Protect yourself against future threats.
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2024.1926
Security update for the Linux Kernel
28 March 2024
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Linux Kernel
Publisher: SUSE
Operating System: SUSE
Resolution: Patch/Upgrade
CVE Names: CVE-2023-52448 CVE-2023-52478 CVE-2024-26591
CVE-2023-52449 CVE-2024-1151 CVE-2024-23850
CVE-2024-23851 CVE-2024-26585 CVE-2024-26586
CVE-2024-26593 CVE-2024-26595 CVE-2024-26598
CVE-2024-26602 CVE-2024-26603 CVE-2024-26622
CVE-2023-28746 CVE-2024-0607 CVE-2023-52451
CVE-2023-6817 CVE-2024-23849 CVE-2023-52439
CVE-2023-52456 CVE-2023-52443 CVE-2023-52463
CVE-2023-52464 CVE-2024-25744 CVE-2023-5197
CVE-2023-52457 CVE-2024-26589 CVE-2019-25162
CVE-2021-46923 CVE-2021-46924 CVE-2021-46932
CVE-2023-52447 CVE-2023-52445 CVE-2023-52340
CVE-2023-52429 CVE-2023-52452 CVE-2023-52475
Original Bulletin:
https://www.suse.com/support/update/announcement/2024/suse-su-20240910-1
Comment: CVSS (Max): 7.8 CVE-2024-26622 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVSS Source: SUSE
Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- --------------------------BEGIN INCLUDED TEXT--------------------
Security update for the Linux Kernel
Announcement ID: SUSE-SU-2024:0910-1
Rating: important
o bsc#1194869
o bsc#1206453
o bsc#1209412
o bsc#1213456
o bsc#1216776
o bsc#1217927
o bsc#1218195
o bsc#1218216
o bsc#1218450
o bsc#1218527
o bsc#1218663
o bsc#1218915
o bsc#1219126
o bsc#1219127
o bsc#1219141
o bsc#1219146
o bsc#1219295
o bsc#1219443
o bsc#1219653
o bsc#1219827
o bsc#1219835
o bsc#1219839
o bsc#1219840
o bsc#1219934
o bsc#1220003
o bsc#1220009
o bsc#1220021
o bsc#1220030
o bsc#1220106
o bsc#1220140
o bsc#1220187
References: o bsc#1220238
o bsc#1220240
o bsc#1220241
o bsc#1220243
o bsc#1220250
o bsc#1220251
o bsc#1220253
o bsc#1220254
o bsc#1220255
o bsc#1220257
o bsc#1220267
o bsc#1220277
o bsc#1220317
o bsc#1220326
o bsc#1220328
o bsc#1220330
o bsc#1220335
o bsc#1220344
o bsc#1220348
o bsc#1220350
o bsc#1220364
o bsc#1220392
o bsc#1220393
o bsc#1220398
o bsc#1220409
o bsc#1220444
o bsc#1220457
o bsc#1220459
o bsc#1220649
o bsc#1220796
o bsc#1220825
o jsc#PED-7618
o CVE-2019-25162
o CVE-2021-46923
o CVE-2021-46924
o CVE-2021-46932
o CVE-2023-28746
o CVE-2023-5197
o CVE-2023-52340
o CVE-2023-52429
o CVE-2023-52439
o CVE-2023-52443
o CVE-2023-52445
o CVE-2023-52447
o CVE-2023-52448
o CVE-2023-52449
o CVE-2023-52451
o CVE-2023-52452
o CVE-2023-52456
o CVE-2023-52457
o CVE-2023-52463
Cross-References: o CVE-2023-52464
o CVE-2023-52475
o CVE-2023-52478
o CVE-2023-6817
o CVE-2024-0607
o CVE-2024-1151
o CVE-2024-23849
o CVE-2024-23850
o CVE-2024-23851
o CVE-2024-25744
o CVE-2024-26585
o CVE-2024-26586
o CVE-2024-26589
o CVE-2024-26591
o CVE-2024-26593
o CVE-2024-26595
o CVE-2024-26598
o CVE-2024-26602
o CVE-2024-26603
o CVE-2024-26622
o CVE-2023-28746 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N
/S:C/C:H/I:N/A:N
o CVE-2023-5197 ( SUSE ): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/
S:U/C:L/I:L/A:H
o CVE-2023-5197 ( NVD ): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/
S:U/C:L/I:L/A:H
o CVE-2023-52340 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N
/S:U/C:N/I:N/A:H
o CVE-2023-52429 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N
/S:U/C:N/I:N/A:H
o CVE-2023-52439 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N
/S:U/C:H/I:H/A:H
o CVE-2023-6817 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/
S:U/C:H/I:H/A:H
o CVE-2023-6817 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/
S:U/C:H/I:H/A:H
o CVE-2024-0607 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/
S:U/C:N/I:H/A:L
CVSS scores: o CVE-2024-0607 ( NVD ): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/
S:U/C:L/I:L/A:H
o CVE-2024-1151 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/
S:U/C:N/I:N/A:H
o CVE-2024-23849 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N
/S:U/C:H/I:N/A:N
o CVE-2024-23849 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/
S:U/C:N/I:N/A:H
o CVE-2024-23850 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N
/S:U/C:N/I:N/A:H
o CVE-2024-23850 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/
S:U/C:N/I:N/A:H
o CVE-2024-23851 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N
/S:U/C:N/I:N/A:H
o CVE-2024-23851 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/
S:U/C:N/I:N/A:H
o CVE-2024-25744 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N
/S:U/C:H/I:H/A:H
o openSUSE Leap 15.5
o SUSE Linux Enterprise High Performance Computing 15 SP5
o SUSE Linux Enterprise Live Patching 15-SP5
Affected o SUSE Linux Enterprise Micro 5.5
Products: o SUSE Linux Enterprise Real Time 15 SP5
o SUSE Linux Enterprise Server 15 SP5
o SUSE Linux Enterprise Server for SAP Applications 15 SP5
o SUSE Real Time Module 15-SP5
An update that solves 39 vulnerabilities, contains one feature and has 23
security fixes can now be installed.
Description:
The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various
security and bugfixes.
