SUSE-IU-2023:927-1 SUSE Image security@suse.de SUSE Security Team SUSE Image SUSE-IU-2023:927-1 Interim 1 1 2024-09-07T10:06:54Z current 2023-12-14T01:00:00Z 2023-12-14T01:00:00Z cve-database/bin/generate-cvrf-publiccloud.pl 2021-02-18T01:00:00Z Image update for SUSE-IU-2023:927-1 / google/suse-manager-server-4-3-byos-v20231214-x86-64 This image update for google/suse-manager-server-4-3-byos-v20231214-x86-64 contains the following changes: Package cloud-regionsrv-client was updated: - Update to version 10.1.4 (bsc#1217451) + Fetch cert for new update server during failover Package containerd was updated: - Update to containerd v1.7.8. Upstream release notes: <https://github.com/containerd/containerd/releases/tag/v1.7.8> bsc#1200528 - Rebase patches: * 0001-BUILD-SLE12-revert-btrfs-depend-on-kernel-UAPI-inste.patch Package curl was updated: - Security fixes: * [bsc#1217573, CVE-2023-46218] cookie mixed case PSL bypass * [bsc#1217574, CVE-2023-46219] HSTS long file name clears contents * Add curl-CVE-2023-46218.patch curl-CVE-2023-46219.patch Package dracut was updated: - Update to version 055+suse.351.g30f0cda6: * fix(dracut.sh): remove microcode check based on CONFIG_MICROCODE_[AMD|INTEL] (bsc#1217031) * fix(network): correct network device naming (bsc#1192986) Package google-guest-configs was updated: - Update to version 20230808.00 (bsc#1214546, bsc#1214572) * 64-gce-disk-removal.rules: delete (#51) - from version 20230801.00 * Replace xxd with dd for google_nvme_id (#56) - from version 20230729.00 * Setup irq binding for a3 8g vm (#57) - from version 20230724.00 * Debian packaging: add xxd dependency (#55) - Update to version 20230626.00 (bsc#1212418, bsc#1212759) * Revert "Replace `xxd` to `cut` for google_nvme_id (#49)" (#54) - Update to version 20230526.00 * dracut: Add a new dracut module for gcp udev rules (#53) - from version 20230522.00 * src/lib/udev: only create symlinks for GCP devices (#52) - from version 20230515.00 * Replace `xxd` to `cut` for google_nvme_id (#49) - from version 20230328.00 * Set hostname: consider fully qualified static hostname (#46) - Update to version 20230217.01 * Support multiple local SSD controllers (#39) - from version 20230217.00 * Update OWNERS (#45) - from version 20230215.00 * DHCP hostname: don't reset hostname if the hostname hasn't changed (#44) - from version 20230202.00 * Update OWNERS file (#43) - from version 20230123.00 * Fix a repository URL in packaging specs (#41) Package gpg2 was updated: - Suppress error message on trial reading as PEM format when using dirmngr to validate broken DER encoded files (bsc#1217212) * Add patches: - gnupg-dirmngr-Suppress-error-message-on-trial-reading-as-PEM.patch - gnupg-dirmngr-Clear-the-error-count-to-try-certificate-as-binary.patch Package javapackages-tools was updated: - Added patches: * 0005-Interpolate-properties-also-in-the-current-artifact.patch + interpolate variables also in current artifactId, groupId and version * 0006-Test-variable-expansion-in-artifactId.patch + test previous changes * 0007-Test-that-we-don-t-bomb-on-relativePath.patch + test gracious handling of empty <relativePath/> in parent reference of a pom file - Added patch: * 0004-Reproducible-builds-keep-order-of-aliases-and-depend.patch + make the aliases and dependencies lists so that the order is kept - Added patch: * 0003-Reproducible-exclusions-order-in-maven-metadata.patch + sort exclusions in maven metadata - Modified patch: * 0001-Make-the-alias-generation-reproducible.patch -> 0001-Make-maven_depmap-order-of-aliases-reproducible.patch + replace by the version of patch integrated by upstream - Added patch: * 0002-Do-not-bomb-on-relativePath-construct.patch + integrated patch fixing parent recursion with empty <relativePath/> element - Upgrade to upstream version 6.2.0 * Întegrate our changes from javapackages-6.1.0-maven-depmap.patch - Removed patch: * javapackages-6.1.0-maven-depmap.patch + upstreamed - Added patch: * 0001-Make-the-alias-generation-reproducible.patch + separate patch for our reproducible changes that was not part of the integrated pull request - Modified patch: * javapackages-6.1.0-maven-depmap.patch + try to make the list of aliases more reproducible - Enable the tests also for older distributions - Require python3-xml (python-xml for distributions that use versioned modules), since module xml needed by some scripts. Package kernel-default was updated: - powerpc: Don't clobber f0/vs0 during fp|altivec register save (bsc#1217780). - commit 46d31e2 - USB: serial: option: add Luat Air72*U series products (git-fixes). - USB: serial: option: add Fibocom L7xx modules (git-fixes). - USB: serial: option: don't claim interface 4 for ZTE MF290 (git-fixes). - ACPI: resource: Skip IRQ override on ASUS ExpertBook B1402CVA (git-fixes). - commit 4c40fde - firewire: core: fix possible memory leak in create_units() (git-fixes). - commit 0ade49c - xfs: convert log ticket and iclog flags to unsigned (git-fixes). - commit 57245d3 - xfs: convert quota options flags to unsigned (git-fixes). - commit 7dfe466 - xfs: convert inode lock flags to unsigned (git-fixes). - commit 831f7e2 - xfs: convert log item tracepoint flags to unsigned (git-fixes). - commit 411032a - xfs: convert dquot flags to unsigned (git-fixes). - commit 1630213 - xfs: convert da btree operations flags to unsigned (git-fixes). - commit 41198d9 - xfs: convert buffer log item flags to unsigned (git-fixes). - commit d4d0c9c - xfs: convert btree buffer log flags to unsigned (git-fixes). - commit ced67a9 - xfs: convert AGI log flags to unsigned (git-fixes). - commit 66d955b - xfs: convert AGF log flags to unsigned (git-fixes). - commit 91cefbb - xfs: convert bmapi flags to unsigned (git-fixes). - commit 1ec6360 - xfs: convert bmap extent type flags to unsigned (git-fixes). - commit 30fead3 - xfs: convert scrub type flags to unsigned (git-fixes). - commit c3c7c82 - xfs: convert attr type flags to unsigned (git-fixes). - commit c641f4d - xfs: convert buffer flags to unsigned (git-fixes). - commit 6147a1c - xfs: standardize inode generation formatting in ftrace output (git-fixes). - commit 81e4504 - xfs: standardize remaining xfs_buf length tracepoints (git-fixes). - commit 0960978 - xfs: resolve fork names in trace output (git-fixes). - commit f8059aa - xfs: rename i_disk_size fields in ftrace output (git-fixes). - commit 57eae70 - xfs: disambiguate units for ftrace fields tagged "count" (git-fixes). - commit 863210b - xfs: disambiguate units for ftrace fields tagged "len" (git-fixes). - commit 09c5eba - xfs: disambiguate units for ftrace fields tagged "offset" (git-fixes). - commit fd948b6 - xfs: disambiguate units for ftrace fields tagged "blkno", "block", or "bno" (git-fixes). - commit 21df855 - xfs: standardize daddr formatting in ftrace output (git-fixes). - commit 4559eca - xfs: standardize rmap owner number formatting in ftrace output (git-fixes). - commit 1582a5c - xfs: standardize AG block number formatting in ftrace output (git-fixes). - commit c4b29ba - xfs: standardize AG number formatting in ftrace output (git-fixes). - commit a02451d - xfs: standardize inode number formatting in ftrace output (git-fixes). - commit 3a0db07 - xfs: add attr state machine tracepoints (git-fixes). - commit b0c0355 - xfs: mark the record passed into xchk_btree functions as const (git-fixes). - commit 3247184 - xfs: remove xfs_btree_cur_t typedef (git-fixes). - commit 4b79f37 - xfs: constify btree function parameters that are not modified (git-fixes). - commit ca93659 - xfs: make the start pointer passed to btree update_lastrec functions const (git-fixes). - commit 28eb06c - xfs: make the start pointer passed to btree alloc_block functions const (git-fixes). - commit 481ec89 - xfs: make the pointer passed to btree set_root functions const (git-fixes). - commit 068596a - xfs: make the keys and records passed to btree inorder functions const (git-fixes). - commit 42fdf3b - xfs: mark the record passed into btree init_key functions as const (git-fixes). - Refresh patches.suse/xfs-fix-rm_offset-flag-handling-in-rmap-keys.patch. - commit ff2d5e6 - xfs: make the key parameters to all btree query range functions const (git-fixes). - Refresh patches.suse/xfs-make-the-record-pointer-passed-to-query_range-functions-const.patch. - commit 6c6efbb - xfs: make the key parameters to all btree key comparison functions const (git-fixes). - Refresh patches.suse/xfs-fix-rm_offset-flag-handling-in-rmap-keys.patch. - commit ff17042 - kernel-binary: suse-module-tools is also required when installed Requires(pre) adds dependency for the specific sciptlet. However, suse-module-tools also ships modprobe.d files which may be needed at posttrans time or any time the kernel is on the system for generating ramdisk. Add plain Requires as well. - commit 8c12816 - scsi: lpfc: Copyright updates for 14.2.0.16 patches (bsc#1217731). - scsi: lpfc: Update lpfc version to 14.2.0.16 (bsc#1217731). - scsi: lpfc: Enhance driver logging for selected discovery events (bsc#1217731). - scsi: lpfc: Refactor and clean up mailbox command memory free (bsc#1217731). - scsi: lpfc: Return early in lpfc_poll_eratt() when the driver is unloading (bsc#1217731). - scsi: lpfc: Eliminate unnecessary relocking in lpfc_check_nlp_post_devloss() (bsc#1217731). - scsi: lpfc: Fix list_entry null check warning in lpfc_cmpl_els_plogi() (bsc#1217731). - scsi: lpfc: Fix possible file string name overflow when updating firmware (bsc#1217731). - scsi: lpfc: Correct maximum PCI function value for RAS fw logging (bsc#1217731). - commit beb2571 - net/tls: do not free tls_rec on async operation in bpf_exec_tx_verdict() (bsc#1217332 CVE-2023-6176). - commit 4d4ef94 - Update metadata - commit ca96232 - Revert "tracing: Fix warning in trace_buffered_event_disable()" (bsc#1217036) Temporarily revert the commit. It exposed a separate issue related to trace buffered event synchronization which needs to be fixed first. - commit 