Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2023.2223 Security update for the Linux Kernel 19 April 2023 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Linux Kernel Publisher: SUSE Operating System: SUSE Resolution: Patch/Upgrade CVE Names: CVE-2023-28772 CVE-2023-28464 CVE-2023-28328 CVE-2023-23455 CVE-2023-1611 CVE-2023-1513 CVE-2023-1390 CVE-2023-1281 CVE-2023-1095 CVE-2023-1076 CVE-2022-20567 CVE-2021-3923 CVE-2020-36691 CVE-2017-5753 Original Bulletin: https://www.suse.com/support/update/announcement/2023/suse-su-20231894-1 Comment: CVSS (Max): 7.8 CVE-2023-23455 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) CVSS Source: SUSE Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H - --------------------------BEGIN INCLUDED TEXT-------------------- Security update for the Linux Kernel Announcement ID: SUSE-SU-2023:1894-1 Rating: important o #1065729 o #1109158 o #1142926 o #1181001 o #1193231 o #1199837 o #1203693 o #1206010 o #1207001 o #1207125 o #1207890 o #1208048 o #1208599 o #1208777 o #1208850 o #1209052 o #1209118 References: o #1209126 o #1209256 o #1209289 o #1209291 o #1209292 o #1209532 o #1209547 o #1209549 o #1209556 o #1209572 o #1209613 o #1209634 o #1209684 o #1209687 o #1209777 o #1209778 o #1209798 o CVE-2017-5753 o CVE-2020-36691 o CVE-2021-3923 o CVE-2022-20567 o CVE-2023-1076 o CVE-2023-1095 o CVE-2023-1281 Cross-References: o CVE-2023-1390 o CVE-2023-1513 o CVE-2023-1611 o CVE-2023-23455 o CVE-2023-28328 o CVE-2023-28464 o CVE-2023-28772 o CVE-2017-5753 ( SUSE ): 7.1 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/ S:C/C:H/I:N/A:N o CVE-2017-5753 ( NVD ): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/ S:C/C:H/I:N/A:N o CVE-2017-5753 ( NVD ): 5.6 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/ S:C/C:H/I:N/A:N o CVE-2020-36691 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N /S:U/C:N/I:N/A:H o CVE-2020-36691 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/ S:U/C:N/I:N/A:H o CVE-2021-3923 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/ S:U/C:L/I:N/A:N o CVE-2021-3923 ( NVD ): 2.3 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/ S:U/C:L/I:N/A:N o CVE-2022-20567 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N /S:U/C:H/I:H/A:H o CVE-2022-20567 ( NVD ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/ S:U/C:H/I:H/A:H o CVE-2023-1076 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/ S:U/C:H/I:N/A:N o CVE-2023-1076 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/ S:U/C:N/I:H/A:N o CVE-2023-1095 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/ S:U/C:N/I:N/A:H o CVE-2023-1095 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/ S:U/C:N/I:N/A:H o CVE-2023-1281 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/ S:U/C:H/I:H/A:H CVSS scores: o CVE-2023-1281 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/ S:U/C:H/I:H/A:H o CVE-2023-1390 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/ S:U/C:N/I:N/A:H o CVE-2023-1390 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/ S:U/C:N/I:N/A:H o CVE-2023-1513 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/ S:U/C:N/I:N/A:L o CVE-2023-1513 ( NVD ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/ S:U/C:L/I:N/A:N o CVE-2023-1611 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/ S:U/C:N/I:N/A:H o CVE-2023-1611 ( NVD ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/ S:U/C:H/I:N/A:H o CVE-2023-23455 