-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2022.3008
                   Security update for the Linux Kernel
                               20 June 2022

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Linux Kernel
Publisher:         SUSE
Operating System:  SUSE
Resolution:        Patch/Upgrade
CVE Names:         CVE-2022-30594 CVE-2022-28748 CVE-2022-22942
                   CVE-2022-21499 CVE-2022-21180 CVE-2022-21166
                   CVE-2022-21127 CVE-2022-21125 CVE-2022-21123
                   CVE-2022-1975 CVE-2022-1974 CVE-2022-1734
                   CVE-2022-1729 CVE-2022-1652 CVE-2022-1516
                   CVE-2022-1419 CVE-2022-1353 CVE-2022-1184
                   CVE-2022-1011 CVE-2021-43389 CVE-2021-39711
                   CVE-2021-38208 CVE-2021-33061 CVE-2021-20321
                   CVE-2021-20292 CVE-2020-26541 CVE-2019-20811
                   CVE-2019-19377 CVE-2018-7755 CVE-2017-13695

Original Bulletin: 
   https://www.suse.com/support/update/announcement/2022/suse-su-20222111-1

Comment: CVSS (Max):  8.4 CVE-2022-30594 (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
         CVSS Source: SUSE
         Calculator:  https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

- --------------------------BEGIN INCLUDED TEXT--------------------

SUSE Security Update: Security update for the Linux Kernel

______________________________________________________________________________

Announcement ID:   SUSE-SU-2022:2111-1
Rating:            important
References:        #1028340 #1055710 #1065729 #1071995 #1084513 #1087082
                   #1114648 #1158266 #1172456 #1177282 #1182171 #1183723
                   #1187055 #1191647 #1191958 #1195065 #1195651 #1196018
                   #1196367 #1196426 #1196999 #1197219 #1197343 #1197663
                   #1198400 #1198516 #1198577 #1198660 #1198687 #1198742
                   #1198777 #1198825 #1199012 #1199063 #1199314 #1199399
                   #1199426 #1199505 #1199507 #1199605 #1199650 #1200143
                   #1200144 #1200249
Cross-References:  CVE-2017-13695 CVE-2018-7755 CVE-2019-19377 CVE-2019-20811
                   CVE-2020-26541 CVE-2021-20292 CVE-2021-20321 CVE-2021-33061
                   CVE-2021-38208 CVE-2021-39711 CVE-2021-43389 CVE-2022-1011
                   CVE-2022-1184 CVE-2022-1353 CVE-2022-1419 CVE-2022-1516
                   CVE-2022-1652 CVE-2022-1729 CVE-2022-1734 CVE-2022-1974
                   CVE-2022-1975 CVE-2022-21123 CVE-2022-21125 CVE-2022-21127
                   CVE-2022-21166 CVE-2022-21180 CVE-2022-21499 CVE-2022-22942
                   CVE-2022-28748 CVE-2022-30594
Affected Products:
                   SUSE CaaS Platform 4.0
                   SUSE Enterprise Storage 6
                   SUSE Linux Enterprise High Availability 15-SP1
                   SUSE Linux Enterprise High Performance Computing 15-SP1
                   SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS
                   SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS
                   SUSE Linux Enterprise Module for Live Patching 15-SP1
                   SUSE Linux Enterprise Server 15-SP1
                   SUSE Linux Enterprise Server 15-SP1-BCL
                   SUSE Linux Enterprise Server 15-SP1-LTSS
                   SUSE Linux Enterprise Server for SAP 15-SP1
                   SUSE Linux Enterprise Server for SAP Applications 15-SP1
                   SUSE Manager Proxy 4.0
                   SUSE Manager Retail Branch Server 4.0
                   SUSE Manager Server 4.0
                   openSUSE Leap 15.3
                   openSUSE Leap 15.4
______________________________________________________________________________

An update that solves 30 vulnerabilities and has 14 fixes is now available.

