SUSE-IU-2024:30-1 SUSE Image security@suse.de SUSE Security Team SUSE Image SUSE-IU-2024:30-1 Interim 1 1 2024-10-26T10:24:25Z current 2024-01-25T01:00:00Z 2024-01-25T01:00:00Z cve-database/bin/generate-cvrf-publiccloud.pl 2021-02-18T01:00:00Z Image update for SUSE-IU-2024:30-1 / google/sles-12-sp5-byos-v20240125-x86-64 This image update for google/sles-12-sp5-byos-v20240125-x86-64 contains the following changes: Package wget was updated: - Fixed the failure to detect SSL handshake timeout [bsc#1217717, wget-add-support-for-timeout-with-ssl.patch, wget-gnutls-honor-connect-timeout.patch] - Fixed Host name when CONNECT is used [bsc#1213898, wget-http-specify-Host-when-CONNECT-is-used.patch] Package yast2-samba-client was updated: - Use translation macro for range settings expert details text; (bsc#1197936). - 3.1.24 Package grub2 was updated: - Fix CVE-2023-4692 (bsc#1215935)- Fix CVE-2023-4693 (bsc#1215936) * 0001-fs-ntfs-Fix-an-OOB-write-when-parsing-the-ATTRIBUTE_.patch * 0002-fs-ntfs-Fix-an-OOB-read-when-reading-data-from-the-r.patch * 0003-fs-ntfs-Fix-an-OOB-read-when-parsing-directory-entri.patch * 0004-fs-ntfs-Fix-an-OOB-read-when-parsing-bitmaps-for-ind.patch * 0005-fs-ntfs-Fix-an-OOB-read-when-parsing-a-volume-label.patch * 0006-fs-ntfs-Make-code-more-readable.patch - Bump upstream SBAT generation to 4 - grub2-once: Fix 'sh: terminal_output: command not found' error (bsc#1204563) (bsc#1215382) - Fix error grub_file_filters not found in Azure virtual machine (bsc#1182012) * 0001-Workaround-volatile-efi-boot-variable.patch - Fix unknown filesystem error on disks with 4096 sector size (bsc#1207064) (bsc#1209234) * 0001-grub-core-modify-sector-by-sysfs-as-disk-sector.patch - Fix installation over serial console ends up in infinite boot loop (bsc#1187810) (bsc#1209667) (bsc#1209372) * 0001-Fix-infinite-boot-loop-on-headless-system-in-qemu.patch - Fix aarch64 kiwi image's file not found due to '/@' prepended to path in btrfs filesystem. (bsc#1209165) * grub2-btrfs-05-grub2-mkconfig.patch Package supportutils-plugin-suse-public-cloud was updated: - Update to version 1.0.8 (bsc#1213951) + Capture CSP billing adapter config and log (issue#13) + Accept upper case Amazon string in DMI table (issue#12) - Update to version 1.0.7 (bsc#1209026) + Include information about the cached registration data + Collect the data that is sent to the update infrastructure during registration Package zlib was updated: - Fix CVE-2023-45853, integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_6, bsc#1216378 * CVE-2023-45853.patch - Fix deflateBound() before deflateInit(), bsc#1210593 bsc1210593.patch - Add DFLTCC support for using inflate() with a small window, fixes bsc#1206513 * bsc1206513.patch Package binutils was updated: - Update to version 2.41 [PED-5778]: * The MIPS port now supports the Sony Interactive Entertainment Allegrex processor, used with the PlayStation Portable, which implements the MIPS II ISA along with a single-precision FPU and a few implementation-specific integer instructions. * Objdump's --private option can now be used on PE format files to display the fields in the file header and section headers. * New versioned release of libsframe: libsframe.so.1. This release introduces versioned symbols with version node name LIBSFRAME_1.0. This release also updates the ABI in an incompatible way: this includes removal of sframe_get_funcdesc_with_addr API, change in the behavior of sframe_fre_get_ra_offset and sframe_fre_get_fp_offset APIs. * SFrame Version 2 is now the default (and only) format version supported by gas, ld, readelf and objdump. * Add command-line option, --strip-section-headers, to objcopy and strip to remove ELF section header from ELF file. * The RISC-V port now supports the following new standard extensions: - Zicond (conditional zero instructions) - Zfa (additional floating-point instructions) - Zvbb, Zvbc, Zvkg, Zvkned, Zvknh[ab], Zvksed, Zvksh, Zvkn, Zvknc, Zvkng, Zvks, Zvksc, Zvkg, Zvkt (vector crypto instructions) * The RISC-V port now supports the following vendor-defined extensions: - XVentanaCondOps * Add support for Intel FRED, LKGS and AMX-COMPLEX instructions. * A new .insn directive is recognized by x86 gas. * Add SME2 support to the AArch64 port. * The linker now accepts a command line option of --remap-inputs &lt;PATTERN&gt;=&lt;FILE&gt; to relace any input file that matches &lt;PATTERN&gt; with &lt;FILE&gt;. In addition the option --remap-inputs-file=&lt;FILE&gt; can be used to specify a file containing any number of these remapping directives. * The linker command line option --print-map-locals can be used to include local symbols in a linker map. (ELF targets only). * For most ELF based targets, if the --enable-linker-version option is used then the version of the linker will be inserted as a string into the .comment section. * The linker script syntax has a new command for output sections: ASCIZ &quot;string&quot; This will insert a zero-terminated string at the current location. * Add command-line option, -z nosectionheader, to omit ELF section header. - Removed obsolete patches: binutils-2.40-branch.diff.gz, riscv-dynamic-tls-reloc-pie.patch, riscv-pr22263-1.patch, extensa-gcc-4_3-fix.diff . - Add binutils-2.41-branch.diff.gz . - Add binutils-old-makeinfo.diff for SLE-12 and older. - Rebased aarch64-common-pagesize.patch and binutils-revert-rela.diff . - Contains fixes for these non-CVEs (not security bugs per upstreams SECURITY.md): * bsc#1209642 aka CVE-2023-1579 aka PR29988 * bsc#1210297 aka CVE-2023-1972 aka PR30285 * bsc#1210733 aka CVE-2023-2222 aka PR29936 * bsc#1213458 aka CVE-2021-32256 aka PR105039 (gcc) * bsc#1214565 aka CVE-2020-19726 aka PR26240 * bsc#1214567 aka CVE-2022-35206 aka PR29290 * bsc#1214579 aka CVE-2022-35205 aka PR29289 * bsc#1214580 aka CVE-2022-44840 aka PR29732 * bsc#1214604 aka CVE-2022-45703 aka PR29799 * bsc#1214611 aka CVE-2022-48065 aka PR29925 * bsc#1214619 aka CVE-2022-48064 aka PR29922 * bsc#1214620 aka CVE-2022-48063 aka PR29924 * bsc#1214623 aka CVE-2022-47696 aka PR29677 * bsc#1214624 aka CVE-2022-47695 aka PR29846 * bsc#1214625 aka CVE-2022-47673 aka PR29876 - Add binutils-disable-dt-relr.sh for an compatibility problem caused by binutils-revert-rela.diff in SLE codestreams. Needed for update of glibc as that would otherwise pick up the broken relative relocs support. [bsc#1213282, PED-1435] - This only existed only for a very short while in SLE-15, as the main variant in devel:gcc subsumed this in binutils-revert-rela.diff. Hence: - Remove binutils-disable-dt-relr.sh as subsumed. - riscv-dynamic-tls-reloc-pie.patch: Backport for PR ld/22263 and PR ld/25694 - riscv-pr22263-1.patch: Backport for PR ld/22263 - Rebase branch patch (includes fix for PR30281). - Document fixed CVEs: * bnc#1208037 aka CVE-2023-25588 aka PR29677 * bnc#1208038 aka CVE-2023-25587 aka PR29846 * bnc#1208040 aka CVE-2023-25585 aka PR29892 * bnc#1208409 aka CVE-2023-0687 aka PR29444 - Enable bpf-none cross target and add bpf-none to the multitarget set of supported targets. - Disable packed-relative-relocs for old codestreams. They generate buggy relocations when binutils-revert-rela.diff is active. [bsc#1206556] - Disable ZSTD debug section compress by default. - Enable zstd compression algorithm (instead of zlib) for debug info sections by default. - Pack libgprofng only for supported platforms. - Remove upstreamed patch binutils-maxpagesize.diff. - Rebase binutils-2.40-branch.diff.gz as it includes fix for PR30043. - Move libgprofng-related libraries to the proper locations (packages). - Add --without=bootstrap for skipping of bootstrap (faster testing of the package). - Remove broken arm32-avoid-copyreloc.patch to fix [gcc#108515] - Update to version 2.40: * Objdump has a new command line option --show-all-symbols which will make it display all symbols that match a given address when disassembling. (Normally only the first symbol that matches an address is shown). * Add --enable-colored-disassembly configure time option to enable colored disassembly output by default, if the output device is a terminal. Note, this configure option is disabled by default. * DCO signed contributions are now accepted. * objcopy --decompress-debug-sections now supports zstd compressed debug sections. The new option --compress-debug-sections=zstd compresses debug sections with zstd. * addr2line and objdump --dwarf now support zstd compressed debug sections. * The dlltool program now accepts --deterministic-libraries and - -non-deterministic-libraries as command line options to control whether or not it generates deterministic output libraries. If neither of these options are used the default is whatever was set when the binutils were configured. * readelf and objdump now have a newly added option --sframe which dumps the SFrame section. * Add support for Intel RAO-INT instructions. * Add support for Intel AVX-NE-CONVERT instructions. * Add support for Intel MSRLIST instructions. * Add support for Intel WRMSRNS instructions. * Add support for Intel CMPccXADD instructions. * Add support for Intel AVX-VNNI-INT8 instructions. * Add support for Intel AVX-IFMA instructions. * Add support for Intel PREFETCHI instructions. * Add support for Intel AMX-FP16 instructions. * gas now supports --compress-debug-sections=zstd to compress debug sections with zstd. * Add --enable-default-compressed-debug-sections-algorithm={zlib,zstd} that selects the default compression algorithm for --enable-compressed-debug-sections. * Add support for various T-Head extensions (XTheadBa, XTheadBb, XTheadBs, XTheadCmo, XTheadCondMov, XTheadFMemIdx, XTheadFmv, XTheadInt, XTheadMemIdx, XTheadMemPair, XTheadMac, and XTheadSync) from version 2.0 of the T-Head ISA manual, which are implemented in the Allwinner D1. * Add support for the RISC-V Zawrs extension, version 1.0-rc4. * Add support for Cortex-X1C for Arm. * New command line option --gsframe to generate SFrame unwind information on x86_64 and aarch64 targets. * The linker has a new command line option to suppress the generation of any warning or error messages. This can be useful when there is a need to create a known non-working binary. The option is -w or --no-warnings. * ld now supports zstd compressed debug sections. The new option - -compress-debug-sections=zstd compresses debug sections with zstd. * Add --enable-default-compressed-debug-sections-algorithm={zlib,zstd} that selects the default compression algorithm for --enable-compressed-debug-sections. * Remove support for -z bndplt (MPX prefix instructions). - Rebased patches: add-ulp-section.diff, ld-relro.diff, binutils-revert-plt32-in-branches.diff, cross-avr-size.patch. - Removed patch: binutils-pr29482.diff. - New patch: extensa-gcc-4_3-fix.diff. - Includes fixes for these CVEs: * bnc#1206080 aka CVE-2022-4285 aka PR29699 - Enable by default: --enable-colored-disassembly. - fix build on x86_64_vX platforms Package openssh was updated: - Added openssh-cve-2023-48795.patch (bsc#1217950, CVE-2023-48795). This mitigates a prefix truncation attack that could be used to undermine channel security. - Add openssh-CVE-2023-38408-PKCS11-execution.patch, Abort if requested to load a PKCS#11 provider that isnt a PKCS#11 provider (bsc#1213504,CVE-2023-38408) - Add conflicts with openssh8.4-(server|clients|common) packages to make the downgrading from openssh 8.4 back to 7.2 easier (SLE-24929, bsc#1201750) - Minor reformatting of the spec file by spec-cleaner Package python-chardet was updated: Package zypper was updated: - Backport needs-rebooting command from Code15 (bsc#1217948)- BuildRequires: libzypp-devel &gt;= 16.22.11. - version 1.13.65 - Add expert (allow-*) options to all installer commands (bsc#428822) - version 1.13.64 - Provide &quot;removeptf&quot; command (bsc#1203249) A remove command which prefers replacing dependant packages to removing them as well. A PTF is typically removed as soon as the fix it provides is applied to the latest official update of the dependant packages. But you don't want the dependant packages to be removed together with the PTF, which is what the remove command would do. The removeptf command however will aim to replace the dependant packages by their official update versions. - BuildRequires: libzypp-devel &gt;= 16.22.6. - version 1.13.63 Package yast2-registration was updated: - Switch to the new SUSEConnect-ng (bsc#1212799), includes additional fixes: - SSL reload fix (bsc#1195220) - Detection of base products coming from SCC (bsc#1194989, bsc#1217317) - 3.3.2 Package glibc was updated: - gai-merge-continue-actions.patch: Simplify allocations and fix merge and continue actions (CVE-2023-4813, bsc#1215286, BZ #28931) - s390-nl-current-lc-foo-used.patch: S390: Fix relocation of _nl_current_LC_CATETORY_used in static build (bsc#1215504, BZ #19860) - gb18030-2022.patch: add GB18030-2022 charmap (jsc#PED-4908, BZ #30243) Package libxml2 was updated: - Security update: * [CVE-2023-45322, bsc#1216129] use-after-free in xmlUnlinkNode() in tree.c - Added file libxml2-CVE-2023-45322.patch - Security update: * [CVE-2023-39615, bsc#1214768] Crafted xml can cause global buffer overflow - Added file libxml2-CVE-2023-39615.patch - Security update: * [CVE-2023-29469, bsc#1210412] Hashing of empty dict strings isn't deterministic - Added patch libxml2-CVE-2023-29469.patch * [CVE-CVE-2023-28484, bsc#1210411] NULL dereference in xmlSchemaFixupComplexType - Added patch libxml2-CVE-2023-28484-1.patch - Added patch libxml2-CVE-2023-28484-2.patch Package libX11 was updated: - U_0001-CVE-2023-43785-out-of-bounds-memory-access-in-_XkbRe.patch U_0002-CVE-2023-43786-stack-exhaustion-from-infinite-recurs.patch U_0003-XPutImage-clip-images-to-maximum-height-width-allowe.patch U_0004-XCreatePixmap-trigger-BadValue-error-for-out-of-rang.patch U_0005-CVE-2023-43787-Integer-overflow-in-XCreateImage-lead.patch * CVE-2023-43785 libX11: out-of-bounds memory access in _XkbReadKeySyms() (boo#1215683) * CVE-2023-43786 libX11: stack exhaustion from infinite recursion in PutSubImage() (boo#1215684) * CVE-2023-43787 libX11: integer overflow in XCreateImage() leading to a heap overflow (boo#1215685) - U_InitExt.c-Add-bounds-checks-for-extension-request-ev.patch * Buffer overflows in InitExt.c (boo#1212102, CVE-2023-3138) Package perl-Bootloader was updated: - merge gh#openSUSE/perl-bootloader#152- use signed grub EFI binary when updating grub in default EFI location (bsc#1210799) - check whether grub2-install supports --suse-force-signed option - 0.944 - merge gh#openSUSE/perl-bootloader#147 - UEFI: update also default location, if it is controlled by SUSE (bsc#1210799, bsc#1201399) - 0.943 - merge gh#openSUSE/perl-bootloader#142 - use fw_platform_size to distinguish between 32 bit and 64 bit UEFI platforms (bsc#1208003) - 0.942 - merge gh#openSUSE/perl-bootloader#141 - systemd-boot: easier initial setup - 0.941 - merge gh#openSUSE/perl-bootloader#140 - add basic support for systemd-boot - 0.940 - merge gh#openSUSE/perl-bootloader#139 - fix sysconfig parsing (bsc#1198828) - 0.939 - merge gh#openSUSE/perl-bootloader#138 - grub2/install: reset error code when passing through recover code (bsc#1198197) - 0.938 - merge gh#openSUSE/perl-bootloader#137 - grub2 install: Support secure boot on powerpc (bsc#1192764 jsc#SLE-18271). - 0.937 - merge gh#openSUSE/perl-bootloader#136 - report error if config file could not be updated (bsc#1188768) - 0.936 - merge gh#openSUSE/perl-bootloader#135 - fix typo in update-bootloader - 0.935 - merge gh#openSUSE/perl-bootloader#134 - install with --removable if efivars are not writable (bsc#1182749, bsc#1174111, bsc#1184160) - fix whitespace - 0.934 - merge gh#openSUSE/perl-bootloader#133 - use shim on aarch64 (jsc#SLE-15823, jsc#SLE-15020) - 0.933 - merge gh#openSUSE/perl-bootloader#131 - grub2 install: honor UPDATE_NVRAM in /etc/sysconfig/bootloader (bsc#1157550 jsc#SLE-11500). - 0.932 - merge gh#openSUSE/perl-bootloader#129 - Check tpm.mod in the new grub2 directory (bsc#1174320) - 0.931 - merge gh#openSUSE/perl-bootloader#130 - Throw less warnings about fstab - 0.930 - merge gh#openSUSE/perl-bootloader#128 - Do not warn about missing SECURE_BOOT sysconfig - 0.929 - merge gh#openSUSE/perl-bootloader#127 - use correct target name on aarch64 (bsc#1172293) - 0.928 - merge gh#openSUSE/perl-bootloader#126 - always install EFI fallback boot for aarch64 (bsc#1167015) - 0.927 - merge gh#openSUSE/perl-bootloader#123 - Accept sysconfig values without quotes - 0.926 - merge gh#openSUSE/perl-bootloader#122 - Replace --suse-signed-grub by --suse-force-signed to follow update from boo#1136601 - 0.925 - merge gh#openSUSE/perl-bootloader#121 - Fix secureboot on aarch64 (boo#1136601) - [RFC] Fix secureboot on aarch64 (boo#1136601) - 0.924 Package patterns-sles was updated: - Require kmod-compat rather than kmod. It's kmod-compat that has the tools used by the kernel and scripts (bsc#1215533). Package supportutils was updated: - Changes in version 3.0.12 + Optimize lsof usage (bsc#1183663) + Collects ntp or chrony as needed (bsc#1196293) - Added email.txt based on OPTION_EMAIL - Added run time detection (bsc#1213127) - Removed iSCSI passwords CVE-2022-45154 (bsc#1207598) - Fixed missing status detail for apparmor (bsc#1196933) - Corrected invalid argument list in docker.txt (bsc#1206608) - Changed _sanitize_file to include lio_setup.sh (bsc#1206350) Package gawk was updated: - format-tree-positional-arg.patch: Validate index into argument list (CVE-2023-4156, bsc#1214025) Package tar was updated: - Fix CVE-2023-39804, Incorrectly handled extension attributes in PAX archives can lead to a crash, bsc#1217969 * fix-CVE-2023-39804.patch Package python-requests was updated: - Add CVE-2023-32681.patch to fix unintended leak of Proxy-Authorization header (CVE-2023-32681, bsc#1211674) Upstream commit: gh#psf/requests@74ea7cf7a6a2 Package python3-requests was updated: - Add CVE-2023-32681.patch to fix unintended leak of Proxy-Authorization header (CVE-2023-32681, bsc#1211674) Upstream commit: gh#psf/requests@74ea7cf7a6a2 Package glib2 was updated: - Update glib2-fix-normal-form-handling-in-gvariant.patch: Backported from upstream to fix regression on s390x. (bsc#1210135, glgo#GNOME/glib!2978) - Add glib2-fix-normal-form-handling-in-gvariant.patch: Backported from upstream to fix normal form handling in GVariant. (CVE-2023-24593, CVE-2023-25180, bsc#1209714, bsc#1209713, glgo#GNOME/glib!3125) Package shim was updated: - add CVE number against bsc# + (bsc#1198458, CVE-2022-28737) - Update shim to 15.7-150300.4.11.1 from SLE15-SP3 + Version: 15.7, &quot;Thu Mar 17 2023&quot; + Update the SLE signatures + Include the fixes for bsc#1205588, bsc#1202120, bsc#1201066, bsc#1198458, bsc#1198101, bsc#1193315, bsc#1193282 Package nfs-utils was updated: - Add 0207-exportfs-Ingnore-export-failures-in-nfs-server.seriv.patch Inconsistencies in /etc/exports shouldn't be fatal. (bsc#1212594) - 0206-gssd-Fix-inner-loop-variable-reuse.patch Fix for previous patch (bsc#1210136) - 0205-nfsd.man-fix-typo-in-section-on-scope.patch bsc#1209859 Package ncurses was updated: - Add patch bsc1218014-cve-2023-50495.patch * Fix CVE-2023-50495: segmentation fault via _nc_wrap_entry() (bsc#1218014) - Modify patch ncurses-6.1.dif * Secure writing terminfo entries by setfs[gu]id in s[gu]id (boo#1210434, CVE-2023-29491) * Reading is done since 2000/01/17 Package sqlite3 was updated: - Sync version 3.44.0 from Factory * Fixes bsc#1210660, CVE-2023-2137: Heap buffer overflow * sqlite3-rtree-i686.patch: temporary build fix for 32-bit x86. * Obsoletes sqlite-CVE-2022-46908.patch * Obsoletes sqlite-src-3390000-func7-pg-181.patch Package python36 was updated: - Add CVE-2023-40217-avoid-ssl-pre-close.patch fixing gh#python/cpython#108310, backport from upstream patch gh#python/cpython#108315 (bsc#1214692, CVE-2023-40217) - Add 99366-patch.dict-can-decorate-async.patch fixing gh#python/cpython#98086 (backport from Python 3.10 patch in gh#python/cpython!99366), fixing bsc#1211158. - Add CVE-2007-4559-filter-tarfile_extractall.patch to fix CVE-2007-4559 (bsc#1203750) by adding the filter for tarfile.extractall (PEP 706). - Use python3 modules to build the documentation. Package insserv-compat was updated: - remove not needed named entry from insserv.conf (bsc#1052837, bsc#1212955) Package libcap was updated: - Fixed integer overflow or wraparound in libcap/cap_alloc.c:_libcap_strdup() (bsc#1211419 / CVE-2023-2603) CVE-2023-2603.patch Package rsyslog was updated: - fix rsyslog crash in imrelp (bsc#1210286) * add: 0001-Avoid-crash-on-restart-in-imrelp-SIGTTIN-handler.patch Package procps was updated: - Add patch bsc1216825.patch Avoid SIGSEGV in case of sending SIGTERM to a top command running in batch mode (bsc#1216825) - Update legacy pmap to know about new ProtectionKey in smaps - Add patch CVE-2023-4016.patch * CVE-2023-4016: ps buffer overflow (bsc#1214290) Package permissions was updated: - Update to version 20170707: * mariadb: settings for new auth_pam_tool (bsc#1160285) Package dracut was updated: - fix(dracut): do not read /proc/modules to get the host modules (bsc#1210910) * add 0634-fix-dracut-do-not-read-proc-modules-to-get-the-host-.patch - fix handling of omit_dracutmodules parameter (bsc#1208929) * add 0633-fix-dracut.sh-omission-is-an-addition-to-other-omiss.patch Package google-osconfig-agent was updated: - Update to version 20230706.02 (bsc#1212418, bsc#1212759) * Update go version in go.mod (#479) - from version 20230706.01 * Fix condition to have 10 attempts rather than 11. (#477) - from version 20230706.00 * Remove tests for Ubuntu 18.04 (EOL) (#476) - from version 20230605.00 * Update old SLES images paths (#475) - from version 20230602.00 * Adding what exit codes mean for OS Config policy (#474) - from version 20230504.00 * Set DEBIAN_FRONTEND=noninteractive for apt-get (#472) - from version 20230403.00 * Disable repos clean-up (#471) - from version 20230330.00 * Revert &quot;Call FQDN (#454)&quot; (#470) - from version 20230327.00 * support new format of zypper patch (#469) * Fix comparing exec.Cmd in mock on Go1.20 - from version 20230316.00 * Remove old images from e2e tests image list - from version 20230227.01 * Update dependencies (#466) - from version 20230227.00 * Bump golang.org/x/sys from 0.0.0-20210923061019-b8560ed6a9b7 to 0.1.0 (#463) Package cryptsetup was updated: - luksFormat: Handle system with low memory and no swap space [bsc#1211079] * Check for physical memory available also in PBKDF benchmark. * Try to avoid OOM killer on low-memory systems without swap. * Use only half of detected free memory on systems without swap. * Add patches: - cryptsetup-Check-for-physical-memory-available-also-in-PBKDF-be.patch - cryptsetup-Try-to-avoid-OOM-killer-on-low-memory-systems-withou.patch - cryptsetup-Use-only-half-of-detected-free-memory-on-systems-wit.patch Package cronie was updated: - Let systemd finish jobs executed by cron after it gets killed, bsc#1211066 * cron.service Package kernel-default was updated: - PCI: Disable ATS for specific Intel IPU E2000 devices (bsc#1218622). - commit 6c47e22 - smb: client: fix potential OOB in smb2_dump_detail() (bsc#1217946 CVE-2023-6610). - commit 74aafd7 - netfilter: nf_tables: do not allow RULE_ID to refer to another chain (bsc#1202095 CVE-2022-2586). - commit 32951b9 - netfilter: nf_tables: do not allow SET_ID to refer to another table (bsc#1202095 CVE-2022-2586). - commit d107d27 - netfilter: preserve KABI for struct nft_set (bsc#1202095 CVE-2022-2586). - commit b3d22c5 - netfilter: nf_tables: pass ctx to nf_tables_expr_destroy() (bsc#1202095 CVE-2022-2586). - commit 61a0caa - Resolve build warnings from previous series due to missing commit for Ice Lake freerunning counters perf/x86/intel/uncore: Add box_offsets for free-running counters (jsc#PED-5023 bsc#1211439). - commit 8524ea3 - Bluetooth: af_bluetooth: Fix Use-After-Free in bt_sock_recvmsg (CVE-2023-51779 bsc#1218559). - commit f63e944 - blacklist.conf: update blacklist - commit 6de7142 - xhci: Clear EHB bit only at end of interrupt handler (git-fixes). - commit 21f5e35 - usb: config: fix iteration issue in 'usb_get_bos_descriptor()' (git-fixes). - commit d5b5186 - MyBS: Workaround for kernel-obs-build build failure (JSC-SLE#5501, boo#1211226, bsc#1218184) kernel-obs-build needs root for build. This is in some way enabled for the package link case but not for multibuild case. As a workaround add the allowrootforbuild flag to prjconf for multibuild. - commit 71a32af - md/raid1: fix error: ISO C90 forbids mixed declarations (git-fixes). - commit c63e55d - dm-integrity: don't modify bio's immutable bio_vec in integrity_metadata() (git-fixes). - md: don't leave 'MD_RECOVERY_FROZEN' in error path of md_set_readonly() (git-fixes). - bcache: revert replacing IS_ERR_OR_NULL with IS_ERR (git-fixes). - dm-verity: align struct dm_verity_fec_io properly (git-fixes). - dm verity: don't perform FEC for failed readahead IO (git-fixes). - bcache: add code comments for bch_btree_node_get() and __bch_btree_node_alloc() (git-fixes). - bcache: replace a mistaken IS_ERR() by IS_ERR_OR_NULL() in btree_gc_coalesce() (git-fixes). - bcache: prevent potential division by zero error (git-fixes). - bcache: check return value from btree_node_alloc_replacement() (git-fixes). - md/raid1: hold the barrier until handle_read_error() finishes (git-fixes). - md/raid1: free the r1bio before waiting for blocked rdev (git-fixes). - md: raid1: fix potential OOB in raid1_remove_disk() (git-fixes). - md: restore 'noio_flag' for the last mddev_resume() (git-fixes). - dm cache policy smq: ensure IO doesn't prevent cleaner policy progress (git-fixes). - dm raid: fix missing reconfig_mutex unlock in raid_ctr() error paths (git-fixes). - md/raid0: add discard support for the 'original' layout (git-fixes). - bcache: Fix __bch_btree_node_alloc to make the failure behavior consistent (git-fixes). - bcache: Remove unnecessary NULL point check in node allocations (git-fixes). - nbd: Add the maximum limit of allocated index in nbd_dev_add (git-fixes). - nbd: Fix debugfs_create_dir error checking (git-fixes). - dm flakey: fix a crash with invalid table line (git-fixes). - dm integrity: call kmem_cache_destroy() in dm_integrity_init() error path (git-fixes). - dm verity: fix error handling for check_at_most_once on FEC (git-fixes). - dm stats: check for and propagate alloc_percpu failure (git-fixes). - dm crypt: add cond_resched() to dmcrypt_write() (git-fixes). - rbd: avoid use-after-free in do_rbd_add() when rbd_dev_create() fails (git-fixes). - dm cache: add cond_resched() to various workqueue loops (git-fixes). - dm thin: add cond_resched() to various workqueue loops (git-fixes). - dm: remove flush_scheduled_work() during local_exit() (git-fixes). - dm flakey: fix logic when corrupting a bio (git-fixes). - dm flakey: don't corrupt the zero page (git-fixes). - dm verity: skip redundant verity_handle_err() on I/O errors (git-fixes). - commit 640b528 - Previous perf cve-4.12-&gt;SLE12-SP5 manual merge was incorrect. Fix. - Refresh patches.suse/perf-Fix-perf_event_validate_size-lockdep-splat.patch. - Refresh patches.suse/perf-Fix-perf_event_validate_size.patch. - commit 3382aa6 - MyBS: Fix the logic of the wipe conditional. - with no_init specified leave the built packages - with multibuild the package may be present even if build is not enabled, delete anyway - commit 9c2f303 - mkspec: Add multibuild support (JSC-SLE#5501, boo#1211226, bsc#1218184) When MULTIBUILD option in config.sh is enabled generate a _multibuild file listing all spec files. - commit f734347 - Build in the correct KOTD repository with multibuild (JSC-SLE#5501, boo#1211226, bsc#1218184) With multibuild setting repository flags is no longer supported for individual spec files - see https://github.com/openSUSE/open-build-service/issues/3574 Add ExclusiveArch conditional that depends on a macro set up by bs-upload-kernel instead. With that each package should build only in one repository - either standard or QA. Note: bs-upload-kernel does not interpret rpm conditionals, and only uses the first ExclusiveArch line to determine the architectures to enable. - commit aa5424d - bs-upload-kernel, MyBS, Buildresults: Support multibuild (JSC-SLE#5501, boo#1211226, bsc#1218184) - strip package name prefix when recording results - add package prefix to linked packages - when _multibuild file is present do not link packages - use onlybuild BuildFlag for limiting build to specific packages - generate is_kotd_qa macro in project config that can be used to determine if the package is built in the QA repository This is _very_ convoluted. No shell or lua tools can be used because this information needs to be available to the OBS to schedule the package in the correct repository, and it does not run scripts. The builtin sub macro for slicing strings causes a build error - it expanded correctly by the scheduler but not available at package build time. If conditional cannot be used because rpm macros from project config are added to a macro include file, and those do not support conditionals. That leaves the option to use an expression that explicitly enumerates all QA repository names. This requires unusal and convoluted check in the spec file to make use of. - commit 747f601 - MyBS: create_package: Specify package should build in QA repository by argument (JSC-SLE#5501, boo#1211226, bsc#1218184) Drop the unused title and description arguments, move the package name match to upload_package and pass teh result, add additional argument for multibuild. - commit a355e71 - bs-upload-kernel: Wipe kernel-obs-build before upload (JSC-SLE#5501, boo#1211226, bsc#1218184) The kernel upload takes long enough for packages to start building during the upload. If the project contains kernel-obs-build binary that crashes on boot builds fail as a result. Wipe kernel-obs-build before the upload. Handle the case when the package does not exist yet by ignoring the error. - commit cdac4cc - bs-upload-kernel: Use one package list (JSC-SLE#5501, boo#1211226, bsc#1218184) There were ultiple package lists passed to upload_package supporting the distinction between package names starting with kernel- which can be individually selected for build, and other packages. Pass only one package list to simplify the logic and make it possible to know the full package list before doing the upload. - commit ec941eb - bs-upload-kernel: Support package limit for non-kernel packages (JSC-SLE#5501, boo#1211226, bsc#1218184) The -f option of the bs-upload-kernel script adds kernel- prefix unconditionally the package name. List all spec files in the uploaded directory, and check if the package exists with or without the kernel- prefix. - commit 354b77b - bs-upload-kernel: Drop BS_SUFFIX (JSC-SLE#5501, boo#1211226, bsc#1218184) BS_SUFFIX was used by SLE12 SP1 for Arm. This release is no longer maintained, and this feature gets no testing. Substantial changes to this script are required, and it's unlikely this feture would keep working after that. - commit e27b306 - blacklist.conf: Add 1ca0b6051505 cgroup: Remove duplicates in cgroup v1 tasks file - commit a77e914 - blacklist.conf: add non-backport commits of git-fixes - commit 4d91f49 - blacklist.conf: change to logging only - commit a144be1 - net: usb: qmi_wwan: claim interface 4 for ZTE MF290 (git-fixes). - commit 0feae40 - Fix termination state for idr_for_each_entry_ul() (bsc#1109837). - commit d343735 - Bluetooth: avoid memcmp() out of bounds warning (bsc#1215237 CVE-2020-26555). - Bluetooth: hci_event: Fix coding style (bsc#1215237 CVE-2020-26555). - Bluetooth: hci_event: Fix using memcmp when comparing keys (bsc#1215237 CVE-2020-26555). - commit eb3189f - Bluetooth: Reject connection with the device which has same BD_ADDR (bsc#1215237 CVE-2020-26555). - commit fea8835 - Bluetooth: hci_event: Ignore NULL link key (bsc#1215237 CVE-2020-26555). - commit c0e1033 - perf/x86/intel/uncore: Fix reference count leak in __uncore_imc_init_box() (jsc#PED-5023 bsc#1211439 (git-fixes)). - perf/x86/intel/uncore: Fix reference count leak in snr_uncore_mmio_map() (jsc#PED-5023 bsc#1211439 (git-fixes)). - perf/x86/intel/uncore: Fix broken read_counter() for SNB IMC PMU (jsc#PED-5023 bsc#1211439 (git-fixes)). - perf/x86/intel/uncore: Fix CAS_COUNT_WRITE issue for ICX (jsc#PED-5023 bsc#1211439 (git-fixes)). - perf/x86/intel/uncore: Fix IIO event constraints for Snowridge (jsc#PED-5023 bsc#1211439 (git-fixes)). - perf/x86/intel/uncore: Fix Intel ICX IIO event constraints (jsc#PED-5023 bsc#1211439 (git-fixes)). - perf/x86/intel/uncore: Support extra IMC channel on Ice Lake server (jsc#PED-5023 bsc#1211439 (git-fixes)). - perf/x86/intel/uncore: Fix integer overflow on 23 bit left shift of a u32 (jsc#PED-5023 bsc#1211439 (git-fixes)). - perf/x86/intel/uncore: Fix M2M event umask for Ice Lake server (jsc#PED-5023 bsc#1211439 (git-fixes)). - perf/x86/intel/uncore: Fix the scale of the IMC free-running events (jsc#PED-5023 bsc#1211439 (git-fixes)). - perf/x86/intel/uncore: Fix oops when counting IMC uncore events on some TGL (jsc#PED-5023 bsc#1211439 (git-fixes)). - perf/x86/intel/uncore: Fix missing marker for snr_uncore_imc_freerunning_events (jsc#PED-5023 bsc#1211439 (git-fixes)). - commit 1cc4e6d - perf: Fix perf_event_validate_size() lockdep splat (CVE-2023-6931 bsc#1218258). - perf: Fix perf_event_validate_size() (CVE-2023-6931 bsc#1218258). - commit 6cfe60a - smb: client: fix OOB in smbCalcSize() (bsc#1217947 CVE-2023-6606). - commit d398d5f - smb: client: fix OOB in smbCalcSize() (bsc#1217947 CVE-2023-6606). - commit 6765acb - perf/x86/intel/uncore: Add Rocket Lake support (jsc#PED-5023 bsc#1211439). - commit 60ab65b - perf/x86/msr: Add Rocket Lake CPU support (jsc#PED-5023 bsc#1211439). - commit fac3f56 - perf/x86/msr: Add Tiger Lake CPU support (jsc#PED-5023 bsc#1211439). - commit 7c0409f - perf/x86/cstate: Add Rocket Lake CPU support (jsc#PED-5023 bsc#1211439). - commit f918ead - perf/x86/cstate: Add Tiger Lake CPU support (jsc#PED-5023 bsc#1211439). - Refresh patches.suse/x86-perf-events-convert-to-new-cpu-match-macros.patch. - commit c544da1 - perf/x86/intel: Add Rocket Lake CPU support (jsc#PED-5023 bsc#1211439). - commit 5b98b63 - perf/x86/intel: Add Tiger Lake CPU support (jsc#PED-5023 bsc#1211439). - commit 0e12a3f - perf/x86/intel: Fix Ice Lake event constraint table (jsc#PED-5023 bsc#1211439). - commit cd283d5 - perf/x86/intel/uncore: Update Ice Lake uncore units (jsc#PED-5023 bsc#1211439). - commit 0e10240 - perf/x86/intel/uncore: Split the Ice Lake and Tiger Lake MSR uncore support (jsc#PED-5023 bsc#1211439). - commit 9c5fb1a - x86/cpu: Add Lakefield, Alder Lake and Rocket Lake models to the to Intel CPU family (jsc#PED-5023 bsc#1211439). - blacklist.conf: - commit 2561a0a - perf/x86/intel/uncore: Add Comet Lake support (jsc#PED-5023 bsc#1211439). - Refresh patches.suse/x86-perf-events-convert-to-new-cpu-match-macros.patch. - commit 2e1087f - x86/cpu: Add Sapphire Rapids CPU model number (jsc#PED-5023 bsc#1211439). - commit 5b5d85f - perf/x86/rapl: Add Ice Lake RAPL support (jsc#PED-5023 bsc#1211439). - commit c6183ea - perf/x86/intel/uncore: Add Ice Lake server uncore support (jsc#PED-5023 bsc#1211439). - commit 4150606 - perf/x86/intel/uncore: Factor out __snr_uncore_mmio_init_box (jsc#PED-5023 bsc#1211439). - commit c73e167 - perf/x86: Add Intel Tiger Lake uncore support (jsc#PED-5023 bsc#1211439). - Refresh patches.suse/x86-intel-aggregate-big-core-mobile-naming.patch. - Refresh patches.suse/x86-intel-aggregate-microserver-naming.patch. - Refresh patches.suse/x86-perf-events-convert-to-new-cpu-match-macros.patch. - commit f5492f0 - perf/x86/cstate: Update C-state counters for Ice Lake (jsc#PED-5023 bsc#1211439). - Refresh patches.suse/x86-perf-events-convert-to-new-cpu-match-macros.patch. - commit fef0544 - perf/x86/msr: Add new CPU model numbers for Ice Lake (jsc#PED-5023 bsc#1211439). - Refresh patches.suse/x86-bugs-Report-AMD-retbleed-vulnerability.patch. - Refresh patches.suse/x86-bugs-Report-Intel-retbleed-vulnerability.patch. - Refresh patches.suse/x86-bugs-add-cannon-lake-to-retbleed-affected-cpu-list.patch. - Refresh patches.suse/x86-common-Stamp-out-the-stepping-madness.patch. - Refresh patches.suse/x86-intel-aggregate-microserver-naming.patch. - Refresh patches.suse/x86-speculation-Mark-all-Skylake-CPUs-as-vulnerable-to-GDS.patch. - Refresh patches.suse/x86-speculation-add-gather-data-sampling-mitigation.patch. - Refresh patches.suse/x86-speculation-mmio-Enumerate-Processor-MMIO-Stale-Data-bug.patch. - Refresh patches.suse/x86-speculation-mmio-Reuse-SRBDS-mitigation-for-SBDS.patch. - commit 68588a6 - perf/x86/msr: Add Comet Lake CPU support (jsc#PED-5023 bsc#1211439). - commit 2ec338b - x86/cpu: Add Comet Lake to the Intel CPU models header (jsc#PED-5023 bsc#1211439). - blacklist.conf: - commit bd3eac7 - x86/cpu: Add Tiger Lake to Intel family (jsc#PED-5023 bsc#1211439). - blacklist.conf: - Refresh patches.suse/x86-CPU-Add-Icelake-model-number.patch. - Refresh patches.suse/x86-cpu-sanitize-fam6_atom-naming.patch. - commit 45e2da6 - perf/x86/intel: Mark expected switch fall-throughs (jsc#PED-5023 bsc#1211439). - Refresh patches.suse/x86-intel-aggregate-big-core-client-naming.patch. - Refresh patches.suse/x86-intel-aggregate-big-core-mobile-naming.patch. - commit ebba1f6 - perf/x86/intel: Fix invalid Bit 13 for Icelake MSR_OFFCORE_RSP_x register (jsc#PED-5023 bsc#1211439). - commit b357e8f - perf/x86/intel/uncore: Add IMC uncore support for Snow Ridge (jsc#PED-5023 bsc#1211439). - commit 1e6f0c4 - perf/x86/intel/uncore: Clean up client IMC (jsc#PED-5023 bsc#1211439). - commit b9f2803 - perf/x86/intel/uncore: Support MMIO type uncore blocks (jsc#PED-5023 bsc#1211439). - Refresh patches.suse/x86-perf-events-convert-to-new-cpu-match-macros.patch. - commit 2ed2c09 - perf/x86/intel/uncore: Factor out box ref/unref functions (jsc#PED-5023 bsc#1211439). - commit 9298d3b - perf/x86/intel/uncore: Add uncore support for Snow Ridge server (jsc#PED-5023 bsc#1211439). - Refresh patches.suse/x86-intel-aggregate-big-core-client-naming.patch. - Refresh patches.suse/x86-intel-aggregate-big-core-mobile-naming.patch. - Refresh patches.suse/x86-intel-aggregate-microserver-naming.patch. - Refresh patches.suse/x86-perf-events-convert-to-new-cpu-match-macros.patch. - commit 6e7af12 - perf/x86/intel: Add more Icelake CPUIDs (jsc#PED-5023 bsc#1211439). - Refresh patches.suse/x86-intel-aggregate-big-core-client-naming.patch. - Refresh patches.suse/x86-intel-aggregate-big-core-mobile-naming.patch. - commit ba0eb7e - perf/x86/intel: Add Icelake desktop CPUID (jsc#PED-5023 bsc#1211439). - Refresh patches.suse/intel_rapl-add-support-for-IceLake-desktop.patch. - Refresh patches.suse/powercap-intel-rapl-add-support-for-ICX.patch. - Refresh patches.suse/x86-intel-aggregate-big-core-client-naming.patch. - Refresh patches.suse/x86-intel-aggregate-big-core-mobile-naming.patch. - Refresh patches.suse/x86-perf-events-convert-to-new-cpu-match-macros.patch. - commit 7786ce1 - perf/x86/intel/uncore: Add new IMC PCI IDs for KabyLake, AmberLake and WhiskeyLake CPUs (jsc#PED-5023 bsc#1211439). - commit 4d459ae - perf/x86/intel/uncore: Add tabs to Uncore IMC PCI IDs (jsc#PED-5023 bsc#1211439). - commit 1e8abbc - perf/x86: Add Intel Ice Lake NNPI uncore support (jsc#PED-5023 bsc#1211439). - Refresh patches.suse/x86-intel-aggregate-big-core-client-naming.patch. - Refresh patches.suse/x86-intel-aggregate-big-core-mobile-naming.patch. - Refresh patches.suse/x86-perf-events-convert-to-new-cpu-match-macros.patch. - commit 55befa5 - x86/cpu: Add Ice Lake NNPI to Intel family (jsc#PED-5023 bsc#1211439). - Refresh patches.suse/x86-intel-aggregate-big-core-mobile-naming.patch. - commit 34f99e6 - s390/vx: fix save/restore of fpu kernel context (git-fixes bsc#1218362). - commit 657e47b - nvme: sanitize metadata bounce buffer for reads (git-fixes). - commit 6f2b20c - Input: powermate - fix use-after-free in powermate_config_complete (git-fixes). - commit 6690cf9 - r8152: Add RTL8152_INACCESSIBLE to r8153_aldps_en() (git-fixes). - commit 64cb7dc - ipv4: igmp: fix refcnt uaf issue when receiving igmp query packet (bsc#1218253 CVE-2023-6932). - commit ebe786a - gve: Fixes for napi_poll when budget is 0 (bsc#1214479). - gve: Do not fully free QPL pages on prefill errors (bsc#1214479). - gve: fix frag_list chaining (bsc#1214479). - gve: RX path for DQO-QPL (bsc#1214479). - gve: Tx path for DQO-QPL (bsc#1214479). - gve: Control path for DQO-QPL (bsc#1214479). - gve: trivial spell fix Recive to Receive (bsc#1214479). - gve: unify driver name usage (bsc#1214479). - gve: Set default duplex configuration to full (bsc#1214479). - gve: Unify duplicate GQ min pkt desc size constants (bsc#1214479). - gve: Add XDP REDIRECT support for GQI-QPL format (bsc#1214479). - gve: Add XDP DROP and TX support for GQI-QPL format (bsc#1214479). - gve: Changes to add new TX queues (bsc#1214479). - gve: XDP support GQI-QPL: helper function changes (bsc#1214479). - gve: Fix gve interrupt names (bsc#1214479). - commit 9108d42 - tracing: Update snapshot buffer on resize if it is allocated (git-fixes). - commit 30f36d0 - ring-buffer: Fix memory leak of free page (git-fixes). - commit 7dfbb97 - blacklist.conf: add a not-relevant ftrace fix - commit 09bf0c1 - blacklist.conf: false positive - commit 71ff422 - r8152: Add RTL8152_INACCESSIBLE checks to more loops (git-fixes). - commit 6e72146 - net: dsa: mv88e6xxx: Fix 88E6141/6341 2500mbps SERDES speed (git-fixes). - commit ce068ed - r8152: Rename RTL8152_UNPLUG to RTL8152_INACCESSIBLE (git-fixes). - commit 715a8e7 - blacklist.conf: update blacklist - commit 9a12072 - blacklist.conf: update blacklist - commit cc9998b - net: stmmac: Move debugfs init/exit to -&gt;probe()/-&gt;remove() (git-fixes). - commit e003b9a - net: ethernet: ti: cpsw: unsync mcast entries while switch promisc mode (git-fixes). - commit 39aa8c8 - net: macb: disable scatter-gather for macb on sama5d3 (git-fixes). - commit a5f5aa8 - netfilter: nft_compat: use-after-free when deleting targets (git-fixes). - commit 2ea1f0c - netfilter: nf_tables: fix use-after-free when deleting compat expressions (git-fixes). - commit b4fa1c0 - tcp: fix under-evaluated ssthresh in TCP Vegas (git-fixes). - commit b480783 - blacklist.conf: update blacklist - commit 14f35e3 - netfilter: ebtables: also count base chain policies (git-fixes). - Refresh patches.kabi/netfilter-preserve-KABI-for-xt_compat_init_offsets.patch. - commit 051bd2a - netfilter: ebtables: compat: un-break 32bit setsockopt when no rules are present (git-fixes). - Refresh patches.kabi/netfilter-preserve-KABI-for-xt_compat_init_offsets.patch. - commit 332123a - netfilter: ebtables: don't attempt to allocate 0-sized compat array (git-fixes). - Refresh patches.kabi/netfilter-preserve-KABI-for-xt_compat_init_offsets.patch. - commit 39f9e26 - netfilter: preserve KABI for xt_compat_init_offsets (git-fixes). - commit 71e46a5 - netfilter: compat: reject huge allocation requests (git-fixes). - commit f398964 - netfilter: compat: prepare xt_compat_init_offsets to return errors (git-fixes). - commit a1a8d4f - KVM: s390/mm: Properly reset no-dat (git-fixes bsc#1218057). - commit d3f8ccb - tracing: Disable snapshot buffer when stopping instance tracers (git-fixes). - commit b07eab3 - tracing: Stop current tracer when resizing buffer (git-fixes). - commit 5c0c11a - tracing: Always update snapshot buffer size (git-fixes). - commit c831a81 - tracing: relax trace_event_eval_update() execution with cond_resched() (git-fixes). - commit f1e2f19 - xfrm6: fix inet6_dev refcount underflow problem (git-fixes). - commit 50692e8 - README.BRANCH: update maintainers list - commit 4795fb8 - ipv6/addrconf: fix a potential refcount underflow for idev (git-fixes). - commit 0afb0f6 - ipv6: remove extra dev_hold() for fallback tunnels (git-fixes). - commit a02e296 - ip6_tunnel: sit: proper dev_{hold|put} in ndo_[un]init methods (git-fixes). - commit 934530e - sit: proper dev_{hold|put} in ndo_[un]init methods (git-fixes). - commit 96165ef - ip6_vti: proper dev_{hold|put} in ndo_[un]init methods (git-fixes). - commit 42264ea - ip6_gre: proper dev_{hold|put} in ndo_[un]init methods (git-fixes). - commit 8fe5105 - xsk: Fix incorrect netdev reference count (git-fixes). - commit 2ed0c59 - xfrm: reuse uncached_list to track xdsts (git-fixes). - blacklist.conf: remove from the blacklist - Refresh patches.suse/ipv4-fix-race-condition-between-route-lookup-and-inv.patch. - Refresh patches.suse/ipv4-lock-mtu-in-fnhe-when-received-PMTU-net.ipv4.ro.patch. - commit 38edc03 - net/tg3: fix race condition in tg3_reset_task() (bsc#1217801). - net/tg3: resolve deadlock in tg3_reset_task() during EEH (bsc#1217801). - commit b55327d - tracing: Fix a possible race when disabling buffered events (bsc#1217036). - commit 5f21a8d - net: usb: ax88179_178a: fix failed operations during ax88179_reset (git-fixes). - commit 9041dc6 - r8152: Cancel hw_phy_work if we have an error in probe (git-fixes). - commit 6ae718a - r8152: Run the unload routine if we have errors during probe (git-fixes). - commit d668b36 - r8152: Increase USB control msg timeout to 5000ms as per spec (git-fixes). - commit 3e20995 - tracing: Fix a warning when allocating buffered events fails (bsc#1217036). - commit 80b9661 - net: usb: smsc95xx: Fix uninit-value access in smsc95xx_read_reg (git-fixes). - net: usb: smsc95xx: Fix an error code in smsc95xx_reset() (git-fixes). - commit 9c4175d - KVM: s390: vsie: fix wrong VIR 37 when MSO is used (git-fixes bsc#1217936). - commit 4da118c - nvmet: nul-terminate the NQNs passed in the connect command (bsc#1217250 CVE-2023-6121). - commit 2021a67 - tracing: Fix incomplete locking when disabling buffered events (bsc#1217036). - commit 9d8e191 - tracing: Fix warning in trace_buffered_event_disable() (git-fixes, bsc#1217036). - commit 693b5e0 - kernel-source: Remove config-options.changes (jsc#PED-5021) The file doc/config-options.changes was used in the past to document kernel config changes. It was introduced in 2010 but haven't received any updates on any branch since 2015. The file is renamed by tar-up.sh to config-options.changes.txt and shipped in the kernel-source RPM package under /usr/share/doc. As its content now only contains outdated information, retaining it can lead to confusion for users encountering this file. Config changes are nowadays described in associated Git commit messages, which get automatically collected and are incorporated into changelogs of kernel RPM packages. Drop then this obsolete file, starting with its packaging logic. For branch maintainers: Upon merging this commit on your branch, please correspondingly delete the file doc/config-options.changes. - commit adedbd2 - README.md: Make a few polishing changes (jsc#PED-5021) * Move @suse.com address at the front of SUSE email domains, as that is the one that should be normally used for contributions, according to the current SUSE Open Source Policy. * Avoid repeatedly using &quot;please&quot; in two consecutive sentences. * Fix a typo in section &quot;Patch sorting&quot;: &quot;commit&quot; -&gt; &quot;commits&quot;. * Prefix relative commands in section &quot;Config option changes&quot; with &quot;./&quot; even if they are from a subdirectory, for consistency with the rest of the document. * Turn &quot;Related information&quot; into a proper list. - commit 7c8a1e3 - doc/README.SUSE: Simplify the list of references (jsc#PED-5021) Reduce indentation in the list of references, make the style consistent with README.md. - commit 70e3c33 - doc/README.SUSE: Add how to update the config for module signing (jsc#PED-5021) Configuration files for SUSE kernels include settings to integrate with signing support provided by the Open Build Service. This creates problems if someone tries to use such a configuration file to build a &quot;standalone&quot; kernel as described in doc/README.SUSE: * Default configuration files available in the kernel-source repository unset CONFIG_MODULE_SIG_ALL to leave module signing to pesign-obs-integration. In case of a &quot;standalone&quot; build, this integration is not available and the modules don't get signed. * The kernel spec file overrides CONFIG_MODULE_SIG_KEY to &quot;.kernel_signing_key.pem&quot; which is a file populated by certificates provided by OBS but otherwise not available. The value ends up in /boot/config-$VERSION-$RELEASE-$FLAVOR and /proc/config.gz. If someone decides to use one of these files as their base configuration then the build fails with an error because the specified module signing key is missing. Add information on how to enable module signing and where to find the relevant upstream documentation. - commit a699dc3 - net/ulp: use consistent error code when blocking ULP (CVE-2023-0461 bsc#1208787 bsc#1217079). - net/ulp: prevent ULP without clone op from entering the LISTEN status (CVE-2023-0461 bsc#1208787 bsc#1217079). - commit fb04b97 - scripts: Install pre-merge-commit hook When merge is not carried out with `--no-commit` or it does not yield in a conflict, our standard pre-commit checks are omitted. Rectify that by invoking pre-commit hook via pre-merge-commit too. - commit 87067a7 - scripts: pre-commit: Check newly added blacklist.conf entries When blacklist.conf entries are added by merging an &quot;upstream&quot; branch, they are not checked against present commits and the repo ends up in inconsistent state when the patch is present and blacklisted at the same time. The state is checked in pre-commit hook when a (blacklisted) patch is added. Prevent reaching this state when adding blacklist.conf entries too. Using scripts/check-patch-blacklist for this check would be prohibitively slow (~5 minutes with 40k patches). - commit 1f68a01 - doc/README.SUSE: Remove how to build modules using kernel-source (jsc#PED-5021) Remove the first method how to build kernel modules from the readme. It describes a process consisting of the kernel-source installation, configuring this kernel and then performing an ad-hoc module build. This method is not ideal as no modversion data is involved in the process. It results in a module with no symbol CRCs which can be wrongly loaded on an incompatible kernel. Removing the method also simplifies the readme because only two main methods how to build the modules are then described, either doing an ad-hoc build using kernel-devel, or creating a proper Kernel Module Package. - commit 9285bb8 - Revert &quot;Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work&quot; (git-fixes). - commit a2b7495 - md/raid10: prevent soft lockup while flush writes (git-fixes). - md/raid10: fix io loss while replacement replace rdev (git-fixes). - md/raid10: Do not add spare disk when recovery fails (git-fixes). - md/raid10: clean up md_add_new_disk() (git-fixes). - md/raid10: prioritize adding disk to 'removed' mirror (git-fixes). - md/raid10: improve code of mrdev in raid10_sync_request (git-fixes). - md/raid10: fix null-ptr-deref of mreplace in raid10_sync_request (git-fixes). - md/bitmap: factor out a helper to set timeout (git-fixes). - md/bitmap: always wake up md_thread in timeout_store (git-fixes). - dm-raid: remove useless checking in raid_message() (git-fixes). - md/raid10: fix wrong setting of max_corr_read_errors (git-fixes). - md/raid10: fix overflow of md/safe_mode_delay (git-fixes). - md: fix data corruption for raid456 when reshape restart while grow up (git-fixes). - md/raid10: check slab-out-of-bounds in md_bitmap_get_counter (git-fixes). - md/raid10: fix memleak of md thread (git-fixes). - md/raid10: fix memleak for 'conf-&gt;bio_split' (git-fixes). - md/raid10: fix leak of 'r10bio-&gt;remaining' for recovery (git-fixes). - md/raid10: fix null-ptr-deref in raid10_sync_request (git-fixes). - md: avoid signed overflow in slot_store() (git-fixes). - md: fix incorrect declaration about claim_rdev in md_import_device (git-fixes). - md: remove lock_bdev / unlock_bdev (git-fixes). - md: Flush workqueue md_rdev_misc_wq in md_alloc() (git-fixes). - md: do not return existing mddevs from mddev_find_or_alloc (git-fixes). - md: refactor mddev_find_or_alloc (git-fixes). - md: factor out a mddev_alloc_unit helper from mddev_find (git-fixes). - md: get sysfs entry after redundancy attr group create (git-fixes). - commit 293695f - md: fix deadlock causing by sysfs_notify (git-fixes). - Refresh patches.kabi/md-backport-kabi.patch. - commit f6c5a12 - md: flush md_rdev_misc_wq for HOT_ADD_DISK case (git-fixes). - md: add new workqueue for delete rdev (git-fixes). - commit 17e8908 - blacklist.conf: update for non-backport commits - commit 8da9f2d - usb-storage: fix deadlock when a scsi command timeouts more than once (git-fixes). - commit cf05cec - USB: serial: option: add UNISOC vendor and TOZED LT70C product (git-fixes). - commit 762e0de - USB: serial: option: add Quectel RM500U-CN modem (git-fixes). - Refresh patches.suse/USB-serial-option-add-Quectel-EC200A-module-support.patch. - commit b94685a - USB: serial: option: add Telit FE990 compositions (git-fixes). - commit 55c3b8d - blacklist.conf: cleanup - commit 8877293 - blacklist.conf: pure cleanup - commit e8a295a - usb: typec: tcpm: Fix altmode re-registration causes sysfs create fail (git-fixes). - commit fc9ee7b - net: mana: Configure hwc timeout from hardware (bsc#1214037). - net: mana: Fix MANA VF unload when hardware is unresponsive (bsc#1214764). - commit 66a91f5 - Update patches.kabi/NFSv4-Fix-OPEN-CLOSE-race-FIX.patch (bsc#1176950, bsc#1217525). - Refresh patches.kabi/NFSv4-Wait-for-stateid-updates-after-CLOSE-OPEN_DOWN_kabi.patch. - commit 70e60bf - netfilter: conntrack: dccp: copy entire header to stack buffer, not just basic one (CVE-2023-39197 bsc#1216976). - commit 91c26b6 - kernel-binary: suse-module-tools is also required when installed Requires(pre) adds dependency for the specific sciptlet. However, suse-module-tools also ships modprobe.d files which may be needed at posttrans time or any time the kernel is on the system for generating ramdisk. Add plain Requires as well. - commit 8c12816 - Revert &quot;tracing: Fix warning in trace_buffered_event_disable()&quot; (bsc#1217036) Temporarily revert the commit. It exposed a separate issue related to trace buffered event synchronization which needs to be fixed first. - commit 579dd1d - README.SUSE: fix patches.addon use It's series, not series.conf in there. And make it more precise on when the patches are applied. - commit cb8969c - Do not store build host name in initrd Without this patch, kernel-obs-build stored the build host name in its .build.initrd.kvm This patch allows for reproducible builds of kernel-obs-build and thus avoids re-publishing the kernel-obs-build.rpm when nothing changed. Note that this has no influence on the /etc/hosts file that is used during other OBS builds. https://bugzilla.opensuse.org/show_bug.cgi?id=1084909 - commit fd3a75e - cpu/hotplug: Create SMT sysfs interface for all arches (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). - Refresh patches.suse/cpu-SMT-Move-SMT-prototypes-into-cpu_smt.h.patch. - Refresh patches.suse/cpu-SMT-Store-the-current-max-number-of-threads.patch. - Refresh patches.suse/cpu-smt-create-and-export-cpu_smt_possible.patch. - Refresh patches.suse/x86-power-Fix-nosmt-vs-hibernation-triple-fault-duri.patch. - commit f37a0c7 - Update config files. - commit dbf7641 - s390/cio: unregister device when the only path is gone (git-fixes bsc#1217607). - commit 750467a - s390/dasd: use correct number of retries for ERP requests (git-fixes bsc#1217604). - s390/ptrace: fix PTRACE_GET_LAST_BREAK error handling (git-fixes bsc#1217603). - commit d2fc41b - cpu/SMT: Remove topology_smt_supported() (bsc#1214408). - commit 3012e9b - cpu/SMT: Store the current/max number of threads (bsc#1214408). - Refresh patches.kabi/cpu-hotplug-Fix-SMT-disabled-by-BIOS-detection-for-K.patch. - commit bfa1761 - cpu/SMT: Move smt/control simple exit cases earlier (bsc#1214408). - commit acb1c39 - cpu/SMT: Move SMT prototypes into cpu_smt.h (bsc#1214408). - Refresh patches.kabi/cpu-hotplug-Fix-SMT-disabled-by-BIOS-detection-for-K.patch. - commit 76bedc5 - s390/dasd: protect device queue against concurrent access (git-fixes bsc#1217519). - commit dab3b0f - tracing: Increase PERF_MAX_TRACE_SIZE to handle Sentinel1 and docker together (bsc#1216031). - commit f260538 - Ensure ia32_emulation is always enabled for kernel-obs-build If ia32_emulation is disabled by default, ensure it is enabled back for OBS kernel to allow building 32bit binaries (jsc#PED-3184) [ms: Always pass the parameter, no need to grep through the config which may not be very reliable] - commit 56a2c2f - rpm: Define git commit as macro - commit bcc92c8 - kernel-source: Move provides after sources - commit dbbf742 - kobject: Fix slab-out-of-bounds in fill_kobj_path() (bsc#1216058 CVE-2023-45863). - commit 9922921 - xfs: make sure maxlen is still congruent with prod when rounding down (git-fixes). - commit 0154927 - xfs: fix units conversion error in xfs_bmap_del_extent_delay (git-fixes). - commit 6c99467 - l2tp: fix refcount leakage on PPPoL2TP sockets (git-fixes). - commit 0e54c67 - l2tp: fix {pppol2tp, l2tp_dfs}_seq_stop() in case of seq_file overflow (git-fixes). - commit 28faea4 - perf/core: Fix potential NULL deref (bsc#1216584 CVE-2023-5717). - commit f386e74 - perf: Disallow mis-matched inherited group reads (bsc#1216584 CVE-2023-5717). Implement KABI fix for above - commit 5b65c0e - perf/core: Fix __perf_read_group_add() locking (bsc#1216584 CVE-2023-5717). - perf/core: Fix locking for children siblings group read (bsc#1216584 CVE-2023-5717). - commit 8ccfe6e - s390/crashdump: fix TOD programmable field size (git-fixes bsc#1217206). - commit 9780bde - blacklist.conf: Add a not-suitable kprobes patch - commit 0eb14eb - ring-buffer: Avoid softlockup in ring_buffer_resize() (git-fixes). - commit d8d3409 - scsi: qla2xxx: Use FIELD_GET() to extract PCIe capability fields (git-fixes). - scsi: qla2xxx: Fix double free of dsd_list during driver load (git-fixes). - commit 9172a73 - rpm/check-for-config-changes: add HAVE_SHADOW_CALL_STACK to IGNORED_CONFIGS_RE Not supported by our compiler. - commit eb32b5a - s390/cmma: fix handling of swapper_pg_dir and invalid_pg_dir (LTC#203996 bsc#1217087). - commit 3a41a21 - s390/cmma: fix detection of DAT pages (LTC#203996 bsc#1217087). - commit b4ffc60 - s390/mm: add missing arch_set_page_dat() call to gmap allocations (LTC#203996 bsc#1217087). - commit 1b2cc83 - s390/mm: add missing arch_set_page_dat() call to vmem_crst_alloc() (LTC#203996 bsc#1217087). - commit 0dd665d - s390/cmma: fix initial kernel address space page table walk (LTC#203996 bsc#1217087). - commit 1ad76c2 - igb: set max size RX buffer when store bad packet is enabled (bsc#1216259 CVE-2023-45871). - commit d675d77 - drm/qxl: fix UAF on handle creation (CVE-2023-39198 bsc#1216965). - commit 9ba677b - Bluetooth: hci_ldisc: check HCI_UART_PROTO_READY flag in HCIUARTGETPROTO (bsc#1210780 CVE-2023-31083). - commit b07c667 - rpm/check-for-config-changes: add AS_WRUSS to IGNORED_CONFIGS_RE Add AS_WRUSS as an IGNORED_CONFIGS_RE entry in check-for-config-changes to fix build on x86_32. There was a fix submitted to upstream but it was not accepted: https://lore.kernel.org/all/20231031140504.GCZUEJkMPXSrEDh3MA@fat_crate.local/ So carry this in IGNORED_CONFIGS_RE instead. - commit 7acca37 - net-memcg: Fix scope of sockmem pressure indicators (bsc#1216759). - commit 508863b - scripts/osc_wrapper: call osc init before build Otherwise osc build doesn't build anything and complains instead: Directory '...' is not a working copy. Use &quot;kernel-source&quot; as package as it doesn't matter which we build. It's only to make osc happy that we have a working copy. And all packages link to kernel-source anyway. - commit 2201b26 - ubi: Refuse attaching if mtd's erasesize is 0 (CVE-2023-31085 bsc#1210778). - commit 0f8804e - USB: ene_usb6250: Allocate enough memory for full object (bsc#1216051 CVE-2023-45862). - commit 6d3e018 - scsi: zfcp: Fix a double put in zfcp_port_enqueue() (git-fixes bsc#1216514). - commit 64da298 - s390/pci: fix iommu bitmap allocation (git-fixes bsc#1216513). - commit 5844864 - sched/fair: Don't balance task to its current running CPU (git fixes (sched)). - sched/core: Mitigate race cpus_share_cache()/update_top_cache_domain() (git fixes (sched)). - sched: Reenable interrupts in do_sched_yield() (git fixes (sched)). - sched: correct SD_flags returned by tl-&gt;sd_flags() (git fixes (sched)). - sched: Avoid scale real weight down to zero (git fixes (sched)). - sched/core: Fix migration to invalid CPU in __set_cpus_allowed_ptr() (git fixes (sched)). - sched/rt: Restore rt_runtime after disabling RT_RUNTIME_SHARE (git fixes (sched)). - sched/rt: Minimize rq-&gt;lock contention in do_sched_rt_period_timer() (git fixes (sched)). - commit 913e5fc - blacklist.conf: Complex dependencies missing, fix only in the event of a customer bug - commit b83449b - blacklist.conf: Complex dependencies missing, fix only in the event of a customer bug - commit 9afb234 - blacklist.conf: Complex dependencies missing, fix only in the event of a customer bug - commit bb2fa98 - blacklist.conf: Complex dependencies missing, fix only in the event of a customer bug - commit d6a80de - blacklist.conf: Complex dependencies missing, fix only in the event of a customer bug - commit ede2396 - blacklist.conf: KABI hazard, fix only in the event of a customer bug - commit 8fb5a69 - blacklist.conf: Potentially surprising change in behaviour, fix only in the event of a customer bug - commit 1100fe5 - blacklist.conf: Potentially surprising change in behaviour, fix only in the event of a customer bug - commit c026b47 - blacklist.conf: Potentially surprising change in behaviour, fix only in the event of a customer bug - commit 0f74b6a - blacklist.conf: Fix only in the event of a customer bug - commit 17b0259 - blacklist.conf: Mostly cosmetic fix to a build warning - commit 1af83e7 - blacklist.conf: Fix to experimental feature, fix only in the event of a customer bug - commit 56273cd - blacklist.conf: Complex dependencies missing that applies to an extreme corner case, fix only in the event of a customer bug - commit d67ae17 - blacklist.conf: Complex dependencies missing, fix only in the event of a customer bug - commit 9b299fd - blacklist.conf: KABI hazard, fix only in the event of a customer bug - commit cd58927 - blacklist.conf: Guard against unlikely tuning value, fix only in the event of a customer bug - commit 166c336 - blacklist.conf: Missing dependencies, fix only in the event of a customer bug - commit cbebcfe - blacklist.conf: Sparse warning fix - commit b199522 - blacklist.conf: Cosmetic, debugging patch for unused config - commit 22b7a31 - iommu/amd: Set iommu-&gt;int_enabled consistently when interrupts are set up (bsc#1206010). - commit d889c94 - iommu/amd: Remove useless irq affinity notifier (bsc#1206010). - Delete patches.kabi/kABI-Fix-kABI-for-struct-amd_iommu.patch. - commit 2e08e52 - kabi: iommu/amd: Fix IOMMU interrupt generation in X2APIC mode (bsc#1206010). - iommu/amd: Fix IOMMU interrupt generation in X2APIC mode (bsc#1206010). - commit 422a4d8 - git_sort: horms/ipvs remotes switched from master to main branch - commit 777aadb - virtio_balloon: fix increment of vb-&gt;num_pfns in fill_balloon() (git-fixes). - commit 595e0b1 - 9p: virtio: make sure 'offs' is initialized in zc_request (git-fixes). - commit 10bf215 - blacklist.conf: add &quot;hwrng: virtio - Fix race on data_avail and actual data&quot; - commit c5a6489 - virtio_net: Fix error unwinding of XDP initialization (git-fixes). - commit 2d8db2e - vhost-scsi: unbreak any layout for response (git-fixes). - commit 4eba973 - virtio: Protect vqs list access (git-fixes). - commit 0445801 - crypto: virtio: Fix use-after-free in virtio_crypto_skcipher_finalize_req() (git-fixes). - commit 1c1619c - vsock/virtio: add transport parameter to the virtio_transport_reset_no_sock() (git-fixes). - Refresh patches.suse/vhost-vsock-accept-only-packets-with-the-right-dst_c.patch. patches.suse/net-virtio_vsock-Enhance-connection-semantics.patch - commit b2f8fd4 - virtio_balloon: fix deadlock on OOM (git-fixes). - commit 55dd88a - xen-netback: use default TX queue size for vifs (git-fixes). - commit bcb62a2 - xen/x86: obtain full video frame buffer address for Dom0 also under EFI (bsc#1215743). - commit 04d5576 - scripts/CKC: report &quot;partly&quot; correctly from parents Commit a2aefc584d8 introduced blacklist reporting. Unforturnately it repurposed return code 1 from check_branch function to mean &quot;backlisted&quot; instead of &quot;partly&quot;, which was not adjusted in check_parents function. - commit 143d5b4 - scripts/CKC: do not report results for fictional branches Unfortunately, only return values of 0-255 range are allowed, thus pick some distinct one. - commit 5a9b63a - xen/x86: obtain upper 32 bits of video frame buffer address for Dom0 (bsc#1215743). - commit e0fb7ee - s390/ptrace: fix setting syscall number (git-fixes bsc#1216340). - commit 46941f7 - usb: typec: altmodes/displayport: fix pin_assignment_show (git-fixes). - commit d110fbf - usb: typec: altmodes/displayport: Fix configure initial pin assignment (git-fixes). - commit 849955e - net: usb: dm9601: fix uninitialized variable use in dm9601_mdio_read (git-fixes). - commit f96b2d4 - README: Add the .md extension to the filename (jsc#PED-5021) The README document has been converted to Markdown. Add the .md extension to its filename so it gets nicely formatted on the Github mirror. - commit 245860e - README: Reflow text to 80-column width (jsc#PED-5021) - commit 6b67443 - README: Convert the document to Markdown (jsc#PED-5021) - commit bbaa1b1 - README: Adjust heading style (jsc#PED-5021) * Underscore all headings as a preparation for Markdown conversion. * Use title-style capitalization for the document name and sentence-style capitalization for section headings, as recommended in the current SUSE Documentation Style Guide. * Strip the table of contents. The document is short and easy to navigate just by scrolling through it. - commit 6f0a5cf - README: Generalize the document (jsc#PED-5021) * Rename the document to &quot;SUSE Kernel Repository&quot;. * Add an Overview section which describes what the repository contains and provides a short introductory paragraph how the kernel is built. The latter is borrowed from doc/README.SUSE. - commit d24911b - README: Update the Related Information section (jsc#PED-5021) Add a link to kernel.suse.com and the kernel page on the openSUSE wiki. - commit ac14bcc - README: Update the Embargoed Patches section (jsc#PED-5021) * Improve wording and style: avoid use of the &quot;e.g.&quot; and &quot;i.e.&quot; abbreviations, etc. * Update the example branch names to SLE15-SP5. * Remove the example how to merge the embargoed branch back because the commands should be obvious to anyone dealing with embargoed branches. - commit e9f83e5 - README: Update the Ignoring Kernel ABI Changes section (jsc#PED-5021) * Improve the wording and style: rework use of ambiguous &quot;we&quot;, avoid use of the future tense when not necessary, etc. * Update the text to reflect that symvers and symtypes are the reference files. Remove any mention of symbol sets. - commit 61dabdd - README: Update the Kernel ABI Changes section (jsc#PED-5021) * Add a short description about stable kABI to give readers more context. * Rework the main part of the section to reflect that the ABI reference is stored in symvers and symtypes files, applies to SLE12 onwards. * Adjust the update-symvers example to note that in order to update both reference files, one has to pass to the script the default and devel packages for a respective kernel. * Drop the second update-symvers example which mentions use of --filter because the option should not be generally very useful to most people. * Update the note about who should update the kabi files to say that it should be branch maintainers. - commit 1d97539 - scripts/CKC: fixed iterating over an array + skip unrecognized options - 182c5295bfe1 introduced option parsing which unfotunately broke iterating over the terms since it changed the type of KBC_CHECK_TERMS from a string (of space separated tokens) to a proper bash array which requires a different method of iteration. - With different version of the script flying around it's better to skip unrecognized options so that they are not mistaken for terms to search for, one can always force them after '--'. - commit f0ca120 - README: Update the What Is The Kernel ABI? section (jsc#PED-5021) * Remove long obsolete information about &quot;kernel(...)&quot; per-class RPM dependencies and replace it with information about &quot;ksym(...)&quot; per-symbol entries. * Simplify structure of the text. - commit 7a70ee0 - README: Update the Committing and Log Messages section (jsc#PED-5021) Rework the section to reflect that RPM changelogs are nowadays produces directly from a Git log. - commit 2dcbfb9 - scripts/CKC: add -c (--color) and -C (--Color) options - c turns on colored results unconditionally. - C turns on colored results if and only if the STDOUT is connected to the terminal which is useful when piping the output somewhere. Neither option is the default. Color mapping: ok = green missing = red partly = yellow blacklisted = magenta Example: ./scripts/check-kernel-commit 559089e0a93d -c - commit 34a9cf5 - xen/events: replace evtchn_rwlock with RCU (bsc#1215745, xsa-441, cve-2023-34324). - commit a9545c4 - README: Update the Config Option Changes section (jsc#PED-5021) * Slightly improve wording in the section. * Bump the example directory to SLE15-SP5 to match the previous update to the Before you commit section. - commit 5494c94 - README: Update the Before You Commit section (jsc#PED-5021) * Prefix the example invocation of scripts/sequence-patch.sh with &quot;./&quot; for consistency with the rest of the document. * Update the example output from scripts/sequence-patch.sh to match the regular invocation instead of the Rapidquilt case and bump the output to SLE15-SP5. * Drop the paragraph describing that a fix patch should be placed in series.conf close to the patch which introduced the associated bug. The current situation is that the patches should be sorted according to the upstream order. * Add a new paragraph describing use of scripts/sequence-patch.sh with Rapidquilt. * Fix typos, slightly improve wording and integrate some occurrences of additional details in parentheses. - commit 05796c7 - blacklist.conf: risky backport that doesn't fix any actual bug - commit 3d04b1a - s390/vdso: add missing FORCE to build targets (git-fixes bsc#1216140). - commit cd866ae - blacklist.conf: does not really fix any bug - commit cba9926 - blacklist.conf: changes exported symbol - commit d468872 - README: Update the Patch Headers section (jsc#PED-5021) * Fix typos, slightly improve some wording and avoid writing additional details in parentheses. * Remove &quot;:&quot; from the names of patch tags which appear in regular sentences. The suffix is somewhat redundant and made README inconsistent with doc/README.PATCH-POLICY.SUSE in this regard. * Provide an updated example for the patch header format. The new example is shorter and shows current typically-used references. - commit 28312bc - README: Update the Getting Started section (jsc#PED-5021) * Drop a mention that Git &gt; 1.5.x is needed. This version was released in 2007 already. * Capitalize names of Git, Quilt and RPM, where appropriate. * Remove the use of the --quilt option from the sequence-patch.sh example as it is the default. * Replace patches.fixes/ with patches.suse/ since the latter is now the common directory for fix patches. * Fix some typos and avoid use of a serial comma. - commit 8b03ad9 - ratelimit: Fix data-races in ___ratelimit() (git-fixes). - commit 3f2541c - blacklist.conf: cleanup, not fix - commit 23ed894 - audit: fix potential double free on error path from fsnotify_add_inode_mark (git-fixes). - commit 4086838 - blacklist.conf: irrelevant in our configs - commit 60908b6 - tools/thermal: Fix possible path truncations (git-fixes). - commit 012a1c3 - blacklist.conf: build only fix - commit 9be29dc - KVM: s390: fix sthyi error handling (git-fixes bsc#1216107). - commit 1e42611 - blacklist.conf: the codebase changed too much to backport the patch - commit 79518bf - netfilter: nfnetlink_osf: avoid OOB read (bsc#1216046 CVE-2023-39189). - commit 1a88b87 - git_sort: Add ARM KVM repository - commit 9df3d01 - mm, memcg: reconsider kmem.limit_in_bytes deprecation (bsc#1208788 bsc#1213705). - commit 2d13fe0 - memcg: drop kmem.limit_in_bytes (bsc#1208788) This brings a breaking commit for easier backport, it'll be fixed differently in a following commit. - commit f87e772 - blacklist.conf: Add 82b90b6c5b38 cgroup:namespace: Remove unused cgroup_namespaces_init() - commit 154e29d - USB: serial: cp210x: add Silicon Labs IFS-USB-DATACABLE IDs (git-fixes). - commit 86ad453 - uas: Add US_FL_NO_REPORT_OPCODES for JMicron JMS583Gen 2 (git-fixes). - commit 5c6ec60 - net: usb: smsc75xx: Fix uninit-value access in __smsc75xx_read_reg (git-fixes). - commit aaff955 - doc/README.PATCH-POLICY.SUSE: Convert the document to Markdown (jsc#PED-5021) - commit c05cfc9 - doc/README.SUSE: Convert the document to Markdown (jsc#PED-5021) - commit bff5e3e - ring-buffer: Fix bytes info in per_cpu buffer stats (git-fixes). - commit 5490bdd - tracing: Fix race issue between cpu buffer write and swap (git-fixes). - commit cd23ed9 - blacklist.conf: Add a not-needed ftrace cleanup - commit 8f29597 - tracing: Fix memleak due to race between current_tracer and trace (git-fixes). - commit 39d6a56 - tracing: Fix cpu buffers unavailable due to 'record_disabled' missed (git-fixes). - commit 6f0b300 - scripts/CKC: speedup the script by caching grep patches results - searching patches seems to be the most expensive operation - it's done repeatedly for the same arguments (term, branch) - store results in an associative array and look them up later $ time ./scripts/check-kernel-commit 1240eb93f0616b21c675416516ff3d74798fdc97 ... Before real 0m25.595s user 2m14.772s sys 0m10.509s After real 0m18.022s user 1m31.260s sys 0m7.380s - commit d9efd35 - Update patches.suse/ipv6-sr-fix-out-of-bounds-read-when-setting-HMAC-dat.patch (bsc#1211592 CVE-2023-2860). - commit bb891c5 - scripts/CKC: implement option parsing and -g &lt;pattern&gt; or --grep &lt;pattern&gt; - option parsing can be easily extended in the future - &quot;-g &lt;pattern&gt;&quot; skips top-level branches not matching the pattern examples: CKC -g 'LTSS$' 544f1d62e3e6 CKC 544f1d62e3e6 -g 5-SP4 CKC -g 'stable|ALP' 544f1d62e3e6 - update help message - add -h or --help option for consistency - reading config file remains as it is for backwards compatibility - commit 182c529 - s390/zcrypt: fix reply buffer calculations for CCA replies (LTC#203322 bsc#1213950). - commit 877301e - s390/zcrypt: change reply buffer size offering (LTC#203322 bsc#1213950). - commit e230ae5 - scsi: zfcp: Defer fc_rport blocking until after ADISC response (LTC#203327 bsc#1213977 git-fixes). - commit 1163975 - s390: add z16 elf platform (LTC#203790 bsc#1215954). - commit 2f5d3f2 - CKC: Clarify usage - commit 5ea48e1 - net: xfrm: Fix xfrm_address_filter OOB read (CVE-2023-39194 bsc#1215861). - commit 30ab691 - netfilter: xt_sctp: validate the flag_info count (CVE-2023-39193 bsc#1215860). - commit bc6f173 - netfilter: xt_u32: validate user space input (CVE-2023-39192 bsc#1215858). - commit a35eb65 - ipv4: fix null-deref in ipv4_link_failure (CVE-2023-42754 bsc#1215467). - commit 3bbdd91 - scripts/git-fixes: treat optional first argument as a base-ref By default, git-fixes script checks commits for fixes based on the upstream branch, but this does not work very well for two reasons. 1/ There might not be an upstream branch at all. 2/ It's out of sync with what actually needs to be checked. - use optional first argument as a base-ref instead of upstream branch - improve error message in case of missing upstream branch - delete unused &quot;branch&quot; variable from the script - show number of commits checked in case of PASS (should raise flags in case of zero commits or some other strange number) - commit 9e365d0 - scripts/PMU: Adjust for more maintainers' needs * Allow arbitrary kgraft project name * More specific variable name * Add package entries in one block * Eliminate nr_pkgs and guess number of entries from the past * Amended newlines in output messages * Fail better without IBS access * Improve non-existent prj message * Interactive git clean * Update readme - commit 48367c5 - scripts: Import ksource-maint-update scripts Work of Michal Kubeček and Vlastimil Babka [1] [1] https://gitlab.suse.de/vbabka/suse-scripts/-/blob/master/kernel-source/ksource-maint-update?ref_type=heads - commit 1534a42 - KVM: s390: vsie: fix the length of APCB bitmap (git-fixes bsc#1215898). - commit fe1e883 - KVM: s390: vsie: Fix the initialization of the epoch extension (epdx) field (git-fixes bsc#1215897). - commit 8cf6ae4 - doc/README.PATCH-POLICY.SUSE: Remove the list of links (jsc#PED-5021) All links have been incorporated into the text. Remove now unnecessary list at the end of the document. - commit 43d62b1 - doc/README.SUSE: Adjust heading style (jsc#PED-5021) * Underscore all headings as a preparation for Markdown conversion. * Use title-style capitalization for the document name and sentence-style capitalization for section headings, as recommended in the current SUSE Documentation Style Guide. - commit 11e3267 - tcp: Reduce chance of collisions in inet6_hashfn() (CVE-2023-1206 bsc#1212703). - commit a16b5ec - blacklist.conf: workqueue: compiler warning on 32-bit systems with Clang (bsc#1215877) - commit cdf35f4 - blacklist.conf: printk: cosmetic problem - commit ba43537 - tracing: Reverse the order of trace_types_lock and event_mutex (git-fixes bsc#1215634). - blacklist.conf: Remove the patch - commit f4d2e9c - blk-mq: Rerun dispatching in the case of budget contention (bsc#1214586). - commit 8383227 - blk-mq: Add blk_mq_delay_run_hw_queues() API call (bsc#1214586). - commit 85f0c35 - blk-mq: In blk_mq_dispatch_rq_list() &quot;no budget&quot; is a reason to kick (bsc#1214586). - commit c307c4a - drm/client: Fix memory leak in drm_client_target_cloned (bsc#1152446) Backporting changes: * move changes to drm_fb_helper.c * context changes - commit 2728def - drm/client: Send hotplug event after registering a client (bsc#1152446) Backporting changes: * send hotplug event from drm_client_add() * remove drm_dbg_kms() - commit 6137335 - drm/ast: Fix DRAM init on AST2200 (bsc#1152446) - commit e2e4c86 - NFS/pNFS: Report EINVAL errors from connect() to the server (git-fixes). - nfsd: fix change_info in NFSv4 RENAME replies (git-fixes). - NFSv4/pnfs: minor fix for cleanup path in nfs4_get_device_info (git-fixes). - commit fd7ddac - doc/README.PATCH-POLICY.SUSE: Reflow text to 80-column width (jsc#PED-5021) - commit be0158c - doc/README.PATCH-POLICY.SUSE: Update information about the tools (jsc#PED-5021) * Replace bugzilla.novell.com with bugzilla.suse.com and FATE with Jira. * Limit the range of commits in the exportpatch example to prevent it from running for too long. * Incorporate URLs directly into the text. * Fix typos and improve some wording, in particular avoid use of &quot;there is/are&quot; and prefer the present tense over the future one. - commit c0bea0c - doc/README.PATCH-POLICY.SUSE: Update information about the patch format (jsc#PED-5021) * Replace bugzilla.novell.com with bugzilla.suse.com and FATE with Jira. * Remove references to links to the patchtools and kernel source. They are incorporated in other parts of the text. * Use sentence-style capitalization for section headings, as recommended in the current SUSE Documentation Style Guide. * Fix typos and some wording, in particular avoid use of &quot;there is/are&quot;. - commit ce98345 - doc/README.PATCH-POLICY.SUSE: Update the summary and background (jsc#PED-5021) * Drop information about patches being split into directories per a subsystem because that is no longer the case. * Remove the mention that the expanded tree is present since SLE11-SP2 as that is now only a historical detail. * Incorporate URLs and additional information in parenthenses directly into the text. * Fix typos and improve some wording. - commit 640988f - blacklist.conf: cleanup, not fix - commit 4145d1c - blacklist.conf: kABI - commit a0aa389 - blacklist.conf: kABI - commit 8946486 - net/mlx5: Fix size field in bufferx_reg struct (git-fixes). - commit fb53d8d - blacklist.conf: cleanup, not a fix - commit 17d3852 - blacklist.conf: irrelevant architectures - commit 5686dcf - net: sched: sch_qfq: Fix UAF in qfq_dequeue() (CVE-2023-4921 bsc#1215275). - commit f1f032e - kernel-binary: Move build-time definitions together Move source list and build architecture to buildrequires to aid in future reorganization of the spec template. - commit 30e2cef - USB: serial: option: add FOXCONN T99W368/T99W373 product (git-fixes). - commit 80d3da2 - USB: serial: option: add Quectel EM05G variant (0x030e) (git-fixes). - commit a512bd6 - net: usb: qmi_wwan: add Quectel EM05GV2 (git-fixes). - commit 1b30310 - x86/srso: Fix srso_show_state() side effect (git-fixes). - commit 0635685 - x86/srso: Fix SBPB enablement for spec_rstack_overflow=off (git-fixes). - commit 73ce555 - x86/srso: Don't probe microcode in a guest (git-fixes). - commit 3113dcd - x86/srso: Set CPUID feature bits independently of bug or mitigation status (git-fixes). - commit 353140c - net: tap: NULL pointer derefence in dev_parse_header_protocol when skb-&gt;dev is null (git-fixes). - commit 58c21c4 - net: accept UFOv6 packages in virtio_net_hdr_to_skb (git-fixes). - commit faf87ea - net: ensure mac header is set in virtio_net_hdr_to_skb() (git-fixes). - commit 6a7c880 - remoteproc: Add missing '\n' in log messages (git-fixes). - commit 0453dca - virtio-net: set queues after driver_ok (git-fixes). - commit d013d91 - virtio-net: fix race between set queues and probe (git-fixes). - commit 667d4fc - virtio_net: suppress cpu stall when free_unused_bufs (git-fixes). - commit da2e2b7 - virtio-net: execute xdp_do_flush() before napi_complete_done() (git-fixes). - commit 5d3f424 - tools/virtio: fix the vringh test for virtio ring changes (git-fixes). - commit 66910c1 - vhost/net: Clear the pending messages when the backend is removed (git-fixes). - commit 9b65419 - drm/virtio: Fix GEM handle creation UAF (git-fixes). - commit 85fb064 - vhost: fix range used in translate_desc() (git-fixes). - commit a845792 - vhost/vsock: Fix error handling in vhost_vsock_init() (git-fixes). - commit d808ad4 - virtio_net: fix memory leak inside XPD_TX with mergeable (git-fixes). - commit 0582e50 - virtio-gpu: fix a missing check to avoid NULL dereference (git-fixes). - commit f24aded - virtio-net: fix the race between refill work and close (git-fixes). - commit fad1dae - virtio_mmio: Restore guest page size on resume (git-fixes). - commit d1884a1 - virtio_mmio: Add missing PM calls to freeze/restore (git-fixes). - commit 72af40d - virtio-net: fix race between ndo_open() and virtio_device_ready() (git-fixes). - commit 1d4eaa6 - vringh: Fix loop descriptors check in the indirect cases (git-fixes). - commit aa0f829 - virtio-rng: make device ready before making request (git-fixes). - commit 9bd916a - drm/virtio: fix NULL pointer dereference in virtio_gpu_conn_get_modes (git-fixes). - commit ab80da2 - vsock/virtio: enable VQs early on probe (git-fixes). - commit eedc07b - virtio: acknowledge all features before access (git-fixes). - commit 3d0d2a3 - blacklist.conf: add &quot;virtio: unexport virtio_finalize_features&quot; - commit 0ef3496 - virtio-gpu: fix possible memory allocation failure (git-fixes). - commit dab0c56 - scsi: qla2xxx: Fix NULL vs IS_ERR() bug for debugfs_create_dir() (git-fixes). - scsi: qla2xxx: Use raw_smp_processor_id() instead of smp_processor_id() (git-fixes). - commit 42813d6 - virtio_pci: Support surprise removal of virtio pci device (git-fixes). - commit 8906f5b - fuse: nlookup missing decrement in fuse_direntplus_link (bsc#1215607). - commit cca74d3 - series: refresh meta data on qla2xxx patches Refresh: - patches.suse/Revert-scsi-qla2xxx-Fix-buffer-overrun.patch - patches.suse/scsi-qla2xxx-Add-logs-for-SFP-temperature-monitoring.patch - patches.suse/scsi-qla2xxx-Allow-32-byte-CDBs.patch - patches.suse/scsi-qla2xxx-Error-code-did-not-return-to-upper-laye.patch - patches.suse/scsi-qla2xxx-Fix-firmware-resource-tracking.patch - patches.suse/scsi-qla2xxx-Fix-smatch-warn-for-qla_init_iocb_limit.patch - patches.suse/scsi-qla2xxx-Flush-mailbox-commands-on-chip-reset-6d0b6556.patch - patches.suse/scsi-qla2xxx-Move-resource-to-allow-code-reuse.patch - patches.suse/scsi-qla2xxx-Remove-unsupported-ql2xenabledif-option.patch - patches.suse/scsi-qla2xxx-Remove-unused-variables-in-qla24xx_buil.patch - patches.suse/scsi-qla2xxx-Update-version-to-10.02.09.100-k.patch - commit 97d82a0 - vsock/virtio: avoid potential deadlock when vsock device remove (git-fixes). - commit bb25376 - VSOCK: handle VIRTIO_VSOCK_OP_CREDIT_REQUEST (git-fixes). - commit 58985d9 - vsock/virtio: free queued packets when closing socket (git-fixes). - commit 364c76d - vhost: Fix vhost_vq_reset() (git-fixes). - commit 11c5c4d - Update patches.suse/ipv6-raw-Deduct-extension-header-length-in-rawv6_pus.patch (bsc#1207168 CVE-2023-0394). (empty commit to synthesize changelog reference) - commit 5add4b1 - net: check if protocol extracted by virtio_net_hdr_set_proto is correct (git-fixes). - commit 2e28a62 - vsock/virtio: update credit only if socket is not closed (git-fixes). - commit 4db2ffd - vhost_net: fix ubuf refcount incorrectly when sendmsg fails (git-fixes). - commit 1c25f6d - vhost: Use vhost_get_used_size() in vhost_vring_set_addr() (git-fixes). - commit fc31d1b - vhost: introduce helpers to get the size of metadata area (git-fixes). - Refresh patches.kabi/kabi-mask-changes-to-vhost_dev_init-and-struct-vhost.patch. - Refresh patches.suse/vhost-Don-t-call-access_ok-when-using-IOTLB.patch. - commit dff33f7 - virtio_ring: Avoid loop when vq is broken in virtqueue_poll (git-fixes). - commit 74b72cd - vhost: missing __user tags (git-fixes). - commit f5a5b81 - remoteproc: Fix NULL pointer dereference in rproc_virtio_notify (git-fixes). - commit 9a37a06 - virtio_balloon: prevent pfn array overflow (git-fixes). - commit 55ea675 - vhost/test: stop device before reset (git-fixes). - commit 5483efb - net: virtio_vsock: Enhance connection semantics (git-fixes). - commit 9ad5623 - net: do not allow gso_size to be set to GSO_BY_FRAGS (git-fixes). - commit 78c9d7f - virtio_net: add checking sq is full inside xdp xmit (git-fixes). - commit 689eec4 - virtio_net: separate the logic of checking whether sq is full (git-fixes). - commit 61503de - virtio_net: reorder some funcs (git-fixes). - commit f621ba2 - idr: fix param name in idr_alloc_cyclic() doc (bsc#1109837). - commit 2f8b856 - virtio_net: Fix probe failed when modprobe virtio_net (git-fixes). - commit 3abdcae - 9p/trans_virtio: Remove sysfs file on probe failure (git-fixes). - commit 68a725b - virtio_net: Remove BUG() to avoid machine dead (git-fixes). - commit 55a074c - vhost: Don't call access_ok() when using IOTLB (git-fixes). - commit 25ceff0 - virtio_pci_modern: Fix the comment of virtio_pci_find_capability() (git-fixes). - commit cb1942b - vhost: vsock: kick send_pkt worker once device is started (git-fixes). - commit a9baee2 - xen: remove a confusing comment on auto-translated guest I/O (git-fixes). - commit 8b1470e - kernel-binary: python3 is needed for build At least scripts/bpf_helpers_doc.py requires python3 since Linux 4.18 Other simimlar scripts may exist. - commit c882efa - arm64: kgdb: Set PSTATE.SS to 1 to re-enable single-step (git-fixes) - commit 2dc199b - blacklist.conf: (&quot;mm: defer kmemleak object creation of module_alloc()&quot;) - commit bd408b1 - blacklist.conf: (&quot;arm64/fpsimd: Only provide the length to cpufeature for xCR registers&quot;) - commit fa8f4a7 - blacklist.conf: (&quot;arm64: Add missing Set/Way CMO encodings&quot;) - commit 1c6e245 - arm64: insn: Fix ldadd instruction encoding (git-fixes) - commit 8cc18ed - firmware: raspberrypi: fix possible memory leak in rpi_firmware_probe() (git-fixes). - commit c078a04 - firmware: raspberrypi: Keep count of all consumers (git-fixes). - Refresh patches.suse/firmware-raspberrypi-Introduce-devm_rpi_firmware_get.patch. - commit 12c2932 - af_unix: Fix null-ptr-deref in unix_stream_sendpage() (CVE-2023-4622 bsc#1215117). - commit c96e367 - net/sched: sch_hfsc: Ensure inner classes have fsc curve (CVE-2023-4623 bsc#1215115). - commit 522fe97 - cec-api: prevent leaking memory through hole in structure (CVE-2020-36766 bsc#1215299). - commit 95fe4aa - doc/README.SUSE: Reflow text to 80-column width (jsc#PED-5021) - commit e8f2c67 - doc/README.SUSE: Minor content clean up (jsc#PED-5021) * Mark the user's build directory as a variable, not a command: 'make -C $(your_build_dir)' -&gt; 'make -C $YOUR_BUILD_DIR'. * Unify how to get the current directory: 'M=$(pwd)' -&gt; 'M=$PWD'. * 'GIT' / 'git' -&gt; 'Git'. - commit 1cb4ec8 - patches.suse/ext4-avoid-deadlock-in-fs-reclaim-with-page-writebac.patch: Fix compiler warning due to unused 'sbi' variable - commit f8d160b - doc/README.SUSE: Update information about module paths (jsc#PED-5021) * Use version variables to describe names of the /lib/modules/$VERSION-$RELEASE-$FLAVOR/... directories instead of using specific example versions which get outdated quickly. * Note: Keep the /lib/modules/ prefix instead of using the new /usr/lib/modules/ location for now. The updated README is expected to be incorporated to various branches that are not yet usrmerged. - commit 7eba2f0 - doc/README.SUSE: Update information about custom patches (jsc#PED-5021) * Replace mention of various patches.* directories with only patches.suse as the typical location for patches. * Replace i386 with x86_64 in the example how to define a config addon. * Fix some typos and wording. - commit 2997d22 - fbdev: au1200fb: Fix missing IRQ check in au1200fb_drv_probe (bsc#1154048) - commit 1fa2e82 - fbdev: imxfb: warn about invalid left/right margin (bsc#1154048) - commit 31becd0 - fbdev: omapfb: lcd_mipid: Fix an error handling path in (bsc#1154048) Backporting changes: * Refresh patch - commit f0bd08e - fbcon: Fix null-ptr-deref in soft_cursor (bsc#1154048) Backporting changes: * Move code from video/fbdev/core to video/consol * Refresh patch - commit a573af9 - fbdev: modedb: Add 1920x1080 at 60 Hz video mode (bsc#1154048) - commit eb11fbc - blacklist.conf: Append 'fbdev/ep93xx-fb: Do not assign to struct fb_info.dev' - commit 7445a36 - blacklist.conf: Append 'backlight/lv5207lp: Compare against struct fb_info.device' - commit deff103 - blacklist.conf: Append 'backlight/gpio_backlight: Compare against struct fb_info.device' - commit 5ee6636 - blacklist.conf: Append 'backlight/bd6107: Compare against struct fb_info.device' - commit 639511f - blacklist.conf: Append 'fbdev: mmp: fix value check in mmphw_probe()' - commit 170d70b - blacklist.conf: Append 'fbdev: stifb: Fix info entry in sti_struct on error path' - commit 1d87a9e - blacklist.conf: Append 'fbdev: imsttfb: Release framebuffer and dealloc cmap on error path' - commit 7e72c90 - blacklist.conf: Append 'fbdev: imsttfb: Fix use after free bug in imsttfb_probe' - commit 702daba - blacklist.conf: Append 'parisc/agp: Annotate parisc agp init functions with __init' - commit c9c8dac - 9p/xen : Fix use after free bug in xen_9pfs_front_remove due to race condition (bsc#1215206, CVE-2023-1859). - commit 4fa7183 - Add a new helper script to drop the number prefix from patch files strip-number-prefix is a small helper script you can run against patch files with the number prefix like &quot;0001-foo.patch&quot; to get rid of the prefix &quot;0001-&quot;. There are a few options, e.g. to add the SHA1 ID suffix automatically for conflicting patch file names, too. - commit 2f6cda6 - netfilter: nftables: exthdr: fix 4-byte stack OOB write (CVE-2023-4881 bsc#1215221). - commit b9ba6b9 - doc/README.SUSE: Update information about config files (jsc#PED-5021) * Use version variables to describe a name of the /boot/config-... file instead of using specific example versions which get outdated quickly. * Replace removed silentoldconfig with oldconfig. * Mention that oldconfig can automatically pick a base config from &quot;/boot/config-$(uname -r)&quot;. * Avoid writing additional details in parentheses, incorporate them instead properly in the text. - commit cba5807 - scripts/CKC: Fix some typos - commit 19e464e - scripts/check-kernel-commit: Report blacklisted terms The blacklist hides the commit for tools reporting candidates for backporting. It might hide commits which might get important later. Anyway, the fact that they are blacklisted is interesting and it would be nice when check-kernel-commit report them. - commit a2aefc5 - doc/README.SUSE: Update the patch selection section (jsc#PED-5021) * Make the steps how to obtain expanded kernel source more generic in regards to version numbers. * Use '#' instead of '$' as the command line indicator to signal that the steps need to be run as root. * Update the format of linux-$SRCVERSION.tar.bz2 to xz. * Improve some wording. - commit e14852c - doc/README.SUSE: Update information about (un)supported modules (jsc#PED-5021) * Update the list of taint flags. Convert it to a table that matches the upstream documentation format and describe specifically flags that are related to module support status. * Fix some typos and wording. - commit e46f0df - doc/README.SUSE: Bring information about compiling up to date (jsc#PED-5021) * When building the kernel, don't mention to initially change the current directory to /usr/src/linux because later description discourages it and specifies to use 'make -C /usr/src/linux'. * Avoid writing additional details in parentheses, incorporate them instead properly in the text. * Fix the obsolete name of /etc/modprobe.d/unsupported-modules -&gt; /etc/modprobe.d/10-unsupported-modules.conf. * Drop a note that a newly built kernel should be added to the boot manager because that normally happens automatically when running 'make install'. * Update a link to the Kernel Module Packages Manual. * When preparing a build for external modules, mention use of the upstream recommended 'make modules_prepare' instead of a pair of 'make prepare' + 'make scripts'. * Fix some typos+grammar. - commit b9b7e79 - firmware: raspberrypi: Introduce devm_rpi_firmware_get() (git-fixes). - commit b0c6851 - Input: xpad - delete a Razer DeathAdder mouse VID/PID entry (git-fixes). - commit 2f7bf75 - Input: psmouse - fix OOB access in Elantech protocol (git-fixes). - commit c22661c - Input: raspberrypi-ts - fix refcount leak in rpi_ts_probe (git-fixes). - Input: xpad - add constants for GIP interface numbers (git-fixes). - commit f16c0ae - blacklist.conf: kABI - commit ff64baf - doc/README.SUSE: Bring the overview section up to date (jsc#PED-5021) * Update information in the overview section that was no longer accurate. * Improve wording and fix some typos+grammar. - commit 798c075 - media: uvcvideo: Increase UVC_CTRL_CONTROL_TIMEOUT to 5 seconds (git-fixes). - commit 94ae184 - media: b2c2: Add missing check in flexcop_pci_isr: (git-fixes). - commit 08d3143 - media: mceusb: return without resubmitting URB in case of - EPROTO error (git-fixes). - commit c8383de - media: flexcop-usb: fix NULL-ptr deref in flexcop_usb_transfer_init() (git-fixes). - Refresh patches.suse/0001-media-flexcop-usb-fix-endpoint-sanity-check.patch. - commit bad0523 - media: cec: copy sequence field for the reply (git-fixes). - commit 8765e23 - media: s5p_cec: decrement usage count if disabled (git-fixes). - commit b1a4e64 - media: cec-notifier: clear cec_adap in cec_notifier_unregister (git-fixes). - commit ac5e011 - blacklist.conf: false positive - commit 6890750 - media: cec: integrate cec_validate_phys_addr() in cec-api.c (git-fixes). - commit c1bf95d - media: cec: make cec_get_edid_spa_location() an inline function (git-fixes). - commit 8148e38 - doc/README.SUSE: Update the references list (jsc#PED-5021) * Remove the reference to Linux Documentation Project. It has been inactive for years and mostly contains old manuals that aren't relevant for contemporary systems and hardware. * Update the name and link to LWN.net. The original name &quot;Linux Weekly News&quot; has been deemphasized over time by its authors. * Update the link to Kernel newbies website. * Update the reference to The Linux Kernel Module Programming Guide. The document has not been updated for over a decade but it looks its content is still relevant for today. * Point Kernel Module Packages Manual to the current version. * Add a reference to SUSE SolidDriver Program. - commit 0edac75 - doc/README.SUSE: Update title information (jsc#PED-5021) * Drop the mention of kernel versions from the readme title. * Remove information about the original authors of the document. Rely as in case of other readmes on Git metadata to get information about all contributions. * Strip the table of contents. The document is short and easy to navigate just by scrolling through it. - commit 06f5139 - doc/README.SUSE: Update information about DUD (jsc#PED-5021) Remove a dead link to description of Device Update Disks found previously on novell.com. Replace it with a short section summarizing what DUD is and reference the mkdud + mksusecd tools and their documentation for more information. - commit 7eeba4e - Delete patches.suse/genksyms-add-override-flag.diff. The override flag is no longer used in kernel-binary. - commit 3815406 - git_sort: Add tpmdd repository. - commit a4a15c9 - s390/dasd: fix hanging device after request requeue (LTC#203632 bsc#1215121). - commit 313a92d - jbd2: restore t_checkpoint_io_list to maintain kABI (bsc#1214946). - commit 9146c38 - rpm/kernel-binary.spec.in: Drop use of KBUILD_OVERRIDE=1 Genksyms has functionality to specify an override for each type in a symtypes reference file. This override is then used instead of an actual type and allows to preserve modversions (CRCs) of symbols that reference the type. It is kind of an alternative to doing kABI fix-ups with '#ifndef __GENKSYMS__'. The functionality is hidden behind the genksyms --preserve option which primarily tells the tool to strictly verify modversions against a given reference file or fail. Downstream patch patches.suse/genksyms-add-override-flag.diff which is present in various kernel-source branches separates the override logic. It allows it to be enabled with a new --override flag and used without specifying the --preserve option. Setting KBUILD_OVERRIDE=1 in the spec file is then a way how the build is told that --override should be passed to all invocations of genksyms. This was needed for SUSE kernels because their build doesn't use --preserve but instead resulting CRCs are later checked by scripts/kabi.pl. However, this override functionality was not utilized much in practice and the only use currently to be found is in SLE11-SP1-LTSS. It means that no one should miss this option and KBUILD_OVERRIDE=1 together with patches.suse/genksyms-add-override-flag.diff can be removed. Notes for maintainers merging this commit to their branches: * Downstream patch patches.suse/genksyms-add-override-flag.diff can be dropped after merging this commit. * Branch SLE11-SP1-LTSS uses the mentioned override functionality and this commit should not be merged to it, or needs to be reverted afterwards. - commit 4aa02b8 - Update patches.suse/s390-dasd-fix-hanging-device-after-quiesce-resume.patch (git-fixes bsc#1214157 bsc#1215122). - commit 07aca49 - README: Update info about the References tag (jsc#PED-5021). * Update that JIRA issue IDs should specify an Implementation task and no longer its Epic. * Use https:// for the link to the openSUSE abbreviation list. - commit 0ba0c76 - blacklist.conf: Blacklist b98dba273a - commit b92c4bc - jbd2: simplify journal_clean_one_cp_list() (bsc#1215207). - commit 6f4c470 - usb: typec: altmodes/displayport: Fix pin assignment calculation (git-fixes). - commit 4d0c2c0 - usb: typec: altmodes/displayport: Add pin assignment helper (git-fixes). - commit 9232606 - blacklist.conf: Blasklist e5cfefa97bccf - commit 570bb0a - blacklist.conf: Add ef73dcaa3121 (&quot;powerpc: xmon: remove unused variables&quot;) - commit 79b42a6 - powerpc/iommu: Fix notifiers being shared by PCI and VIO buses (bsc#1065729). - powerpc/xics: Remove unnecessary endian conversion (bsc#1065729). - word-at-a-time: use the same return type for has_zero regardless of endianness (bsc#1065729). - powerpc/64s/exception: machine check use correct cfar for late handler (bsc#1065729). - commit 024bdb8 - blacklist.conf: Add eac030b22ea1 (&quot;powerpc/pseries: Rework lppaca_shared_proc() to avoid DEBUG_PREEMPT&quot;) - commit 7c10484 - Drivers: hv: vmbus: Don't dereference ACPI root object handle (git-fixes). - x86/hyperv: Fix NULL deref in set_hv_tscchange_cb() if Hyper-V setup fails (git-fixes). - hv_utils: Fix passing zero to 'PTR_ERR' warning (git-fixes). - commit 1c1b9d9 - udf: Fix uninitialized array access for some pathnames (bsc#1214967). - commit c4327d4 - udf: Fix off-by-one error when discarding preallocation (bsc#1214966). - commit e960575 - udf: Fix file corruption when appending just after end of preallocated extent (bsc#1214965). - commit 9b4bb47 - udf: Fix extension of the last extent in the file (bsc#1214964). - commit a800323 - quota: fix warning in dqgrab() (bsc#1214962). - commit 1c703c8 - quota: Properly disable quotas when add_dquot_ref() fails (bsc#1214961). - commit a0acebf - fs: avoid softlockups in s_inodes iterators (bsc#1215165). - commit 64a5ec2 - direct-io: allow direct writes to empty inodes (bsc#1215164). - commit 7c4d7c8 - blacklist.conf: Blacklist 69562eb0bd3e - commit f13139d - blacklist.conf: Blacklist 2112f5c1330a - commit 7d5e43d - jbd2: remove unused function '__cp_buffer_busy' (bsc#1215162). - commit 20ed76a - jbd2: check 'jh-&gt;b_transaction' before removing it from checkpoint (bsc#1214953). - commit d390fb5 - jbd2: fix checkpoint cleanup performance regression (bsc#1214952). - commit eebe7e1 - jbd2: fix a race when checking checkpoint buffer busy (bsc#1214949). - commit 2a5ddb1 - jbd2: remove t_checkpoint_io_list (bsc#1214946). - commit 83511a0 - jbd2: recheck chechpointing non-dirty buffer (bsc#1214945). - commit d58daa9 - ext4: correct inline offset when handling xattrs in inode body (bsc#1214950). - commit 032825e - jbd2: Fix wrongly judgement for buffer head removing while doing checkpoint (bsc#1214948). - commit 9167319 - ext4: fix wrong unit use in ext4_mb_clear_bb (bsc#1214943). - commit bc0cd9a - ext4: set goal start correctly in ext4_mb_normalize_request (bsc#1214940). - commit 8cc1d3d - s390/zcrypt: don't leak memory if dev_set_name() fails (git-fixes bsc#1215152). - commit 6bbbd1c - scsi: zfcp: reduce flood of fcrscn1 trace records on multi-element RSCN (git-fixes bsc#1215149). - commit a1a3484 - patches.suse/btrfs-output-extra-debug-info-if-we-failed-to-find-a.patch: (bsc#1215136). - commit edf562a - scripts/log2: Add support for patch renaming Add the check of renamed patches and properly log the changes. They have been ignored until now, and one had to