Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2023.1406
Security update for the Linux Kernel
8 March 2023
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Linux Kernel
Publisher: SUSE
Operating System: SUSE
Resolution: Patch/Upgrade
CVE Names: CVE-2023-0590 CVE-2023-0266 CVE-2023-0045
CVE-2022-47929 CVE-2022-36280 CVE-2022-4662
CVE-2022-2991 CVE-2021-4203 CVE-2017-5754
Original Bulletin:
https://www.suse.com/support/update/announcement/2023/suse-su-20230634-1
Comment: CVSS (Max): 8.2 CVE-2022-2991 (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H)
CVSS Source: SUSE
Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
- --------------------------BEGIN INCLUDED TEXT--------------------
Security update for the Linux Kernel
Announcement ID: SUSE-SU-2023:0634-1
Rating: important
References: #1068032 #1175995 #1186449 #1194535 #1198971 #1201420 #1202195
#1202712 #1202713 #1203200 #1203332 #1203693 #1204356 #1204514
#1204662 #1205149 #1205397 #1205495 #1206602 #1206635 #1206640
#1206641 #1206642 #1206643 #1206645 #1206646 #1206648 #1206649
#1206664 #1206677 #1206698 #1206784 #1206855 #1206858 #1206873
#1206876 #1206877 #1206878 #1206880 #1206882 #1206883 #1206884
#1206885 #1206887 #1206888 #1206890 #1207092 #1207093 #1207094
#1207097 #1207102 #1207103 #1207104 #1207107 #1207108 #1207134
#1207186 #1207201 #1207237 #1207773 #1207795 #1207875 #1208108
#1208541 #1208570
Cross-References: CVE-2017-5754 CVE-2021-4203 CVE-2022-2991 CVE-2022-36280 CVE-2022-4662
CVE-2022-47929 CVE-2023-0045 CVE-2023-0266 CVE-2023-0590
CVSS scores: o CVE-2017-5754 ( SUSE ): 7.1 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/
S:C/C:H/I:N/A:N
o CVE-2017-5754 ( NVD ): 5.6 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/
S:C/C:H/I:N/A:N
o CVE-2021-4203 ( SUSE ): 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/
S:U/C:H/I:L/A:L
o CVE-2021-4203 ( NVD ): 6.8 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/
S:U/C:H/I:N/A:H
o CVE-2022-2991 ( SUSE ): 8.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/
S:C/C:H/I:H/A:H
o CVE-2022-2991 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/
S:U/C:H/I:H/A:H
o CVE-2022-36280 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N
/S:U/C:N/I:N/A:H
o CVE-2022-36280 ( NVD ): 6.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/
S:U/C:N/I:L/A:H
o CVE-2022-4662 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/
S:U/C:N/I:N/A:H
o CVE-2022-4662 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/
S:U/C:N/I:N/A:H
o CVE-2022-47929 ( SUSE ): 4.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:R
/S:U/C:N/I:N/A:H
o CVE-2022-47929 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/
S:U/C:N/I:N/A:H
o CVE-2023-0045 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/
S:U/C:H/I:N/A:N
o CVE-2023-0266 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/
S:U/C:H/I:H/A:H
o CVE-2023-0266 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/
S:U/C:H/I:H/A:H
o CVE-2023-0590 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/
S:U/C:H/I:H/A:H
o SUSE Linux Enterprise High Availability Extension 12 SP5
o SUSE Linux Enterprise High Performance Computing 12 SP5
Affected o SUSE Linux Enterprise Live Patching 12-SP5
Products: o SUSE Linux Enterprise Server 12 SP5
o SUSE Linux Enterprise Server for SAP Applications 12 SP5
o SUSE Linux Enterprise Software Development Kit 12 SP5
o SUSE Linux Enterprise Workstation Extension 12 12-SP5
An update that solves nine vulnerabilities, contains two features and has 56
fixes can now be installed.
Description:
The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security
and bugfixes.
The following security bugs were fixed:
o CVE-2021-4203: Fixed use-after-free read flaw that was found in
sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS
race with listen() (bsc#1194535).
o CVE-2017-5754: Fixed speculative side channel attacks on various CPU
platforms (bsc#1068032).
o CVE-2022-36280: Fixed out-of-bounds memory access vulnerability found in
vmwgfx driver (bsc#1203332).
o CVE-2023-0045: Fixed missing Flush IBP in ib_prctl_set (bsc#1207773).
o CVE-2022-4662: Fixed incorrect access control in the USB core subsystem
that could lead a local user to crash the system (bsc#1206664).
o CVE-2023-0590: Fixed race condition in qdisc_graft() (bsc#1207795).
o CVE-2022-2991: Fixed an heap-based overflow in the lightnvm implemenation
(bsc#1201420).
o CVE-2023-0266: Fixed a use-after-free vulnerability inside the ALSA PCM
package. SNDRV_CTL_IOCTL_ELEM_{READ|WRITE}32 was missing locks that could
have been used in a use-after-free that could have resulted in a priviledge
escalation to gain ring0 access from the system user (bsc#1207134).
o CVE-2022-47929: Fixed NULL pointer dereference bug in the traffic control
subsystem (bsc#1207237).