Description:


The SUSE Linux Enterprise 15 SP1 kernel was updated.
The following security bugs were fixed:

  o CVE-2022-21127: Fixed a stale MMIO data transient which can be exploited to
    speculatively/transiently disclose information via spectre like attacks.
    (bsc#1199650)
  o CVE-2022-21123: Fixed a stale MMIO data transient which can be exploited to
    speculatively/transiently disclose information via spectre like attacks.
    (bsc#1199650)
  o CVE-2022-21125: Fixed a stale MMIO data transient which can be exploited to
    speculatively/transiently disclose information via spectre like attacks.
    (bsc#1199650)
  o CVE-2022-21180: Fixed a stale MMIO data transient which can be exploited to
    speculatively/transiently disclose information via spectre like attacks.
    (bsc#1199650)
  o CVE-2022-21166: Fixed a stale MMIO data transient which can be exploited to
    speculatively/transiently disclose information via spectre like attacks.
    (bsc#1199650)
  o CVE-2019-19377: Fixed an user-after-free that could be triggered when an
    attacker mounts a crafted btrfs filesystem image. (bnc#1158266)
  o CVE-2022-1184: Fixed an use-after-free and memory errors in ext4 when
    mounting and operating on a corrupted image. (bsc#1198577)
  o CVE-2017-13695: Fixed a bug that caused a stack dump allowing local users
    to obtain sensitive information from kernel memory and bypass the KASLR
    protection mechanism via a crafted ACPI table. (bnc#1055710)
  o CVE-2022-1729: Fixed a sys_perf_event_open() race condition against self
    (bsc#1199507).
  o CVE-2022-1652: Fixed a statically allocated error counter inside the floppy
    kernel module (bsc#1199063).
  o CVE-2021-39711: In bpf_prog_test_run_skb of test_run.c, there is a possible
    out of bounds read due to Incorrect Size Value. This could lead to local
    information disclosure with System execution privileges needed. User
    interaction is not needed for exploitation (bnc#1197219).
  o CVE-2022-30594: Fixed restriction bypass on setting the PT_SUSPEND_SECCOMP
    flag (bnc#1199505).
  o CVE-2021-33061: Fixed insufficient control flow management for the Intel(R)
    82599 Ethernet Controllers and Adapters that may have allowed an
    authenticated user to potentially enable denial of service via local access
    (bnc#1196426).
  o CVE-2022-1516: Fixed null-ptr-deref caused by x25_disconnect (bsc#1199012).
  o CVE-2021-20321: Fixed a race condition accessing file object in the
    OverlayFS subsystem in the way users do rename in specific way with
    OverlayFS. A local user could have used this flaw to crash the system (bnc#
    1191647).
  o CVE-2019-20811: Fixed issue in rx_queue_add_kobject() and
    netdev_queue_add_kobject() in net/core/net-sysfs.c, where a reference count
    is mishandled (bnc#1172456).
  o CVE-2022-28748: Fixed memory lead over the network by ax88179_178a devices
    (bsc#1196018).
  o CVE-2018-7755: Fixed an issue in the fd_locked_ioctl function in drivers/
    block/floppy.c. The floppy driver will copy a kernel pointer to user memory
    in response to the FDGETPRM ioctl. An attacker can send the FDGETPRM ioctl
    and use the obtained kernel pointer to discover the location of kernel code
    and data and bypass kernel security protections such as KASLR (bnc#
    1084513).
  o CVE-2022-22942: Fixed stale file descriptors on failed usercopy (bsc#
    1195065).
  o CVE-2022-1419: Fixed a concurrency use-after-free in vgem_gem_dumb_create
    (bsc#1198742).
  o CVE-2021-43389: Fixed an array-index-out-of-bounds flaw in the
    detach_capi_ctr function in drivers/isdn/capi/kcapi.c (bnc#1191958).
  o CVE-2021-38208: Fixed a denial of service (NULL pointer dereference and
    BUG) by making a getsockname call after a certain type of failure of a bind
    call (bnc#1187055).
  o CVE-2022-1353: Fixed access controll to kernel memory in the pfkey_register
    function in net/key/af_key.c (bnc#1198516).
  o CVE-2021-20292: Fixed object validation prior to performing operations on
    the object in nouveau_sgdma_create_ttm in Nouveau DRM subsystem (bnc#
    1183723).
  o CVE-2022-1011: Fixed an use-after-free vulnerability which could allow a
    local attacker to retireve (partial) /etc/shadow hashes or any other data
    from filesystem when he can mount a FUSE filesystems. (bnc#1197343)
  o CVE-2022-1974: Fixed an use-after-free that could causes kernel crash by
    simulating an nfc device from user-space. (bsc#1200144).
  o CVE-2020-26541: Enforce the secure boot forbidden signature database (aka
    dbx) protection mechanism. (bnc#1177282)
  o CVE-2022-1975: Fixed a bug that allows an attacker to crash the linux
    kernel by simulating nfc device from user-space. (bsc#1200143)
  o CVE-2022-21499: Reinforce the kernel lockdown feature, until now it's been
    trivial to break out of it with kgdb or kdb. (bsc#1199426)
  o CVE-2022-1734: Fixed a r/w use-after-free when non synchronized between
    cleanup routine and firmware download routine. (bnc#1199605).


