Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2022.2972
Security update for the Linux Kernel
16 June 2022
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Linux Kernel
Publisher: SUSE
Operating System: SUSE
Resolution: Patch/Upgrade
CVE Names: CVE-2022-30594 CVE-2022-21180 CVE-2022-21166
CVE-2022-21127 CVE-2022-21125 CVE-2022-21123
CVE-2022-1734 CVE-2022-1652 CVE-2022-1516
CVE-2022-1419 CVE-2022-1353 CVE-2022-1011
CVE-2021-43389 CVE-2021-39711 CVE-2021-38208
CVE-2021-33061 CVE-2021-20321 CVE-2021-20292
CVE-2019-20811
Original Bulletin:
https://www.suse.com/support/update/announcement/2022/suse-su-20222083-1
Comment: CVSS (Max): 8.4 CVE-2022-30594 (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS Source: SUSE
Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- --------------------------BEGIN INCLUDED TEXT--------------------
SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:2083-1
Rating: important
References: #1028340 #1065729 #1071995 #1114648 #1172456 #1182171
#1183723 #1187055 #1191647 #1191958 #1195651 #1196426
#1197099 #1197219 #1197343 #1198400 #1198516 #1198660
#1198687 #1198742 #1198825 #1199012 #1199063 #1199314
#1199399 #1199426 #1199505 #1199605 #1199650
Cross-References: CVE-2019-20811 CVE-2021-20292 CVE-2021-20321 CVE-2021-33061
CVE-2021-38208 CVE-2021-39711 CVE-2021-43389 CVE-2022-1011
CVE-2022-1353 CVE-2022-1419 CVE-2022-1516 CVE-2022-1652
CVE-2022-1734 CVE-2022-21123 CVE-2022-21125 CVE-2022-21127
CVE-2022-21166 CVE-2022-21180 CVE-2022-30594
Affected Products:
SUSE Linux Enterprise High Availability 12-SP4
SUSE Linux Enterprise High Performance Computing 12-SP4
SUSE Linux Enterprise Live Patching 12-SP4
SUSE Linux Enterprise Server 12-SP4
SUSE Linux Enterprise Server 12-SP4-LTSS
SUSE Linux Enterprise Server for SAP 12-SP4
SUSE OpenStack Cloud 9
SUSE OpenStack Cloud Crowbar 9
______________________________________________________________________________
An update that solves 19 vulnerabilities, contains one feature and has 10 fixes
is now available.
Description:
The SUSE Linux Enterprise 12 SP4 kernel was updated.
The following security bugs were fixed:
o CVE-2022-21127: Fixed a stale MMIO data transient which can be exploited to
speculatively/transiently disclose information via spectre like attacks.
(bsc#1199650)
o CVE-2022-21123: Fixed a stale MMIO data transient which can be exploited to
speculatively/transiently disclose information via spectre like attacks.
(bsc#1199650)
o CVE-2022-21125: Fixed a stale MMIO data transient which can be exploited to
speculatively/transiently disclose information via spectre like attacks.
(bsc#1199650)
o CVE-2022-21180: Fixed a stale MMIO data transient which can be exploited to
speculatively/transiently disclose information via spectre like attacks.
(bsc#1199650)
o CVE-2022-21166: Fixed a stale MMIO data transient which can be exploited to
speculatively/transiently disclose information via spectre like attacks.
(bsc#1199650)
o CVE-2022-1652: Fixed a statically allocated error counter inside the floppy
kernel module (bsc#1199063).
o CVE-2022-1734: Fixed a r/w use-after-free when non synchronized between
cleanup routine and firmware download routine. (bnc#1199605)
o CVE-2021-39711: Fixed a possible out of bounds read due to Incorrect Size
Value. This could lead to local information disclosure with System
execution privileges needed. User interaction is not needed for
exploitation (bnc#1197219).
o CVE-2022-30594: Fixed restriction bypass on setting the PT_SUSPEND_SECCOMP
flag (bnc#1199505).
o CVE-2021-33061: Fixed insufficient control flow management for the Intel(R)
82599 Ethernet Controllers and Adapters that may have allowed an
authenticated user to potentially enable denial of service via local access
(bnc#1196426).
o CVE-2022-1516: Fixed null-ptr-deref caused by x25_disconnect (bsc#1199012).