The following security bugs were fixed:
o CVE-2019-25162: Fixed a potential use after free (bsc#1220409).
o CVE-2021-46923: Fixed reference leakage in fs/mount_setattr (bsc#1220457).
o CVE-2021-46924: Fixed fix memory leak in device probe and remove (bsc#
1220459)
o CVE-2021-46932: Fixed missing work initialization before device
registration (bsc#1220444)
o CVE-2023-28746: Fixed Register File Data Sampling (bsc#1213456).
o CVE-2023-5197: Fixed se-after-free due to addition and removal of rules
from chain bindings within the same transaction (bsc#1218216).
o CVE-2023-52340: Fixed ICMPv6 "Packet Too Big" packets force a DoS of the
Linux kernel by forcing 100% CPU (bsc#1219295).
o CVE-2023-52429: Fixed potential DoS in dm_table_create in drivers/md/
dm-table.c (bsc#1219827).
o CVE-2023-52439: Fixed use-after-free in uio_open (bsc#1220140).
o CVE-2023-52443: Fixed crash when parsed profile name is empty (bsc#
1220240).
o CVE-2023-52445: Fixed use after free on context disconnection (bsc#
1220241).
o CVE-2023-52447: Fixed map_fd_put_ptr() signature kABI workaround (bsc#
1220251).
o CVE-2023-52448: Fixed kernel NULL pointer dereference in gfs2_rgrp_dump
(bsc#1220253).
o CVE-2023-52449: Fixed gluebi NULL pointer dereference caused by ftl
notifier (bsc#1220238).
o CVE-2023-52451: Fixed access beyond end of drmem array (bsc#1220250).
o CVE-2023-52452: Fixed Fix accesses to uninit stack slots (bsc#1220257).
o CVE-2023-52456: Fixed tx statemachine deadlock (bsc#1220364).
o CVE-2023-52457: Fixed skipped resource freeing if pm_runtime_resume_and_get
() failed (bsc#1220350).
o CVE-2023-52463: Fixed null pointer dereference in efivarfs (bsc#1220328).
o CVE-2023-52464: Fixed possible out-of-bounds string access (bsc#1220330)
o CVE-2023-52475: Fixed use-after-free in powermate_config_complete (bsc#
1220649)
o CVE-2023-52478: Fixed kernel crash on receiver USB disconnect (bsc#1220796)
o CVE-2023-6817: Fixed use-after-free in nft_pipapo_walk (bsc#1218195).
o CVE-2024-0607: Fixed 64-bit load issue in nft_byteorder_eval() (bsc#
1218915).
o CVE-2024-1151: Fixed unlimited number of recursions from action sets (bsc#
1219835).
o CVE-2024-23849: Fixed array-index-out-of-bounds in rds_cmsg_recv (bsc#
1219127).
o CVE-2024-23850: Fixed double free of anonymous device after snapshot
creation failure (bsc#1219126).
o CVE-2024-23851: Fixed crash in copy_params in drivers/md/dm-ioctl.c (bsc#
1219146).
o CVE-2024-25744: Fixed Security issue with int 80 interrupt vector (bsc#
1217927).
o CVE-2024-26585: Fixed race between tx work scheduling and socket close (bsc
#1220187).
o CVE-2024-26586: Fixed stack corruption (bsc#1220243).
o CVE-2024-26589: Fixed out of bounds read due to variable offset alu on
PTR_TO_FLOW_KEYS (bsc#1220255).
o CVE-2024-26591: Fixed re-attachment branch in bpf_tracing_prog_attach (bsc#
1220254).
o CVE-2024-26593: Fixed block process call transactions (bsc#1220009).
o CVE-2024-26595: Fixed NULL pointer dereference in error path (bsc#1220344).
o CVE-2024-26598: Fixed potential UAF in LPI translation cache (bsc#1220326).
o CVE-2024-26602: Fixed overall slowdowns with sys_membarrier (bsc1220398).
o CVE-2024-26603: Fixed infinite loop via #PF handling (bsc#1220335).
o CVE-2024-26622: Fixed UAF write bug in tomoyo_write_control() (bsc#
1220825).
The following non-security bugs were fixed:
o acpi: apei: set memory failure flags as mf_action_required on synchronous
events (git-fixes).
o acpi: button: add lid disable dmi quirk for nextbook ares 8a (git-fixes).
o acpi: extlog: fix null pointer dereference check (git-fixes).
o acpi: resource: add asus model s5402za to quirks (git-fixes).
o acpi: resource: skip irq override on asus expertbook b1502cba (git-fixes).
o acpi: resource: skip irq override on asus expertbook b2402cba (git-fixes).
o acpi: video: add backlight=native dmi quirk for apple imac11,3 (git-fixes).
o acpi: video: add backlight=native dmi quirk for apple imac12,1 and imac12,2
(git-fixes).
o acpi: video: add backlight=native dmi quirk for lenovo thinkpad x131e (3371
amd version) (git-fixes).
o acpi: video: add quirk for the colorful x15 at 23 laptop (git-fixes).
o add reference to recently released cve
o afs: fix the usage of read_seqbegin_or_lock() in afs_find_server*()
(git-fixes).
o afs: fix the usage of read_seqbegin_or_lock() in afs_lookup_volume_rcu()
(git-fixes).
o afs: hide silly-rename files from userspace (git-fixes).
o afs: increase buffer size in afs_update_volume_status() (git-fixes).
o ahci: asm1166: correct count of reported ports (git-fixes).
o alsa: drop leftover snd-rtctimer stuff from makefile (git-fixes).
o alsa: firewire-lib: fix to check cycle continuity (git-fixes).
o alsa: hda/conexant: add quirk for sws js201d (git-fixes).
o alsa: hda/realtek: apply headset jack quirk for non-bass alc287 thinkpads
(git-fixes).
o alsa: hda/realtek: cs35l41: fix device id / model name (git-fixes).
o alsa: hda/realtek: cs35l41: fix order and duplicates in quirks table
(git-fixes).
o alsa: hda/realtek: enable headset mic on vaio vjfe-adl (git-fixes).
o alsa: hda/realtek: enable mute led on hp laptop 14-fq0xxx (git-fixes).
o alsa: hda/realtek: fix mute/micmute led for hp mt645 (git-fixes).
o alsa: hda/realtek: fix mute/micmute leds for hp zbook power (git-fixes).
o alsa: hda/realtek: fix the external mic not being recognised for acer swift
1 sf114-32 (git-fixes).
o alsa: usb-audio: add a quirk for yamaha yit-w12tx transmitter (git-fixes).
o alsa: usb-audio: add delay quirk for motu m series 2nd revision
(git-fixes).
o alsa: usb-audio: add quirk for rode nt-usb+ (git-fixes).
o alsa: usb-audio: check presence of valid altsetting control (git-fixes).
o alsa: usb-audio: ignore clock selector errors for single connection
(git-fixes).
o alsa: usb-audio: more relaxed check of midi jack names (git-fixes).
o alsa: usb-audio: sort quirk table entries (git-fixes).