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N /S:U/C:H/I:H/A:H o CVE-2023-23455 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/ S:U/C:N/I:N/A:H o CVE-2023-28328 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N /S:U/C:N/I:N/A:H o CVE-2023-28464 ( SUSE ): 4.8 CVSS:3.1/AV:A/AC:H/PR:N/UI:R /S:U/C:N/I:N/A:H o CVE-2023-28464 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/ S:U/C:H/I:H/A:H o CVE-2023-28772 ( SUSE ): 3.0 CVSS:3.1/AV:L/AC:H/PR:H/UI:N /S:U/C:N/I:L/A:L o CVE-2023-28772 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/ S:U/C:H/I:H/A:H Affected o SUSE Linux Enterprise High Performance Computing 12 SP5 Products: o SUSE Linux Enterprise Real Time 12 SP5 o SUSE Linux Enterprise Server 12 SP5 An update that solves 14 vulnerabilities and has 20 fixes can now be installed. Description: The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: o CVE-2023-1611: Fixed an use-after-free flaw in btrfs_search_slot (bsc# 1209687). o CVE-2020-36691: Fixed an issue which could allow attackers to cause a denial of service via a nested Netlink policy with a back reference (bsc# 1209613). o CVE-2023-28772: Fixed buffer overflow in seq_buf_putmem_hex in lib/ seq_buf.c (bsc#1209549). o CVE-2023-1513: Fixed an uninitialized portions of the kvm_debugregs structure that could be copied to userspace, causing an information leak (bsc#1209532). o CVE-2023-28464: Fixed user-after-free that could lead to privilege escalation in hci_conn_cleanup in net/bluetooth/hci_conn.c (bsc#1209052). o CVE-2021-3923: Fixed stack information leak vulnerability that could lead to kernel protection bypass in infiniband RDMA (bsc#1209778). o CVE-2023-1390: Fixed remote DoS vulnerability in tipc_link_xmit() (bsc# 1209289). o CVE-2023-23455: Fixed a denial of service inside atm_tc_enqueue led by a type confusion (bsc#1207125). o CVE-2023-1281: Fixed use after free that could lead to privilege escalation in tcindex (bsc#1209634). o CVE-2017-5753: Fixed spectre V1 vulnerability on netlink (bsc#1209547). o CVE-2017-5753: Fixed spectre vulnerability in prlimit (bsc#1209256). o CVE-2023-28328: Fixed a denial of service issue in az6027 driver in drivers /media/usb/dev-usb/az6027.c (bsc#1209291). o CVE-2022-20567: Fixed use after free that could lead to a local privilege escalation in pppol2tp_create of l2tp_ppp.c (bsc#1208850). o CVE-2023-1076: Fixed incorrect UID assigned to tun/tap sockets (bsc# 1208599). o CVE-2023-1095: Fixed a NULL pointer dereference in nf_tables due to zeroed list head (bsc#1208777). The following non-security bugs were fixed: o applicom: Fix PCI device refcount leak in applicom_init() (git-fixes). o ARM: 8702/1: head-common.S: Clear lr before jumping to start_kernel() (git-fixes) o arm64: cmpxchg_double*: hazard against entire exchange variable (git-fixes) o arm64: cpu_ops: fix a leaked reference by adding missing of_node_put (git-fixes) o arm64: Discard .note.GNU-stack section (bsc#1203693 bsc#1209798). o arm64: Do not forget syscall when starting a new thread. (git-fixes) o arm64: Fix compiler warning from pte_unmap() with (git-fixes) o arm64: fix oops in concurrently setting insn_emulation sysctls (git-fixes) o arm64: kaslr: Reserve size of ARM64_MEMSTART_ALIGN in linear region (git-fixes) o arm64: kprobe: make page to RO mode when allocate it (git-fixes) o arm64: kpti: ensure patched kernel text is fetched from PoU (git-fixes) o arm64: Mark __stack_chk_guard