o CVE-2021-20321: Fixed a race condition accessing file object in the
OverlayFS subsystem in the way users do rename in specific way with
OverlayFS. A local user could have used this flaw to crash the system (bnc#
1191647).
o CVE-2022-1419: Fixed a concurrency use-after-free in vgem_gem_dumb_create
(bsc#1198742).
o CVE-2021-43389: Fixed an array-index-out-of-bounds flaw in the
detach_capi_ctr function in drivers/isdn/capi/kcapi.c (bnc#1191958).
o CVE-2019-20811: Fixed issue in rx_queue_add_kobject() and
netdev_queue_add_kobject() in net/core/net-sysfs.c, where a reference count
is mishandled (bnc#1172456).
o CVE-2021-38208: Fixed a denial of service (NULL pointer dereference and
BUG) by making a getsockname call after a certain type of failure of a bind
call (bnc#1187055).
o CVE-2022-1353: Fixed access controll to kernel memory in the pfkey_register
function in net/key/af_key.c. (bnc#1198516)
o CVE-2021-20292: Fixed object validation prior to performing operations on
the object in nouveau_sgdma_create_ttm in Nouveau DRM subsystem (bnc#
1183723).
o CVE-2022-1011: Fixed an use-after-free vulnerability which could allow a
local attacker to retireve (partial) /etc/shadow hashes or any other data
from filesystem when he can mount a FUSE filesystems. (bnc#1197343)
The following non-security bugs were fixed:
o btrfs: relocation: Only remove reloc rb_trees if reloc control has been
initialized (bsc#1199399).
o btrfs: relocation: Only remove reloc rb_trees if reloc control has been
initialized (bsc#1199399).
o debug: Lock down kgdb (bsc#1199426).
o dimlib: make DIMLIB a hidden symbol (bsc#1197099 jsc#SLE-24124).
o lib/dim: Fix -Wunused-const-variable warnings (bsc#1197099 jsc#SLE-24124).
o lib/dim: fix help text typos (bsc#1197099 jsc#SLE-24124).
o linux/dim: Add completions count to dim_sample (bsc#1197099 jsc#SLE-24124).
o linux/dim: Fix overflow in dim calculation (bsc#1197099 jsc#SLE-24124).
o linux/dim: Implement RDMA adaptive moderation (DIM) (bsc#1197099 jsc#
SLE-24124).
o linux/dim: Move implementation to .c files (bsc#1197099 jsc#SLE-24124).
o linux/dim: Move logic to dim.h (bsc#1197099 jsc#SLE-24124).
o linux/dim: Remove "net" prefix from internal DIM members (bsc#1197099 jsc#
SLE-24124).
o linux/dim: Rename externally exposed macros (bsc#1197099 jsc#SLE-24124).
o linux/dim: Rename externally used net_dim members (bsc#1197099 jsc#
SLE-24124).
o linux/dim: Rename net_dim_sample() to net_dim_update_sample() (bsc#1197099
jsc#SLE-24124).
o net: ena: A typo fix in the file ena_com.h (bsc#1197099 jsc#SLE-24124).
o net: ena: Add capabilities field with support for ENI stats capability (bsc
#1197099 jsc#SLE-24124).
o net: ena: add device distinct log prefix to files (bsc#1197099 jsc#
SLE-24124).
o net: ena: Add first_interrupt field to napi struct (bsc#1197099 jsc#
SLE-24124).
o net: ena: add intr_moder_rx_interval to struct ena_com_dev and use it (bsc#
1197099 jsc#SLE-24124).
o net: ena: add jiffies of last napi call to stats (bsc#1197099 jsc#
SLE-24124).
o net: ena: add missing ethtool TX timestamping indication (bsc#1197099 jsc#
SLE-24124).
o net: ena: add reserved PCI device ID (bsc#1197099 jsc#SLE-24124).
o net: ena: add support for reporting of packet drops (bsc#1197099 jsc#
SLE-24124).
o net: ena: add support for the rx offset feature (bsc#1197099 jsc#
SLE-24124).
o net: ena: add support for traffic mirroring (bsc#1197099 jsc#SLE-24124).
o net: ena: add unmask interrupts statistics to ethtool (bsc#1197099 jsc#
SLE-24124).
o net: ena: aggregate stats increase into a function (bsc#1197099 jsc#
SLE-24124).