The following non-security bugs were fixed:

  o btrfs: relocation: Only remove reloc rb_trees if reloc control has been
    initialized (bsc#1199399).
  o btrfs: tree-checker: fix incorrect printk format (bsc#1200249).
  o net: ena: A typo fix in the file ena_com.h (bsc#1198777).
  o net: ena: Add capabilities field with support for ENI stats capability (bsc
    #1198777).
  o net: ena: Add debug prints for invalid req_id resets (bsc#1198777).
  o net: ena: add device distinct log prefix to files (bsc#1198777).
  o net: ena: add jiffies of last napi call to stats (bsc#1198777).
  o net: ena: aggregate doorbell common operations into a function (bsc#
    1198777).
  o net: ena: aggregate stats increase into a function (bsc#1198777).
  o net: ena: Change ENI stats support check to use capabilities field (bsc#
    1198777).
  o net: ena: Change return value of ena_calc_io_queue_size() to void (bsc#
    1198777).
  o net: ena: Change the name of bad_csum variable (bsc#1198777).
  o net: ena: Extract recurring driver reset code into a function (bsc#
    1198777).
  o net: ena: fix coding style nits (bsc#1198777).
  o net: ena: fix DMA mapping function issues in XDP (bsc#1198777).
  o net: ena: Fix error handling when calculating max IO queues number (bsc#
    1198777).
  o net: ena: fix inaccurate print type (bsc#1198777).
  o net: ena: Fix undefined state when tx request id is out of bounds (bsc#
    1198777).
  o net: ena: Fix wrong rx request id by resetting device (bsc#1198777).
  o net: ena: Improve error logging in driver (bsc#1198777).
  o net: ena: introduce ndo_xdp_xmit() function for XDP_REDIRECT (bsc#1198777).
  o net: ena: introduce XDP redirect implementation (bsc#1198777).
  o net: ena: make symbol 'ena_alloc_map_page' static (bsc#1198777).
  o net: ena: Move reset completion print to the reset function (bsc#1198777).
  o net: ena: optimize data access in fast-path code (bsc#1198777).
  o net: ena: re-organize code to improve readability (bsc#1198777).
  o net: ena: Remove ena_calc_queue_size_ctx struct (bsc#1198777).
  o net: ena: remove extra words from comments (bsc#1198777).
  o net: ena: Remove module param and change message severity (bsc#1198777).
  o net: ena: Remove rcu_read_lock() around XDP program invocation (bsc#
    1198777).
  o net: ena: Remove redundant return code check (bsc#1198777).
  o net: ena: Remove unused code (bsc#1198777).
  o net: ena: store values in their appropriate variables types (bsc#1198777).
  o net: ena: Update XDP verdict upon failure (bsc#1198777).
  o net: ena: use build_skb() in RX path (bsc#1198777).
  o net: ena: use constant value for net_device allocation (bsc#1198777).
  o net: ena: Use dev_alloc() in RX buffer allocation (bsc#1198777).
  o net: ena: Use pci_sriov_configure_simple() to enable VFs (bsc#1198777).
  o net: ena: use xdp_frame in XDP TX flow (bsc#1198777).
  o net: ena: use xdp_return_frame() to free xdp frames (bsc#1198777).
  o net: mana: Add counter for packet dropped by XDP (bsc#1195651).
  o net: mana: Add counter for XDP_TX (bsc#1195651).
  o net: mana: Add handling of CQE_RX_TRUNCATED (bsc#1195651).
  o net: mana: Remove unnecessary check of cqe_type in mana_process_rx_cqe()
    (bsc#1195651).
  o net: mana: Reuse XDP dropped page (bsc#1195651).
  o net: mana: Use struct_size() helper in mana_gd_create_dma_region() (bsc#
    1195651).
  o PCI: hv: Do not set PCI_COMMAND_MEMORY to reduce VM boot time (bsc#
    1199314).
  o powerpc/64: Fix kernel stack 16-byte alignment (bsc#1196999 ltc#196609S
    git-fixes).
  o powerpc/64: Interrupts save PPR on stack rather than thread_struct (bsc#
    1196999 ltc#196609).
  o powerpc/pseries: extract host bridge from pci_bus prior to bus removal (bsc
    #1182171 ltc#190900 bsc#1198660 ltc#197803).
  o powerpc/pseries: Fix use after free in remove_phb_dynamic() (bsc#1065729
    bsc#1198660 ltc#197803).
  o scsi: scsi_dh_alua: Avoid crash during alua_bus_detach() (bsc#1028340 bsc#
    1198825).
  o SUNRPC: change locking for xs_swap_enable/disable (bsc#1196367).
  o x86/pm: Save the MSR validity status at context setup (bsc#1114648).
  o x86/speculation: Restore speculation related MSRs during S3 resume (bsc#
    1114648).

