OpenSSL and other certificate policy checks are skipped for that certificate. A malicious CA could use this to deliberately assert invalid certificate policies in order to circumvent policy checking on the certificate altogether. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function. CVE-2023-0465 moderate The function X509_VERIFY_PARAM_add0_policy() is documented to implicitly enable the certificate policy check when doing certificate verification. However the implementation of the function does not enable the check which allows certificates with invalid or incorrect policies to pass the certificate verification. As suddenly enabling the policy check could break existing deployments it was decided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy() function. Instead the applications that require OpenSSL to perform certificate policy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly enable the policy check by calling X509_VERIFY_PARAM_set_flags() with the X509_V_FLAG_POLICY_CHECK flag argument. Certificate policy checks are disabled by default in OpenSSL and are not commonly used by applications. CVE-2023-0466 moderate Divide By Zero in GitHub repository vim/vim prior to 9.0.1247. CVE-2023-0512 important A use-after-free flaw was found in qdisc_graft in net/sched/sch_api.c in the Linux Kernel due to a race problem. This flaw leads to a denial of service issue. If patch ebda44da44f6 ("net: sched: fix race condition in qdisc_graft()") not applied yet, then kernel could be affected. CVE-2023-0590 important A flaw possibility of memory leak in the Linux kernel cpu_entry_area mapping of X86 CPU data to memory was found in the way user can guess location of exception stack(s) or other important data. A local user could use this flaw to get access to some important data with expected location in memory. CVE-2023-0597 moderate ** DISPUTED ** A vulnerability was found in GNU C Library 2.38. It has been declared as critical. This vulnerability affects the function __monstartup of the file gmon.c of the component Call Graph Monitor. The manipulation leads to buffer overflow. It is recommended to apply a patch to fix this issue. VDB-220246 is the identifier assigned to this vulnerability. NOTE: The real existence of this vulnerability is still doubted at the moment. The inputs that induce this vulnerability are basically addresses of the running application that is built with gmon enabled. It's basically trusted input or input that needs an actual security flaw to be compromised or controlled. CVE-2023-0687 low 4 AV:A/AC:H/Au:S/C:P/I:P/A:P A flaw was found in the Linux Kernel. The tls_is_tx_ready() incorrectly checks for list emptiness, potentially accessing a type confused entry to the list_head, leaking the last byte of the confused field that overlaps with rec->tx_ready. CVE-2023-1075 low A flaw was found in the Linux Kernel. The tun/tap sockets have their socket UID hardcoded to 0 due to a type confusion in their initialization function. While it will be often correct, as tuntap devices require CAP_NET_ADMIN, it may not always be the case, e.g., a non-root user only having that capability. This would make tun/tap sockets being incorrectly treated in filtering/routing decisions, possibly bypassing network filters. CVE-2023-1076 moderate In the Linux kernel, pick_next_rt_entity() may return a type confused entry, not detected by the BUG_ON condition, as the confused entry will not be NULL, but list_head.The buggy error condition would lead to a type confused entry with the list head,which would then be used as a type confused sched_rt_entity,causing memory corruption. CVE-2023-1077 important A flaw was found in the Linux Kernel in RDS (Reliable Datagram Sockets) protocol. The rds_rm_zerocopy_callback() uses list_entry() on the head of a list causing a type confusion. Local user can trigger this with rds_message_put(). Type confusion leads to `struct rds_msg_zcopy_info *info` actually points to something else that is potentially controlled by local user. It is known how to trigger this, which causes an out of bounds access, and a lock corruption. CVE-2023-1078 important A flaw was found in the Linux kernel. A use-after-free may be triggered in asus_kbd_backlight_set when plugging/disconnecting in a malicious USB device, which advertises itself as an Asus device. Similarly to the previous known CVE-2023-25012, but in asus devices, the work_struct may be scheduled by the LED controller while the device is disconnecting, triggering a use-after-free on the struct asus_kbd_leds *led structure. A malicious USB device may exploit the issue to cause memory corruption with controlled data. CVE-2023-1079 moderate In nf_tables_updtable, if nf_tables_table_enable returns an error, nft_trans_destroy is called to free the transaction object. nft_trans_destroy() calls list_del(), but the transaction was never placed on a list -- the list head is all zeroes, this results in a NULL pointer dereference. CVE-2023-1095 moderate A flaw use