o net: ena: allow setting the hash function without changing the key (bsc#
1197099 jsc#SLE-24124).
o net: ena: avoid memory access violation by validating req_id properly (bsc#
1197099 jsc#SLE-24124).
o net: ena: avoid unnecessary admin command when RSS function set fails (bsc#
1197099 jsc#SLE-24124).
o net: ena: avoid unnecessary rearming of interrupt vector when busy-polling
(bsc#1197099 jsc#SLE-24124).
o net: ena: Capitalize all log strings and improve code readability (bsc#
1197099 jsc#SLE-24124).
o net: ena: change default RSS hash function to Toeplitz (bsc#1197099 jsc#
SLE-24124).
o net: ena: Change ENI stats support check to use capabilities field (bsc#
1197099 jsc#SLE-24124).
o net: ena: Change license into format to SPDX in all files (bsc#1197099 jsc#
SLE-24124).
o net: ena: Change log message to netif/dev function (bsc#1197099 jsc#
SLE-24124).
o net: ena: change num_queues to num_io_queues for clarity and consistency
(bsc#1197099 jsc#SLE-24124).
o net: ena: Change return value of ena_calc_io_queue_size() to void (bsc#
1197099 jsc#SLE-24124).
o net: ena: Change RSS related macros and variables names (bsc#1197099 jsc#
SLE-24124).
o net: ena: Change the name of bad_csum variable (bsc#1197099 jsc#SLE-24124).
o net: ena: changes to RSS hash key allocation (bsc#1197099 jsc#SLE-24124).
o net: ena: clean up indentation issue (bsc#1197099 jsc#SLE-24124).
o net: ena: cosmetic: change ena_com_stats_admin stats to u64 (bsc#1197099
jsc#SLE-24124).
o net: ena: cosmetic: code reorderings (bsc#1197099 jsc#SLE-24124).
o net: ena: cosmetic: extract code to ena_indirection_table_set() (bsc#
1197099 jsc#SLE-24124).
o net: ena: cosmetic: fix line break issues (bsc#1197099 jsc#SLE-24124).
o net: ena: cosmetic: fix spacing issues (bsc#1197099 jsc#SLE-24124).
o net: ena: cosmetic: fix spelling and grammar mistakes in comments (bsc#
1197099 jsc#SLE-24124).
o net: ena: cosmetic: minor code changes (bsc#1197099 jsc#SLE-24124).
o net: ena: cosmetic: remove unnecessary code (bsc#1197099 jsc#SLE-24124).
o net: ena: cosmetic: remove unnecessary spaces and tabs in ena_com.h macros
(bsc#1197099 jsc#SLE-24124).
o net: ena: cosmetic: rename ena_update_tx/rx_rings_intr_moderation() (bsc#
1197099 jsc#SLE-24124).
o net: ena: cosmetic: set queue sizes to u32 for consistency (bsc#1197099 jsc
#SLE-24124).
o net: ena: do not wake up tx queue when down (bsc#1197099 jsc#SLE-24124).
o net: ena: drop superfluous prototype (bsc#1197099 jsc#SLE-24124).
o net: ena: ena-com.c: prevent NULL pointer dereference (bsc#1197099 jsc#
SLE-24124).
o net: ena: enable support of rss hash key and function changes (bsc#1197099
jsc#SLE-24124).
o net: ena: enable the interrupt_moderation in driver_supported_features (bsc
#1197099 jsc#SLE-24124).
o net: ena: ethtool: Add new device statistics (bsc#1197099 jsc#SLE-24124).
o net: ena: ethtool: clean up minor indentation issue (bsc#1197099 jsc#
SLE-24124).
o net: ena: ethtool: convert stat_offset to 64 bit resolution (bsc#1197099
jsc#SLE-24124).
o net: ena: ethtool: get_channels: use combined only (bsc#1197099 jsc#
SLE-24124).
o net: ena: ethtool: remove redundant non-zero check on rc (bsc#1197099 jsc#
SLE-24124).
o net: ena: ethtool: support set_channels callback (bsc#1197099 jsc#
SLE-24124).
o net: ena: ethtool: use correct value for crc32 hash (bsc#1197099 jsc#
SLE-24124).
o net: ena: Fix all static chekers' warnings (bsc#1197099 jsc#SLE-24124).