o arm64: entry: fix arm64_workaround_speculative_unpriv_load (bsc#1219443)
o arm64: entry: preserve/restore x29 even for compat tasks (bsc#1219443)
o arm64: entry: simplify tramp_alias macro and tramp_exit routine (bsc#
1219443)
o arm64: errata: add cortex-a510 speculative unprivileged load (bsc#1219443)
enable workaround.
o arm64: errata: add cortex-a520 speculative unprivileged load (bsc#1219443)
enable workaround without kabi break.
o arm64: errata: mitigate ampere1 erratum ac03_cpu_38 at stage-2 (git-fixes)
enable ampere_erratum_ac03_cpu_38 workaround without kabi break
o arm64: irq: set the correct node for shadow call stack (git-fixes)
o arm64: irq: set the correct node for vmap stack (git-fixes)
o arm64: rename arm64_workaround_2966298 (bsc#1219443)
o arm64: subscribe microsoft azure cobalt 100 to arm neoverse n2 errata
(git-fixes)
o asoc: doc: fix undefined snd_soc_dapm_nopm argument (git-fixes).
o asoc: rt5645: fix deadlock in rt5645_jack_detect_work() (git-fixes).
o asoc: sof: ipc3: fix message bounds on ipc ops (git-fixes).
o asoc: sunxi: sun4i-spdif: add support for allwinner h616 (git-fixes).
o atm: idt77252: fix a memleak in open_card_ubr0 (git-fixes).
o bluetooth: avoid potential use-after-free in hci_error_reset (git-fixes).
o bluetooth: enforce validation on max value of connection interval
(git-fixes).
o bluetooth: hci_event: fix handling of hci_ev_io_capa_request (git-fixes).
o bluetooth: hci_event: fix wrongly recorded wakeup bd_addr (git-fixes).
o bluetooth: hci_sync: check the correct flag before starting a scan
(git-fixes).
o bluetooth: hci_sync: fix accept_list when attempting to suspend
(git-fixes).
o bluetooth: l2cap: fix possible multiple reject send (git-fixes).
o bluetooth: qca: fix wrong event type for patch config command (git-fixes).
o bpf: fix verification of indirect var-off stack access (git-fixes).
o bpf: guard stack limits against 32bit overflow (git-fixes).
o bpf: minor logging improvement (bsc#1220257).
o bus: moxtet: add spi device table (git-fixes).
o cachefiles: fix memory leak in cachefiles_add_cache() (bsc#1220267).
o can: j1939: fix uaf in j1939_sk_match_filter during setsockopt
(so_j1939_filter) (git-fixes).
o crypto: api - disallow identical driver names (git-fixes).
o crypto: ccp - fix null pointer dereference in
__sev_platform_shutdown_locked (git-fixes).
o crypto: octeontx2 - fix cptvf driver cleanup (git-fixes).
o crypto: stm32/crc32 - fix parsing list of devices (git-fixes).
o dmaengine: fsl-qdma: fix a memory leak related to the queue command dma
(git-fixes).
o dmaengine: fsl-qdma: fix soc may hang on 16 byte unaligned read
(git-fixes).
o dmaengine: fsl-qdma: increase size of 'irq_name' (git-fixes).
o dmaengine: fsl-qdma: init irq after reg initialization (git-fixes).
o dmaengine: ptdma: use consistent dma masks (git-fixes).
o dmaengine: shdma: increase size of 'dev_id' (git-fixes).
o dmaengine: ti: edma: add some null pointer checks to the edma_probe
(git-fixes).
o driver core: fix device_link_flag_is_sync_state_only() (git-fixes).
o drm/amd/display: fix memory leak in dm_sw_fini() (git-fixes).
o drm/amd/display: fix possible buffer overflow in 'find_dcfclk_for_voltage()
' (git-fixes).
o drm/amd/display: fix possible null dereference on device remove/driver
unload (git-fixes).
o drm/amd/display: increase frame-larger-than for all display_mode_vba files
(git-fixes).
o drm/amd/display: increased min_dcfclk_mhz and min_fclk_mhz (git-fixes).
o drm/amd/display: preserve original aspect ratio in create stream
(git-fixes).
o drm/amdgpu/display: initialize gamma correction mode variable in
dcn30_get_gamcor_current() (git-fixes).
o drm/amdgpu: reset gpu for s3 suspend abort case (git-fixes).
o drm/amdgpu: skip to program gfxdec registers for suspend abort (git-fixes).
o drm/buddy: fix range bias (git-fixes).
o drm/crtc: fix uninitialized variable use even harder (git-fixes).
o drm/i915/gvt: fix uninitialized variable in handle_mmio() (git-fixes).
o drm/msm/dp: return correct colorimetry for dp_test_dynamic_range_cea case
(git-fixes).
o drm/msm/dpu: check for valid hw_pp in dpu_encoder_helper_phys_cleanup
(git-fixes).
o drm/msms/dp: fixed link clock divider bits be over written in bpc unknown
case (git-fixes).
o drm/prime: support page array >= 4gb (git-fixes).
o drm/syncobj: call drm_syncobj_fence_add_wait when wait_available flag is
set (git-fixes).
o drm/ttm: fix an invalid freeing on already freed page in error path
(git-fixes).
o drop bcm5974 input patch causing a regression (bsc#1220030)
o efi/capsule-loader: fix incorrect allocation size (git-fixes).
o efi: do not add memblocks for soft-reserved memory (git-fixes).
o efi: runtime: fix potential overflow of soft-reserved region size
(git-fixes).
o fbcon: always restore the old font data in fbcon_do_set_font() (git-fixes).
o fbdev: savage: error out if pixclock equals zero (git-fixes).
o fbdev: sis: error out if pixclock equals zero (git-fixes).
o firewire: core: send bus reset promptly on gap count error (git-fixes).
o fs: dlm: fix build with config_ipv6 disabled (git-fixes).
o fs:jfs:ubsan:array-index-out-of-bounds in dbadjtree (git-fixes).
o gpio: 74x164: enable output pins after registers are reset (git-fixes).
o gpio: fix resource unwinding order in error path (git-fixes).
o gpiolib: acpi: ignore touchpad wakeup on gpd g1619-04 (git-fixes).
o gpiolib: fix the error path order in gpiochip_add_data_with_key()
(git-fixes).
o hid: apple: add 2021 magic keyboard fn key mapping (git-fixes).
o hid: apple: add support for the 2021 magic keyboard (git-fixes).
o hid: wacom: do not register input devices until after hid_hw_start
(git-fixes).
o hid: wacom: generic: avoid reporting a serial of '0' to userspace
(git-fixes).