4a725b5 - mmc: cqhci: Fix task clearing in CQE error recovery (git-fixes). - mmc: cqhci: Warn of halt or task clear failure (git-fixes). - mmc: block: Retry commands in CQE error recovery (git-fixes). - mmc: block: Be sure to wait while busy in CQE error recovery (git-fixes). - mmc: cqhci: Increase recovery halt timeout (git-fixes). - mmc: block: Do not lose cache flush during CQE error recovery (git-fixes). - commit 49c4783 - ALSA: hda: Disable power-save on KONTRON SinglePC (bsc#1217140). - commit 05bfbfe - Disable Loongson drivers Loongson is a mips architecture, it doesn't make sense to build Loongson drivers on other architectures. - commit 23ca0fb - s390/ap: fix AP bus crash on early config change callback invocation (git-fixes bsc#1217687). - commit 7155857 - pinctrl: avoid reload of p state in list iteration (git-fixes). - commit 37ee48d - README.SUSE: fix patches.addon use It's series, not series.conf in there. And make it more precise on when the patches are applied. - commit cb8969c - rxrpc: Fix race between conn bundle lookup and bundle removal (CVE-2023-2006 bsc#1210447). - commit 88c559c - kabi/severities: ignore kabi in rxrpc (bsc#1210447) The rxrpc module is built since SLE15-SP3 but it is not shipped as part of any SLE product, only in Leap (in kernel-*-optional). - commit 10d922d - Do not store build host name in initrd Without this patch, kernel-obs-build stored the build host name in its .build.initrd.kvm This patch allows for reproducible builds of kernel-obs-build and thus avoids re-publishing the kernel-obs-build.rpm when nothing changed. Note that this has no influence on the /etc/hosts file that is used during other OBS builds. https://bugzilla.opensuse.org/show_bug.cgi?id=1084909 - commit fd3a75e - drm/amd/display: use full update for clip size increase of large plane source (git-fixes). - commit 05445b7 - Input: xpad - add VID for Turtle Beach controllers (git-fixes). - Refresh patches.suse/Input-xpad-add-PXN-V900-support.patch. - commit a3a5e84 - Revert "i2c: pxa: move to generic GPIO recovery" (git-fixes). - drm/amd/display: Change the DMCUB mailbox memory location from FB to inbox (git-fixes). - tty: Fix uninit-value access in ppp_sync_receive() (git-fixes). - drm/amdgpu: fix software pci_unplug on some chips (git-fixes). - drm/amdgpu: fix error handling in amdgpu_bo_list_get() (git-fixes). - drm/qxl: prevent memory leak (git-fixes). - mmc: sdhci-pci-gli: GL9750: Mask the replay timer timeout of AER (git-fixes). - pwm: Fix double shift bug (git-fixes). - i2c: dev: copy userspace array safely (git-fixes). - i2c: designware: Disable TX_EMPTY irq while waiting for block length byte (git-fixes). - sbsa_gwdt: Calculate timeout with 64-bit math (git-fixes). - drm/amd/display: Avoid NULL dereference of timing generator (git-fixes). - drm/amdgpu: don't use ATRM for external devices (git-fixes). - media: imon: fix access to invalid resource for the second interface (git-fixes). - media: ccs: Fix driver quirk struct documentation (git-fixes). - media: cobalt: Use FIELD_GET() to extract Link Width (git-fixes). - media: vivid: avoid integer overflow (git-fixes). - media: gspca: cpia1: shift-out-of-bounds in set_flicker (git-fixes). - i2c: sun6i-p2wi: Prevent potential division by zero (git-fixes). - i2c: i801: fix potential race in i801_block_transaction_byte_by_byte (git-fixes). - i3c: master: mipi-i3c-hci: Fix a kernel panic for accessing DAT_data (git-fixes). - i3c: mipi-i3c-hci: Fix out of bounds access in hci_dma_irq_handler (git-fixes). - mtd: cfi_cmdset_0001: Byte swap OTP info (git-fixes). - usb: gadget: f_ncm: Always set current gadget in ncm_bind() (git-fixes). - tty: serial: meson: fix hard LOCKUP on crtscts mode (git-fixes). - tty: vcc: Add check for kstrdup() in vcc_probe() (git-fixes). - HID: lenovo: Detect quirk-free fw on cptkbd and stop applying workaround (git-fixes). - HID: Add quirk for Dell Pro Wireless Keyboard and Mouse KM5221W (git-fixes). - PCI: Use FIELD_GET() in Sapphire RX 5600 XT Pulse quirk (git-fixes). - PCI: Use FIELD_GET() to extract Link Width (git-fixes). - PCI: tegra194: Use FIELD_GET()/FIELD_PREP() with Link Width fields (git-fixes). - misc: pci_endpoint_test: Add Device ID for R-Car S4-8 PCIe controller (git-fixes). - selftests/efivarfs: create-read: fix a resource leak (git-fixes). - selftests/resctrl: Remove duplicate feature check from CMT test (git-fixes). - mmc: sdhci-pci-gli: A workaround to allow GL9750 to enter ASPM L1.2 (git-fixes). - drm/amdgpu: Fix a null pointer access when the smc_rreg pointer is NULL (git-fixes). - drm/amdkfd: Fix shift out-of-bounds issue (git-fixes). - drm/panel: st7703: Pick different reset sequence (git-fixes). - drm: vmwgfx_surface.c: copy user-array safely (git-fixes). - drm/msm/dp: skip validity check for DP CTS EDID checksum (git-fixes). - drm/amdgpu: Fix potential null pointer derefernce (git-fixes). - drm/amd: Fix UBSAN array-index-out-of-bounds for Polaris and Tonga (git-fixes). - drm/amd: Fix UBSAN array-index-out-of-bounds for SMU7 (git-fixes). - drm/amdkfd: Fix a race condition of vram buffer unref in svm code (git-fixes). - drm/panel/panel-tpo-tpg110: fix a possible null pointer dereference (git-fixes). - drm/panel: fix a possible null pointer dereference (git-fixes). - drm/komeda: drop all currently held locks if deadlock happens (git-fixes). - platform/x86: thinkpad_acpi: Add battery quirk for Thinkpad X120e (git-fixes). - regmap: Ensure range selector registers are updated after cache sync (git-fixes). - Bluetooth: btusb: Add 0bda:b85b for Fn-Link RTL8852BE (git-fixes). - Bluetooth: btusb: Add date->evt_skb is NULL check (git-fixes). - Bluetooth: btusb: Add RTW8852BE device 13d3:3570 to device tables (git-fixes). - wifi: ath10k: Don't touch the CE interrupt registers after power up (git-fixes). - wifi: ath10k: fix clang-specific fortify warning (git-fixes). - wifi: ath9k: fix clang-specific fortify warnings (git-fixes). - wifi: mac80211: don't return unset power in ieee80211_get_tx_power() (git-fixes). - serial: meson: Use platform_get_irq() to get the interrupt (git-fixes). - commit 9bb6805 - ASoC: ti: omap-mcbsp: Fix runtime PM underflow warnings (git-fixes). - ALSA: hda: Fix possible null-ptr-deref when assigning a stream (git-fixes). - atm: iphase: Do PCI error checks on own line (git-fixes). - string.h: add array-wrappers for (v)memdup_user() (git-fixes). - ACPI: resource: Do IRQ override on TongFang GMxXGxx (git-fixes). - atl1c: Work around the DMA RX overflow issue (git-fixes). - bluetooth: Add device 13d3:3571 to device tables (git-fixes). - bluetooth: Add device 0bda:887b to device tables (git-fixes). - Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x0cb8:0xc559 (git-fixes). - commit 806162c - netfilter: conntrack: dccp: copy entire header to stack buffer, not just basic one (CVE-2023-39197 bsc#1216976). - commit b489a86 - Update upstream references (add CVE-2023-4244 bsc#1215420) - patches.kabi/kabi-hide-changes-in-struct-nft_set.patch - patches.suse/netfilter-nf_tables-GC-transaction-API-to-avoid-race.patch - patches.suse/netfilter-nf_tables-GC-transaction-race-with-abort-p.patch - patches.suse/netfilter-nf_tables-GC-transaction-race-with-netns-d.patch - patches.suse/netfilter-nf_tables-fix-GC-transaction-races-with-ne.patch - patches.suse/netfilter-nf_tables-fix-kdoc-warnings-after-gc-rewor.patch - patches.suse/netfilter-nf_tables-use-correct-lock-to-protect-gc_l.patch - commit fee74b6 - blacklist.conf: non-trivial dependencies (bsc#1216105) - commit b8ada5d - s390/dasd: fix hanging device after request requeue (git-fixes LTC#203629 bsc#1215124). - commit 1f9716b - s390/cio: unregister device when the only path is gone (git-fixes bsc#1217609). - commit 1a12a29 - s390/ptrace: fix PTRACE_GET_LAST_BREAK error handling (git-fixes bsc#1217599). - commit c32f016 - s390/dasd: use correct number of retries for ERP requests (git-fixes bsc#1217598). - commit 71adc5d - Drivers: hv: vmbus: Remove unused extern declaration vmbus_ontimer() (git-fixes). - x86/hyperv: fix a warning in mshyperv.h (git-fixes). - x86/hyperv: Improve code for referencing hyperv_pcpu_input_arg (git-fixes). - HID: hyperv: avoid struct memcpy overrun warning (git-fixes). - x86/hyperv: Make hv_get_nmi_reason public (git-fixes). - hv: simplify sysctl registration (git-fixes). - x86/hyperv: Add HV_EXPOSE_INVARIANT_TSC define (git-fixes). - HID: hyperv: remove unused struct synthhid_msg (git-fixes). - HID: hyperv: Replace one-element array with flexible-array member (git-fixes). - commit be51c3e - Update patches.suse/net-usb-lan78xx-reorder-cleanup-operations-to-avoid-.patch (bsc#1217068 CVE-2023-6039). Update reference. Bug retroactively declared a security issue. - commit 867c96b - hv_netvsc: Mark VF as slave before exposing it to user-mode (git-fixes). - hv_netvsc: Fix race of register_netdevice_notifier and VF register (git-fixes). - hv_netvsc: fix race of netvsc and VF register_netdevice (git-fixes). - commit bbb7bfb - s390/dasd: protect device queue against concurrent access (git-fixes bsc#1217515). - commit 85f31b8 - net: mana: Fix return type of mana_start_xmit() (git-fixes). - commit 9a9e0ef - USB: serial: option: fix FM101R-GL defines (git-fixes). - USB: dwc3: qcom: fix ACPI platform device leak (git-fixes). - USB: dwc3: qcom: fix software node leak on probe errors (git-fixes). - USB: dwc3: qcom: fix resource leaks on probe deferral (git-fixes). - USB: dwc3: qcom: fix wakeup after probe deferral (git-fixes). - dt-bindings: usb: qcom,dwc3: fix example wakeup interrupt types (git-fixes). - usb: dwc3: set the dma max_seg_size (git-fixes). - usb: cdnsp: Fix deadlock issue during using NCM gadget (git-fixes). - usb: dwc3: Fix default mode initialization (git-fixes). - usb: typec: tcpm: Skip hard reset when in error recovery (git-fixes). - dt-bindings: usb: hcd: add missing phy name to example (git-fixes). - arm/xen: fix xen_vcpu_info allocation alignment (git-fixes). - drm/rockchip: vop: Fix color for RGB888/BGR888 format on VOP full (git-fixes). - drm/panel: simple: Fix Innolux G101ICE-L01 timings (git-fixes). - drm/panel: simple: Fix Innolux G101ICE-L01 bus flags (git-fixes). - ata: pata_isapnp: Add missing error check for devm_ioport_map() (git-fixes). - net: usb: ax88179_178a: fix failed operations during ax88179_reset (git-fixes). - xhci: Enable RPM on controllers that support low-power states (git-fixes). - commit 77def7a - Ensure ia32_emulation is always enabled for kernel-obs-build If ia32_emulation is disabled by default, ensure it is enabled back for OBS kernel to allow building 32bit binaries (jsc#PED-3184) [ms: Always pass the parameter, no need to grep through the config which may not be very reliable] - commit 56a2c2f - blk-mq: fix null pointer dereference in blk_mq_clear_rq_mapping() (bsc#1217366). - blk-mq: Don't clear driver tags own mapping (bsc#1217366). - commit dfa78ac - kobject: Fix slab-out-of-bounds in fill_kobj_path() (bsc#1216058 CVE-2023-45863). - commit 40e4871 - rpm: Define git commit as macro - commit bcc92c8 - kernel-source: Move provides after sources - commit dbbf742 - fbdev: imsttfb: fix double free in probe() (git-fixes). - fbdev: imsttfb: Release framebuffer and dealloc cmap on error path (git-fixes). - commit 04adf1c - drm/bridge: lt8912b: Switch to devm MIPI-DSI helpers (git-fixes). - Refresh patches.suse/drm-bridge-lt8912b-Add-hot-plug-detection.patch. - commit 44c514b - drm/bridge: tc358768: Disable non-continuous clock mode (git-fixes). - Refresh patches.suse/drm-bridge-tc358768-always-enable-HS-video-mode.patch. - Refresh patches.suse/drm-bridge-tc358768-fix-TCLK_TRAILCNT-computation.patch. - commit 1bb57d4 - platform/x86: wmi: remove unnecessary initializations (git-fixes). - Refresh patches.suse/platform-x86-wmi-use-bool-instead-of-int.patch. - commit 9e3bd62 - fbdev: imsttfb: fix a resource leak in probe (git-fixes). - Fix termination state for idr_for_each_entry_ul() (git-fixes). - crypto: caam/jr - fix Chacha20 + Poly1305 self test failure (git-fixes). - crypto: caam/qi2 - fix Chacha20 + Poly1305 self test failure (git-fixes). - crypto: hisilicon/hpre - Fix a erroneous check after snprintf() (git-fixes). - HID: logitech-hidpp: Move get_wireless_feature_index() check to hidpp_connect_event() (git-fixes). - HID: logitech-hidpp: Revert "Don't restart communication if not necessary" (git-fixes). - HID: logitech-hidpp: Don't restart IO, instead defer hid_connect() only (git-fixes). - drm/bridge: lt9611uxc: fix the race in the error path (git-fixes). - drm/amdkfd: fix some race conditions in vram buffer alloc/free of svm code (git-fixes). - drm/bridge: tc358768: Fix bit updates (git-fixes). - drm/bridge: lt8912b: Manually disable HPD only if it was enabled (git-fixes). - drm/bridge: lt8912b: Fix crash on bridge detach (git-fixes). - drm/bridge: lt8912b: Fix bridge_detach (git-fixes). - clk: ti: fix double free in of_ti_divider_clk_setup() (git-fixes). - platform/x86: wmi: Fix opening of char device (git-fixes). - wifi: iwlwifi: pcie: synchronize IRQs before NAPI (git-fixes). - fbdev: imsttfb: Fix error path of imsttfb_probe() (git-fixes). - wifi: iwlwifi: call napi_synchronize() before freeing rx/tx queues (git-fixes). - HID: logitech-hidpp: Remove HIDPP_QUIRK_NO_HIDINPUT quirk (git-fixes). - wifi: ath11k: debugfs: fix to work with multiple PCI devices (git-fixes). - clk: ti: change ti_clk_register[_omap_hw]() API (git-fixes). - mt76: dma: use kzalloc instead of devm_kzalloc for txwi (git-fixes). - clk: ti: Update component clocks to use ti_dt_clk_name() (git-fixes). - clk: ti: Update pll and clockdomain clocks to use ti_dt_clk_name() (git-fixes). - clk: ti: Add ti_dt_clk_name() helper to use clock-output-names (git-fixes). - drm/bridge: lt9611uxc: Register and attach our DSI device at probe (git-fixes). - drm/bridge: lt9611uxc: Switch to devm MIPI-DSI helpers (git-fixes). - drm/bridge: lt8912b: Register and attach our DSI device at probe (git-fixes). - drm/mipi-dsi: Create devm device attachment (git-fixes). - drm/mipi-dsi: Create devm device registration (git-fixes). - commit ff3b9ac - ALSA: hda/realtek: Add quirks for HP Laptops (git-fixes). - ALSA: hda/realtek: Enable Mute LED on HP 255 G10 (git-fixes). - ALSA: hda/realtek - Enable internal speaker of ASUS K6500ZC (git-fixes). - ALSA: hda/realtek: Enable Mute LED on HP 255 G8 (git-fixes). - ALSA: hda/realtek - Add Dell ALC295 to pin fall back table (git-fixes). - commit fe6b179 - Update patches.suse/vringh-don-t-use-vringh_kiov_advance-in-vringh_iov_x.patch (git-fixes, bsc#1215710, CVE-2023-5158). - commit aba4986 - s390/crashdump: fix TOD programmable field size (git-fixes bsc#1217205). - commit 4fa67bc - USB: dwc2: write HCINT with INTMASK applied (bsc#1214286). - commit 705073c - s390/pkey: fix/harmonize internal keyblob headers (git-fixes bsc#1217200). - commit 1330336 - net: fix use-after-free in tw_timer_handler (bsc#1217195). - commit 797642c - s390/ipl: add missing secure/has_secure file to ipl type 'unknown' (bsc#1214976 git-fixes). - commit 293b1d2 - hv_netvsc: fix netvsc_send_completion to avoid multiple message length checks (git-fixes). - commit e571a42 - blacklist.conf: fix for only partially backported commit - commit f8344aa - idpf: add SRIOV support and other ndo_ops (bsc#1215458). - Update config files. - supported.conf: marked idpf supported - commit 8518538 - idpf: fix potential use-after-free in idpf_tso() (bsc#1215458). - PCI: Disable ATS for specific Intel IPU E2000 devices (bsc#1215458). - PCI: Extract ATS disabling to a helper function (bsc#1215458). - idpf: cancel mailbox work in error path (bsc#1215458). - idpf: set scheduling mode for completion queue (bsc#1215458). - idpf: add ethtool callbacks (bsc#1215458). - idpf: add singleq start_xmit and napi poll (bsc#1215458). - idpf: add RX splitq napi poll support (bsc#1215458). - idpf: add TX splitq napi poll support (bsc#1215458). - idpf: add splitq start_xmit (bsc#1215458). - idpf: initialize interrupts and enable vport (bsc#1215458). - idpf: configure resources for RX queues (bsc#1215458). - idpf: configure resources for TX queues (bsc#1215458). - idpf: add ptypes and MAC filter support (bsc#1215458). - idpf: add create vport and netdev configuration (bsc#1215458). - idpf: add core init and interrupt request (bsc#1215458). - idpf: add controlq init and reset checks (bsc#1215458). - idpf: add module register and probe functionality (bsc#1215458). - virtchnl: add virtchnl version 2 ops (bsc#1215458). - net: add macro netif_subqueue_completed_wake (bsc#1215458). - net: piggy back on the memory barrier in bql when waking queues (bsc#1215458). - net: provide macros for commonly copied lockless queue stop/wake code (bsc#1215458). - docs: net: use C syntax highlight in driver.rst (bsc#1215458). - docs: net: move the probe and open/close sections of driver.rst up (bsc#1215458). - docs: net: reformat driver.rst from a list to sections (bsc#1215458). - Documentation: networking: correct possessive "its" (bsc#1215458). - commit 0dd7c0b - blacklist.conf: Add 2ef269ef1ac0 cgroup/cpuset: Free DL BW in case can_attach() fails - commit 635fb82 - scsi: lpfc: Update lpfc version to 14.2.0.15 (bsc#1217124). - scsi: lpfc: Introduce LOG_NODE_VERBOSE messaging flag (bsc#1217124). - scsi: lpfc: Validate ELS LS_ACC completion payload (bsc#1217124). - scsi: lpfc: Reject received PRLIs with only initiator fcn role for NPIV ports (bsc#1217124). - scsi: lpfc: Treat IOERR_SLI_DOWN I/O completion status the same as pci offline (bsc#1217124). - scsi: lpfc: Remove unnecessary zero return code assignment in lpfc_sli4_hba_setup (bsc#1217124). - commit 36a063a - scsi: qla2xxx: Use FIELD_GET() to extract PCIe capability fields (git-fixes). - scsi: qla2xxx: Fix double free of dsd_list during driver load (git-fixes). - commit 7802965 - arm64: armv8_deprecated: fix unused-function error (git-fixes) - commit 8a9ffd3 - arm64: Add Cortex-A520 CPU part definition (git-fixes) - commit ec1fe6f - arm64: armv8_deprecated: rework deprected instruction handling (git-fixes) - commit bff85fe - arm64: armv8_deprecated: move aarch32 helper earlier (git-fixes) - commit 5802265 - arm64: armv8_deprecated move emulation functions (git-fixes) - commit cb05023 - arm64: armv8_deprecated: fold ops into insn_emulation (git-fixes) - commit 3a9b307 - arm64: rework EL0 MRS emulation (git-fixes) - commit 9ce6c60 - arm64: factor insn read out of call_undef_hook() (git-fixes) - commit 6831136 - arm64: factor out EL1 SSBS emulation hook (git-fixes) - commit c8a644d - arm64: split EL0/EL1 UNDEF handlers (git-fixes) - commit de48edd - arm64: allow kprobes on EL0 handlers (git-fixes) - commit c9ac567 - arm64: rework BTI exception handling (git-fixes) - commit f21a31f - arm64: rework FPAC exception handling (git-fixes) - commit da959d5 - arm64: consistently pass ESR_ELx to die() (git-fixes) - commit b804637 - arm64: die(): pass 'err' as long (git-fixes) - commit bac59fc - arm64: report EL1 UNDEFs better (git-fixes) - commit 0e93130 - nvme: update firmware version after commit (bsc#1215292). - commit 1d3b546 - rpm/check-for-config-changes: add HAVE_SHADOW_CALL_STACK to IGNORED_CONFIGS_RE Not supported by our compiler. - commit eb32b5a - s390/cmma: fix handling of swapper_pg_dir and invalid_pg_dir (LTC#203997 bsc#1217086). - commit 651d5ec - s390/cmma: fix detection of DAT pages (LTC#203997 bsc#1217086). - commit aa2ec99 - s390/mm: add missing arch_set_page_dat() call to gmap allocations (LTC#203997 bsc#1217086). - commit b3d336b - s390/mm: add missing arch_set_page_dat() call to vmem_crst_alloc() (LTC#203997 bsc#1217086). - commit f15e0fe - s390/cmma: fix initial kernel address space page table walk (LTC#203997 bsc#1217086). - commit d8f4afa - net: Avoid address overwrite in kernel_connect (bsc#1216861). - commit 39cb2fd - igb: set max size RX buffer when store bad packet is enabled (bsc#1216259 CVE-2023-45871). - commit 15c91c9 - fbdev: fsl-diu-fb: mark