as __ro_after_init (git-fixes) o arm64: psci: Avoid printing in cpu_psci_cpu_die() (git-fixes) o arm64: psci: Reduce the waiting time for cpu_psci_cpu_kill() (git-fixes) o arm64: unwind: Prohibit probing on return_address() (git-fixes) o arm64: Use test_tsk_thread_flag() for checking TIF_SINGLESTEP (git-fixes) o arm64/alternatives: do not patch up internal branches (git-fixes) o arm64/alternatives: move length validation inside the subsection (git-fixes) o arm64/alternatives: use subsections for replacement sequences (git-fixes) o arm64/cpufeature: Fix field sign for DIT hwcap detection (git-fixes) o arm64/mm: fix variable 'pud' set but not used (git-fixes) o arm64/mm: return cpu_all_mask when node is NUMA_NO_NODE (git-fixes) o arm64/vdso: Discard .note.gnu.property sections in vDSO (git-fixes) o Bluetooth: btusb: Add VID:PID 13d3:3529 for Realtek RTL8821CE (git-fixes). o Bluetooth: btusb: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). o crypto: arm64 - Fix unused variable compilation warnings of (git-fixes) o dt-bindings: reset: meson8b: fix duplicate reset IDs (git-fixes). o ftrace: Fix invalid address access in lookup_rec() when index is 0 (git-fixes). o ima: Fix function name error in comment (git-fixes). o Input: atmel_mxt_ts - fix double free in mxt_read_info_block (git-fixes). o ipv4: route: fix inet_rtm_getroute induced crash (git-fixes). o kabi: PCI: endpoint: Fix for concurrent memory allocation in OB address region (git-fixes). o kfifo: fix ternary sign extension bugs (git-fixes). o kgdb: Drop malformed kernel doc comment (git-fixes). o KVM: arm64: Hide system instruction access to Trace registers (git-fixes) o net: usb: lan78xx: Limit packet length to skb->len (git-fixes). o net: usb: qmi_wwan: Adding support for Cinterion MV31 (git-fixes). o net: usb: smsc75xx: Limit packet length to skb->len (git-fixes). o net: usb: smsc75xx: Move packet length check to prevent kernel panic in skb_pull (git-fixes). o net: usb: smsc95xx: Limit packet length to skb->len (git-fixes). o NFSv4: Fix hangs when recovering open state after a server reboot (git-fixes). o ntp: Limit TAI-UTC offset (git-fixes) o PCI: aardvark: Do not blindly enable ASPM L0s and do not write to read-only register (git-fixes). o PCI: aardvark: Do not rely on jiffies while holding spinlock (git-fixes). o PCI: aardvark: Do not touch PCIe registers if no card connected (git-fixes). o PCI: aardvark: Fix a leaked reference by adding missing of_node_put() (git-fixes). o PCI: aardvark: Fix checking for PIO Non-posted Request (git-fixes). o PCI: aardvark: Fix kernel panic during PIO transfer (git-fixes). o PCI: aardvark: Improve link training (git-fixes). o PCI: aardvark: Indicate error in 'val' when config read fails (git-fixes). o PCI: aardvark: Introduce an advk_pcie_valid_device() helper (git-fixes). o PCI: aardvark: Remove PCIe outbound window configuration (git-fixes). o PCI: aardvark: Train link immediately after enabling training (git-fixes). o PCI: aardvark: Wait for endpoint to be ready before training link (git-fixes). o PCI: Add ACS quirk for Intel Root Complex Integrated Endpoints (git-fixes). o PCI: Add ACS quirk for iProc PAXB (git-fixes). o PCI: Avoid FLR for AMD Matisse HD Audio & USB 3.0 (git-fixes). o PCI: Avoid FLR for AMD Starship USB 3.0 (git-fixes). o PCI: endpoint: Cast the page number to phys_addr_t (git-fixes). o PCI: endpoint: Fix for concurrent memory allocation in OB