The following non-security bugs were fixed:
o add 00f3ca2c2d66 ("mm: memcontrol: per-lruvec stats infrastructure")
o add 0b3d6e6f2dd0 mm: writeback: use exact memcg dirty counts
o add 168e06f7937d kernel/hung_task.c: force console verbose before panic
o add 1f4aace60b0e ("fs/seq_file.c: simplify seq_file iteration code and
interface")
o add 304ae42739b1 kernel/hung_task.c: break RCU locks based on jiffies
o add 401c636a0eeb kernel/hung_task.c: show all hung tasks before panic
o add Tegra repository to git_sort.
o add a1c6ca3c6de7 kernel: hung_task.c: disable on suspend
o add c3cc39118c36 mm: memcontrol: fix NR_WRITEBACK leak in memcg and system
stats
o add c892fd82cc06 mm: memcg: add __GFP_NOWARN in
__memcg_schedule_kmem_cache_create()
o add e27be240df53 mm: memcg: make sure memory.events is uptodate when waking
pollers
o add support for enabling livepatching related packages on -RT (jsc#
PED-1706)
o add suse-kernel-rpm-scriptlets to kmp buildreqs (boo#1205149)
o amiflop: clean up on errors during setup (git-fixes).
o audit: ensure userspace is penalized the same as the kernel when under
pressure (bsc#1204514).
o audit: improve robustness of the audit queue handling (bsc#1204514).
o bcache: fix super block seq numbers comparision in register_cache_set()
(git-fixes).
o blk-cgroup: Fix memleak on error path (git-fixes).
o blk-cgroup: Pre-allocate tree node on blkg_conf_prep (git-fixes).
o blk-cgroup: fix missing put device in error path from blkg_conf_pref()
(git-fixes).
o blk-mq: fix possible memleak when register 'hctx' failed (git-fixes).
o blk-mq: insert request not through ->queue_rq into sw/scheduler queue
(git-fixes).
o blk-mq: move cancel of requeue_work into blk_mq_release (git-fixes).
o blktrace: Fix output non-blktrace event when blk_classic option enabled
(git-fixes).
o blktrace: break out of blktrace setup on concurrent calls (git-fixes).
o blktrace: ensure our debugfs dir exists (git-fixes).
o blktrace: fix endianness for blk_log_remap() (git-fixes).
o blktrace: fix endianness in get_pdu_int() (git-fixes).
o blktrace: use errno instead of bi_status (git-fixes).
o block, bfq: fix overwrite of bfq_group pointer in bfq_find_set_group() (bsc
#1175995,jsc#SLE-15608).
o block, bfq: fix overwrite of bfq_group pointer in bfq_find_set_group()
(git-fixes).
o block, bfq: increase idling for weight-raised queues (git-fixes).
o block, bfq: protect 'bfqd->queued' by 'bfqd->lock' (bsc#1207102).
o block, bfq: protect 'bfqd->queued' by 'bfqd->lock' (git-fixes).
o block/bio-integrity: do not free 'buf' if bio_integrity_add_page() failed
(git-fixes).
o block/bio-integrity: fix a memory leak bug (git-fixes).
o block/swim: Check drive type (git-fixes).
o block/swim: Do not log an error message for an invalid ioctl (git-fixes).
o block/swim: Fix IO error at end of medium (git-fixes).
o block/swim: Rename macros to avoid inconsistent inverted logic (git-fixes).
o block/swim: Select appropriate drive on device open (git-fixes).
o block: Fix use-after-free issue accessing struct io_cq (git-fixes).
o block: add a lower-level bio_add_page interface (git-fixes).
o block: bio-integrity: Copy flags when bio_integrity_payload is cloned (bsc#
1208541).
o block: fix memleak when __blk_rq_map_user_iov() is failed (git-fixes).
o block: sed-opal: fix IOC_OPAL_ENABLE_DISABLE_MBR (git-fixes).
o brd: check and limit max_part par (git-fixes).
o compat_ioctl: block: handle BLKGETZONESZ/BLKGETNRZONES (git-fixes).
o constraints: increase disk space for all architectures References: bsc#
1203693 aarch64 is already suffering. SLE15-SP5 x86_64 stats show that it
is very close to the limit.
o cpu/hotplug: Fix "SMT disabled by BIOS" detection for KVM (git-fixes).
o cryptoloop: add a deprecation warning (git-fixes).
o d6810d730022 ("memcg, THP, swap: make mem_cgroup_swapout() support THP")
o dm bio record: save/restore bi_end_io and bi_integrity (git-fixes).
o dm btree: add a defensive bounds check to insert_at() (git-fixes).
o dm cache: Fix ABBA deadlock between shrink_slab and dm_cache_metadata_abort
(git-fixes).
o dm cache: Fix UAF in destroy() (git-fixes).
o dm cache: set needs_check flag after aborting metadata (git-fixes).
o dm crypt: use u64 instead of sector_t to store iv_offset (git-fixes).
o dm flakey: Properly corrupt multi-page bios (git-fixes).
o dm ioctl: fix misbehavior if list_versions races with module loading
(git-fixes).
o dm ioctl: prevent potential spectre v1 gadget (git-fixes).
o dm kcopyd: Fix bug causing workqueue stalls (git-fixes).
o dm raid: avoid bitmap with raid4/5/6 journal device (git-fixes).
o dm space map common: add bounds check to sm_ll_lookup_bitmap() (git-fixes).
o dm space maps: do not reset space map allocation cursor when committing
(git-fixes).
o dm table: Remove BUG_ON(in_interrupt()) (git-fixes).
o dm thin: Fix ABBA deadlock between shrink_slab and dm_pool_abort_metadata
(git-fixes).
o dm thin: Fix UAF in run_timer_softirq() (git-fixes).
o dm thin: Use last transaction's pmd->root when commit failed (git-fixes).
o dm thin: add sanity checks to thin-pool and external snapshot creation
(git-fixes).
o dm thin: resume even if in FAIL mode (git-fixes).
o dm verity: skip verity work if I/O error when system is shutting down
(git-fixes).
o dm verity: use message limit for data block corruption message (git-fixes).
o dm zoned: return NULL if dmz_get_zone_for_reclaim() fails to find a zone
(git-fixes).
o dm: Use kzalloc for all structs with embedded biosets/mempools (git-fixes).
o do not dump the threads that had been already exiting when zapped
(git-fixes).
o drbd: Change drbd_request_detach_interruptible's return type to int
(git-fixes).
o drbd: destroy workqueue when drbd device was freed (git-fixes).
o drbd: do not block when adjusting "disk-options" while IO is frozen
(git-fixes).
o drbd: dynamically allocate shash descriptor (git-fixes).
o drbd: fix potential silent data corruption (git-fixes).