wr_reg_wa() static (git-fixes). - fbdev: omapfb: Drop unused remove function (git-fixes). - drm/syncobj: fix DRM_SYNCOBJ_WAIT_FLAGS_WAIT_AVAILABLE (git-fixes). - drm/i915: Fix potential spectre vulnerability (git-fixes). - i915/perf: Fix NULL deref bugs with drm_dbg() calls (git-fixes). - ALSA: info: Fix potential deadlock at disconnection (git-fixes). - ASoC: hdmi-codec: register hpd callback on component probe (git-fixes). - spi: spi-zynq-qspi: add spi-mem to driver kconfig dependencies (git-fixes). - Revert "mmc: core: Capture correct oemid-bits for eMMC cards" (git-fixes). - mmc: vub300: fix an error code (git-fixes). - mmc: sdhci_am654: fix start loop index for TAP value parsing (git-fixes). - lsm: fix default return value for inode_getsecctx (git-fixes). - lsm: fix default return value for vm_enough_memory (git-fixes). - Input: synaptics-rmi4 - fix use after free in rmi_unregister_function() (git-fixes). - i2c: iproc: handle invalid slave state (git-fixes). - pwm: brcmstb: Utilize appropriate clock APIs in suspend/resume (git-fixes). - pwm: sti: Reduce number of allocations and drop usage of chip_data (git-fixes). - can: isotp: isotp_sendmsg(): fix TX state detection and wait behavior (git-fixes). - commit ba5a839 - perf/core: Fix potential NULL deref (bsc#1216584 CVE-2023-5717). - commit 90eeaff - perf: Disallow mis-matched inherited group reads (bsc#1216584 CVE-2023-5717). Implement KABI fix for above - commit 6ca2dbc - Update patch reference for QXL fix (CVE-2023-39198 bsc#1216965) - commit d6014b6 - Add tag to patches.suse/RDMA-irdma-Prevent-zero-length-STAG-registration.patch (git-fixes CVE-2023-25775). - commit 3c6e962 - can: isotp: fix race between isotp_sendsmg() and isotp_release() (git-fixes). - Refresh patches.suse/can-isotp-isotp_sendmsg-fix-return-error-fix-on-TX-p.patch. - commit b988ee1 - can: isotp: split tx timer into transmission and timeout (git-fixes). - commit 65b452a - can: isotp: fix tx state handling for echo tx processing (git-fixes). - commit 9db78d6 - can: isotp: add local echo tx processing for consecutive frames (git-fixes). - Refresh patches.suse/can-isotp-set-default-value-for-N_As-to-50-micro-sec.patch. - commit 6c424b2 - usb: storage: set 1.50 as the lower bcdDevice for older "Super Top" compatibility (git-fixes). - tty: 8250: Add support for Intashield IX cards (git-fixes). - tty: 8250: Add support for additional Brainboxes PX cards (git-fixes). - tty: 8250: Add support for Intashield IS-100 (git-fixes). - tty: 8250: Add support for Brainboxes UP cards (git-fixes). - tty: 8250: Add support for additional Brainboxes UC cards (git-fixes). - ALSA: hda: intel-dsp-config: Fix JSL Chromebook quirk detection (git-fixes). - PCI: Prevent xHCI driver from claiming AMD VanGogh USB3 DRD device (git-fixes). - clk: Sanitize possible_parent_show to Handle Return Value of of_clk_get_parent_name (git-fixes). - r8152: Check for unplug in r8153b_ups_en() / r8153c_ups_en() (git-fixes). - r8152: Check for unplug in rtl_phy_patch_request() (git-fixes). - ASoC: rt5650: fix the wrong result of key button (git-fixes). - Input: synaptics-rmi4 - handle reset delay when using SMBus trsnsport (git-fixes). - dmaengine: ste_dma40: Fix PM disable depth imbalance in d40_probe (git-fixes). - irqchip/stm32-exti: add missing DT IRQ flag translation (git-fixes). - ASoC: simple-card: fixup asoc_simple_probe() error handling (git-fixes). - can: isotp: handle wait_event_interruptible() return values (git-fixes). - can: isotp: isotp_bind(): return -EINVAL on incorrect CAN ID formatting (git-fixes). - can: isotp: remove re-binding of bound socket (git-fixes). - can: isotp: sanitize CAN ID checks in isotp_bind() (git-fixes). - can: isotp: set max PDU size to 64 kByte (git-fixes). - commit d668003 - regmap: prevent noinc writes from clobbering cache (git-fixes). - pcmcia: ds: fix possible name leak in error path in pcmcia_device_add() (git-fixes). - pcmcia: ds: fix refcount leak in pcmcia_device_add() (git-fixes). - pcmcia: cs: fix possible hung task and memory leak pccardd() (git-fixes). - commit afd2c59 - media: venus: hfi_parser: Add check to keep the number of codecs within range (git-fixes). - media: venus: hfi: add checks to handle capabilities from firmware (git-fixes). - media: venus: hfi: fix the check to handle session buffer requirement (git-fixes). - media: venus: hfi: add checks to perform sanity on queue pointers (git-fixes). - media: siano: Drop unnecessary error check for debugfs_create_dir/file() (git-fixes). - staging: media: ipu3: remove ftrace-like logging (git-fixes). - media: lirc: drop trailing space from scancode transmit (git-fixes). - media: sharp: fix sharp encoding (git-fixes). - media: ccs: Correctly initialise try compose rectangle (git-fixes). - media: cedrus: Fix clock/reset sequence (git-fixes). - media: vidtv: mux: Add check and kfree for kstrdup (git-fixes). - media: vidtv: psi: Add check for kstrdup (git-fixes). - media: bttv: fix use after free error due to btv->timeout timer (git-fixes). - media: i2c: max9286: Fix some redundant of_node_put() calls (git-fixes). - media: qcom: camss: Fix missing vfe_lite clocks check (git-fixes). - media: qcom: camss: Fix VFE-17x vfe_disable_output() (git-fixes). - media: qcom: camss: Fix vfe_get() error jump (git-fixes). - media: qcom: camss: Fix pm_domain_on sequence in probe (git-fixes). - commit b662ba0 - xfs: can't use kmem_zalloc() for attribute buffers (bsc#1216909). - commit 02f7309 - i3c: master: svc: fix SDA keep low when polling IBIWON timeout happen (git-fixes). - i3c: master: svc: fix check wrong status register in irq handler (git-fixes). - i3c: master: svc: fix ibi may not return mandatory data byte (git-fixes). - i3c: master: svc: fix wrong data return when IBI happen during start frame (git-fixes). - i3c: master: svc: fix race condition in ibi work thread (git-fixes). - i3c: Fix potential refcount leak in i3c_master_register_new_i3c_devs (git-fixes). - i3c: master: cdns: Fix reading status register (git-fixes). - mtd: rawnand: arasan: Include ECC syndrome along with in-band data while checking for ECC failure (git-fixes). - modpost: fix tee MODULE_DEVICE_TABLE built on big-endian host (git-fixes). - dmaengine: stm32-mdma: correct desc prep when channel running (git-fixes). - dmaengine: pxa_dma: Remove an erroneous BUG_ON() in pxad_free_desc() (git-fixes). - dmaengine: ti: edma: handle irq_of_parse_and_map() errors (git-fixes). - usb: raw-gadget: properly handle interrupted requests (git-fixes). - usb: typec: tcpm: Fix NULL pointer dereference in tcpm_pd_svdm() (git-fixes). - xhci: Loosen RPM as default policy to cover for AMD xHC 1.1 (git-fixes). - USB: usbip: fix stub_dev hub disconnect (git-fixes). - usb: chipidea: Simplify Tegra DMA alignment code (git-fixes). - usb: chipidea: Fix DMA overwrite for Tegra (git-fixes). - usb: dwc2: fix possible NULL pointer dereference caused by driver concurrency (git-fixes). - tty: n_gsm: fix race condition in status line change on dead connections (git-fixes). - tty: 8250: Add Brainboxes Oxford Semiconductor-based quirks (git-fixes). - tty: 8250: Fix up PX-803/PX-857 (git-fixes). - tty: 8250: Fix port count of PX-257 (git-fixes). - tty: 8250: Remove UC-257 and UC-431 (git-fixes). - tty/sysrq: replace smp_processor_id() with get_cpu() (git-fixes). - serial: exar: Revert "serial: exar: Add support for Sealevel 7xxxC serial cards" (git-fixes). - tty: tty_jobctrl: fix pid memleak in disassociate_ctty() (git-fixes). - seq_buf: fix a misleading comment (git-fixes). - commit 9eaffc2 - mm/hmm: fault non-owner device private entries (bsc#1216844, jsc#PED-7237, git-fixes). - commit 32900e8 - ARM: 9321/1: memset: cast the constant byte to unsigned char (git-fixes). - leds: trigger: ledtrig-cpu:: Fix 'output may be truncated' issue for 'cpu' (git-fixes). - leds: pwm: Don't disable the PWM when the LED should be off (git-fixes). - leds: turris-omnia: Do not use SMBUS calls (git-fixes). - mfd: arizona-spi: Set pdata.hpdet_channel for ACPI enumerated devs (git-fixes). - mfd: dln2: Fix double put in dln2_probe (git-fixes). - mfd: core: Ensure disabled devices are skipped without aborting (git-fixes). - i2c: core: Run atomic i2c xfer when !preemptible (git-fixes). - ASoC: Intel: Skylake: Fix mem leak when parsing UUIDs fails (git-fixes). - ASoC: fsl: Fix PM disable depth imbalance in fsl_easrc_probe (git-fixes). - ASoC: ams-delta.c: use component after check (git-fixes). - ASoC: fsl: mpc5200_dma.c: Fix warning of Function parameter or member not described (git-fixes). - ASoC: codecs: wsa-macro: fix uninitialized stack variables with name prefix (git-fixes). - ALSA: hda: cs35l41: Undo runtime PM changes at driver exit time (git-fixes). - ALSA: hda: cs35l41: Fix unbalanced pm_runtime_get() (git-fixes). - ASoC: cs35l41: Undo runtime PM changes at driver exit time (git-fixes). - ASoC: cs35l41: Verify PM runtime resume errors in IRQ handler (git-fixes). - hid: cp2112: Fix duplicate workqueue initialization (git-fixes). - PCI/sysfs: Protect driver's D3cold preference from user space (git-fixes). - PCI: keystone: Don't discard .probe() callback (git-fixes). - PCI: keystone: Don't discard .remove() callback (git-fixes). - PCI: exynos: Don't discard .remove() callback (git-fixes). - PCI/ASPM: Fix L1 substate handling in aspm_attr_store_common() (git-fixes). - commit ee1f9b6 - selftests/resctrl: Reduce failures due to outliers in MBA/MBM tests (git-fixes). - selftests/resctrl: Ensure the benchmark commands fits to its array (git-fixes). - selftests/pidfd: Fix ksft print formats (git-fixes). - soc: qcom: llcc: Handle a second device without data corruption (git-fixes). - clk: scmi: Free scmi_clk allocated when the clocks with invalid info are skipped (git-fixes). - mmc: meson-gx: Remove setting of CMD_CFG_ERROR (git-fixes). - drm/vc4: fix typo (git-fixes). - drm/rockchip: Fix type promotion bug in rockchip_gem_iommu_map() (git-fixes). - drm/amd/pm: Handle non-terminated overdrive