Special Instructions and Notes:

Please reboot the system after installing this update.

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  o openSUSE Leap 15.4:
    zypper in -t patch openSUSE-SLE-15.4-2022-2111=1
  o openSUSE Leap 15.3:
    zypper in -t patch openSUSE-SLE-15.3-2022-2111=1
  o SUSE Linux Enterprise Server for SAP 15-SP1:
    zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-2111=1
  o SUSE Linux Enterprise Server 15-SP1-LTSS:
    zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-2111=1
  o SUSE Linux Enterprise Server 15-SP1-BCL:
    zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-2111=1
  o SUSE Linux Enterprise Module for Live Patching 15-SP1:
    zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2022-2111=1
  o SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS:
    zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-2111=1
  o SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS:
    zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-2111=1
  o SUSE Linux Enterprise High Availability 15-SP1:
    zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2022-2111=1
  o SUSE Enterprise Storage 6:
    zypper in -t patch SUSE-Storage-6-2022-2111=1
  o SUSE CaaS Platform 4.0:
    To install this update, use the SUSE CaaS Platform 'skuba' tool. I will
    inform you if it detects new updates and let you then trigger updating of
    the complete cluster in a controlled way.

Package List:

  o openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
       kernel-default-base-debuginfo-4.12.14-150100.197.114.2
       kernel-vanilla-4.12.14-150100.197.114.2
       kernel-vanilla-base-4.12.14-150100.197.114.2
       kernel-vanilla-base-debuginfo-4.12.14-150100.197.114.2
       kernel-vanilla-debuginfo-4.12.14-150100.197.114.2
       kernel-vanilla-debugsource-4.12.14-150100.197.114.2
       kernel-vanilla-devel-4.12.14-150100.197.114.2
       kernel-vanilla-devel-debuginfo-4.12.14-150100.197.114.2
       kernel-vanilla-livepatch-devel-4.12.14-150100.197.114.2
  o openSUSE Leap 15.4 (ppc64le x86_64):
       kernel-debug-base-4.12.14-150100.197.114.2
       kernel-debug-base-debuginfo-4.12.14-150100.197.114.2
  o openSUSE Leap 15.4 (x86_64):
       kernel-kvmsmall-base-4.12.14-150100.197.114.2
       kernel-kvmsmall-base-debuginfo-4.12.14-150100.197.114.2
  o openSUSE Leap 15.4 (s390x):
       kernel-default-man-4.12.14-150100.197.114.2
       kernel-zfcpdump-man-4.12.14-150100.197.114.2
  o openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
       kernel-default-base-debuginfo-4.12.14-150100.197.114.2
       kernel-vanilla-4.12.14-150100.197.114.2
       kernel-vanilla-base-4.12.14-150100.197.114.2
       kernel-vanilla-base-debuginfo-4.12.14-150100.197.114.2
       kernel-vanilla-debuginfo-4.12.14-150100.197.114.2
       kernel-vanilla-debugsource-4.12.14-150100.197.114.2
       kernel-vanilla-devel-4.12.14-150100.197.114.2
       kernel-vanilla-devel-debuginfo-4.12.14-150100.197.114.2
       kernel-vanilla-livepatch-devel-4.12.14-150100.197.114.2
  o openSUSE Leap 15.3 (ppc64le x86_64):
       kernel-debug-base-4.12.14-150100.197.114.2
       kernel-debug-base-debuginfo-4.12.14-150100.197.114.2
  o openSUSE Leap 15.3 (x86_64):
       kernel-kvmsmall-base-4.12.14-150100.197.114.2
       kernel-kvmsmall-base-debuginfo-4.12.14-150100.197.114.2
  o openSUSE Leap 15.3 (s390x):
       kernel-default-man-4.12.14-150100.197.114.2
       kernel-zfcpdump-man-4.12.14-150100.197.114.2
  o SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64):
       kernel-default-4.12.14-150100.197.114.2
       kernel-default-base-4.12.14-150100.197.114.2
       kernel-default-base-debuginfo-4.12.14-150100.197.114.2