after free in the Linux kernel integrated infrared receiver/transceiver driver was found in the way user detaching rc device. A local user could use this flaw to crash the system or potentially escalate their privileges on the system. CVE-2023-1118 moderate Divide By Zero in GitHub repository vim/vim prior to 9.0.1367. CVE-2023-1127 moderate Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1376. CVE-2023-1170 moderate Incorrect Calculation of Buffer Size in GitHub repository vim/vim prior to 9.0.1378. CVE-2023-1175 moderate A use-after-free flaw was found in the Linux kernel’s core dump subsystem. This flaw allows a local user to crash the system. Only if patch 390031c94211 ("coredump: Use the vma snapshot in fill_files_note") not applied yet, then kernel could be affected. CVE-2023-1249 moderate NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1392. CVE-2023-1264 moderate Use After Free vulnerability in Linux kernel traffic control index filter (tcindex) allows Privilege Escalation. The imperfect hash area can be updated while packets are traversing, which will cause a use-after-free when 'tcf_exts_exec()' is called with the destroyed tcf_ext. A local attacker user can use this vulnerability to elevate its privileges to root. This issue affects Linux Kernel: from 4.14 before git commit ee059170b1f7e94e55fa6cadee544e176a6e59c2. CVE-2023-1281 important NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1402. CVE-2023-1355 moderate A slab-out-of-bound read problem was found in brcmf_get_assoc_ies in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux Kernel. This issue could occur when assoc_info->req_len data is bigger than the size of the buffer, defined as WL_EXTRA_BUF_MAX, leading to a denial of service. CVE-2023-1380 low A data race flaw was found in the Linux kernel, between where con is allocated and con->sock is set. This issue leads to a NULL pointer dereference when accessing con->sock->sk in net/tipc/topsrv.c in the tipc protocol in the Linux kernel. CVE-2023-1382 moderate A remote denial of service vulnerability was found in the Linux kernel’s TIPC kernel module. The while loop in tipc_link_xmit() hits an unknown state while attempting to parse SKBs, which are not in the queue. Sending two small UDP packets to a system with a UDP bearer results in the CPU utilization for the system to instantly spike to 100%, causing a denial of service condition. CVE-2023-1390 important A flaw was found in KVM. When calling the KVM_GET_DEBUGREGS ioctl, on 32-bit systems, there might be some uninitialized portions of the kvm_debugregs structure that could be copied to userspace, causing an information leak. CVE-2023-1513 low A race problem was found in fs/proc/task_mmu.c in the memory management sub-component in the Linux kernel. This issue may allow a local attacker with user privilege to cause a denial of service. CVE-2023-1582 moderate A use-after-free flaw was found in btrfs_search_slot in fs/btrfs/ctree.c in btrfs in the Linux Kernel.This flaw allows an attacker to crash the system and possibly cause a kernel information lea CVE-2023-1611 moderate A flaw that boot CPU could be vulnerable for the speculative execution behavior kind of attacks in the Linux kernel X86 CPU Power management options functionality was found in the way user resuming CPU from suspend-to-RAM. A local user could use this flaw to potentially get unauthorized access to some memory of the CPU similar to the speculative execution behavior kind of attacks. CVE-2023-1637 moderate A flaw use after free in the Linux kernel Xircom 16-bit PCMCIA (PC-card) Ethernet driver was found.A local user could use this flaw to crash the system or potentially escalate their privileges on the system. CVE-2023-1670 moderate A use-after-free flaw was found in vhost_net_set_backend in drivers/vhost/net.c in virtio network subcomponent in the Linux kernel due to a double fget. This flaw could allow a local attacker to crash the system, and could even lead to a kernel information leak problem. CVE-2023-1838 moderate A use-after-free flaw was found in xgene_hwmon_remove in drivers/hwmon/xgene-hwmon.c in the Hardware Monitoring Linux Kernel Driver (xgene-hwmon). This flaw could allow a local attacker to crash the system due to a race problem. This vulnerability could even lead to a kernel information leak problem. CVE-2023-1855 moderate A use-after-free vulnerability in the Linux Kernel io_uring system can be exploited to achieve local privilege escalation. The io_file_get_fixed function lacks the presence of ctx->uring_lock which can lead to a Use-After-Free vulnerability due a race condition with fixed files getting unregistered. We recommend upgrading past commit da24142b1ef9fd5d36b76e36bab328a5b27523e8. CVE-2023-1872 important A use-after-free flaw was found in btsdio_remove in drivers\bluetooth\btsdio.c in the Linux Kernel. In this flaw, a call to btsdio_remove with an unfinished job, may cause a race problem leading to a UAF on hdev devices. CVE-2023-1989 important A