o drbd: fix print_st_err()'s prototype to match the definition (git-fixes).
o drbd: ignore "all zero" peer volume sizes in handshake (git-fixes).
o drbd: reject attach of unsuitable uuids even if connected (git-fixes).
o drbd: remove usage of list iterator variable after loop (git-fixes).
o drbd: use after free in drbd_create_device() (git-fixes).
o drivers/block/zram/zram_drv.c: fix bug storing backing_dev (git-fixes).
o drivers:md:fix a potential use-after-free bug (git-fixes).
o ext4: Detect already used quota file early (bsc#1206873).
o ext4: Fixup pages without buffers (bsc#1205495).
o ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h (bsc#1206878).
o ext4: add reserved GDT blocks check (bsc#1202712).
o ext4: avoid crash when inline data creation follows DIO write (bsc#
1206883).
o ext4: avoid resizing to a partial cluster size (bsc#1206880).
o ext4: clear mmp sequence number when remounting read-only (bsc#1207093).
o ext4: continue to expand file system when the target size does not reach
(bsc#1206882).
o ext4: correct max_inline_xattr_value_size computing (bsc#1206878).
o ext4: correct the misjudgment in ext4_iget_extra_inode (bsc#1206878).
o ext4: do not BUG if someone dirty pages without asking ext4 first (bsc#
1207097).
o ext4: fix a data race at inode->i_disksize (bsc#1206855).
o ext4: fix argument checking in EXT4_IOC_MOVE_EXT (bsc#1207092).
o ext4: fix extent status tree race in writeback error recovery path (bsc#
1206877).
o ext4: fix null-ptr-deref in ext4_write_info (bsc#1206884).
o ext4: fix race when reusing xattr blocks (bsc#1198971).
o ext4: fix undefined behavior in bit shift for ext4_check_flag_values (bsc#
1206890).
o ext4: fix use-after-free in ext4_ext_shift_extents (bsc#1206888).
o ext4: fix use-after-free in ext4_xattr_set_entry (bsc#1206878).
o ext4: fix warning in 'ext4_da_release_space' (bsc#1206887).
o ext4: make ext4_lazyinit_thread freezable (bsc#1206885).
o ext4: prohibit fstrim in norecovery mode (bsc#1207094).
o ext4: recover csum seed of tmp_inode after migrating to extents (bsc#
1202713).
o ext4: unindent codeblock in ext4_xattr_block_set() (bsc#1198971).
o ext4: update s_overhead_clusters in the superblock during an on-line resize
(bsc#1206876).
o ext4: use matching invalidatepage in ext4_writepage (bsc#1206858).
o floppy: Add max size check for user space request (git-fixes).
o ftrace: Enable trampoline when rec count returns back to one (git-fixes).
o ftrace: Fix NULL pointer dereference in free_ftrace_func_mapper()
(git-fixes).
o ftrace: Fix updating FTRACE_FL_TRAMP (git-fixes).
o ftrace: fpid_next() should increase position index (git-fixes).
o git_sort: add usb-linus branch for gregkh/usb
o gtp: set NLM_F_MULTI flag in gtp_genl_dump_pdp() (git-fixes).
o hid: betop: check shape of output reports (git-fixes, bsc#1207186).
o hid: betop: fix slab-out-of-bounds Write in betop_probe (git-fixes, bsc#
1207186).
o hid: check empty report_list in hid_validate_values() (git-fixes, bsc#
1206784).
o iforce: restore old iforce_dump_packet (git-fixes).
o input: convert autorepeat timer to use timer_setup() (git-fixes).
o input: do not use WARN() in input_alloc_absinfo() (git-fixes).
o input: i8042 - Add quirk for Fujitsu Lifebook T725 (git-fixes).
o input: iforce - reformat the packet dump output (git-fixes).
o input: iforce - wake up after clearing IFORCE_XMIT_RUNNING flag
(git-fixes). Heavily modified, as prerequisites for taking it as is would
utterly ruin kABI
o input: replace hard coded string with func in pr_err() (git-fixes).
o input: switch to using sizeof(*type) when allocating memory (git-fixes).
o input: use seq_putc() in input_seq_print_bitmap() (git-fixes).
o input: use seq_puts() in input_devices_seq_show() (git-fixes).
o ipmi: Fix UAF when uninstall ipmi_si and ipmi_msghandler module
(git-fixes).
o ipmi: Move remove_work to dedicated workqueue (git-fixes).
o ipmi: fix memleak when unload ipmi driver (git-fixes).
o ipmi: fix use after free in _ipmi_destroy_user() (git-fixes).
o isofs: reject hardware sector size > 2048 bytes (bsc#1207103).
o jbd2: use the correct print format (git-fixes).
o kABI: cpu/hotplug: reexport cpu_smt_control (kabi).
o kbuild: clear LDFLAGS in the top Makefile (bsc#1203200).
o kernel/sys.c: avoid copying possible padding bytes in copy_to_user
(git-fixes).
o kprobes, x86/alternatives: Use text_mutex to protect smp_alt_modules
(git-fixes).
o kprobes, x86/ptrace.h: Make regs_get_kernel_stack_nth() not fault on bad
stack (git-fixes).
o loop: Add LOOP_SET_DIRECT_IO to compat ioctl (git-fixes).
o loop: use sysfs_emit() in the sysfs xxx show() (git-fixes).
o m68k/mac: Do not remap SWIM MMIO region (git-fixes).
o makefile: link with -z noexecstack --no-warn-rwx-segments (bsc#1203200).
o mbcache: add functions to delete entry if unused (bsc#1198971).
o mbcache: do not reclaim used entries (bsc#1198971).
o md/raid1: stop mdx_raid1 thread when raid1 array run failed (git-fixes).
o md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d (git-fixes).
o md: fix a crash in mempool_free (git-fixes).
o md: protect md_unregister_thread from reentrancy (git-fixes).
o memcg: remove memcg_cgroup::id from IDR on mem_cgroup_css_alloc() failure
(bsc#1208108).