commands (git-fixes). - drm/mediatek: Fix iommu fault during crtc enabling (git-fixes). - drm/mediatek: Fix iommu fault by swapping FBs after updating plane state (git-fixes). - drm/amd/display: remove useless check in should_enable_fbc() (git-fixes). - drm/radeon: possible buffer overflow (git-fixes). - drm/rockchip: cdn-dp: Fix some error handling paths in cdn_dp_probe() (git-fixes). - drm/bridge: tc358768: Fix use of uninitialized variable (git-fixes). - drm/bridge: lt8912b: Add missing drm_bridge_attach call (git-fixes). - drm/bridge: Fix kernel-doc typo in desc of output_bus_cfg in drm_bridge_state (git-fixes). - drm/rockchip: vop: Fix call to crtc reset helper (git-fixes). - drm/rockchip: vop: Fix reset of state in duplicate state crtc funcs (git-fixes). - commit 811f56a - clk: npcm7xx: Fix incorrect kfree (git-fixes). - clk: keystone: pll: fix a couple NULL vs IS_ERR() checks (git-fixes). - clk: qcom: ipq6018: drop the CLK_SET_RATE_PARENT flag from PLL clocks (git-fixes). - clk: qcom: config IPQ_APSS_6018 should depend on QCOM_SMEM (git-fixes). - clk: qcom: gcc-sm8150: Fix gcc_sdcc2_apps_clk_src (git-fixes). - clk: qcom: mmcc-msm8998: Fix the SMMU GDSC (git-fixes). - clk: qcom: mmcc-msm8998: Don't check halt bit on some branch clks (git-fixes). - clk: qcom: clk-rcg2: Fix clock rate overflow for high parent frequencies (git-fixes). - clk: imx: imx8qxp: Fix elcdif_pll clock (git-fixes). - clk: imx: imx8mq: correct error handling path (git-fixes). - clk: imx: Select MXC_CLK for CLK_IMX8QXP (git-fixes). - clk: mediatek: clk-mt2701: Add check for mtk_alloc_clk_data (git-fixes). - clk: mediatek: clk-mt7629: Add check for mtk_alloc_clk_data (git-fixes). - clk: mediatek: clk-mt7629-eth: Add check for mtk_alloc_clk_data (git-fixes). - clk: mediatek: clk-mt6797: Add check for mtk_alloc_clk_data (git-fixes). - clk: mediatek: clk-mt6779: Add check for mtk_alloc_clk_data (git-fixes). - clk: mediatek: clk-mt6765: Add check for mtk_alloc_clk_data (git-fixes). - platform/x86: wmi: Fix probe failure when failing to register WMI devices (git-fixes). - hwmon: (coretemp) Fix potentially truncated sysfs attribute name (git-fixes). - spi: nxp-fspi: use the correct ioremap function (git-fixes). - spi: tegra: Fix missing IRQ check in tegra_slink_probe() (git-fixes). - regmap: debugfs: Fix a erroneous check after snprintf() (git-fixes). - gpio: mockup: remove unused field (git-fixes). - gpio: mockup: fix kerneldoc (git-fixes). - PM: hibernate: Use __get_safe_page() rather than touching the list (git-fixes). - PM / devfreq: rockchip-dfi: Make pmu regmap mandatory (git-fixes). - ACPI: sysfs: Fix create_pnp_modalias() and create_of_modalias() (git-fixes). - ACPI: FPDT: properly handle invalid FPDT subtables (git-fixes). - thermal: core: prevent potential string overflow (git-fixes). - wifi: ath11k: fix htt pktlog locking (git-fixes). - wifi: ath11k: fix dfs radar event locking (git-fixes). - wifi: ath11k: fix temperature event locking (git-fixes). - wifi: iwlwifi: empty overflow queue during flush (git-fixes). - wifi: mt76: mt7603: rework/fix rx pse hang check (git-fixes). - wifi: rtlwifi: fix EDCA limit set by BT coexistence (git-fixes). - wifi: rtw88: debug: Fix the NULL vs IS_ERR() bug for debugfs_create_file() (git-fixes). - wifi: iwlwifi: Use FW rate for non-data frames (git-fixes). - wifi: iwlwifi: honor the enable_ini value (git-fixes). - wifi: mac80211: fix # of MSDU in A-MSDU calculation (git-fixes). - can: dev: can_put_echo_skb(): don't crash kernel if can_priv::echo_skb is accessed out of bounds (git-fixes). - can: dev: can_restart(): fix race condition between controller restart and netif_carrier_on() (git-fixes). - can: dev: can_restart(): don't crash kernel if carrier is OK (git-fixes). - can: sja1000: Fix comment (git-fixes). - drm/gud: Use size_add() in call to struct_size() (git-fixes). - commit 23d4c08 - rpm/check-for-config-changes: add AS_WRUSS to IGNORED_CONFIGS_RE Add AS_WRUSS as an IGNORED_CONFIGS_RE entry in check-for-config-changes to fix build on x86_32. There was a fix submitted to upstream but it was not accepted: https://lore.kernel.org/all/20231031140504.GCZUEJkMPXSrEDh3MA@fat_crate.local/ So carry this in IGNORED_CONFIGS_RE instead. - commit 7acca37 - io_uring/fdinfo: lock SQ thread while retrieving thread cpu/pid (bsc#1216693 CVE-2023-46862). - commit 7e92d76 - blacklist.conf: Add d243b34459ce kernel/fork: beware of __put_task_struct() calling context - commit 6b082e7 - net-memcg: Fix scope of sockmem pressure indicators (bsc#1216759). - commit adef0b8 - blacklist.conf: Add dc6e0818bc9a sched/cpuacct: Optimize away RCU read lock - commit 3d40657 - x86/sev: Use the GHCB protocol when available for SNP CPUID requests (git-fixes). - commit 589a255 - x86/sev: Do not try to parse for the CC blob on non-AMD hardware (git-fixes). - commit 7c87ee0 - x86: Move gds_ucode_mitigated() declaration to header (git-fixes). - commit b9734f1 - x86/fpu: Set X86_FEATURE_OSXSAVE feature after enabling OSXSAVE in CR4 (git-fixes). - commit 4f89ad9 - x86/cpu: Fix AMD erratum #1485 on Zen4-based CPUs (git-fixes). - commit 83c32c0 - x86/alternative: Add a __alt_reloc_selftest() prototype (git-fixes). - commit 215ed36 - x86/sev: Fix calculation of end address based on number of pages (git-fixes). - commit 4005ffa - iio: exynos-adc: request second interupt only when touchscreen mode is used (git-fixes). - iio: adc: xilinx-xadc: Correct temperature offset/scale for UltraScale (git-fixes). - iio: adc: xilinx-xadc: Don't clobber preset voltage/temperature thresholds (git-fixes). - misc: fastrpc: Clean buffers on remote invocation failures (git-fixes). - i2c: stm32f7: Fix PEC handling in case of SMBUS transfers (git-fixes). - i2c: muxes: i2c-mux-gpmux: Use of_get_i2c_adapter_by_node() (git-fixes). - i2c: muxes: i2c-demux-pinctrl: Use of_get_i2c_adapter_by_node() (git-fixes). - i2c: muxes: i2c-mux-pinctrl: Use of_get_i2c_adapter_by_node() (git-fixes). - i2c: aspeed: Fix i2c bus hang in slave read (git-fixes). - drm/i915/pmu: Check if pmu is closed before stopping event (git-fixes). - firmware/imx-dsp: Fix use_after_free in imx_dsp_setup_channels() (git-fixes). - r8152: Release firmware if we have an error in probe (git-fixes). - r8152: Cancel hw_phy_work if we have an error in probe (git-fixes). - r8152: Run the unload routine if we have errors during probe (git-fixes). - r8152: Increase USB control msg timeout to 5000ms as per spec (git-fixes). - net: usb: smsc95xx: Fix uninit-value access in smsc95xx_read_reg (git-fixes). - net: ieee802154: adf7242: Fix some potential buffer overflow in adf7242_stats_show() (git-fixes). - treewide: Spelling fix in comment (git-fixes). - commit e69ab42 Package libhugetlbfs was updated: - Add libhugetlbfs-noexecstack.patch (bsc#1213639)- Increase buffer size in libhugetlbfs-increase-mount-buffer.patch as in the provided fix (bsc#1213639) - Add libhugetlbfs-increase-mount-buffer.patch for upstream issue gh#43 (boo#1216576, bsc#1213639) Package sqlite3 was updated: - Sync version 3.44.0 from Factory * Fixes bsc#1210660, CVE-2023-2137: Heap buffer overflow * sqlite3-rtree-i686.patch: temporary build fix for 32-bit x86. * Obsoletes sqlite-CVE-2022-46908.patch * Obsoletes sqlite-src-3390000-func7-pg-181.patch Package libstorage-ng was updated: - add support for MD RAID type LINEAR (bsc#1215022) new patch: + linear.patch Package suseconnect-ng was updated: - Update to version 1.4.0~git0.b0f7c25bfdfa * Added EULA display for addons (bsc#1170267) * Fix zypper argument for auto-agreeing licenses (bsc#1214781) * Enable building on SLE12 SP5 (jsc#PED-3179) - Update to version 1.3.0 * Track .changes file in git - Update to version 1.2.0~git0.abd0fec: * enhance docs for package testing * Fixed `provides` to work with yast2-registration on SLE15 < SP4 (bsc#1212799) * Improve error message if product set more than once Package libtirpc was updated: Package libxml2 was updated: - Security update: * [CVE-2023-45322, bsc#1216129] use-after-free in xmlUnlinkNode() in tree.c - Added file libxml2-CVE-2023-45322.patch Package libzypp was updated: - Preliminary disable 'rpm --runposttrans' usage for chrooted systems (bsc#1216091) This limits the %transfiletrigger(postun|in) support in the default installer if --root is used (as described in bsc#1041742). The chrooted execution of the scripts in 'rpm --runposttrans' broke in rpm-4.18. It's expected to be fixed in rpm-4.19. Then we'll enable the feature again. - fix comment typo on zypp.conf (boo#1215979) - version 17.31.22 (22) - Attempt to delay %transfiletrigger(postun|in) execution if rpm supports it (bsc#1041742) Decide during installation whether rpm is capable of delayed %posttrans %transfiletrigger(postun|in) execution or whether we can just handle the packages %posttrans. On TW a delayed %transfiletrigger handling is possible since rpm-4.17. - Make sure the old target is deleted before a new one is created (bsc#1203760) - version 17.31.21 (22) Package psmisc was updated: Package python-psutil was updated: - Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) - Fix tests: setuptools changed the builddir library path and does not find the module from it. Use the installed platlib instead and exclude psutil.tests only later. - Refresh skip-obs.patch Package spacewalk-client-tools was updated: - version 4.3.17-1 * Update translation strings Package regionServiceClientConfigGCE was updated: - Update to version 4.0.1 (bsc#1217538) + Replace 130.211.242.136.pem and 130.211.88.88.pem certs expiring in 8 years and new length of 4096 These certs will replace the current certs that expire soon Package release-notes-susemanager was updated: - Update to SUSE Manager 4.3.10 * SUSE Linux Enterprise Server Micro 5.5 support * CLM filter by package build date * Enhanced Errata.getDetails API endpoint * CVEs fixed: CVE-2023-22644 * Bugs mentioned: bsc#1191143, bsc#1204235, bsc#1207012, bsc#1207532, bsc#1210928, bsc#1210930, bsc#1211355, bsc#1211560, bsc#1211649, bsc#1212695, bsc#1212904, bsc#1213469, bsc#1214186, bsc#1214471, bsc#1214601, bsc#1214759, bsc#1215209, bsc#1215514, bsc#1215949, bsc#1216030, bsc#1216041, bsc#1216085, bsc#1216128, bsc#1216380, bsc#1216506, bsc#1216555, bsc#1216690, bsc#1216754, bsc#1217038, bsc#1217223, bsc#1217224 Package runc was updated: - Update to runc v1.1.10. Upstream changelog is available from <https://github.com/opencontainers/runc/releases/tag/v1.1.10>. Package 000release-packages:sle-module-basesystem-release was updated: Package 000release-packages:sle-module-containers-release was updated: Package 000release-packages:sle-module-public-cloud-release was updated: Package 000release-packages:sle-module-server-applications-release was updated: Package 000product:sle-module-suse-manager-server-release was updated: Package 000release-packages:sle-module-web-scripting-release was updated: Package spacecmd was updated: - version 4.3.25-1 * Update translation strings Package spacewalk-backend was updated: - version 4.3.25-1 * Use the new apache2-mod_wsgi package name * Set stricter file permissions for config file * Add table statistics and options to the support config database output * Add CLM data collection to spacewalk-debug * Add unique index for rhnpackagechangelogdata table Package spacewalk-web was updated: - version 4.3.36-1 * Safeguard request URLs against tempering (bsc#1216754) * Improve datetimepicker input formatting * Improve logging to better capture third-party library issues * Simplify and modernize password generation logic * Update webpack to 5.88.2 * Handle new message from subscription-matcher (bsc#1216506) * Add sanity checks for FQDNs in proxy configuration dialog * Add option to filter packages by build time in CLM (jsc#SUMA-282) Package spacewalk-java was updated: - version 4.3.69-1 * Include reboot_suggested and restart_suggested booleans in errata.getDetails API response * Fix filter ID comparison when attaching filters to a CLM project (bsc#1215949) * Fix validation of lists with empty defaults in formulas (bsc#1216555) * Safeguard request URLs against tempering (bsc#1216754) * Improved logging to better capture third-party library issues * Fix issue of non-installed package listed as errata package update candidates (bsc#1212904) * Fix issue with reporting database query pagination * Update tomcat jars to version greater than 9.0.75 * Fix notification messages email content (bsc#1216041) * Look for the PAYG CA certificate location in different order to find and import the correct one (bsc#1214759) * Sanitize token before logging it CVE-2023-22644 (bsc#1210930) * Use 600 permissions for logfiles CVE-2023-22644 (bsc#1210928) * Log potential sensitive information only in debug mode CVE-2023-22644 (bsc#1210928) * Add salt-api socket timeout to abort stuck taskomatic jobs (bsc#1211649) * Fix SLE-Micro PAYG detection * Wait for lock to execute SCC sync task (bsc#1216030) * Fix url pointing to SCC (bsc#1216690) * Prevent download when a PAYG Server is not compliant * Fix system.provisionSystem xmlrpc endpoint to calculate host properly (bsc#1215209) * Include "uuid" as system search xmlrpc results (bsc#1216380) * Prevent losing Remote Command action result if returned JSON cannot be parsed * Add PAYG info to UI and rest API * Add management restrictions to SUMA PAYG when dealing with BYOS instances when no SCC credentials are set. * Fix issue where bad SCC credentials were preventing other credentials to refresh (bsc#1211355) * Fix conversion to string if branchid is numeric in PXEEvent * Fix token validation for shared (public) child channels (bsc#1216128) * Prevent NPE in updateSystemInfo (bsc#1217224) * Update SCC REST call to register systems in bulk * Enhance hardware data sent to SCC by memory * Fix FQDN machine name mapping on proxy configuration * Fix NPE when creating PXE config for an unmanaged profile (bsc#1217223) * Add option to filter packages by build time in CLM (jsc#SUMA-282) * Consider server id when removing invalid erratas from rhnSet (bsc#1204235,bsc#1207012,bsc#1211560) * Fix createSystemRecord XML-RPC API call so the Cobbler UID is persisted (bsc#1207532) Package spacewalk-search was updated: - version 4.3.10-1 * Include "uuid" as system search result attribute (bsc#1216380) Package subscription-matcher was updated: - Version 0.33 * Added missing part numbers (bsc#1216506) * Ignored subscriptions without any associated products (bsc#1216506) * Updated guava to version 32.0 Package suse-build-key was updated: - replace libzypp-post-script based installation with a systemd timer and service. - suse-build-key-import.service - suse-build-key-import.timer Package susemanager-docs_en was updated: - Added SUSE Liberty Linux versions 7 and 8 to the supported features matrix in the Client Configuration Guide - Added support for SUSE Linux Enterprise Micro 5.5 and openSUSE Leap Micro 5.5 clients to the Installation and Upgrade Guide, and to the Client Configuration Guide - Updated Twitter handle reference in documentation user interface - Updated feature table and added legend in the Configuration Management section of the Client Configuration Guide - Fixed parameter name in the Register clients section of the Client Configuration Guide - Fixed links to HTML output of SUSE Linux Enterprise Server 15 SP4 documentation - Added note about using short hostname in the Quick Start: SAP guide (bsc#1212695) - Mentioned the option to install Prometheus on Retail branch servers (bsc#1191143) - Fixed link loop and clarified some server upgrade description details in the Installation and Upgrade Guide (bsc#1214471) - SUSE Manager 4.3 is based on SUSE Linux Enterprise 15 SP4; updated the installation procedure (bsc#1213469) Package susemanager-schema was updated: - version 4.3.22-1 * Drop special versioned schema files * Add unique index for rhnpackagechangelogdata table Package susemanager-sls was updated: - version 4.3.37-1 * Disable dnf_rhui_plugin as it breaks our susemanagerplugin (bsc#1214601) * Fix susemanagerplugin to not overwrite header fields set by other plugins * Let the dnf plugin log when a token was set * Retry loading of pillars from DB on connection error (bsc#1214186) * Recognize squashfs build results from kiwi (bsc#1216085) Package susemanager-sync-data was updated: - version 4.3.14-1 * Add SLES15 SP4 LTSS * Add ESPOS and LTSS for HPC 15 SP5 * Change OES version from 2023.4 to 23.4 (bsc#1215514) Package susemanager was updated: - version 4.3.33-1 * Add bootstrap repository data for SLE-Micro 5.5 (bsc#1217038) Package uyuni-reportdb-schema was updated: - version 4.3.8-1 * Provide reportdb upgrade schema path structure Package vim was updated: - Updated to version 9.0 with patch level 2103, fixes the following security problems * Fixing bsc#1215940 (CVE-2023-5344) - VUL-0: CVE-2023-5344: vim: Heap-based Buffer Overflow in vim prior to 9.0.1969. * Fixing bsc#1216001 (CVE-2023-5441) - VUL-0: CVE-2023-5441: vim: segfault in exmode when redrawing * Fixing bsc#1216167 (CVE-2023-5535) - VUL-0: CVE-2023-5535: vim: use-after-free from buf_contents_changed() * Fixing bsc#1216696 (CVE-2023-46246) - VUL-0: CVE-2023-46246: vim: Integer Overflow in :history command - for the complete list of changes see https://github.com/vim/vim/compare/v9.0.1894...v9.0.2103 Package yast2-storage-ng was updated: - New MdLevel value for linear RAIDs (bsc#1215022)- 4.4.46 Package zypper was updated: - Return 104 also if info suggests near matches (fixes #504)- Rephrase upgrade message for openSUSE Tumbleweed (bsc#1212422) - Fix typo (fixes #484) - version 1.14.66 - Fix some typos and spelling errors found by Lintian (fixes #501) - Prefer unaliased `grep` to avoid unexpected/wrong completions. (#503) - commit: Insert a headline to separate output of different rpm scripts (bsc#1041742) - Fix typo in changes file. - version 1.14.65 The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://publiccloudimagechangeinfo.suse.com/google/suse-manager-server-4-3-byos-v20231214-x86-64/ Public Cloud Image Info https://www.suse.com/support/security/rating/ SUSE Security Ratings Public Cloud Image google/suse-manager-server-4-3-byos-v20231214-x86-64 apache2-mod_wsgi-4.7.1-150400.3.9.4 cloud-regionsrv-client-10.1.4-150400.1.1 cloud-regionsrv-client-plugin-gce-1.0.0-150400.1.1 containerd-1.7.8-150000.103.1 curl-8.0.1-150400.5.36.1 dracut-055+suse.351.g30f0cda6-150400.3.31.1 google-guest-configs-20230808.00-150400.13.6.1 gpg2-2.2.27-150300.3.8.1 groff-1.22.4-150400.5.2.1 javapackages-filesystem-6.2.0-150200.3.12.1 javapackages-tools-6.2.0-150200.3.12.1 kernel-default-5.14.21-150400.24.100.2 libcurl4-8.0.1-150400.5.36.1 libhugetlbfs-2.20-150000.3.8.1 libicu-suse65_1-65.1-150200.4.10.1 libicu65_1-ledata-65.1-150200.4.10.1 libpipeline1-1.4.1-150000.3.2.1 libsqlite3-0-3.44.0-150000.3.23.1 libstorage-ng-ruby-4.4.94-150400.3.3.1 libstorage-ng1-4.4.94-150400.3.3.1 libsuseconnect-1.4.0~git0.b0f7c25bfdfa-150400.3.16.1 libtirpc-netconfig-1.3.4-150300.3.23.1 libtirpc3-1.3.4-150300.3.23.1 libxml2-2-2.9.14-150400.5.25.1 libxml2-tools-2.9.14-150400.5.25.1 libzypp-17.31.22-150400.3.43.1 man-2.7.6-150100.8.5.1 man-pages-4.16-150300.13.5.1 psmisc-23.0-150000.6.25.1 python3-libxml2-2.9.14-150400.5.25.1 python3-psutil-5.9.1-150300.3.6.1 python3-requests-2.25.1-150300.3.6.1 python3-spacewalk-client-tools-4.3.17-150400.3.21.6 regionServiceClientConfigGCE-4.0.1-150000.4.12.1 release-notes-susemanager-4.3.10-150400.3.93.1 runc-1.1.10-150000.55.1 screen-4.6.2-150000.5.5.1 spacecmd-4.3.25-150400.3.30.5 spacewalk-backend-4.3.25-150400.3.33.7 spacewalk-backend-app-4.3.25-150400.3.33.7 spacewalk-backend-applet-4.3.25-150400.3.33.7 spacewalk-backend-config-files-4.3.25-150400.3.33.7 spacewalk-backend-config-files-common-4.3.25-150400.3.33.7 spacewalk-backend-config-files-tool-4.3.25-150400.3.33.7 spacewalk-backend-iss-4.3.25-150400.3.33.7 spacewalk-backend-iss-export-4.3.25-150400.3.33.7 