o net: ena: Fix build warning in ena_xdp_set() (bsc#1197099 jsc#SLE-24124).
o net: ena: fix coding style nits (bsc#1197099 jsc#SLE-24124).
o net: ena: fix continuous keep-alive resets (bsc#1197099 jsc#SLE-24124).
o net: ena: fix corruption of dev_idx_to_host_tbl (bsc#1197099 jsc#
SLE-24124).
o net: ena: fix default tx interrupt moderation interval (bsc#1197099 jsc#
SLE-24124).
o net: ena: fix ena_com_comp_status_to_errno() return value (bsc#1197099 jsc#
SLE-24124).
o net: ena: Fix error handling when calculating max IO queues number (bsc#
1197099 jsc#SLE-24124).
o net: ena: fix error returning in ena_com_get_hash_function() (bsc#1197099
jsc#SLE-24124).
o net: ena: fix inaccurate print type (bsc#1197099 jsc#SLE-24124).
o net: ena: fix incorrect default RSS key (bsc#1197099 jsc#SLE-24124).
o net: ena: fix incorrect setting of the number of msix vectors (bsc#1197099
jsc#SLE-24124).
o net: ena: fix incorrect update of intr_delay_resolution (bsc#1197099 jsc#
SLE-24124).
o net: ena: fix incorrectly saving queue numbers when setting RSS indirection
table (bsc#1197099 jsc#SLE-24124).
o net: ena: fix issues in setting interrupt moderation params in ethtool (bsc
#1197099 jsc#SLE-24124).
o net: ena: fix packet's addresses for rx_offset feature (bsc#1197099 jsc#
SLE-24124).
o net: ena: fix potential crash when rxfh key is NULL (bsc#1197099 jsc#
SLE-24124).
o net: ena: fix request of incorrect number of IRQ vectors (bsc#1197099 jsc#
SLE-24124).
o net: ena: fix retrieval of nonadaptive interrupt moderation intervals (bsc#
1197099 jsc#SLE-24124).
o net: ena: fix update of interrupt moderation register (bsc#1197099 jsc#
SLE-24124).
o net: ena: fix uses of round_jiffies() (bsc#1197099 jsc#SLE-24124).
o net: ena: Fix using plain integer as NULL pointer in ena_init_napi_in_range
(bsc#1197099 jsc#SLE-24124).
o net: ena: Fix wrong rx request id by resetting device (bsc#1197099 jsc#
SLE-24124).
o net: ena: handle bad request id in ena_netdev (bsc#1197099 jsc#SLE-24124).
o net: ena: Improve error logging in driver (bsc#1197099 jsc#SLE-24124).
o net: ena: make ena rxfh support ETH_RSS_HASH_NO_CHANGE (bsc#1197099 jsc#
SLE-24124).
o net: ena: make ethtool -l show correct max number of queues (bsc#1197099
jsc#SLE-24124).
o net: ena: Make missed_tx stat incremental (bsc#1197099 jsc#SLE-24124).
o net: ena: make symbol 'ena_alloc_map_page' static (bsc#1197099 jsc#
SLE-24124).
o net: ena: move llq configuration from ena_probe to ena_device_init() (bsc#
1197099 jsc#SLE-24124).
o net: ena: Move reset completion print to the reset function (bsc#1197099
jsc#SLE-24124).
o net: ena: multiple queue creation related cleanups (bsc#1197099 jsc#
SLE-24124).
o net: ena: Prevent reset after device destruction (bsc#1197099 jsc#
SLE-24124).
o net: ena: re-organize code to improve readability (bsc#1197099 jsc#
SLE-24124).
o net: ena: reduce driver load time (bsc#1197099 jsc#SLE-24124).
o net: ena: reimplement set/get_coalesce() (bsc#1197099 jsc#SLE-24124).
o net: ena: remove all old adaptive rx interrupt moderation code from ena_com
(bsc#1197099 jsc#SLE-24124).
o net: ena: remove code duplication in
ena_com_update_nonadaptive_moderation_interval _*() (bsc#1197099 jsc#
SLE-24124).
o net: ena: remove code that does nothing (bsc#1197099 jsc#SLE-24124).
o net: ena: Remove ena_calc_queue_size_ctx struct (bsc#1197099 jsc#
SLE-24124).
o net: ena: remove ena_restore_ethtool_params() and relevant fields (bsc#
1197099 jsc#SLE-24124).