o mm/filemap.c: clear page error before actual read (bsc#1206635).
o module: Do not wait for GOING modules (bsc#1196058, bsc#1186449, bsc#
1204356, bsc#1204662).
o nbd: Add the nbd NBD_DISCONNECT_ON_CLOSE config flag (git-fixes).
o nbd: Fix NULL pointer in flush_workqueue (git-fixes).
o nbd: Fix hung when signal interrupts nbd_start_device_ioctl() (git-fixes).
o nbd: add a flush_workqueue in nbd_start_device (git-fixes).
o nbd: add missing config put (git-fixes).
o nbd: call genl_unregister_family() first in nbd_cleanup() (git-fixes).
o nbd: do not requeue the same request twice (git-fixes).
o nbd: fix a block_device refcount leak in nbd_release (git-fixes).
o nbd: fix crash when the blksize is zero (git-fixes).
o nbd: fix io hung while disconnecting device (git-fixes).
o nbd: fix max number of supported devs (git-fixes).
o nbd: fix possible sysfs duplicate warning (git-fixes).
o nbd: fix race between nbd_alloc_config() and module removal (git-fixes).
o nbd: fix shutdown and recv work deadlock v2 (git-fixes).
o nbd: handle racing with error'ed out commands (git-fixes).
o nbd: handle unexpected replies better (git-fixes).
o nbd: make the config put is called before the notifying the waiter
(git-fixes).
o nbd: verify socket is supported during setup (git-fixes).
o nbd:fix memory leak in nbd_get_socket() (git-fixes).
o net/ethernet/freescale: rework quiesce/activate for ucc_geth (git-fixes).
o net/mlx5e: Set of completion request bit should not clear other adjacent
bits (git-fixes).
o net/usb: kalmia: Do not pass act_len in usb_bulk_msg error path
(git-fixes).
o net: USB: Fix wrong-direction WARNING in plusb.c (git-fixes).
o net: allwinner: Fix use correct return type for ndo_start_xmit()
(git-fixes).
o net: bcmgenet: suppress warnings on failed Rx SKB allocations (git-fixes).
o net: bmac: Fix read of MAC address from ROM (git-fixes).
o net: dsa: mv88e6xxx: Allow dsa and cpu ports in multiple vlans (git-fixes).
o net: mana: Fix IRQ name - add PCI and queue number (bsc#1207875).
o net: qed*: Reduce RX and TX default ring count when running inside kdump
kernel (git-fixes).
o net: stmmac: Fix sub-second increment (git-fixes).
o net: systemport: suppress warnings on failed Rx SKB allocations
(git-fixes).
o net: usb: cdc_mbim: avoid altsetting toggling for Telit FN990 (git-fixes).
o net: usb: cdc_mbim: avoid altsetting toggling for Telit LN920 (git-fixes).
o net: usb: lan78xx: do not modify phy_device state concurrently (git-fixes).
o net: usb: qmi_wwan: Add support for Dell DW5829e (git-fixes).
o net: usb: qmi_wwan: add Quectel RM520N (git-fixes).
o net: usb: sr9700: Handle negative len (git-fixes).
o null_blk: Handle null_add_dev() failures properly (git-fixes).
o null_blk: fix spurious IO errors after failed past-wp access (git-fixes).
o panic: unset panic_on_warn inside panic() (git-fixes).
o parisc: Fix HP SDC hpa address output (git-fixes).
o parisc: Fix serio address output (git-fixes).
o pci/aspm: Correct LTR_L1.2_THRESHOLD computation (git-fixes).
o pci/aspm: Declare threshold_ns as u32, not u64 (git-fixes).
o pci/sysfs: Fix double free in error path (git-fixes).
o pci: Check for alloc failure in pci_request_irq() (git-fixes).
o pci: Fix pci_device_is_present() for VFs by checking PF (git-fixes).
o pci: Fix used_buses calculation in pci_scan_child_bus_extend() (git-fixes).
o pci: Sanitise firmware BAR assignments behind a PCI-PCI bridge (git-fixes).
o prlimit: do_prlimit needs to have a speculation check (git-fixes).
o ps3disk: use the default segment boundary (git-fixes).
o ptrace: make ptrace() fail if the tracee changed its pid unexpectedly
(git-fixes).
o quota: Check next/prev free block number after reading from quota file (bsc
#1206640).
o quota: Lock s_umount in exclusive mode for Q_XQUOTA{ON,OFF} quotactls (bsc#
1207104).
o revert "blkdev: check for valid request queue before issuing flush"
(git-fixes).
o revert "dm cache: fix arm link errors with inline" (git-fixes).
o revert "scsi: core: run queue if SCSI device queue isn't ready and queue is
idle" (git-fixes).
o rpm/check-for-config-changes: add OBJTOOL and FTRACE_MCOUNT_USE_* Dummy gcc
pretends to support -mrecord-mcount option but actual gcc on ppc64le does
not. Therefore ppc64le builds of 6.2-rc1 and later in OBS enable
FTRACE_MCOUNT_USE_OBJTOOL and OBJTOOL config options, resulting in check
failure. As we already have FTRACE_MCOUNT_USE_CC and
FTRACE_MCOUNT_USE_RECORDMCOUNT in the exception list, replace them with a
general pattern. And add OBJTOOL as well.
o rpm/check-for-config-changes: loosen pattern for AS_HAS_* This is needed to
handle CONFIG_AS_HAS_NON_CONST_LEB128.
o rpm/kernel-binary.spec.in: Add Enhances and Supplements tags to in-tree
KMPs This makes in-tree KMPs more consistent with externally built KMPs and
silences several rpmlint warnings.
o rpm/mkspec-dtb: add riscv64 dtb-renesas subpackage
o rsxx: add missed destroy_workqueue calls in remove (git-fixes).
o sbitmap: Avoid leaving waitqueue in invalid state in __sbq_wake_up()
(git-fixes).