o hwmon: (aspeed-pwm-tacho) mutex for tach reading (git-fixes).
o hwmon: (coretemp) enlarge per package core count limit (git-fixes).
o hwmon: (coretemp) fix bogus core_id to attr name mapping (git-fixes).
o hwmon: (coretemp) fix out-of-bounds memory access (git-fixes).
o i2c: i801: fix block process call transactions (git-fixes).
o i2c: i801: remove i801_set_block_buffer_mode (git-fixes).
o i2c: imx: add timer for handling the stop condition (git-fixes).
o i2c: imx: when being a target, mark the last read as processed (git-fixes).
o i3c: master: cdns: update maximum prescaler value for i2c clock
(git-fixes).
o ib/hfi1: fix a memleak in init_credit_return (git-fixes)
o ib/hfi1: fix sdma.h tx->num_descs off-by-one error (git-fixes)
o iio: accel: bma400: fix a compilation problem (git-fixes).
o iio: adc: ad7091r: set alert bit in config register (git-fixes).
o iio: core: fix memleak in iio_device_register_sysfs (git-fixes).
o iio: hid-sensor-als: return 0 for hid_usage_sensor_time_timestamp
(git-fixes).
o iio: magnetometer: rm3100: add boundary check for the value read from
rm3100_reg_tmrc (git-fixes).
o input: iqs269a - switch to define_simple_dev_pm_ops() and pm_sleep_ptr()
(git-fixes).
o input: xpad - add lenovo legion go controllers (git-fixes).
o irqchip/irq-brcmstb-l2: add write memory barrier before exit (git-fixes).
o jfs: fix array-index-out-of-bounds in dbadjtree (git-fixes).
o jfs: fix array-index-out-of-bounds in dinewext (git-fixes).
o jfs: fix slab-out-of-bounds read in dtsearch (git-fixes).
o jfs: fix uaf in jfs_evict_inode (git-fixes).
o kbuild: fix changing elf file type for output of gen_btf for big endian
(git-fixes).
o kvm: s390: fix cc for successful pqap (git-fixes bsc#1219839).
o kvm: s390: fix setting of fpc register (git-fixes bsc#1220392).
o kvm: s390: vsie: fix race during shadow creation (git-fixes bsc#1220393).
o kvm: vmx: move verw closer to vmentry for mds mitigation (git-fixes).
o kvm: vmx: use bt+jnc, i.e. eflags.cf to select vmresume vs. vmlaunch
(git-fixes).
o lan78xx: enable auto speed configuration for lan7850 if no eeprom is
detected (git-fixes).
o leds: trigger: panic: do not register panic notifier if creating the
trigger failed (git-fixes).
o lib/stackdepot: add depot_fetch_stack helper (jsc-ped#7423).
o lib/stackdepot: add refcount for records (jsc-ped#7423).
o lib/stackdepot: fix first entry having a 0-handle (jsc-ped#7423).
o lib/stackdepot: move stack_record struct definition into the header
(jsc-ped#7423).
o libsubcmd: fix memory leak in uniq() (git-fixes).
o media: ddbridge: fix an error code problem in ddb_probe (git-fixes).
o media: ir_toy: fix a memleak in irtoy_tx (git-fixes).
o media: rc: bpf attach/detach requires write permission (git-fixes).
o media: rockchip: rga: fix swizzling for rgb formats (git-fixes).
o media: stk1160: fixed high volume of stk1160_dbg messages (git-fixes).
o mfd: syscon: fix null pointer dereference in of_syscon_register()
(git-fixes).
o mm,page_owner: display all stacks and their count (jsc-ped#7423).
o mm,page_owner: filter out stacks by a threshold (jsc-ped#7423).
o mm,page_owner: implement the tracking of the stacks count (jsc-ped#7423).
o mm,page_owner: maintain own list of stack_records structs (jsc-ped#7423).
o mm,page_owner: update documentation regarding page_owner_stacks (jsc-ped#
7423).
o mm/hwpoison: fix unpoison_memory() (bsc#1218663).
o mm/hwpoison: mf_mutex for soft offline and unpoison (bsc#1218663).
o mm/hwpoison: remove mf_msg_buddy_2nd and mf_msg_poisoned_huge (bsc#
1218663).
o mm: memory-failure: fix potential unexpected return value from
unpoison_memory() (git-fixes).
o mmc: core: fix emmc initialization with 1-bit bus connection (git-fixes).
o mmc: core: use mrq.sbc in close-ended ffu (git-fixes).
o mmc: mmc_spi: remove custom dma mapped buffers (git-fixes).
o mmc: sdhci-xenon: add timeout for phy init complete (git-fixes).
o mmc: sdhci-xenon: fix phy init clock stability (git-fixes).
o mmc: slot-gpio: allow non-sleeping gpio ro (git-fixes).
o modpost: trim leading spaces when processing source files list (git-fixes).
o mtd: spinand: gigadevice: fix the get ecc status issue (git-fixes).
o net: usb: dm9601: fix wrong return value in dm9601_mdio_read (git-fixes).
o netfs, fscache: prevent oops in fscache_put_cache() (bsc#1220003).
o nilfs2: fix data corruption in dsync block recovery for small block sizes
(git-fixes).
o nilfs2: replace warn_ons for invalid dat metadata block requests
(git-fixes).
o nouveau/svm: fix kvcalloc() argument order (git-fixes).
o nouveau: fix function cast warnings (git-fixes).
o ntfs: check overflow when iterating attr_records (git-fixes).
o ntfs: fix use-after-free in ntfs_attr_find() (git-fixes).
o nvme-fabrics: fix i/o connect error handling (git-fixes).
o nvme-host: fix the updating of the firmware version (git-fixes).
o pci/aer: decode requester id when no error info found (git-fixes).
o pci: add no pm reset quirk for nvidia spectrum devices (git-fixes).
o pci: add pci_header_type_mfd definition (bsc#1220021).
o pci: fix 64gt/s effective data rate calculation (git-fixes).
o pci: only override amd usb controller if required (git-fixes).
o pci: switchtec: fix stdev_release() crash after surprise hot remove
(git-fixes).
o platform/x86: thinkpad_acpi: only update profile if successfully converted
(git-fixes).
o platform/x86: touchscreen_dmi: add info for the teclast x16 plus tablet
(git-fixes).
o platform/x86: touchscreen_dmi: allow partial (prefix) matches for acpi
names (git-fixes).
o pm: core: remove unnecessary (void *) conversions (git-fixes).
o pm: runtime: have devm_pm_runtime_enable() handle
pm_runtime_dont_use_autosuspend() (git-fixes).