use-after-free flaw was found in ndlc_remove in drivers/nfc/st-nci/ndlc.c in the Linux Kernel. This flaw could allow an attacker to crash the system due to a race problem. CVE-2023-1990 moderate The Linux kernel allows userspace processes to enable mitigations by calling prctl with PR_SET_SPECULATION_CTRL which disables the speculation feature as well as by using seccomp. We had noticed that on VMs of at least one major cloud provider, the kernel still left the victim process exposed to attacks in some cases even after enabling the spectre-BTI mitigation with prctl. The same behavior can be observed on a bare-metal machine when forcing the mitigation to IBRS on boot command line. This happened because when plain IBRS was enabled (not enhanced IBRS), the kernel had some logic that determined that STIBP was not needed. The IBRS bit implicitly protects against cross-thread branch target injection. However, with legacy IBRS, the IBRS bit was cleared on returning to userspace, due to performance reasons, which disabled the implicit STIBP and left userspace threads vulnerable to cross-thread branch target injection against which STIBP protects. CVE-2023-1998 moderate A vulnerability was found in the HCI sockets implementation due to a missing capability check in net/bluetooth/hci_sock.c in the Linux Kernel. This flaw allows an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication. CVE-2023-2002 moderate A flaw was found in the Linux kernel's udmabuf device driver. The specific flaw exists within a fault handler. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an array. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the kernel. CVE-2023-2008 moderate An out-of-bounds memory access flaw was found in the Linux kernel’s XFS file system in how a user restores an XFS image after failure (with a dirty log journal). This flaw allows a local user to crash or potentially escalate their privileges on the system. CVE-2023-2124 moderate A flaw was found in the networking subsystem of the Linux kernel within the handling of the RPL protocol. This issue results from the lack of proper handling of user-supplied data, which can lead to an assertion failure. This may allow an unauthenticated remote attacker to create a denial of service condition on the system. CVE-2023-2156 important A use-after-free vulnerability was found in iscsi_sw_tcp_session_create in drivers/scsi/iscsi_tcp.c in SCSI sub-component in the Linux Kernel. In this flaw an attacker could leak kernel internal information. CVE-2023-2162 moderate A vulnerability was found in compare_netdev_and_ip in drivers/infiniband/core/cma.c in RDMA in the Linux Kernel. The improper cleanup results in out-of-boundary read, where a local user can utilize this problem to crash the system or escalation of privilege. CVE-2023-2176 important An out-of-bounds write vulnerability was found in the Linux kernel's SLIMpro I2C device driver. The userspace "data->block[0]" variable was not capped to a number between 0-255 and was used as the size of a memcpy, possibly writing beyond the end of dma_buffer. This flaw could allow a local privileged user to crash the system or potentially achieve code execution. CVE-2023-2194 moderate In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected versions are 1.8.0 through 1.9.12.p1. The problem exists because a user-specified editor may contain a "--" argument that defeats a protection mechanism, e.g., an EDITOR='vim -- /path/to/extra/file' value. CVE-2023-22809 important In the Linux kernel before 5.17, an error path in dwc3_qcom_acpi_register_core in drivers/usb/dwc3/dwc3-qcom.c lacks certain platform_device_put and kfree calls. CVE-2023-22995 low In the Linux kernel before 6.0.3, drivers/gpu/drm/virtio/virtgpu_object.c misinterprets the drm_gem_shmem_get_sg_table return value (expects it to be NULL in the error case, whereas it is actually an error pointer). CVE-2023-22998 moderate In the Linux kernel before 5.17, drivers/phy/tegra/xusb.c mishandles the tegra_xusb_find_port_node return value. Callers expect NULL in the error case, but an error pointer is used. CVE-2023-23000 low In the Linux kernel before 5.19, drivers/gpu/drm/arm/malidp_planes.c misinterprets the get_sg_table return value (expects it to be NULL in the error case, whereas it is actually an error pointer). CVE-2023-23004 low In the Linux kernel before 5.15.13, drivers/net/ethernet/mellanox/mlx5/core/steering/dr_domain.c misinterprets the mlx5_get_uars_page return value (expects it to be NULL in the error case, whereas it is actually an error pointer). CVE-2023-23006 moderate cbq_classify in net/sched/sch_cbq.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service (slab-out-of-bounds read) because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results). CVE-2023-23454 important atm_tc_enqueue in net/sched/sch_atm.