o net: ena: remove extra words from comments (bsc#1197099 jsc#SLE-24124).
o net: ena: Remove module param and change message severity (bsc#1197099 jsc#
SLE-24124).
o net: ena: remove old adaptive interrupt moderation code from ena_netdev
(bsc#1197099 jsc#SLE-24124).
o net: ena: remove redundant print of number of queues (bsc#1197099 jsc#
SLE-24124).
o net: ena: Remove redundant print of placement policy (bsc#1197099 jsc#
SLE-24124).
o net: ena: Remove redundant return code check (bsc#1197099 jsc#SLE-24124).
o net: ena: remove set but not used variable 'hash_key' (bsc#1197099 jsc#
SLE-24124).
o net: ena: Remove unused code (bsc#1197099 jsc#SLE-24124).
o net: ena: rename ena_com_free_desc to make API more uniform (bsc#1197099
jsc#SLE-24124).
o net: ena: rss: do not allocate key when not supported (bsc#1197099 jsc#
SLE-24124).
o net: ena: rss: fix failure to get indirection table (bsc#1197099 jsc#
SLE-24124).
o net: ena: rss: store hash function as values and not bits (bsc#1197099 jsc#
SLE-24124).
o net: ena: Select DIMLIB for ENA_ETHERNET (bsc#1197099 jsc#SLE-24124).
o net: ena: set initial DMA width to avoid intel iommu issue (bsc#1197099 jsc
#SLE-24124).
o net: ena: simplify ena_com_update_intr_delay_resolution() (bsc#1197099 jsc#
SLE-24124).
o net: ena: store values in their appropriate variables types (bsc#1197099
jsc#SLE-24124).
o net: ena: support new LLQ acceleration mode (bsc#1197099 jsc#SLE-24124).
o net: ena: switch to dim algorithm for rx adaptive interrupt moderation (bsc
#1197099 jsc#SLE-24124).
o net: ena: use constant value for net_device allocation (bsc#1197099 jsc#
SLE-24124).
o net: ena: Use dev_alloc() in RX buffer allocation (bsc#1197099 jsc#
SLE-24124).
o net: ena: use explicit variable size for clarity (bsc#1197099 jsc#
SLE-24124).
o net: ena: use SHUTDOWN as reset reason when closing interface (bsc#1197099
jsc#SLE-24124).
o net: mana: Add counter for packet dropped by XDP (bsc#1195651).
o net: mana: Add counter for XDP_TX (bsc#1195651).
o net: mana: Add handling of CQE_RX_TRUNCATED (bsc#1195651).
o net: mana: Remove unnecessary check of cqe_type in mana_process_rx_cqe()
(bsc#1195651).
o net: mana: Reuse XDP dropped page (bsc#1195651).
o net: mana: Use struct_size() helper in mana_gd_create_dma_region() (bsc#
1195651).
o net: update net_dim documentation after rename (bsc#1197099 jsc#SLE-24124).
o PCI: hv: Do not set PCI_COMMAND_MEMORY to reduce VM boot time (bsc#
1199314).
o powerpc/pseries: extract host bridge from pci_bus prior to bus removal (bsc
#1182171 ltc#190900 bsc#1198660 ltc#197803).
o powerpc/pseries: Fix use after free in remove_phb_dynamic() (bsc#1065729
bsc#1198660 ltc#197803).
o scsi: scsi_dh_alua: Avoid crash during alua_bus_detach() (bsc#1028340 bsc#
1198825).
o x86/pm: Save the MSR validity status at context setup (bsc#1114648).
o x86/speculation: Restore speculation related MSRs during S3 resume (bsc#
1114648).
Special Instructions and Notes:
Please reboot the system after installing this update.