       kernel-default-debuginfo-4.12.14-150100.197.114.2
       kernel-default-debugsource-4.12.14-150100.197.114.2
       kernel-default-devel-4.12.14-150100.197.114.2
       kernel-default-devel-debuginfo-4.12.14-150100.197.114.2
       kernel-obs-build-4.12.14-150100.197.114.2
       kernel-obs-build-debugsource-4.12.14-150100.197.114.2
       kernel-syms-4.12.14-150100.197.114.2
       reiserfs-kmp-default-4.12.14-150100.197.114.2
       reiserfs-kmp-default-debuginfo-4.12.14-150100.197.114.2
  o SUSE Linux Enterprise Server for SAP 15-SP1 (noarch):
       kernel-devel-4.12.14-150100.197.114.2
       kernel-docs-4.12.14-150100.197.114.2
       kernel-macros-4.12.14-150100.197.114.2
       kernel-source-4.12.14-150100.197.114.2
  o SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64):
       kernel-default-4.12.14-150100.197.114.2
       kernel-default-base-4.12.14-150100.197.114.2
       kernel-default-base-debuginfo-4.12.14-150100.197.114.2
       kernel-default-debuginfo-4.12.14-150100.197.114.2
       kernel-default-debugsource-4.12.14-150100.197.114.2
       kernel-default-devel-4.12.14-150100.197.114.2
       kernel-default-devel-debuginfo-4.12.14-150100.197.114.2
       kernel-obs-build-4.12.14-150100.197.114.2
       kernel-obs-build-debugsource-4.12.14-150100.197.114.2
       kernel-syms-4.12.14-150100.197.114.2
       reiserfs-kmp-default-4.12.14-150100.197.114.2
       reiserfs-kmp-default-debuginfo-4.12.14-150100.197.114.2
  o SUSE Linux Enterprise Server 15-SP1-LTSS (noarch):
       kernel-devel-4.12.14-150100.197.114.2
       kernel-docs-4.12.14-150100.197.114.2
       kernel-macros-4.12.14-150100.197.114.2
       kernel-source-4.12.14-150100.197.114.2
  o SUSE Linux Enterprise Server 15-SP1-LTSS (s390x):
       kernel-default-man-4.12.14-150100.197.114.2
       kernel-zfcpdump-debuginfo-4.12.14-150100.197.114.2
       kernel-zfcpdump-debugsource-4.12.14-150100.197.114.2
  o SUSE Linux Enterprise Server 15-SP1-BCL (x86_64):
       kernel-default-4.12.14-150100.197.114.2
       kernel-default-base-4.12.14-150100.197.114.2
       kernel-default-base-debuginfo-4.12.14-150100.197.114.2
       kernel-default-debuginfo-4.12.14-150100.197.114.2
       kernel-default-debugsource-4.12.14-150100.197.114.2
       kernel-default-devel-4.12.14-150100.197.114.2
       kernel-default-devel-debuginfo-4.12.14-150100.197.114.2
       kernel-obs-build-4.12.14-150100.197.114.2
       kernel-obs-build-debugsource-4.12.14-150100.197.114.2
       kernel-syms-4.12.14-150100.197.114.2
       reiserfs-kmp-default-4.12.14-150100.197.114.2
       reiserfs-kmp-default-debuginfo-4.12.14-150100.197.114.2
  o SUSE Linux Enterprise Server 15-SP1-BCL (noarch):
       kernel-devel-4.12.14-150100.197.114.2
       kernel-docs-4.12.14-150100.197.114.2
       kernel-macros-4.12.14-150100.197.114.2
       kernel-source-4.12.14-150100.197.114.2
  o SUSE Linux Enterprise Module for Live Patching 15-SP1 (ppc64le x86_64):
       kernel-default-debuginfo-4.12.14-150100.197.114.2
       kernel-default-debugsource-4.12.14-150100.197.114.2
       kernel-default-livepatch-4.12.14-150100.197.114.2
       kernel-default-livepatch-devel-4.12.14-150100.197.114.2
       kernel-livepatch-4_12_14-150100_197_114-default-1-150100.3.3.2
  o SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64
    x86_64):
       kernel-default-4.12.14-150100.197.114.2
       kernel-default-base-4.12.14-150100.197.114.2
       kernel-default-base-debuginfo-4.12.14-150100.197.114.2
       kernel-default-debuginfo-4.12.14-150100.197.114.2
       kernel-default-debugsource-4.12.14-150100.197.114.2
       kernel-default-devel-4.12.14-150100.197.114.2
       kernel-default-devel-debuginfo-4.12.14-150100.197.114.2