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results). CVE-2023-23455 important In rndis_query_oid in drivers/net/wireless/rndis_wlan.c in the Linux kernel through 6.1.5, there is an integer overflow in an addition. CVE-2023-23559 moderate Due to a vulnerability in the io_uring subsystem, it is possible to leak kernel memory information to the user process. timens_install calls current_is_single_threaded to determine if the current process is single-threaded, but this call does not consider io_uring's io_worker threads, thus it is possible to insert a time namespace's vvar page to process's memory space via a page fault. When this time namespace is destroyed, the vvar page is also freed, but not removed from the process' memory, and a next page allocated by the kernel will be still available from the user-space process and can leak memory contents via this (read-only) use-after-free vulnerability. We recommend upgrading past version 5.10.161 or commit 788d0824269bef539fe31a785b1517882eafed93 https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/io_uring CVE-2023-23586 moderate An allocation of resources without limits or throttling vulnerability exists in curl <v7.88.0 based on the "chained" HTTP compression algorithms, meaning that a server response can be compressed multiple times and potentially with differentalgorithms. The number of acceptable "links" in this "decompression chain" wascapped, but the cap was implemented on a per-header basis allowing a maliciousserver to insert a virtually unlimited number of compression steps simply byusing many headers. The use of such a decompression chain could result in a "malloc bomb", making curl end up spending enormous amounts of allocated heap memory, or trying to and returning out of memory errors. CVE-2023-23916 moderate cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. In affected versions `Cipher.update_into` would accept Python objects which implement the buffer protocol, but provide only immutable buffers. This would allow immutable objects (such as `bytes`) to be mutated, thus violating fundamental rules of Python and resulting in corrupted output. This now correctly raises an exception. This issue has been present since `update_into` was originally introduced in cryptography 1.8. CVE-2023-23931 low Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 9.0.1499. CVE-2023-2426 moderate An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters. CVE-2023-24329 important ** REJECT ** Rejected by upstream. CVE-2023-24593 moderate ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2023-33203. Reason: This candidate is a reservation duplicate of CVE-2023-33203. Notes: All CVE users should reference CVE-2023-33203 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. CVE-2023-2483 moderate The Linux kernel through 6.1.9 has a Use-After-Free in bigben_remove in drivers/hid/hid-bigbenff.c via a crafted USB device because the LED controllers remain registered for too long. CVE-2023-25012 moderate A use-after-free vulnerability was found in the Linux kernel's ext4 filesystem in the way it handled the extra inode size for extended attributes. This flaw could allow a privileged local user to cause a system crash or other undefined behaviors. CVE-2023-2513 moderate containerd is an open source container runtime. Before versions 1.6.18 and 1.5.18, when importing an OCI image, there was no limit on the number of bytes read for certain files. A maliciously crafted image with a large file where a limit was not applied could cause a denial of service. This bug has been fixed in containerd 1.6.18 and 1.5.18. Users should update to these versions to resolve the issue. As a workaround, ensure that only trusted images are used and that only trusted users have permissions to import images. CVE-2023-25153 moderate containerd is an open source container runtime. A bug was found in containerd prior to versions 1.6.18 and 1.5.18 where supplementary groups are not set up properly inside a container. If an attacker has direct access to a container and manipulates their supplementary group access, they may be able to use supplementary group access to bypass primary group restrictions in some cases, potentially gaining access to sensitive information or gaining the ability to execute code in that container. Downstream applications that use the containerd client library may be affected as well. This bug has been fixed in containerd v1.6.18 and v.1.5.18. Users should update to these versions and recreate containers to resolve this issue. Users who rely on a downstream application that uses containerd's client library should check that application for a separate advisory and instructions. As a workaround, ensure that the `"USER $USERNAME"` Dockerfile instruction is not used. Instead, set the container entrypoint to a value similar to `ENTRYPOINT ["su", "-", "user"]` to allow `su` to properly set up supplementary groups. CVE-2023-25173 moderate runc is a CLI tool for spawning and running containers according to the OCI specification. In affected versions it was found that rootless runc makes `/sys/fs/cgroup` writable in following conditons: 1. when runc is executed inside the user namespace, and the `config.json` does not specify the cgroup namespace to be unshared (e.g.., `(docker|podman|nerdctl) run --cgroupns=host`, with Rootless Docker/Podman/nerdctl) or 2. when runc is executed outside the user namespace, and `/sys` is mounted with `rbind, ro` (e.g., `runc spec --rootless`; this condition is very rare). A container may gain the write access to user-owned cgroup hierarchy `/sys/fs/cgroup/user.slice/...