o pnp: acpi: fix fortify warning (git-fixes).
o power: supply: bq27xxx-i2c: do not free non existing irq (git-fixes).
o powerpc/64: set task pt_regs->link to the lr value on scv entry (bsc#
1194869).
o powerpc/powernv: fix fortify source warnings in opal-prd.c (bsc#1194869).
o powerpc/pseries: add a clear modifier to ibm,pa/pi-features parser (bsc#
1220348).
o powerpc/pseries: rework lppaca_shared_proc() to avoid debug_preempt (bsc#
1194869).
o powerpc/pseries: set cpu_ftr_dbell according to ibm,pi-features (bsc#
1220348).
o powerpc/watchpoint: disable pagefaults when getting user instruction (bsc#
1194869).
o powerpc/watchpoints: annotate atomic context in more places (bsc#1194869).
o powerpc/watchpoints: disable preemption in thread_change_pc() (bsc#
1194869).
o powerpc: add crtsavres.o to always-y instead of extra-y (bsc#1194869).
o powerpc: do not include lppaca.h in paca.h (bsc#1194869).
o pstore/ram: fix crash when setting number of cpus to an odd number
(git-fixes).
o ras/amd/atl: add mi300 row retirement support (jsc#ped-7618).
o ras/amd/atl: fix bit overflow in denorm_addr_df4_np2() (git-fixes).
o ras: introduce a fru memory poison manager (jsc#ped-7618).
o rdma/bnxt_re: add a missing check in bnxt_qplib_query_srq (git-fixes)
o rdma/bnxt_re: return error for srq resize (git-fixes)
o rdma/core: fix uninit-value access in ib_get_eth_speed() (bsc#1219934).
o rdma/core: get ib width and speed from netdev (bsc#1219934).
o rdma/irdma: add ae for too many rnrs (git-fixes)
o rdma/irdma: fix kasan issue with tasklet (git-fixes)
o rdma/irdma: set the cq read threshold for gen 1 (git-fixes)
o rdma/irdma: validate max_send_wr and max_recv_wr (git-fixes)
o rdma/qedr: fix qedr_create_user_qp error flow (git-fixes)
o rdma/srpt: fix function pointer cast warnings (git-fixes)
o rdma/srpt: support specifying the srpt_service_guid parameter (git-fixes)
o refresh patches.suse/dm_blk_ioctl-implement-path-failover-for-sg_io. (bsc#
1216776, bsc#1220277)
o regulator: core: only increment use_count when enable_count changes
(git-fixes).
o regulator: pwm-regulator: add validity checks in continuous .get_voltage
(git-fixes).
o revert "drm/amd/display: increased min_dcfclk_mhz and min_fclk_mhz"
(git-fixes).
o revert "drm/amd/pm: resolve reboot exception for si oland" (git-fixes).
o revert "drm/amd: flush any delayed gfxoff on suspend entry" (git-fixes).
o rpm/kernel-binary.spec.in: install scripts/gdb when enabled in config (bsc#
1219653) they are put into -devel subpackage. and a proper link to /usr/
share/gdb/auto-load/ is created.
o s390/qeth: fix potential loss of l3-ip@ in case of network issues
(git-fixes bsc#1219840).
o s390: use the correct count for __iowrite64_copy() (git-fixes bsc#1220317).
o sched/membarrier: reduce the ability to hammer on sys_membarrier
(git-fixes).
o scsi: core: move scsi_host_busy() out of host lock for waking up eh handler
(git-fixes).
o scsi: core: move scsi_host_busy() out of host lock if it is for per-command
(git-fixes).
o scsi: fnic: move fnic_fnic_flush_tx() to a work queue (git-fixes bsc#
1219141).
o scsi: hisi_sas: prevent parallel flr and controller reset (git-fixes).
o scsi: ibmvfc: limit max hw queues by num_online_cpus() (bsc#1220106).
o scsi: ibmvfc: open-code reset loop for target reset (bsc#1220106).
o scsi: isci: fix an error code problem in isci_io_request_build()
(git-fixes).
o scsi: lpfc: add condition to delete ndlp object after sending bls_rjt to an
abts (bsc#1220021).
o scsi: lpfc: allow lpfc_plogi_confirm_nport() logic to execute for fabric
nodes (bsc#1220021).
o scsi: lpfc: change lpfc_vport fc_flag member into a bitmask (bsc#1220021).
o scsi: lpfc: change lpfc_vport load_flag member into a bitmask (bsc#
1220021).
o scsi: lpfc: change nlp state statistic counters into atomic_t (bsc#
1220021).
o scsi: lpfc: copyright updates for 14.4.0.0 patches (bsc#1220021).
o scsi: lpfc: fix failure to delete vports when discovery is in progress (bsc
#1220021).
o scsi: lpfc: fix possible memory leak in lpfc_rcv_padisc() (bsc#1220021).
o scsi: lpfc: initialize status local variable in lpfc_sli4_repost_sgl_list()
(bsc#1220021).
o scsi: lpfc: move handling of reset congestion statistics events (bsc#
1220021).
o scsi: lpfc: protect vport fc_nodes list with an explicit spin lock (bsc#
1220021).
o scsi: lpfc: remove d_id swap log message from trace event logger (bsc#
1220021).
o scsi: lpfc: remove nlp_rcv_plogi early return during rscn processing for
ndlps (bsc#1220021).
o scsi: lpfc: remove shost_lock protection for fc_host_port shost apis (bsc#
1220021).
o scsi: lpfc: replace deprecated strncpy() with strscpy() (bsc#1220021).
o scsi: lpfc: save fpin frequency statistics upon receipt of peer cgn
notifications (bsc#1220021).
o scsi: lpfc: update lpfc version to 14.4.0.0 (bsc#1220021).
o scsi: lpfc: use pci_header_type_mfd instead of literal (bsc#1220021).
o scsi: lpfc: use sg_dma_len() api to get struct scatterlist's length (bsc#
1220021).
o scsi: mpi3mr: refresh sdev queue depth after controller reset (git-fixes).
o scsi: revert "scsi: fcoe: fix potential deadlock on &fip->ctlr_lock"
(git-fixes bsc#1219141).
o serial: 8250: remove serial_rs485 sanitization from em485 (git-fixes).
o spi-mxs: fix chipselect glitch (git-fixes).
o spi: hisi-sfc-v3xx: return irq_none if no interrupts were detected
(git-fixes).
o spi: ppc4xx: drop write-only variable (git-fixes).
o spi: sh-msiof: avoid integer overflow in constants (git-fixes).