       kernel-obs-build-4.12.14-150100.197.114.2
       kernel-obs-build-debugsource-4.12.14-150100.197.114.2
       kernel-syms-4.12.14-150100.197.114.2
  o SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch):
       kernel-devel-4.12.14-150100.197.114.2
       kernel-docs-4.12.14-150100.197.114.2
       kernel-macros-4.12.14-150100.197.114.2
       kernel-source-4.12.14-150100.197.114.2
  o SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64
    x86_64):
       kernel-default-4.12.14-150100.197.114.2
       kernel-default-base-4.12.14-150100.197.114.2
       kernel-default-base-debuginfo-4.12.14-150100.197.114.2
       kernel-default-debuginfo-4.12.14-150100.197.114.2
       kernel-default-debugsource-4.12.14-150100.197.114.2
       kernel-default-devel-4.12.14-150100.197.114.2
       kernel-default-devel-debuginfo-4.12.14-150100.197.114.2
       kernel-obs-build-4.12.14-150100.197.114.2
       kernel-obs-build-debugsource-4.12.14-150100.197.114.2
       kernel-syms-4.12.14-150100.197.114.2
  o SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch):
       kernel-devel-4.12.14-150100.197.114.2
       kernel-docs-4.12.14-150100.197.114.2
       kernel-macros-4.12.14-150100.197.114.2
       kernel-source-4.12.14-150100.197.114.2
  o SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x
    x86_64):
       cluster-md-kmp-default-4.12.14-150100.197.114.2
       cluster-md-kmp-default-debuginfo-4.12.14-150100.197.114.2
       dlm-kmp-default-4.12.14-150100.197.114.2
       dlm-kmp-default-debuginfo-4.12.14-150100.197.114.2
       gfs2-kmp-default-4.12.14-150100.197.114.2
       gfs2-kmp-default-debuginfo-4.12.14-150100.197.114.2
       kernel-default-debuginfo-4.12.14-150100.197.114.2
       kernel-default-debugsource-4.12.14-150100.197.114.2
       ocfs2-kmp-default-4.12.14-150100.197.114.2
       ocfs2-kmp-default-debuginfo-4.12.14-150100.197.114.2
  o SUSE Enterprise Storage 6 (aarch64 x86_64):
       kernel-default-4.12.14-150100.197.114.2
       kernel-default-base-4.12.14-150100.197.114.2
       kernel-default-base-debuginfo-4.12.14-150100.197.114.2
       kernel-default-debuginfo-4.12.14-150100.197.114.2
       kernel-default-debugsource-4.12.14-150100.197.114.2
       kernel-default-devel-4.12.14-150100.197.114.2
       kernel-default-devel-debuginfo-4.12.14-150100.197.114.2
       kernel-obs-build-4.12.14-150100.197.114.2
       kernel-obs-build-debugsource-4.12.14-150100.197.114.2
       kernel-syms-4.12.14-150100.197.114.2
       reiserfs-kmp-default-4.12.14-150100.197.114.2
       reiserfs-kmp-default-debuginfo-4.12.14-150100.197.114.2
  o SUSE Enterprise Storage 6 (noarch):
       kernel-devel-4.12.14-150100.197.114.2
       kernel-docs-4.12.14-150100.197.114.2
       kernel-macros-4.12.14-150100.197.114.2
       kernel-source-4.12.14-150100.197.114.2
  o SUSE CaaS Platform 4.0 (x86_64):
       kernel-default-4.12.14-150100.197.114.2
       kernel-default-base-4.12.14-150100.197.114.2
       kernel-default-base-debuginfo-4.12.14-150100.197.114.2
       kernel-default-debuginfo-4.12.14-150100.197.114.2
       kernel-default-debugsource-4.12.14-150100.197.114.2
       kernel-default-devel-4.12.14-150100.197.114.2
       kernel-default-devel-debuginfo-4.12.14-150100.197.114.2
       kernel-obs-build-4.12.14-150100.197.114.2
       kernel-obs-build-debugsource-4.12.14-150100.197.114.2
       kernel-syms-4.12.14-150100.197.114.2
       reiserfs-kmp-default-4.12.14-150100.197.114.2
       reiserfs-kmp-default-debuginfo-4.12.14-150100.197.114.2
  o SUSE CaaS Platform 4.0 (noarch):
       kernel-devel-4.12.14-150100.197.114.2
       kernel-docs-4.12.14-150100.197.114.2
       kernel-macros-4.12.14-150100.197.114.2
       kernel-source-4.12.14-150100.197.114.2