` on the host . Other users's cgroup hierarchies are not affected. Users are advised to upgrade to version 1.1.5. Users unable to upgrade may unshare the cgroup namespace (`(docker|podman|nerdctl) run --cgroupns=private)`. This is the default behavior of Docker/Podman/nerdctl on cgroup v2 hosts. or add `/sys/fs/cgroup` to `maskedPaths`. CVE-2023-25809 low A vulnerability was found in libcap. This issue occurs in the _libcap_strdup() function and can lead to an integer overflow if the input string is close to 4GiB. CVE-2023-2603 moderate NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1531. CVE-2023-2609 important Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1532. CVE-2023-2610 important Issue summary: Processing some specially crafted ASN.1 object identifiers or data containing them may be very slow. Impact summary: Applications that use OBJ_obj2txt() directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit may experience notable to very long delays when processing those messages, which may lead to a Denial of Service. An OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers - most of which have no size limit. OBJ_obj2txt() may be used to translate an ASN.1 OBJECT IDENTIFIER given in DER encoding form (using the OpenSSL type ASN1_OBJECT) to its canonical numeric text form, which are the sub-identifiers of the OBJECT IDENTIFIER in decimal form, separated by periods. When one of the sub-identifiers in the OBJECT IDENTIFIER is very large (these are sizes that are seen as absurdly large, taking up tens or hundreds of KiBs), the translation to a decimal number in text may take a very long time. The time complexity is O(n^2) with 'n' being the size of the sub-identifiers in bytes (*). With OpenSSL 3.0, support to fetch cryptographic algorithms using names / identifiers in string form was introduced. This includes using OBJECT IDENTIFIERs in canonical numeric text form as identifiers for fetching algorithms. Such OBJECT IDENTIFIERs may be received through the ASN.1 structure AlgorithmIdentifier, which is commonly used in multiple protocols to specify what cryptographic algorithm should be used to sign or verify, encrypt or decrypt, or digest passed data. Applications that call OBJ_obj2txt() directly with untrusted data are affected, with any version of OpenSSL. If the use is for the mere purpose of display, the severity is considered low. In OpenSSL 3.0 and newer, this affects the subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS. It also impacts anything that processes X.509 certificates, including simple things like verifying its signature. The impact on TLS is relatively low, because all versions of OpenSSL have a 100KiB limit on the peer's certificate chain. Additionally, this only impacts clients, or servers that have explicitly enabled client authentication. In OpenSSL 1.1.1 and 1.0.2, this only affects displaying diverse objects, such as X.509 certificates. This is assumed to not happen in such a way that it would cause a Denial of Service, so these versions are considered not affected by this issue in such a way that it would be cause for concern, and the severity is therefore considered low. CVE-2023-2650 moderate In the Linux kernel before 6.1.13, there is a double free in net/mpls/af_mpls.c upon an allocation failure (for registering the sysctl table under a new location) during the renaming of a device. CVE-2023-26545 moderate A vulnerability in input validation exists in curl <8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and "telnet options" during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform option negotiation without the application's intent. This vulnerability could be exploited if an application allows user input, thereby enabling attackers to execute arbitrary code on the system. CVE-2023-27533 moderate A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user. CVE-2023-27534 moderate An authentication bypass vulnerability exists in libcurl <8.0.0 in the FTP connection reuse feature that can result in wrong credentials being used during subsequent transfers. Previously created connections are kept in a connection pool for reuse if they match the current setup. However, certain FTP settings such as CURLOPT_FTP_ACCOUNT, CURLOPT_FTP_ALTERNATIVE_TO_USER, CURLOPT_FTP_SSL_CCC, and CURLOPT_USE_SSL were not included in the configuration match checks, causing them to match too easily. This could lead to libcurl using the wrong credentials when performing a transfer, potentially allowing unauthorized access to