o sbitmap: Avoid leaving waitqueue in invalid state in __sbq_wake_up()
(git-fixes).
o sbitmap: fix lockup while swapping (bsc#1206602).
o scripts/CKC: Do not use empty branches file Do not use it and do not write
neither.
o scripts/CKC: Make checker more specific
o scripts/CKC: Make checker script download branches.conf Requires curl,
downloads and caches the branches.conf file.
o scripts/CKC: do not output from shopt shopt outputs the status of the flag,
so that git grep looks like: git grep -qi 'nocasematch off ^References:.
bsc#1202195' remotes/origin/SLE15-SP2-RT -- 'patches. ' I do not know how
it can work (it does -- maybe thanks to ^), but it's not definitely OK. So
make shopt in term2regex() quiet.
o scripts/CKC: simplify print_branch AFAIU, it's simply: printf "%-23s"
o scripts/CKC: store local branches with $USER prefix So that on shared
machines, it can be overwritten when expires.
o scripts/CKC: test accepts only =, not == And put $1 into "" too.
o scripts/git_sort/git_sort.py: Add arm-soc for-next tree.
o scripts/wd-functions.sh: fix get_branch_name() in worktree Instead of using
a hard-coded path for the git directory, use git rev-parse with --git-dir
flag, introduced since 0.99.7, to find the git directory so branch name can
be correctly detected while in git worktrees.
o scsi: fcoe: Fix possible name leak when device_register() fails
(git-fixes).
o scsi: fcoe: Fix transport not deattached when fcoe_if_init() fails
(git-fixes).
o scsi: hpsa: Fix allocation size for scsi_host_alloc() (git-fixes).
o scsi: hpsa: Fix error handling in hpsa_add_sas_host() (git-fixes).
o scsi: hpsa: Fix possible memory leak in hpsa_add_sas_device() (git-fixes).
o scsi: hpsa: Fix possible memory leak in hpsa_init_one() (git-fixes).
o scsi: ipr: Fix WARNING in ipr_init() (git-fixes).
o scsi: mpt3sas: Fix possible resource leaks in mpt3sas_transport_port_add()
(git-fixes).
o scsi: qla2xxx: Check if port is online before sending ELS (bsc#1208570).
o scsi: qla2xxx: Fix DMA-API call trace on NVMe LS requests (bsc#1208570).
o scsi: qla2xxx: Fix IOCB resource check warning (bsc#1208570).
o scsi: qla2xxx: Fix erroneous link down (bsc#1208570).
o scsi: qla2xxx: Fix exchange oversubscription (bsc#1208570).
o scsi: qla2xxx: Fix exchange oversubscription for management commands (bsc#
1208570).
o scsi: qla2xxx: Fix link failure in NPIV environment (bsc#1208570).
o scsi: qla2xxx: Fix printk() format string (bsc#1208570).
o scsi: qla2xxx: Fix stalled login (bsc#1208570).
o scsi: qla2xxx: Make qla_trim_buf() and __qla_adjust_buf() static (bsc#
1208570).
o scsi: qla2xxx: Relocate/rename vp map (bsc#1208570).
o scsi: qla2xxx: Remove dead code (GNN ID) (bsc#1208570).
o scsi: qla2xxx: Remove dead code (GPNID) (bsc#1208570).
o scsi: qla2xxx: Remove dead code (bsc#1208570).
o scsi: qla2xxx: Remove increment of interface err cnt (bsc#1208570).
o scsi: qla2xxx: Remove the unused variable wwn (bsc#1208570).
o scsi: qla2xxx: Remove unintended flag clearing (bsc#1208570).
o scsi: qla2xxx: Select qpair depending on which CPU post_cmd() gets called
(bsc#1208570).
o scsi: qla2xxx: Simplify if condition evaluation (bsc#1208570).
o scsi: qla2xxx: Update version to 10.02.08.100-k (bsc#1208570).
o scsi: qla2xxx: Update version to 10.02.08.200-k (bsc#1208570).
o scsi: qla2xxx: Use a variable for repeated mem_size computation (bsc#
1208570).
o scsi: qla2xxx: edif: Fix clang warning (bsc#1208570).
o scsi: qla2xxx: edif: Fix performance dip due to lock contention (bsc#
1208570).
o scsi: qla2xxx: edif: Fix stall session after app start (bsc#1208570).
o scsi: qla2xxx: edif: Reduce memory usage during low I/O (bsc#1208570).
o scsi: scsi_debug: Fix a warning in resp_write_scat() (git-fixes).
o scsi: scsi_debug: Fix possible name leak in sdebug_add_host_helper()
(git-fixes).
o scsi: smartpqi: use processor ID for hwqueue for non-mq case .
o scsi: snic: Fix possible UAF in snic_tgt_create() (git-fixes).
o scsi: target: core: Add CONTROL field for trace events (git-fixes).
o sctp: fail if no bound addresses can be used for a given scope (bsc#
1206677).
o signal handling: do not use BUG_ON() for debugging (git-fixes).
o struct dwc3: move new members to the end (git-fixes).
o sunrpc: make lockless test safe (bsc#1207201).
o sunvdc: Do not spin in an infinite loop when vio_ldc_send() returns EAGAIN
(git-fixes).
o swim: fix cleanup on setup error (git-fixes).
o tracing/cfi: Fix cmp_entries_* functions signature mismatch (git-fixes).
o tracing: Adding NULL checks for trace_array descriptor pointer (git-fixes).
o tracing: Ensure trace buffer is at least 4096 bytes large (git-fixes).
o tracing: Fix a kmemleak false positive in tracing_map (git-fixes).
o tracing: Fix infinite loop in tracing_read_pipe on overflowed
print_trace_line (git-fixes).
o tracing: Fix sleeping function called from invalid context on RT kernel
(git-fixes).
o tracing: Fix stack trace event size (git-fixes).
o tracing: Fix tp_printk option related with tp_printk_stop_on_boot
(git-fixes).