address region (git-fixes). o PCI: hv: Add a per-bus mutex state_lock (bsc#1207001). o PCI: hv: fix a race condition bug in hv_pci_query_relations() (bsc# 1207001). o PCI: hv: Fix a race condition in hv_irq_unmask() that can cause panic (bsc# 1207001). o PCI: hv: Remove the useless hv_pcichild_state from struct hv_pci_dev (bsc# 1207001). o PCI: Make ACS quirk implementations more uniform (git-fixes). o PCI: PM: Avoid forcing PCI_D0 for wakeup reasons inconsistently (git-fixes). o PCI: PM: Avoid skipping bus-level PM on platforms without ACPI (git-fixes). o PCI: qcom: Use PHY_REFCLK_USE_PAD only for ipq8064 (git-fixes). o PCI: tegra: Fix OF node reference leak (git-fixes). o PCI: Unify ACS quirk desired vs provided checking (git-fixes). o PCI: Use pci_update_current_state() in pci_enable_device_flags() (git-fixes). o PCI: xgene-msi: Fix race in installing chained irq handler (git-fixes). o PCI/MSI: Enforce MSI entry updates to be visible (git-fixes). o PCI/MSI: Enforce that MSI-X table entry is masked for update (git-fixes). o PCI/MSI: Mask all unused MSI-X entries (git-fixes). o PCI/MSI: Skip masking MSI-X on Xen PV (git-fixes). o PCI/PM: Always return devices to D0 when thawing (git-fixes). o PCI/PM: Avoid using device_may_wakeup() for runtime PM (git-fixes). o PM: hibernate: flush swap writer after marking (git-fixes). o powerpc/btext: add missing of_node_put (bsc#1065729). o powerpc/powernv/ioda: Skip unallocated resources when mapping to PE (bsc# 1065729). o powerpc/pseries/lpar: add missing RTAS retry status handling (bsc#1109158 ltc#169177 git-fixes). o powerpc/pseries/lparcfg: add missing RTAS retry status handling (bsc# 1065729). o powerpc/rtas: ensure 4KB alignment for rtas_data_buf (bsc#1065729). o powerpc/xics: fix refcount leak in icp_opal_init() (bsc#1065729). o ppc64le: HWPOISON_INJECT=m (bsc#1209572). o ring-buffer: remove obsolete comment for free_buffer_page() (git-fixes). o s390/vfio-ap: fix memory leak in vfio_ap device driver (git-fixes). o sbitmap: Avoid lockups when waker gets preempted (bsc#1209118). o scsi: lpfc: Return DID_TRANSPORT_DISRUPTED instead of DID_REQUEUE (bsc# 1199837). o scsi: qla2xxx: Synchronize the IOCB count to be in order (bsc#1209292 bsc# 1209684 bsc#1209556). o SUNRPC: Fix a server shutdown leak (git-fixes). o timekeeping: Prevent 32bit truncation in (git-fixes) o timers: Clear timer_base::must_forward_clk with (bsc#1207890) o timers/sched_clock: Prevent generic sched_clock wrap caused by tick_freeze () (git-fixes). o tracing: Add NULL checks for buffer in ring_buffer_free_read_page() (git-fixes). o tracing/hwlat: Replace sched_setaffinity with set_cpus_allowed_ptr (git-fixes). o uprobes/x86: Fix detection of 32-bit user mode (git-fixes). o usb: chipidea: fix deadlock in ci_otg_del_timer (git-fixes). o usb: dwc3: exynos: Fix remove() function (git-fixes). o usb: dwc3: gadget: Stop processing more requests on IMI (git-fixes). o usb: misc: iowarrior: fix up header size for USB_DEVICE_ID_CODEMERCS_IOW100 (git-fixes). o usb: typec: altmodes/displayport: Fix probe pin assign check (git-fixes). o x86, boot: Remove multiple copy of static function sanitize_boot_params() (git-fixes). o x86/apic: Add name to irq chip (bsc#1206010). o x86/apic: Deinline x2apic functions (bsc#1181001 jsc#ECO-3191). o x86/apic: Fix arch_dynirq_lower_bound() bug for DT enabled machines (git-fixes). o x86/apic: Handle missing global clockevent gracefully (git-fixes