sensitive information. CVE-2023-27535 moderate An authentication bypass vulnerability exists libcurl <8.0.0 in the connection reuse feature which can reuse previously established connections with incorrect user permissions due to a failure to check for changes in the CURLOPT_GSSAPI_DELEGATION option. This vulnerability affects krb5/kerberos/negotiate/GSSAPI transfers and could potentially result in unauthorized access to sensitive information. The safest option is to not reuse connections if the CURLOPT_GSSAPI_DELEGATION option has been changed. CVE-2023-27536 moderate An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse. libcurl maintains a pool of previously used connections to reuse them for subsequent transfers if the configurations match. However, two SSH settings were omitted from the configuration check, allowing them to match easily, potentially leading to the reuse of an inappropriate connection. CVE-2023-27538 moderate runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because of a CVE-2019-19921 regression. CVE-2023-27561 moderate A denial of service vulnerability exists in curl <v8.1.0 in the way libcurl provides several different backends for resolving host names, selected at build time. If it is built to use the synchronous resolver, it allows name resolves to time-out slow operations using `alarm()` and `siglongjmp()`. When doing this, libcurl used a global buffer that was not mutex protected and a multi-threaded application might therefore crash or otherwise misbehave. CVE-2023-28320 low An improper certificate validation vulnerability exists in curl <v8.1.0 in the way it supports matching of wildcard patterns when listed as "Subject Alternative Name" in TLS server certificates. curl can be built to use its own name matching function for TLS rather than one provided by a TLS library. This private wildcard matching function would match IDN (International Domain Name) hosts incorrectly and could as a result accept patterns that otherwise should mismatch. IDN hostnames are converted to puny code before used for certificate checks. Puny coded names always start with `xn--` and should not be allowed to pattern match, but the wildcard check in curl could still check for `x*`, which would match even though the IDN name most likely contained nothing even resembling an `x`. CVE-2023-28321 moderate An information disclosure vulnerability exists in curl <v8.1.0 when doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously wasused to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the second transfer. The problem exists in the logic for a reused handle when it is (expected to be) changed from a PUT to a POST. CVE-2023-28322 important A NULL pointer dereference flaw was found in the UNIX protocol in net/unix/diag.c In unix_diag_get_exact in the Linux Kernel. The newly allocated skb does not have sk, leading to a NULL pointer. This flaw allows a local user to crash or potentially cause a denial of service. CVE-2023-28327 moderate A NULL pointer dereference flaw was found in the az6027 driver in drivers/media/usb/dev-usb/az6027.c in the Linux Kernel. The message from user space is not checked properly before transferring into the device. This flaw allows a local user to crash the system or potentially cause a denial of service. CVE-2023-28328 moderate Open redirect vulnerability in Tornado versions 6.3.1 and earlier allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having user access a specially crafted URL. CVE-2023-28370 low hci_conn_cleanup in net/bluetooth/hci_conn.c in the Linux kernel through 6.2.9 has a use-after-free (observed in hci_conn_hash_flush) because of calls to hci_dev_put and hci_conn_put. There is a double free that may lead to privilege escalation. CVE-2023-28464 important do_tls_getsockopt in net/tls/tls_main.c in the Linux kernel through 6.2.6 lacks a lock_sock call, leading to a race condition (with a resultant use-after-free or NULL pointer dereference). CVE-2023-28466 important In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer dereference and subsequently a segfault. This occurs in xmlSchemaFixupComplexType in xmlschemas.c. CVE-2023-28484 moderate Sudo before 1.9.13 does not escape control characters in log messages. CVE-2023-28486 moderate Sudo before 1.9.13 does not escape control characters in sudoreplay output. CVE-2023-28487 moderate runc is a CLI tool for spawning and running containers according to the OCI specification. It was found that AppArmor can be bypassed when `/proc` inside the container is symlinked with a specific mount configuration. This issue has been fixed in runc version 1.1.5, by prohibiting symlinked `/proc`. See PR #3785 for details. users are advised to upgrade. Users unable to upgrade should avoid using an untrusted container image. CVE-2023-28642 moderate An issue was discovered in the Linux kernel before 5.13.3. lib/seq_buf.c has a seq_buf_putmem_hex buffer overflow. CVE-2023-28772 important In Shadow 4.13, it is possible to inject control