o tracing: Make sure trace_printk() can output as soon as it can be used
(git-fixes).
o tracing: Set kernel_stack's caller size properly (git-fixes).
o tracing: Use address-of operator on section symbols (git-fixes).
o tracing: incorrect isolate_mote_t cast in mm_vmscan_lru_isolate
(git-fixes).
o trigger_next should increase position index (git-fixes).
o udf: Avoid accessing uninitialized data on failed inode read (bsc#1206642).
o udf: Check LVID earlier (bsc#1207108).
o udf: Fix BUG on corrupted inode (bsc#1207107).
o udf: Fix NULL pointer dereference in udf_symlink function (bsc#1206646).
o udf: Fix a slab-out-of-bounds write bug in udf_find_entry() (bsc#1206649).
o udf: Fix free space reporting for metadata and virtual partitions (bsc#
1206641).
o udf: Limit sparing table size (bsc#1206643).
o udf: fix silent AED tagLocation corruption (bsc#1206645).
o udf_get_extendedattr() had no boundary checks (bsc#1206648).
o usb: dwc3: Disable phy suspend after power-on reset (git-fixes).
o usb: dwc3: core: Call dwc3_core_get_phy() before initializing phys
(git-fixes).
o usb: dwc3: core: Fix ULPI PHYs and prevent phy_get/ulpi_init during suspend
/resume (git-fixes).
o usb: dwc3: core: initialize ULPI before trying to get the PHY (git-fixes).
o usb: dwc3: fix PHY disable sequence (git-fixes).
o usb: dwc3: gadget: Fix event pending check (git-fixes).
o usb: host: Fix refcount leak in ehci_hcd_ppc_of_probe (git-fixes).
o usb: musb: fix MUSB_QUIRK_B_DISCONNECT_99 handling (git-fixes).
o usb: ohci-nxp: Fix refcount leak in ohci_hcd_nxp_probe (git-fixes).
o usb: serial: ch341: fix disabled rx timer on older devices (git-fixes).
o usb: serial: console: move mutex_unlock() before usb_serial_put()
(git-fixes).
o virtio-blk: Fix memory leak among suspend/resume procedure (git-fixes).
o virtio_console: break out of buf poll on remove (git-fixes).
o virtio_console: eliminate anonymous module_init & module_exit (git-fixes).
o x86/MCE/AMD: Carve out the MC4_MISC thresholding quirk (git-fixes).
o x86/MCE/AMD: Turn off MC4_MISC thresholding on all family 0x15 models
(git-fixes).
o x86/asm: Add instruction suffixes to bitops (git-fixes).
o x86/asm: Remove unnecessary \n\t in front of CC_SET() from asm templates
(git-fixes).
o x86/bugs: Move the l1tf function and define pr_fmt properly (git-fixes).
o x86/earlyprintk: Add a force option for pciserial device (git-fixes).
o x86/entry/64: Add instruction suffix (git-fixes).
o x86/fpu: Add might_fault() to user_insn() (git-fixes).
o x86/hpet: Prevent potential NULL pointer dereference (git-fixes).
o x86/kexec: Do not setup EFI info if EFI runtime is not enabled (git-fixes).
o x86/mce-inject: Reset injection struct after injection (git-fixes).
o x86/mce/mce-inject: Preset the MCE injection struct (git-fixes).
o x86/mce: Fix -Wmissing-prototypes warnings (git-fixes).
o x86/mm: Do not leak kernel addresses (git-fixes).
o x86/speculation: Add support for STIBP always-on preferred mode
(git-fixes).
o x86/speculation: Change misspelled STIPB to STIBP (git-fixes).
o x86: boot: Fix EFI stub alignment (git-fixes).
o x86: link vdso and boot with -z noexecstack --no-warn-rwx-segments (bsc#
1203200).
o xen-netfront: Fix hang on device removal (bsc#1206698).
o xfs: Fix UBSAN null-ptr-deref in xfs_sysfs_init (git-fixes).
o xfs: Fix bulkstat compat ioctls on x32 userspace (git-fixes).
o xfs: Fix unreferenced object reported by kmemleak in xfs_sysfs_init()
(git-fixes).
o xfs: fix attr leaf header freemap.size underflow (git-fixes).
o xfs: fix leaks on corruption errors in xfs_bmap.c (git-fixes).
o xfs: fix mount failure crash on invalid iclog memory access (git-fixes).
o xfs: fix partially uninitialized structure in xfs_reflink_remap_extent
(git-fixes).
o xfs: fix realtime bitmap/summary file truncation when growing rt volume
(git-fixes).
o xfs: fix use-after-free race in xfs_buf_rele (git-fixes).
o xfs: initialize the shortform attr header padding entry (git-fixes).
o xfs: make sure the rt allocator does not run off the end (git-fixes).
o xfs: require both realtime inodes to mount (git-fixes).
o xhci: Do not show warning for reinit on known broken suspend (git-fixes).
o zram: fix double free backing device (git-fixes).
Special Instructions and Notes:
o Please reboot the system after installing this update.