o staging: iio: ad5933: fix type mismatch regression (git-fixes).
o supported.conf: remove external flag from ibm supported modules. (bsc#
1209412)
o tcp: fix tcp_mtup_probe_success vs wrong snd_cwnd (bsc#1218450).
o tomoyo: fix uaf write bug in tomoyo_write_control() (git-fixes).
o topology/sysfs: add format parameter to macro defining "show" functions for
proc (jsc#ped-7618).
o topology/sysfs: add ppin in sysfs under cpu topology (jsc#ped-7618).
o tty: allow tiocslcktrmios with cap_checkpoint_restore (git-fixes).
o ubsan: array-index-out-of-bounds in dtsplitroot (git-fixes).
o usb: cdns3: fix memory double free when handle zero packet (git-fixes).
o usb: cdns3: fixed memory use after free at cdns3_gadget_ep_disable()
(git-fixes).
o usb: cdns3: modify the return value of cdns_set_active () to void when
config_pm_sleep is disabled (git-fixes).
o usb: cdns3: put the cdns set active part outside the spin lock (git-fixes).
o usb: cdns: readd old api (git-fixes).
o usb: cdnsp: blocked some cdns3 specific code (git-fixes).
o usb: cdnsp: fixed issue with incorrect detecting cdnsp family controllers
(git-fixes).
o usb: dwc3: gadget: do not disconnect if not started (git-fixes).
o usb: dwc3: gadget: handle ep0 request dequeuing properly (git-fixes).
o usb: dwc3: gadget: ignore end transfer delay on teardown (git-fixes).
o usb: dwc3: gadget: queue pm runtime idle on disconnect event (git-fixes).
o usb: dwc3: gadget: refactor ep0 forced stall/restart into a separate api
(git-fixes).
o usb: dwc3: gadget: submit endxfer command if delayed during disconnect
(git-fixes).
o usb: dwc3: host: set xhci_sg_trb_cache_size_quirk (git-fixes).
o usb: f_mass_storage: forbid async queue when shutdown happen (git-fixes).
o usb: gadget: core: add missing kerneldoc for vbus_work (git-fixes).
o usb: gadget: core: adjust uevent timing on gadget unbind (git-fixes).
o usb: gadget: core: help prevent panic during uvc unconfigure (git-fixes).
o usb: gadget: core: remove unbalanced mutex_unlock in usb_gadget_activate
(git-fixes).
o usb: gadget: f_hid: fix report descriptor allocation (git-fixes).
o usb: gadget: fix obscure lockdep violation for udc_mutex (git-fixes).
o usb: gadget: fix use-after-free read in usb_udc_uevent() (git-fixes).
o usb: gadget: fsl_qe_udc: validate endpoint index for ch9 udc (git-fixes).
o usb: gadget: ncm: avoid dropping datagrams of properly parsed ntbs
(git-fixes).
o usb: gadget: udc: core: offload usb_udc_vbus_handler processing
(git-fixes).
o usb: gadget: udc: core: prevent soft_connect_store() race (git-fixes).
o usb: gadget: udc: handle gadget_connect failure during bind operation
(git-fixes).
o usb: hub: check for alternate port before enabling a_alt_hnp_support (bsc#
1218527).
o usb: hub: replace hardcoded quirk value with bit() macro (git-fixes).
o usb: roles: do not get/set_role() when usb_role_switch is unregistered
(git-fixes).
o usb: roles: fix null pointer issue when put module's reference (git-fixes).
o usb: serial: cp210x: add id for imst im871a-usb (git-fixes).
o usb: serial: option: add fibocom fm101-gl variant (git-fixes).
o usb: serial: qcserial: add new usb-id for dell wireless dw5826e
(git-fixes).
o watchdog: it87_wdt: keep wdtctrl bit 3 unmodified for it8784/it8786
(git-fixes).
o wifi: ath11k: fix registration of 6ghz-only phy without the full channel
range (git-fixes).
o wifi: ath9k: fix potential array-index-out-of-bounds read in
ath9k_htc_txstatus() (git-fixes).
o wifi: cfg80211: fix missing interfaces when dumping (git-fixes).
o wifi: cfg80211: fix rcu dereference in __cfg80211_bss_update (git-fixes).
o wifi: cfg80211: free beacon_ies when overridden from hidden bss
(git-fixes).
o wifi: iwlwifi: fix some error codes (git-fixes).
o wifi: iwlwifi: mvm: avoid baid size integer overflow (git-fixes).
o wifi: iwlwifi: uninitialized variable in iwl_acpi_get_ppag_table()
(git-fixes).
o wifi: mac80211: adding missing drv_mgd_complete_tx() call (git-fixes).
o wifi: mac80211: fix race condition on enabling fast-xmit (git-fixes).
o wifi: nl80211: reject iftype change with mesh id change (git-fixes).
o wifi: rt2x00: restart beacon queue when hardware reset (git-fixes).
o wifi: rtl8xxxu: add additional usb ids for rtl8192eu devices (git-fixes).
o wifi: rtlwifi: rtl8723{be,ae}: using calculate_bit_shift() (git-fixes).
o wifi: wext-core: fix -wstringop-overflow warning in ioctl_standard_iw_point
() (git-fixes).
o x86/asm: add _asm_rip() macro for x86-64 (%rip) suffix (git-fixes).
o x86/bugs: add asm helpers for executing verw (git-fixes).
o x86/bugs: use alternative() instead of mds_user_clear static key
(git-fixes). also add mds_user_clear to kabi severities since it's strictly
mitigation related so should be low risk.
o x86/cpu: x86_feature_intel_ppin finally had a cpuid bit (jsc#ped-7618).
o x86/entry_32: add verw just before userspace transition (git-fixes).
o x86/entry_64: add verw just before userspace transition (git-fixes).
o x86/mm: fix memory encryption features advertisement (bsc#1206453).
o xfs: remove unused fields from struct xbtree_ifakeroot (git-fixes).
o xfs: short circuit xfs_growfs_data_private() if delta is zero (git-fixes).
Special Instructions and Notes:
o Please reboot the system after installing this update.
Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
o openSUSE Leap 15.5
zypper in -t patch SUSE-2024-910=1 openSUSE-SLE-15.5-2024-910=1
o SUSE Linux Enterprise Micro 5.5
zypper in -t patch SUSE-SLE-Micro-5.5-2024-910=1
o SUSE Linux Enterprise Live Patching 15-SP5
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2024-910=1
o SUSE Real Time Module 15-SP5
zypper in -t patch SUSE-SLE-Module-RT-15-SP5-2024-910=1
Package List:
o openSUSE Leap 15.5 (noarch)
kernel-devel-rt-5.14.21-150500.13.38.1
kernel-source-rt-5.14.21-150500.13.38.1
o openSUSE Leap 15.5 (x86_64)
kselftests-kmp-rt-5.14.21-150500.13.38.1
kernel-rt-extra-5.14.21-150500.13.38.1
kernel-rt_debug-vdso-debuginfo-5.14.21-150500.13.38.1
kernel-rt-livepatch-devel-5.14.21-150500.13.38.1
kernel-rt-vdso-5.14.21-150500.13.38.1
kernel-rt-vdso-debuginfo-5.14.21-150500.13.38.1
kselftests-kmp-rt-debuginfo-5.14.21-150500.13.38.1
kernel-syms-rt-5.14.21-150500.13.38.1
kernel-rt-debugsource-5.14.21-150500.13.38.1
kernel-livepatch-SLE15-SP5-RT_Update_11-debugsource-1-150500.11.3.1
dlm-kmp-rt-5.14.21-150500.13.38.1
kernel-rt_debug-vdso-5.14.21-150500.13.38.1
kernel-rt-livepatch-5.14.21-150500.13.38.1
gfs2-kmp-rt-debuginfo-5.14.21-150500.13.38.1
kernel-livepatch-5_14_21-150500_13_38-rt-debuginfo-1-150500.11.3.1
kernel-rt_debug-debuginfo-5.14.21-150500.13.38.1
dlm-kmp-rt-debuginfo-5.14.21-150500.13.38.1
ocfs2-kmp-rt-5.14.21-150500.13.38.1
kernel-rt-extra-debuginfo-5.14.21-150500.13.38.1
kernel-rt_debug-debugsource-5.14.21-150500.13.38.1
kernel-rt_debug-devel-5.14.21-150500.13.38.1
reiserfs-kmp-rt-debuginfo-5.14.21-150500.13.38.1
kernel-rt-devel-debuginfo-5.14.21-150500.13.38.1
kernel-rt-devel-5.14.21-150500.13.38.1
cluster-md-kmp-rt-5.14.21-150500.13.38.1
cluster-md-kmp-rt-debuginfo-5.14.21-150500.13.38.1
ocfs2-kmp-rt-debuginfo-5.14.21-150500.13.38.1
kernel-rt-debuginfo-5.14.21-150500.13.38.1
kernel-rt_debug-devel-debuginfo-5.14.21-150500.13.38.1
kernel-rt-optional-debuginfo-5.14.21-150500.13.38.1
kernel-livepatch-5_14_21-150500_13_38-rt-1-150500.11.3.1
kernel-rt-optional-5.14.21-150500.13.38.1
gfs2-kmp-rt-5.14.21-150500.13.38.1
reiserfs-kmp-rt-5.14.21-150500.13.38.1
kernel-rt_debug-livepatch-devel-5.14.21-150500.13.38.1
o openSUSE Leap 15.5 (nosrc x86_64)
kernel-rt_debug-5.14.21-150500.13.38.1
kernel-rt-5.14.21-150500.13.38.1
o SUSE Linux Enterprise Micro 5.5 (nosrc x86_64)
kernel-rt-5.14.21-150500.13.38.1
o SUSE Linux Enterprise Micro 5.5 (x86_64)
kernel-rt-debuginfo-5.14.21-150500.13.38.1
kernel-rt-debugsource-5.14.21-150500.13.38.1
o SUSE Linux Enterprise Micro 5.5 (noarch)
kernel-source-rt-5.14.21-150500.13.38.1
o SUSE Linux Enterprise Live Patching 15-SP5 (x86_64)
kernel-livepatch-5_14_21-150500_13_38-rt-debuginfo-1-150500.11.3.1
kernel-livepatch-SLE15-SP5-RT_Update_11-debugsource-1-150500.11.3.1
kernel-livepatch-5_14_21-150500_13_38-rt-1-150500.11.3.1
o SUSE Real Time Module 15-SP5 (x86_64)
kernel-rt_debug-vdso-debuginfo-5.14.21-150500.13.38.1
kernel-rt-vdso-5.14.21-150500.13.38.1
kernel-rt-vdso-debuginfo-5.14.21-150500.13.38.1
kernel-syms-rt-5.14.21-150500.13.38.1
kernel-rt-debugsource-5.14.21-150500.13.38.1
dlm-kmp-rt-5.14.21-150500.13.38.1
kernel-rt_debug-vdso-5.14.21-150500.13.38.1
gfs2-kmp-rt-debuginfo-5.14.21-150500.13.38.1
kernel-rt_debug-debuginfo-5.14.21-150500.13.38.1
dlm-kmp-rt-debuginfo-5.14.21-150500.13.38.1
ocfs2-kmp-rt-5.14.21-150500.13.38.1
kernel-rt_debug-debugsource-5.14.21-150500.13.38.1
kernel-rt_debug-devel-5.14.21-150500.13.38.1
kernel-rt-devel-debuginfo-5.14.21-150500.13.38.1
kernel-rt-devel-5.14.21-150500.13.38.1
cluster-md-kmp-rt-5.14.21-150500.13.38.1
cluster-md-kmp-rt-debuginfo-5.14.21-150500.13.38.1
ocfs2-kmp-rt-debuginfo-5.14.21-150500.13.38.1
kernel-rt-debuginfo-5.14.21-150500.13.38.1
kernel-rt_debug-devel-debuginfo-5.14.21-150500.13.38.1
gfs2-kmp-rt-5.14.21-150500.13.38.1
o SUSE Real Time Module 15-SP5 (noarch)
kernel-devel-rt-5.14.21-150500.13.38.1
kernel-source-rt-5.14.21-150500.13.38.1
o SUSE Real Time Module 15-SP5 (nosrc x86_64)
kernel-rt_debug-5.14.21-150500.13.38.1
kernel-rt-5.14.21-150500.13.38.1
References:
o https://www.suse.com/security/cve/CVE-2019-25162.html
o https://www.suse.com/security/cve/CVE-2021-46923.html
o https://www.suse.com/security/cve/CVE-2021-46924.html
o https://www.suse.com/security/cve/CVE-2021-46932.html
o https://www.suse.com/security/cve/CVE-2023-28746.html
o https://www.suse.com/security/cve/CVE-2023-5197.html
o https://www.suse.com/security/cve/CVE-2023-52340.html
o https://www.suse.com/security/cve/CVE-2023-52429.html
o https://www.suse.com/security/cve/CVE-2023-52439.html
o https://www.suse.com/security/cve/CVE-2023-52443.html
o https://www.suse.com/security/cve/CVE-2023-52445.html
o https://www.suse.com/security/cve/CVE-2023-52447.html
o https://www.suse.com/security/cve/CVE-2023-52448.html