write manually. - commit e36bcf3 - blacklist.conf: kABI - commit 57cf107 - blacklist.conf: cleanup, not fix - commit 61144f9 - blacklist.conf: irrelevant in our configs - commit e17de4e - blacklist.conf: kABI - commit e7ae590 - s390/cio: cio_ignore_proc_seq_next should increase position index (git-fixes bsc#1215057). - commit 128857d - s390/dasd/cio: Interpret ccw_device_get_mdc return value correctly (git-fixes bsc#1215049). - commit a97aee2 - s390/zcrypt: handle new reply code FILTERED_BY_HYPERVISOR (git-fixes bsc#1215046). - commit 44d01f3 - s390/uaccess: avoid (false positive) compiler warnings (git-fixes bsc#1215041). - commit 59bf770 - s390/qdio: add sanity checks to the fast-requeue path (git-fixes bsc#1215038). - commit b52d0b2 - s390/kasan: fix strncpy_from_user kasan checks (git-fixes bsc#1215037). - commit 9a9cc75 - s390: zcrypt: initialize variables before_use (git-fixes bsc#1215036). - commit 4af7ade - s390/pkey: add one more argument space for debug feature entry (git-fixes bsc#1215035). - commit 06b1fa0 - s390/dasd: Fix capacity calculation for large volumes (git-fixes bsc#1215034). - commit 3bac622 - s390/zcrypt: improve special ap message cmd handling (git-fixes bsc#1215032). - commit 13e8aa1 - s390/kdump: Fix memleak in nt_vmcoreinfo (git-fixes bsc#1215028). - commit b9151e6 - Bluetooth: L2CAP: Fix use-after-free in l2cap_sock_ready_cb (bsc#1214233 CVE-2023-40283). - commit eabaa85 - drm/vmwgfx: Test shader type against SVGA3d_SHADERTYPE_MIN (bsc#1203517 CVE-2022-36402) - commit 90f1895 - cifs: Fix UAF in cifs_demultiplex_thread() (bsc#1208995 CVE-2023-1192). - commit f2c9320 - add upstream tags to a few pci-hyperv patches - commit a255269 - sched/fair: Fix CFS bandwidth hrtimer expiry type (git fixes). - sched/fair: Don't NUMA balance for kthreads (git fixes). - sched/core: Check quota and period overflow at usec to nsec conversion (git fixes). - sched/core: Handle overflow in cpu_shares_write_u64 (git fixes). - sched/cpufreq: Fix kobject memleak (git fixes). - sched/topology: Fix off by one bug (git fixes). - commit 1834f8f - blacklist.conf: Cosmetic, not fix - commit 59cf877 - blacklist.conf: Relatively high-risk given the lack of a customer bug - commit b474f56 - scsi: storvsc: Fix handling of virtual Fibre Channel timeouts (git-fixes). - scsi: storvsc: Always set no_report_opcodes (git-fixes). - commit 1d90748 - blacklist.conf: optimization - commit 117c6b0 - blacklist.conf: obsoleted by later patch - commit 260ff3e - blacklist.conf: kABI - commit e0a5839 - blacklist.conf: kABI - commit 980539d - blacklist.conf: optimization - commit 2fe1477 - scsi: qla2xxx: Remove unused variables in qla24xx_build_scsi_type_6_iocbs() (bsc#1214928). - scsi: qla2xxx: Update version to 10.02.09.100-k (bsc#1214928). - Revert &quot;scsi: qla2xxx: Fix buffer overrun&quot; (bsc#1214928). - scsi: qla2xxx: Fix smatch warn for qla_init_iocb_limit() (bsc#1214928). - scsi: qla2xxx: Remove unsupported ql2xenabledif option (bsc#1214928). - scsi: qla2xxx: Error code did not return to upper layer (bsc#1214928). - scsi: qla2xxx: Add logs for SFP temperature monitoring (bsc#1214928). - scsi: qla2xxx: Fix firmware resource tracking (bsc#1214928). - scsi: qla2xxx: Flush mailbox commands on chip reset (bsc#1214928). - scsi: qla2xxx: Allow 32-byte CDBs (bsc#1214928). - scsi: qla2xxx: Move resource to allow code reuse (bsc#1214928). - scsi: qla2xxx: Remove unused declarations (bsc#1214928). - commit e3144fe - series: update metadata qla2xxx - Refresh patches.suse/scsi-qla2xxx-Adjust-IOCB-resource-on-qpair-create.patch. - Refresh patches.suse/scsi-qla2xxx-Fix-TMF-leak-through.patch. - Refresh patches.suse/scsi-qla2xxx-Fix-command-flush-during-TMF.patch. - Refresh patches.suse/scsi-qla2xxx-Fix-deletion-race-condition.patch. - Refresh patches.suse/scsi-qla2xxx-Fix-erroneous-link-up-failure.patch. - Refresh patches.suse/scsi-qla2xxx-Fix-session-hang-in-gnl.patch. - Refresh patches.suse/scsi-qla2xxx-Limit-TMF-to-8-per-function.patch. - Refresh patches.suse/scsi-qla2xxx-Turn-off-noisy-message-log.patch. - Refresh patches.suse/scsi-qla2xxx-Update-version-to-10.02.08.500-k.patch. - Refresh patches.suse/scsi-qla2xxx-fix-inconsistent-TMF-timeout.patch. - commit a78c0e0 - blacklist: add nvme-tcp/nvme-rdma path freeze patches - commit bfd23fd - module: avoid allocation if module is already present and ready (bsc#1213921). - commit ea88fa3 - module: move check_modinfo() early to early_mod_check() (bsc#1213921). - commit 4dd579c - module: move early sanity checks into a helper (bsc#1213921). - commit 2966d5d - module: extract patient module check into helper (bsc#1213921). - commit ee26ffe - blacklist.conf: Drop invplg patch - commit 6d986f2 - x86/crash: Disable virt in core NMI crash handler to avoid double shootdown (git-fixes). - commit 3755873 - x86/virt: Force GIF=1 prior to disabling SVM (for reboot flows) (git-fixes). - commit 4f2adfa - x86/mm: Fix use of uninitialized buffer in sme_enable() (git-fixes). - commit 059349a - x86/reboot: Disable SVM, not just VMX, when stopping CPUs (git-fixes). - commit ebd4ce9 - x86/mm: Do not shuffle CPU entry areas without KASLR (git-fixes). - commit 2e7ba0d - x86/bugs: Reset speculation control settings on init (git-fixes). - commit ef1a64e - x86/ioapic: Don't return 0 from arch_dynirq_lower_bound() (git-fixes). - commit 819086a - x86/speculation: Mark all Skylake CPUs as vulnerable to GDS (git-fixes). - commit a399606 - x86/microcode/AMD: Load late on both threads too (git-fixes). - commit 1a17c86 - x86/cpu/amd: Enable Zenbleed fix for AMD Custom APU 0405 (git-fixes). - commit 80a2dc8 - x86/cpu: Fix amd_check_microcode() declaration (git-fixes). - commit 2702ba0 - x86: Move gds_ucode_mitigated() declaration to header (git-fixes). - commit 723e612 - x86/CPU/AMD: Disable XSAVES on AMD family 0x17 (git-fixes). - commit ee9c9b3 - blacklist.conf: Ignore a bunch of useless patches They primarily relate to the GDS mitigations but have some implicit dependencies which aren't satisfied in SLE12-SP5 hence can't be backported without breaking the boot flow. - commit 8a7a083 - NFS: Guard against READDIR loop when entry names exceed MAXNAMELEN (git-fixes). - nfs/blocklayout: Use the passed in gfp flags (git-fixes). - NFSD: da_addr_body field missing in some GETDEVICEINFO replies (git-fixes). - fs: lockd: avoid possible wrong NULL parameter (git-fixes). - NFSD: add encoding of op_recall flag for write delegation (git-fixes). - commit 9627d5e - scripts/python/tests/test_header.py: Alt-commit tests Add unit tests for the alt-commit tag - commit 5b42b75 - ext4: avoid deadlock in fs reclaim with page writeback (bsc#1213016). - commit 9e76893 - blacklist.conf: optimization - commit 0093119 - blacklist.conf: optimization - commit 8d089ae - scripts/python/suse_git/header.py: Add Alt-commit Add a rule describing the Alt-commit tag. Also describe the usage of the Alt-commit tag in scripts/patch-tag-template. - commit a27c481 - rpm/mkspec-dtb: support for nested subdirs Commit 724ba6751532 (&quot;ARM: dts: Move .dts files to vendor sub-directories&quot;) moved the dts to nested subdirs, add a support for that. That is, generate a %dir entry in %files for them. - commit 6484eda - Bluetooth: nokia: fix value check in nokia_bluetooth_serdev_probe() (git-fixes). - commit 65ce64f - SUNRPC: always clear XPRT_SOCK_CONNECTING before xprt_clear_connecting on TCP xprt (bsc#1214453). - commit 262ee00 - libceph: fix potential hang in ceph_osdc_notify() (bsc#1214752). - commit bb71e26 - usb-storage: alauda: Fix uninit-value in alauda_check_media() (git-fixes). - commit 699a0f7 - USB: serial: simple: sort driver entries (git-fixes). - commit cd31a2c - USB: serial: simple: add Kaufmann RKS+CAN VCP (git-fixes). - commit 01910f6 - blacklist.conf: Add 541676078b52 membarrier: Disable preemption when calling smp_call_function_many() - commit abc325d - blacklist.conf: Add 295d6d5e3736 sched/deadline: Fix switching to -deadline - commit eabea96 - blacklist.conf: Add ad789f84c9a1 sched/debug: Fix cgroup_path[] serialization - commit 668acbe - blacklist.conf: Add a46d14eca7b7 sched/fair: Use rq_lock/unlock in online_fair_sched_group - commit f2e125e - USB: serial: option: add Quectel EC200A module support (git-fixes). - commit 6a79fcc - USB: serial: option: support Quectel EM060K_128 (git-fixes). - commit 08d37b2 - USB: serial: option: add Quectel EM061KGL series (git-fixes). - commit 8761a7d - USB: serial: option: add LARA-R6 01B PIDs (git-fixes). - commit f1fab77 - USB: serial: option: add u-blox LARA-L6 modem (git-fixes). - commit b920356 - net-sysfs: Call dev_hold always in rx_queue_add_kobject (git-fixes). - commit 90595e2 - net-sysfs: Call dev_hold always in netdev_queue_add_kobject (git-fixes). - commit 890c248 - net-sysfs: fix netdev_queue_add_kobject() breakage (git-fixes). - commit 29ae172 - blacklist.conf: add drivers/net/arcnet/ - commit 49ea450 - blacklist.conf: add CAIF drivers - commit e788b55 - blacklist.conf: add CONFIG_WAN and CONFIG_IEEE802154 drivers - commit 26fa349 - blacklist.conf: add CONFIG_ROSE - commit 9103b7d - blacklist.conf: add CONFIG_DECNET - commit ffa631c - blacklist.conf: add CONFIG_PHONET - commit bd0a4a9 - blacklist.conf: add CONFIG_NETROM - commit f7b4f72 - blacklist.conf: add CONFIG_X25 - commit 482c65e - blacklist.conf: add CONFIG_IEEE802154 - commit 3234431 - blacklist.conf: update blacklist - commit 9ca64d4 - netfilter: ipset: Fix an error code in ip_set_sockfn_get() (git-fixes). - commit 9e5e119 - bridge: ebtables: don't crash when using dnat target in output chains (git-fixes). - commit 6755ab5 - net-sysfs: Fix reference count leak in rx|netdev_queue_add_kobject (git-fixes). - commit ba3b4ef - xfrm: release device reference for invalid state (git-fixes). - commit edb4011 - net/fq_impl: Switch to kvmalloc() for memory allocation (git-fixes). - commit fc2b65b - blacklist.conf: add CONFIG_BATMAN_ADV - commit 4a7aeb7 - net: mana: add support for XDP_QUERY_PROG (jsc#SLE-18779, bsc#1214209). - commit 2072e0b - Input: cyttsp4_core - change del_timer_sync() to timer_shutdown_sync() (bsc#1213971 CVE-2023-4134). - commit 3678dd9 - x86/CPU/AMD: Fix the DIV(0) initial fix attempt (bsc#1213927, CVE-2023-20588). - commit 7b74a19 - x86/CPU/AMD: Do not leak quotient data after a division by 0 (bsc#1213927, CVE-2023-20588). - commit c7be7bc - old-flavors: Drop 2.6 kernels. 2.6 based kernels are EOL, upgrading from them is no longer suported. - commit 7bb5087 - net: nfc: Fix use-after-free caused by nfc_llcp_find_local (bsc#1213601 CVE-2023-3863). - nfc: llcp: simplify llcp_sock_connect() error paths (bsc#1213601 CVE-2023-3863). - nfc: llcp: nullify llcp_sock-&gt;dev on connect() error paths (bsc#1213601 CVE-2023-3863). - commit d4622dc - nfc: Fix to check for kmemdup failure (bsc#1213601 CVE-2023-3863). Refresh patches.suse/nfc-fix-refcount-leak-in-llcp_sock_connect.patch. patches.suse/nfc-fix-memory-leak-in-llcp_sock_connect.patch. patches.suse/net-nfc-fix-use-after-free-llcp_sock_bind-connect.patch. - commit 8e06144 - Refresh patches.suse/x86-srso-add-ibpb.patch. CPU_IBPB_ENTRY is non-existant on our kernels and we effectively always have it enabled, adjust patch accordingly. - commit ef69893 - x86/vmware: Enable steal time accounting (bsc#1210327). - commit af543f3 - x86/vmware: Add steal time clock support for VMware guests (bsc#1210327). - commit 7743a65 - x86/cpu/vmware: Fix platform detection VMWARE_PORT macro (bsc#1210327). - commit ea2bc47 - x86/cpu/vmware: Use the full form of INL in VMWARE_HYPERCALL, for clang/llvm (bsc#1210327). - commit 1575f32 - x86/cpu/vmware: Use the full form of INL in VMWARE_PORT (bsc#1210327). - commit 2a67cd9 - net: vmxnet3: fix possible NULL pointer dereference in vmxnet3_rq_cleanup() (bsc#1214451 CVE-2023-4459). - commit 070c8ea - kabi/severities: Ignore newly added SRSO mitigation functions - commit 8a99b91 - blacklist.conf: add drivers/net/ethernet/lantiq_etop.c - commit 26afac4 - net: bnx2x: fix variable dereferenced before check (git-fixes). - commit bda0298 - tun: fix bonding active backup with arp monitoring (git-fixes). - commit 60e162e - bonding: Fix a use-after-free problem when bond_sysfs_slave_add() failed (git-fixes). - commit 7b40920 - USB: serial: option: add support for VW/Skoda &quot;Carstick LTE&quot; (git-fixes). - commit 7c6d92a - USB: serial: option: add Quectel EM05CN modem (git-fixes). - commit 6429943 - USB: serial: option: add Quectel EM05CN (SG) modem (git-fixes). - commit e6e99a8 - net: tun: fix bugs for oversize packet when napi frags enabled (bsc#1213543 CVE-2023-3812). - commit 6b178d4 - USB: serial: cp210x: add SCALANCE LPE-9000 device id (git-fixes). - commit 533d12f - USB: serial: option: add Quectel EC200U modem (git-fixes). - commit dc34ec6 - USB: serial: cp210x: add Kamstrup RF sniffer PIDs (git-fixes). - commit b8ed016 - Refresh patches.suse/USB-serial-option-add-Quectel-EM05-G-modem.patch. - commit df40afb - Refresh patches.suse/USB-serial-option-add-support-for-u-blox-LARA-R6-fam.patch. - commit 13f6793 - USB: zaurus: Add ID for A-300/B-500/C-700 (git-fixes). - commit 7f1436c - x86/srso: Correct the mitigation status when SMT is disabled (git-fixes). - commit e345bea - x86/srso: Explain the untraining sequences a bit more (git-fixes). - commit 71144e1 - x86/cpu/kvm: Provide UNTRAIN_RET_VM (git-fixes). - commit bf1a2fa - x86/cpu: Cleanup the untrain mess (git-fixes). - commit a6086d7 - xfrm: add NULL check in xfrm_update_ae_params (bsc#1213666 CVE-2023-3772). - commit fa1caab - x86/cpu: Rename srso_(.*)_alias to srso_alias_\1 (git-fixes). - commit 2cfb3ab - x86/cpu: Rename original retbleed methods (git-fixes). - commit 1310fe3 - x86/cpu: Fix up srso_safe_ret() and __x86_return_thunk() (git-fixes). - commit e7d0cb6 - x86/cpu: Fix __x86_return_thunk symbol type (git-fixes). - commit ddb54e9 - x86/retpoline,kprobes: Skip optprobe check for indirect jumps with retpolines and IBT (git-fixes). - commit 19c2705 - x86/retpoline,kprobes: Fix position of thunk sections with CONFIG_LTO_CLANG (git-fixes). - commit 9b3cb5f - x86/srso: Disable the mitigation on unaffected configurations (git-fixes). - commit 3c5d037 - x86/retpoline: Don't clobber RFLAGS during srso_safe_ret() (git-fixes). - commit ee484fd - x86/srso: Fix build breakage with the LLVM linker (git-fixes). - commit 87ffd8d - Update config files. Drop the dpt_i2o kernel module. For: jsc#PED-4579, CVE-2023-2007 - commit 55a7a29 - fs: jfs: fix possible NULL pointer dereference in dbFree() (bsc#1214348 CVE-2023-4385). - commit 47225b2 - mkspec: Allow unsupported KMPs (bsc#1214386) - commit 55d8b82 - check-for-config-changes: ignore BUILTIN_RETURN_ADDRESS_STRIPS_PAC (bsc#1214380). gcc7 on SLE 15 does not support this while later gcc does. - commit 5b41c27 - blacklist.conf: add drivers/net/ethernet/fujitsu/ - commit 3029931 - net: vmxnet3: fix possible use-after-free bugs in vmxnet3_rq_alloc_rx_buf() (bsc#1214350 CVE-2023-4387). - commit a117715 - blacklist.conf: kABI - commit d3731cb - patches.suse/btrfs-allow-use-of-global-block-reserve-for-balance-.patch: (bsc#1214335). - commit 22c271f - kernel-binary: Common dependencies cleanup Common dependencies are copied to a subpackage, there is no need for copying defines or build dependencies there. - commit 254b03c - kernel-binary: Drop code for kerntypes support Kerntypes was a SUSE-specific feature dropped before SLE 12. - commit 2c37773 - blacklist.conf: too risky - commit 711552b - usb: xhci-mtk: set the dma max_seg_size (git-fixes). - commit 96d510e - usb: xhci: Check endpoint is valid before dereferencing it (git-fixes). - commit 759ec87 - xhci-pci: set the dma max_seg_size (git-fixes). - commit fed4fe1 - xhci: Remove device endpoints from bandwidth list when freeing the device (git-fixes). - commit 841d8bb - usb: host: xhci: Fix potential memory leak in xhci_alloc_stream_info() (git-fixes). - commit c04f324 - powerpc/mm/altmap: Fix altmap boundary check (bsc#1120059 git-fixes). - commit 4b78272 - bnx2x: fix page fault following EEH recovery (bsc#1214299). - commit 04ecd0c - net/af_unix: fix a data-race in unix_dgram_poll (git-fixes). - commit c65eb1d - udp6: Fix race condition in udp6_sendmsg &amp; connect (git-fixes). - commit 8bfe338 - af_unix: Fix a data race of sk-&gt;sk_receive_queue-&gt;qlen (git-fixes). - commit fa2c287 - af_key: Fix send_acquire race with pfkey_register (git-fixes). - commit f3afa57 - af_packet: fix data-race in packet_setsockopt / packet_setsockopt (git-fixes). - commit 67256be - powerpc/pseries: Honour current SMT state when DLPAR onlining CPUs (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). - powerpc: Add HOTPLUG_SMT support (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). Update config files. - powerpc/pseries: Initialise CPU hotplug callbacks earlier (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). - cpu/SMT: Allow enabling partial SMT states via sysfs (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). - cpu/SMT: Create topology_smt_thread_allowed() (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). - commit 6c86f9a - blacklist.conf: Add a07db5c08657 sched/core: Fix CPU controller for !RT_GROUP_SCHED - commit dd8fafd - blacklist.conf: Add 354d77930706 sched/autogroup: Fix possible Spectre-v1 indexing for sched_prio_to_weight[] - commit 9062495 - net/af_unix: fix a data-race in unix_dgram_sendmsg / unix_release_sock (git-fixes). - commit 210495b - udp: fix race between close() and udp_abort() (git-fixes). - commit a5be337 - skbuff: fix a data race in skb_queue_len() (git-fixes). - commit 5ea9284 - packet: fix data-race in fanout_flow_is_huge() (git-fixes). - commit 4e14632 - net: icmp: fix data-race in cmp_global_allow() (git-fixes). - Refresh patches.suse/icmp-randomize-the-global-rate-limiter.patch. - commit ac95ea3 - inetpeer: fix data-race in inet_putpeer / inet_putpeer (git-fixes). - commit 80a2ee8 - packet: unconditionally free po-&gt;rollover (git-fixes). - commit b37ed03 - media: usb: siano: Fix warning due to null work_func_t function pointer (bsc#1213969 CVE-2023-4132). - commit 75a6a97 - media: usb: siano: Fix use after free bugs caused by do_submit_urb (bsc#1213969 CVE-2023-4132). - commit 4613c3a - netfilter: nf_conntrack: Fix possible possible crash on module loading (git-fixes). - commit 6f6cadf - blacklist.conf: update blacklist - commit f72ef52 - x86/speculation: Add cpu_show_gds() prototype (git-fixes). - commit 9cd20c4 - fs/sysv: Null check to prevent null-ptr-deref bug (git-fixes). - commit f41c2a0 - net/sched: cls_route: No longer copy tcf_result on update to avoid use-after-free (bsc#1214149 CVE-2023-4128). - net/sched: cls_fw: No longer copy tcf_result on update to avoid use-after-free (bsc#1214149 CVE-2023-4128). - net/sched: cls_u32: No longer copy tcf_result on update to avoid use-after-free (bsc#1214149 CVE-2023-4128). - commit c462108 - Sort latest foray of security patches - Refresh patches.suse/kvm-add-gds_no-support-to-kvm.patch. - Refresh patches.suse/x86-speculation-add-gather-data-sampling-mitigation.patch. - Refresh patches.suse/x86-srso-add-a-speculative-ras-overflow-mitigation.patch. - Refresh patches.suse/x86-srso-add-srso_no-support.patch. - commit 6e04a2d - s390/dasd: fix hanging device after quiesce/resume (git-fixes bsc#1214157). - commit a759906 - cxgb4: fix use after free bugs caused by circular dependency problem (bsc#1213970 CVE-2023-4133). - timers: Provide timer_shutdown[_sync]() (bsc#1213970). - timers: Add shutdown mechanism to the internal functions (bsc#1213970). - timers: Split [try_to_]del_timer[_sync]() to prepare for shutdown mode (bsc#1213970). - timers: Silently ignore timers with a NULL function (bsc#1213970). - timers: Rename del_timer() to timer_delete() (bsc#1213970). - timers: Rename del_timer_sync() to timer_delete_sync() (bsc#1213970). - timers: Use del_timer_sync() even on UP (bsc#1213970). - timers: Update kernel-doc for various functions (bsc#1213970). - timers: Replace BUG_ON()s (bsc#1213970). - clocksource/drivers/sp804: Do not use timer namespace for timer_shutdown() function (bsc#1213970). - clocksource/drivers/arm_arch_timer: Do not use timer namespace for timer_shutdown() function (bsc#1213970). - ARM: spear: Do not use timer namespace for timer_shutdown() function (bsc#1213970). - commit 7812c75 - xen/netback: Fix buffer overrun triggered by unusual packet (CVE-2023-34319, XSA-432, bsc#1213546). - commit 3798a75 - Refresh patches.kabi/cpufeatures-kabi-fix.patch. - commit c9296b1 - x86/srso: Tie SBPB bit setting to microcode patch detection (bsc#1213287, CVE-2023-20569). - commit 18888c5 - blacklist.conf: (&quot;arm64: Use correct ll/sc atomic constraints&quot;) - commit fe276b3 - blacklist.conf: (&quot;arm64: Avoid redundant type conversions in xchg() and cmpxchg()&quot;) - commit bd2ee86 - bpf, arm64: use more scalable stadd over ldxr / stxr loop in xadd (git-fixes) - commit 17e6299 - bpf, arm64: remove prefetch insn in xadd mapping (git-fixes) - commit 07a4057 - arm64: vdso: Fix clock_getres() for CLOCK_REALTIME (git-fixes) - commit ebeacd1 - arm64: Re-enable support for contiguous hugepages (git-fixes) - commit ebd168a - ubifs: fix snprintf() checking (git-fixes). - commit 43c222a - net: tap_open(): set sk_uid from current_fsuid() (CVE-2023-4194 bsc#1214019). - net: tun_chr_open(): set sk_uid from current_fsuid() (CVE-2023-4194 bsc#1214019). - commit 82ba5a9 - tracing: Fix warning in trace_buffered_event_disable() (git-fixes). - commit d93f525 - ring-buffer: Fix wrong stat of cpu_buffer-&gt;read (git-fixes). - commit 0dc7589 - fs: hfsplus: remove WARN_ON() from hfsplus_cat_{read,write}_inode() (git-fixes). - commit 90060d8 - nfsd: Remove incorrect check in nfsd4_validate_stateid (git-fixes). - commit 8542ece - scripts/lib/SUSE/MyBS.pm: avoid i586 from factory also under openSUSE.org When one uses openSUSE.org: prefix as an IBS project, exclude openSUSE:Factory's i586 too. (And use LEGACYX86 instead.) - commit fef5d5e - Update config files. - Refresh patches.suse/x86-srso-add-srso_no-support.patch. Ensure SRSO is always built and also ensure that msr interception works correctly when writing to PRED_CMD msr with the SRSO_NO capability present. - commit c88c60d - patches.kabi/cpufeatures-kabi-fix.patch: (bsc#1213287, CVE-2023-20569). x86 bug bits alias into cap bits. However with the introduction of the kABI fix for CPUID bits bug and cap ints need to be handled separately. - commit 335c50e - s390/ftrace: fix endless recursion in function_graph tracer (git-fixes bsc#1213912). - commit dee4f50 - s390/time: ensure get_clock_monotonic() returns monotonic values (git-fixes bsc#1213911). - commit 5c3c506 - s390/cpum_sf: Check for SDBT and SDB consistency (git-fixes bsc#1213910). - commit b02a979 - s390/cpum_sf: Avoid SBD overflow condition in irq handler (git-fixes bsc#1213908). - commit a9dbd12 - s390/smp: __smp_rescan_cpus() - move cpumask away from stack (git-fixes bsc#1213906). - commit c4dc11f - s390/smp: fix physical to logical CPU map for SMT (git-fixes bsc#1213904). - commit 8c91a3b - blacklist.conf: cleanup commit - commit 4d18b38 - net: usb: qmi_wwan: add support for Compal RXM-G1 (git-fixes). - commit d1428d0 - blacklist.conf: This is a feature - commit 99bb16b - s390/jump_label: print real address in a case of a jump label bug (git-fixes bsc#1213899). - commit c684264 - kabi fix test - commit 87ce69f - bpf: add missing header file include (bsc#1211738 CVE-2023-0459). - commit ca4ea63 - s390/cpum_sf: Adjust sampling interval to avoid hitting sample limits (git-fixes bsc#1213827). - commit 8ee8817 - s390/maccess: add no DAT mode to kernel_write (git-fixes bsc#1213825). - commit bab3d2c - vfio-ccw: Release any channel program when releasing/removing vfio-ccw mdev (git-fixes bsc#1213823). - commit 60eb99d - vfio-ccw: Prevent quiesce function going into an infinite loop (git-fixes bsc#1213819). - commit 123e763 - Update patches.suse/scsi-zfcp-Fix-missing-auto-port-scan-and-thus-missing-target-ports (git-fixes bsc#1202670). - commit dacbbc4 - Update patches.suse/s390-dasd-fix-no-record-found-for-raw_track_access.patch (git-fixes bsc#1212266 bsc#1207528). - commit ae7fc88 - blacklist.conf: build warnings only - commit 6609aaf - media: videodev2.h: Fix struct v4l2_input tuner index comment (git-fixes). - commit 5a43e28 - block: Fix a source code comment in include/uapi/linux/blkzoned.h (git-fixes). - commit d8748d6 - blacklist.conf: kABI - commit 2515e35 - blacklist.conf: kABI - commit ec2e2d5 - blacklist.conf: kABI - commit d01b20b - blacklist.conf: irrelevant because you are not to do upstream development with a SLE12 kernel - commit 1dcedba - blacklist.conf: irrelevant build fix - commit db201cc - blacklist.conf: irrelevant build fix - commit ef696c2 - blacklist.conf: irrelevant build fix - commit e324526 - blacklist.conf: irrelevant build fix - commit 280f872 - livepatch: check kzalloc return values (git-fixes). - commit c090f07 - virtio_net: bugfix overflow inside xdp_linearize_page() (git-fixes). - commit b6531dc - virtio-net: Keep stop() to follow mirror sequence of open() (git-fixes). - commit 6c6da5a - vhost/vsock: Use kvmalloc/kvfree for larger packets (git-fixes). - commit 95a2d87 - virtio_net: fix xdp_rxq_info bug after suspend/resume (git-fixes). - commit cededae - virtio-mmio: fix missing put_device() when vm_cmdline_parent registration failed (git-fixes). - commit cc5a462 - s390/numa: move initial setup of node_to_cpumask_map (git-fixes bsc#1213766). - commit 44aa432 - net/sched: cls_u32: Fix reference counter leak leading to overflow (CVE-2023-3609 bsc#1213586). - commit a166dc2 - virtio-pci: Remove wrong address verification in vp_del_vqs() (git-fixes). - commit fb88881 - blacklist.conf: triggers kABI check (bsc#1213350) - commit c36a4a3 - blacklist.conf: just a cleanup that doesn't fix anything - commit bef0bce - blacklist.conf: a fix for never packported patch - commit e2e42cd - Fix double fget() in vhost_net_set_backend() (git-fixes). - commit e283c32 - vhost/vsock: don't check owner in vhost_vsock_stop() while releasing (git-fixes). - commit 6e93d45 - net/sched: cls_fw: Fix improper refcount update leads to use-after-free (CVE-2023-3776 bsc#1213588). - commit 0349f73 - net/sched: sch_qfq: account for stab overhead in qfq_enqueue (CVE-2023-3611 bsc#1213585). - net/sched: sch_qfq: refactor parsing of netlink parameters (bsc#1213585). - blacklist follow-up commit 158810b261d0 (&quot;net/sched: sch_qfq: reintroduce lmax bound check for MTU&quot;) as unlike the original upstream commit, our backport does not remove the check - commit 5488c28 - net: skip virtio_net_hdr_set_proto if protocol already set (git-fixes). - commit 8780cf7 - virtio_ring: Fix querying of maximum DMA mapping size for virtio device (git-fixes). - commit 8dacd2d - vhost/vsock: fix incorrect used length reported to the guest (git-fixes). - commit 2a64a7c - net: virtio_net_hdr_to_skb: count transport header in UFO (git-fixes). - commit 9757e32 - vhost_net: fix OoB on sendmsg() failure (git-fixes). - commit 88459d6 - x86/srso: Add IBPB on VMEXIT (bsc#1213287, CVE-2023-20569). - commit 14120fa - vringh: Use wiov-&gt;used to check for read/write desc order (git-fixes). - commit 6df31aa - x86/srso: Add IBPB (bsc#1213287, CVE-2023-20569). - commit 373f015 - x86/srso: Add SRSO_NO support (bsc#1213287, CVE-2023-20569). - commit 447a133 - x86/cpu, kvm: Add support for CPUID_80000021_EAX (bsc#1213287, CVE-2023-20569). - commit 8553516 - vhost: Fix the calculation in vhost_overflow() (git-fixes). - commit 53b92b7 - Delete patches.suse/memcg-drop-kmem-limit_in_bytes.patch. Remove the patch due to causing bsc#1213705. - commit 3f5780d - x86/srso: Add IBPB_BRTYPE support (bsc#1213287, CVE-2023-20569). - commit 52998d3 - virtio: Improve vq-&gt;broken access to avoid any compiler optimization (git-fixes). - commit e78eee9 - virtio_net: Fix error handling in virtnet_restore() (git-fixes). - commit 6e0d3eb - x86: Sanitize linker script (bsc#1213287, CVE-2023-20569). - commit 631311e - x86/retbleed: Add __x86_return_thunk alignment checks (bsc#1213287, CVE-2023-20569). - commit 00b523c - vringh: fix __vringh_iov() when riov and wiov are different (git-fixes). - commit fc76995 - x86/srso: Add a Speculative RAS Overflow mitigation (bsc#1213287, CVE-2023-20569). - commit ef43cae - vhost/vsock: fix packet delivery order to monitoring devices (git-fixes). - commit 23364e7 - scsi: qla2xxx: Update version to 10.02.08.500-k (bsc#1213747). - scsi: qla2xxx: fix inconsistent TMF timeout (bsc#1213747). - scsi: qla2xxx: Fix TMF leak through (bsc#1213747). - scsi: qla2xxx: Turn off noisy message log (bsc#1213747). - scsi: qla2xxx: Fix session hang in gnl (bsc#1213747). - scsi: qla2xxx: Fix erroneous link up failure (bsc#1213747). - scsi: qla2xxx: Fix command flush during TMF (bsc#1213747). - scsi: qla2xxx: Limit TMF to 8 per function (bsc#1213747). - scsi: qla2xxx: Adjust IOCB resource on qpair create (bsc#1213747). - scsi: qla2xxx: Fix deletion race condition (bsc#1213747). - commit ccb6c62 - scsi: qla2xxx: Fix error code in qla2x00_start_sp() (bsc#1213747). - scsi: qla2xxx: Silence a static checker warning (bsc#1213747). - scsi: qla2xxx: Remove unused nvme_ls_waitq wait queue (bsc#1213747). - scsi: qla2xxx: Update version to 10.02.08.400-k (bsc#1213747). - scsi: qla2xxx: Correct the index of array (bsc#1213747). - scsi: qla2xxx: Pointer may be dereferenced (bsc#1213747). - scsi: qla2xxx: Fix buffer overrun (bsc#1213747). - scsi: qla2xxx: Check valid rport returned by fc_bsg_to_rport() (bsc#1213747). - scsi: qla2xxx: Avoid fcport pointer dereference (bsc#1213747). - scsi: qla2xxx: Fix potential NULL pointer dereference (bsc#1213747). - scsi: qla2xxx: Array index may go out of bound (bsc#1213747). - scsi: qla2xxx: Drop useless LIST_HEAD (bsc#1213747). - scsi: qla2xxx: Fix end of loop test (bsc#1213747). - scsi: qla2xxx: Fix NULL pointer dereference in target mode (bsc#1213747). - commit f23fa07 - virtio-balloon: fix managed page counts when migrating pages between zones (git-fixes). - commit 5ada11d - vhost/vsock: split packets to send using multiple buffers (git-fixes). - commit e3832ce - vhost/test: fix build for vhost test (git-fixes). - commit 1e9d49e - vsock/virtio: stop workers during the .remove() (git-fixes). - commit 1f19f2b - vsock/virtio: use RCU to avoid use-after-free on the_virtio_vsock (git-fixes). - commit a525dd1 - kernel-binary.spec.in: Remove superfluous %% in Supplements Fixes: 02b7735e0caf (&quot;rpm/kernel-binary.spec.in: Add Enhances and Supplements tags to in-tree KMPs&quot;) - commit 264db74 - vhost_net: disable zerocopy by default (git-fixes). - commit 05e0782 - xen/blkfront: Only check REQ_FUA for writes (git-fixes). - commit 2f31c71 - scripts/CKC: mark local variables as such The default global and dynamic scope nature of bash variables is causing some race conditions. For example, missing hashes are sometimes printed and sometimes not, depending on what is found in $missing variable. For loops and functions are polluting global namespace with outdated state that is being picked up on their next run. We should religiously mark local variables as such unless we want to explicity do global store. - commit 34619f5 - git_sort: netdev remotes switched from master to main branch - commit 3544134 - s390/cio: check the subchannel validity for dev_busid (bsc#1207526). - commit 512a26a - s390/cio: add dev_busid sysfs entry for each subchannel (bsc#1207526). - commit ff8d9d4 - s390/cio: introduce io_subchannel_type (bsc#1207526). - Refresh patches.suse/s390-cio-generate-delayed-uevent-for-vfio-ccw-subchannels. - commit c7d1471 - vc_screen: don't clobber return value in vcs_read (bsc#1213167 CVE-2023-3567). - vc_screen: modify vcs_size() handling in vcs_read() (bsc#1213167 CVE-2023-3567). - vc_screen: move load of struct vc_data pointer in vcs_read() to avoid UAF (bsc#1213167 CVE-2023-3567). - commit d1352c9 - x86/microcode/AMD: Make stub function static inline (bsc#1213286, CVE-2023-20593) Refresh patches.suse/x86-cpu-amd-add-a-zenbleed-fix.patch. - commit 78a62d1 - svcrdma: Prevent page release when nothing was received (git-fixes). - SUNRPC: Fix UAF in svc_tcp_listen_data_ready() (git-fixes). - nfsd: fix double fget() bug in __write_ports_addfd() (git-fixes). - SUNRPC: remove the maximum number of retries in call_bind_status (git-fixes). - NFSv4.1: Always send a RECLAIM_COMPLETE after establishing lease (git-fixes). - commit 2c4e751 - blacklist.conf: added drbd git-fix to ignore - commit c682535 - blacklist.conf: Add a not-relevant ftrace fix - commit 95f476b - ring-buffer: Fix deadloop issue on reading trace_pipe (git-fixes). - commit 2ca6140 - rpm/mkspec-dtb: add riscv64 dtb-allwinner subpackage - commit ec82ffc - README.BRANCH: Add myself as co-maintainer - commit 432c0e5 - KVM: Add GDS_NO support to KVM (bsc#1206418, CVE-2022-40982). - commit 363876a - x86/speculation: Add Gather Data Sampling mitigation (bsc#1206418, CVE-2022-40982). - commit 89ac44a - netfilter: nf_tables: prevent OOB access in nft_byteorder_eval (CVE-2023-35001 bsc#1213059). - commit 846f417 - fuse: revalidate: don't invalidate if interrupted (bsc#1213525). - commit d6449dc - uaccess: Add speculation barrier to copy_from_user() (bsc#1211738 CVE-2023-0459). - commit 8370997 - ocfs2: fix use-after-free when unmounting read-only filesystem (git-fixes). - commit 2b3e0de - ocfs2: check new file size on fallocate call (git-fixes). - commit 39f6614 - x86/cpu/amd: Add a Zenbleed fix (bsc#1213286, CVE-2023-20593). - commit 9c7bbf1 - x86/cpu/amd: Move the errata checking functionality up (bsc#1213286, CVE-2023-20593). - commit 06feaef - USB: serial: option: add u-blox LARA-R6 00B modem (git-fixes). - commit 722987b - blacklist.conf: risk of regression - commit 77e520e - USB: serial: option: add Fibocom FM160 0x0111 composition (git-fixes). - commit 5e781fe - USB: serial: option: add Sierra Wireless EM9191 (git-fixes). - commit a5c215c - blacklist.conf: kABI - commit 272efb8 - USB: serial: option: add Quectel EM05-G (RS) modem (git-fixes). - commit a3f4bd9 - USB: serial: option: add Quectel EM05-G (GR) modem (git-fixes). - commit 0683869 - powerpc/security: Fix Speculation_Store_Bypass reporting on Power10 (bsc#1188885 ltc#193722 git-fixes). - powerpc/64: Update Speculation_Store_Bypass in /proc/&lt;pid&gt;/status (bsc#1188885 ltc#193722 git-fixes). - commit c14b3fc - Refresh patches.suse/keys-Fix-linking-a-duplicate-key-to-a-keyring-s-asso.patch. - commit ed0f049 - Refresh patches.suse/cifs-split-out-ses-and-tcon-retrieval-from-mount_get_conns-.patch. - Refresh patches.suse/cifs-support-nested-dfs-links-over-reconnect.patch. Fix backport of patches.suse/cifs-support-nested-dfs-links-over-reconnect.patch (bsc#1212871) - commit 3f2dafd - blacklist.conf: fix for patch that is not included - commit 8426871 - s390/perf: Return error when debug_register fails (git-fixes bsc#1212657). - commit 0fcfe58 - Update patches.suse/08-x86-bugs-provide-boot-parameters-for-the-spec_store_bypass_disable-mitigation.patch (bsc#1087082 CVE-2018-3639 bsc#1207561). - commit cdd6858 - Update patches.suse/08-x86-bugs-provide-boot-parameters-for-the-spec_store_bypass_disable-mitigation.patch (bsc#1087082 CVE-2018-3639 bsc#1207561). - commit 35a0609 - rpm: Update dependency to match current kmod. - commit d687dc3 - usb: core: add quirk for Alcor Link AK9563 smartcard reader (git-fixes). - commit 8095fd4 - usb: add NO_LPM quirk for Realforce 87U Keyboard (git-fixes). - commit 6c36377 - uas: ignore UAS for Thinkplus chips (git-fixes). - commit 6536763 - usb-storage: Add Hiksemi USB3-FW to IGNORE_UAS (git-fixes). - commit 454dfcf - uas: add no-uas quirk for Hiksemi usb_disk (git-fixes). - commit 49cc350 - USB: hcd-pci: Fully suspend across freeze/thaw cycle (git-fixes). - commit 9d12426 - usb: hub: Add delay for SuperSpeed hub resume to let links transit to U0 (git-fixes). - commit ec30965 - usb: core: hub: Disable autosuspend for Cypress CY7C65632 (git-fixes). - Refresh patches.suse/usb-core-hub-disable-autosuspend-for-TI-TUSB8041.patch. - commit 3ec99e4 - x86/speculation/mmio: Print SMT warning (git-fixes). - commit 304caaa - x86: Fix return value of __setup handlers (git-fixes). - commit 53fc9a6 - x86/delay: Fix the wrong asm constraint in delay_loop() (git-fixes). - commit 873671b - x86/cpu: Load microcode during restore_processor_state() (git-fixes). - commit e7bd394 - x86/bugs: Remove apostrophe typo (git-fixes). - commit 972a8b3 - x86/bugs: Enable STIBP for JMP2RET (git-fixes). - Refresh patches.suse/x86-bugs-enable-stibp-for-ibpb-mitigated-retbleed.patch. - commit c8acef1 - x86/bugs: Warn when &quot;ibrs&quot; mitigation is selected on Enhanced IBRS parts (git-fixes). - commit ba92ee5 - blacklist.conf: cosmetic change - commit 4490310 - s390: limit brk randomization to 32MB (git-fixes bsc#1213346). - commit 99a7771 - s390/perf: Change CPUM_CF return code in event init function (git-fixes bsc#1213344). - commit 8991783 - git_sort: Add OF fixes branch. - commit 2b00b1d - blacklist.conf: cleanup designed to break kABI - commit 9af40cb - net: mana: Add support for vlan tagging (bsc#1212301). - commit 9f17643 - s390/dasd: fix memleak in path handling error case (git-fixes bsc#1213221). - commit d16f3d6 - vfio-ccw: Do not call flush_workqueue while holding the spinlock (git-fixes bsc#1213218). - commit 99ea851 - vfio-ccw: fence off transport mode (git-fixes bsc#1213215). - commit 09eec4a - blacklist.conf: license change - commit 092eb89 - btrfs: fix resolving backrefs for inline extent followed by prealloc (bsc#1213133). - commit 9143ce4 - fs: hfsplus: fix UAF issue in hfsplus_put_super (bsc#1211867, CVE-2023-2985). - commit 0939c1b - memcg: drop kmem.limit_in_bytes (bsc#1208788, bsc#1212905). - commit 3699a6e - Update metadata - commit 4f06ed0 - rpm/check-for-config-changes: ignore also RISCV_ISA_* and DYNAMIC_SIGFRAME They depend on CONFIG_TOOLCHAIN_HAS_*. - commit 1007103 - powerpc/mm/dax: Fix the condition when checking if altmap vmemap can cross-boundary (bsc#1150305 ltc#176097 git-fixes). - commit 49e2ec1 - ubi: Fix failure attaching when vid_hdr offset equals to (sub)page size (bsc#1210584). - ubi: ensure that VID header offset + VID header size &lt;= alloc, size (bsc#1210584). - commit 4331e8e - scripts/gitlog2changes: Handle SSH signatures Commit a384f306f91 (Fix parsing of GPG-signed commit) added the ability to handle lines beginning with gpgsig but only added the check for the PGP signatures. It would mark the state as being within a signature and not print anything and get stuck in that state because the check was only looking for PGP and not SSH signatures like the ones used in the repo. - commit 98cedc3 - blacklist.conf: Blacklist a408f33e895e4 - commit 6fc7467 - include/trace/events/writeback.h: fix -Wstringop-truncation warnings (bsc#1213023). - blacklist.conf: Remove commit d1a445d3b8 from blacklist - patches.suse/writeback-Fix-sync-livelock-due-to-b_dirty_time-proc.patch: Refresh - commit 4c9bb20 - lib/string: Add strscpy_pad() function (bsc#1213023). - commit 3c00676 - fs: fix guard_bio_eod to check for real EOD errors (bsc#1213042). - commit a1e013d - udf: Check consistency of Space Bitmap Descriptor (bsc#1210771). - commit 7ebedbc - udf: Do not update file length for failed writes to inline files (bsc#1213041). - commit 18b4c06 - udf: Do not bother merging very long extents (bsc#1213040). - commit b8138fe - udf: Truncate added extents on failed expansion (bsc#1213039). - commit edadd0d - udf: Define EFSCORRUPTED error code (bsc#1213038). - commit b1ce7bf - udf: Fix extending file within last block (bsc#1213037). - commit 43eaf71 - udf: Discard preallocation before extending file with a hole (bsc#1213036). - commit d6c23d6 - udf: Do not bother looking for prealloc extents if i_lenExtents matches i_size (bsc#1213035). - commit 4ee0c8f - udf: Fix preallocation discarding at indirect extent boundary (bsc#1213034). - commit 4ad4e85 - udf: Drop unused arguments of udf_delete_aext() (bsc#1213033). - commit 1a487a5 - udf: Avoid double brelse() in udf_rename() (bsc#1213032). - commit c1551d1 - inotify: Avoid reporting event with invalid wd (bsc#1213025). - commit 1b40fc6 - writeback: fix call of incorrect macro (bsc#1213024). - commit be6c80a - memcg: fix a crash in wb_workfn when a device disappears (bsc#1213023). Refresh patches.suse/writeback-Fix-sync-livelock-due-to-b_dirty_time-proc.patch - commit ab66f3a - blkcg, writeback: dead memcgs shouldn't contribute to writeback ownership arbitration (bsc#1213022). - commit deeb8e8 - blacklist.conf: Blacklist 12e0613715e1 - commit 0f8099a - ext4: fix to check return value of freeze_bdev() in ext4_shutdown() (bsc#1213021). - commit e4bb61c - ext4: Fix reusing stale buffer heads from last failed mounting (bsc#1213020). - commit 39e60c2 - ext4: only update i_reserved_data_blocks on successful block allocation (bsc#1213019). - commit 9a3a64e - blacklist.conf: Blacklist dea9d8f7643f - commit 2a0b76b - ext4: bail out of ext4_xattr_ibody_get() fails for any reason (bsc#1213018). - commit e0aebad - blacklist.conf: Blacklist 2220eaf90992 - commit 0a7a059 - ext4: improve error recovery code paths in __ext4_remount() (bsc#1213017). - commit 0d0eede - blacklist.conf: Blacklist aff3bea95388 - commit 4c5264c - blacklist.conf: Blacklist 4f04351888a8 - commit 15cda77 - blacklist.conf: Blacklist b87c7cdf2bed - commit 2eafae9 - blacklist.conf: Blacklist 463808f237cf - commit 6d6f5a5 - ext4: fix i_disksize exceeding i_size problem in paritally written case (bsc#1213015). - commit 7b579a0 - jdb2: Don't refuse invalidation of already invalidated buffers (bsc#1213014). - commit 0c38716 - blacklist.conf: Blacklist 93cdf49f6eca - commit 725de91 - ext4: zero i_disksize when initializing the bootloader inode (bsc#1213013). - commit 1c940cb - ext4: fix WARNING in ext4_update_inline_data (bsc#1213012). - commit c52c259 - ext4: move where set the MAY_INLINE_DATA flag is set (bsc#1213011). - commit 5819fe4 - ext4: fix RENAME_WHITEOUT handling for inline directories (bsc#1210766). - commit c039f47 - ext4: fix cgroup writeback accounting with fs-layer encryption (bsc#1210765). - commit dd448da - blacklist.conf: Blacklist 0813299c586b - commit bd6a717 - blacklist.conf: Blacklist 0f7bfd6f8164 - commit 2a94ded - ext4: fail ext4_iget if special inode unallocated (bsc#1213010). - commit 630fe8f - blacklist.conf: Blacklist e4db04f7d3db, 1e9d62d25281, f31173c19901 - commit 77a2527 - blacklist.conf: Blacklist cc12a6f25e07 - commit 3c8b58f - ext4: avoid unaccounted block allocation when expanding inode (bsc#1207634). - commit 9e6d432 - ext4: initialize quota before expanding inode in setproject ioctl (bsc#1207633). - commit b8cc1a5 - ext4: fix deadlock due to mbcache entry corruption (bsc#1207653). - commit cb6b593 - igb: revert rtnl_lock() that causes deadlock (git-fixes). - Refresh patches.suse/igb-Enable-SR-IOV-after-reinit.patch. - commit e174406 - fs: dlm: handle -EBUSY first in lock arg validation (git-fixes). - commit ba06019 - fs: dlm: fix race between test_bit() and queue_work() (git-fixes). - commit af66625 - dlm: fix missing lkb refcount handling (git-fixes). - commit 1fdc07a - dlm: fix plock invalid read (git-fixes). - commit 5846a6b - fs: dlm: filter user dlm messages for kernel locks (git-fixes). - commit 70cf60c - fs: dlm: fix memory leak when fenced (git-fixes). - commit d603d38 - fs: dlm: cancel work sync othercon (git-fixes). - commit ae6c300 - fs: dlm: fix debugfs dump (git-fixes). - commit 93164bc - fs: dlm: fix configfs memory leak (git-fixes). - commit afdd8b1 - dlm: fix invalid cluster name warning (git-fixes). - commit a02356b - dlm: NULL check before kmem_cache_destroy is not needed (git-fixes). - commit 7f3aa73 - dlm: fix missing idr_destroy for recover_idr (git-fixes). - commit 5d97801 - dlm: fix possible call to kfree() for non-initialized pointer (git-fixes). - commit 52d34af - dlm: Delete an unnecessary variable initialisation in dlm_ls_start() (git-fixes). - commit 8663a16 - ext4: avoid BUG_ON when creating xattrs (bsc#1205496). - commit 349d51a - ext4: fix error code return to user-space in ext4_get_branch() (bsc#1207630). - commit f7cb6ba - ext4: init quota for 'old.inode' in 'ext4_rename' (bsc#1207629). - commit ffba993 - ext4: fix bug_on in __es_tree_search caused by bad boot loader inode (bsc#1207620). - commit cccc3e5 - ext4: add inode table check in __ext4_get_inode_loc to aovid possible infinite loop (bsc#1207617). - commit 859359e - jbd2: fix assertion 'jh-&gt;b_frozen_data == NULL' failure when journal aborted (bsc#1202716). - commit e85fc79 - blacklist.conf: Blacklist 310c097c2bdb - commit 522a9c3 - fs: prevent BUG_ON in submit_bh_wbc() (bsc#1212990). Refresh patches.suse/ext4-fix-error-code-in-ext4_commit_super.patch - commit daeb235 - jbd2: abort journal if free a async write error metadata buffer (bsc#1212989). - commit 5f2b1c4 - jbd2: fix data races at struct journal_head (bsc#1173438). - commit 7c8dc88 - blacklist.conf: Blacklist 24dc9864914e - commit b656355 - jbd2: Fix statistics for the number of logged blocks (bsc#1212988). - commit 9de4b16 - jbd2: fix invalid descriptor block checksum (bsc#1212987). - commit 8705ef8 - jbd2: fix race when writing superblock (bsc#1212986). - commit 6256642 - blacklist.conf: Add 6f363f5aa845 cgroup: Do not corrupt task iteration when rebinding subsystem - commit e6c7d2e - patches.suse/btrfs-unset-reloc-control-if-transaction-commit-fail.patch: (bsc#1212051). - commit f5c0b6d - ceph: fix use-after-free bug for inodes when flushing capsnaps (bsc#1212938). - commit e731236 - Remove more packaging cruft for SLE &lt; 12 SP3 - commit a16781c - Get module prefix from kmod (bsc#1212835). - commit f6691b0 - scripts/CKC: for hashes, check even the base kernel Thanks to Michal Koutný (mkoutny@suse.com) for the review. - commit ec71870 - blacklist.conf: gcc 12 issue - commit 612c29c - blacklist.conf: cosmetic fix to suppress a compiler warning - commit f46848d - rpm/check-for-config-changes: ignore also PAHOLE_HAS_* We now also have options like CONFIG_PAHOLE_HAS_LANG_EXCLUDE. - commit 86b52c1 - fs: ocfs2: fix a possible null-pointer dereference in ocfs2_write_end_nolock() (git-fixes). - commit ea30d59 - fs: ocfs2: fix a possible null-pointer dereference in ocfs2_info_scan_inode_alloc() (git-fixes). - commit 4a538d4 - ocfs2: fix non-auto defrag path not working issue (git-fixes). - commit 28a9871 - ocfs2: fix defrag path triggering jbd2 ASSERT (git-fixes). - commit 190f99a - ocfs2: fix memory leak in ocfs2_stack_glue_init() (git-fixes). - commit ac6dbde - ocfs2: clear dinode links count in case of error (git-fixes). - commit f1a97d4 - ocfs2: fix BUG when iput after ocfs2_mknod fails (git-fixes). - commit e11f180 - ocfs2: dlmfs: fix error handling of user_dlm_destroy_lock (git-fixes). - commit 70db5f3 - ocfs2: fix a NULL pointer dereference when call ocfs2_update_inode_fsync_trans() (git-fixes). - commit f3e26c1 - ocfs2: call journal flush to mark journal as empty after journal recovery when mount (git-fixes). - commit d5a28a3 - ocfs2: clear zero in unaligned direct IO (git-fixes). - commit 4189b4d - ocfs2: wait for recovering done after direct unlock request (git-fixes). - commit b3e22bb - ocfs2: remove set but not used variable 'last_hash' (git-fixes). - commit d403713 - ocfs2: fix a panic problem caused by o2cb_ctl (git-fixes). - commit b701b96 - ocfs2: don't clear bh uptodate for block read (git-fixes). - commit 30ca2be - ocfs2: clear journal dirty flag after shutdown journal (git-fixes). - commit ccfe523 - ocfs2: fix panic due to unrecovered local alloc (git-fixes). - commit 007a17f - ocfs2: fix potential use after free (git-fixes). - commit 49406d3 - ocfs2: fix deadlock caused by ocfs2_defrag_extent() (git-fixes). - commit f258e7d - ocfs2: fix clusters leak in ocfs2_defrag_extent() (git-fixes). - commit 01bc1d8 - ocfs2: don't put and assigning null to bh allocated outside (git-fixes). - commit 760bd24 - fs/ocfs2/dlm/dlmdebug.c: fix a sleep-in-atomic-context bug in dlm_print_one_mle() (git-fixes). - commit 01c2b72 - ocfs2: take inode cluster lock before moving reflinked inode from orphan dir (git-fixes). - commit 7e1768a - ocfs2/dlm: don't handle migrate lockres if already in shutdown (git-fixes). - commit 04cf6d0 - usrmerge: Adjust module path in the kernel sources (bsc#1212835). With the module path adjustment applied as source patch only ALP/Tumbleweed kernel built on SLE/Leap needs the path changed back to non-usrmerged. - commit dd9a820 - ipvlan:Fix out-of-bounds caused by unclear skb-&gt;cb (bsc#1212842 CVE-2023-3090). - commit bd94484 - btrfs: unset reloc control if transaction commit fails in prepare_to_relocate() (bsc#1212051 CVE-2023-3111). - commit 6726801 - scripts/CKC: it doesn't make sense to see the last $term List all the misssing ${term}s - commit deb970b - kernel-docs: Use python3 together with python3-Sphinx (bsc#1212741). - commit 95a40a6 - kprobes: Fix to handle forcibly unoptimized kprobes on freeing_list (git-fixes). - commit 35c8c33 - kprobes: Fix check for probe enabled in kill_kprobe() (git-fixes). - commit a744c64 - HID: intel_ish-hid: Add check for ishtp_dma_tx_map (git-fixes bsc#1212606 CVE-2023-3358). - commit 448bfe3 - igb: fix nvm.ops.read() error handling (git-fixes). - bnxt_en: Query default VLAN before VNIC setup on a VF (git-fixes). - igb: fix bit_shift to be in [1..8] range (git-fixes). - ixgbe: Enable setting RSS table to default values (git-fixes). - ixgbe: Allow flow hash to be set via ethtool (git-fixes). - bnxt_en: Fix typo in PCI id to device description string mapping (git-fixes). - igbvf: Regard vf reset nack as success (git-fixes). - intel/igbvf: free irq on the error path in igbvf_request_msix() (git-fixes). - igb: Enable SR-IOV after reinit (git-fixes). - bnxt_en: Fix mqprio and XDP ring checking logic (git-fixes). - ixgbe: fix pci device refcount leak (git-fixes). - igb: Initialize mailbox message for VF reset (git-fixes). - igb: Allocate MSI-X vector when testing (git-fixes). - bnxt_en: Remove debugfs when pci_register_driver failed (git-fixes). - bnxt_en: fix potentially incorrect return value for ndo_rx_flow_steer (git-fixes). - ixgbe: stop resetting SYSTIME in ixgbe_ptp_start_cyclecounter (git-fixes). - bnxt_en: fix NQ resource accounting during vf creation on 57500 chips (git-fixes). - igb: Add lock to avoid data race (git-fixes). - ixgbe: Add locking to prevent panic when setting sriov_numvfs to zero (git-fixes). - bnxt_en: reclaim max resources if sriov enable fails (git-fixes). - igb: Make DMA faster when CPU is active on the PCIe link (git-fixes). - ixgbe: fix unexpected VLAN Rx in promisc mode on VF (git-fixes). - ixgbe: fix bcast packets Rx on VF after promisc removal (git-fixes). - igb: skip phy status check where unavailable (git-fixes). - dim: initialize all struct fields (bsc#1174852). - ixgbe: ensure IPsec VF&lt;-&gt;PF compatibility (git-fixes). - igc: Fix BUG: scheduling while atomic (git-fixes). - igc: Fix infinite loop in release_swfw_sync (git-fixes). - ixgbe: don't reserve excessive XDP_PACKET_HEADROOM on XSK Rx to skb (git-fixes). - igc: igc_write_phy_reg_gpy: drop premature return (git-fixes). - igc: igc_read_phy_reg_gpy: drop premature return (git-fixes). - ixgbe: set X550 MDIO speed before talking to PHY (git-fixes). - igbvf: fix double free in `igbvf_probe` (git-fixes). - igb: fix netpoll exit with traffic (git-fixes). - commit 34bf378 - powerpc/iommu: Limit number of TCEs to 512 for H_STUFF_TCE hcall (bsc#1212701). - commit 207c27c - blacklist.conf: Add 3f5f766d5f7f powerpc64/bpf: Limit 'ldbrx' to processors compliant with ISA v2.06 - commit 1a3b374 - sched/core: Use smp_mb() in wake_woken_function() (git-fixes) - commit 5df8049 - sched/fair: Fix util_avg of new tasks for asymmetric systems (git-fixes) - commit 828ccf7 - net: ks8851: Dequeue RX packets explicitly (git-fixes). - commit