characters into fields provided to the SUID program chfn (change finger). Although it is not possible to exploit this directly (e.g., adding a new user fails because \n is in the block list), it is possible to misrepresent the /etc/passwd file when viewed. Use of \r manipulations and Unicode characters to work around blocking of the : character make it possible to give the impression that a new user has been added. In other words, an adversary may be able to convince a system administrator to take the system offline (an indirect, social-engineered denial of service) by demonstrating that "cat /etc/passwd" shows a rogue user account. CVE-2023-29383 moderate An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs because there is an attempt to use the first byte of an empty string, and any value is possible (not solely the '\0' value). CVE-2023-29469 moderate ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable. CVE-2023-29491 moderate A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function. CVE-2023-2953 moderate Dmidecode before 3.5 allows -dump-bin to overwrite a local file. This has security relevance because, for example, execution of Dmidecode via Sudo is plausible. CVE-2023-30630 moderate The Linux kernel before 6.2.9 has a race condition and resultant use-after-free in drivers/power/supply/da9150-charger.c if a physically proximate attacker unplugs a device. CVE-2023-30772 moderate A heap out-of-bounds write vulnerability in the Linux Kernel ipvlan network driver can be exploited to achieve local privilege escalation. The out-of-bounds write is caused by missing skb->cb initialization in the ipvlan network driver. The vulnerability is reachable if CONFIG_IPVLAN is enabled. We recommend upgrading past commit 90cbed5247439a966b645b34eb0a2e037836ea8e. CVE-2023-3090 important An issue was discovered in drivers/media/dvb-core/dvb_frontend.c in the Linux kernel 6.2. There is a blocking operation when a task is in !TASK_RUNNING. In dvb_frontend_get_event, wait_event_interruptible is called; the condition is dvb_frontend_test_event(fepriv,events). In dvb_frontend_test_event, down(&fepriv->sem) is called. However, wait_event_interruptible would put the process to sleep, and down(&fepriv->sem) may block the process. CVE-2023-31084 moderate c-ares is an asynchronous resolver library. When cross-compiling c-ares and using the autotools build system, CARES_RANDOM_FILE will not be set, as seen when cross compiling aarch64 android. This will downgrade to using rand() as a fallback which could allow an attacker to take advantage of the lack of entropy by not using a CSPRNG. This issue was patched in version 1.19.1. CVE-2023-31124 low c-ares is an asynchronous resolver library. ares_inet_net_pton() is vulnerable to a buffer underflow for certain ipv6 addresses, in particular "0::00:00:00/2" was found to cause an issue. C-ares only uses this function internally for configuration purposes which would require an administrator to configure such an address via ares_set_sortlist(). However, users may externally use ares_inet_net_pton() for other purposes and thus be vulnerable to more severe issues. This issue has been fixed in 1.19.1. CVE-2023-31130 moderate c-ares is an asynchronous resolver library. When /dev/urandom or RtlGenRandom() are unavailable, c-ares uses rand() to generate random numbers used for DNS query ids. This is not a CSPRNG, and it is also not seeded by srand() so will generate predictable output. Input from the random number generator is fed into a non-compilant RC4 implementation and may not be as strong as the original RC4 implementation. No attempt is made to look for modern OS-provided CSPRNGs like arc4random() that is widely available. This issue has been fixed in version 1.19.1. CVE-2023-31147 moderate A use-after-free flaw was found in r592_remove in drivers/memstick/host/r592.c in media access in the Linux Kernel. This flaw allows a local attacker to crash the system at device disconnect, possibly leading to a kernel information leak. CVE-2023-3141 moderate qfq_change_class in net/sched/sch_qfq.c in the Linux kernel before 6.2.13 allows an out-of-bounds write because lmax can exceed QFQ_MIN_LMAX. CVE-2023-31436 moderate CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS. CVE-2023-31484 important A use after free issue was discovered in driver/firewire in outbound_phy_packet_callback in the Linux Kernel. In this flaw a local attacker with special privilege may cause a use after free problem when queue_event() fails. CVE-2023-3159 important A flaw was found in the Framebuffer Console (fbcon) in the Linux Kernel. When providing font->width and font->height greater than 32 to fbcon_set_font, since there are no checks in place, a shift-out-of-bounds occurs leading to undefined behavior and possible denial of service. CVE-2023-3161 moderate c-ares is an asynchronous resolver library. c-ares is vulnerable to denial of service. If a target resolver sends a query, the attacker forges a malformed UDP packet with