o https://www.suse.com/security/cve/CVE-2023-52449.html
o https://www.suse.com/security/cve/CVE-2023-52451.html
o https://www.suse.com/security/cve/CVE-2023-52452.html
o https://www.suse.com/security/cve/CVE-2023-52456.html
o https://www.suse.com/security/cve/CVE-2023-52457.html
o https://www.suse.com/security/cve/CVE-2023-52463.html
o https://www.suse.com/security/cve/CVE-2023-52464.html
o https://www.suse.com/security/cve/CVE-2023-52475.html
o https://www.suse.com/security/cve/CVE-2023-52478.html
o https://www.suse.com/security/cve/CVE-2023-6817.html
o https://www.suse.com/security/cve/CVE-2024-0607.html
o https://www.suse.com/security/cve/CVE-2024-1151.html
o https://www.suse.com/security/cve/CVE-2024-23849.html
o https://www.suse.com/security/cve/CVE-2024-23850.html
o https://www.suse.com/security/cve/CVE-2024-23851.html
o https://www.suse.com/security/cve/CVE-2024-25744.html
o https://www.suse.com/security/cve/CVE-2024-26585.html
o https://www.suse.com/security/cve/CVE-2024-26586.html
o https://www.suse.com/security/cve/CVE-2024-26589.html
o https://www.suse.com/security/cve/CVE-2024-26591.html
o https://www.suse.com/security/cve/CVE-2024-26593.html
o https://www.suse.com/security/cve/CVE-2024-26595.html
o https://www.suse.com/security/cve/CVE-2024-26598.html
o https://www.suse.com/security/cve/CVE-2024-26602.html
o https://www.suse.com/security/cve/CVE-2024-26603.html
o https://www.suse.com/security/cve/CVE-2024-26622.html
o https://bugzilla.suse.com/show_bug.cgi?id=1194869
o https://bugzilla.suse.com/show_bug.cgi?id=1206453
o https://bugzilla.suse.com/show_bug.cgi?id=1209412
o https://bugzilla.suse.com/show_bug.cgi?id=1213456
o https://bugzilla.suse.com/show_bug.cgi?id=1216776
o https://bugzilla.suse.com/show_bug.cgi?id=1217927
o https://bugzilla.suse.com/show_bug.cgi?id=1218195
o https://bugzilla.suse.com/show_bug.cgi?id=1218216
o https://bugzilla.suse.com/show_bug.cgi?id=1218450
o https://bugzilla.suse.com/show_bug.cgi?id=1218527
o https://bugzilla.suse.com/show_bug.cgi?id=1218663
o https://bugzilla.suse.com/show_bug.cgi?id=1218915
o https://bugzilla.suse.com/show_bug.cgi?id=1219126
o https://bugzilla.suse.com/show_bug.cgi?id=1219127
o https://bugzilla.suse.com/show_bug.cgi?id=1219141
o https://bugzilla.suse.com/show_bug.cgi?id=1219146
o https://bugzilla.suse.com/show_bug.cgi?id=1219295
o https://bugzilla.suse.com/show_bug.cgi?id=1219443
o https://bugzilla.suse.com/show_bug.cgi?id=1219653
o https://bugzilla.suse.com/show_bug.cgi?id=1219827
o https://bugzilla.suse.com/show_bug.cgi?id=1219835
o https://bugzilla.suse.com/show_bug.cgi?id=1219839
o https://bugzilla.suse.com/show_bug.cgi?id=1219840
o https://bugzilla.suse.com/show_bug.cgi?id=1219934
o https://bugzilla.suse.com/show_bug.cgi?id=1220003
o https://bugzilla.suse.com/show_bug.cgi?id=1220009
o https://bugzilla.suse.com/show_bug.cgi?id=1220021
o https://bugzilla.suse.com/show_bug.cgi?id=1220030
o https://bugzilla.suse.com/show_bug.cgi?id=1220106
o https://bugzilla.suse.com/show_bug.cgi?id=1220140
o https://bugzilla.suse.com/show_bug.cgi?id=1220187
o https://bugzilla.suse.com/show_bug.cgi?id=1220238
o https://bugzilla.suse.com/show_bug.cgi?id=1220240
o https://bugzilla.suse.com/show_bug.cgi?id=1220241
o https://bugzilla.suse.com/show_bug.cgi?id=1220243
o https://bugzilla.suse.com/show_bug.cgi?id=1220250
o https://bugzilla.suse.com/show_bug.cgi?id=1220251
o https://bugzilla.suse.com/show_bug.cgi?id=1220253
o https://bugzilla.suse.com/show_bug.cgi?id=1220254
o https://bugzilla.suse.com/show_bug.cgi?id=1220255
o https://bugzilla.suse.com/show_bug.cgi?id=1220257
o https://bugzilla.suse.com/show_bug.cgi?id=1220267
o https://bugzilla.suse.com/show_bug.cgi?id=1220277
o https://bugzilla.suse.com/show_bug.cgi?id=1220317
o https://bugzilla.suse.com/show_bug.cgi?id=1220326
o https://bugzilla.suse.com/show_bug.cgi?id=1220328
o https://bugzilla.suse.com/show_bug.cgi?id=1220330
o https://bugzilla.suse.com/show_bug.cgi?id=1220335
o https://bugzilla.suse.com/show_bug.cgi?id=1220344
o https://bugzilla.suse.com/show_bug.cgi?id=1220348
o https://bugzilla.suse.com/show_bug.cgi?id=1220350
o https://bugzilla.suse.com/show_bug.cgi?id=1220364
o https://bugzilla.suse.com/show_bug.cgi?id=1220392
o https://bugzilla.suse.com/show_bug.cgi?id=1220393
o https://bugzilla.suse.com/show_bug.cgi?id=1220398
o https://bugzilla.suse.com/show_bug.cgi?id=1220409
o https://bugzilla.suse.com/show_bug.cgi?id=1220444
o https://bugzilla.suse.com/show_bug.cgi?id=1220457
o https://bugzilla.suse.com/show_bug.cgi?id=1220459
o https://bugzilla.suse.com/show_bug.cgi?id=1220649
o https://bugzilla.suse.com/show_bug.cgi?id=1220796
o https://bugzilla.suse.com/show_bug.cgi?id=1220825
o https://jira.suse.com/browse/PED-7618
- --------------------------END INCLUDED TEXT----------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================