fe5ef52 - net: dev: Use unsigned integer as an argument to left-shift (git-fixes). - commit 0bf77d3 - net: set static variable an initial value in atl2_probe() (git-fixes). - commit 08dc41f - net: thunderx: make CFG_DONE message to run through generic send-ack sequence (git-fixes). - commit dbc5a3f - net: marvell: mvneta: fix DMA debug warning (git-fixes). - commit c48f8b1 - l2tp: hold reference on tunnels printed in l2tp/tunnels debugfs file (git-fixes). - commit b182fac - l2tp: hold reference on tunnels printed in pppol2tp proc file (git-fixes). - commit 1f7ac1f - l2tp: hold reference on tunnels in netlink dumps (git-fixes). - commit 9be2a0f - ipv4: fix uninit-value in ip_route_output_key_hash_rcu() (git-fixes). - Refresh patches.suse/ipv4-Return-ENETUNREACH-if-we-can-t-create-route-but.patch. - commit ea68726 - netlabel: If PF_INET6, check sk_buff ip header version (git-fixes). - commit 058c41d - blacklist.conf: renaming device - commit 9dfee21 - blacklist.conf: cleanup; another dead reference - commit 735761f - blacklist.conf: kABI breakage; does not fix any bug - commit 1276dc0 - usb: core: hub: disable autosuspend for TI TUSB8041 (git-fixes). - commit 539dc8d - put quirk_disable_autosuspend into a hole (git-fixes). - commit d42a632 - USB: hub: Fix the broken detection of USB3 device in SMSC hub (git-fixes). - blacklist.conf: patch itself is useless, but needed as infrastructure - commit f4a7f78 - USB: serial: option: add Quectel EM05-G (CS) modem (git-fixes). - commit d8d554b - netfilter: x_tables: add and use xt_check_proc_name (git-fixes). - commit a579604 - blacklist.conf: update blacklist - commit 1b6a52d - s390/dasd: Use correct lock while counting channel queue length (LTC#202775 bsc#1212443). - commit c2ba548 - binfmt_elf: Take the mmap lock when walking the VMA list (bsc#1209039 CVE-2023-1249). - commit 6550df3 - relayfs: fix out-of-bounds access in relay_file_read (bsc#1212502 CVE-2023-3268). - kernel/relay.c: fix read_pos error when multiple readers (bsc#1212502 CVE-2023-3268). - commit f9dadc6 - bluetooth: Perform careful capability checks in hci_sock_ioctl() (bsc#1210533 CVE-2023-2002). - commit cb9bcb2 - media: dm1105: Fix use after free bug in dm1105_remove due to race condition (bsc#1212501 CVE-2023-35824). - commit a511fea - x86/kprobes: Fix arch_check_optimized_kprobe check within optimized_kprobe range (git-fixes). - commit 261c02b - e1000e: Disable TSO on i219-LM card to increase speed (git-fixes). - e1000e: Fix TX dispatch condition (git-fixes). - net/mlx4: Check retval of mlx4_bitmap_init (git-fixes). - net/mlx4_en: Fix wrong return value on ioctl EEPROM query failure (git-fixes). - e1000e: Fix possible overflow in LTR decoding (git-fixes). - e1000e: Correct NVM checksum verification flow (git-fixes). - net/mlx4_en: Fix an use-after-free bug in mlx4_en_try_alloc_resources() (git-fixes). - net/mlx4_en: Don't allow aRFS for encapsulated packets (git-fixes). - net/mlx4_en: Resolve bad operstate value (git-fixes). - mlx5: count all link events (git-fixes). - commit 084d4cc - x86/kprobes: Fix __recover_optprobed_insn check optimizing logic (git-fixes). - commit 9ede6f6 - kprobes: Fix to check probe enabled before disarm_kprobe_ftrace() (git-fixes). - commit 0f174b4 - blacklist.conf: Add not needed kprobes fixes - commit 9c2f070 - kprobes: Fix optimize_kprobe()/unoptimize_kprobe() cancellation logic (git-fixes). - commit 36f829b - coda: fix build using bare-metal toolchain (git-fixes). - commit 2df3146 - coda: add error handling for fget (git-fixes). - commit c092001 - uapi linux/coda_psdev.h: move upc_req definition from uapi to kernel side headers (git-fixes). - commit 074a075 - coda: pass the host file in vma-&gt;vm_file on mmap (git-fixes). - commit 728d4d8 - revert &quot;squashfs: harden sanity check in squashfs_read_xattr_id_table&quot; (git-fixes). - commit fc7c6f6 - hfs/hfsplus: avoid WARN_ON() for sanity check, use proper error handling (git-fixes). - commit e8ee0dd - affs: initialize fsdata in affs_truncate() (git-fixes). - commit f9e83d6 - fs/affs: release old buffer head on error path (git-fixes). - commit b0b572b - fs/ufs: avoid potential u32 multiplication overflow (git-fixes). - commit a84c265 - fs/adfs: super: fix use-after-free bug (git-fixes). - commit 02200da - Drop a buggy dvb-core fix patch (bsc#1205758) Also the kabi workaround is dropped, too - commit 34f0c8e - README.BRANCH: Add Miroslav Franc as a co-maintainer - commit e545474 - README.BRANCH: Update the maintainer list - commit 65a6ad8 - scripts/osc_wrapper: remove useless variable We went over the code with Michal Koutný &lt;mkoutny@suse.com&gt; and concluded that &quot;arch&quot; isn't used anywhere. - commit 0b62dc0 - kernel-docs: Add buildrequires on python3-base when using python3 The python3 binary is provided by python3-base. - commit c5df526 - blacklist.conf: removes exported symbol - commit 39cf0dc - blacklist.conf: add git-fix not needed - commit 50851fb - kprobes: Prohibit probes in gate area (git-fixes). - commit 4a73d55 - kprobes: don't call disarm_kprobe() for disabled kprobes (git-fixes). - commit 5cbfb40 - kprobes: Forbid probing on trampoline and BPF code areas (git-fixes). - commit 667fe1b - samples/kretprobes: Fix return value if register_kretprobe() failed (git-fixes). - commit 5b1b600 - kprobes: Do not use local variable when creating debugfs file (git-fixes). - commit 7286e91 - usb: xhci: add XHCI_SPURIOUS_SUCCESS to ASM1042 despite being a V0.96 controller. - commit b40a0f8 - USB: serial: qcserial: add new usb-id for Dell branded EM7455 (git-fixes). - commit ab28954 - kretprobe: Avoid re-registration of the same kretprobe earlier (git-fixes). - commit c2cc176 - USB: add RESET_RESUME quirk for NVIDIA Jetson devices in RCM (git-fixes). - commit 3561afe - blacklist.conf: relevant only for kernel development - commit 99f403c - blacklist.conf: relevant only for kernel development - commit 9c92369 - blacklist.conf: build fix irrelevant for us - commit b9a3ab1 - blacklist.conf: build fix irrelevant for us - commit 2f6b7fd - blacklist.conf: only for kernel development - commit cf47010 - blacklist.conf: relevant only for kernel development - commit 1370701 - blacklist.conf: relevant only for kernel development - commit f1f85a4 - blacklist.conf: unneeded build fix - commit c531cca - blacklist.conf: relevant only for kbuild irrelevant in the build system - commit 1faed4b - scripts/bugzilla: Add heuristics for version selection Product versions are not sorted chronologically (fun fact: in SLE12-SP5 lexicographical sort equaled chronological). The script workload doesn't care about exact version, so use heuristics of a '*Maint-Upd' maintenance update and fall back to 'unspecified' if available. The goal is to supply a version that allows opening a new bug. When the script needs to be used with finer version granularity, it must be modified. - commit 2b30313 - scripts/bugzilla: Hide version filter behind cmdline option - commit 258aa7f - scripts/bugzilla: Add graceful handling of versionless products - commit 4427add - Revert &quot;scripts/bugzilla-create: skip 'unspecified' version&quot; This reverts commit d7a9adc850b0581b1852117e194ee7307d25abc5. It turns out some products have only a single version 'unspecified' (e.g. &quot;SUSE Linux Enterprise Server 12 SP5&quot;) and BZ CLI cannot open bugs for them. In retrospect, the commit 9921a2ad677 (&quot;scripts/bugzilla: report only active versions&quot;) is true fix for impossibility to file bugs on 'unspecied' version (hypothesis by Miroslav Franc &lt;mfranc@suse.cz&gt;), so we don't need to filter it out. - commit ca91488 - kprobes: fix kill kprobe which has been marked as gone (git-fixes). - commit 77940f3 - kprobes: Fix NULL pointer dereference at kprobe_ftrace_handler (git-fixes). - commit f08285c - kprobes: Fix to protect kick_kprobe_optimizer() by kprobe_mutex (git-fixes). - commit 64b09f1 - kprobes: Set unoptimized flag after unoptimizing code (git-fixes). - commit e2d065d - kprobes: Prohibit probing on BUG() and WARN() address (git-fixes). - commit 0a4ad8b - kprobes: Fix error check when reusing optimized probes (git-fixes). - commit 11aecb3 - kprobes: Remove pointless BUG_ON() from reuse_unused_kprobe() (git-fixes). - Refresh patches.suse/kprobes-Return-error-if-we-fail-to-reuse-kprobe-inst.patch. - commit 1fb5f11 - kprobes: Don't call BUG_ON() if there is a kprobe in use on free list (git-fixes). - commit e0562e5 - kprobes: Use synchronize_rcu_tasks() for optprobe with CONFIG_PREEMPT=y (git-fixes). - commit 32c4978 - blacklist.conf: Add more powerpc unsupported platform paths - commit 80240fd - s390/dasd: fix no record found for raw_track_access (git-fixes bsc#1212266). - commit 9377e38 - blacklist.conf: just a cleanup, potential dead reference won't break anything - commit ae3248a - scsi: lpfc: Fix ioremap issues in lpfc_sli4_pci_mem_setup() (git-fixes). - scsi: megaraid: Fix mega_cmd_done() CMDID_INT_CMDS (git-fixes). - scsi: core: Improve scsi_vpd_inquiry() checks (git-fixes). - scsi: megaraid_sas: Fix crash after a double completion (git-fixes). - scsi: megaraid_sas: Fix fw_crash_buffer_show() (git-fixes). - scsi: scsi_dh_alua: Fix memleak for 'qdata' in alua_activate() (git-fixes). - scsi: core: Add BLIST_SKIP_VPD_PAGES for SKhynix H28U74301AMR (git-fixes). - scsi: mpt3sas: Fix NULL pointer access in mpt3sas_transport_port_add() (git-fixes). - scsi: core: Remove the /proc/scsi/${proc_name} directory earlier (git-fixes). - scsi: ipr: Work around fortify-string warning (git-fixes). - scsi: ses: Don't attach if enclosure has no components (git-fixes). - scsi: ses: Fix slab-out-of-bounds in ses_intf_remove() (git-fixes). - scsi: ses: Fix possible desc_ptr out-of-bounds accesses (git-fixes). - scsi: ses: Fix possible addl_desc_ptr out-of-bounds accesses (git-fixes). - scsi: ses: Fix slab-out-of-bounds in ses_enclosure_data_process() (git-fixes). - scsi: aic94xx: Add missing check for dma_map_single() (git-fixes). - scsi: mpt3sas: Fix a memory leak (git-fixes). - scsi: libsas: Remove useless dev_list delete in sas_ex_discover_end_dev() (git-fixes). - commit 9bcdcf3 - s390/kasan: avoid vdso instrumentation (git-fixes bsc#1212244). - commit e08fb9a - CDC-NCM: avoid overflow in sanity checking (git-fixes). - commit c5a973e - net: fec: fix rare tx timeout (git-fixes). - commit 8adec9a - net: macb: Clean 64b dma addresses if they are not detected (git-fixes). - commit 889275f - scsi: zfcp: assert that the ERP lock is held when tracing a recovery trigger (git-fixes bsc#1212240). - commit eb171ad - openvswitch: fix linking without CONFIG_NF_CONNTRACK_LABELS (git-fixes). - commit 444e066 - net: fix warning in af_unix (git-fixes). - commit a389e79 - blacklist.conf: blacklist MDIO_BCM_UNIMAC - commit 62fb3cf - s390/smsgiucv: disable SMSG on module unload (git-fixes bsc#1212236). - commit 1cef259 - net: usb: qmi_wwan: Set DTR quirk for BroadMobi BM818 (git-fixes). - commit e119b8c - net: cdc_ncm: Deal with too low values of dwNtbOutMaxSize (git-fixes). - commit cb1afd9 - xfrm: Refuse to insert 32 bit userspace socket policies on 64 bit systems (git-fixes). - commit 413544a - net: cdc_ncm: remove set but not used variable 'ctx' (git-fixes). - commit 0867b66 - blacklist.conf: update blacklist - commit 7a1167e - net/usb/drivers: Remove useless hrtimer_active check (git-fixes). - commit 5dc6e54 - fs: sysv: Fix sysv_nblocks() returns wrong value (git-fixes). - commit d94e079 - s390/ctcm: Fix return type of ctc{mp,}m_tx() (git-fixes bsc#1212185). - commit 4d63d84 - fbcon: Check font dimension limits (CVE-2023-3161 bsc#1212154). - commit 481687d - s390/netiucv: Fix return type of netiucv_tx() (git-fixes bsc#1212175). - commit 8055c39 - s390/lcs: Fix return type of lcs_start_xmit() (git-fixes bsc#1212173). - commit bb085e1 - Move setting %%build_html to config.sh - commit 647b21a - s390/kprobes: fix irq mask clobbering on kprobe reenter from post_handler (git-fixes bsc#1212170). - commit 21760dd - xfs: fix rm_offset flag handling in rmap keys (git-fixes). - commit 09f5a59 - Squashfs: fix handling and sanity checking of xattr_ids count (git-fixes). - commit 78ee867 - squashfs: harden sanity check in squashfs_read_xattr_id_table (git-fixes). - commit 006d643 - fs: hfsplus: fix UAF issue in hfsplus_put_super (git-fixes). - commit 4693a49 - hfs: fix missing hfs_bnode_get() in __hfs_bnode_create (git-fixes). - commit 6189e17 - hfsplus: fix bug causing custom uid and gid being unable to be assigned with mount (git-fixes). - commit 3226ad8 - s390/kprobes: fix current_kprobe never cleared after kprobes reenter (git-fixes bsc#1212167). - commit 94cf46f - hfs: Fix OOB Write in hfs_asc2mac (git-fixes). - commit 5986c8d - hfs: fix OOB Read in __hfs_brec_find (git-fixes). - commit f70b4c6 - hfs/hfsplus: use WARN_ON for sanity check (git-fixes). - commit 1caaab9 - hfs: add lock nesting notation to hfs_find_init (git-fixes). - commit 37dff28 - hfs: fix high memory mapping in hfs_bnode_read (git-fixes). - commit ae9031e - hfs: add missing clean-up in hfs_fill_super (git-fixes). - commit cc1fbe6 - hfsplus: fix crash and filesystem corruption when deleting files (git-fixes). - commit 3526c58 - fs/hfs/extent.c: fix array out of bounds read of array extent (git-fixes). - commit 5ff3c8a - hfs: update timestamp on truncate() (git-fixes). - commit f4e5f42 - hfsplus: update timestamps on truncate() (git-fixes). - commit 5f7a4bc - hfs: fix return value of hfs_get_block() (git-fixes). - commit aa4ce83 - hfsplus: fix return value of hfsplus_get_block() (git-fixes). - commit 1500cd0 - hfs: prevent btree data loss on ENOSPC (git-fixes). - commit b6da074 - hfsplus: prevent btree data loss on ENOSPC (git-fixes). - commit efe705c - hfs: fix BUG on bnode parent update (git-fixes). - commit e3129f2 - hfsplus: fix BUG on bnode parent update (git-fixes). - commit ecc193f - sysv: use BUILD_BUG_ON instead of runtime check (git-fixes). - commit 33448c7 - reiserfs: Add security prefix to xattr name in reiserfs_security_write() (git-fixes). - commit 381baa2 - reiserfs: Add missing calls to reiserfs_security_free() (git-fixes). - commit 894cdec - reiserfs: check directory items on read from disk (git-fixes). - commit c73d26d - reiserfs: add check for root_inode in reiserfs_fill_super (git-fixes). - commit 0112af8 - reiserfs: add check for invalid 1st journal block (git-fixes). - commit 9fe53c4 - reiserfs: only call unlock_new_inode() if I_NEW (git-fixes). - commit fdc0c7c - reiserfs: Fix memory leak in reiserfs_parse_options() (git-fixes). - commit eda67ce - reiserfs: prevent NULL pointer dereference in reiserfs_insert_item() (git-fixes). - commit 922f823 - reiserfs: propagate errors from fill_with_dentries() properly (git-fixes). - commit 529b15f - reiserfs: change j_timestamp type to time64_t (git-fixes). - commit 982e84f - memstick: r592: Fix UAF bug in r592_remove due to race condition (CVE-2023-3141 bsc#1212129 bsc#1211449). - commit 77b88e9 - firewire: fix potential uaf in outbound_phy_packet_callback() (CVE-2023-3159 bsc#1212128). - commit f62d406 - s390/dasd: fix hanging blockdevice after request requeue (git-fixes bsc#1212165). - commit 2203987 - s390/qdio: fix do_sqbs() inline assembly constraint (git-fixes bsc#1212164). - commit e732a7c - Fix missing top level chapter numbers on SLE12 SP5 (bsc#1212158). - commit 7ebcbd5 - Refresh patches.suse/0001-mm-mempolicy-make-mbind-return-EIO-when-MPOL_MF_STRI.patch. fix the second instance of incorrect MPOL_MF_STRICT check. - commit 47debde - PCI: Add PCI_EXP_DEVCTL_PAYLOAD_* macros (git-fixes). - commit dd4da3b - Refresh patches.suse/ipmi-fix-initialization-when-workqueue-allocation-fa.patch. Delete also the out: label. Upstream still has users for that label. Unlike we. Fixes: drivers/char/ipmi/ipmi_msghandler.c:5366:1: error: label ‘out’ defined but not used - commit 05b72bb - wcn36xx: Fix max channels retrieval (gcc-warning-fixes). Fixes: drivers/net/wireless/ath/wcn36xx/smd.c: In function ‘wcn36xx_smd_update_channel_list’: ./include/linux/kernel.h:785:12: error: large integer implicitly truncated to unsigned type - commit 6bbb096 - Refresh patches.suse/btrfs-remove-nr_async_submits-and-async_submit_draining.patch. Fix compiler warning: fs/btrfs/disk-io.c:815:6: error: unused variable ‘limit’ The upstream patch removes 'limit' too, so follow that up. - commit 45d33ba - Refresh patches.suse/0001-memcg-kmem-further-deprecate-kmem.limit_in_bytes.patch. Drop memcg_update_kmem_limit() as it is unused now and the compiler complains: mm/memcontrol.c:2972:12: error: ‘memcg_update_kmem_limit’ defined but not used This is done in the upstream patch too. - commit 660e644 - Move setting %%split_optional to config.sh - commit 8b0828d - Refresh patches.suse/0001-mm-mempolicy-make-mbind-return-EIO-when-MPOL_MF_STRI.patch. Fix the MPOL_MF_STRICT condition (noticed by Jiri Slaby) - commit b6b86f2 - Move setting %%supported_modules_check to config.sh - commit 494d3df - PCI: pciehp: Clear cmd_busy bit in polling mode (git-fixes). - PCI: aardvark: Clear all MSIs at setup (git-fixes). - PCI: pciehp: Fix infinite loop in IRQ handler upon power fault (git-fixes). - PCI/MSI: Fix pci_irq_vector()/pci_irq_get_affinity() (git-fixes). - PCI/MSI: Clear PCI_MSIX_FLAGS_MASKALL on error (git-fixes). - PCI/MSI: Mask MSI-X vectors only on success (git-fixes). - PCI/MSI: Destroy sysfs before freeing entries (git-fixes). - PCI: aardvark: Read all 16-bits from PCIE_MSI_PAYLOAD_REG (git-fixes). - PCI: aardvark: Fix return value of MSI domain .alloc() method (git-fixes). - PCI: aardvark: Do not unmask unused interrupts (git-fixes). - PCI: aardvark: Do not clear status bits of masked interrupts (git-fixes). - commit fd8f739 - rpm/kernel-docs.spec.in: pass PYTHON=python3 to fix build error (bsc#1160435) - commit 799f050 - PCI: aardvark: Replace custom macros by standard linux/pci_regs.h macros (git-fixes). - Refresh patches.suse/PCI-aardvark-Fix-PCIe-Max-Payload-Size-setting.patch. - blacklist.conf: remove it from there While it's a cleanup, it's a prerequisite for the following patches. - commit 4ef2916 - blacklist.conf: add some PCI git-fixes - commit dcca97f - rpm/kernel-binary.spec.in: Fix compatibility wth newer rpm - commit 334fb4d - net: hisilicon: Fix &quot;Trying to free already-free IRQ&quot; (git-fixes). - commit 997c2f2 - qed: Add cleanup in qed_slowpath_start() (git-fixes). - commit 912dd32 - net: myri10ge: fix memory leaks (git-fixes). - commit 47340d2 - cxgb4: fix a memory leak bug (git-fixes). - commit 3c000ae - net: cxgb3_main: Fix a resource leak in a error path in 'init_one()' (git-fixes). - commit e158810 - net/ethernet/qlogic/qed: force the string buffer NULL-terminated (git-fixes). - commit 4ba9e6b - qed: RDMA - Fix the hw_ver returned in device attributes (git-fixes). - commit 410eb8e - blacklist.conf: update blacklist - commit 2c3f74d - ixgbe: Check DDM existence in transceiver before access (git-fixes). - commit 510e134 - net: axienet: Fix race condition causing TX hang (git-fixes). - commit e7cf2ee - bnx2x: Check if transceiver implements DDM before access (git-fixes). - commit c586a4b - sched/rt: pick_next_rt_entity(): check list_entry (bsc#1208600 CVE-2023-1077) - commit 6b28935 - Also include kernel-docs build requirements for ALP - commit 114d088 - Move the kernel-binary conflicts out of the spec file. Thie list of conflicting packages varies per release. To reduce merge conflicts move the list out of the spec file. - commit 4d81125 - Avoid unsuported tar parameter on SLE12 - commit 2b8c97b - usb: xhci: rework grace period logic (git-fixes). - commit 0d7b2a3 - xhci: Add grace period after xHC start to prevent premature runtime suspend (git-fixes). - commit 7c3b440 - Move obsolete KMP list into a separate file. The list of obsoleted KMPs varies per release, move it out of the spec file. - commit 016bc55 - Trim obsolete KMP list. SLE11 is out of support, we do not need to handle upgrading from SLE11 SP1. - commit 08819bb - powerpc/64s/radix: Fix soft dirty tracking (bsc#1065729). - commit ad0e3ea - Generalize kernel-doc build requirements. - commit 23b058f - kernel-binary: Add back kernel-default-base guarded by option Add configsh option for splitting off kernel-default-base, and for not signing the kernel on non-efi - commit 8ad6a28 - gve: Remove the code of clearing PBA bit (bsc#1211519). - gve: Secure enough bytes in the first TX desc for all TCP pkts (bsc#1211519). - gve: Cache link_speed value from device (bsc#1211519). - gve: Handle alternate miss completions (bsc#1211519). - gve: Adding a new AdminQ command to verify driver (bsc#1211519). - gve: Fix error return code in gve_prefill_rx_pages() (bsc#1211519). - gve: Reduce alloc and copy costs in the GQ rx path (bsc#1211519). - gve: Fix GFP flags when allocing pages (bsc#1211519). - google/gve:fix repeated words in comments (bsc#1211519). - gve: Fix spelling mistake &quot;droping&quot; -&gt; &quot;dropping&quot; (bsc#1211519). - gve: enhance no queue page list detection (bsc#1211519). - commit cda49a1 - usb: idmouse: fix an uninit-value in idmouse_open (git-fixes). - commit e7f1d31 - net: stmmac: don't log oversized frames (git-fixes). - commit 02a1ae5 - net: stmmac: fix dropping of multi-descriptor RX frames (git-fixes). - commit 0c5e8a5 - bonding: show full hw address in sysfs for slave entries (git-fixes). - commit 4640084 - net: ibm: fix possible object reference leak (git-fixes). - commit 2cab0bb - net: hns: Fix wrong read accesses via Clause 45 MDIO protocol (git-fixes). - commit 1cfa1c0 - net: altera_tse: fix msgdma_tx_completion on non-zero fill_level case (git-fixes). - commit 82bd47b - sfc: suppress duplicate nvmem partition types in efx_ef10_mtd_probe (git-fixes). - commit 17c6719 - net: altera_tse: fix connect_local_phy error path (git-fixes). - commit da2fa27 - blacklist.conf: add FSL_UCC_HDLC - commit cbbd4dd - net/mlx4_core: Fix return codes of unsupported operations (git-fixes). - commit b2c5ba8 - vrf: mark skb for multicast or link-local as enslaved to VRF (git-fixes). - commit 9630bdb - net: dsa: bcm_sf2: Turn on PHY to allow successful registration (git-fixes). - commit 00680d2 - net: netxen: fix a missing check and an uninitialized use (git-fixes). - commit 76249f8 - net: hisilicon: remove unexpected free_netdev (git-fixes). - commit fc72200 - net: amd: add missing of_node_put() (git-fixes). - commit 72cfaff - blacklist.conf: add faraday network driver - commit 8453351 - net: faraday: fix return type of ndo_start_xmit function (git-fixes). - commit 079382e - net: smsc: fix return type of ndo_start_xmit function (git-fixes). - commit 56bd9aa - net: micrel: fix return type of ndo_start_xmit function (git-fixes). - commit 96160a1 - net: sun: fix return type of ndo_start_xmit function (git-fixes). - commit 59f94b5 - net: broadcom: fix return type of ndo_start_xmit function (git-fixes). - commit 77fb78e - net: xilinx: fix return type of ndo_start_xmit function (git-fixes). - commit 80ef560 - net: toshiba: fix return type of ndo_start_xmit function (git-fixes). - commit dbdb0d6 - net: hns3: fix return type of ndo_start_xmit function (git-fixes). - commit 5ba4bbc - net: qla3xxx: Remove overflowing shift statement (git-fixes). - commit 7055766 - blacklist.conf: update blacklist - commit 804cac4 - blacklist.conf: Add 4ef0c5c6b5ba kernel/sched: Fix sched_fork() access an invalid sched_task_group - commit 5d65c2b - cifs: prevent infinite recursion in CIFSGetDFSRefer() (bsc#1190317). - commit 8982556 - netfilter: ebtables: convert BUG_ONs to WARN_ONs (git-fixes). - commit 5f3d85f - netfilter: ipt_CLUSTERIP: put config instead of freeing it (git-fixes). - commit 87f8afc - netfilter: ipt_CLUSTERIP: put config struct if we can't increment ct refcount (git-fixes). - commit e675512 - net/tcp/illinois: replace broken algorithm reference link (git-fixes). - commit 1264c76 - sit: fix IFLA_MTU ignored on NEWLINK (git-fixes). - commit 05e5b1a - ip6_tunnel: fix IFLA_MTU ignored on NEWLINK (git-fixes). - commit 678863c - RDS: IB: Fix null pointer issue (git-fixes). - commit 85f4095 - l2tp: remove l2specific_len dependency in l2tp_core (git-fixes). - Refresh patches.suse/l2tp-fix-reading-optional-fields-of-L2TPv3.patch. - commit 80db1e0 - l2tp: remove configurable payload offset (git-fixes). - Refresh patches.suse/l2tp-reject-creation-of-non-PPP-sessions-on-L2TPv2-t.patch. - commit e4e115d - rds; Reset rs-&gt;rs_bound_addr in rds_add_bound() failure path (git-fixes). - commit 2b478a1 - net: xfrm: allow clearing socket xfrm policies (git-fixes). - commit cb50bb2 - sctp: avoid flushing unsent queue when doing asoc reset (git-fixes). - commit 271642c - blacklist: add nvme fabrics git-fixes The whole nvme fabrics part is missing fundamental changes which will not be backported. Don't bother to port git-fixes for this part. - commit f524f37 - blacklist.conf: update blacklist - commit ec49bac - blacklist.conf: add net/caif - commit 7907ff7 - nvme-pci: fix a NULL pointer dereference in nvme_alloc_admin_tags (git-fixes). - nvme-pci: avoid the deepest sleep state on Kingston A2000 SSDs (git-fixes). - nvme: free sq/cq dbbuf pointers when dbbuf set fails (git-fixes). - nvme: refine the Qemu Identify CNS quirk (git-fixes). - nvme: Fix u32 overflow in the number of namespace list calculation (git-fixes). - nvme: remove the ifdef around nvme_nvm_ioctl (git-fixes). - nvme-pci: unquiesce admin queue on shutdown (git-fixes). - nvme-pci: use the same attributes when freeing host_mem_desc_bufs (git-fixes). - commit f8a43a3 - Drivers: hv: vmbus: Optimize vmbus_on_event (bsc#1211622). - scsi: storvsc: Parameterize number hardware queues (bsc#1211622). - commit f58838c - scsi: qla2xxx: Replace all non-returning strlcpy() with strscpy() (bsc#1211960). - scsi: qla2xxx: Update version to 10.02.08.300-k (bsc#1211960). - scsi: qla2xxx: Wait for io return on terminate rport (bsc#1211960). - scsi: qla2xxx: Fix mem access after free (bsc#1211960). - scsi: qla2xxx: Fix hang in task management (bsc#1211960). - scsi: qla2xxx: Fix task management cmd fail due to unavailable resource (bsc#1211960). - scsi: qla2xxx: Fix task management cmd failure (bsc#1211960). - scsi: qla2xxx: Multi-que support for TMF (bsc#1211960). - scsi: qla2xxx: Replace all non-returning strlcpy() with strscpy() (bsc#1211960). - scsi: qla2xxx: Update version to 10.02.08.300-k (bsc#1211960). - scsi: qla2xxx: Wait for io return on terminate rport (bsc#1211960). - scsi: qla2xxx: Fix mem access after free (bsc#1211960). - scsi: qla2xxx: Fix hang in task management (bsc#1211960). - scsi: qla2xxx: Fix task management cmd fail due to unavailable resource (bsc#1211960). - scsi: qla2xxx: Fix task management cmd failure (bsc#1211960). - scsi: qla2xxx: Multi-que support for TMF (bsc#1211960). - scsi: qla2xxx: Declare SCSI host template const (bsc#1211960). - scsi: qla2xxx: Refer directly to the qla2xxx_driver_template (bsc#1211960). - scsi: qla2xxx: Remove default fabric ops callouts (bsc#1211960). - scsi: qla2xxx: Drop redundant pci_enable_pcie_error_reporting() (bsc#1211960). - commit 875f923 - kcm: Check if sk_user_data already set in kcm_attach (git-fixes). - Refresh patches.suse/kcm-lock-lower-socket-in-kcm_attach.patch. - commit 796ddfc - ip6_tunnel: allow ip6gre dev mtu to be set below 1280 (git-fixes). - Refresh patches.suse/ip6_tunnel-remove-magic-mtu-value-0xFFF8.patch. - commit 9359f96 - xfrm: Fix stack-out-of-bounds with misconfigured transport mode policies (git-fixes). - commit a397dd8 - sctp: fix the issue that a __u16 variable may overflow in sctp_ulpq_renege (git-fixes). - Refresh patches.suse/sctp-implement-memory-accounting-on-rx-path.patch. - commit dfdadd9 - fix kcm_clone() (git-fixes). - Refresh patches.suse/kcm-Fix-use-after-free-caused-by-clonned-sockets.patch. - commit ff3266d - blacklist.conf: update blacklist - commit 6559dbc - usrmerge: Compatibility with earlier rpm (boo#1211796) - commit 2191d32 - Fix usrmerge error (boo#1211796) - commit da84579 - s390/uaccess: add missing earlyclobber annotations to __clear_user() (LTC#202116 bsc#1209857 git-fixes). - commit 466ebf1 - media: radio-shark: Add endpoint checks (git-fixes). - commit 645a65c - USB: sisusbvga: Add endpoint checks (git-fixes). - commit 0086804 - USB: core: Add routines for endpoint checks in old drivers (git-fixes). - commit 9b3a4b6 - mac80211: drop multicast fragments (git-fixes). - Refresh patches.kabi/cfg80211-kabi-workaround.patch. - Refresh patches.suse/mac80211-add-fragment-cache-to-sta_info.patch. - commit dcf3ad7 - mac80211: choose first enabled channel for monitor (git-fixes). - commit 9005ef1 - mac80211: pause TX while changing interface type (git-fixes). - commit 2e9a9ca - IB/mlx5: Fix initializing CQ fragments buffer (git-fixes) - commit ab52722 - RDMA/core: Don't access cm_id after its destruction (git-fixes) - commit 3e6a35e - mac80211: fix fast-rx encryption check (git-fixes). - commit 6dc3740 - blacklist.conf: breaks kABI in a pretty unfixable way - commit f0b7d32 - RDMa/mthca: Work around -Wenum-conversion warning (git-fixes) - commit 4ec5513 - RDMA/bnxt_re: Restrict the max_gids to 256 (git-fixes) - commit 45f80d9 - RDMA/hns: Bugfix for querying qkey (git-fixes) - commit 916464c - RDMA/mlx5: Block delay drop to unprivileged users (git-fixes) - commit b67e136 - IB/rdmavt: Add __init/__exit annotations to module init/exit funcs (git-fixes) - commit aef401f - RDMA/usnic: fix set-but-not-unused variable 'flags' warning (git-fixes) - commit 410f136 - RDMA/mlx4: Prevent shift wrapping in set_user_sq_size() (git-fixes) - commit 08b691c - IB/hfi1: Assign npages earlier (git-fixes) - commit 94a7a3d - RDMA/srp: Move large values to a new enum for gcc13 (git-fixes) - commit 21e4838 - RDMA/hfi1: Prevent panic when SDMA is disabled (git-fixes) - commit 69d046f - RDMA/cma: Fix rdma_resolve_route() memory leak (git-fixes) - commit ebc12ea - RDMA/cxgb4: Fix missing error code in create_qp() (git-fixes) - commit 16a901d - RDMA/rxe: Fix error type of mmap_offset (git-fixes) - commit 78c6be8 - RDMA/iw_cgxb4: Fix an error handling path in 'c4iw_connect()' (git-fixes) - commit a8ed0c1 - RDMA/i40iw: Fix potential use after free (git-fixes) - commit 078387e - IB/iser: bound protection_sg size by data_sg size (git-fixes) - commit c6057ed - IB/mlx4: Fix memory leaks (git-fixes) - commit 93dc3d9 - ipoib: correcly show a VF hardware address (git-fixes) - commit b86fe95 - IB/mlx4: Increase the timeout for CM cache (git-fixes) - commit bd695fb - IB/usnic: Fix potential deadlock (git-fixes) - commit 7517110 - RDMA/srp: Propagate ib_post_send() failures to the SCSI mid-layer (git-fixes) - commit ce8a13e - mlx4: Use snprintf instead of complicated strcpy (git-fixes) - commit 8357ea9 - rxe: IB_WR_REG_MR does not capture MR's iova field (git-fixes) - commit 737703b - RDMA/cma: Do not change route.addr.src_addr.ss_family (git-fixes) - commit 0f21ca2 - Update References patches.suse/x86-speculation-restore-speculation-related-msrs-during-s3-resume.patch (bsc#1198400 bsc#1209779 CVE-2023-1637). - commit 8e47860 - smb3: fix problem remounting a share after shutdown (bsc#1190317). - commit faae71e - seccomp: Set PF_SUPERPRIV when checking capability (git-fixes bsc#1211816). - commit f8e3006 - dm ioctl: fix nested locking in table_clear() to remove deadlock concern (bsc#1210806, CVE-2023-2269). - commit e962c83 - tcp: Fix data races around icsk-&gt;icsk_af_ops (bsc#1204405 CVE-2022-3566). - commit 75b4182 - blacklist.conf: Add 9fc9e278a5c0 panic: Introduce warn_limit - commit 43ad239 - blacklist.conf: Add 659c0ce1cb9e kernel/sys.c: fix and improve control flow in __sys_setres[ug]id() - commit 28b437a - Remove usrmerge compatibility symlink in buildroot (boo#1211796) Besides Makefile depmod.sh needs to be patched to prefix /lib/modules. Requires corresponding patch to kmod. - commit b8e00c5 - ceph: force updating the msg pointer in non-split case (bsc#1211801). - commit ebc5c5b - cifs_atomic_open(): fix double-put on late allocation failure (bsc#1190317). - commit 9b4a498 - CIFS: Spelling s/EACCESS/EACCES/ (bsc#1190317). - Refresh patches.suse/cifs-remove-various-function-description-warnings.patch. - commit 154e2e3 - smb3: fix temporary data corruption in collapse range (bsc#1190317). - commit 48c460b - smb3: fix temporary data corruption in insert range (bsc#1190317). - commit 6225020 - blacklist.conf: Append 'Revert &quot;fbcon: don't lose the console font across generic-&gt;chip driver switch&quot;' - commit 0b0664b - fbcon: Check font dimension limits (bsc#1154048) Changes: * rename drivers/video/fbdev/core to drivers/video/console - commit 2e6300a - fbdev: uvesafb: Fixes an error handling path in uvesafb_probe() (bsc#1154048) - commit 7a7fe7f - backlight: lm3630a: Fix return code of .update_status() callback (bsc#1129770) - commit 65a9461 - blacklist.conf: Append 'fbdev: udlfb: Fix endpoint check' - commit c71f23c - blacklist.conf: Append 'fbdev: arcfb: Fix error handling in arcfb_probe()' - commit 3b8befa - blacklist.conf: Append 'fbdev: au1200fb: Fix potential divide by zero' - commit 99bcf68 - blacklist.conf: Append 'fbdev: lxfb: Fix potential divide by zero' - commit 29ac883 - blacklist.conf: Append 'fbdev: intelfb: Fix potential divide by zero' - commit c54aef0 - blacklist.conf: Append 'fbdev: nvidia: Fix potential divide by zero' - commit 0180fb8 - blacklist.conf: Append 'fbdev: stifb: Provide valid pixelclock and add fb_check_var() checks' - commit 7424f1a - blacklist.conf: Append 'fbdev: tgafb: Fix potential divide by zero' - commit 3dfd2f8 - blacklist.conf: Append 'fbdev: omapfb: cleanup inconsistent indentation' - commit e6f26fa - blacklist.conf: Append 'fbdev: vermilion: decrease reference count in error path' - commit bfe058e - blacklist.conf: Append 'fbdev: via: Fix error in via_core_init()' - commit 47cb95a - blacklist.conf: Append 'fbdev: pm2fb: fix missing pci_disable_device()' - commit 5d257c9 - blacklist.conf: Append 'fbdev: ssd1307fb: Drop optional dependency' - commit 6cbf42c - blacklist.conf: Append 'fbdev: cyber2000fb: fix missing pci_disable_device()' - commit 06f0770 - blacklist.conf: Append 'fbdev: smscufx: Fix several use-after-free bugs' - commit 62a32ff - blacklist.conf: Append 'parisc: fbdev/stifb: Align graphics memory size to 4MB' - commit 22da2c5 - blacklist.conf: Append 'fbdev: smscufx: Fix use-after-free in ufx_ops_open()' - commit 02b683d - blacklist.conf: Append 'fbdev: chipsfb: Add missing pci_disable_device() in chipsfb_pci_init()' - commit 489652a - blacklist.conf: Append 'video: fbdev: i740fb: Check the argument of i740_calc_vclk()' - commit c7b03dd - blacklist.conf: Append 'video: fbdev: pxa3xx-gcu: Fix integer overflow in pxa3xx_gcu_write' - commit ccb235b - blacklist.conf: Append 'video: fbdev: pxa3xx-gcu: release the resources correctly in pxa3xx_gcu_probe/remove()' - commit 9dffdbd - blacklist.conf: Append 'video: fbdev: sm712fb: Fix crash in smtcfb_write()' - commit d1847f5 - blacklist.conf: Append 'video: fbdev: omapfb: panel-tpo-td043mtea1: Use sysfs_emit() instead of snprintf()' - commit ac6af46 - blacklist.conf: Append 'video: fbdev: omapfb: panel-dsi-cm: Use sysfs_emit() instead of snprintf()' - commit 5a2e2fe - blacklist.conf: Append 'video: fbdev: omapfb: acx565akm: replace snprintf with sysfs_emit' - commit 9966c33 - blacklist.conf: Append 'video: fbdev: cirrusfb: check pixclock to avoid divide by zero' - commit 9b4a739 - blacklist.conf: Append 'video: fbdev: w100fb: Reset global state' - commit 8c331fe - blacklist.conf: Append 'video: fbdev: nvidiafb: Use strscpy() to prevent buffer overflow' - commit e521feb - blacklist.conf: Append 'video: fbdev: riva: Error out if 'pixclock' equals zero' - commit cd1778b - blacklist.conf: Append 'video: fbdev: kyro: Error out if 'pixclock' equals zero' - commit e680120 - blacklist.conf: Append 'video: fbdev: asiliantfb: Error out if 'pixclock' equals zero' - commit 4eef362 - blacklist.conf: Append 'video: fbdev: kyro: fix a DoS bug by restricting user input' - commit 4dfa6f9 - cifs: fix confusing debug message (bsc#1190317). - commit 5e1a930 - cifs: Fix uninitialized memory read for smb311 posix symlink create (bsc#1190317). - Refresh patches.suse/cifs-Fix-uninitialized-memory-reads-for-oparms-mode.patch. - commit 853e32c - cifs: fix DFS traversal oops without CONFIG_CIFS_DFS_UPCALL (bsc#1190317). - commit 4ae057c - cifs: sanitize paths in cifs_update_super_prepath (bsc#1190317). - commit 17664dd - cifs: fix pcchunk length type in smb2_copychunk_range (bsc#1190317). - commit 2a739a8 - HID: asus: use spinlock to safely schedule workers (bsc#1208604 CVE-2023-1079). - commit 95bf045 - HID: asus: use spinlock to protect concurrent accesses (bsc#1208604 CVE-2023-1079). - commit d755874 - blacklist.conf: changes behavior in user space - commit 8e76d7a - blacklist.conf: breaks existing user space - commit 8a0f9f8 - git_sort: tests: add repositories with autorefresh Without autorefresh containers are not rebuildable when cached - commit 1dc067a - KVM: x86: emulator: update the emulation mode after CR0 write (git-fixes). - commit 45c60e8 - KVM: x86: emulator: introduce emulator_recalc_and_set_mode (git-fixes). - commit cd1c312 - KVM: x86: emulator: em_sysexit should update ctxt-&gt;mode (git-fixes). - commit e33b7a7 - KVM: x86: fix incorrect comparison in trace event (git-fixes). - commit e7c7c64 - x86/kvm: Don't call kvm_spurious_fault() from .fixup (git-fixes). - commit 2994486 - x86: kvm: avoid constant-conversion warning (git-fixes). - commit 785e3c9 - KVM: x86: avoid misreporting level-triggered irqs as edge-triggered in tracing (git-fixes). - commit 3a2f7bf - ring-buffer: Sync IRQ works before buffer destruction (git-fixes). - commit 7f66fa1 - ring-buffer: Ensure proper resetting of atomic variables in ring_buffer_reset_online_cpus (git-fixes). - commit 05b01b4 - f2fs: Fix f2fs_truncate_partial_nodes ftrace event (git-fixes). - commit c9aec28 - KVM: nSVM: clear events pending from svm_complete_interrupts() when exiting to L1 (git-fixes). - commit dea3e13 - KVM: x86: svm: report MSR_IA32_MCG_EXT_CTL as unsupported (git-fixes). - commit e8ac19f - x86/kvm/vmx: fix old-style function declaration (git-fixes). - commit 60914fa - KVM: x86: fix empty-body warnings (git-fixes). - commit 1ff0909 - kvm: mmu: Don't read PDPTEs when paging is not enabled (git-fixes). - commit 0c9e6c3 - KVM: x86: Update the exit_qualification access bits while walking an address (git-fixes). - commit fb42639 - kernel-source: Remove unused macro variant_symbols - commit 915ac72 - ipv6: sr: fix out-of-bounds read when setting HMAC data (bsc#1211592). - commit b97c30d - Move upstreamed media fixes into sorted section - commit 488e428 - media: dvb_net: kABI workaround (CVE-2022-45886 bsc#1205760). - media: dvb_frontend: kABI workaround (CVE-2022-45885 bsc#1205758). - commit df5f28a - media: ttusb-dec: fix memory leak in ttusb_dec_exit_dvb() (CVE-2022-45887 bsc#1205762). - media: dvb-core: Fix use-after-free due to race condition at dvb_ca_en50221 (CVE-2022-45919 bsc#1205803). - media: dvb-core: Fix use-after-free due to race at dvb_register_device() (CVE-2022-45884 bsc#1205756). - media: dvb-core: Fix use-after-free due on race condition at dvb_net (CVE-2022-45886 bsc#1205760). - media: dvb-core: Fix kernel WARNING for blocking operation in wait_event*() (CVE-2023-31084 bsc#1210783). - media: dvb-core: Fix use-after-free on race condition at dvb_frontend (CVE-2022-45885 bsc#1205758). - media: dvbdev: fix error logic at dvb_register_device() (CVE-2022-45884 bsc#1205756). - media: dvbdev: Fix memleak in dvb_register_device (CVE-2022-45884 bsc#1205756). - media: media/dvb: Use kmemdup rather than duplicating its implementation (CVE-2022-45884 bsc#1205756). - commit f7cc9c8 - net: sched: sch_qfq: prevent slab-out-of-bounds in qfq_activate_agg (bsc#1210940 CVE-2023-31436). - commit a507e94 - i2c: xgene-slimpro: Fix out-of-bounds bug in xgene_slimpro_i2c_xfer() (bsc#1210715 CVE-2023-2194). - commit 3e58c3b - net/iucv: Fix size of interrupt data (bsc#1211466). - commit f3fc622 - blacklist.conf: update blacklist - commit 6d6d566 - net: emac: fix fixed-link setup for the RTL8363SB switch (git-fixes). - commit 9681063 - stmmac: fix valid numbers of unicast filter entries (git-fixes). - commit ef24a07 - net: qca_spi: Fix log level if probe fails (git-fixes). - commit 3f5bdc7 - net: davinci_emac: match the mdio device against its compatible if possible (git-fixes). - commit bd607b2 - net: dsa: qca8k: Add support for QCA8334 switch (git-fixes). - commit 7151502 - net: ethernet: ti: cpsw-phy-sel: check bus_find_device() ret value (git-fixes). - commit faf163d - blacklist.conf: update blacklist - commit ee5c63d - blacklist.conf: update blacklist - commit cb25c3b - net: dsa: b53: Add BCM5389 support (git-fixes). - commit 97f949b - net: mvneta: fix enable of all initialized RXQs (git-fixes). - commit c3670b0 - net: dsa: mt7530: fix module autoloading for OF platform drivers (git-fixes). - commit 5aa0e3c - sunvnet: does not support GSO for sctp (git-fixes). - commit 2c2cd3a - net: qcom/emac: Use proper free methods during TX (git-fixes). - commit 9e71f84 - net: Extra '_get' in declaration of arch_get_platform_mac_address (git-fixes). - commit a07f7ac - net: arc_emac: fix arc_emac_rx() error paths (git-fixes). - commit 055ed24 - net: mediatek: setup proper state for disabled GMAC on the default (git-fixes). - commit d4884c0 - blacklist.conf: update blacklist - commit 3d40ef3 - bugzilla-create: take bugzilla email from BUGZILLA_ACCOUNT_EMAIL env var Some people have emails in bugzilla that are completely different than emails they use in git and providing one with -e option is tedious. Make bugzilla-create more flexible by providing the third options that sits between command line option and git-config automation. - commit 3ebbd64 - sctp: fix erroneous inc of snmp SctpFragUsrMsgs (git-fixes). - commit 1e6b878 - net: propagate dev_get_valid_name return code (git-fixes). - commit 6c7e15c - blacklist.conf: update blacklist - commit 0b29eb6 - scripts: Update bugzilla-create self-docs For new REST API. - commit 375eae1 - bugzilla-create: always end email with @suse.com - commit 795cb91 - s390/kasan: fix early pgm check handler execution (git-fixes bsc#1211360). - s390: ctcm: fix ctcm_new_device error return code (git-fixes bsc#1211361). - s390/pci: fix sleeping in atomic during hotplug (git-fixes bsc#1211364). - s390/sysinfo: add missing #ifdef CONFIG_PROC_FS (git-fixes bsc#1211366). - s390/extmem: fix gcc 8 stringop-overflow warning (git-fixes bsc#1211363). - s390/scm_blk: correct numa_node in scm_blk_dev_setup (git-fixes bsc#1211365). - s390/dasd: correct numa_node in dasd_alloc_queue (git-fixes bsc#1211362). - commit eaf6fde - netrom: Fix use-after-free caused by accept on already connected socket (bsc#1211186 CVE-2023-32269). - commit 5091773 - net: tls: fix possible race condition between do_tls_getsockopt_conf() and do_tls_setsockopt_conf() (bsc#1209366 CVE-2023-28466). - commit 6a60b30 - ACPI: processor: Fix evaluating _PDC method when running as Xen dom0 (git-fixes). - commit dc522b8 - xen/netback: use same error messages for same errors (git-fixes). - commit 4db5f86 - xen/netback: don't do grant copy across page boundary (git-fixes). - commit 1db009c - Refresh patches.suse/arm64-Discard-.note.GNU-stack-section.patch. Add note about required followups for the upstream version. - commit 22f581b - powerpc/rtas: use memmove for potentially overlapping buffer copy (bsc#1065729). - powerpc: Don't try to copy PPR for task with NULL pt_regs (bsc#1065729). - powerpc: Squash lines for simple wrapper functions (bsc#1065729). - commit 5b5254d - blacklist.conf: workqueue: Cosmetic change. Not worth backporting (bsc#1211275) - commit 75d9c4f - ipv6: Reinject IPv6 packets if IPsec policy matches after SNAT (git-fixes). - commit 45358c3 - sctp: make use of pre-calculated len (git-fixes). - commit 917a7de - ipv6: icmp6: Allow icmp messages to be looped back (git-fixes). - commit b8c6b46 - ipv4: ipv4_default_advmss() should use route mtu (git-fixes). - commit b90f190 - net: ipv6: send NS for DAD when link operationally up (git-fixes). - commit 068ddeb - blacklist.conf: update blacklist - commit a62f4ec - workqueue: Print backtraces from CPUs with hung CPU bound workqueues (bsc#1211044). - commit 9009e7b - workqueue: Warn when a rescuer could not be created (bsc#1211044). - commit 729d6a5 - blacklist.conf: udapte blacklist - commit 6f9c349 - blacklist.conf: update blacklist - commit b77ff03 - workqueue: Interrupted create_worker() is not a repeated event (bsc#1211044). - commit 19f4343 - workqueue: Warn when a new worker could not be created (bsc#1211044). - commit 6849328 - workqueue: Fix hung time report of worker pools (bsc#1211044). - commit 6603859 - blacklist.conf: dependencies cannot be met - commit 719ca49 - wcn36xx: ensure pairing of init_scan/finish_scan and start_scan/end_scan (git-fixes). - commit 087dd65 - wcn36xx: Ensure finish scan is not requested before start scan (git-fixes). - commit caae985 - blacklist.conf: add one pci git-fixes - commit 855c141 - wcn36xx: Specify ieee80211_rx_status.nss (git-fixes). - commit 012d160 - wcn36xx: Fix warning due to bad rate_idx (git-fixes). - commit a518de1 - wcn36xx: Disable bmps when encryption is disabled (git-fixes). - commit ebc2371 - wcn36xx: Fix software-driven scan (git-fix). - Refresh patches.suse/wcn36xx-Channel-list-update-before-hardware-scan.patch. - Refresh patches.suse/wcn36xx-Move-hal_buf-allocation-to-devm_kmalloc-in-p.patch. - commit 15a8b93 - wcn36xx: Use sequence number allocated by mac80211 (git-fixes). - commit bb661ed - wcn36xx: Fix TX data path (git-fixes). - commit b77eb82 - wcn36xx: Increase number of TX retries (git-fixes). - commit 97a8d22 - wcn36xx: Fix multiple AMPDU sessions support (git-fixes). - commit 63b0807 - wcn36xx: Add ieee80211 rx status rate information (git-fixes). - commit 4b6a254 - wcn36xx: fix spelling mistake &quot;to&quot; -&gt; &quot;too&quot; (git-fixes). - commit 7e6ee67 - wcn36xx: disable HW_CONNECTION_MONITOR (git-fixes). - commit 4d8f867 - wcn36xx: fix typo (git-fixes). - commit b5b95ed - wcn36xx: remove unecessary return (git-fixes). - commit 0eb75a5 - wcn36xx: use dma_zalloc_coherent instead of allocator/memset (git-fixes). - commit bbbad4b - wcn36xx: Use kmemdup instead of duplicating it in wcn36xx_smd_process_ptt_msg_rsp (git-fixes). - commit aa805c7 - wcn36xx: Channel list update before hardware scan (git-fixes). - commit fcf8c32 - wcn36xx: Add ability for wcn36xx_smd_dump_cmd_req to pass two's complement (git-fixes). - commit 39c25cd - mwl8k: Fix a double Free in mwl8k_probe_hw (git-fixes). - commit 9de04e1 - adm8211: fix error return code in adm8211_probe() (git-fixes). - commit 8910841 - Documentation: Document sysfs interfaces purr, spurr, idle_purr, idle_spurr (PED-3947 bsc#1210544 ltc#202303). - powerpc/sysfs: Show idle_purr and idle_spurr for every CPU (PED-3947 bsc#1210544 ltc#202303). - powerpc/pseries: Account for SPURR ticks on idle CPUs (PED-3947 bsc#1210544 ltc#202303). - powerpc/idle: Store PURR snapshot in a per-cpu global variable (PED-3947 bsc#1210544 ltc#202303). - powerpc: Move idle_loop_prolog()/epilog() functions to header file (PED-3947 bsc#1210544 ltc#202303). - cpuidle/powernv: avoid double irq enable coming out of idle (PED-3947 bsc#1210544 ltc#202303). - cpuidle: powerpc: no memory barrier after break from idle (PED-3947 bsc#1210544 ltc#202303). - cpuidle: powerpc: read mostly for common globals (PED-3947 bsc#1210544 ltc#202303). - Refresh patches.suse/cpuidle-powernv-Fix-promotion-from-snooze-if-next-st.patch - cpuidle: powerpc: cpuidle set polling before enabling irqs (PED-3947 bsc#1210544 ltc#202303). - Refresh patches.suse/cpuidle-powernv-Fix-promotion-from-snooze-if-next-st.patch - commit 964f26b - rpm/constraints.in: Increase disk size constraint for riscv64 to 52GB - commit 1c1a4cd - usb: early: xhci-dbc: Fix a potential out-of-bound memory access (git-fixes). - commit ad8060e - fotg210-udc: Add missing completion handler (git-fixes). - commit 3c809e3 - blacklist.conf: kABI - commit dcd54c2 - usb: dwc3: Fix race between dwc3_set_mode and __dwc3_set_mode (git-fixes). - commit 9ea489a - platform/x86: dell-smbios-wmi: Add missing kfree in error-exit from run_smbios_call (git-fixes). - commit bc58d39 - platform/x86: dell-smbios-wmi: Fix oops on rmmod dell_smbios (git-fixes). - commit 96326a4 - platform/x86: alienware-wmi: fix kfree on potentially uninitialized pointer (git-fixes). - commit 52b26a2 - platform/x86: alienware-wmi: fix format string overflow warning (git-fixes). - commit 9e6baf6 - platform/x86: alienware-wmi: constify attribute_group structures (git-fixes). - commit 804cedf - platform/x86: alienware-wmi: Adjust instance of wmi_evaluate_method calls to 0 (git-fixes). - commit 17d45d2 - platform/x86: dell-laptop: fix rfkill functionality. - commit 04ebc44 - wifi: brcmfmac: slab-out-of-bounds read in brcmf_get_assoc_ies() (bsc#1209287 CVE-2023-1380). - commit 07a41fa - Remove obsolete rpm spec constructs defattr does not need to be specified anymore buildroot does not need to be specified anymore - commit c963185 - kernel-spec-macros: Fix up obsolete_rebuilds_subpackage to generate obsoletes correctly (boo#1172073 bsc#1191731). rpm only supports full length release, no provides - commit c9b5bc4 - ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h (bsc#1206878). - commit 40e694d - ext4: fix use-after-free in ext4_xattr_set_entry (bsc#1206878 bsc#1211105 CVE-2023-2513). - commit a52726d - git_sort: tests: Fix run_all.sh logic - commit e9649f1 - kernel-binary: install expoline.o (boo#1210791 bsc#1211089) - commit d6c8c20 - net: qcom/emac: Fix use after free bug in emac_remove due to race condition (bsc#1211037 CVE-2023-2483). - commit 6c7d167 - usb: chipidea: fix missing goto in `ci_hdrc_probe` (git-fixes). - commit 8371d59 - USB: dwc3: fix runtime pm imbalance on unbind (git-fixes). - commit 3c78b91 - USB: dwc3: fix runtime pm imbalance on probe errors (git-fixes). - commit 07dd465 - cifs: return ENOENT for DFS lookup_cache_entry() (bsc#1190317). - Refresh patches.suse/cifs-handle-cache-lookup-errors-different-than-ENOENT.patch. - Refresh patches.suse/cifs-split-out-ses-and-tcon-retrieval-from-mount_get_conns-.patch. - commit f050536 - PCI: aardvark: Fix PCIe Max Payload Size setting (git-fixes). - PCI: Mark Atheros QCA6174 to avoid bus reset (git-fixes). - PCI: xilinx-nwl: Enable the clock through CCF (git-fixes). - PCI: aardvark: Fix masking and unmasking legacy INTx interrupts (git-fixes). - PCI: aardvark: Configure PCIe resources from 'ranges' DT property (git-fixes). - PCI: aardvark: Increase polling delay to 1.5s while waiting for PIO response (git-fixes). - PCI: aardvark: Fix checking for PIO status (git-fixes). - PCI: Add ACS quirks for Cavium multi-function devices (git-fixes). - PCI: Return ~0 data on pciconfig_read() CAP_SYS_ADMIN failure (git-fixes). - PCI: Restrict ASMedia ASM1062 SATA Max Payload Size Supported (git-fixes). - PCI: Call Max Payload Size-related fixup quirks early (git-fixes). - commit 4ba05a4 - ipmi: fix SSIF not responding under certain cond (git-fixes). - commit fd75dd9 - blacklist.conf: add one char git-fixes - commit e967264 - wifi: ath5k: fix an off by one check in ath5k_eeprom_read_freq_list() (git-fixes). - commit e7e4a01 - xfs: verify buffer contents when we skip log replay (bsc#1210498 CVE-2023-2124). - commit d228bcf - kcm: Only allow TCP sockets to be attached to a KCM mux (git-fixes). - Refresh patches.suse/kcm-lock-lower-socket-in-kcm_attach.patch. - commit 1c38f1b - xhci: hide include of iommu.h (git-fixes). - commit d4a90d2 - xhci: also avoid the XHCI_ZERO_64B_REGS quirk with a passthrough iommu (git-fixes). - commit 25aa1f6 - struct ci_hdrc: hide new member at end (git-fixes). - commit 10801c8 - usb: chipidea: core: fix possible concurrent when