Patch Instructions:
To install this SUSE Important update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
o SUSE Linux Enterprise Server for SAP Applications 12 SP5
zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-634=1
SUSE-SLE-HA-12-SP5-2023-634=1
o SUSE Linux Enterprise High Availability Extension 12 SP5
zypper in -t patch SUSE-SLE-HA-12-SP5-2023-634=1
o SUSE Linux Enterprise Live Patching 12-SP5
zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2023-634=1
o SUSE Linux Enterprise Software Development Kit 12 SP5
zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-634=1
o SUSE Linux Enterprise High Performance Computing 12 SP5
zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-634=1
o SUSE Linux Enterprise Server 12 SP5
zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-634=1
o SUSE Linux Enterprise Workstation Extension 12 12-SP5
zypper in -t patch SUSE-SLE-WE-12-SP5-2023-634=1
Package List:
o SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64)
kernel-syms-4.12.14-122.150.1
kernel-default-debugsource-4.12.14-122.150.1
gfs2-kmp-default-debuginfo-4.12.14-122.150.1
kernel-default-base-debuginfo-4.12.14-122.150.1
dlm-kmp-default-4.12.14-122.150.1
ocfs2-kmp-default-debuginfo-4.12.14-122.150.1
kernel-default-base-4.12.14-122.150.1
gfs2-kmp-default-4.12.14-122.150.1
kernel-default-devel-4.12.14-122.150.1
dlm-kmp-default-debuginfo-4.12.14-122.150.1
kernel-default-debuginfo-4.12.14-122.150.1
ocfs2-kmp-default-4.12.14-122.150.1
cluster-md-kmp-default-4.12.14-122.150.1
cluster-md-kmp-default-debuginfo-4.12.14-122.150.1
o SUSE Linux Enterprise Server for SAP Applications 12 SP5 (nosrc ppc64le
x86_64)
kernel-default-4.12.14-122.150.1
o SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch)
kernel-devel-4.12.14-122.150.1
kernel-macros-4.12.14-122.150.1
kernel-source-4.12.14-122.150.1
o SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64)
kernel-default-devel-debuginfo-4.12.14-122.150.1
o SUSE Linux Enterprise High Availability Extension 12 SP5 (ppc64le s390x
x86_64)
kernel-default-debugsource-4.12.14-122.150.1
gfs2-kmp-default-debuginfo-4.12.14-122.150.1
dlm-kmp-default-4.12.14-122.150.1
ocfs2-kmp-default-debuginfo-4.12.14-122.150.1
gfs2-kmp-default-4.12.14-122.150.1
dlm-kmp-default-debuginfo-4.12.14-122.150.1
kernel-default-debuginfo-4.12.14-122.150.1
ocfs2-kmp-default-4.12.14-122.150.1
cluster-md-kmp-default-4.12.14-122.150.1
cluster-md-kmp-default-debuginfo-4.12.14-122.150.1
o SUSE Linux Enterprise High Availability Extension 12 SP5 (nosrc)
kernel-default-4.12.14-122.150.1
o SUSE Linux Enterprise Live Patching 12-SP5 (nosrc)
kernel-default-4.12.14-122.150.1
o SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64)
kernel-default-debugsource-4.12.14-122.150.1
kgraft-patch-4_12_14-122_150-default-1-8.3.1
kernel-default-debuginfo-4.12.14-122.150.1
kernel-default-kgraft-devel-4.12.14-122.150.1
kernel-default-kgraft-4.12.14-122.150.1
o SUSE Linux Enterprise Software Development Kit 12 SP5 (noarch nosrc)
kernel-docs-4.12.14-122.150.1
o SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le
s390x x86_64)
kernel-obs-build-4.12.14-122.150.1
kernel-obs-build-debugsource-4.12.14-122.150.1
o SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 nosrc
x86_64)
kernel-default-4.12.14-122.150.1
o SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64)
kernel-syms-4.12.14-122.150.1
kernel-default-debugsource-4.12.14-122.150.1
kernel-default-base-debuginfo-4.12.14-122.150.1
kernel-default-base-4.12.14-122.150.1
kernel-default-devel-4.12.14-122.150.1
kernel-default-debuginfo-4.12.14-122.150.1
o SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch)
kernel-devel-4.12.14-122.150.1
kernel-macros-4.12.14-122.150.1
kernel-source-4.12.14-122.150.1
o SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64)
kernel-default-devel-debuginfo-4.12.14-122.150.1
o SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64 nosrc)
kernel-default-4.12.14-122.150.1
o SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64)
kernel-syms-4.12.14-122.150.1
kernel-default-debugsource-4.12.14-122.150.1
kernel-default-base-debuginfo-4.12.14-122.150.1
kernel-default-base-4.12.14-122.150.1
kernel-default-devel-4.12.14-122.150.1
kernel-default-debuginfo-4.12.14-122.150.1
o SUSE Linux Enterprise Server 12 SP5 (noarch)
kernel-devel-4.12.14-122.150.1
kernel-macros-4.12.14-122.150.1
kernel-source-4.12.14-122.150.1
o SUSE Linux Enterprise Server 12 SP5 (s390x)
kernel-default-man-4.12.14-122.150.1
o SUSE Linux Enterprise Server 12 SP5 (x86_64)
kernel-default-devel-debuginfo-4.12.14-122.150.1
o SUSE Linux Enterprise Workstation Extension 12 12-SP5 (nosrc)
kernel-default-4.12.14-122.150.1
o SUSE Linux Enterprise Workstation Extension 12 12-SP5 (x86_64)
kernel-default-extra-debuginfo-4.12.14-122.150.1
kernel-default-debuginfo-4.12.14-122.150.1