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
o SUSE OpenStack Cloud Crowbar 9:
zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-2083=1
o SUSE OpenStack Cloud 9:
zypper in -t patch SUSE-OpenStack-Cloud-9-2022-2083=1
o SUSE Linux Enterprise Server for SAP 12-SP4:
zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-2083=1
o SUSE Linux Enterprise Server 12-SP4-LTSS:
zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-2083=1
o SUSE Linux Enterprise Live Patching 12-SP4:
zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2022-2083=1
o SUSE Linux Enterprise High Availability 12-SP4:
zypper in -t patch SUSE-SLE-HA-12-SP4-2022-2083=1
Package List:
o SUSE OpenStack Cloud Crowbar 9 (noarch):
kernel-devel-4.12.14-95.99.2
kernel-macros-4.12.14-95.99.2
kernel-source-4.12.14-95.99.2
o SUSE OpenStack Cloud Crowbar 9 (x86_64):
kernel-default-4.12.14-95.99.3
kernel-default-base-4.12.14-95.99.3
kernel-default-base-debuginfo-4.12.14-95.99.3
kernel-default-debuginfo-4.12.14-95.99.3
kernel-default-debugsource-4.12.14-95.99.3
kernel-default-devel-4.12.14-95.99.3
kernel-default-devel-debuginfo-4.12.14-95.99.3
kernel-syms-4.12.14-95.99.2
o SUSE OpenStack Cloud 9 (noarch):
kernel-devel-4.12.14-95.99.2
kernel-macros-4.12.14-95.99.2
kernel-source-4.12.14-95.99.2
o SUSE OpenStack Cloud 9 (x86_64):
kernel-default-4.12.14-95.99.3
kernel-default-base-4.12.14-95.99.3
kernel-default-base-debuginfo-4.12.14-95.99.3
kernel-default-debuginfo-4.12.14-95.99.3
kernel-default-debugsource-4.12.14-95.99.3
kernel-default-devel-4.12.14-95.99.3
kernel-default-devel-debuginfo-4.12.14-95.99.3
kernel-syms-4.12.14-95.99.2
o SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64):
kernel-default-4.12.14-95.99.3
kernel-default-base-4.12.14-95.99.3
kernel-default-base-debuginfo-4.12.14-95.99.3
kernel-default-debuginfo-4.12.14-95.99.3
kernel-default-debugsource-4.12.14-95.99.3
kernel-default-devel-4.12.14-95.99.3
kernel-syms-4.12.14-95.99.2
o SUSE Linux Enterprise Server for SAP 12-SP4 (noarch):
kernel-devel-4.12.14-95.99.2
kernel-macros-4.12.14-95.99.2
kernel-source-4.12.14-95.99.2
o SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64):
kernel-default-devel-debuginfo-4.12.14-95.99.3
o SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64):
kernel-default-4.12.14-95.99.3
kernel-default-base-4.12.14-95.99.3
kernel-default-base-debuginfo-4.12.14-95.99.3
kernel-default-debuginfo-4.12.14-95.99.3
kernel-default-debugsource-4.12.14-95.99.3
kernel-default-devel-4.12.14-95.99.3
kernel-syms-4.12.14-95.99.2
o SUSE Linux Enterprise Server 12-SP4-LTSS (x86_64):
kernel-default-devel-debuginfo-4.12.14-95.99.3
o SUSE Linux Enterprise Server 12-SP4-LTSS (noarch):
kernel-devel-4.12.14-95.99.2
kernel-macros-4.12.14-95.99.2
kernel-source-4.12.14-95.99.2
o SUSE Linux Enterprise Server 12-SP4-LTSS (s390x):
kernel-default-man-4.12.14-95.99.3
o SUSE Linux Enterprise Live Patching 12-SP4 (ppc64le s390x x86_64):
kernel-default-kgraft-4.12.14-95.99.3
kernel-default-kgraft-devel-4.12.14-95.99.3
kgraft-patch-4_12_14-95_99-default-1-6.3.3
o SUSE Linux Enterprise High Availability 12-SP4 (ppc64le s390x x86_64):
cluster-md-kmp-default-4.12.14-95.99.3
cluster-md-kmp-default-debuginfo-4.12.14-95.99.3
dlm-kmp-default-4.12.14-95.99.3