spacewalk-backend-package-push-server-4.3.25-150400.3.33.7 spacewalk-backend-server-4.3.25-150400.3.33.7 spacewalk-backend-sql-4.3.25-150400.3.33.7 spacewalk-backend-sql-postgresql-4.3.25-150400.3.33.7 spacewalk-backend-tools-4.3.25-150400.3.33.7 spacewalk-backend-xml-export-libs-4.3.25-150400.3.33.7 spacewalk-backend-xmlrpc-4.3.25-150400.3.33.7 spacewalk-base-4.3.36-150400.3.36.7 spacewalk-base-minimal-4.3.36-150400.3.36.7 spacewalk-base-minimal-config-4.3.36-150400.3.36.7 spacewalk-client-tools-4.3.17-150400.3.21.6 spacewalk-html-4.3.36-150400.3.36.7 spacewalk-java-4.3.69-150400.3.69.5 spacewalk-java-config-4.3.69-150400.3.69.5 spacewalk-java-lib-4.3.69-150400.3.69.5 spacewalk-java-postgresql-4.3.69-150400.3.69.5 spacewalk-search-4.3.10-150400.3.15.4 spacewalk-taskomatic-4.3.69-150400.3.69.5 sqlite3-3.44.0-150000.3.23.1 sqlite3-tcl-3.44.0-150000.3.23.1 subscription-matcher-0.33-150400.3.16.3 suse-build-key-12.0-150000.8.37.1 suseconnect-ng-1.4.0~git0.b0f7c25bfdfa-150400.3.16.1 suseconnect-ruby-bindings-1.4.0~git0.b0f7c25bfdfa-150400.3.16.1 susemanager-4.3.33-150400.3.42.4 susemanager-docs_en-4.3-150400.9.50.5 susemanager-docs_en-pdf-4.3-150400.9.50.5 susemanager-schema-4.3.22-150400.3.30.5 susemanager-schema-utility-4.3.22-150400.3.30.5 susemanager-sls-4.3.37-150400.3.37.5 susemanager-sync-data-4.3.14-150400.3.17.5 susemanager-tools-4.3.33-150400.3.42.4 system-group-hardware-20170617-150400.24.2.1 system-group-kvm-20170617-150400.24.2.1 system-group-wheel-20170617-150400.24.2.1 system-user-daemon-20170617-150400.24.2.1 system-user-lp-20170617-150400.24.2.1 system-user-mail-20170617-150400.24.2.1 system-user-man-20170617-150400.24.2.1 system-user-nobody-20170617-150400.24.2.1 system-user-wwwrun-20170617-150400.24.2.1 uyuni-reportdb-schema-4.3.8-150400.3.9.6 vim-9.0.2103-150000.5.57.1 vim-data-common-9.0.2103-150000.5.57.1 yast2-storage-ng-4.4.46-150400.3.19.1 zypper-1.14.66-150400.3.35.1 apache2-mod_wsgi-4.7.1-150400.3.9.4 as a component of Public Cloud Image google/suse-manager-server-4-3-byos-v20231214-x86-64 cloud-regionsrv-client-10.1.4-150400.1.1 as a component of Public Cloud Image google/suse-manager-server-4-3-byos-v20231214-x86-64 cloud-regionsrv-client-plugin-gce-1.0.0-150400.1.1 as a component of Public Cloud Image google/suse-manager-server-4-3-byos-v20231214-x86-64 containerd-1.7.8-150000.103.1 as a component of Public Cloud Image google/suse-manager-server-4-3-byos-v20231214-x86-64 curl-8.0.1-150400.5.36.1 as a component of Public Cloud Image google/suse-manager-server-4-3-byos-v20231214-x86-64 dracut-055+suse.351.g30f0cda6-150400.3.31.1 as a component of Public Cloud Image google/suse-manager-server-4-3-byos-v20231214-x86-64 google-guest-configs-20230808.00-150400.13.6.1 as a component of Public Cloud Image google/suse-manager-server-4-3-byos-v20231214-x86-64 gpg2-2.2.27-150300.3.8.1 as a component of Public Cloud Image google/suse-manager-server-4-3-byos-v20231214-x86-64 groff-1.22.4-150400.5.2.1 as a component of Public Cloud Image google/suse-manager-server-4-3-byos-v20231214-x86-64 javapackages-filesystem-6.2.0-150200.3.12.1 as a component of Public Cloud Image google/suse-manager-server-4-3-byos-v20231214-x86-64 javapackages-tools-6.2.0-150200.3.12.1 as a component of Public Cloud Image google/suse-manager-server-4-3-byos-v20231214-x86-64 kernel-default-5.14.21-150400.24.100.2 as a component of Public Cloud Image google/suse-manager-server-4-3-byos-v20231214-x86-64 libcurl4-8.0.1-150400.5.36.1 as a component of Public Cloud Image google/suse-manager-server-4-3-byos-v20231214-x86-64 libhugetlbfs-2.20-150000.3.8.1 as a component of Public Cloud Image google/suse-manager-server-4-3-byos-v20231214-x86-64 libicu-suse65_1-65.1-150200.4.10.1 as a component of Public Cloud Image google/suse-manager-server-4-3-byos-v20231214-x86-64 libicu65_1-ledata-65.1-150200.4.10.1 as a component of Public Cloud Image google/suse-manager-server-4-3-byos-v20231214-x86-64 libpipeline1-1.4.1-150000.3.2.1 as a component of Public Cloud Image google/suse-manager-server-4-3-byos-v20231214-x86-64 libsqlite3-0-3.44.0-150000.3.23.1 as a component of Public Cloud Image google/suse-manager-server-4-3-byos-v20231214-x86-64 libstorage-ng-ruby-4.4.94-150400.3.3.1 as a component of Public Cloud Image google/suse-manager-server-4-3-byos-v20231214-x86-64 libstorage-ng1-4.4.94-150400.3.3.1 as a component of Public Cloud Image google/suse-manager-server-4-3-byos-v20231214-x86-64 libsuseconnect-1.4.0~git0.b0f7c25bfdfa-150400.3.16.1 as a component of Public Cloud Image google/suse-manager-server-4-3-byos-v20231214-x86-64 libtirpc-netconfig-1.3.4-150300.3.23.1 as a component of Public Cloud Image google/suse-manager-server-4-3-byos-v20231214-x86-64 libtirpc3-1.3.4-150300.3.23.1 as a component of Public Cloud Image google/suse-manager-server-4-3-byos-v20231214-x86-64 libxml2-2-2.9.14-150400.5.25.1 as a component of Public Cloud Image google/suse-manager-server-4-3-byos-v20231214-x86-64 libxml2-tools-2.9.14-150400.5.25.1 as a component of Public Cloud Image google/suse-manager-server-4-3-byos-v20231214-x86-64 libzypp-17.31.22-150400.3.43.1 as a component of Public Cloud Image google/suse-manager-server-4-3-byos-v20231214-x86-64 man-2.7.6-150100.8.5.1 as a component of Public Cloud Image google/suse-manager-server-4-3-byos-v20231214-x86-64 man-pages-4.16-150300.13.5.1 as a component of Public Cloud Image google/suse-manager-server-4-3-byos-v20231214-x86-64 psmisc-23.0-150000.6.25.1 as a component of Public Cloud Image google/suse-manager-server-4-3-byos-v20231214-x86-64 python3-libxml2-2.9.14-150400.5.25.1 as a component of Public Cloud Image google/suse-manager-server-4-3-byos-v20231214-x86-64 python3-psutil-5.9.1-150300.3.6.1 as a component of Public Cloud Image google/suse-manager-server-4-3-byos-v20231214-x86-64 python3-requests-2.25.1-150300.3.6.1 as a component of Public Cloud Image google/suse-manager-server-4-3-byos-v20231214-x86-64 python3-spacewalk-client-tools-4.3.17-150400.3.21.6 as a component of Public Cloud Image google/suse-manager-server-4-3-byos-v20231214-x86-64 regionServiceClientConfigGCE-4.0.1-150000.4.12.1 as a component of Public Cloud Image google/suse-manager-server-4-3-byos-v20231214-x86-64 release-notes-susemanager-4.3.10-150400.3.93.1 as a component of Public Cloud Image google/suse-manager-server-4-3-byos-v20231214-x86-64 runc-1.1.10-150000.55.1 as a component of Public Cloud Image google/suse-manager-server-4-3-byos-v20231214-x86-64 screen-4.6.2-150000.5.5.1 as a component of Public Cloud Image google/suse-manager-server-4-3-byos-v20231214-x86-64 spacecmd-4.3.25-150400.3.30.5 as a component of Public Cloud Image google/suse-manager-server-4-3-byos-v20231214-x86-64 spacewalk-backend-4.3.25-150400.3.33.7 as a component of Public Cloud Image google/suse-manager-server-4-3-byos-v20231214-x86-64 spacewalk-backend-app-4.3.25-150400.3.33.7 as a component of Public Cloud Image google/suse-manager-server-4-3-byos-v20231214-x86-64 spacewalk-backend-applet-4.3.25-150400.3.33.7 as a component of Public Cloud Image google/suse-manager-server-4-3-byos-v20231214-x86-64 spacewalk-backend-config-files-4.3.25-150400.3.33.7 as a component of Public Cloud Image google/suse-manager-server-4-3-byos-v20231214-x86-64 spacewalk-backend-config-files-common-4.3.25-150400.3.33.7 as a component of Public Cloud Image google/suse-manager-server-4-3-byos-v20231214-x86-64 spacewalk-backend-config-files-tool-4.3.25-150400.3.33.7 as a component of Public Cloud Image google/suse-manager-server-4-3-byos-v20231214-x86-64 spacewalk-backend-iss-4.3.25-150400.3.33.7 as a component of Public Cloud Image google/suse-manager-server-4-3-byos-v20231214-x86-64 spacewalk-backend-iss-export-4.3.25-150400.3.33.7 as a component of Public Cloud Image google/suse-manager-server-4-3-byos-v20231214-x86-64 spacewalk-backend-package-push-server-4.3.25-150400.3.33.7 as a component of Public Cloud Image google/suse-manager-server-4-3-byos-v20231214-x86-64 spacewalk-backend-server-4.3.25-150400.3.33.7 as a component of Public Cloud Image google/suse-manager-server-4-3-byos-v20231214-x86-64 spacewalk-backend-sql-4.3.25-150400.3.33.7 as a component of Public Cloud Image google/suse-manager-server-4-3-byos-v20231214-x86-64 spacewalk-backend-sql-postgresql-4.3.25-150400.3.33.7 as a component of Public Cloud Image google/suse-manager-server-4-3-byos-v20231214-x86-64 spacewalk-backend-tools-4.3.25-150400.3.33.7 as a component of Public Cloud Image google/suse-manager-server-4-3-byos-v20231214-x86-64 spacewalk-backend-xml-export-libs-4.3.25-150400.3.33.7 as a component of Public Cloud Image google/suse-manager-server-4-3-byos-v20231214-x86-64 spacewalk-backend-xmlrpc-4.3.25-150400.3.33.7 as a component of Public Cloud Image google/suse-manager-server-4-3-byos-v20231214-x86-64 spacewalk-base-4.3.36-150400.3.36.7 as a component of Public Cloud Image google/suse-manager-server-4-3-byos-v20231214-x86-64 spacewalk-base-minimal-4.3.36-150400.3.36.7 as a component of Public Cloud Image google/suse-manager-server-4-3-byos-v20231214-x86-64 spacewalk-base-minimal-config-4.3.36-150400.3.36.7 as a component of Public Cloud Image google/suse-manager-server-4-3-byos-v20231214-x86-64 spacewalk-client-tools-4.3.17-150400.3.21.6 as a component of Public Cloud Image google/suse-manager-server-4-3-byos-v20231214-x86-64 spacewalk-html-4.3.36-150400.3.36.7 as a component of Public Cloud Image google/suse-manager-server-4-3-byos-v20231214-x86-64 spacewalk-java-4.3.69-150400.3.69.5 as a component of Public Cloud Image google/suse-manager-server-4-3-byos-v20231214-x86-64 spacewalk-java-config-4.3.69-150400.3.69.5 as a component of Public Cloud Image google/suse-manager-server-4-3-byos-v20231214-x86-64 spacewalk-java-lib-4.3.69-150400.3.69.5 as a component of Public Cloud Image google/suse-manager-server-4-3-byos-v20231214-x86-64 spacewalk-java-postgresql-4.3.69-150400.3.69.5 as a component of Public Cloud Image google/suse-manager-server-4-3-byos-v20231214-x86-64 