bsc# 1142926). o x86/apic: Soft disable APIC before initializing it (git-fixes). o x86/atomic: Fix smp_mb__{before,after}_atomic() (git-fixes). o x86/build: Add 'set -e' to mkcapflags.sh to delete broken capflags.c (git-fixes). o x86/decoder: Add TEST opcode to Group3-2 (git-fixes). o x86/ia32: Fix ia32_restore_sigcontext() AC leak (git-fixes). o x86/ioapic: Force affinity setup before startup (bsc#1193231). o x86/ioapic: Prevent inconsistent state when moving an interrupt (git-fixes). o x86/irq/64: Limit IST stack overflow check to #DB stack (git-fixes). o x86/lib/cpu: Address missing prototypes warning (git-fixes). o x86/mce: Lower throttling MCE messages' priority to warning (git-fixes). o x86/mm: Remove in_nmi() warning from 64-bit implementation of vmalloc_fault () (git-fixes). o x86/mm: Use the correct function type for native_set_fixmap() (git-fixes). o x86/paravirt: Fix callee-saved function ELF sizes (git-fixes). o x86/PCI: Fix PCI IRQ routing table memory leak (git-fixes). o x86/power: Fix 'nosmt' vs hibernation triple fault during resume (git-fixes). o x86/reboot: Always use NMI fallback when shutdown via reboot vector IPI fails (git-fixes). o x86/stacktrace: Prevent infinite loop in arch_stack_walk_user() (git-fixes). o x86/sysfb: Fix check for bad VRAM size (git-fixes). o x86/uaccess, signal: Fix AC=1 bloat (git-fixes). o x86/x2apic: Mark set_x2apic_phys_mode() as __init (bsc#1181001 jsc# ECO-3191). o x86/xen: Fix memory leak in xen_init_lock_cpu() (git-fixes). o x86/xen: Fix memory leak in xen_smp_intr_init{_pv}() (git-fixes). o xen/netfront: enable device after manual module load (git-fixes). o xen/netfront: Fix mismatched rtnl_unlock (git-fixes). o xen/netfront: Fix NULL sring after live migration (git-fixes). o xen/netfront: fix potential deadlock in xennet_remove() (git-fixes). o xen/netfront: Fix race between device setup and open (git-fixes). o xen/netfront: Update features after registering netdev (git-fixes). o xen/netfront: wait xenbus state change when load module manually (git-fixes). o xen/netfront: fix waiting for xenbus state change (git-fixes). o xen/netfront: stop tx queues during live migration (git-fixes). o xen/platform-pci: add missing free_irq() in error path (git-fixes). Special Instructions and Notes: o Please reboot the system after installing this update. Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: o SUSE Linux Enterprise Real Time 12 SP5 zypper in -t patch SUSE-SLE-RT-12-SP5-2023-1894=1 Package List: o SUSE Linux Enterprise Real Time 12 SP5 (x86_64) dlm-kmp-rt-debuginfo-4.12.14-10.121.1 kernel-syms-rt-4.12.14-10.121.1 cluster-md-kmp-rt-debuginfo-4.12.14-10.121.1 kernel-rt-debuginfo-4.12.14-10.121.1 kernel-rt-devel-debuginfo-4.12.14-10.121.1 kernel-rt-base-4.12.14-10.121.1 kernel-rt_debug-devel-4.12.14-10.121.1 kernel-rt_debug-devel-debuginfo-4.12.14-10.121.1 ocfs2-kmp-rt-4.12.14-10.121.1 kernel-rt-base-debuginfo-4.12.14-10.121.1 ocfs2-kmp-rt-debuginfo-4.12.14-10.121.1 kernel-rt_debug-debuginfo-4.12.14-10.121.1 kernel-rt-debugsource-4.12.14-10.121.1 gfs2-kmp-rt-4.12.14-10.121.1 dlm-kmp-rt-4.12.14-10.121.1 kernel-rt_debug-debugsource-4.12.14-10.121.1 kernel-rt-devel-4.12.14-10.121.1 cluster-md-kmp-rt-4.12.14-10.121.1 gfs2-kmp-rt-debuginfo-4.12.14-10.121.1 o SUSE Linux Enterprise Real Time 12 SP5 (noarch) kernel-devel-rt-4.12.14-10.121.1 kernel-source-rt-4.12.14-10.121.1 o SUSE Linux Enterprise Real Time 12 SP5 (nosrc