switch role (git-fixes). - commit b7e0f07 - x86/irq: Ensure PI wakeup handler is unregistered before module unload (git-fixes). - commit 1ba0504 - x86/fpu: Prevent FPU state corruption (git-fixes). - commit 7902778 - x86/mce/inject: Avoid out-of-bounds write when setting flags (git-fixes). - commit 7747d1d - x86/tools/relocs: Fix non-POSIX regexp (git-fixes). - commit bf7956d - crypto: x86/ghash - fix unaligned access in ghash_setkey() (git-fixes). - commit b2c2637 - x86/boot: Avoid using Intel mnemonics in AT&amp;T syntax asm (git-fixes). - commit 01320b7 - x86/virt: Mark flags and memory as clobbered by VMXOFF (git-fixes). - commit 128b31b - x86/virt: Eat faults on VMXOFF in reboot flows (git-fixes). - commit d5a2713 - x86/tools: Fix objdump version check again (git-fixes). - commit 2fac6b7 - x86/kprobes: Restore BTF if the single-stepping is cancelled (git-fixes). - commit 675ef6d - x86/kprobes: Fix to check non boostable prefixes correctly (git-fixes). - commit 7707216 - blacklist.conf: Add a patch for kconfig option we don't have - commit 133510f - x86/bugs: Enable STIBP for IBPB mitigated RETBleed (git-fixes). - commit 08350f2 - blacklist.conf: add nvme git-fixes - commit 763e434 - nvme-pci: don't WARN_ON in nvme_reset_work if ctrl.state is not RESETTING (git-fixes). - commit 289f082 - x86/bugs: Add Cannon lake to RETBleed affected CPU list (git-fixes). - commit 765cf23 - keys: Fix linking a duplicate key to a keyring's assoc_array (bsc#1207088). - commit fd3a7e5 - keys: Hoist locking out of __key_link_begin() (bsc#1207088). - commit 9d4b000 - keys: Change keyring_serialise_link_sem to a mutex (bsc#1207088). - commit d0f80a2 - scsi: qla2xxx: Fix memory leak in qla2x00_probe_one() (git-fixes). - scsi: qla2xxx: Perform lockless command completion in abort path (git-fixes). - commit 9283be1 - kabi/severities: ignore KABI for NVMe, except nvme-fc (bsc#1174777) Exported symbols under drivers/nvme/host/ are only used by the nvme subsystem itself, except for the nvme-fc symbols. - commit c973bd8 - blacklist.conf: add nvme git-fixes The nvme fabric part is not really supported in sle12 and touching this code with proper a lot of testing has a high change of regressions. The nvme core bits are also very dangerous to update without introducing regression because sle12 is still using mixed single queue and multiqueue block layers infrastructures. All this fixes are addressing issues reported against multiqueue only setups - commit 039b5e1 - blacklist.conf: irrelevant in all our configs - commit 21e8e20 - blacklist.conf: irrelevant in all our configs - commit 5d97024 - blacklist.conf: irrelevant in all our configs - commit ed95b61 - blacklist.conf: cleanup - commit 2328a0e - blacklist.conf: kABI - commit 5ede269 - blacklist.conf: irrelevant with the compiler options of SLE12 - commit 09fdb2d - blacklist.conf: architecture not supported in SLE12 - commit 0f802d0 - blacklist.conf: alters behavior in a way that could cause regression - commit 9198a95 - blacklist.conf: cosmetic - commit 8c47024 - audit: improve audit queue handling when &quot;audit=1&quot; on cmdline (bsc#1209969). - commit 05326be - MyBS: exclude openSUSE:Factory i586 It's present, but not built. People are supposed to add: OBS_PROJECT_LEGACYX86=openSUSE:Factory:LegacyX86 to rpm/config.sh now. - commit 9c22fe0 - xirc2ps_cs: Fix use after free bug in xirc2ps_detach (bsc#1209871 CVE-2023-1670). - commit cab17d2 - nvme-pci: fix doorbell buffer value endianness (git-fixes). - nvme: retain split access workaround for capability reads (git-fixes). - commit 664dfaa - cgroup/cpuset: Wake up cpuset_attach_wq tasks in cpuset_cancel_attach() (bsc#1210827). - commit c9ac567 - xfrm: policy: use hlist rcu variants on insert (git-fixes). - commit 8f58d09 - blacklist.conf: update blacklist - commit 94895b2 - powerpc/papr_scm: Update the NUMA distance table for the target node (bsc#1209999 ltc#202140 bsc#1142685 ltc#179509 FATE#327775 git-fixes). - powerpc/pseries: Consolidate different NUMA distance update code paths (bsc#1209999 ltc#202140 bsc#1142685 ltc#179509 FATE#327775 git-fixes). - powerpc/pseries: Rename TYPE1_AFFINITY to FORM1_AFFINITY (bsc#1209999 ltc#202140 bsc#1142685 ltc#179509 FATE#327775 git-fixes). - powerpc/pseries: rename min_common_depth to primary_domain_index (bsc#1209999 ltc#202140 bsc#1142685 ltc#179509 FATE#327775 git-fixes). - powerpc/numa: Consider the max NUMA node for migratable LPAR (bsc#1209999 ltc#202140 bsc#1190544 ltc#194520 bsc#1142685 ltc#179509 FATE#327775 git-fixes). - powerpc/numa: Detect support for coregroup (bsc#1209999 ltc#202140 bsc#1142685 ltc#179509 FATE#327775 git-fixes). - powerpc/numa: Restrict possible nodes based on platform (bsc#1209999 ltc#202140 bsc#1142685 ltc#179509 FATE#327775 git-fixes). - powerpc/numa: Limit possible nodes to within num_possible_nodes (bsc#1209999 ltc#202140 bsc#1142685 ltc#179509 FATE#327775 git-fixes). - commit 2690e67 - cred: allow get_cred() and put_cred() to be given NULL (bsc#1209887). - commit b20510e - scsi: iscsi_tcp: Fix UAF during login when accessing the shost ipaddress (bsc#1210647 CVE-2023-2162). - commit eba27cd - drivers: net: lmc: fix case value for target abort error (git-fixes). - commit 9328eea - net: axienet: Fix double deregister of mdio (git-fixes). - commit ceccbaf - net: prevent ISA drivers from building on PPC32 (git-fixes). - commit 1665091 - blacklist.conf: update blacklist - commit c7d12aa - RDMA/core: Refactor rdma_bind_addr (bsc#1210629 CVE-2023-2176) - commit 39d6889 - RDMA/cma: Ensure rdma_addr_cancel() happens before issuing more requests (bsc#1210629 CVE-2023-2176) - commit e746751 - RDMA/cma: Do not change route.addr.src_addr outside state checks (bsc#1210629 CVE-2023-2176) - commit 8101e86 - RDMA/cma: Make the locking for automatic state transition more clear (bsc#1210629 CVE-2023-2176) - commit b3ddeab - blacklist.conf: add !CONFIG_SYSFS entry - commit ea663e2 - l2tp: reject creation of non-PPP sessions on L2TPv2 tunnels (git-fixes). - commit a6de55d - l2tp: clean up stale tunnel or session in pppol2tp_connect's error path (git-fixes). - commit ac0c4ce - l2tp: fix pseudo-wire type for sessions created by pppol2tp_connect() (git-fixes). - commit 3cea0f6 - netfilter: nft_set_rbtree: fix parameter of __nft_rbtree_lookup() (git-fixes). - commit d139e7b - netfilter: x_tables: Add note about how to free percpu counters (git-fixes). - commit 370ae8e - net: core: dst: Add kernel-doc for 'net' parameter (git-fixes). - commit f4bb4ad - net: core: dst_cache_set_ip6: Rename 'addr' parameter to 'saddr' for consistency (git-fixes). - commit d4c9c59 - x86/boot/compressed: Disable relocation relaxation (git-fixes). - Refresh patches.suse/x86-Use-return-thunk-in-asm-code.patch. - kretprobe: Prevent triggering kretprobe from within kprobe_flush_task (git-fixes). - x86/speculation/mds: Mark mds_user_clear_cpu_buffers() __always_inline (git-fixes). - x86_64: Fix jiffies ODR violation (git-fixes). - x86/mm: Stop printing BRK addresses (git-fixes). - bpf, x86: Fix encoding for lower 8-bit registers in BPF_STX BPF_B (git-fixes). - x86: Don't let pgprot_modify() change the page encryption bit (git-fixes). - x86/pkeys: Add check for pkey &quot;overflow&quot; (git-fixes). - commit e67532f - watchdog: pcwd_usb: Fix attempting to access uninitialized memory (git-fixes). - commit d040be6 - powercap: fix possible name leak in powercap_register_zone() (git-fixes). - commit 31ce59d - usb: storage: Add check for kcalloc (git-fixes). - commit 610895c - usb: typec: Check for ops-&gt;exit instead of ops-&gt;enter in altmode_exit (git-fixes). - commit b4c0f7a - blacklist.conf: add some x86 git-fixes - commit decff2c - blacklist.conf: cleanup - commit b4c83c2 - usb: dwc3: gadget: Don't set IMI for no_interrupt (git-fixes). - commit 7500ab7 - ath10k: Fix missing frame timestamp for beacon/probe-resp (git-fixes). - commit b6a1dea - x86/speculation: Allow enabling STIBP with legacy IBRS (bsc#1210506 CVE-2023-1998). - commit 82dbdfe - cifs: fix negotiate context parsing (bsc#1210301). - commit e970e4b - blacklist.conf: not needed; added also the commit introducing the regression on the blacklist to stay on the safe side - commit 39430c3 - blacklist.conf: not worth the risk - commit 581559c - blacklist.conf: printk: cosmetic problem; wrong value shown in log - commit 68309f1 - printk: Give error on attempt to set log buffer length to over 2G (bsc#1210534). - commit 416f599 - tuntap: fix dividing by zero in ebpf queue selection (git-fixes). - commit c7fc31c - net: phy: realtek: Use the dummy stubs for MMD register access for rtl8211b (git-fixes). - commit 8197f03 - blacklist.conf: update blacklist - commit 1eb047f - iwlwifi: Fix -EIO error code that is never returned (git-fixes). - commit e2a6440 - iwlwifi: pcie: gen2: fix locking when &quot;HW not ready&quot; (git-fixes). - commit a192018 - iwlwifi: pcie: fix locking when &quot;HW not ready&quot; (git-fixes). - commit 34a2104 - blacklist.conf: upstream error - commit 82a830a - iwlwifi: pcie: reschedule in long-running memory reads (git-fixes). - commit e6380b0 - blacklist.conf: cleanup for specific compiler - commit 0396363 - iwlwifi: fw: make pos static in iwl_sar_get_ewrd_table() loop (git-fixes). - commit c845c94 - blacklist.conf: feature and optimization, not a fix - commit 9a8bf0b - blacklist.conf: kABI - commit 7b6dc5b - ath10k: fix memory overwrite of the WoWLAN wakeup packet pattern (git-fixes). - commit a5c8a19 - ath10k: fix division by zero in send path (git-fixes). - commit 995d86c - ath10k: fix control-message timeout (git-fixes). - commit 49a6469 - ath10k: add missing error return code in ath10k_pci_probe() (git-fixes). - commit 40313d2 - ath10k: Fix error handling in case of CE pipe init failure (git-fixes). - commit 29f18be - struct wmi_svc_avail_ev_arg: new member to end (git-fixes). - commit ace4238 - ath10k: Fix the parsing error in service available event (git-fixes). - commit 83c5772 - power: supply: da9150: Fix use after free bug in da9150_charger_remove due to race condition (CVE-2023-30772 bsc#1210329). - commit a67542a - k-m-s: Drop Linux 2.6 support - commit 22b2304 - Remove obsolete KMP obsoletes (bsc#1210469). - commit 7f325c6 - git_sort: tests: Use correct SLE15 base container - commit 698573d - wq: handle VM suspension in stall detection (bsc#1210466). - commit b6661b9 - git_sort: tests: Move docker files into one directory Also accept build parameters like -q or --no-cache in run_all.sh - commit 5b075af - blacklist.conf: workqueue: Non-trivial reasoning why the change is correct. Fixing a corner case. - commit 5637e05 - workqueue: Fix missing kfree(rescuer) in destroy_workqueue() (bsc#1210460). - commit 3c2ae43 - workqueue: Fix spurious sanity check failures in destroy_workqueue() (bsc#1210460). - blacklist.conf: Remove the commit from the blacklist. - commit dcf3af1 - x86/vmware: Add a header file for hypercall definitions (bsc#1210327). - commit 35b980d - x86/vmware: Update platform detection code for VMCALL/VMMCALL hypercalls (bsc#1210327). - commit 99ca820 - cachefiles: Drop superfluous readpages aops NULL check (bsc#1210430). - cachefiles: Handle readpage error correctly (bsc#1210430). - cachefiles: Fix race between read_waiter and read_copier involving op-&gt;to_do (bsc#1210430). - fscache, cachefiles: remove redundant variable 'cache' (bsc#1210430). - cachefiles: Fix page leak in cachefiles_read_backing_file while vmscan is active (bsc#1210430). - commit 08d094b - blacklist.conf: cachefiles fix not applicable to 12SP5 - commit 76c59ea - hwmon: (xgene) Fix use after free bug in xgene_hwmon_remove due to race condition (CVE-2023-1855 bsc#1210202). - commit 8e7b0ea - Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work (CVE-2023-1989 bsc#1210336). - commit 636a7de - nfc: st-nci: Fix use after free bug in ndlc_remove due to race condition (git-fixes bsc#1210337 CVE-2023-1990). - commit 6ec02e1 - intel_pmc_ipc: restore ability to call functions with irq enabled (git-fixes). - commit 8b76237 - Refresh patches.suse/platform-x86-intel_pmc_ipc-Use-spin_lock-to-protect-.patch. Added additional commit ID - commit 32b5de9 - platform/x86: intel_pmc_ipc: Use spin_lock to protect GCR updates (git-fixes). - commit 6fd8245 - platform/x86: intel_pmc_ipc: Use devm_* calls in driver probe function (git-fixes). - commit 66a8daf - blacklist.conf: irrelevant in our configs - commit 77369a1 - s390/percpu: add READ_ONCE() to arch_this_cpu_to_op_simple() (git-fixes). - commit 1101ba6 - net: usb: qmi_wwan: add Telit 0x1080 composition (git-fixes). - commit cc9a7d7 - Refresh patches.suse/net-usb-cdc_mbim-avoid-altsetting-toggling-for-Telit.patch. Added additional ID - commit ec0740e - blacklist.conf: Add 6a2cbc58d6c9 seq_buf: Make trace_seq_putmem_hex() support data longer than 8 - commit 3b72881 - usb: dwc3: core: fix kernel panic when do reboot (git-fixes). - commit e2fbf46 - usb/ohci-platform: Fix a warning when hibernating (git-fixes). - commit f004188 - blacklist.conf: not a fix - commit 579db14 - blacklist.conf: hardware this is relevant for not supported in SLE12 - commit 9c1574c - usb: host: ohci-pxa27x: Fix and &amp; vs | typo (git-fixes). - commit 8a04e90 - blacklist.conf: update blacklist - commit 960fe5e - sctp: return error if the asoc has been peeled off in sctp_wait_for_sndbuf (git-fixes). - Refresh patches.suse/sctp-implement-memory-accounting-on-tx-path.patch. - commit ec9bf28 - sctp: use the right sk after waking up from wait_buf sleep (git-fixes). - Refresh patches.suse/sctp-implement-memory-accounting-on-tx-path.patch. - commit 09b20fd - sctp: do not free asoc when it is already dead in sctp_sendmsg (git-fixes). - Refresh patches.suse/sctp-implement-memory-accounting-on-tx-path.patch. - commit 064e118 - net/ncsi: Don't return error on normal response (git-fixes). - commit 0448b7b - blacklist.conf: update blacklist - commit dd82a70 - scripts/tar-up.sh: Exclude directories and files left over from conflict resolution when copyting rpm/ Directories are not used by obs, there is no point copying them. Files resulting from conflict resolution needlessly add noise, they should not be included in the package. - commit 079558f - run_oldconfig.sh: Set VANILLA_ONLY with vanilla source variant. VANILLA_ONLY is no longer set in config.sh, instead variant is set ot vanilla. Make run_oldconfig.sh reflect that. - commit 0b52d46 - blacklist.conf: add an intrusive ftrace refinement - commit 1b629dd - ftrace: Mark get_lock_parent_ip() __always_inline (git-fixes). - commit f82808a - ring-buffer: Fix race while reader and writer are on the same page (git-fixes). - commit 68f2c8a - Update patches.suse/NFSD-Protect-against-send-buffer-overflow-in-NFSv2-R.patch (bsc#1205128 CVE-2022-43945 bsc#1210124). - Update patches.suse/NFSD-Protect-against-send-buffer-overflow-in-NFSv3-R.patch (bsc#1205128 CVE-2022-43945 bsc#1210124). - Update patches.suse/NFSD-Protect-against-send-buffer-overflow-in-NFSv3-Rdir.patch (bsc#1205128 CVE-2022-43945 bsc#1210124). Fix a performance bug introduced by the backports bsc#1210124 - commit 98fde8e - btrfs: fix race between quota disable and quota assign ioctls (CVE-2023-1611 bsc#1209687). - commit 5262625 - Define kernel-vanilla as source variant The vanilla_only macro is overloaded. It is used for determining if there should be two kernel sources built as well as for the purpose of determmioning if vanilla kernel should be used for kernel-obs-build. While the former can be determined at build time the latter needs to be baked into the spec file template. Separate the two while also making the latter more generic. $build_dtbs is enabled on every single rt and azure branch since 15.3 when the setting was introduced, gate on the new $obs_build_variant setting as well. - commit 36ba909 - timekeeping: Prevent 32bit truncation in (git-fixes) - commit b5eceb5 - ntp: Limit TAI-UTC offset (git-fixes) - commit cb87f16 - x86/decoder: Add TEST opcode to Group3-2 (git-fixes). - x86/sysfb: Fix check for bad VRAM size (git-fixes). - x86/mm: Use the correct function type for native_set_fixmap() (git-fixes). - x86/ioapic: Prevent inconsistent state when moving an interrupt (git-fixes). - x86/mce: Lower throttling MCE messages' priority to warning (git-fixes). - x86/apic: Soft disable APIC before initializing it (git-fixes). - x86/reboot: Always use NMI fallback when shutdown via reboot vector IPI fails (git-fixes). - uprobes/x86: Fix detection of 32-bit user mode (git-fixes). - x86/apic: Fix arch_dynirq_lower_bound() bug for DT enabled machines (git-fixes). - x86/apic: Handle missing global clockevent gracefully (git-fixes bsc#1142926). - x86/lib/cpu: Address missing prototypes warning (git-fixes). - x86, boot: Remove multiple copy of static function sanitize_boot_params() (git-fixes). - commit 439b087 - blacklist.conf: add some x86 git-fixes - commit 048281c - netlink: limit recursion depth in policy validation (CVE-2020-36691 bsc#1209613). - commit 519d73a Package openssl-1_0_0 was updated: - Security fix: [bsc#1216922, CVE-2023-5678] * Fix excessive time spent in DH check / generation with large Q parameter value. * Applications that use the functions DH_generate_key() to generate an X9.42 DH key may experience long delays. Likewise, applications that use DH_check_pub_key(), DH_check_pub_key_ex () or EVP_PKEY_public_check() to check an X9.42 DH key or X9.42 DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a Denial of Service. * Add openssl-CVE-2023-5678.patch - Security fix: (bsc#1213853, CVE-2023-3817) * Fix excessive time spent checking DH q parameter value (bsc#1213853, CVE-2023-3817). The function DH_check() performs various checks on DH parameters. After fixing CVE-2023-3446 it was discovered that a large q parameter value can also trigger an overly long computation during some of these checks. A correct q value, if present, cannot be larger than the modulus p parameter, thus it is unnecessary to perform these checks if q is larger than p. If DH_check() is called with such q parameter value, DH_CHECK_INVALID_Q_VALUE return flag is set and the computationally intensive checks are skipped. * Add openssl-1_0-CVE-2023-3817.patch - Security fix: [bsc#1213487, CVE-2023-3446] * Fix DH_check() excessive time with over sized modulus. * The function DH_check() performs various checks on DH parameters. One of those checks confirms that the modulus (&quot;p&quot; parameter) is not too large. Trying to use a very large modulus is slow and OpenSSL will not normally use a modulus which is over 10,000 bits in length. However the DH_check() function checks numerous aspects of the key or parameters that have been supplied. Some of those checks use the supplied modulus value even if it has already been found to be too large. A new limit has been added to DH_check of 32,768 bits. Supplying a key/parameters with a modulus over this size will simply cause DH_check() to fail. * Add openssl-CVE-2023-3446.patch - Security Fix: [bsc#1207534, CVE-2022-4304] * Reworked the Fix for the Timing Oracle in RSA Decryption The previous fix for this timing side channel turned out to cause a severe 2-3x performance regression in the typical use case compared to 1.1.1s. * Reworked openssl-CVE-2022-4304.patch * Refreshed openssl-CVE-2023-0286.patch - Security Fix: [CVE-2023-2650, bsc#1211430] * Possible DoS translating ASN.1 object identifiers * Add openssl-CVE-2023-2650.patch - Security Fix: [CVE-2023-0465, bsc#1209878] * Invalid certificate policies in leaf certificates are silently ignored * Add openssl-CVE-2023-0465.patch - Security Fix: [CVE-2023-0466, bsc#1209873] * Certificate policy check not enabled * Add openssl-CVE-2023-0466.patch Package libzypp was updated: - Touch /run/reboot-needed if a patch suggesting a reboot was installed (bsc#1217948) It is expected that /run is cleaned at boot time, so the presence of the file is one way to indicate that the system needs a reboot. The recommended way for scripts to test whether a system reboot is suggested will be calling `zypper needs-rebooting`. - version 16.22.11 (0) - Ignore if the media to unmount is no longer mounted (bsc#1216064) - Close all media after having preloaded the cache. Mitigates the change that during package installation e.g. a nfs.service restart forcefully unmounts the media we access (bsc#1216064) - version 16.22.10 (0) - repo: Don't download unneeded sqlite metadata (fixes #476) - version 16.22.9 (0) - curl: Trim user agent and custom header strings (bsc#1212187) HTTP/2 RFC 9113 forbids fields ending with a space. Violation results in curl error: 92: HTTP/2 PROTOCOL_ERROR. - version 16.22.8 (0) - zypp.conf: Introduce 'download.connect_timeout' [60 sec.] (bsc#1208329) Maximum time in seconds that you allow the connection phase to the server to take. This only limits the connection phase, it has no impact once it has connected. (see also CURLOPT_CONNECTTIMEOUT) - version 16.22.7 (0) - Removing a PTF without enabled repos should always fail (bsc#1203248) Without enabled repos, the dependent PTF-packages would be removed (not replaced!) as well. To remove a PTF &quot;zypper install - - -PTF&quot; or a dedicated &quot;zypper removeptf PTF&quot; should be used. This will update the installed PTF packages to their latest version. - version 16.22.6 (0) Package wicked was updated: - ifconfig: fix arp notify loop (boo#1212806) and burst sending [+ 0001-fix_arp_notify_loop_and_burst_sending.patch] - update to version 0.6.73 - spec: cleanup artefacts and fix some rpmlint warnings - arp: allow verify/notify counter and interval configuration - arp: handle ENOBUFS sending errors (bsc#1203300) - extensions: improve environment variable handling - firmware: refactor firmware extension definition - firmware: enable, disable and revert cli commands - code cleanup: fix memory leaks, add array/list utils - wireless: Ignore WIRELESS_EAP_AUTH within TLS (bsc#1211026) - cleanup /var/run leftovers in extension scripts (bsc#1194557) - json: output formatting improvements and Unicode support - bond: workaround 6.1 kernel enslave regression (boo#1206674) - update to version 0.6.72 - client: add `wicked firmware extensions|interfaces|enable|disable` command to improve `ibft`,`nbft`,`redfish` firmware extension and interface handling. - client: improve error handling in netif firmware discovery extension execution and extension definition overrides in the wicked-config. - nanny: fix use-after-free in debug mode (bsc#1206447) - spec: replace transitional `%usrmerged` macro with regular version check (boo#1206798) - client: improve to show `no-carrier` in ifstatus output - linux: cleanup inclusions and update uapi header to 6.0 - ethtool: link mode nwords cleanup and new advertise mode names - update to version 0.6.71 - dhcp: enable raw-ip support for wwan-qmi interfaces (jsc#PED-90) - schema: fix the ip rule to-selector to handle network prefixes - spec: Add /etc/sysconfig/network to file list, no longer in the default list of a cleaned up filesystem package on tumbleweed (https://github.com/openSUSE/wicked/pull/939). Package openslp was updated: - add separate source openslp.logrotate.systemd to use systemctl reload for logrotate configuration [bnc#1206153] new file: openslp.logrotate.systemd Package shadow was updated: - bsc#1214806 (CVE-2023-4641): Fix potential password leak - Add shadow-CVE-2023-4641.patch - bsc#1210507 (CVE-2023-29383): Check for control characters - Add shadow-CVE-2023-29383.patch Package vim was updated: - Updated to version 9.0 with patch level 2103, fixes the following security problems * Fixing bsc#1215940 (CVE-2023-5344) - VUL-0: CVE-2023-5344: vim: Heap-based Buffer Overflow in vim prior to 9.0.1969. * Fixing bsc#1216001 (CVE-2023-5441) - VUL-0: CVE-2023-5441: vim: segfault in exmode when redrawing * Fixing bsc#1216167 (CVE-2023-5535) - VUL-0: CVE-2023-5535: vim: use-after-free from buf_contents_changed() * Fixing bsc#1216696 (CVE-2023-46246) - VUL-0: CVE-2023-46246: vim: Integer Overflow in :history command - for the complete list of changes see https://github.com/vim/vim/compare/v9.0.1894...v9.0.2103 - Updated to version 9.0 with patch level 1894, fixes the following security problems * Fixing bsc#1214922 (CVE-2023-4738) - VUL-0: CVE-2023-4738: vim: heap-buffer-overflow in vim_regsub_both * Fixing bsc#1214924 (CVE-2023-4735) - VUL-0: CVE-2023-4735: vim: OOB Write ops.c * Fixing bsc#1214925 (CVE-2023-4734) - VUL-0: CVE-2023-4734: vim: segmentation fault in function f_fullcommand * Fixing bsc#1215004 (CVE-2023-4733) - VUL-0: CVE-2023-4733: vim: use-after-free in function buflist_altfpos * Fixing bsc#1215006 (CVE-2023-4752) - VUL-0: CVE-2023-4752: vim: Heap Use After Free in function ins_compl_get_exp * Fixing bsc#1215033 (CVE-2023-4781) - VUL-0: CVE-2023-4781: vim: heap-buffer-overflow in function vim_regsub_both - drop patches: disable-unreliable-tests.patch ignore-flaky-test-failure.patch vim-8.1.0297-dump3.patch - droped %check - most of tests didn't work correctly in OBS and maitenace burden of this was getting too big - for the complete list of changes see https://github.com/vim/vim/compare/v9.0.1632...v9.0.1894 - Fixing bsc#1210738 - L3: gvim rendering corruption with all 9.x versions * Add: vim-8.2.3607-revert-gtk3-code-removal.patch * This reverts commit 9459b8d461d6f8345bfa3fb9b3b4297a7950b0bc - Fixing bsc#1211461 - L3: vim &quot;eats&quot; first character from prompt in xterm * Add: reorder-exit-raw-mode.patch * Swaps out_str_t_TE() and cursor_on() during exit to prevent missing characters in xterm prompt on exit. - Use app icon generated from vimlogo.eps in source tarball; add higher res icons of sizes 128, 256, and 512px as png sources. Our current icons deviate from upstream flatpaks for example. - Updated to version 9.0 with patch level 1632 - for the complete list of changes see https://github.com/vim/vim/compare/v9.0.1572...v9.0.1632 - Updated to version 9.0 with patch level 1572, fixes the following security problems * Fixing bsc#1210996 (CVE-2023-2426) - VUL-0: CVE-2023-2426: vim: Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 9.0.1499. * Fixing bsc#1211256 (CVE-2023-2609) - VUL-1: CVE-2023-2609: vim: NULL Pointer Dereference prior to 9.0.1531 * Fixing bsc#1211257 (CVE-2023-2610) - VUL-1: CVE-2023-2610: vim: Integer Overflow or Wraparound prior to 9.0.1532 * Fixing bsc#1209042 (CVE-2023-1264) - VUL-0: CVE-2023-1264: vim: NULL Pointer Dereference vim prior to 9.0.1392 * Fixing bsc#1209187 (CVE-2023-1355) - VUL-0: CVE-2023-1355: vim: NULL Pointer Dereference prior to 9.0.1402. * Fixing bsc#1208828 (CVE-2023-1127) - VUL-1: CVE-2023-1127: vim: divide by zero in scrolldown() - drop vim-8.0-ttytype-test.patch as it changes test_options.vim which we remove during %prep anyway. And this breaks quilt setup. - for the complete list of changes see https://github.com/vim/vim/compare/v9.0.1386...v9.0.1572 Package pam was updated: - Add missing O_DIRECTORY flag in `protect_dir()` for pam_namespace module. [bsc#1218475, pam-bsc1218475-pam_namespace-O_DIRECTORY-flag.patch] - pam_unix: Add no_pass_expiry option to ignore password expiration [bsc#1215594 pam-unix-add-no_pass_expiry-option.patch] Package dmidecode was updated: 4 dependencies from upstream to be able to apply one more fix:- util-dont-leak-a-file-descriptor-in-read_file.patch: If memory allocation fails, we should close the file descriptor before returning the error. - util-let-callers-pass-an-offset-to-read_file.patch: Make the read_file() function more versatile. - dmidecode-fix-reading-from-smbios-3-dump-files.patch: Use the sysfs code path when reading from a dump file, as the requirements are similar. - util-dont-close-the-same-file-descriptor-twice.patch: Close file descriptor once and only once on error Fix a potential regression: - use-read_file-to-read-from-dump.patch: Fix an old harmless bug which would prevent root from using the --from-dump option since the latest security fixes (bsc#1210418). Security fixes (CVE-2023-30630) - dmidecode-split-table-fetching-from-decoding.patch: dmidecode: Clean up function dmi_table so that it does only one thing (bsc#1210418). - dmidecode-write-the-whole-dump-file-at-once.patch: When option - -dump-bin is used, write the whole dump file at once, instead of opening and closing the file separately for the table and then for the entry point (bsc#1210418). - dmidecode-do-not-let-dump-bin-overwrite-an-existing-file.patch: Make sure that the file passed to option --dump-bin does not already exist (bsc#1210418). - ensure-dev-mem-is-a-character-device-file.patch: Add a safety check on the type of the mem device file we are asked to read from, if we are root (bsc#1210418). 4 dependencies from upstream to be able to apply the above fixes: - avoid-sigbus-on-mmap-failure.patch: Prevent a crash when reading non-existent portion of memory device file. - fix-error-paths-in-mem_chunk.patch: Prevent a memory and file descriptor leak. - dmidecode-add-support-for-3-digit-versions.patch: Support 3-digit SMBIOS specification version comparison. - dmidecode-only-scan-dev-mem-for-entry-point-on-x86.patch: Don't attempt to read from /dev/mem on non-x86 systems. 6 recommended fixes from upstream: - dmidecode-fortify-entry-point-length-checks.patch: Ensure that the SMBIOS entry point is long enough to include all the fields we need. - dmidecode-fix-the-alignment-of-type-25-name.patch: Drop a stray tabulation before the name of DMI record type 25. - dmidecode-print-type-33-name-unconditionally.patch: Display the name of DMI record type 33 even if we can't decode it. - dmidecode-validate-structure-completeness-before-decoding.patch: Ensure that the whole DMI structure fits in the announced table length before performing any action on it. - dmidecode-avoid-oob-read-on-invalid-entry-point-length.patch: Don't let the entry point checksum verification run beyond the end of the buffer holding it. - dmioem-decode-hpe-uefi-type-219-misc-features.patch: Check the correct bits to report UEFI support. Package bind was updated: - Security Fix: * Previously, sending a specially crafted message over the control channel could cause the packet-parsing code to run out of available stack memory, causing named to terminate unexpectedly. This has been fixed. [bsc#1215472, CVE-2023-3341, bind-CVE-2023-3341.patch] - Security Fix: * The overmem cleaning process has been improved, to prevent the cache from significantly exceeding the configured max-cache-size limit. [bsc#1212544, CVE-2023-2828, bind-CVE-2023-2828.patch] Package python3-base was updated: - (bsc#1214691, CVE-2022-48566) Add CVE-2022-48566-compare_digest-more-constant.patch to make compare_digest more constant-time. - (bsc#1214685, CVE-2022-48565) Add CVE-2022-48565-plistlib-XML-vulns.patch (from gh#python/cpython#86217) reject XML entity declarations in plist files. - (bsc#1214677, CVE-2022-48564) Add CVE-2022-48564-DoS-read_ints-plistlib.patch fixing gh#python/cpython#86269 (backport from 3.6), which prevents DoS when processing malformed Apple Property List files in binary format. - Skip test_plistlib.test_identity test on aarch64. - (bsc#1210638, CVE-2023-27043) Add CVE-2023-27043-email-parsing-errors.patch, which detects email address parsing errors and returns empty tuple to indicate the parsing error (old API). - Add 99366-patch.dict-can-decorate-async.patch fixing gh#python/cpython#98086 (backport from Python 3.10 patch in gh#python/cpython!99366), fixing bsc#1211158. - Add stack_overflow_test_endless_recursion.patch to avoid failing test. - Add CVE-2007-4559-filter-tarfile_extractall.patch to fix CVE-2007-4559 (bsc#1203750) by adding the filter for tarfile.extractall (PEP 706). CURRENTLY SWITCHED OFF, AS IT IS STILL WIP AND UNDEBUGGED - Use python3 modules to build the documentation. Package dbus-1 was updated: - Sometimes unprivileged users were able to crash dbus-daemon (CVE-2023-34969, bsc#1212126) * fix-upstream-CVE-2023-34969.patch Package openssl-1_1 was updated: - Security fix: [bsc#1216922, CVE-2023-5678] * Fix excessive time spent in DH check / generation with large Q parameter value. * Applications that use the functions DH_generate_key() to generate an X9.42 DH key may experience long delays. Likewise, applications that use DH_check_pub_key(), DH_check_pub_key_ex () or EVP_PKEY_public_check() to check an X9.42 DH key or X9.42 DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a Denial of Service. * Add openssl-CVE-2023-5678.patch - Security fix: (bsc#1213853, CVE-2023-3817) * Fix excessive time spent checking DH q parameter value (bsc#1213853, CVE-2023-3817). The function DH_check() performs various checks on DH parameters. After fixing CVE-2023-3446 it was discovered that a large q parameter value can also trigger an overly long computation during some of these checks. A correct q value, if present, cannot be larger than the modulus p parameter, thus it is unnecessary to perform these checks if q is larger than p. If DH_check() is called with such q parameter value, DH_CHECK_INVALID_Q_VALUE return flag is set and the computationally intensive checks are skipped. * Add openssl-1_1-CVE-2023-3817.patch - Dont pass zero length input to EVP_Cipher because assembler optimized AES cannot handle zero size. [bsc#1213517] * Add openssl-dont-pass-zero-length-input-to-EVP_Cipher.patch - Security fix: [bsc#1213487, CVE-2023-3446] * Fix DH_check() excessive time with over sized modulus. * The function DH_check() performs various checks on DH parameters. One of those checks confirms that the modulus (&quot;p&quot; parameter) is not too large. Trying to use a very large modulus is slow and OpenSSL will not normally use a modulus which is over 10,000 bits in length. However the DH_check() function checks numerous aspects of the key or parameters that have been supplied. Some of those checks use the supplied modulus value even if it has already been found to be too large. A new limit has been added to DH_check of 32,768 bits. Supplying a key/parameters with a modulus over this size will simply cause DH_check() to fail. * Add openssl-CVE-2023-3446.patch openssl-CVE-2023-3446-test.patch - Security Fix: [bsc#1207534, CVE-2022-4304] * Reworked the Fix for the Timing Oracle in RSA Decryption The previous fix for this timing side channel turned out to cause a severe 2-3x performance regression in the typical use case compared to 1.1.1s. * Add openssl-CVE-2022-4304.patch * Removed patches: - openssl-CVE-2022-4304-1of2.patch - openssl-CVE-2022-4304-2of2.patch * Refreshed openssl-CVE-2023-0286.patch - Update further expiring certificates that affect tests [bsc#1201627] * Add openssl-Update-further-expiring-certificates.patch - Security Fix: [CVE-2023-2650, bsc#1211430] * Possible DoS translating ASN.1 object identifiers * Add openssl-CVE-2023-2650.patch Package libdb-4_8 was updated: Package gpg2 was updated: - Security Fix: [bsc#1088255, CVE-2018-9234] * Unenforced configuration allows for apparently valid certifications actually signed by signing subkeys. GnuPG &lt;= 2.2.5 does not enforce a configuration in which key certification requires an offline master Certify key, which results in apparently valid certifications that occurred only with access to a signing subkey. * Add gnupg-CVE-2018-9234.patch Package dbus-1-x11 was updated: - Sometimes unprivileged users were able to crash dbus-daemon (CVE-2023-34969, bsc#1212126) * fix-upstream-CVE-2023-34969.patch Package cloud-netconfig was updated: - Update to version 1.8: + Fix Azure metadata check (bsc#1214715) + Fix cleanup on ifdown Package parted was updated: - fix dm sector size (bsc#1186371) - add: libparted-dm-sector-size.patch Package cups was updated: - cups-1.7.5-CVE-2023-4504.patch fixes CVE-2023-4504 &quot;CUPS PostScript Parsing Heap Overflow&quot; https://github.com/OpenPrinting/cups/security/advisories/GHSA-pf5r-86w9-678h bsc#1215204 - cups-1.7.5-CVE-2023-32360.patch fixes CVE-2023-32360 &quot;Information leak through Cups-Get-Document operation&quot; by requiring authentication for CUPS-Get-Document in cupsd.conf https://github.com/OpenPrinting/cups/commit/a0c8b9c9556882f00c68b9727a95a1b6d1452913 https://github.com/OpenPrinting/cups/security/advisories/GHSA-7pv4-hx8c-gr4g bsc#1214254 - cups-1.7.5-additional_policies.patch is an updated version of cups-1.7-additional_policies.patch that replaces it to add the 'allowallforanybody' policy to cupsd.conf after cups-1.7.5-CVE-2023-32360.patch was applied - cups-1.7.5-CVE-2023-34241.patch fixes CVE-2023-34241 &quot;use-after-free in cupsdAcceptClient()&quot; https://github.com/OpenPrinting/cups/security/advisories/GHSA-qjgh-5hcq-5f25 bsc#1212230 - cups-1.7.5-CVE-2023-32324.patch fixes CVE-2023-32324 &quot;Heap buffer overflow in cupsd&quot; https://github.com/OpenPrinting/cups/security/advisories/GHSA-cxc6-w2g7-69p7 bsc#1211643 Package mozilla-nss was updated: - update to NSS 3.90.1 * bmo#1813401 - regenerate NameConstraints test certificates. * bmo#1854795 - add OSXSAVE and XCR0 tests to AVX2 detection. - Remove nss-fix-bmo1813401.patch which is now upstream. - Add nss-fix-bmo1813401.patch to fix bsc#1214980 - update to NSS 3.90 * bmo#1623338 - ride along: remove a duplicated doc page * bmo#1623338 - remove a reference to IRC * bmo#1831983 - clang-format lib/freebl/stubs.c * bmo#1831983 - Add a constant time select function * bmo#1774657 - Updating an old dbm with lots of certs with keys to sql results in a database that is slow to access. * bmo#1830973 - output early build errors by default * bmo#1804505 - Update the technical constraints for KamuSM * bmo#1822921 - Add BJCA Global Root CA1 and CA2 root certificates * bmo#1790763 - Enable default UBSan Checks * bmo#1786018 - Add explicit handling of zero length records * bmo#1829391 - Tidy up DTLS ACK Error Handling Path * bmo#1786018 - Refactor zero length record tests * bmo#1829112 - Fix compiler warning via correct assert * bmo#1755267 - run linux tests on nss-t/t-linux-xlarge-gcp * bmo#1806496 - In FIPS mode, nss should reject RSASSA-PSS salt lengths larger than the output size of the hash function used, or provide an indicator * bmo#1784163 - Fix reading raw negative numbers * bmo#1748237 - Repairing unreachable code in clang built with gyp * bmo#1783647 - Integrate Vale Curve25519 * bmo#1799468 - Removing unused flags for Hacl* * bmo#1748237 - Adding a better error message * bmo#1727555 - Update HACL* till 51a72a953a4ee6f91e63b2816ae5c4e62edf35d6 * bmo#1782980 - Fall back to the softokn when writing certificate trust * bmo#1806010 - FIPS-104-3 requires we restart post programmatically * bmo#1826650 - cmd/ecperf: fix dangling pointer warning on gcc 13 * bmo#1818766 - Update ACVP dockerfile for compatibility with debian package changes * bmo#1815796 - Add a CI task for tracking ECCKiila code status, update whitespace in ECCKiila files * bmo#1819958 - Removed deprecated sprintf function and replaced with snprintf * bmo#1822076 - fix rst warnings in nss doc * bmo#1821997 - Fix incorrect pygment style * bmo#1821292 - Change GYP directive to apply across platforms * Add libsmime3 abi-check exception for NSS_CMSSignerInfo_GetDigestAlgTag - Add nss-fix-bmo1836925.patch to fix build-errors - Merge the libfreebl3-hmac and libsoftokn3-hmac packages into the respective libraries. (bsc#1185116) - update to NSS 3.89.1 * bmo#1804505 - Update the technical constraints for KamuSM. * bmo#1822921 - Add BJCA Global Root CA1 and CA2 root certificates. - update to NSS 3.89 * bmo#1820834 - revert freebl/softoken RSA_MIN_MODULUS_BITS increase * bmo#1820175 - PR_STATIC_ASSERT is cursed * bmo#1767883 - Need to add policy control to keys lengths for signatures * bmo#1820175 - Fix unreachable code warning in fuzz builds * bmo#1820175 - Fix various compiler warnings in NSS * bmo#1820175 - Enable various compiler warnings for clang builds * bmo#1815136 - set PORT error after sftk_HMACCmp failure * bmo#1767883 - Need to add policy control to keys lengths for signatures * bmo#1804662 - remove data length assertion in sec_PKCS7Decrypt * bmo#1804660 - Make high tag number assertion failure an error * bmo#1817513 - CKM_SHA384_KEY_DERIVATION correction maximum key length from 284 to 384 * bmo#1815167 - Tolerate certificate_authorities xtn in ClientHello * bmo#1789436 - Fix build failure on Windows * bmo#1811337 - migrate Win 2012 tasks to Azure * bmo#1810702 - fix title length in doc * bmo#1570615 - Add interop tests for HRR and PSK to GREASE suite * bmo#1570615 - Add presence/absence tests for TLS GREASE * bmo#1804688 - Correct addition of GREASE value to ALPN xtn * bmo#1789436 - CH extension permutation * bmo#1570615 - TLS GREASE (RFC8701) * bmo#1804640 - improve handling of unknown PKCS#12 safe bag types * bmo#1815870 - use a different treeherder symbol for each docker image build task * bmo#1815868 - pin an older version of the ubuntu:18.04 and 20.04 docker images * bmo#1810702 - remove nested table in rst doc * bmo#1815246 - Export NSS_CMSSignerInfo_GetDigestAlgTag * bmo#1812671 - build failure while implicitly casting SECStatus to PRUInt32 - update to NSS 3.88.1 * bmo#1804640 - improve handling of unknown PKCS#12 safe bag types - update to NSS 3.88 * bmo#1815870 - use a different treeherder symbol for each docker image build task * bmo#1815868 - pin an older version of the ubuntu:18.04 and 20.04 docker images * bmo#1810702 - remove nested table in rst doc * bmo#1815246 - Export NSS_CMSSignerInfo_GetDigestAlgTag. * bmo#1812671 - build failure while implicitly casting SECStatus to PRUInt32 * bmo#1212915 - Add check for ClientHello SID max length * bmo#1771100 - Added EarlyData ALPN test support to BoGo shim * bmo#1790357 - ECH client - Discard resumption TLS &lt; 1.3 Session(IDs|Tickets) if ECH configs are setup * bmo#1714245 - On HRR skip PSK incompatible with negotiated ciphersuites hash algorithm * bmo#1789410 - ECH client: Send ech_required alert on server negotiating TLS 1.2. Fixed misleading Gtest, enabled corresponding BoGo test * bmo#1771100 - Added Bogo ECH rejection test support * bmo#1771100 - Added ECH 0Rtt support to BoGo shim * bmo#1747957 - RSA OAEP Wycheproof JSON * bmo#1747957 - RSA decrypt Wycheproof JSON * bmo#1747957 - ECDSA Wycheproof JSON * bmo#1747957 - ECDH Wycheproof JSON * bmo#1747957 - PKCS#1v1.5 wycheproof json * bmo#1747957 - Use X25519 wycheproof json * bmo#1766767 - Move scripts to python3 * bmo#1809627 - Properly link FuzzingEngine for oss-fuzz. * bmo#1805907 - Extending RSA-PSS bltest test coverage (Adding SHA-256 and SHA-384) * bmo#1804091 - NSS needs to move off of DSA for integrity checks * bmo#1805815 - Add initial testing with ACVP vector sets using acvp-rust * bmo#1806369 - Don't clone libFuzzer, rely on clang instead - update to NSS 3.87 * bmo#1803226 - NULL password encoding incorrect * bmo#1804071 - Fix rng stub signature for fuzzing builds * bmo#1803595 - Updating the compiler parsing for build * bmo#1749030 - Modification of supported compilers * bmo#1774654 - tstclnt crashes when accessing gnutls server without a user cert in the database. * bmo#1751707 - Add configuration option to enable source-based coverage sanitizer * bmo#1751705 - Update ECCKiila generated files. * bmo#1730353 - Add support for the LoongArch 64-bit architecture * bmo#1798823 - add checks for zero-length RSA modulus to avoid memory errors and failed assertions later * bmo#1798823 - Additional zero-length RSA modulus checks - Remove nss-fix-bmo1774654.patch which is now upstream - update to NSS 3.86 * bmo#1803190 - conscious language removal in NSS * bmo#1794506 - Set nssckbi version number to 2.60 * bmo#1803453 - Set CKA_NSS_SERVER_DISTRUST_AFTER and CKA_NSS_EMAIL_DISTRUST_AFTER for 3 TrustCor Root Certificates * bmo#1799038 - Remove Staat der Nederlanden EV Root CA from NSS * bmo#1797559 - Remove EC-ACC root cert from NSS * bmo#1794507 - Remove SwissSign Platinum CA - G2 from NSS * bmo#1794495 - Remove Network Solutions Certificate Authority * bmo#1802331 - compress docker image artifact with zstd * bmo#1799315 - Migrate nss from AWS to GCP * bmo#1800989 - Enable static builds in the CI * bmo#1765759 - Removing SAW docker from the NSS build system * bmo#1783231 - Initialising variables in the rsa blinding code * bmo#320582 - Implementation of the double-signing of the message for ECDSA * bmo#1783231 - Adding exponent blinding for RSA. - update to NSS 3.85 * bmo#1792821 - Modification of the primes.c and dhe-params.c in order to have better looking tables * bmo#1796815 - Update zlib in NSS to 1.2.13 * bmo#1796504 - Skip building modutil and shlibsign when building in Firefox * bmo#1796504 - Use __STDC_VERSION__ rather than __STDC__ as a guard * bmo#1796407 - Fix -Wunused-but-set-variable warning from clang 15 * bmo#1796308 - Fix -Wtautological-constant-out-of-range-compare and -Wtype-limits warnings * bmo#1796281 - Followup: add missing stdint.h include * bmo#1796281 - Fix -Wint-to-void-pointer-cast warnings * bmo#1796280 - Fix -Wunused-{function,variable,but-set-variable} warnings on Windows * bmo#1796079 - Fix -Wstring-conversion warnings * bmo#1796075 - Fix -Wempty-body warnings * bmo#1795242 - Fix unused-but-set-parameter warning * bmo#1795241 - Fix unreachable-code warnings * bmo#1795222 - Mark _nss_version_c unused on clang-cl * bmo#1795668 - Remove redundant variable definitions in lowhashtest * Add note about python executable to build instructions. - update to NSS 3.84 * bmo#1791699 - Bump minimum NSPR version to 4.35 * bmo#1792103 - Add a flag to disable building libnssckbi. - update to NSS 3.83 * bmo#1788875 - Remove set-but-unused variables from SEC_PKCS12DecoderValidateBags * bmo#1563221 - remove older oses that are unused part3/ BeOS * bmo#1563221 - remove older unix support in NSS part 3 Irix * bmo#1563221 - remove support for older unix in NSS part 2 DGUX * bmo#1563221 - remove support for older unix in NSS part 1 OSF * bmo#1778413 - Set nssckbi version number to 2.58 * bmp#1785297 - Add two SECOM root certificates to NSS * bmo#1787075 - Add two DigitalSign root certificates to NSS * bmo#1778412 - Remove Camerfirma Global Chambersign Root from NSS * bmo#1771100 - Added bug reference and description to disabled UnsolicitedServerNameAck bogo ECH test * bmo#1779361 - Removed skipping of ECH on equality of private and public server name * bmo#1779357 - Added comment and bug reference to ECHRandomHRRExtension bogo test * bmo#1779370 - Added Bogo shim client HRR test support. Fixed overwriting of CHInner.random on HRR * bmo#1779234 - Added check for server only sending ECH extension with retry configs in EncryptedExtensions and if not accepting ECH. Changed config setting behavior to skip configs with unsupported mandatory extensions instead of failing * bmo# 1771100 - Added ECH client support to BoGo shim. Changed CHInner creation to skip TLS 1.2 only extensions to comply with BoGo * bmo#1771100 - Added ECH server support to BoGo shim. Fixed NSS ECH server accept_confirmation bugs * bmo#1771100 - Update BoGo tests to recent BoringSSL version * bmo#1785846 - Bump minimum NSPR version to 4.34.1 - update to NSS 3.82 * bmo#1330271 - check for null template in sec_asn1{d,e}_push_state * bmo#1735925 - QuickDER: Forbid NULL tags with non-zero length * bmo#1784724 - Initialize local variables in TlsConnectTestBase::ConnectAndCheckCipherSuite * bmo#1784191 - Cast the result of GetProcAddress * bmo#1681099 - pk11wrap: Tighten certificate lookup based on PKCS #11 URI. - update to NSS 3.81 * bmo#1762831 - Enable aarch64 hardware crypto support on OpenBSD * bmo#1775359 - make NSS_SecureMemcmp 0/1 valued * bmo#1779285 - Add no_application_protocol alert handler and test client error code is set * bmo#1777672 - Gracefully handle null nickname in CERT_GetCertNicknameWithValidity * required for Firefox 104 - raised NSPR requirement to 4.34.1 - changing some Requires from (pre) to generic as (pre) is not sufficient (boo#1202118) - update to NSS 3.80 * bmo#1774720 - Fix SEC_ERROR_ALGORITHM_MISMATCH entry in SECerrs.h. * bmo#1617956 - Add support for asynchronous client auth hooks. * bmo#1497537 - nss-policy-check: make unknown keyword check optional. * bmo#1765383 - GatherBuffer: Reduced plaintext buffer allocations by allocating it on initialization. Replaced redundant code with assert. Debug builds: Added buffer freeing/allocation for each record. * bmo#1773022 - Mark 3.79 as an ESR release. * bmo#1764206 - Bump nssckbi version number for June. * bmo#1759815 - Remove Hellenic Academic 2011 Root. * bmo#1770267 - Add E-Tugra Roots. * bmo#1768970 - Add Certainly Roots. * bmo#1764392 - Add DigitCert Roots. * bmo#1759794 - Protect SFTKSlot needLogin with slotLock. * bmo#1366464 - Compare signature and signatureAlgorithm fields in legacy certificate verifier. * bmo#1771497 - Uninitialized value in cert_VerifyCertChainOld. * bmo#1771495 - Unchecked return code in sec_DecodeSigAlg. * bmo#1771498 - Uninitialized value in cert_ComputeCertType. * bmo#1760998 - Avoid data race on primary password change. * bmo#1769063 - Replace ppc64 dcbzl intrinisic. * bmo#1771036 - Allow LDFLAGS override in makefile builds. - Update nss-fips-approved-crypto-non-ec.patch (bsc#1208999) with fixes to PBKDF2 parameter validation. - Update nss-fips-approved-crypto-non-ec.patch (bsc#1208999) to validate extra PBKDF2 parameters according to FIPS 140-3. - Update nss-fips-approved-crypto-non-ec.patch (bsc#1191546) to update session-&gt;lastOpWasFIPS before destroying the key after derivation in the CKM_TLS12_KEY_AND_MAC_DERIVE, CKM_NSS_TLS_KEY_AND_MAC_DERIVE_SHA256, CKM_TLS_KEY_AND_MAC_DERIVE and CKM_SSL3_KEY_AND_MAC_DERIVE cases. - Update nss-fips-pct-pubkeys.patch (bsc#1207209) to remove some excess code. - Update nss-fips-approved-crypto-non-ec.patch (bsc#1191546). - Add nss-fips-pct-pubkeys.patch (bsc#1207209) for pairwise consistency checks. Thanks to Martin for the DHKey parts. - Add manpages to mozilla-nss-tools (bsc#1208242) Package lvm2 was updated: - blkdeactivate calls wrong mountpoint cmd (bsc#1214071) + bug-1214071-blkdeactivate_calls_wrong_mountpoint.patch Package _product:SLES-release was updated: Package google-guest-configs was updated: - Update to version 20230808.00 (bsc#1214546, bsc#1214572) * 64-gce-disk-removal.rules: delete (#51) - from version 20230801.00 * Replace xxd with dd for google_nvme_id (#56) - from version 20230729.00 * Setup irq binding for a3 8g vm (#57) - from version 20230724.00 * Debian packaging: add xxd dependency (#55) - Update to version 20230626.00 (bsc#1212418, bsc#1212759) * Revert &quot;Replace `xxd` to `cut` for google_nvme_id (#49)&quot; (#54) - Update to version 20230526.00 * dracut: Add a new dracut module for gcp udev rules (#53) - from version 20230522.00 * src/lib/udev: only create symlinks for GCP devices (#52) - from version 20230515.00 * Replace `xxd` to `cut` for google_nvme_id (#49) - from version 20230328.00 * Set hostname: consider fully qualified static hostname (#46) - Update to version 20230217.01 * Support multiple local SSD controllers (#39) - from version 20230217.00 * Update OWNERS (#45) - from version 20230215.00 * DHCP hostname: don't reset hostname if the hostname hasn't changed (#44) - from version 20230202.00 * Update OWNERS file (#43) - from version 20230123.00 * Fix a repository URL in packaging specs (#41) Package util-linux was updated: - Add upstream patch util-linux-bash-completion-shell-character-escape-CVE-2018-7738.patch Fix shell code injection in umount bash-completions (bsc#1213865, CVE-2018-7738) - util-linux-fix-tests-when-at-symbol-in-path.patch: Add patch to util-linux-systemd and python3-libmount, as it was previously only included in util-linux. - Add upstream patch fix-lib-internal-cache-size.patch bsc#1210164, gh#util-linux/util-linux@2fa4168c8bc9 Package autofs was updated: - autofs-5.1.8-dont-use-initgroups-at-spawn.patch Don't use initgroups at spawn (bsc#1214710) - autofs-5.1.3-revert-fix-argc-off-by-one-in-mount_aut.patch