kernel-default-debugsource-4.12.14-122.150.1
kernel-default-extra-4.12.14-122.150.1
References:
o https://www.suse.com/security/cve/CVE-2017-5754.html
o https://www.suse.com/security/cve/CVE-2021-4203.html
o https://www.suse.com/security/cve/CVE-2022-2991.html
o https://www.suse.com/security/cve/CVE-2022-36280.html
o https://www.suse.com/security/cve/CVE-2022-4662.html
o https://www.suse.com/security/cve/CVE-2022-47929.html
o https://www.suse.com/security/cve/CVE-2023-0045.html
o https://www.suse.com/security/cve/CVE-2023-0266.html
o https://www.suse.com/security/cve/CVE-2023-0590.html
o https://bugzilla.suse.com/show_bug.cgiid=1068032
o https://bugzilla.suse.com/show_bug.cgiid=1175995
o https://bugzilla.suse.com/show_bug.cgiid=1186449
o https://bugzilla.suse.com/show_bug.cgiid=1194535
o https://bugzilla.suse.com/show_bug.cgiid=1198971
o https://bugzilla.suse.com/show_bug.cgiid=1201420
o https://bugzilla.suse.com/show_bug.cgiid=1202195
o https://bugzilla.suse.com/show_bug.cgiid=1202712
o https://bugzilla.suse.com/show_bug.cgiid=1202713
o https://bugzilla.suse.com/show_bug.cgiid=1203200
o https://bugzilla.suse.com/show_bug.cgiid=1203332
o https://bugzilla.suse.com/show_bug.cgiid=1203693
o https://bugzilla.suse.com/show_bug.cgiid=1204356
o https://bugzilla.suse.com/show_bug.cgiid=1204514
o https://bugzilla.suse.com/show_bug.cgiid=1204662
o https://bugzilla.suse.com/show_bug.cgiid=1205149
o https://bugzilla.suse.com/show_bug.cgiid=1205397
o https://bugzilla.suse.com/show_bug.cgiid=1205495
o https://bugzilla.suse.com/show_bug.cgiid=1206602
o https://bugzilla.suse.com/show_bug.cgiid=1206635
o https://bugzilla.suse.com/show_bug.cgiid=1206640
o https://bugzilla.suse.com/show_bug.cgiid=1206641
o https://bugzilla.suse.com/show_bug.cgiid=1206642
o https://bugzilla.suse.com/show_bug.cgiid=1206643
o https://bugzilla.suse.com/show_bug.cgiid=1206645
o https://bugzilla.suse.com/show_bug.cgiid=1206646
o https://bugzilla.suse.com/show_bug.cgiid=1206648
o https://bugzilla.suse.com/show_bug.cgiid=1206649
o https://bugzilla.suse.com/show_bug.cgiid=1206664
o https://bugzilla.suse.com/show_bug.cgiid=1206677
o https://bugzilla.suse.com/show_bug.cgiid=1206698
o https://bugzilla.suse.com/show_bug.cgiid=1206784
o https://bugzilla.suse.com/show_bug.cgiid=1206855
o https://bugzilla.suse.com/show_bug.cgiid=1206858
o https://bugzilla.suse.com/show_bug.cgiid=1206873
o https://bugzilla.suse.com/show_bug.cgiid=1206876
o https://bugzilla.suse.com/show_bug.cgiid=1206877
o https://bugzilla.suse.com/show_bug.cgiid=1206878
o https://bugzilla.suse.com/show_bug.cgiid=1206880
o https://bugzilla.suse.com/show_bug.cgiid=1206882
o https://bugzilla.suse.com/show_bug.cgiid=1206883
o https://bugzilla.suse.com/show_bug.cgiid=1206884
o https://bugzilla.suse.com/show_bug.cgiid=1206885
o https://bugzilla.suse.com/show_bug.cgiid=1206887
o https://bugzilla.suse.com/show_bug.cgiid=1206888
o https://bugzilla.suse.com/show_bug.cgiid=1206890
o https://bugzilla.suse.com/show_bug.cgiid=1207092
o https://bugzilla.suse.com/show_bug.cgiid=1207093
o https://bugzilla.suse.com/show_bug.cgiid=1207094
o https://bugzilla.suse.com/show_bug.cgiid=1207097
o https://bugzilla.suse.com/show_bug.cgiid=1207102
o https://bugzilla.suse.com/show_bug.cgiid=1207103
o https://bugzilla.suse.com/show_bug.cgiid=1207104
o https://bugzilla.suse.com/show_bug.cgiid=1207107
o https://bugzilla.suse.com/show_bug.cgiid=1207108
o https://bugzilla.suse.com/show_bug.cgiid=1207134
o https://bugzilla.suse.com/show_bug.cgiid=1207186
o https://bugzilla.suse.com/show_bug.cgiid=1207201
o https://bugzilla.suse.com/show_bug.cgiid=1207237
o https://bugzilla.suse.com/show_bug.cgiid=1207773
o https://bugzilla.suse.com/show_bug.cgiid=1207795
o https://bugzilla.suse.com/show_bug.cgiid=1207875
o https://bugzilla.suse.com/show_bug.cgiid=1208108
o https://bugzilla.suse.com/show_bug.cgiid=1208541
o https://bugzilla.suse.com/show_bug.cgiid=1208570
o https://jira.suse.com/browse/PED-1706
o https://jira.suse.com/browse/SLE-15608
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: https://auscert.org.au/gpg-key/
iQIVAwUBZAftNskNZI30y1K9AQhfTA//b0QmbDInvOgS71wgWz11oOO9eMRJb9cx
/NumOwhcxERApSjxzM8WPr72xXXwTRfn0ZOjf2q9PmKykqi477qyU3wDj2GnHoqc
ZhTjsjPmcaturmI67UNj/gq/Jgn1yyzqsOLoIq0Mi/HGyJ+3CElSwiAH+OokPhig
oxtD3l0amva/GsGamRi8TFcgqap8+6dWFDn/vL7GHemN+gL1Ru86QxJIxxP1FAgn
88NscgodRoXKQpKfYEyzqHEFQqmXVmoGmmj8sKAgoJzel3uJ3Rl7ArsqMb4O/mcN
XzzpIgz0+XFmB9z6RPj5RjEmGGH0eFiVYEPP8FJH1h5wGwvzaPhb9ja7GGAXXNTg
4aSFk09Fzz+i3J20a/1bTQd1CV6VPwhhkf9L2P69VIgCJKqeYK3EQ6cWGkvLc5Kn
XI7s8o3sQqeEYrIFdhnUSsWqejBDwV+Zui1Gctzb5Iz4zlaV/pu++gt3vjYLkIKR
iut8dE38uhX1Y9b5MT096RzySKKMSdKzmzZnW8zWDiuJr2cSbbdwis31eax/fRTX
92YaZ707zvz/N6hz+RqnwC2mHGyy5jLrCJRmpK3ichuzK3DS4iXte936wclzTEdn
4p29btjlM+fzqiQwajk1YReARVq9R5RBQUJJgn51oFfNhiwZb4u/ua/061vYoMgH
qdb9yYNAvvo=
=UEil
-----END PGP SIGNATURE-----