dlm-kmp-default-debuginfo-4.12.14-95.99.3
gfs2-kmp-default-4.12.14-95.99.3
gfs2-kmp-default-debuginfo-4.12.14-95.99.3
kernel-default-debuginfo-4.12.14-95.99.3
kernel-default-debugsource-4.12.14-95.99.3
ocfs2-kmp-default-4.12.14-95.99.3
ocfs2-kmp-default-debuginfo-4.12.14-95.99.3
References:
o https://www.suse.com/security/cve/CVE-2019-20811.html
o https://www.suse.com/security/cve/CVE-2021-20292.html
o https://www.suse.com/security/cve/CVE-2021-20321.html
o https://www.suse.com/security/cve/CVE-2021-33061.html
o https://www.suse.com/security/cve/CVE-2021-38208.html
o https://www.suse.com/security/cve/CVE-2021-39711.html
o https://www.suse.com/security/cve/CVE-2021-43389.html
o https://www.suse.com/security/cve/CVE-2022-1011.html
o https://www.suse.com/security/cve/CVE-2022-1353.html
o https://www.suse.com/security/cve/CVE-2022-1419.html
o https://www.suse.com/security/cve/CVE-2022-1516.html
o https://www.suse.com/security/cve/CVE-2022-1652.html
o https://www.suse.com/security/cve/CVE-2022-1734.html
o https://www.suse.com/security/cve/CVE-2022-21123.html
o https://www.suse.com/security/cve/CVE-2022-21125.html
o https://www.suse.com/security/cve/CVE-2022-21127.html
o https://www.suse.com/security/cve/CVE-2022-21166.html
o https://www.suse.com/security/cve/CVE-2022-21180.html
o https://www.suse.com/security/cve/CVE-2022-30594.html
o https://bugzilla.suse.com/1028340
o https://bugzilla.suse.com/1065729
o https://bugzilla.suse.com/1071995
o https://bugzilla.suse.com/1114648
o https://bugzilla.suse.com/1172456
o https://bugzilla.suse.com/1182171
o https://bugzilla.suse.com/1183723
o https://bugzilla.suse.com/1187055
o https://bugzilla.suse.com/1191647
o https://bugzilla.suse.com/1191958
o https://bugzilla.suse.com/1195651
o https://bugzilla.suse.com/1196426
o https://bugzilla.suse.com/1197099
o https://bugzilla.suse.com/1197219
o https://bugzilla.suse.com/1197343
o https://bugzilla.suse.com/1198400
o https://bugzilla.suse.com/1198516
o https://bugzilla.suse.com/1198660
o https://bugzilla.suse.com/1198687
o https://bugzilla.suse.com/1198742
o https://bugzilla.suse.com/1198825
o https://bugzilla.suse.com/1199012
o https://bugzilla.suse.com/1199063
o https://bugzilla.suse.com/1199314
o https://bugzilla.suse.com/1199399
o https://bugzilla.suse.com/1199426
o https://bugzilla.suse.com/1199505
o https://bugzilla.suse.com/1199605
o https://bugzilla.suse.com/1199650
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: https://auscert.org.au/gpg-key/
iQIVAwUBYqrJwMkNZI30y1K9AQhahA/8CvuswqlUQXVkENfGOkjgBpkeLaN9PqSX
qgXOqvEowMiZxlSuurlZhs/PczTpG7h0zBnxdF3iMGtanYc/c/vtZ6BCDmqL2gQA
HZUQahDJRYxVFQA17IBmpYvdT5ESNEEO204RZuEbpCMZ5lzNsfb84QB0cWIEGo1+
WRw+Rtb1ttZ33q2Jw1AnL10h40q5Q7tt5+SywxpVUekua7+1++i6xwxZ8OLU1Toh
tm7gA7zqnndhxnvnvaMoU295TSQDcE5sBz/rIYr2gTUZ84/lHHVIILkKH7b1cw/t
Oa3lZATH/e2P4++SjE9Ot4H1z2HpMex+XV4hqFcHpySaki488UxN5itT5Thh+0MJ
uNeRBPqD2tiXnJRtaz3CACfXzzu1Xx/KycePkvWqj0/HWn3x2/cjHNquzmbQAxGz
Kwer6qWdlV7lV39w/B/h/h+p4fQVq+slHmb2iGsmKUiRcSyagf9z3NnHijaRc2yk
zYi3xSqdPCTkfi7d/uraWW3cP9Y4LKBV6XWjkD1hlTDMfs0Lg/HMnfbFeDPBT40b
zqf0QXWmqzAemhXedNfOaFWX6NQnfEU9/7Gf5DkuX2184MIvgaPeZayD+qn1GDoG
oqAkRBiUa77BkpNl/8LGPvxEKRQfnz+p/5EJhN+YaaXYM7T97wQ2dr6rH8qS/JAE
qHPWcfDlgjM=
=xJG6
-----END PGP SIGNATURE-----