Fix off-by-one error in recursive map handling. (bsc#1209653) Package fonts-config was updated: - get the homedir from getpwuid when no $ENV{&quot;HOME&quot;} set- added patches fix bsc#1210700 + fonts-config-homedir-getpwuid.patch Package ntp was updated: - bsc#1215801: Use system-supplied libevent instead of local copy. - Update to 4.2.8p17: * Fix some regressions of 4.2.8p16 - Update to 4.2.8p16: * [Sec 3808] Assertion failure in ntpq on malformed RT-11 date * [Sec 3807], bsc#1210390, CVE-2023-26555: praecis_parse() in the Palisade refclock driver has a hypothetical input buffer overflow. * [Sec 3767] An OOB KoD RATE value triggers an assertion when debug is enabled. * Obsoletes: ntp-CVE-2023-26551.patch, ntp-sntp-dst.patch, ntp-ENOBUFS.patch * Multiple bug fixes and improvements. For details, see: /usr/share/doc/packages/ntp/ChangeLog http://www.ntp.org/support/securitynotice/4_2_8-series-changelog/ - Follow upstream's suggestion to build with debugging disabled: https://www.ntp.org/support/securitynotice/ntpbug3767/ - bsc#1210386: out-of-bounds writes in mstolfp() * CVE-2023-26551, CVE-2023-26552, CVE-2023-26553, CVE-2023-26554 * Add ntp-CVE-2023-26551.patch Package python-base was updated: - (bsc#1214691, CVE-2022-48566) Add CVE-2022-48566-compare_digest-more-constant.patch to make compare_digest more constant-time. - Allow nis.so for SLE-12. - (bsc#1214685, CVE-2022-48565) Add CVE-2022-48565-plistlib-XML-vulns.patch (from gh#python/cpython#86217) reject XML entity declarations in plist files. - Remove BOTH CVE-2023-27043-email-parsing-errors.patch and Revert-gh105127-left-tests.patch (as per discussion on bsc#1210638). - Add CVE-2023-40217-avoid-ssl-pre-close.patch fixing gh#python/cpython#108310, backport from upstream patch gh#python/cpython#108315 (bsc#1214692, CVE-2023-40217) - IT MEANS THAT bsc#1210638 STILL HAS NOT BEEN FIXED! - Add Revert-gh105127-left-tests.patch (gh#python/cpython!106941) partially reverting CVE-2023-27043-email-parsing-errors.patch, because of the regression in gh#python/cpython#106669. - (bsc#1210638, CVE-2023-27043) Add CVE-2023-27043-email-parsing-errors.patch, which detects email address parsing errors and returns empty tuple to indicate the parsing error (old API). - Fix the application of the python-2.7.17-switch-off-failing-SSL-tests.patch. - python-2.7.5-multilib.patch: Update for riscv64 - Don't fail if _ctypes or dl extension was not built - The condition around libnsl-devel BuildRequires is NOT switching off NIS support on SLE &lt; 15, support for NIS used to be in the glibc itself. Partial revert of sr#1061583. - Add PygmentsBridge-trime_doctest_flags.patch to allow build of the documentation even with the current Sphinx. (SUSE-ONLY PATCH, DO NOT SEND UPSTREAM!) - Enable --with-system-ffi for non-standard architectures. - SLE-12 builds nis.so as well. - Add CVE-2023-24329-blank-URL-bypass.patch (CVE-2023-24329, bsc#1208471) blocklists bypass via the urllib.parse component when supplying a URL that starts with blank characters - Disable NIS for new products, it's deprecated and gets removed - Add skip_unverified_test.patch because apparently switching off SSL verification doesn't work on older SLE. - Restore python-2.7.9-sles-disable-verification-by-default.patch for SLE-12. Package regionServiceClientConfigGCE was updated: - Update to version 4.0.1 (bsc#1217538) + Replace 130.211.242.136.pem and 130.211.88.88.pem certs expiring in 8 years and new length of 4096 These certs will replace the current certs that expire soon - Update to version 4.0.0 (bsc#1199668) + Move the cert location to /usr for compatibility with ro setup of SLE-Micro + Fix url in spec file to pint to the proper location of the source Package samba was updated: - Add new idmap_nss option 'use_upn' for those NSS modules able to handle UPNs or DOMAIN/user name format; (bsc#1215369); - Avoid unnecessary locking in idmap parent setup; (bsc#1215369); - Do not try to set domain online in the idmap child; (bsc#1215369); (bso#15317). - CVE-2023-4091: samba: Client can truncate file with read-only permissions; (bsc#1215904); (bso#15439). - secure channel faulty since Windows 10/11 update 07/2023; (bso#15418); (bsc#1213384). - CVE-2022-2127: lm_resp_len not checked properly in winbindd_pam_auth_crap_send; (bso#15072); (bsc#1213174). - CVE-2023-34966: Samba Spotlight mdssvc RPC Request Infinite Loop Denial-of-Service Vulnerability; (bso#15340); (bsc#1213173). - CVE-2023-34967: Samba Spotlight mdssvc RPC Request Type Confusion Denial-of-Service Vulnerability; (bso#15341); (bsc#1213172). - CVE-2023-34968: Spotlight server-side Share Path Disclosure; (bso#15388); (bsc#1213171). Package python-urllib3 was updated: - Add CVE-2023-45803.patch (bsc#1216377, CVE-2023-45803) gh#urllib3/urllib3@4e98d57809da - Add CVE-2023-43804.patch (bsc#1215968, CVE-2023-43804) gh#urllib3/urllib3#3139 * Added the Cookie header to the list of headers to strip from requests when redirecting to a different host. As before, different headers can be set via Retry.remove_headers_on_redirect. Package libseccomp was updated: - Speed up database handling when handling lots of rules like in docker (bsc#1209407) Added backported patches: - 01-21b98d85e8bfdb701a5f9afd54ff5175af910a45.patch - 02-19af04da86e9a4168a443f3563fc7aec8839edf0.patch Package python was updated: - (bsc#1214691, CVE-2022-48566) Add CVE-2022-48566-compare_digest-more-constant.patch to make compare_digest more constant-time. - Allow nis.so for SLE-12. - (bsc#1214685, CVE-2022-48565) Add CVE-2022-48565-plistlib-XML-vulns.patch (from gh#python/cpython#86217) reject XML entity declarations in plist files. - Remove BOTH CVE-2023-27043-email-parsing-errors.patch and Revert-gh105127-left-tests.patch (as per discussion on bsc#1210638). - Add CVE-2023-40217-avoid-ssl-pre-close.patch fixing gh#python/cpython#108310, backport from upstream patch gh#python/cpython#108315 (bsc#1214692, CVE-2023-40217) - IT MEANS THAT bsc#1210638 STILL HAS NOT BEEN FIXED! - Add Revert-gh105127-left-tests.patch (gh#python/cpython!106941) partially reverting CVE-2023-27043-email-parsing-errors.patch, because of the regression in gh#python/cpython#106669. - (bsc#1210638, CVE-2023-27043) Add CVE-2023-27043-email-parsing-errors.patch, which detects email address parsing errors and returns empty tuple to indicate the parsing error (old API). - Fix the application of the python-2.7.17-switch-off-failing-SSL-tests.patch. - python-2.7.5-multilib.patch: Update for riscv64 - Don't fail if _ctypes or dl extension was not built - The condition around libnsl-devel BuildRequires is NOT switching off NIS support on SLE &lt; 15, support for NIS used to be in the glibc itself. Partial revert of sr#1061583. - Add PygmentsBridge-trime_doctest_flags.patch to allow build of the documentation even with the current Sphinx. (SUSE-ONLY PATCH, DO NOT SEND UPSTREAM!) - Enable --with-system-ffi for non-standard architectures. - SLE-12 builds nis.so as well. - Add CVE-2023-24329-blank-URL-bypass.patch (CVE-2023-24329, bsc#1208471) blocklists bypass via the urllib.parse component when supplying a URL that starts with blank characters - Disable NIS for new products, it's deprecated and gets removed - Add skip_unverified_test.patch because apparently switching off SSL verification doesn't work on older SLE. - Restore python-2.7.9-sles-disable-verification-by-default.patch for SLE-12. Package avahi was updated: - Add avahi-CVE-2023-38473.patch: derive alternative host name from its unescaped version (bsc#1216419 CVE-2023-38473). - Add avahi-CVE-2023-1981.patch: emit error if requested service is not found (boo#1210328 CVE-2023-1981). Package yast2-transfer was updated: - Fixed TFTP download, truncate the target file to avoid garbage at the end of the file when saving to an already existing file (bsc#1208754) - 3.1.4 Package krb5 was updated: - Ensure array count consistency in kadm5 RPC; (bsc#1214054); (CVE-2023-36054); - Added patches: * 0127-Ensure-array-count-consistency-in-kadm5-RPC.patch - Fix prefix reported by krb5-config, libraries and headers are not installed under /usr/lib/mit prefix. (bsc#1211411); Package suse-module-tools was updated: - Update to version 12.13: added blacklist entries in modprobe.conf * blacklist RNDIS modules (bsc#1205767, jsc#PED-5731, CVE-2023-23559) * blacklist cls_tcindex module (bsc#1210335, CVE-2023-1829) * blacklist isst_if_mbox_msr (bsc#1187196) Package util-linux-systemd was updated: - Add upstream patch util-linux-bash-completion-shell-character-escape-CVE-2018-7738.patch Fix shell code injection in umount bash-completions (bsc#1213865, CVE-2018-7738) - util-linux-fix-tests-when-at-symbol-in-path.patch: Add patch to util-linux-systemd and python3-libmount, as it was previously only included in util-linux. - Add upstream patch fix-lib-internal-cache-size.patch bsc#1210164, gh#util-linux/util-linux@2fa4168c8bc9 - Fix tests not passing when '@' character is in build path: Fixes rpmbuild %checks fail when @ in the directory path (bsc#1194038). - Add util-linux-fix-tests-when-at-symbol-in-path.patch Package ca-certificates-mozilla was updated: - Updated to 2.62 state of Mozilla SSL root CAs (bsc#1214248) Added: - Atos TrustedRoot Root CA ECC G2 2020 - Atos TrustedRoot Root CA ECC TLS 2021 - Atos TrustedRoot Root CA RSA G2 2020 - Atos TrustedRoot Root CA RSA TLS 2021 - BJCA Global Root CA1 - BJCA Global Root CA2 - LAWtrust Root CA2 (4096) - Sectigo Public Email Protection Root E46 - Sectigo Public Email Protection Root R46 - Sectigo Public Server Authentication Root E46 - Sectigo Public Server Authentication Root R46 - SSL.com Client ECC Root CA 2022 - SSL.com Client RSA Root CA 2022 - SSL.com TLS ECC Root CA 2022 - SSL.com TLS RSA Root CA 2022 Removed CAs: - Chambers of Commerce Root - E-Tugra Certification Authority - E-Tugra Global Root CA ECC v3 - E-Tugra Global Root CA RSA v3 - Hongkong Post Root CA 1 Package cloud-regionsrv-client was updated: - Update to version 10.1.5 (bsc#1217583) + Fix fallback path when IPv6 network path is not usable + Enable an IPv6 fallback path in IMDS access if it cannot be accessed over IPv4 + Enable IMDS access over IPv6 - Update to version 10.1.4 (bsc#1217451) + Fetch cert for new update server during failover - Update to version 10.1.3 (bsc#1214801) + Add a warning if we detect a Python package cert bundle for certifi This will help with debugging and point to potential issues when using SUSE images in AWS, Azure, and GCE - Update to version 10.1.2 (bsc#1211282) + Properly handle Ipv6 when checking update server responsiveness. If not available fall back and use IPv4 information + Use systemd_ordered to allow use in a container without pulling systemd into the container as a requirement - Update to version 10.1.1 (bsc#1210020, bsc#1210021) + Clean up the system if baseproduct registraion fails to leave the system in prestine state + Log when the registercloudguest command is invoked with --clean - Update to version 10.1.0 (bsc#1207133, bsc#1208097, bsc#1208099 ) - Removes a warning about system_token entry present in the credentials file. - Adds logrotate configuration for log rotation. - Update to version 10.1.0 (bsc#1207133, bsc#1208097, bsc#1208099 ) - Removes a warning about system_token entry present in the credentials file. - Adds logrotate configuration for log rotation. Package perl was updated: - enable TLS cert verification in CPAN [bnc#1210999] [CVE-2023-31484] new patch: perl-cpan_verify_cert.diff Package coreutils was updated: - Add coreutils-chcon-skip-validation-if-selinux-disabled.patch to avoid unnecessary failure in case SELinux is disabled. (bsc#1212999) Package google-guest-agent was updated: - Update to version 20230601.00 (bsc#1212418, bsc#1212759) * Revert &quot;Avoid conflict with automated package updates (#212)&quot; (#214) * Don't block google-osconfig-agent (#213) - from version 20230531.00 * Avoid conflict with automated package updates (#212) * Add a support of TrustedUserCAKeys into sshd configuration (#206) - Update to version 20230510.00 * Fix dependencies after updating go ver to 1.17 (#211) * Update Go version (#210) - from version 20230426.00 * Fix compilation directives (#207) - from version 20230403.00 * Mod update (#205) * Update mod: update golang.org/x/net to 0.8.0 and its dependencies (#204) Package curl was updated: - Fix: libssh: Implement SFTP packet size limit (bsc#1216987) * Add curl-libssh_Implement_SFTP_packet_size_limit.patch - Security fixes: * [bsc#1217573, CVE-2023-46218] cookie mixed case PSL bypass * [bsc#1217574, CVE-2023-46219] HSTS long file name clears contents * Add curl-CVE-2023-46218.patch curl-CVE-2023-46219.patch - Security fixes: * [bsc#1215888, CVE-2023-38545] SOCKS5 heap buffer overflow * [bsc#1215889, CVE-2023-38546] Cookie injection with none file * Add curl-CVE-2023-38545.patch curl-CVE-2023-38546.patch - Security fix: [bsc#1215026, CVE-2023-38039] * http: return error when receiving too large header * Add curl-CVE-2023-38039.patch - Security fix: [bsc#1213237, CVE-2023-32001] * fopen race condition: libcurl can be told to save cookie, HSTS and/or alt-svc data to files. When doing this, it called 'stat()' followed by 'fopen()' in a way that made it vulnerable to a TOCTOU race condition problem. * Add curl-CVE-2023-32001.patch - Security fixes: * [bsc#1211230, CVE-2023-28319] use-after-free in SSH sha256 fingerprint check. - Add curl-CVE-2023-28319.patch * [bsc#1211231, CVE-2023-28320] siglongjmp race condition - Add curl-CVE-2023-28320.patch * [bsc#1211232, CVE-2023-28321] IDN wildcard matching - Add curl-CVE-2023-28321.patch * [bsc#1211233, CVE-2023-28322] POST-after-PUT confusion - Add curl-CVE-2023-28322.patch - Update to 8.0.1: [jsc#PED-2580] * Remove the curl-mini package and associated files: - curl-mini.changes curl-mini.spec pre_checkin.sh * Rebase curl-use_DEFAULT_SUSE_cipher.patch * Remove patches fixed in the update: - curl-check-content-type.patch - curl-fix-O_APPEND.patch - curl-libssh-socket.patch - curl-X509_V_FLAG_PARTIAL_CHAIN.patch - curl-CVE-2018-0500.patch curl-CVE-2018-14618.patch - curl-CVE-2018-16839.patch curl-CVE-2018-16840.patch - curl-CVE-2018-16842.patch curl-CVE-2018-16890.patch - curl-CVE-2019-3822.patch curl-CVE-2019-3823.patch - curl-CVE-2019-5436.patch curl-CVE-2019-5481.patch - curl-CVE-2019-5482.patch curl-CVE-2020-8177.patch - curl-CVE-2020-8231.patch curl-CVE-2020-8284.patch - curl-CVE-2020-8285.patch curl-CVE-2020-8286.patch - curl-CVE-2021-22876.patch curl-CVE-2021-22876-URL-API.patch - curl-CVE-2021-22898.patch curl-CVE-2021-22924.patch - curl-CVE-2021-22925.patch curl-CVE-2021-22946.patch - curl-CVE-2021-22947.patch curl-CVE-2023-27534-dynbuf.patch - curl-CVE-2022-22576.patch curl-CVE-2022-27776.patch - curl-CVE-2022-27781.patch curl-CVE-2022-27782.patch - curl-CVE-2022-32206.patch curl-CVE-2022-32208.patch - curl-CVE-2022-32221.patch curl-CVE-2022-35252.patch - curl-CVE-2022-43552.patch curl-CVE-2023-23916.patch - curl-CVE-2023-27533.patch curl-CVE-2023-27533-no-sscanf.patch - curl-CVE-2023-27534.patch curl-CVE-2023-27535.patch - curl-CVE-2023-27536.patch curl-CVE-2023-27538.patch - Update to 8.0.1: * Bugfixes: - fix crash in curl_easy_cleanup - Update to 8.0.0: * Security fixes: - TELNET option IAC injection [bsc#1209209, CVE-2023-27533] - SFTP path ~ resolving discrepancy [bsc#1209210, CVE-2023-27534] - FTP too eager connection reuse [bsc#1209211, CVE-2023-27535] - GSS delegation too eager connection re-use [bsc#1209212, CVE-2023-27536] - HSTS double-free [bsc#1209213, CVE-2023-27537] - SSH connection too eager reuse still [bsc#1209214, CVE-2023-27538] * Changes: - build: remove support for curl_off_t &lt; 8 bytes * Bugfixes: - aws_sigv4: fall back to UNSIGNED-PAYLOAD for sign_as_s3 - BINDINGS: add Fortran binding - cf-socket: use port 80 when resolving name for local bind - cookie: don't load cookies again when flushing - curl_path: create the new path with dynbuf - CURLSHOPT_SHARE.3: HSTS sharing is not thread-safe - DYNBUF.md: note Curl_dyn_add* calls Curl_dyn_free on failure - ftp: active mode with SSL, add the filter - hostip: avoid sscanf and extra buffer copies - http2: fix for http2-prior-knowledge when reusing connections - http2: fix handling of RST and GOAWAY to recognize partial transfers - http: don't send 100-continue for short PUT requests - http: fix unix domain socket use in https connects - libssh: use dynbuf instead of realloc - ngtcp2-gnutls.yml: bump to gnutls 3.8.0 - sectransp: make read_cert() use a dynbuf when loading - telnet: only accept option arguments in ascii - telnet: parse telnet options without sscanf - url: fix the SSH connection reuse check - url: only reuse connections with same GSS delegation - urlapi: '%' is illegal in host names - ws: keep the socket non-blocking * Rebase libcurl-ocloexec.patch Package openldap2 was updated: - bsc#1211795 - CVE-2023-2953 - Null pointer deref in ber_memalloc_x * 0227-ITS-9904-ldif_open_url-check-for-ber_strdup-failure.patch Package nghttp2 was updated: - security update- added patches fix CVE-2023-44487 [bsc#1216123], HTTP/2 Rapid Reset Attack + nghttp2-CVE-2023-44487.patch - Fixes memory leak that happens when PUSH_PROMISE or HEADERS frame cannot be sent, and nghttp2_on_stream_close_callback fails with a fatal error. [CVE-2023-35945 bsc#1215713] + nghttp2-CVE-2023-35945.patch Package mozilla-nspr was updated: - update to version 4.35 * fixes for building with clang * use the number of online processors for the PR_GetNumberOfProcessors() API on some platforms * fix build on mips+musl libc * Add support for the LoongArch 64-bit architecture Package apparmor was updated: - Explicitly prefer apache2 instead of apache2-tls13; (bsc#1213941) - Add samba-fix-log-plugin-denied.patch to fix apparmor profile denied log messages for samba/winbind; (bsc#1208798). Package systemd was updated: - Import commit cdbaab11e02eb29810963d9248677cf5ce84dc7f bf57bec240 man: document that PAMName= and NotifyAccess=all don't mix well. 823ec43d38 man: add brief documentation for the (sd-pam) processes created due to PAMName= (#4967) 256f8e70d2 service: accept the fact that the three xyz_good() functions return ints 2a62219d4d service: drop _pure_ decorator on static function 14e71b9180 service: a cgroup empty notification isn't reason enough to go down (bsc#1212207) 943f812b3d service: add explanatory comments to control_pid_good() and cgroup_good() 87a54d3060 service: fix main_pid_good() comment - Import commit 17837e912c887402ff309215056d441b2881f9b6 27e9161566 utmp-wtmp: handle EINTR gracefully when waiting to write to tty 557ac78b1c utmp-wtmp: fix error in case isatty() fails 3e0bde3ade sd-netlink: handle EINTR from poll() gracefully, as success 61d939f79a stdio-bridge: don't be bothered with EINTR 367ee82375 sd-bus: handle -EINTR return from bus_poll() (bsc#1215241) acca59ec26 libsystemd: ignore both EINTR and EAGAIN 0ae5743060 errno-util: introduce ERRNO_IS_TRANSIENT() - Import commit f4af8cbfb8ddc2baddfd992ebff0fb4858e4f651 02dde27b0e man/systemd-fsck@.service: clarify passno and noauto combination in /etc/fstab (bsc#1211725) 9f0a3ab847 units/initrd-parse-etc.service: Conflict with emergency.target 98035f2aa8 umount: /usr/ should never be unmounted regardless of HAVE_SPLIT_USR or not (bsc#1211576) 0a8225faea core/mount: Don't unmount initramfs mounts 9eaf1537b4 man: describe that changing Storage= does not move existing data Package ca-certificates was updated: Package python3 was updated: - (bsc#1214691, CVE-2022-48566) Add CVE-2022-48566-compare_digest-more-constant.patch to make compare_digest more constant-time. - (bsc#1214685, CVE-2022-48565) Add CVE-2022-48565-plistlib-XML-vulns.patch (from gh#python/cpython#86217) reject XML entity declarations in plist files. - (bsc#1214677, CVE-2022-48564) Add CVE-2022-48564-DoS-read_ints-plistlib.patch fixing gh#python/cpython#86269 (backport from 3.6), which prevents DoS when processing malformed Apple Property List files in binary format. - Skip test_plistlib.test_identity test on aarch64. - (bsc#1210638, CVE-2023-27043) Add CVE-2023-27043-email-parsing-errors.patch, which detects email address parsing errors and returns empty tuple to indicate the parsing error (old API). - Add 99366-patch.dict-can-decorate-async.patch fixing gh#python/cpython#98086 (backport from Python 3.10 patch in gh#python/cpython!99366), fixing bsc#1211158. - Add stack_overflow_test_endless_recursion.patch to avoid failing test. - Add CVE-2007-4559-filter-tarfile_extractall.patch to fix CVE-2007-4559 (bsc#1203750) by adding the filter for tarfile.extractall (PEP 706). CURRENTLY SWITCHED OFF, AS IT IS STILL WIP AND UNDEBUGGED - Use python3 modules to build the documentation. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://publiccloudimagechangeinfo.suse.com/google/sles-12-sp5-byos-v20240125-x86-64/ Public Cloud Image Info https://www.suse.com/support/security/rating/ SUSE Security Ratings Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64 autofs-5.1.3-3.17.1 bind-utils-9.11.22-3.49.1 binutils-2.41-9.53.1 ca-certificates-1_201403302107-15.9.1 ca-certificates-mozilla-2.62-12.43.1 cloud-netconfig-gce-1.8-30.1 cloud-regionsrv-client-10.1.5-52.102.1 cloud-regionsrv-client-plugin-gce-1.0.0-52.102.1 coreutils-8.25-13.16.1 cron-4.2-59.22.1 cronie-1.4.11-59.22.1 cryptsetup-2.0.6-3.6.1 cups-libs-1.7.5-20.46.1 curl-8.0.1-11.83.2 dbus-1-1.8.22-44.1 dbus-1-x11-1.8.22-44.1 device-mapper-1.02.172-12.9.4 dmidecode-3.0-10.6.1 dracut-044.2-127.1 fonts-config-20180430-6.13.1 gawk-4.1.0-5.3.1 glib2-tools-2.48.2-12.34.1 glibc-2.22-114.31.1 glibc-i18ndata-2.22-114.31.1 glibc-locale-2.22-114.31.1 google-guest-agent-20230601.00-1.32.3 google-guest-configs-20230808.00-1.26.1 google-osconfig-agent-20230706.02-1.23.3 gpg2-2.0.24-9.14.1 grub2-2.02-169.1 grub2-i386-pc-2.02-169.1 grub2-x86_64-efi-2.02-169.1 insserv-compat-0.1-14.6.1 kernel-default-4.12.14-122.189.1 krb5-1.12.5-40.52.1 krb5-client-1.12.5-40.52.1 libX11-6-1.6.2-12.33.1 libX11-data-1.6.2-12.33.1 libapparmor1-2.8.2-56.12.1 libavahi-client3-0.6.32-32.21.1 libavahi-common3-0.6.32-32.21.1 libbind9-161-9.11.22-3.49.1 libblkid1-2.33.2-4.33.1 libcap2-2.26-14.9.1 libcryptsetup12-2.0.6-3.6.1 libctf-nobfd0-2.41-9.53.1 libctf0-2.41-9.53.1 libcurl4-8.0.1-11.83.2 libdb-4_8-4.8.30-36.1 libdbus-1-3-1.8.22-44.1 libdns1110-9.11.22-3.49.1 libfdisk1-2.33.2-4.33.1 libgcc_s1-13.2.1+git7813-1.10.1 libgio-2_0-0-2.48.2-12.34.1 libglib-2_0-0-2.48.2-12.34.1 libgmodule-2_0-0-2.48.2-12.34.1 libgobject-2_0-0-2.48.2-12.34.1 libirs161-9.11.22-3.49.1 libisc1107-9.11.22-3.49.1 libisccc161-9.11.22-3.49.1 libisccfg163-9.11.22-3.49.1 libldap-2_4-2-2.4.41-22.19.1 liblwres161-9.11.22-3.49.1 libmount1-2.33.2-4.33.1 libncurses5-5.9-85.1 libncurses6-5.9-85.1 libnghttp2-14-1.39.2-3.13.1 libopenssl1_0_0-1.0.2p-3.87.1 libopenssl1_1-1.1.1d-2.101.1 libparted0-3.1-37.26.1 libprocps3-3.3.9-11.30.1 libpython2_7-1_0-2.7.18-33.26.1 libpython3_4m1_0-3.4.10-25.116.1 libpython3_6m1_0-3.6.15-49.1 libseccomp2-2.4.1-11.6.1 libsmartcols1-2.33.2-4.33.1 libsqlite3-0-3.44.0-9.29.1 libstdc++6-13.2.1+git7813-1.10.1 libsystemd0-228-157.57.1 libudev1-228-157.57.1 libuuid1-2.33.2-4.33.1 libxml2-2-2.9.4-46.68.2 libz1-1.2.11-11.37.1 libzypp-16.22.11-59.2 lvm2-2.02.188-12.9.4 mozilla-nspr-4.35-19.29.1 mozilla-nss-certs-3.90.1-58.107.2 ncurses-utils-5.9-85.1 nfs-client-1.3.0-34.50.1 nfs-kernel-server-1.3.0-34.50.1 nscd-2.22-114.31.1 ntp-4.2.8p17-106.7.1 openldap2-client-2.4.41-22.19.1 openslp-2.0.0-24.5.2 openssh-7.2p2-81.8.1 openssl-1_0_0-1.0.2p-3.87.1 pam-1.1.8-24.56.1 parted-3.1-37.26.1 patterns-sles-Minimal-12-12.12.1 perl-5.18.2-12.26.1 perl-Bootloader-0.944-3.3.1 perl-base-5.18.2-12.26.1 permissions-20170707-6.16.1 procps-3.3.9-11.30.1 python-2.7.18-33.26.1 python-base-2.7.18-33.26.1 python-bind-9.11.22-3.49.1 python-chardet-3.0.4-5.9.2 python-cryptography-2.8-7.42.2 python-requests-2.24.0-8.14.1 python-urllib3-1.25.10-3.37.1 python-xml-2.7.18-33.26.1 python3-3.4.10-25.116.1 python3-base-3.4.10-25.116.1 python3-chardet-3.0.4-5.9.2 python3-cryptography-2.8-7.42.2 python3-requests-2.24.0-8.17.1 python3-urllib3-1.25.10-3.37.1 python36-base-3.6.15-49.1 regionServiceClientConfigGCE-4.0.1-5.12.1 rsyslog-8.2106.0-8.17.4 samba-client-libs-4.15.13+git.638.942e3211cf-3.91.1 samba-libs-4.15.13+git.638.942e3211cf-3.91.1 shadow-4.2.1-36.6.1 shim-15.7-25.27.1 sqlite3-tcl-3.44.0-9.29.1 supportutils-3.0.12-95.57.1 supportutils-plugin-suse-public-cloud-1.0.8-6.19.1 suse-module-tools-12.13-3.11.1 systemd-228-157.57.1 systemd-sysvinit-228-157.57.1 tar-1.27.1-15.24.1 terminfo-5.9-85.1 terminfo-base-5.9-85.1 udev-228-157.57.1 util-linux-2.33.2-4.33.1 util-linux-systemd-2.33.2-4.33.1 vim-9.0.2103-17.26.1 vim-data-common-9.0.2103-17.26.1 wget-1.14-21.16.1 wicked-0.6.73-3.24.1 wicked-service-0.6.73-3.24.1 yast2-registration-3.3.2-3.7.4 yast2-samba-client-3.1.24-3.6.1 yast2-transfer-3.1.4-5.3.2 zypper-1.13.65-21.58.2 autofs-5.1.3-3.17.1 as a component of Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64 bind-utils-9.11.22-3.49.1 as a component of Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64 binutils-2.41-9.53.1 as a component of Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64 ca-certificates-1_201403302107-15.9.1 as a component of Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64 ca-certificates-mozilla-2.62-12.43.1 as a component of Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64 cloud-netconfig-gce-1.8-30.1 as a component of Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64 cloud-regionsrv-client-10.1.5-52.102.1 as a component of Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64 cloud-regionsrv-client-plugin-gce-1.0.0-52.102.1 as a component of Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64 coreutils-8.25-13.16.1 as a component of Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64 cron-4.2-59.22.1 as a component of Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64 cronie-1.4.11-59.22.1 as a component of Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64 cryptsetup-2.0.6-3.6.1 as a component of Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64 cups-libs-1.7.5-20.46.1 as a component of Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64 curl-8.0.1-11.83.2 as a component of Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64 dbus-1-1.8.22-44.1 as a component of Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64 dbus-1-x11-1.8.22-44.1 as a component of Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64 device-mapper-1.02.172-12.9.4 as a component of Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64 dmidecode-3.0-10.6.1 as a component of Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64 dracut-044.2-127.1 as a component of Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64 fonts-config-20180430-6.13.1 as a component of Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64 gawk-4.1.0-5.3.1 as a component of Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64 glib2-tools-2.48.2-12.34.1 as a component of Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64 glibc-2.22-114.31.1 as a component of Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64 glibc-i18ndata-2.22-114.31.1 as a component of Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64 glibc-locale-2.22-114.31.1 as a component of Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64 google-guest-agent-20230601.00-1.32.3 as a component of Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64 google-guest-configs-20230808.00-1.26.1 as a component of Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64 google-osconfig-agent-20230706.02-1.23.3 as a component of Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64 gpg2-2.0.24-9.14.1 as a component of Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64 grub2-2.02-169.1 as a component of Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64 grub2-i386-pc-2.02-169.1 as a component of Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64 grub2-x86_64-efi-2.02-169.1 as a component of Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64 insserv-compat-0.1-14.6.1 as a component of Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64 kernel-default-4.12.14-122.189.1 as a component of Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64 krb5-1.12.5-40.52.1 as a component of Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64 krb5-client-1.12.5-40.52.1 as a component of Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64 libX11-6-1.6.2-12.33.1 as a component of Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64 libX11-data-1.6.2-12.33.1 as a component of Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64 libapparmor1-2.8.2-56.12.1 as a component of Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64 libavahi-client3-0.6.32-32.21.1 as a component of Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64 libavahi-common3-0.6.32-32.21.1 as a component of Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64 libbind9-161-9.11.22-3.49.1 as a component of Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64 libblkid1-2.33.2-4.33.1 as a component of Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64 libcap2-2.26-14.9.1 as a component of Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64 libcryptsetup12-2.0.6-3.6.1 as a component of Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64 libctf-nobfd0-2.41-9.53.1 as a component of Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64 libctf0-2.41-9.53.1 as a component of Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64 libcurl4-8.0.1-11.83.2 as a component of Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64 libdb-4_8-4.8.30-36.1 as a component of Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64 libdbus-1-3-1.8.22-44.1 as a component of Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64 libdns1110-9.11.22-3.49.1 as a component of Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64 libfdisk1-2.33.2-4.33.1 as a component of Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64 libgcc_s1-13.2.1+git7813-1.10.1 as a component of Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64 libgio-2_0-0-2.48.2-12.34.1 as a component of Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64 libglib-2_0-0-2.48.2-12.34.1 as a component of Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64 libgmodule-2_0-0-2.48.2-12.34.1 as a component of Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64 libgobject-2_0-0-2.48.2-12.34.1 as a component of Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64 libirs161-9.11.22-3.49.1 as a component of Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64 libisc1107-9.11.22-3.49.1 as a component of Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64 libisccc161-9.11.22-3.49.1 as a component of Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64 libisccfg163-9.11.22-3.49.1 as a component of Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64 libldap-2_4-2-2.4.41-22.19.1 as a component of Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64 liblwres161-9.11.22-3.49.1 as a component of Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64 libmount1-2.33.2-4.33.1 as a component of Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64 libncurses5-5.9-85.1 as a component of Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64 libncurses6-5.9-85.1 as a component of Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64 libnghttp2-14-1.39.2-3.13.1 as a component of Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64 libopenssl1_0_0-1.0.2p-3.87.1 as a component of Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64 libopenssl1_1-1.1.1d-2.101.1 as a component of Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64 libparted0-3.1-37.26.1 as a component of Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64 libprocps3-3.3.9-11.30.1 as a component of Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64 libpython2_7-1_0-2.7.18-33.26.1 as a component of Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64 libpython3_4m1_0-3.4.10-25.116.1 as a component of Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64 libpython3_6m1_0-3.6.15-49.1 as a component of Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64 libseccomp2-2.4.1-11.6.1 as a component of Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64 libsmartcols1-2.33.2-4.33.1 as a component of Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64 libsqlite3-0-3.44.0-9.29.1 as a component of Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64 libstdc++6-13.2.1+git7813-1.10.1 as a component of Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64 libsystemd0-228-157.57.1 as a component of Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64 libudev1-228-157.57.1 as a component of Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64 libuuid1-2.33.2-4.33.1 as a component of Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64 libxml2-2-2.9.4-46.68.2 as a component of Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64 libz1-1.2.11-11.37.1 as a component of Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64 libzypp-16.22.11-59.2 as a component of Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64 lvm2-2.02.188-12.9.4 as a component of Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64 mozilla-nspr-4.35-19.29.1 as a component of Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64 mozilla-nss-certs-3.90.1-58.107.2 as a component of Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64 ncurses-utils-5.9-85.1 as a component of Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64 nfs-client-1.3.0-34.50.1 as a component of Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64 nfs-kernel-server-1.3.0-34.50.1 as a component of Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64 nscd-2.22-114.31.1 as a component of Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64 ntp-4.2.8p17-106.7.1 as a component of Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64 openldap2-client-2.4.41-22.19.1 as a component of Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64 openslp-2.0.0-24.5.2 as a component of Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64 openssh-7.2p2-81.8.1 as a component of Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64 openssl-1_0_0-1.0.2p-3.87.1 as a component of Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64 pam-1.1.8-24.56.1 as a component of Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64 parted-3.1-37.26.1 as a component of Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64 patterns-sles-Minimal-12-12.12.1 as a component of Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64 perl-5.18.2-12.26.1 as a component of Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64 perl-Bootloader-0.944-3.3.1 as a component of Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64 perl-base-5.18.2-12.26.1 as a component of Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64 permissions-20170707-6.16.1 as a component of Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64 procps-3.3.9-11.30.1 as a component of Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64 python-2.7.18-33.26.1 as a component of Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64 python-base-2.7.18-33.26.1 as a component of Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64 python-bind-9.11.22-3.49.1 as a component of Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64 python-chardet-3.0.4-5.9.2 as a component of Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64 python-cryptography-2.8-7.42.2 as a component of Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64 python-requests-2.24.0-8.14.1 as a component of Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64 python-urllib3-1.25.10-3.37.1 as a component of Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64 python-xml-2.7.18-33.26.1 as a component of Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64 python3-3.4.10-25.116.1 as a component of Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64 python3-base-3.4.10-25.116.1 as a component of Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64 python3-chardet-3.0.4-5.9.2 as a component of Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64 python3-cryptography-2.8-7.42.2 as a component of Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64 python3-requests-2.24.0-8.17.1 as a component of Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64 python3-urllib3-1.25.10-3.37.1 as a component of Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64 python36-base-3.6.15-49.1 as a component of Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64 regionServiceClientConfigGCE-4.0.1-5.12.1 as a component of Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64 rsyslog-8.2106.0-8.17.4 as a component of Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64 samba-client-libs-4.15.13+git.638.942e3211cf-3.91.1 as a component of Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64 samba-libs-4.15.13+git.638.942e3211cf-3.91.1 as a component of Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64 shadow-4.2.1-36.6.1 as a component of Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64 shim-15.7-25.27.1 as a component of Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64 sqlite3-tcl-3.44.0-9.29.1 as a component of Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64 supportutils-3.0.12-95.57.1 as a component of Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64 supportutils-plugin-suse-public-cloud-1.0.8-6.19.1 as a component of Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64 suse-module-tools-12.13-3.11.1 as a component of Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64 systemd-228-157.57.1 as a component of Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64 systemd-sysvinit-228-157.57.1 as a component of Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64 tar-1.27.1-15.24.1 as a component of Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64 terminfo-5.9-85.1 as a component of Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64 terminfo-base-5.9-85.1 as a component of Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64 udev-228-157.57.1 as a component of Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64 util-linux-2.33.2-4.33.1 as a component of Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64 util-linux-systemd-2.33.2-4.33.1 as a component of Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64 vim-9.0.2103-17.26.1 as a component of Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64 vim-data-common-9.0.2103-17.26.1 as a component of Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64 wget-1.14-21.16.1 as a component of Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64 wicked-0.6.73-3.24.1 as a component of Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64 wicked-service-0.6.73-3.24.1 as a component of Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64 yast2-registration-3.3.2-3.7.4 as a component of Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64 yast2-samba-client-3.1.24-3.6.1 as a component of Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64 yast2-transfer-3.1.4-5.3.2 as a component of Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64 zypper-1.13.65-21.58.2 as a component of Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64 Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267. CVE-2007-4559 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:libpython3_4m1_0-3.4.10-25.116.1 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:python3-3.4.10-25.116.1 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:python3-base-3.4.10-25.116.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P Curl_smtp_escape_eob in lib/smtp.c in curl 7.54.1 to and including curl 7.60.0 has a heap-based buffer overflow that might be exploitable by an attacker who can control the data that curl transmits over SMTP with certain settings (i.e., use of a nonstandard --limit-rate argument or CURLOPT_BUFFERSIZE value). CVE-2018-0500 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:curl-8.0.1-11.83.2 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:libcurl4-8.0.1-11.83.2 important 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P Curl versions 7.33.0 through 7.61.1 are vulnerable to a buffer overrun in the SASL authentication code that may lead to denial of service. CVE-2018-16839 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:curl-8.0.1-11.83.2 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:libcurl4-8.0.1-11.83.2 moderate 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure and denial of service. CVE-2018-16842 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:curl-8.0.1-11.83.2 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:libcurl4-8.0.1-11.83.2 moderate 6.4 AV:N/AC:L/Au:N/C:P/I:N/A:P Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4. CVE-2018-3639 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:kernel-default-4.12.14-122.189.1 moderate 2.1 AV:L/AC:L/Au:N/C:P/I:N/A:N In util-linux before 2.32-rc1, bash-completion/umount allows local users to gain privileges by embedding shell commands in a mountpoint name, which is mishandled during a umount command (within Bash) by a different user, as demonstrated by logging in as root and entering umount followed by a tab character for autocompletion. CVE-2018-7738 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:libblkid1-2.33.2-4.33.1 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:libfdisk1-2.33.2-4.33.1 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:libmount1-2.33.2-4.33.1 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:libsmartcols1-2.33.2-4.33.1 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:libuuid1-2.33.2-4.33.1 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:util-linux-2.33.2-4.33.1 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:util-linux-systemd-2.33.2-4.33.1 important 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C GnuPG 2.2.4 and 2.2.5 does not enforce a configuration in which key certification requires an offline master Certify key, which results in apparently valid certifications that occurred only with access to a signing subkey. CVE-2018-9234 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:gpg2-2.0.24-9.14.1 low 5 AV:N/AC:L/Au:N/C:P/I:N/A:N libcurl versions from 7.36.0 to before 7.64.0 are vulnerable to a stack-based buffer overflow. The function creating an outgoing NTLM type-3 header (`lib/vauth/ntlm.c:Curl_auth_create_ntlm_type3_message()`), generates the request HTTP header contents based on previously received data. The check that exists to prevent the local buffer from getting overflowed is implemented wrongly (using unsigned math) and as such it does not prevent the overflow from happening. This output data can grow larger than the local buffer if very large 'nt response' data is extracted from a previous NTLMv2 header provided by the malicious or broken HTTP server. Such a 'large value' needs to be around 1000 bytes or more. The actual payload data copied to the target buffer comes from the NTLMv2 type-2 response header. CVE-2019-3822 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:curl-8.0.1-11.83.2 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:libcurl4-8.0.1-11.83.2 important 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1. CVE-2019-5436 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:curl-8.0.1-11.83.2 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:libcurl4-8.0.1-11.83.2 important 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3. CVE-2019-5482 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:curl-8.0.1-11.83.2 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:libcurl4-8.0.1-11.83.2 important 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P An issue was discovered in binutils libbfd.c 2.36 relating to the auxiliary symbol data allows attackers to read or write to system memory or cause a denial of service. CVE-2020-19726 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:binutils-2.41-9.53.1 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:libctf-nobfd0-2.41-9.53.1 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:libctf0-2.41-9.53.1 important Bluetooth legacy BR/EDR PIN code pairing in Bluetooth Core Specification 1.0B through 5.2 may permit an unauthenticated nearby device to spoof the BD_ADDR of the peer device to complete pairing without knowledge of the PIN. CVE-2020-26555 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:kernel-default-4.12.14-122.189.1 moderate 4.8 AV:A/AC:L/Au:N/C:P/I:P/A:N An issue was discovered in the Linux kernel before 5.8. lib/nlattr.c allows attackers to cause a denial of service (unbounded recursion) via a nested Netlink policy with a back reference. CVE-2020-36691 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:kernel-default-4.12.14-122.189.1 moderate An issue was discovered in the Linux kernel before 5.8.6. drivers/media/cec/core/cec-api.c leaks one byte of kernel memory on specific hardware to unprivileged users, because of directly assigning log_addrs with a hole in the struct. CVE-2020-36766 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:kernel-default-4.12.14-122.189.1 low Due to use of a dangling pointer, libcurl 7.29.0 through 7.71.1 can use the wrong connection when sending data. CVE-2020-8231 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:curl-8.0.1-11.83.2 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:libcurl4-8.0.1-11.83.2 low 5 AV:N/AC:L/Au:N/C:P/I:N/A:N curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing. CVE-2020-8285 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:curl-8.0.1-11.83.2 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:libcurl4-8.0.1-11.83.2 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P curl 7.1.1 to and including 7.75.0 is vulnerable to an "Exposure of Private Personal Information to an Unauthorized Actor" by leaking credentials in the HTTP Referer: header. libcurl does not strip off user credentials from the URL when automatically populating the Referer: HTTP request header field in outgoing HTTP requests, and therefore risks leaking sensitive data to the server that is the target of the second HTTP request. CVE-2021-22876 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:curl-8.0.1-11.83.2 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:libcurl4-8.0.1-11.83.2 moderate 5 AV:N/AC:L/Au:N/C:P/I:N/A:N curl 7.7 through 7.76.1 suffers from an information disclosure when the `-t` command line option, known as `CURLOPT_TELNETOPTIONS` in libcurl, is used to send variable=content pairs to TELNET servers. Due to a flaw in the option parser for sending NEW_ENV variables, libcurl could be made to pass on uninitialized data from a stack based buffer to the server, resulting in potentially revealing sensitive internal information to the server using a clear-text network protocol. CVE-2021-22898 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:curl-8.0.1-11.83.2 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:libcurl4-8.0.1-11.83.2 moderate 2.6 AV:N/AC:H/Au:N/C:P/I:N/A:N curl supports the `-t` command line option, known as `CURLOPT_TELNETOPTIONS`in libcurl. This rarely used option is used to send variable=content pairs toTELNET servers.Due to flaw in the option parser for sending `NEW_ENV` variables, libcurlcould be made to pass on uninitialized data from a stack based buffer to theserver. Therefore potentially revealing sensitive internal information to theserver using a clear-text network protocol.This could happen because curl did not call and use sscanf() correctly whenparsing the string provided by the application. CVE-2021-22925 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:curl-8.0.1-11.83.2 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:libcurl4-8.0.1-11.83.2 moderate 5 AV:N/AC:L/Au:N/C:P/I:N/A:N When curl >= 7.20.0 and <= 7.78.0 connects to an IMAP or POP3 server to retrieve data using STARTTLS to upgrade to TLS security, the server can respond and send back multiple responses at once that curl caches. curl would then upgrade to TLS but not flush the in-queue of cached responses but instead continue using and trustingthe responses it got *before* the TLS handshake as if they were authenticated.Using this flaw, it allows a Man-In-The-Middle attacker to first inject the fake responses, then pass-through the TLS traffic from the legitimate server and trick curl into sending data back to the user thinking the attacker's injected data comes from the TLS-protected server. CVE-2021-22947 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:curl-8.0.1-11.83.2 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:libcurl4-8.0.1-11.83.2 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.36. It is a stack-overflow issue in demangle_type in rust-demangle.c. CVE-2021-32256 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:binutils-2.41-9.53.1 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:libctf-nobfd0-2.41-9.53.1 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:libctf0-2.41-9.53.1 low An out-of-bounds read vulnerability was found in Samba due to insufficient length checks in winbindd_pam_auth_crap.c. When performing NTLM authentication, the client replies to cryptographic challenges back to the server. These replies have variable lengths, and Winbind fails to check the lan manager response length. When Winbind is used for NTLM authentication, a maliciously crafted request can trigger an out-of-bounds read in Winbind, possibly resulting in a crash. CVE-2022-2127 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:samba-client-libs-4.15.13+git.638.942e3211cf-3.91.1 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:samba-libs-4.15.13+git.638.942e3211cf-3.91.1 moderate An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer. This affects SASL-enabled protocols: SMPTP(S), IMAP(S), POP3(S) and LDAP(S) (openldap only). CVE-2022-22576 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:curl-8.0.1-11.83.2 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:libcurl4-8.0.1-11.83.2 moderate 5.5 AV:N/AC:L/Au:S/C:P/I:P/A:N It was discovered that a nft object or expression could reference a nft set on a different nft table, leading to a use-after-free once that table was deleted. CVE-2022-2586 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:kernel-default-4.12.14-122.189.1 moderate libcurl provides the `CURLOPT_CERTINFO` option to allow applications torequest details to be returned about a server's certificate chain.Due to an erroneous function, a malicious server could make libcurl built withNSS get stuck in a never-ending busy-loop when trying to retrieve thatinformation. CVE-2022-27781 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:curl-8.0.1-11.83.2 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:libcurl4-8.0.1-11.83.2 low 5 AV:N/AC:L/Au:N/C:N/I:N/A:P There's a possible overflow in handle_image() when shim tries to load and execute crafted EFI executables; The handle_image() function takes into account the SizeOfRawData field from each section to be loaded. An attacker can leverage this to perform out-of-bound writes into memory. Arbitrary code execution is not discarded in such scenario. CVE-2022-28737 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:shim-15.7-25.27.1 important curl < 7.84.0 supports "chained" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable "links" in this "decompression chain" was unbounded, allowing a malicious server to insert a virtually unlimited number of compression steps.The use of such a decompression chain could result in a "malloc bomb", makingcurl end up spending enormous amounts of allocated heap memory, or trying toand returning out of memory errors. CVE-2022-32206 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:curl-8.0.1-11.83.2 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:libcurl4-8.0.1-11.83.2 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P When doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously was used to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the subsequent `POST` request. The problem exists in the logic for a reused handle when it is changed from a PUT to a POST. CVE-2022-32221 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:curl-8.0.1-11.83.2 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:libcurl4-8.0.1-11.83.2 important An issue was discovered in Binutils readelf 2.38.50, reachable assertion failure in function display_debug_names allows attackers to cause a denial of service. CVE-2022-35205 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:binutils-2.41-9.53.1 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:libctf-nobfd0-2.41-9.53.1 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:libctf0-2.41-9.53.1 low Null pointer dereference vulnerability in Binutils readelf 2.38.50 via function read_and_display_attr_value in file dwarf.c. CVE-2022-35206 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:binutils-2.41-9.53.1 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:libctf-nobfd0-2.41-9.53.1 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:libctf0-2.41-9.53.1 moderate A vulnerability, which was classified as problematic, was found in Linux Kernel. This affects the function tcp_getsockopt/tcp_setsockopt of the component TCP Handler. The manipulation leads to race condition. It is recommended to apply a patch to fix this issue. The identifier VDB-211089 was assigned to this vulnerability. CVE-2022-3566 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:kernel-default-4.12.14-122.189.1 moderate An integer overflow vulnerability was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in GPU component of Linux kernel with device file '/dev/dri/renderD128 (or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS). CVE-2022-36402 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:kernel-default-4.12.14-122.189.1 moderate Information exposure through microarchitectural state after transient execution in certain vector execution units for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. CVE-2022-40982 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:kernel-default-4.12.14-122.189.1 moderate An illegal memory access flaw was found in the binutils package. Parsing an ELF file containing corrupt symbol version information may result in a denial of service. This issue is the result of an incomplete fix for CVE-2020-16599. CVE-2022-4285 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:binutils-2.41-9.53.1 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:libctf-nobfd0-2.41-9.53.1 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:libctf0-2.41-9.53.1 moderate A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful decryption an attacker would have to be able to send a very large number of trial messages for decryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5, RSA-OEAP and RSASVE. For example, in a TLS connection, RSA is commonly used by a client to send an encrypted pre-master secret to the server. An attacker that had observed a genuine connection between a client and a server could use this flaw to send trial messages to the server and record the time taken to process them. After a sufficiently large number of messages the attacker could recover the pre-master secret used for the original connection and thus be able to decrypt the application data sent over that connection. CVE-2022-4304 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:libopenssl1_0_0-1.0.2p-3.87.1 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:libopenssl1_1-1.1.1d-2.101.1 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:openssl-1_0_0-1.0.2p-3.87.1 moderate A use after free vulnerability exists in curl <7.87.0. Curl can be asked to *tunnel* virtually all protocols it supports through an HTTP proxy. HTTP proxies can (and often do) deny such tunnel operations. When getting denied to tunnel the specific protocols SMB or TELNET, curl would use a heap-allocated struct after it had been freed, in its transfer shutdown code path. CVE-2022-43552 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:curl-8.0.1-11.83.2 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:libcurl4-8.0.1-11.83.2 moderate The Linux kernel NFSD implementation prior to versions 5.19.17 and 6.0.2 are vulnerable to buffer overflow. NFSD tracks the number of pages held by each NFSD thread by combining the receive and send buffers of a remote procedure call (RPC) into a single array of pages. A client can force the send buffer to shrink by sending an RPC message over TCP with garbage data added at the end of the message. The RPC message with garbage data is still correctly formed according to the specification and is passed forward to handlers. Vulnerable code in NFSD is not expecting the oversized request and writes beyond the allocated buffer space. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-43945 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:kernel-default-4.12.14-122.189.1 important Heap buffer overflow vulnerability in binutils readelf before 2.40 via function find_section_in_set in file readelf.c. CVE-2022-44840 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:binutils-2.41-9.53.1 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:libctf-nobfd0-2.41-9.53.1 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:libctf0-2.41-9.53.1 important A Cleartext Storage of Sensitive Information vulnerability in suppportutils of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15, SUSE Linux Enterprise Server 15 SP3 allows attackers that get access to the support logs to gain knowledge of the stored credentials This issue affects: SUSE Linux Enterprise Server 12 supportutils version 3.0.10-95.51.1CWE-312: Cleartext Storage of Sensitive Information and prior versions. SUSE Linux Enterprise Server 15 supportutils version 3.1.21-150000.5.44.1 and prior versions. SUSE Linux Enterprise Server 15 SP3 supportutils version 3.1.21-150300.7.35.15.1 and prior versions. CVE-2022-45154 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:supportutils-3.0.12-95.57.1 moderate Heap buffer overflow vulnerability in binutils readelf before 2.40 via function display_debug_section in file readelf.c. CVE-2022-45703 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:binutils-2.41-9.53.1 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:libctf-nobfd0-2.41-9.53.1 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:libctf0-2.41-9.53.1 important An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvbdev.c has a use-after-free, related to dvb_register_device dynamically allocating fops. CVE-2022-45884 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:kernel-default-4.12.14-122.189.1 moderate An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvb_frontend.c has a race condition that can cause a use-after-free when a device is disconnected. CVE-2022-45885 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:kernel-default-4.12.14-122.189.1 moderate An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvb_net.c has a .disconnect versus dvb_device_open race condition that leads to a use-after-free. CVE-2022-45886 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:kernel-default-4.12.14-122.189.1 moderate An issue was discovered in the Linux kernel through 6.0.9. drivers/media/usb/ttusb-dec/ttusb_dec.c has a memory leak because of the lack of a dvb_frontend_detach call. CVE-2022-45887 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:kernel-default-4.12.14-122.189.1 moderate An issue was discovered in the Linux kernel through 6.0.10. In drivers/media/dvb-core/dvb_ca_en50221.c, a use-after-free can occur is there is a disconnect after an open, because of the lack of a wait_event. CVE-2022-45919 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:kernel-default-4.12.14-122.189.1 important SQLite through 3.40.0, when relying on --safe for execution of an untrusted CLI script, does not properly implement the azProhibitedFunctions protection mechanism, and instead allows UDF functions such as WRITEFILE. CVE-2022-46908 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:libsqlite3-0-3.44.0-9.29.1 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:sqlite3-tcl-3.44.0-9.29.1 important An issue was discovered in Binutils addr2line before 2.39.3, function parse_module contains multiple out of bound reads which may cause a denial of service or other unspecified impacts. CVE-2022-47673 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:binutils-2.41-9.53.1 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:libctf-nobfd0-2.41-9.53.1 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:libctf0-2.41-9.53.1 important An issue was discovered Binutils objdump before 2.39.3 allows attackers to cause a denial of service or other unspecified impacts via function bfd_mach_o_get_synthetic_symtab in match-o.c. CVE-2022-47695 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:binutils-2.41-9.53.1 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:libctf-nobfd0-2.41-9.53.1 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:libctf0-2.41-9.53.1 important An issue was discovered Binutils objdump before 2.39.3 allows attackers to cause a denial of service or other unspecified impacts via function compare_symbols. CVE-2022-47696 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:binutils-2.41-9.53.1 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:libctf-nobfd0-2.41-9.53.1 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:libctf0-2.41-9.53.1 important GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the function load_separate_debug_files at dwarf2.c. The attacker could supply a crafted ELF file and cause a DNS attack. CVE-2022-48063 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:binutils-2.41-9.53.1 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:libctf-nobfd0-2.41-9.53.1 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:libctf0-2.41-9.53.1 moderate GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the function bfd_dwarf2_find_nearest_line_with_alt at dwarf2.c. The attacker could supply a crafted ELF file and cause a DNS attack. CVE-2022-48064 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:binutils-2.41-9.53.1 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:libctf-nobfd0-2.41-9.53.1 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:libctf0-2.41-9.53.1 low GNU Binutils before 2.40 was discovered to contain a memory leak vulnerability var the function find_abstract_instance in dwarf2.c. CVE-2022-48065 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:binutils-2.41-9.53.1 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:libctf-nobfd0-2.41-9.53.1 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:libctf0-2.41-9.53.1 moderate read_ints in plistlib.py in Python through 3.9.1 is vulnerable to a potential DoS attack via CPU and RAM exhaustion when processing malformed Apple Property List files in binary format. CVE-2022-48564 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:libpython3_4m1_0-3.4.10-25.116.1 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:python3-3.4.10-25.116.1 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:python3-base-3.4.10-25.116.1 moderate An XML External Entity (XXE) issue was discovered in Python through 3.9.1. The plistlib module no longer accepts entity declarations in XML plist files to avoid XML vulnerabilities. CVE-2022-48565 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:libpython2_7-1_0-2.7.18-33.26.1 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:libpython3_4m1_0-3.4.10-25.116.1 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:python-2.7.18-33.26.1 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:python-base-2.7.18-33.26.1 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:python-xml-2.7.18-33.26.1 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:python3-3.4.10-25.116.1 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:python3-base-3.4.10-25.116.1 moderate An issue was discovered in compare_digest in Lib/hmac.py in Python through 3.9.1. Constant-time-defeating optimisations were possible in the accumulator variable in hmac.compare_digest. CVE-2022-48566 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:libpython2_7-1_0-2.7.18-33.26.1 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:libpython3_4m1_0-3.4.10-25.116.1 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:python-2.7.18-33.26.1 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:python-base-2.7.18-33.26.1 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:python-xml-2.7.18-33.26.1 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:python3-3.4.10-25.116.1 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:python3-base-3.4.10-25.116.1 moderate There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME incorrectly specified the type of the x400Address field as ASN1_TYPE. This field is subsequently interpreted by the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an ASN1_STRING. When CRL checking is enabled (i.e. the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or enact a denial of service. In most cases, the attack requires the attacker to provide both the certificate chain and CRL, neither of which need to have a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. As such, this vulnerability is most likely to only affect applications which have implemented their own functionality for retrieving CRLs over a network. CVE-2023-0286 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:libopenssl1_0_0-1.0.2p-3.87.1 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:libopenssl1_1-1.1.1d-2.101.1 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:openssl-1_0_0-1.0.2p-3.87.1 important A NULL pointer dereference flaw was found in rawv6_push_pending_frames in net/ipv6/raw.c in the network subcomponent in the Linux kernel. This flaw causes the system to crash. CVE-2023-0394 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:kernel-default-4.12.14-122.189.1 moderate Copy_from_user on 64-bit versions of the Linux kernel does not implement the __uaccess_begin_nospec allowing a user to bypass the "access_ok" check and pass a kernel pointer to copy_from_user(). This would allow an attacker to leak information. We recommend upgrading beyond commit 74e19ef0ff8061ef55957c3abd71614ef0f42f47 CVE-2023-0459 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:kernel-default-4.12.14-122.189.1 moderate There is a use-after-free vulnerability in the Linux Kernel which can be exploited to achieve local privilege escalation. To reach the vulnerability kernel configuration flag CONFIG_TLS or CONFIG_XFRM_ESPINTCP has to be configured, but the operation does not require any privilege. There is a use-after-free bug of icsk_ulp_data of a struct inet_connection_sock. When CONFIG_TLS is enabled, user can install a tls context (struct tls_context) on a connected tcp socket. The context is not cleared if this socket is disconnected and reused as a listener. If a new socket is created from the listener, the context is inherited and vulnerable. The setsockopt TCP_ULP operation does not require any privilege. We recommend upgrading past commit 2c02d41d71f90a5168391b6a5f2954112ba2307c CVE-2023-0461 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:kernel-default-4.12.14-122.189.1 important Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. Invalid certificate policies in leaf certificates are silently ignored by OpenSSL and other certificate policy checks are skipped for that certificate. A malicious CA could use this to deliberately assert invalid certificate policies in order to circumvent policy checking on the certificate altogether. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function. CVE-2023-0465 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:libopenssl1_0_0-1.0.2p-3.87.1 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:openssl-1_0_0-1.0.2p-3.87.1 moderate The function X509_VERIFY_PARAM_add0_policy() is documented to implicitly enable the certificate policy check when doing certificate verification. However the implementation of the function does not enable the check which allows certificates with invalid or incorrect policies to pass the certificate verification. As suddenly enabling the policy check could break existing deployments it was decided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy() function. Instead the applications that require OpenSSL to perform certificate policy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly enable the policy check by calling X509_VERIFY_PARAM_set_flags() with the X509_V_FLAG_POLICY_CHECK flag argument. Certificate policy checks are disabled by default in OpenSSL and are not commonly used by applications. CVE-2023-0466 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:libopenssl1_0_0-1.0.2p-3.87.1 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:openssl-1_0_0-1.0.2p-3.87.1 low ** DISPUTED ** A vulnerability was found in GNU C Library 2.38. It has been declared as critical. This vulnerability affects the function __monstartup of the file gmon.c of the component Call Graph Monitor. The manipulation leads to buffer overflow. It is recommended to apply a patch to fix this issue. VDB-220246 is the identifier assigned to this vulnerability. NOTE: The real existence of this vulnerability is still doubted at the moment. The inputs that induce this vulnerability are basically addresses of the running application that is built with gmon enabled. It's basically trusted input or input that needs an actual security flaw to be compromised or controlled. CVE-2023-0687 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:binutils-2.41-9.53.1 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:libctf-nobfd0-2.41-9.53.1 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:libctf0-2.41-9.53.1 low 4 AV:A/AC:H/Au:S/C:P/I:P/A:P In the Linux kernel, pick_next_rt_entity() may return a type confused entry, not detected by the BUG_ON condition, as the confused entry will not be NULL, but list_head.The buggy error condition would lead to a type confused entry with the list head,which would then be used as a type confused sched_rt_entity,causing memory corruption. CVE-2023-1077 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:kernel-default-4.12.14-122.189.1 important A flaw was found in the Linux kernel. A use-after-free may be triggered in asus_kbd_backlight_set when plugging/disconnecting in a malicious USB device, which advertises itself as an Asus device. Similarly to the previous known CVE-2023-25012, but in asus devices, the work_struct may be scheduled by the LED controller while the device is disconnecting, triggering a use-after-free on the struct asus_kbd_leds *led structure. A malicious USB device may exploit the issue to cause memory corruption with controlled data. CVE-2023-1079 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:kernel-default-4.12.14-122.189.1 moderate Divide By Zero in GitHub repository vim/vim prior to 9.0.1367. CVE-2023-1127 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:vim-9.0.2103-17.26.1 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:vim-data-common-9.0.2103-17.26.1 moderate A use-after-free flaw was found in smb2_is_status_io_timeout() in CIFS in the Linux Kernel. After CIFS transfers response data to a system call, there are still local variable points to the memory region, and if the system call frees it faster than CIFS uses it, CIFS will access a free memory region, leading to a denial of service. CVE-2023-1192 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:kernel-default-4.12.14-122.189.1 moderate A hash collision flaw was found in the IPv6 connection lookup table in the Linux kernel's IPv6 functionality when a user makes a new kind of SYN flood attack. A user located in the local network or with a high bandwidth connection can increase the CPU usage of the server that accepts IPV6 connections up to 95%. CVE-2023-1206 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:kernel-default-4.12.14-122.189.1 moderate A use-after-free flaw was found in the Linux kernel's core dump subsystem. This flaw allows a local user to crash the system. Only if patch 390031c94211 ("coredump: Use the vma snapshot in fill_files_note") not applied yet, then kernel could be affected. CVE-2023-1249 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:kernel-default-4.12.14-122.189.1 moderate NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1392. CVE-2023-1264 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:vim-9.0.2103-17.26.1 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:vim-data-common-9.0.2103-17.26.1 moderate NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1402. CVE-2023-1355 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:vim-9.0.2103-17.26.1 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:vim-data-common-9.0.2103-17.26.1 moderate A slab-out-of-bound read problem was found in brcmf_get_assoc_ies in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux Kernel. This issue could occur when assoc_info->req_len data is bigger than the size of the buffer, defined as WL_EXTRA_BUF_MAX, leading to a denial of service. CVE-2023-1380 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:kernel-default-4.12.14-122.189.1 low Heap based buffer overflow in binutils-gdb/bfd/libbfd.c in bfd_getl64. CVE-2023-1579 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:binutils-2.41-9.53.1 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:libctf-nobfd0-2.41-9.53.1 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:libctf0-2.41-9.53.1 low A use-after-free flaw was found in btrfs_search_slot in fs/btrfs/ctree.c in btrfs in the Linux Kernel.This flaw allows an attacker to crash the system and possibly cause a kernel information lea CVE-2023-1611 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:kernel-default-4.12.14-122.189.1 moderate A flaw that boot CPU could be vulnerable for the speculative execution behavior kind of attacks in the Linux kernel X86 CPU Power management options functionality was found in the way user resuming CPU from suspend-to-RAM. A local user could use this flaw to potentially get unauthorized access to some memory of the CPU similar to the speculative execution behavior kind of attacks. CVE-2023-1637 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:kernel-default-4.12.14-122.189.1 moderate A flaw use after free in the Linux kernel Xircom 16-bit PCMCIA (PC-card) Ethernet driver was found.A local user could use this flaw to crash the system or potentially escalate their privileges on the system. CVE-2023-1670 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:kernel-default-4.12.14-122.189.1 moderate A use-after-free vulnerability in the Linux Kernel traffic control index filter (tcindex) can be exploited to achieve local privilege escalation. The tcindex_delete function which does not properly deactivate filters in case of a perfect hashes while deleting the underlying structure which can later lead to double freeing the structure. A local attacker user can use this vulnerability to elevate its privileges to root. We recommend upgrading past commit 8c710f75256bb3cf05ac7b1672c82b92c43f3d28. CVE-2023-1829 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:suse-module-tools-12.13-3.11.1 important A use-after-free flaw was found in xgene_hwmon_remove in drivers/hwmon/xgene-hwmon.c in the Hardware Monitoring Linux Kernel Driver (xgene-hwmon). This flaw could allow a local attacker to crash the system due to a race problem. This vulnerability could even lead to a kernel information leak problem. CVE-2023-1855 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:kernel-default-4.12.14-122.189.1 moderate A use-after-free flaw was found in xen_9pfs_front_removet in net/9p/trans_xen.c in Xen transport for 9pfs in the Linux Kernel. This flaw could allow a local attacker to crash the system due to a race problem, possibly leading to a kernel information leak. CVE-2023-1859 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:kernel-default-4.12.14-122.189.1 low A potential heap based buffer overflow was found in _bfd_elf_slurp_version_tables() in bfd/elf.c. This may lead to loss of availability. CVE-2023-1972 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:binutils-2.41-9.53.1 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:libctf-nobfd0-2.41-9.53.1 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:libctf0-2.41-9.53.1 low A vulnerability was found in the avahi library. This flaw allows an unprivileged user to make a dbus call, causing the avahi daemon to crash. CVE-2023-1981 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:libavahi-client3-0.6.32-32.21.1 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:libavahi-common3-0.6.32-32.21.1 moderate A use-after-free flaw was found in btsdio_remove in drivers\bluetooth\btsdio.c in the Linux Kernel. In this flaw, a call to btsdio_remove with an unfinished job, may cause a race problem leading to a UAF on hdev devices. CVE-2023-1989 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:kernel-default-4.12.14-122.189.1 important A use-after-free flaw was found in ndlc_remove in drivers/nfc/st-nci/ndlc.c in the Linux Kernel. This flaw could allow an attacker to crash the system due to a race problem. CVE-2023-1990 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:kernel-default-4.12.14-122.189.1 moderate The Linux kernel allows userspace processes to enable mitigations by calling prctl with PR_SET_SPECULATION_CTRL which disables the speculation feature as well as by using seccomp. We had noticed that on VMs of at least one major cloud provider, the kernel still left the victim process exposed to attacks in some cases even after enabling the spectre-BTI mitigation with prctl. The same behavior can be observed on a bare-metal machine when forcing the mitigation to IBRS on boot command line. This happened because when plain IBRS was enabled (not enhanced IBRS), the kernel had some logic that determined that STIBP was not needed. The IBRS bit implicitly protects against cross-thread branch target injection. However, with legacy IBRS, the IBRS bit was cleared on returning to userspace, due to performance reasons, which disabled the implicit STIBP and left userspace threads vulnerable to cross-thread branch target injection against which STIBP protects. CVE-2023-1998 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:kernel-default-4.12.14-122.189.1 moderate A vulnerability was found in the HCI sockets implementation due to a missing capability check in net/bluetooth/hci_sock.c in the Linux Kernel. This flaw allows an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication. CVE-2023-2002 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:kernel-default-4.12.14-122.189.1 moderate The specific flaw exists within the DPT I2O Controller driver. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the kernel. CVE-2023-2007 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:kernel-default-4.12.14-122.189.1 moderate A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled address, potentially leading to information disclosure. CVE-2023-20569 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:kernel-default-4.12.14-122.189.1 moderate A division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality. CVE-2023-20588 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:kernel-default-4.12.14-122.189.1 moderate An issue in "Zen 2" CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information. CVE-2023-20593 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:kernel-default-4.12.14-122.189.1 moderate An out-of-bounds memory access flaw was found in the Linux kernel's XFS file system in how a user restores an XFS image after failure (with a dirty log journal). This flaw allows a local user to crash or potentially escalate their privileges on the system. CVE-2023-2124 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:kernel-default-4.12.14-122.189.1 moderate Heap buffer overflow in sqlite in Google Chrome prior to 112.0.5615.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) CVE-2023-2137 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:libsqlite3-0-3.44.0-9.29.1 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:sqlite3-tcl-3.44.0-9.29.1 important A use-after-free vulnerability was found in iscsi_sw_tcp_session_create in drivers/scsi/iscsi_tcp.c in SCSI sub-component in the Linux Kernel. In this flaw an attacker could leak kernel internal information. CVE-2023-2162 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:kernel-default-4.12.14-122.189.1 moderate A vulnerability was found in compare_netdev_and_ip in drivers/infiniband/core/cma.c in RDMA in the Linux Kernel. The improper cleanup results in out-of-boundary read, where a local user can utilize this problem to crash the system or escalation of privilege. CVE-2023-2176 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:kernel-default-4.12.14-122.189.1 important An out-of-bounds write vulnerability was found in the Linux kernel's SLIMpro I2C device driver. The userspace "data->block[0]" variable was not capped to a number between 0-255 and was used as the size of a memcpy, possibly writing beyond the end of dma_buffer. This flaw could allow a local privileged user to crash the system or potentially achieve code execution. CVE-2023-2194 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:kernel-default-4.12.14-122.189.1 moderate ** REJECT ** This was deemed not a security vulnerability by upstream. CVE-2023-2222 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:binutils-2.41-9.53.1 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:libctf-nobfd0-2.41-9.53.1 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:libctf0-2.41-9.53.1 low A denial of service problem was found, due to a possible recursive locking scenario, resulting in a deadlock in table_clear in drivers/md/dm-ioctl.c in the Linux Kernel Device Mapper-Multipathing sub-component. CVE-2023-2269 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:kernel-default-4.12.14-122.189.1 moderate In rndis_query_oid in drivers/net/wireless/rndis_wlan.c in the Linux kernel through 6.1.5, there is an integer overflow in an addition. CVE-2023-23559 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:suse-module-tools-12.13-3.11.1 moderate Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 9.0.1499. CVE-2023-2426 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:vim-9.0.2103-17.26.1 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:vim-data-common-9.0.2103-17.26.1 moderate An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters. CVE-2023-24329 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:libpython2_7-1_0-2.7.18-33.26.1 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:python-2.7.18-33.26.1 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:python-base-2.7.18-33.26.1 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:python-xml-2.7.18-33.26.1 important ** REJECT ** Rejected by upstream. CVE-2023-24593 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:glib2-tools-2.48.2-12.34.1 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:libgio-2_0-0-2.48.2-12.34.1 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:libglib-2_0-0-2.48.2-12.34.1 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:libgmodule-2_0-0-2.48.2-12.34.1 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:libgobject-2_0-0-2.48.2-12.34.1 moderate ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2023-33203. Reason: This candidate is a reservation duplicate of CVE-2023-33203. Notes: All CVE users should reference CVE-2023-33203 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. CVE-2023-2483 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:kernel-default-4.12.14-122.189.1 moderate A use-after-free vulnerability was found in the Linux kernel's ext4 filesystem in the way it handled the extra inode size for extended attributes. This flaw could allow a privileged local user to cause a system crash or other undefined behaviors. CVE-2023-2513 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:kernel-default-4.12.14-122.189.1 moderate A flaw was found in Binutils. The use of an uninitialized field in the struct module *module may lead to application crash and local denial of service. CVE-2023-25585 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:binutils-2.41-9.53.1 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:libctf-nobfd0-2.41-9.53.1 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:libctf0-2.41-9.53.1 low ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. CVE-2023-25587 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:binutils-2.41-9.53.1 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:libctf-nobfd0-2.41-9.53.1 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:libctf0-2.41-9.53.1 low A flaw was found in Binutils. The field `the_bfd` of `asymbol`struct is uninitialized in the `bfd_mach_o_get_synthetic_symtab` function, which may lead to an application crash and local denial of service. CVE-2023-25588 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:binutils-2.41-9.53.1 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:libctf-nobfd0-2.41-9.53.1 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:libctf0-2.41-9.53.1 low A vulnerability was found in libcap. This issue occurs in the _libcap_strdup() function and can lead to an integer overflow if the input string is close to 4GiB. CVE-2023-2603 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:libcap2-2.26-14.9.1 moderate NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1531. CVE-2023-2609 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:vim-9.0.2103-17.26.1 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:vim-data-common-9.0.2103-17.26.1 important Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1532. CVE-2023-2610 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:vim-9.0.2103-17.26.1 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:vim-data-common-9.0.2103-17.26.1 important Issue summary: Processing some specially crafted ASN.1 object identifiers or data containing them may be very slow. Impact summary: Applications that use OBJ_obj2txt() directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit may experience notable to very long delays when processing those messages, which may lead to a Denial of Service. An OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers - most of which have no size limit. OBJ_obj2txt() may be used to translate an ASN.1 OBJECT IDENTIFIER given in DER encoding form (using the OpenSSL type ASN1_OBJECT) to its canonical numeric text form, which are the sub-identifiers of the OBJECT IDENTIFIER in decimal form, separated by periods. When one of the sub-identifiers in the OBJECT IDENTIFIER is very large (these are sizes that are seen as absurdly large, taking up tens or hundreds of KiBs), the translation to a decimal number in text may take a very long time. The time complexity is O(n^2) with 'n' being the size of the sub-identifiers in bytes (*). With OpenSSL 3.0, support to fetch cryptographic algorithms using names / identifiers in string form was introduced. This includes using OBJECT IDENTIFIERs in canonical numeric text form as identifiers for fetching algorithms. Such OBJECT IDENTIFIERs may be received through the ASN.1 structure AlgorithmIdentifier, which is commonly used in multiple protocols to specify what cryptographic algorithm should be used to sign or verify, encrypt or decrypt, or digest passed data. Applications that call OBJ_obj2txt() directly with untrusted data are affected, with any version of OpenSSL. If the use is for the mere purpose of display, the severity is considered low. In OpenSSL 3.0 and newer, this affects the subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS. It also impacts anything that processes X.509 certificates, including simple things like verifying its signature. The impact on TLS is relatively low, because all versions of OpenSSL have a 100KiB limit on the peer's certificate chain. Additionally, this only impacts clients, or servers that have explicitly enabled client authentication. In OpenSSL 1.1.1 and 1.0.2, this only affects displaying diverse objects, such as X.509 certificates. This is assumed to not happen in such a way that it would cause a Denial of Service, so these versions are considered not affected by this issue in such a way that it would be cause for concern, and the severity is therefore considered low. CVE-2023-2650 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:libopenssl1_0_0-1.0.2p-3.87.1 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:libopenssl1_1-1.1.1d-2.101.1 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:openssl-1_0_0-1.0.2p-3.87.1 moderate mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write in the cp<cpdec while loop. An adversary may be able to attack a client ntpq process, but cannot attack ntpd. CVE-2023-26551 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:ntp-4.2.8p17-106.7.1 moderate praecis_parse in ntpd/refclock_palisade.c in NTP 4.2.8p15 has an out-of-bounds write. Any attack method would be complex, e.g., with a manipulated GPS receiver. CVE-2023-26555 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:ntp-4.2.8p17-106.7.1 moderate The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python. CVE-2023-27043 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:libpython2_7-1_0-2.7.18-33.26.1 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:libpython3_4m1_0-3.4.10-25.116.1 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:python-2.7.18-33.26.1 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:python-base-2.7.18-33.26.1 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:python-xml-2.7.18-33.26.1 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:python3-3.4.10-25.116.1 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:python3-base-3.4.10-25.116.1 moderate A vulnerability in input validation exists in curl <8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and "telnet options" during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform option negotiation without the application's intent. This vulnerability could be exploited if an application allows user input, thereby enabling attackers to execute arbitrary code on the system. CVE-2023-27533 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:curl-8.0.1-11.83.2 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:libcurl4-8.0.1-11.83.2 moderate A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user. CVE-2023-27534 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:curl-8.0.1-11.83.2 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:libcurl4-8.0.1-11.83.2 moderate An authentication bypass vulnerability exists in libcurl <8.0.0 in the FTP connection reuse feature that can result in wrong credentials being used during subsequent transfers. Previously created connections are kept in a connection pool for reuse if they match the current setup. However, certain FTP settings such as CURLOPT_FTP_ACCOUNT, CURLOPT_FTP_ALTERNATIVE_TO_USER, CURLOPT_FTP_SSL_CCC, and CURLOPT_USE_SSL were not included in the configuration match checks, causing them to match too easily. This could lead to libcurl using the wrong credentials when performing a transfer, potentially allowing unauthorized access to sensitive information. CVE-2023-27535 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:curl-8.0.1-11.83.2 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:libcurl4-8.0.1-11.83.2 moderate An authentication bypass vulnerability exists libcurl <8.0.0 in the connection reuse feature which can reuse previously established connections with incorrect user permissions due to a failure to check for changes in the CURLOPT_GSSAPI_DELEGATION option. This vulnerability affects krb5/kerberos/negotiate/GSSAPI transfers and could potentially result in unauthorized access to sensitive information. The safest option is to not reuse connections if the CURLOPT_GSSAPI_DELEGATION option has been changed. CVE-2023-27536 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:curl-8.0.1-11.83.2 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:libcurl4-8.0.1-11.83.2 moderate A double free vulnerability exists in libcurl <8.0.0 when sharing HSTS data between separate "handles". This sharing was introduced without considerations for do this sharing across separate threads but there was no indication of this fact in the documentation. Due to missing mutexes or thread locks, two threads sharing the same HSTS data could end up doing a double-free or use-after-free. CVE-2023-27537 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:curl-8.0.1-11.83.2 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:libcurl4-8.0.1-11.83.2 moderate An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse. libcurl maintains a pool of previously used connections to reuse them for subsequent transfers if the configurations match. However, two SSH settings were omitted from the configuration check, allowing them to match easily, potentially leading to the reuse of an inappropriate connection. CVE-2023-27538 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:curl-8.0.1-11.83.2 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:libcurl4-8.0.1-11.83.2 moderate Every `named` instance configured to run as a recursive resolver maintains a cache database holding the responses to the queries it has recently sent to authoritative servers. The size limit for that cache database can be configured using the `max-cache-size` statement in the configuration file; it defaults to 90% of the total amount of memory available on the host. When the size of the cache reaches 7/8 of the configured limit, a cache-cleaning algorithm starts to remove expired and/or least-recently used RRsets from the cache, to keep memory use below the configured limit. It has been discovered that the effectiveness of the cache-cleaning algorithm used in `named` can be severely diminished by querying the resolver for specific RRsets in a certain order, effectively allowing the configured `max-cache-size` limit to be significantly exceeded. This issue affects BIND 9 versions 9.11.0 through 9.16.41, 9.18.0 through 9.18.15, 9.19.0 through 9.19.13, 9.11.3-S1 through 9.16.41-S1, and 9.18.11-S1 through 9.18.15-S1. CVE-2023-2828 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:bind-utils-9.11.22-3.49.1 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:libbind9-161-9.11.22-3.49.1 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:libdns1110-9.11.22-3.49.1 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:libirs161-9.11.22-3.49.1 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:libisc1107-9.11.22-3.49.1 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:libisccc161-9.11.22-3.49.1 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:libisccfg163-9.11.22-3.49.1 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:liblwres161-9.11.22-3.49.1 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:python-bind-9.11.22-3.49.1 important A use after free vulnerability exists in curl <v8.1.0 in the way libcurl offers a feature to verify an SSH server's public key using a SHA 256 hash. When this check fails, libcurl would free the memory for the fingerprint before it returns an error message containing the (now freed) hash. This flaw risks inserting sensitive heap-based data into the error message that might be shown to users or otherwise get leaked and revealed. CVE-2023-28319 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:curl-8.0.1-11.83.2 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:libcurl4-8.0.1-11.83.2 moderate A denial of service vulnerability exists in curl <v8.1.0 in the way libcurl provides several different backends for resolving host names, selected at build time. If it is built to use the synchronous resolver, it allows name resolves to time-out slow operations using `alarm()` and `siglongjmp()`. When doing this, libcurl used a global buffer that was not mutex protected and a multi-threaded application might therefore crash or otherwise misbehave. CVE-2023-28320 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:curl-8.0.1-11.83.2 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:libcurl4-8.0.1-11.83.2 low An improper certificate validation vulnerability exists in curl <v8.1.0 in the way it supports matching of wildcard patterns when listed as "Subject Alternative Name" in TLS server certificates. curl can be built to use its own name matching function for TLS rather than one provided by a TLS library. This private wildcard matching function would match IDN (International Domain Name) hosts incorrectly and could as a result accept patterns that otherwise should mismatch. IDN hostnames are converted to puny code before used for certificate checks. Puny coded names always start with `xn--` and should not be allowed to pattern match, but the wildcard check in curl could still check for `x*`, which would match even though the IDN name most likely contained nothing even resembling an `x`. CVE-2023-28321 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:curl-8.0.1-11.83.2 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:libcurl4-8.0.1-11.83.2 moderate An information disclosure vulnerability exists in curl <v8.1.0 when doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously wasused to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the second transfer. The problem exists in the logic for a reused handle when it is (expected to be) changed from a PUT to a POST. CVE-2023-28322 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:curl-8.0.1-11.83.2 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:libcurl4-8.0.1-11.83.2 moderate do_tls_getsockopt in net/tls/tls_main.c in the Linux kernel through 6.2.6 lacks a lock_sock call, leading to a race condition (with a resultant use-after-free or NULL pointer dereference). CVE-2023-28466 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:kernel-default-4.12.14-122.189.1 important In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer dereference and subsequently a segfault. This occurs in xmlSchemaFixupComplexType in xmlschemas.c. CVE-2023-28484 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:libxml2-2-2.9.4-46.68.2 moderate An out-of-bounds read vulnerability was found in the SR-IPv6 implementation in the Linux kernel. The flaw exists within the processing of seg6 attributes. The issue results from the improper validation of user-supplied data, which can result in a read past the end of an allocated buffer. This flaw allows a privileged local user to disclose sensitive information on affected installations of the Linux kernel. CVE-2023-2860 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:kernel-default-4.12.14-122.189.1 moderate In Shadow 4.13, it is possible to inject control characters into fields provided to the SUID program chfn (change finger). Although it is not possible to exploit this directly (e.g., adding a new user fails because \n is in the block list), it is possible to misrepresent the /etc/passwd file when viewed. Use of \r manipulations and Unicode characters to work around blocking of the : character make it possible to give the impression that a new user has been added. In other words, an adversary may be able to convince a system administrator to take the system offline (an indirect, social-engineered denial of service) by demonstrating that "cat /etc/passwd" shows a rogue user account. CVE-2023-29383 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:shadow-4.2.1-36.6.1 moderate An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs because there is an attempt to use the first byte of an empty string, and any value is possible (not solely the '\0' value). CVE-2023-29469 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:libxml2-2-2.9.4-46.68.2 moderate ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable. CVE-2023-29491 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:libncurses5-5.9-85.1 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:libncurses6-5.9-85.1 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:ncurses-utils-5.9-85.1 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:terminfo-5.9-85.1 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:terminfo-base-5.9-85.1 moderate A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function. CVE-2023-2953 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:libldap-2_4-2-2.4.41-22.19.1 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:openldap2-client-2.4.41-22.19.1 moderate A use after free flaw was found in hfsplus_put_super in fs/hfsplus/super.c in the Linux Kernel. This flaw could allow a local user to cause a denial of service problem. CVE-2023-2985 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:kernel-default-4.12.14-122.189.1 moderate Dmidecode before 3.5 allows -dump-bin to overwrite a local file. This has security relevance because, for example, execution of Dmidecode via Sudo is plausible. CVE-2023-30630 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:dmidecode-3.0-10.6.1 moderate The Linux kernel before 6.2.9 has a race condition and resultant use-after-free in drivers/power/supply/da9150-charger.c if a physically proximate attacker unplugs a device. CVE-2023-30772 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:kernel-default-4.12.14-122.189.1 moderate A heap out-of-bounds write vulnerability in the Linux Kernel ipvlan network driver can be exploited to achieve local privilege escalation. The out-of-bounds write is caused by missing skb->cb initialization in the ipvlan network driver. The vulnerability is reachable if CONFIG_IPVLAN is enabled. We recommend upgrading past commit 90cbed5247439a966b645b34eb0a2e037836ea8e. CVE-2023-3090 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:kernel-default-4.12.14-122.189.1 important An issue was discovered in drivers/bluetooth/hci_ldisc.c in the Linux kernel 6.2. In hci_uart_tty_ioctl, there is a race condition between HCIUARTSETPROTO and HCIUARTGETPROTO. HCI_UART_PROTO_SET is set before hu->proto is set. A NULL pointer dereference may occur. CVE-2023-31083 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:kernel-default-4.12.14-122.189.1 moderate An issue was discovered in drivers/media/dvb-core/dvb_frontend.c in the Linux kernel 6.2. There is a blocking operation when a task is in !TASK_RUNNING. In dvb_frontend_get_event, wait_event_interruptible is called; the condition is dvb_frontend_test_event(fepriv,events). In dvb_frontend_test_event, down(&fepriv->sem) is called. However, wait_event_interruptible would put the process to sleep, and down(&fepriv->sem) may block the process. CVE-2023-31084 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:kernel-default-4.12.14-122.189.1 moderate An issue was discovered in drivers/mtd/ubi/cdev.c in the Linux kernel 6.2. There is a divide-by-zero error in do_div(sz,mtd->erasesize), used indirectly by ctrl_cdev_ioctl, when mtd->erasesize is 0. CVE-2023-31085 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:kernel-default-4.12.14-122.189.1 