References:

  o https://www.suse.com/security/cve/CVE-2017-13695.html
  o https://www.suse.com/security/cve/CVE-2018-7755.html
  o https://www.suse.com/security/cve/CVE-2019-19377.html
  o https://www.suse.com/security/cve/CVE-2019-20811.html
  o https://www.suse.com/security/cve/CVE-2020-26541.html
  o https://www.suse.com/security/cve/CVE-2021-20292.html
  o https://www.suse.com/security/cve/CVE-2021-20321.html
  o https://www.suse.com/security/cve/CVE-2021-33061.html
  o https://www.suse.com/security/cve/CVE-2021-38208.html
  o https://www.suse.com/security/cve/CVE-2021-39711.html
  o https://www.suse.com/security/cve/CVE-2021-43389.html
  o https://www.suse.com/security/cve/CVE-2022-1011.html
  o https://www.suse.com/security/cve/CVE-2022-1184.html
  o https://www.suse.com/security/cve/CVE-2022-1353.html
  o https://www.suse.com/security/cve/CVE-2022-1419.html
  o https://www.suse.com/security/cve/CVE-2022-1516.html
  o https://www.suse.com/security/cve/CVE-2022-1652.html
  o https://www.suse.com/security/cve/CVE-2022-1729.html
  o https://www.suse.com/security/cve/CVE-2022-1734.html
  o https://www.suse.com/security/cve/CVE-2022-1974.html
  o https://www.suse.com/security/cve/CVE-2022-1975.html
  o https://www.suse.com/security/cve/CVE-2022-21123.html
  o https://www.suse.com/security/cve/CVE-2022-21125.html
  o https://www.suse.com/security/cve/CVE-2022-21127.html
  o https://www.suse.com/security/cve/CVE-2022-21166.html
  o https://www.suse.com/security/cve/CVE-2022-21180.html
  o https://www.suse.com/security/cve/CVE-2022-21499.html
  o https://www.suse.com/security/cve/CVE-2022-22942.html
  o https://www.suse.com/security/cve/CVE-2022-28748.html
  o https://www.suse.com/security/cve/CVE-2022-30594.html
  o https://bugzilla.suse.com/1028340
  o https://bugzilla.suse.com/1055710
  o https://bugzilla.suse.com/1065729
  o https://bugzilla.suse.com/1071995
  o https://bugzilla.suse.com/1084513
  o https://bugzilla.suse.com/1087082
  o https://bugzilla.suse.com/1114648
  o https://bugzilla.suse.com/1158266
  o https://bugzilla.suse.com/1172456
  o https://bugzilla.suse.com/1177282
  o https://bugzilla.suse.com/1182171
  o https://bugzilla.suse.com/1183723
  o https://bugzilla.suse.com/1187055
  o https://bugzilla.suse.com/1191647
  o https://bugzilla.suse.com/1191958
  o https://bugzilla.suse.com/1195065
  o https://bugzilla.suse.com/1195651
  o https://bugzilla.suse.com/1196018
  o https://bugzilla.suse.com/1196367
  o https://bugzilla.suse.com/1196426
  o https://bugzilla.suse.com/1196999
  o https://bugzilla.suse.com/1197219
  o https://bugzilla.suse.com/1197343
  o https://bugzilla.suse.com/1197663
  o https://bugzilla.suse.com/1198400
  o https://bugzilla.suse.com/1198516
  o https://bugzilla.suse.com/1198577
  o https://bugzilla.suse.com/1198660
  o https://bugzilla.suse.com/1198687
  o https://bugzilla.suse.com/1198742
  o https://bugzilla.suse.com/1198777
  o https://bugzilla.suse.com/1198825
  o https://bugzilla.suse.com/1199012
  o https://bugzilla.suse.com/1199063
  o https://bugzilla.suse.com/1199314
  o https://bugzilla.suse.com/1199399
  o https://bugzilla.suse.com/1199426
  o https://bugzilla.suse.com/1199505
  o https://bugzilla.suse.com/1199507
  o https://bugzilla.suse.com/1199605
  o https://bugzilla.suse.com/1199650
  o https://bugzilla.suse.com/1200143
  o https://bugzilla.suse.com/1200144
  o https://bugzilla.suse.com/1200249