x86_64) kernel-rt_debug-4.12.14-10.121.1 kernel-rt-4.12.14-10.121.1 References: o https://www.suse.com/security/cve/CVE-2017-5753.html o https://www.suse.com/security/cve/CVE-2020-36691.html o https://www.suse.com/security/cve/CVE-2021-3923.html o https://www.suse.com/security/cve/CVE-2022-20567.html o https://www.suse.com/security/cve/CVE-2023-1076.html o https://www.suse.com/security/cve/CVE-2023-1095.html o https://www.suse.com/security/cve/CVE-2023-1281.html o https://www.suse.com/security/cve/CVE-2023-1390.html o https://www.suse.com/security/cve/CVE-2023-1513.html o https://www.suse.com/security/cve/CVE-2023-1611.html o https://www.suse.com/security/cve/CVE-2023-23455.html o https://www.suse.com/security/cve/CVE-2023-28328.html o https://www.suse.com/security/cve/CVE-2023-28464.html o https://www.suse.com/security/cve/CVE-2023-28772.html o https://bugzilla.suse.com/show_bug.cgiid=1065729 o https://bugzilla.suse.com/show_bug.cgiid=1109158 o https://bugzilla.suse.com/show_bug.cgiid=1142926 o https://bugzilla.suse.com/show_bug.cgiid=1181001 o https://bugzilla.suse.com/show_bug.cgiid=1193231 o https://bugzilla.suse.com/show_bug.cgiid=1199837 o https://bugzilla.suse.com/show_bug.cgiid=1203693 o https://bugzilla.suse.com/show_bug.cgiid=1206010 o https://bugzilla.suse.com/show_bug.cgiid=1207001 o https://bugzilla.suse.com/show_bug.cgiid=1207125 o https://bugzilla.suse.com/show_bug.cgiid=1207890 o https://bugzilla.suse.com/show_bug.cgiid=1208048 o https://bugzilla.suse.com/show_bug.cgiid=1208599 o https://bugzilla.suse.com/show_bug.cgiid=1208777 o https://bugzilla.suse.com/show_bug.cgiid=1208850 o https://bugzilla.suse.com/show_bug.cgiid=1209052 o https://bugzilla.suse.com/show_bug.cgiid=1209118 o https://bugzilla.suse.com/show_bug.cgiid=1209126 o https://bugzilla.suse.com/show_bug.cgiid=1209256 o https://bugzilla.suse.com/show_bug.cgiid=1209289 o https://bugzilla.suse.com/show_bug.cgiid=1209291 o https://bugzilla.suse.com/show_bug.cgiid=1209292 o https://bugzilla.suse.com/show_bug.cgiid=1209532 o https://bugzilla.suse.com/show_bug.cgiid=1209547 o https://bugzilla.suse.com/show_bug.cgiid=1209549 o https://bugzilla.suse.com/show_bug.cgiid=1209556 o https://bugzilla.suse.com/show_bug.cgiid=1209572 o https://bugzilla.suse.com/show_bug.cgiid=1209613 o https://bugzilla.suse.com/show_bug.cgiid=1209634 o https://bugzilla.suse.com/show_bug.cgiid=1209684 o https://bugzilla.suse.com/show_bug.cgiid=1209687 o https://bugzilla.suse.com/show_bug.cgiid=1209777 o https://bugzilla.suse.com/show_bug.cgiid=1209778 o https://bugzilla.suse.com/show_bug.cgiid=1209798 - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: https://auscert.org.au/gpg-key/ iQIVAwUBZD8xnMkNZI30y1K9AQjKNA//VHUGZ/vafX1OUh0cwnE7c4g7kc7UP0Ns X2eCNUIEdS0yf1guwj6/RhCkp3HWANM6qZcc6SREv314n7V6oQipfaR5xQrf3WBk wFx84YriuOcg/pURvimYf5FT9DMszo/xA5x0LCbKPC4LI3zu79BtgDP38v14iGyX TMelg87/Fpd4cfYb13HvHdEJHrQ/bYbAHzPnv3S0oulPJXb2dHQ76bU2N2eWux9d VtrxvBZ9eubNJy2iHkOMdWyE/Nv5iP84VCIK7QElNFWs1DWvIhmv0XUqjGaSWYU2 koQUypYP/cfW3ymyPuzlU9wb+farcvwFlAl7EoRjPOKDDzOrP3VB6rWaFdjkjBnI Xg0ofWZw5Ud5rY4wbXjAwmg5YSNO1ePVTCcW86eUXGgGDvJa9Hs1UjHiUT4cZYJL k6h2qz4KGZ2kJj1kMfOlpvVeg4gCXI/fIi3WA33Sw95qC9xmAktiqi6qFTNFn07A pmSnBHXExacHNsrRerWCqt0yImPRQ+k+Cpe6i2bDQukjGwXfX1ToKam4cnMvS9ED F1z1h4j6+vgczJsDx5NB8rQ3/ps31vgKs1Qdo8spsp9XtaOICKHq+yjtuDz2/3M2 GvVqxyZ0VUkXBb/YH8GT+wJV/1MUuc6JUKoOhVQbemj7VvbrwZprC7P0z5r4xzDV GXb47C1h6ho= =+4wh -----END PGP SIGNATURE-----