moderate A use after free vulnerability was found in prepare_to_relocate in fs/btrfs/relocation.c in btrfs in the Linux Kernel. This possible flaw can be triggered by calling btrfs_ioctl_balance() before calling btrfs_ioctl_defrag(). CVE-2023-3111 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:kernel-default-4.12.14-122.189.1 moderate A vulnerability was found in libX11. The security flaw occurs because the functions in src/InitExt.c in libX11 do not check that the values provided for the Request, Event, or Error IDs are within the bounds of the arrays that those functions write to, using those IDs as array indexes. They trust that they were called with values provided by an Xserver adhering to the bounds specified in the X11 protocol, as all X servers provided by X.Org do. As the protocol only specifies a single byte for these values, an out-of-bounds value provided by a malicious server (or a malicious proxy-in-the-middle) can only overwrite other portions of the Display structure and not write outside the bounds of the Display structure itself, possibly causing the client to crash with this memory corruption. CVE-2023-3138 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:libX11-6-1.6.2-12.33.1 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:libX11-data-1.6.2-12.33.1 important A use-after-free flaw was found in r592_remove in drivers/memstick/host/r592.c in media access in the Linux Kernel. This flaw allows a local attacker to crash the system at device disconnect, possibly leading to a kernel information leak. CVE-2023-3141 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:kernel-default-4.12.14-122.189.1 moderate qfq_change_class in net/sched/sch_qfq.c in the Linux kernel before 6.2.13 allows an out-of-bounds write because lmax can exceed QFQ_MIN_LMAX. CVE-2023-31436 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:kernel-default-4.12.14-122.189.1 moderate CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS. CVE-2023-31484 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:perl-5.18.2-12.26.1 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:perl-base-5.18.2-12.26.1 important A use after free issue was discovered in driver/firewire in outbound_phy_packet_callback in the Linux Kernel. In this flaw a local attacker with special privilege may cause a use after free problem when queue_event() fails. CVE-2023-3159 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:kernel-default-4.12.14-122.189.1 important A flaw was found in the Framebuffer Console (fbcon) in the Linux Kernel. When providing font->width and font->height greater than 32 to fbcon_set_font, since there are no checks in place, a shift-out-of-bounds occurs leading to undefined behavior and possible denial of service. CVE-2023-3161 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:kernel-default-4.12.14-122.189.1 moderate ** REJECT ** We issued this CVE pre-maturely, as we have subsequently realized that this issue points out a problem that there really is no safe measures around or protections for. CVE-2023-32001 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:curl-8.0.1-11.83.2 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:libcurl4-8.0.1-11.83.2 moderate An issue was discovered in the Linux kernel before 6.1.11. In net/netrom/af_netrom.c, there is a use-after-free because accept is also allowed for a successfully connected AF_NETROM socket. However, in order for an attacker to exploit this, the system must have netrom routing configured or the attacker must have the CAP_NET_ADMIN capability. CVE-2023-32269 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:kernel-default-4.12.14-122.189.1 moderate OpenPrinting CUPS is an open source printing system. In versions 2.4.2 and prior, a heap buffer overflow vulnerability would allow a remote attacker to launch a denial of service (DoS) attack. A buffer overflow vulnerability in the function `format_log_line` could allow remote attackers to cause a DoS on the affected system. Exploitation of the vulnerability can be triggered when the configuration file `cupsd.conf` sets the value of `loglevel `to `DEBUG`. No known patches or workarounds exist at time of publication. CVE-2023-32324 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:cups-libs-1.7.5-20.46.1 moderate An authentication issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.7.7, macOS Monterey 12.6.6, macOS Ventura 13.4. An unauthenticated user may be able to access recently printed documents. CVE-2023-32360 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:cups-libs-1.7.5-20.46.1 moderate An out of bounds (OOB) memory access flaw was found in the Linux kernel in relay_file_read_start_pos in kernel/relay.c in the relayfs. This flaw could allow a local attacker to crash the system or leak kernel internal information. CVE-2023-3268 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:kernel-default-4.12.14-122.189.1 moderate Requests is a HTTP library. Since Requests 2.3.0, Requests has been leaking Proxy-Authorization headers to destination servers when redirected to an HTTPS endpoint. This is a product of how we use `rebuild_proxies` to reattach the `Proxy-Authorization` header to requests. For HTTP connections sent through the tunnel, the proxy will identify the header in the request itself and remove it prior to forwarding to the destination server. However when sent over HTTPS, the `Proxy-Authorization` header must be sent in the CONNECT request as the proxy has no visibility into the tunneled request. This results in Requests forwarding proxy credentials to the destination server unintentionally, allowing a malicious actor to potentially exfiltrate sensitive information. This issue has been patched in version 2.31.0. CVE-2023-32681 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:python-requests-2.24.0-8.14.1 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:python3-requests-2.24.0-8.17.1 moderate The code that processes control channel messages sent to `named` calls certain functions recursively during packet parsing. Recursion depth is only limited by the maximum accepted packet size; depending on the environment, this may cause the packet-parsing code to run out of available stack memory, causing `named` to terminate unexpectedly. Since each incoming control channel message is fully parsed before its contents are authenticated, exploiting this flaw does not require the attacker to hold a valid RNDC key; only network access to the control channel's configured TCP port is necessary. This issue affects BIND 9 versions 9.2.0 through 9.16.43, 9.18.0 through 9.18.18, 9.19.0 through 9.19.16, 9.9.3-S1 through 9.16.43-S1, and 9.18.0-S1 through 9.18.18-S1. CVE-2023-3341 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:bind-utils-9.11.22-3.49.1 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:libbind9-161-9.11.22-3.49.1 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:libdns1110-9.11.22-3.49.1 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:libirs161-9.11.22-3.49.1 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:libisc1107-9.11.22-3.49.1 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:libisccc161-9.11.22-3.49.1 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:libisccfg163-9.11.22-3.49.1 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:liblwres161-9.11.22-3.49.1 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:python-bind-9.11.22-3.49.1 important A null pointer dereference was found in the Linux kernel's Integrated Sensor Hub (ISH) driver. This issue could allow a local user to crash the system. CVE-2023-3358 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:kernel-default-4.12.14-122.189.1 moderate OpenPrinting CUPS is a standards-based, open source printing system for Linux and other Unix-like operating systems. Starting in version 2.0.0 and prior to version 2.4.6, CUPS logs data of free memory to the logging service AFTER the connection has been closed, when it should have logged the data right before. This is a use-after-free bug that impacts the entire cupsd process. The exact cause of this issue is the function `httpClose(con->http)` being called in `scheduler/client.c`. The problem is that httpClose always, provided its argument is not null, frees the pointer at the end of the call, only for cupsdLogClient to pass the pointer to httpGetHostname. This issue happens in function `cupsdAcceptClient` if LogLevel is warn or higher and in two scenarios: there is a double-lookup for the IP Address (HostNameLookups Double is set in `cupsd.conf`) which fails to resolve, or if CUPS is compiled with TCP wrappers and the connection is refused by rules from `/etc/hosts.allow` and `/etc/hosts.deny`. Version 2.4.6 has a patch for this issue. CVE-2023-34241 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:cups-libs-1.7.5-20.46.1 important The fix for XSA-423 added logic to Linux'es netback driver to deal with a frontend splitting a packet in a way such that not all of the headers would come in one piece. Unfortunately the logic introduced there didn't account for the extreme case of the entire packet being split into as many pieces as permitted by the protocol, yet still being smaller than the area that's specially dealt with to keep all (possible) headers together. Such an unusual packet would therefore trigger a buffer overrun in the driver. CVE-2023-34319 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:kernel-default-4.12.14-122.189.1 moderate Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_check(), DH_check_ex() or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a Denial of Service. The function DH_check() performs various checks on DH parameters. One of those checks confirms that the modulus ('p' parameter) is not too large. Trying to use a very large modulus is slow and OpenSSL will not normally use a modulus which is over 10,000 bits in length. However the DH_check() function checks numerous aspects of the key or parameters that have been supplied. Some of those checks use the supplied modulus value even if it has already been found to be too large. An application that calls DH_check() and supplies a key or parameters obtained from an untrusted source could be vulernable to a Denial of Service attack. The function DH_check() is itself called by a number of other OpenSSL functions. An application calling any of those other functions may similarly be affected. The other functions affected by this are DH_check_ex() and EVP_PKEY_param_check(). Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications when using the '-check' option. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue. CVE-2023-3446 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:libopenssl1_0_0-1.0.2p-3.87.1 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:libopenssl1_1-1.1.1d-2.101.1 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:openssl-1_0_0-1.0.2p-3.87.1 moderate An infinite loop vulnerability was found in Samba's mdssvc RPC service for Spotlight. When parsing Spotlight mdssvc RPC packets sent by the client, the core unmarshalling function sl_unpack_loop() did not validate a field in the network packet that contains the count of elements in an array-like structure. By passing 0 as the count value, the attacked function will run in an endless loop consuming 100% CPU. This flaw allows an attacker to issue a malformed RPC request, triggering an infinite loop, resulting in a denial of service condition. CVE-2023-34966 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:samba-client-libs-4.15.13+git.638.942e3211cf-3.91.1 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:samba-libs-4.15.13+git.638.942e3211cf-3.91.1 important A Type Confusion vulnerability was found in Samba's mdssvc RPC service for Spotlight. When parsing Spotlight mdssvc RPC packets, one encoded data structure is a key-value style dictionary where the keys are character strings, and the values can be any of the supported types in the mdssvc protocol. Due to a lack of type checking in callers of the dalloc_value_for_key() function, which returns the object associated with a key, a caller may trigger a crash in talloc_get_size() when talloc detects that the passed-in pointer is not a valid talloc pointer. With an RPC worker process shared among multiple client connections, a malicious client or attacker can trigger a process crash in a shared RPC mdssvc worker process, affecting all other clients this worker serves. CVE-2023-34967 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:samba-client-libs-4.15.13+git.638.942e3211cf-3.91.1 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:samba-libs-4.15.13+git.638.942e3211cf-3.91.1 moderate A path disclosure vulnerability was found in Samba. As part of the Spotlight protocol, Samba discloses the server-side absolute path of shares, files, and directories in the results for search queries. This flaw allows a malicious client or an attacker with a targeted RPC request to view the information that is part of the disclosed path. CVE-2023-34968 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:samba-client-libs-4.15.13+git.638.942e3211cf-3.91.1 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:samba-libs-4.15.13+git.638.942e3211cf-3.91.1 moderate D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. If a privileged user with control over the dbus-daemon is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic, then an unprivileged user with the ability to connect to the same dbus-daemon can cause a dbus-daemon crash under some circumstances via an unreplyable message. When done on the well-known system bus, this is a denial-of-service vulnerability. The fixed versions are 1.12.28, 1.14.8, and 1.15.6. CVE-2023-34969 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:dbus-1-1.8.22-44.1 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:dbus-1-x11-1.8.22-44.1 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:libdbus-1-3-1.8.22-44.1 moderate Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability; nft_byteorder poorly handled vm register contents when CAP_NET_ADMIN is in any user or network namespace CVE-2023-35001 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:kernel-default-4.12.14-122.189.1 important A use-after-free flaw was found in vcs_read in drivers/tty/vt/vc_screen.c in vc_screen in the Linux Kernel. This issue may allow an attacker with local user access to cause a system crash or leak internal kernel information. CVE-2023-3567 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:kernel-default-4.12.14-122.189.1 important An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in dm1105_remove in drivers/media/pci/dm1105/dm1105.c. CVE-2023-35824 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:kernel-default-4.12.14-122.189.1 moderate Envoy is a cloud-native high-performance edge/middle/service proxy. Envoy's HTTP/2 codec may leak a header map and bookkeeping structures upon receiving `RST_STREAM` immediately followed by the `GOAWAY` frames from an upstream server. In nghttp2, cleanup of pending requests due to receipt of the `GOAWAY` frame skips de-allocation of the bookkeeping structure and pending compressed header. The error return [code path] is taken if connection is already marked for not sending more requests due to `GOAWAY` frame. The clean-up code is right after the return statement, causing memory leak. Denial of service through memory exhaustion. This vulnerability was patched in versions(s) 1.26.3, 1.25.8, 1.24.9, 1.23.11. CVE-2023-35945 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:libnghttp2-14-1.39.2-3.13.1 important lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because _xdr_kadm5_principal_ent_rec does not validate the relationship between n_key_data and the key_data array count. CVE-2023-36054 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:krb5-1.12.5-40.52.1 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:krb5-client-1.12.5-40.52.1 important A use-after-free vulnerability in the Linux kernel's net/sched: cls_u32 component can be exploited to achieve local privilege escalation. If tcf_change_indev() fails, u32_set_parms() will immediately return an error after incrementing or decrementing the reference counter in tcf_bind_filter(). If an attacker can control the reference counter and set it to zero, they can cause the reference to be freed, leading to a use-after-free vulnerability. We recommend upgrading past commit 04c55383fa5689357bcdd2c8036725a55ed632bc. CVE-2023-3609 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:kernel-default-4.12.14-122.189.1 moderate An out-of-bounds write vulnerability in the Linux kernel's net/sched: sch_qfq component can be exploited to achieve local privilege escalation. The qfq_change_agg() function in net/sched/sch_qfq.c allows an out-of-bounds write because lmax is updated according to packet sizes without bounds checks. We recommend upgrading past commit 3e337087c3b5805fe0b8a46ba622a962880b5d64. CVE-2023-3611 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:kernel-default-4.12.14-122.189.1 moderate A flaw was found in the Linux kernel's IP framework for transforming packets (XFRM subsystem). This issue may allow a malicious user with CAP_NET_ADMIN privileges to directly dereference a NULL pointer in xfrm_update_ae_params(), leading to a possible kernel crash and denial of service. CVE-2023-3772 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:kernel-default-4.12.14-122.189.1 moderate A use-after-free vulnerability in the Linux kernel's net/sched: cls_fw component can be exploited to achieve local privilege escalation. If tcf_change_indev() fails, fw_set_parms() will immediately return an error after incrementing or decrementing the reference counter in tcf_bind_filter(). If an attacker can control the reference counter and set it to zero, they can cause the reference to be freed, leading to a use-after-free vulnerability. We recommend upgrading past commit 0323bce598eea038714f941ce2b22541c46d488f. CVE-2023-3776 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:kernel-default-4.12.14-122.189.1 moderate When curl retrieves an HTTP response, it stores the incoming headers so that they can be accessed later via the libcurl headers API. However, curl did not have a limit in how many or how large headers it would accept in a response, allowing a malicious server to stream an endless series of headers and eventually cause curl to run out of heap memory. CVE-2023-38039 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:curl-8.0.1-11.83.2 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:libcurl4-8.0.1-11.83.2 important An out-of-bounds memory access flaw was found in the Linux kernel's TUN/TAP device driver functionality in how a user generates a malicious (too big) networking packet when napi frags is enabled. This flaw allows a local user to crash or potentially escalate their privileges on the system. CVE-2023-3812 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:kernel-default-4.12.14-122.189.1 important Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_check(), DH_check_ex() or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a Denial of Service. The function DH_check() performs various checks on DH parameters. After fixing CVE-2023-3446 it was discovered that a large q parameter value can also trigger an overly long computation during some of these checks. A correct q value, if present, cannot be larger than the modulus p parameter, thus it is unnecessary to perform these checks if q is larger than p. An application that calls DH_check() and supplies a key or parameters obtained from an untrusted source could be vulnerable to a Denial of Service attack. The function DH_check() is itself called by a number of other OpenSSL functions. An application calling any of those other functions may similarly be affected. The other functions affected by this are DH_check_ex() and EVP_PKEY_param_check(). Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications when using the "-check" option. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue. CVE-2023-3817 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:libopenssl1_0_0-1.0.2p-3.87.1 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:libopenssl1_1-1.1.1d-2.101.1 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:openssl-1_0_0-1.0.2p-3.87.1 moderate The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code in /usr/lib is not necessarily safe for loading into ssh-agent.) NOTE: this issue exists because of an incomplete fix for CVE-2016-10009. CVE-2023-38408 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:openssh-7.2p2-81.8.1 important A vulnerability was found in Avahi. A reachable assertion exists in the avahi_alternative_host_name() function. CVE-2023-38473 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:libavahi-client3-0.6.32-32.21.1 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:libavahi-common3-0.6.32-32.21.1 moderate This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy handshake. When curl is asked to pass along the host name to the SOCKS5 proxy to allow that to resolve the address instead of it getting done by curl itself, the maximum length that host name can be is 255 bytes. If the host name is detected to be longer, curl switches to local name resolving and instead passes on the resolved address only. Due to this bug, the local variable that means "let the host resolve the name" could get the wrong value during a slow SOCKS5 handshake, and contrary to the intention, copy the too long host name to the target buffer instead of copying just the resolved address there. The target buffer being a heap based buffer, and the host name coming from the URL that curl has been told to operate with. CVE-2023-38545 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:curl-8.0.1-11.83.2 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:libcurl4-8.0.1-11.83.2 important This flaw allows an attacker to insert cookies at will into a running program using libcurl, if the specific series of conditions are met. libcurl performs transfers. In its API, an application creates "easy handles" that are the individual handles for single transfers. libcurl provides a function call that duplicates en easy handle called [curl_easy_duphandle](https://curl.se/libcurl/c/curl_easy_duphandle.html). If a transfer has cookies enabled when the handle is duplicated, the cookie-enable state is also cloned - but without cloning the actual cookies. If the source handle did not read any cookies from a specific file on disk, the cloned version of the handle would instead store the file name as `none` (using the four ASCII letters, no quotes). Subsequent use of the cloned handle that does not explicitly set a source to load cookies from would then inadvertently load cookies from a file named `none` - if such a file exists and is readable in the current directory of the program using libcurl. And if using the correct file format of course. CVE-2023-38546 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:curl-8.0.1-11.83.2 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:libcurl4-8.0.1-11.83.2 moderate A use-after-free flaw was found in nfc_llcp_find_local in net/nfc/llcp_core.c in NFC in the Linux kernel. This flaw allows a local user with special privileges to impact a kernel information leak issue. CVE-2023-3863 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:kernel-default-4.12.14-122.189.1 important A flaw was found in the Netfilter subsystem in the Linux kernel. The nfnl_osf_add_callback function did not validate the user mode controlled opt_num field. This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure. CVE-2023-39189 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:kernel-default-4.12.14-122.189.1 moderate A flaw was found in the Netfilter subsystem in the Linux kernel. The xt_u32 module did not validate the fields in the xt_u32 structure. This flaw allows a local privileged attacker to trigger an out-of-bounds read by setting the size fields with a value beyond the array boundaries, leading to a crash or information disclosure. CVE-2023-39192 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:kernel-default-4.12.14-122.189.1 moderate A flaw was found in the Netfilter subsystem in the Linux kernel. The sctp_mt_check did not validate the flag_count field. This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure. CVE-2023-39193 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:kernel-default-4.12.14-122.189.1 moderate A flaw was found in the XFRM subsystem in the Linux kernel. The specific flaw exists within the processing of state filters, which can result in a read past the end of an allocated buffer. This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, potentially leading to an information disclosure. CVE-2023-39194 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:kernel-default-4.12.14-122.189.1 low An out-of-bounds read vulnerability was found in Netfilter Connection Tracking (conntrack) in the Linux kernel. This flaw allows a remote user to disclose sensitive information via the DCCP protocol. CVE-2023-39197 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:kernel-default-4.12.14-122.189.1 low A race condition was found in the QXL driver in the Linux kernel. The qxl_mode_dumb_create() function dereferences the qobj returned by the qxl_gem_object_create_with_handle(), but the handle is the only one holding a reference to it. This flaw allows an attacker to guess the returned handle value and trigger a use-after-free issue, potentially leading to a denial of service or privilege escalation. CVE-2023-39198 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:kernel-default-4.12.14-122.189.1 important ** DISPUTED ** Xmlsoft Libxml2 v2.11.0 was discovered to contain an out-of-bounds read via the xmlSAX2StartElement() function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted XML file. NOTE: the vendor's position is that the product does not support the legacy SAX1 interface with custom callbacks; there is a crash even without crafted input. CVE-2023-39615 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:libxml2-2-2.9.4-46.68.2 moderate In GNU tar before 1.35, mishandled extension attributes in a PAX archive can lead to an application crash in xheader.c. CVE-2023-39804 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:tar-1.27.1-15.24.1 low Under some circumstances, this weakness allows a user who has access to run the "ps" utility on a machine, the ability to write almost unlimited amounts of unfiltered data into the process heap. CVE-2023-4016 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:libprocps3-3.3.9-11.30.1 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:procps-3.3.9-11.30.1 low An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It primarily affects servers (such as HTTP servers) that use TLS client authentication. If a TLS server-side socket is created, receives data into the socket buffer, and then is closed quickly, there is a brief window where the SSLSocket instance will detect the socket as "not connected" and won't initiate a handshake, but buffered data will still be readable from the socket buffer. This data will not be authenticated if the server-side TLS peer is expecting client certificate authentication, and is indistinguishable from valid TLS stream data. Data is limited in size to the amount that will fit in the buffer. (The TLS connection cannot directly be used for data exfiltration because the vulnerable code path requires that the connection be closed on initialization of the SSLSocket.) CVE-2023-40217 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:libpython2_7-1_0-2.7.18-33.26.1 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:python-2.7.18-33.26.1 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:python-base-2.7.18-33.26.1 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:python-xml-2.7.18-33.26.1 important An issue was discovered in l2cap_sock_release in net/bluetooth/l2cap_sock.c in the Linux kernel before 6.4.10. There is a use-after-free because the children of an sk are mishandled. CVE-2023-40283 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:kernel-default-4.12.14-122.189.1 moderate A vulnerability was discovered in Samba, where the flaw allows SMB clients to truncate files, even with read-only permissions when the Samba VFS module "acl_xattr" is configured with "acl_xattr:ignore system acls = yes". The SMB protocol allows opening files when the client requests read-only access but then implicitly truncates the opened file to 0 bytes if the client specifies a separate OVERWRITE create disposition request. The issue arises in configurations that bypass kernel file system permissions checks, relying solely on Samba's permissions. CVE-2023-4091 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:samba-client-libs-4.15.13+git.638.942e3211cf-3.91.1 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:samba-libs-4.15.13+git.638.942e3211cf-3.91.1 moderate ** REJECT ** DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2023-4206, CVE-2023-4207, CVE-2023-4208. Reason: This record is a duplicate of CVE-2023-4206, CVE-2023-4207, CVE-2023-4208. Notes: All CVE users should reference CVE-2023-4206, CVE-2023-4207, CVE-2023-4208 instead of this record. All references and descriptions in this record have been removed to prevent accidental usage. CVE-2023-4128 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:kernel-default-4.12.14-122.189.1 moderate A use-after-free vulnerability was found in the siano smsusb module in the Linux kernel. The bug occurs during device initialization when the siano device is plugged in. This flaw allows a local user to crash the system, causing a denial of service condition. CVE-2023-4132 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:kernel-default-4.12.14-122.189.1 moderate A use-after-free vulnerability was found in the cxgb4 driver in the Linux kernel. The bug occurs when the cxgb4 device is detaching due to a possible rearming of the flower_stats_timer from the work queue. This flaw allows a local user to crash the system, causing a denial of service condition. CVE-2023-4133 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:kernel-default-4.12.14-122.189.1 moderate ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2023-4134 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:kernel-default-4.12.14-122.189.1 moderate A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information. CVE-2023-4156 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:gawk-4.1.0-5.3.1 low A flaw was found in the Linux kernel's TUN/TAP functionality. This issue could allow a local user to bypass network filters and gain unauthorized access to some resources. The original patches fixing CVE-2023-1076 are incorrect or incomplete. The problem is that the following upstream commits - a096ccca6e50 ("tun: tun_chr_open(): correctly initialize socket uid"), - 66b2c338adce ("tap: tap_open(): correctly initialize socket uid"), pass "inode->i_uid" to sock_init_data_uid() as the last parameter and that turns out to not be accurate. CVE-2023-4194 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:kernel-default-4.12.14-122.189.1 moderate A NULL pointer dereference flaw was found in the Linux kernel ipv4 stack. The socket buffer (skb) was assumed to be associated with a device before calling __ip_options_compile, which is not always the case if the skb is re-routed by ipvs. This issue may allow a local user with CAP_NET_ADMIN privileges to crash the system. CVE-2023-42754 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:kernel-default-4.12.14-122.189.1 moderate A vulnerability was found in libX11 due to a boundary condition within the _XkbReadKeySyms() function. This flaw allows a local user to trigger an out-of-bounds read error and read the contents of memory on the system. CVE-2023-43785 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:libX11-6-1.6.2-12.33.1 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:libX11-data-1.6.2-12.33.1 low A vulnerability was found in libX11 due to an infinite loop within the PutSubImage() function. This flaw allows a local user to consume all available system resources and cause a denial of service condition. CVE-2023-43786 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:libX11-6-1.6.2-12.33.1 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:libX11-data-1.6.2-12.33.1 low A vulnerability was found in libX11 due to an integer overflow within the XCreateImage() function. This flaw allows a local user to trigger an integer overflow and execute arbitrary code with elevated privileges. CVE-2023-43787 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:libX11-6-1.6.2-12.33.1 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:libX11-data-1.6.2-12.33.1 low urllib3 is a user-friendly HTTP client library for Python. urllib3 doesn't treat the `Cookie` HTTP header special or provide any helpers for managing cookies over HTTP, that is the responsibility of the user. However, it is possible for a user to specify a `Cookie` header and unknowingly leak information via HTTP redirects to a different origin if that user doesn't disable redirects explicitly. This issue has been patched in urllib3 version 1.26.17 or 2.0.5. CVE-2023-43804 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:python-urllib3-1.25.10-3.37.1 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:python3-urllib3-1.25.10-3.37.1 moderate A NULL pointer dereference flaw was found in dbFree in fs/jfs/jfs_dmap.c in the journaling file system (JFS) in the Linux Kernel. This issue may allow a local attacker to crash the system due to a missing sanity check. CVE-2023-4385 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:kernel-default-4.12.14-122.189.1 moderate A use-after-free flaw was found in vmxnet3_rq_alloc_rx_buf in drivers/net/vmxnet3/vmxnet3_drv.c in VMware's vmxnet3 ethernet NIC driver in the Linux Kernel. This issue could allow a local attacker to crash the system due to a double-free while cleaning up vmxnet3_rq_cleanup_all, which could also lead to a kernel information leak problem. CVE-2023-4387 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:kernel-default-4.12.14-122.189.1 moderate The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. CVE-2023-44487 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:libnghttp2-14-1.39.2-3.13.1 important A NULL pointer dereference flaw was found in vmxnet3_rq_cleanup in drivers/net/vmxnet3/vmxnet3_drv.c in the networking sub-component in vmxnet3 in the Linux Kernel. This issue may allow a local attacker with normal user privilege to cause a denial of service due to a missing sanity check during cleanup. CVE-2023-4459 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:kernel-default-4.12.14-122.189.1 moderate Due to failure in validating the length provided by an attacker-crafted PPD PostScript document, CUPS and libppd are susceptible to a heap-based buffer overflow and possibly code execution. This issue has been fixed in CUPS version 2.4.7, released in September of 2023. CVE-2023-4504 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:cups-libs-1.7.5-20.46.1 important ** DISPUTED ** libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is "I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail." CVE-2023-45322 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:libxml2-2-2.9.4-46.68.2 moderate urllib3 is a user-friendly HTTP client library for Python. urllib3 previously wouldn't remove the HTTP request body when an HTTP redirect response using status 301, 302, or 303 after the request had its method changed from one that could accept a request body (like `POST`) to `GET` as is required by HTTP RFCs. Although this behavior is not specified in the section for redirects, it can be inferred by piecing together information from different sections and we have observed the behavior in other major HTTP client implementations like curl and web browsers. Because the vulnerability requires a previously trusted service to become compromised in order to have an impact on confidentiality we believe the exploitability of this vulnerability is low. Additionally, many users aren't putting sensitive data in HTTP request bodies, if this is the case then this vulnerability isn't exploitable. Both of the following conditions must be true to be affected by this vulnerability: 1. Using urllib3 and submitting sensitive information in the HTTP request body (such as form data or JSON) and 2. The origin service is compromised and starts redirecting using 301, 302, or 303 to a malicious peer or the redirected-to service becomes compromised. This issue has been addressed in versions 1.26.18 and 2.0.7 and users are advised to update to resolve this issue. Users unable to update should disable redirects for services that aren't expecting to respond with redirects with `redirects=False` and disable automatic redirects with `redirects=False` and handle 301, 302, and 303 redirects manually by stripping the HTTP request body. CVE-2023-45803 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:python-urllib3-1.25.10-3.37.1 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:python3-urllib3-1.25.10-3.37.1 moderate MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product. NOTE: pyminizip through 0.2.6 is also vulnerable because it bundles an affected zlib version, and exposes the applicable MiniZip code through its compress API. CVE-2023-45853 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:libz1-1.2.11-11.37.1 moderate An issue was discovered in drivers/usb/storage/ene_ub6250.c for the ENE UB6250 reader driver in the Linux kernel before 6.2.5. An object could potentially extend beyond the end of an allocation. CVE-2023-45862 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:kernel-default-4.12.14-122.189.1 moderate An issue was discovered in lib/kobject.c in the Linux kernel before 6.2.3. With root access, an attacker can trigger a race condition that results in a fill_kobj_path out-of-bounds write. CVE-2023-45863 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:kernel-default-4.12.14-122.189.1 moderate An issue was discovered in drivers/net/ethernet/intel/igb/igb_main.c in the IGB driver in the Linux kernel before 6.5.3. A buffer size may not be adequate for frames larger than the MTU. CVE-2023-45871 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:kernel-default-4.12.14-122.189.1 moderate This flaw allows a malicious HTTP server to set "super cookies" in curl that are then passed back to more origins than what is otherwise allowed or possible. This allows a site to set cookies that then would get sent to different and unrelated sites and domains. It could do this by exploiting a mixed case flaw in curl's function that verifies a given cookie domain against the Public Suffix List (PSL). For example a cookie could be set with `domain=co.UK` when the URL used a lower case hostname `curl.co.uk`, even though `co.uk` is listed as a PSL domain. CVE-2023-46218 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:curl-8.0.1-11.83.2 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:libcurl4-8.0.1-11.83.2 moderate When saving HSTS data to an excessively long file name, curl could end up removing all contents, making subsequent requests using that file unaware of the HSTS status they should otherwise use. CVE-2023-46219 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:curl-8.0.1-11.83.2 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:libcurl4-8.0.1-11.83.2 low A use-after-free vulnerability in the Linux kernel's af_unix component can be exploited to achieve local privilege escalation. The unix_stream_sendpage() function tries to add data to the last skb in the peer's recv queue without locking the queue. Thus there is a race where unix_stream_sendpage() could access an skb locklessly that is being released by garbage collection, resulting in use-after-free. We recommend upgrading past commit 790c2f9d15b594350ae9bca7b236f2b1859de02c. CVE-2023-4622 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:kernel-default-4.12.14-122.189.1 important A use-after-free vulnerability in the Linux kernel's net/sched: sch_hfsc (HFSC qdisc traffic control) component can be exploited to achieve local privilege escalation. If a class with a link-sharing curve (i.e. with the HFSC_FSC flag set) has a parent without a link-sharing curve, then init_vf() will call vttree_insert() on the parent, but vttree_remove() will be skipped in update_vf(). This leaves a dangling pointer that can cause a use-after-free. We recommend upgrading past commit b3d26c5702c7d6c45456326e56d2ccf3f103e60f. CVE-2023-4623 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:kernel-default-4.12.14-122.189.1 important Vim is an improved version of the good old UNIX editor Vi. Heap-use-after-free in memory allocated in the function `ga_grow_inner` in in the file `src/alloc.c` at line 748, which is freed in the file `src/ex_docmd.c` in the function `do_cmdline` at line 1010 and then used again in `src/cmdhist.c` at line 759. When using the `:history` command, it's possible that the provided argument overflows the accepted value. Causing an Integer Overflow and potentially later an use-after-free. This vulnerability has been patched in version 9.0.2068. CVE-2023-46246 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:vim-9.0.2103-17.26.1 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:vim-data-common-9.0.2103-17.26.1 low A flaw was found in shadow-utils. When asking for a new password, shadow-utils asks the password twice. If the password fails on the second attempt, shadow-utils fails in cleaning the buffer used to store the first entry. This may allow an attacker with enough access to retrieve the password from the memory. CVE-2023-4641 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:shadow-4.2.1-36.6.1 low An out-of-bounds write flaw was found in grub2's NTFS filesystem driver. This issue may allow an attacker to present a specially crafted NTFS filesystem image, leading to grub's heap metadata corruption. In some circumstances, the attack may also corrupt the UEFI firmware heap metadata. As a result, arbitrary code execution and secure boot protection bypass may be achieved. CVE-2023-4692 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:grub2-2.02-169.1 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:grub2-i386-pc-2.02-169.1 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:grub2-x86_64-efi-2.02-169.1 important An out-of-bounds read flaw was found on grub2's NTFS filesystem driver. This issue may allow a physically present attacker to present a specially crafted NTFS file system image to read arbitrary memory locations. A successful attack allows sensitive data cached in memory or EFI variable values to be leaked, presenting a high Confidentiality risk. CVE-2023-4693 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:grub2-2.02-169.1 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:grub2-i386-pc-2.02-169.1 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:grub2-x86_64-efi-2.02-169.1 moderate Use After Free in GitHub repository vim/vim prior to 9.0.1840. CVE-2023-4733 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:vim-9.0.2103-17.26.1 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:vim-data-common-9.0.2103-17.26.1 important Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1846. CVE-2023-4734 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:vim-9.0.2103-17.26.1 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:vim-data-common-9.0.2103-17.26.1 moderate Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1847. CVE-2023-4735 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:vim-9.0.2103-17.26.1 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:vim-data-common-9.0.2103-17.26.1 low Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1848. CVE-2023-4738 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:vim-9.0.2103-17.26.1 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:vim-data-common-9.0.2103-17.26.1 important Use After Free in GitHub repository vim/vim prior to 9.0.1858. CVE-2023-4752 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:vim-9.0.2103-17.26.1 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:vim-data-common-9.0.2103-17.26.1 important Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1873. CVE-2023-4781 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:vim-9.0.2103-17.26.1 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:vim-data-common-9.0.2103-17.26.1 important A flaw was found in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge. CVE-2023-4813 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:glibc-2.22-114.31.1 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:glibc-i18ndata-2.22-114.31.1 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:glibc-locale-2.22-114.31.1 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:nscd-2.22-114.31.1 moderate The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust. CVE-2023-48795 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:openssh-7.2p2-81.8.1 important ** REJECT ** CVE-2023-4881 was wrongly assigned to a bug that was deemed to be a non-security issue by the Linux kernel security team. CVE-2023-4881 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:kernel-default-4.12.14-122.189.1 moderate A use-after-free vulnerability in the Linux kernel's net/sched: sch_qfq component can be exploited to achieve local privilege escalation. When the plug qdisc is used as a class of the qfq qdisc, sending network packets triggers use-after-free in qfq_dequeue() due to the incorrect .peek handler of sch_plug and lack of error checking in agg_dequeue(). We recommend upgrading past commit 8fc134fee27f2263988ae38920bc03da416b03d8. CVE-2023-4921 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:kernel-default-4.12.14-122.189.1 important NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry(). CVE-2023-50495 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:libncurses5-5.9-85.1 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:libncurses6-5.9-85.1 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:ncurses-utils-5.9-85.1 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:terminfo-5.9-85.1 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:terminfo-base-5.9-85.1 moderate bt_sock_recvmsg in net/bluetooth/af_bluetooth.c in the Linux kernel through 6.6.8 has a use-after-free because of a bt_sock_ioctl race condition. CVE-2023-51779 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:kernel-default-4.12.14-122.189.1 moderate Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1969. CVE-2023-5344 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:vim-9.0.2103-17.26.1 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:vim-data-common-9.0.2103-17.26.1 low NULL Pointer Dereference in GitHub repository vim/vim prior to 20d161ace307e28690229b68584f2d84556f8960. CVE-2023-5441 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:vim-9.0.2103-17.26.1 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:vim-data-common-9.0.2103-17.26.1 moderate Use After Free in GitHub repository vim/vim prior to v9.0.2010. CVE-2023-5535 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:vim-9.0.2103-17.26.1 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:vim-data-common-9.0.2103-17.26.1 important Issue summary: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_generate_key() to generate an X9.42 DH key may experience long delays. Likewise, applications that use DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check() to check an X9.42 DH key or X9.42 DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a Denial of Service. While DH_check() performs all the necessary checks (as of CVE-2023-3817), DH_check_pub_key() doesn't make any of these checks, and is therefore vulnerable for excessively large P and Q parameters. Likewise, while DH_generate_key() performs a check for an excessively large P, it doesn't check for an excessively large Q. An application that calls DH_generate_key() or DH_check_pub_key() and supplies a key or parameters obtained from an untrusted source could be vulnerable to a Denial of Service attack. DH_generate_key() and DH_check_pub_key() are also called by a number of other OpenSSL functions. An application calling any of those other functions may similarly be affected. The other functions affected by this are DH_check_pub_key_ex(), EVP_PKEY_public_check(), and EVP_PKEY_generate(). Also vulnerable are the OpenSSL pkey command line application when using the "-pubcheck" option, as well as the OpenSSL genpkey command line application. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue. CVE-2023-5678 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:libopenssl1_0_0-1.0.2p-3.87.1 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:libopenssl1_1-1.1.1d-2.101.1 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:openssl-1_0_0-1.0.2p-3.87.1 moderate A heap out-of-bounds write vulnerability in the Linux kernel's Linux Kernel Performance Events (perf) component can be exploited to achieve local privilege escalation. If perf_read_group() is called while an event's sibling_list is smaller than its child's sibling_list, it can increment or write to memory locations outside of the allocated buffer. We recommend upgrading past commit 32671e3799ca2e4590773fd0e63aaa4229e50c06. CVE-2023-5717 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:kernel-default-4.12.14-122.189.1 important An out-of-bounds read vulnerability was found in the NVMe-oF/TCP subsystem in the Linux kernel. This issue may allow a remote attacker to send a crafted TCP packet, triggering a heap-based buffer overflow that results in kmalloc data being printed and potentially leaked to the kernel ring buffer (dmesg). CVE-2023-6121 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:kernel-default-4.12.14-122.189.1 moderate An out-of-bounds read vulnerability was found in smbCalcSize in fs/smb/client/netmisc.c in the Linux Kernel. This issue could allow a local attacker to crash the system or leak internal kernel information. CVE-2023-6606 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:kernel-default-4.12.14-122.189.1 moderate An out-of-bounds read vulnerability was found in smb2_dump_detail in fs/smb/client/smb2ops.c in the Linux Kernel. This issue could allow a local attacker to crash the system or leak internal kernel information. CVE-2023-6610 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:kernel-default-4.12.14-122.189.1 moderate A heap out-of-bounds write vulnerability in the Linux kernel's Performance Events system component can be exploited to achieve local privilege escalation. A perf_event's read_size can overflow, leading to an heap out-of-bounds increment or write in perf_read_group(). We recommend upgrading past commit 382c27f4ed28f803b1f1473ac2d8db0afc795a1b. CVE-2023-6931 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:kernel-default-4.12.14-122.189.1 moderate A use-after-free vulnerability in the Linux kernel's ipv4: igmp component can be exploited to achieve local privilege escalation. A race condition can be exploited to cause a timer be mistakenly registered on a RCU read locked object which is freed by another thread. We recommend upgrading past commit e2b706c691905fe78468c361aaabc719d0a496f1. CVE-2023-6932 Public Cloud Image google/sles-12-sp5-byos-v20240125-x86-64:kernel-default-4.12.14-122.189.1 moderate