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: https://auscert.org.au/gpg-key/

iQIVAwUBYq/cBMkNZI30y1K9AQiBVA//XwhGe9QFBJxfNSDk6uUs635HluAUaalr
RqRwJ93GqkB9VXx8RQ5AdPEKCYieXAGi3JPpxYFboz3adEKYIEP3APp5TtiJZDJt
4/kyWxBrN4y+js4Zjo0UTxtFj4hdC3GQtZR/lkpSG4Sb40Rk3Qs2Sb2NGZyKf6fz
x9rrYtkzUjKmi28tBO1IuAhIsr4EI7zRbIw+NbvV8Y9ChX7UaXlj+jrJx0kCsmUZ
DmfkghZ0gh+Qa57sieHIL5GVELsXTGLUdZR9rwmSdletaR1o+aLWHi5vZn+6TKcR
fDXKyGsu0pwYFTkkkNdJGfGkO9XN+fnldSXxpsEOhyfAOb9twPnFCcPkY+NZ6wxO
TLbloSDEpIGzJZROsz3Fx/j0zkY0QIOp7DUCHpOMRSPH8vqtw8bM27hG5p0/TiQG
Hr/XBUdBiXEZyk/ZHLQLG4bVNH20GdlHpZfTrfQOUbAhXbf3f4igIgvcHVQcP5K9
9eSYqxrnOd7J2UvqZvCio9UIV48PsUmWTJ1Go8DR9JbdWiPUtiwahYIJAN0Gw9GU
3H0dcmohlS6JQdBbZIUwndn6z8PwdmagUZgGQXQVrEITDSBJntDjqQGRCT4lf+5P
7836TLJaPT/2bHWQpqQA6ZgGIDTu4ftFC2rE/BCVO46fn5tlNuAxgevg7qZdWSma
s4B9DDlA1aA=
=yFNe
-----END PGP SIGNATURE-----