a length of 0 and returns them to the target resolver. The target resolver erroneously interprets the 0 length as a graceful shutdown of the connection. This issue has been patched in version 1.19.1. CVE-2023-32067 important In the Linux kernel through 6.3.1, a use-after-free in Netfilter nf_tables when processing batch requests can be abused to perform arbitrary read and write operations on kernel memory. Unprivileged local users can obtain root privileges. This occurs because anonymous sets are mishandled. CVE-2023-32233 important An issue was discovered in the Linux kernel before 6.1.11. In net/netrom/af_netrom.c, there is a use-after-free because accept is also allowed for a successfully connected AF_NETROM socket. However, in order for an attacker to exploit this, the system must have netrom routing configured or the attacker must have the CAP_NET_ADMIN capability. CVE-2023-32269 moderate An out of bounds (OOB) memory access flaw was found in the Linux kernel in relay_file_read_start_pos in kernel/relay.c in the relayfs. This flaw could allow a local attacker to crash the system or leak kernel internal information. CVE-2023-3268 moderate Requests is a HTTP library. Since Requests 2.3.0, Requests has been leaking Proxy-Authorization headers to destination servers when redirected to an HTTPS endpoint. This is a product of how we use `rebuild_proxies` to reattach the `Proxy-Authorization` header to requests. For HTTP connections sent through the tunnel, the proxy will identify the header in the request itself and remove it prior to forwarding to the destination server. However when sent over HTTPS, the `Proxy-Authorization` header must be sent in the CONNECT request as the proxy has no visibility into the tunneled request. This results in Requests forwarding proxy credentials to the destination server unintentionally, allowing a malicious actor to potentially exfiltrate sensitive information. This issue has been patched in version 2.31.0. CVE-2023-32681 moderate An issue was discovered in the Linux kernel before 6.2.9. A use-after-free was found in bq24190_remove in drivers/power/supply/bq24190_charger.c. It could allow a local attacker to crash the system due to a race condition. CVE-2023-33288 moderate A null pointer dereference was found in the Linux kernel's Integrated Sensor Hub (ISH) driver. This issue could allow a local user to crash the system. CVE-2023-3358 moderate Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_check(), DH_check_ex() or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a Denial of Service. The function DH_check() performs various checks on DH parameters. One of those checks confirms that the modulus ('p' parameter) is not too large. Trying to use a very large modulus is slow and OpenSSL will not normally use a modulus which is over 10,000 bits in length. However the DH_check() function checks numerous aspects of the key or parameters that have been supplied. Some of those checks use the supplied modulus value even if it has already been found to be too large. An application that calls DH_check() and supplies a key or parameters obtained from an untrusted source could be vulernable to a Denial of Service attack. The function DH_check() is itself called by a number of other OpenSSL functions. An application calling any of those other functions may similarly be affected. The other functions affected by this are DH_check_ex() and EVP_PKEY_param_check(). Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications when using the '-check' option. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue. CVE-2023-3446 moderate D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. If a privileged user with control over the dbus-daemon is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic, then an unprivileged user with the ability to connect to the same dbus-daemon can cause a dbus-daemon crash under some circumstances via an unreplyable message. When done on the well-known system bus, this is a denial-of-service vulnerability. The fixed versions are 1.12.28, 1.14.8, and 1.15.6. CVE-2023-34969 moderate An issue was discovered in fl_set_geneve_opt in net/sched/cls_flower.c in the Linux kernel before 6.3.7. It allows an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets. This may result in denial of service or privilege escalation. CVE-2023-35788 important An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in saa7134_finidev in drivers/media/pci/saa7134/saa7134-core.c. CVE-2023-35823 moderate An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in dm1105_remove in drivers/media/pci/dm1105/dm1105.c. CVE-2023-35824 moderate An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in renesas_usb3_remove in drivers/usb/gadget/udc/renesas_usb3.c. CVE-2023-35828 moderate The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code in /usr/lib is not necessarily safe for loading into ssh-agent.) NOTE: this issue exists because of an incomplete fix for CVE-2016-10009. CVE-2023-38408 important