spacewalk-search-4.3.10-150400.3.15.4 as a component of Public Cloud Image google/suse-manager-server-4-3-byos-v20231214-x86-64 spacewalk-taskomatic-4.3.69-150400.3.69.5 as a component of Public Cloud Image google/suse-manager-server-4-3-byos-v20231214-x86-64 sqlite3-3.44.0-150000.3.23.1 as a component of Public Cloud Image google/suse-manager-server-4-3-byos-v20231214-x86-64 sqlite3-tcl-3.44.0-150000.3.23.1 as a component of Public Cloud Image google/suse-manager-server-4-3-byos-v20231214-x86-64 subscription-matcher-0.33-150400.3.16.3 as a component of Public Cloud Image google/suse-manager-server-4-3-byos-v20231214-x86-64 suse-build-key-12.0-150000.8.37.1 as a component of Public Cloud Image google/suse-manager-server-4-3-byos-v20231214-x86-64 suseconnect-ng-1.4.0~git0.b0f7c25bfdfa-150400.3.16.1 as a component of Public Cloud Image google/suse-manager-server-4-3-byos-v20231214-x86-64 suseconnect-ruby-bindings-1.4.0~git0.b0f7c25bfdfa-150400.3.16.1 as a component of Public Cloud Image google/suse-manager-server-4-3-byos-v20231214-x86-64 susemanager-4.3.33-150400.3.42.4 as a component of Public Cloud Image google/suse-manager-server-4-3-byos-v20231214-x86-64 susemanager-docs_en-4.3-150400.9.50.5 as a component of Public Cloud Image google/suse-manager-server-4-3-byos-v20231214-x86-64 susemanager-docs_en-pdf-4.3-150400.9.50.5 as a component of Public Cloud Image google/suse-manager-server-4-3-byos-v20231214-x86-64 susemanager-schema-4.3.22-150400.3.30.5 as a component of Public Cloud Image google/suse-manager-server-4-3-byos-v20231214-x86-64 susemanager-schema-utility-4.3.22-150400.3.30.5 as a component of Public Cloud Image google/suse-manager-server-4-3-byos-v20231214-x86-64 susemanager-sls-4.3.37-150400.3.37.5 as a component of Public Cloud Image google/suse-manager-server-4-3-byos-v20231214-x86-64 susemanager-sync-data-4.3.14-150400.3.17.5 as a component of Public Cloud Image google/suse-manager-server-4-3-byos-v20231214-x86-64 susemanager-tools-4.3.33-150400.3.42.4 as a component of Public Cloud Image google/suse-manager-server-4-3-byos-v20231214-x86-64 system-group-hardware-20170617-150400.24.2.1 as a component of Public Cloud Image google/suse-manager-server-4-3-byos-v20231214-x86-64 system-group-kvm-20170617-150400.24.2.1 as a component of Public Cloud Image google/suse-manager-server-4-3-byos-v20231214-x86-64 system-group-wheel-20170617-150400.24.2.1 as a component of Public Cloud Image google/suse-manager-server-4-3-byos-v20231214-x86-64 system-user-daemon-20170617-150400.24.2.1 as a component of Public Cloud Image google/suse-manager-server-4-3-byos-v20231214-x86-64 system-user-lp-20170617-150400.24.2.1 as a component of Public Cloud Image google/suse-manager-server-4-3-byos-v20231214-x86-64 system-user-mail-20170617-150400.24.2.1 as a component of Public Cloud Image google/suse-manager-server-4-3-byos-v20231214-x86-64 system-user-man-20170617-150400.24.2.1 as a component of Public Cloud Image google/suse-manager-server-4-3-byos-v20231214-x86-64 system-user-nobody-20170617-150400.24.2.1 as a component of Public Cloud Image google/suse-manager-server-4-3-byos-v20231214-x86-64 system-user-wwwrun-20170617-150400.24.2.1 as a component of Public Cloud Image google/suse-manager-server-4-3-byos-v20231214-x86-64 uyuni-reportdb-schema-4.3.8-150400.3.9.6 as a component of Public Cloud Image google/suse-manager-server-4-3-byos-v20231214-x86-64 vim-9.0.2103-150000.5.57.1 as a component of Public Cloud Image google/suse-manager-server-4-3-byos-v20231214-x86-64 vim-data-common-9.0.2103-150000.5.57.1 as a component of Public Cloud Image google/suse-manager-server-4-3-byos-v20231214-x86-64 yast2-storage-ng-4.4.46-150400.3.19.1 as a component of Public Cloud Image google/suse-manager-server-4-3-byos-v20231214-x86-64 zypper-1.14.66-150400.3.35.1 as a component of Public Cloud Image google/suse-manager-server-4-3-byos-v20231214-x86-64 SQLite through 3.40.0, when relying on --safe for execution of an untrusted CLI script, does not properly implement the azProhibitedFunctions protection mechanism, and instead allows UDF functions such as WRITEFILE. CVE-2022-46908 important A race condition was found in the Linux kernel's RxRPC network protocol, within the processing of RxRPC bundles. This issue results from the lack of proper locking when performing operations on an object. This may allow an attacker to escalate privileges and execute arbitrary code in the context of the kernel. CVE-2023-2006 important Heap buffer overflow in sqlite in Google Chrome prior to 112.0.5615.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) CVE-2023-2137 important An Innsertion of Sensitive Information into Log File vulnerability in SUSE SUSE Manager Server Module 4.2 spacewalk-java, SUSE SUSE Manager Server Module 4.3 spacewalk-java causes sensitive information to be logged. This issue affects SUSE Manager Server Module 4.2: before 4.2.50-150300.3.66.5; SUSE Manager Server Module 4.3: before 4.3.58-150400.3.46.4. CVE-2023-22644 moderate Improper access control in the Intel(R) Ethernet Controller RDMA driver for linux before version 1.9.30 may allow an unauthenticated user to potentially enable escalation of privilege via network access. CVE-2023-25775 moderate An out-of-bounds read vulnerability was found in Netfilter Connection Tracking (conntrack) in the Linux kernel. This flaw allows a remote user to disclose sensitive information via the DCCP protocol. CVE-2023-39197 low A race condition was found in the QXL driver in the Linux kernel. The qxl_mode_dumb_create() function dereferences the qobj returned by the qxl_gem_object_create_with_handle(), but the handle is the only one holding a reference to it. This flaw allows an attacker to guess the returned handle value and trigger a use-after-free issue, potentially leading to a denial of service or privilege escalation. CVE-2023-39198 important A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. Due to a race condition between nf_tables netlink control plane transaction and nft_set element garbage collection, it is possible to underflow the reference counter causing a use-after-free vulnerability. We recommend upgrading past commit 3e91b0ebd994635df2346353322ac51ce84ce6d8. CVE-2023-4244 moderate ** DISPUTED ** libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is "I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail." CVE-2023-45322 moderate An issue was discovered in lib/kobject.c in the Linux kernel before 6.2.3. With root access, an attacker can trigger a race condition that results in a fill_kobj_path out-of-bounds write. CVE-2023-45863 moderate An issue was discovered in drivers/net/ethernet/intel/igb/igb_main.c in the IGB driver in the Linux kernel before 6.5.3. A buffer size may not be adequate for frames larger than the MTU. CVE-2023-45871 moderate This flaw allows a malicious HTTP server to set "super cookies" in curl that are then passed back to more origins than what is otherwise allowed or possible. This allows a site to set cookies that then would get sent to different and unrelated sites and domains. It could do this by exploiting a mixed case flaw in curl's function that verifies a given cookie domain against the Public Suffix List (PSL). For example a cookie could be set with `domain=co.UK` when the URL used a lower case hostname `curl.co.uk`, even though `co.uk` is listed as a PSL domain. CVE-2023-46218 moderate When saving HSTS data to an excessively long file name, curl could end up removing all contents, making subsequent requests using that file unaware of the HSTS status they should otherwise use. CVE-2023-46219 low Vim is an improved version of the good old UNIX editor Vi. Heap-use-after-free in memory allocated in the function `ga_grow_inner` in in the file `src/alloc.c` at line 748, which is freed in the file `src/ex_docmd.c` in the function `do_cmdline` at line 1010 and then used again in `src/cmdhist.c` at line 759. When using the `:history` command, it's possible that the provided argument overflows the accepted value. Causing an Integer Overflow and potentially later an use-after-free. This vulnerability has been patched in version 9.0.2068. CVE-2023-46246 low An issue was discovered in the Linux kernel through 6.5.9. During a race with SQ thread exit, an io_uring/fdinfo.c io_uring_show_fdinfo NULL pointer dereference can occur. CVE-2023-46862 moderate A flaw was found in vringh_kiov_advance in drivers/vhost/vringh.c in the host side of a virtio ring in the Linux Kernel. This issue may result in a denial of service from guest to host via zero length descriptor. CVE-2023-5158 moderate Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1969. CVE-2023-5344 low NULL Pointer Dereference in GitHub repository vim/vim prior to 20d161ace307e28690229b68584f2d84556f8960. CVE-2023-5441 moderate Use After Free in GitHub repository vim/vim prior to v9.0.2010. CVE-2023-5535 important A heap out-of-bounds write vulnerability in the Linux kernel's Linux Kernel Performance Events (perf) component can be exploited to achieve local privilege escalation. If perf_read_group() is called while an event's sibling_list is smaller than its child's sibling_list, it can increment or write to memory locations outside of the allocated buffer. We recommend upgrading past commit 32671e3799ca2e4590773fd0e63aaa4229e50c06. CVE-2023-5717 important A use-after-free flaw was found in lan78xx_disconnect in drivers/net/usb/lan78xx.c in the network sub-component, net/usb/lan78xx in the Linux Kernel. This flaw allows a local attacker to crash the system when the LAN78XX USB device detaches. CVE-2023-6039 moderate A null pointer dereference flaw was found in the Linux kernel API for the cryptographic algorithm scatterwalk functionality. This issue occurs when a user constructs a malicious packet with specific socket configuration, which could allow a local user to crash the system or escalate their privileges on the system. CVE-2023-6176 important